AWS-Solution-Architect-Associate Free Practice Test

- (Topic 2)
A global company is using Amazon API Gateway to design REST APIs for its loyalty club
users in the us-east-1 Region and the ap-southeast-2 Region. A solutions architect must design a solution to protect these API Gateway managed REST APIs across multiple accounts from SQL injection and cross-site scripting attacks.
Which solution will meet these requirements with the LEAST amount of administrative effort?

1. A. Set up AWS WAF in both Region
2. B. Associate Regional web ACLs with an API stage.
3. C. Set up AWS Firewall Manager in both Region
4. D. Centrally configure AWS WAF rules.
5. E. Set up AWS Shield in bath Region
6. F. Associate Regional web ACLs with an API stage.
7. G. Set up AWS Shield in one of the Region
8. H. Associate Regional web ACLs with an API stage.

Correct Answer: A
Using AWS WAF has several benefits. Additional protection against web attacks using criteria that you specify. You can define criteria using characteristics of web requests such as the following: Presence of SQL code that is likely to be malicious (known as SQL injection). Presence of a script that is likely to be malicious (known as cross-site scripting). AWS Firewall Manager simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections. https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html

- (Topic 2)
A solutions architect is optimizing a website for an upcoming musical event. Videos of the performances will be streamed in real time and then will be available on demand. The event is expected to attract a global online audience.
Which service will improve the performance of both the real-lime and on-demand streaming?

1. A. Amazon CloudFront
2. B. AWS Global Accelerator
3. C. Amazon Route 53
4. D. Amazon S3 Transfer Acceleration

Correct Answer: A
You can use CloudFront to deliver video on demand (VOD) or live streaming video using any HTTP origin. One way you can set up video workflows in the cloud is by using CloudFront together with AWS Media Services. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/on-demand- streaming-video.html

- (Topic 2)
A company runs a stateless web application in production on a group of Amazon EC2 On- Demand Instances behind an Application Load Balancer. The application experiences heavy usage during an 8-hour period each business day. Application usage is moderate and steady overnight Application usage is low during weekends.
The company wants to minimize its EC2 costs without affecting the availability of the application.
Which solution will meet these requirements?

1. A. Use Spot Instances for the entire workload.
2. B. Use Reserved instances for the baseline level of usage Use Spot Instances for any additional capacity that the application needs.
3. C. Use On-Demand Instances for the baseline level of usag
4. D. Use Spot Instances for any additional capacity that the application needs
5. E. Use Dedicated Instances for the baseline level of usag
6. F. Use On-Demand Instances for any additional capacity that the application needs

Correct Answer: B
Reserved is cheaper than on demand the company has. And it's meet the availabilty (HA) requirement as to spot instance that can be disrupted at any time. PRICING BELOW. On- Demand: 0% There’s no commitment from you. You pay the most with this option. Reserved : 40%-60%1-year or 3-year commitment from you. You save money from that commitment. Spot 50%-90% Ridiculously inexpensive because there’s no commitment from the AWS side.

- (Topic 4)
A social media company is building a feature for its website. The feature will give users the ability to upload photos. The company expects significant increases in demand during large events and must ensure that the website can handle the upload traffic from users.
Which solution meets these requirements with the MOST scalability?

1. A. Upload files from the user's browser to the application server
2. B. Transfer the files to an Amazon S3 bucket.
3. C. Provision an AWS Storage Gateway file gatewa
4. D. Upload files directly from the user's browser to the file gateway.
5. E. Generate Amazon S3 presigned URLs in the applicatio
6. F. Upload files directly from the user's browser into an S3 bucket.
7. G. Provision an Amazon Elastic File System (Amazon EFS) file system Upload files directly from the user's browser to the file system

Correct Answer: C
This approach allows users to upload files directly to S3 without passing through the application servers, reducing the load on the application and improving scalability. It leverages the client-side capabilities to handle the file uploads and offloads the processing to S3.

- (Topic 3)
A company wants to configure its Amazon CloudFront distribution to use SSL/TLS certificates. The company does not want to use the default domain name for the distribution. Instead, the company wants to use a different domain name for the distribution.
Which solution will deploy the certificate with icurring any additional costs?

1. A. Request an Amazon issued private certificate from AWS Certificate Manager (ACM) in the us-east-1 Region
2. B. Request an Amazon issued private certificate from AWS Certificate Manager (ACM) in the us-west-1 Region.
3. C. Request an Amazon issued public certificate from AWS Certificate Manager (ACU) in the us-east-1 Region
4. D. Request an Amazon issued public certificate from AWS Certificate Manager (ACU) in the us-west-1 Regon.

Correct Answer: C
This option is the most efficient because it requests an Amazon issued public certificate from AWS Certificate Manager (ACM), which is a service that lets you easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources1. It also requests the certificate in the us-east-1 Region, which is required for using an ACM certificate with CloudFront2. It also meets the requirement of deploying the certificate without incurring any additional costs, as ACM does not charge for certificates that are used with supported AWS services3. This solution meets the requirement of configuring its CloudFront distribution to use SSL/TLS certificates and using a different domain name for the distribution. Option A is less efficient because it requests an Amazon issued private certificate from ACM, which is a type of certificate that can be used only within your organization or virtual private cloud (VPC). However, this does not meet the requirement of configuring its CloudFront distribution to use SSL/TLS certificates, as CloudFront requires a public certificate. It also requests the certificate in the us-east-1 Region, which is correct. Option B is less efficient because it requests an Amazon issued private certificate from ACM, which is incorrect for the same reason as option A. It also requests the certificate in the us-west-1 Region, which is incorrect as CloudFront requires a certificate in the us-east-1 Region. Option D is less efficient because it requests an Amazon issued public certificate from ACM, which is correct. However, it requests the certificate in the us-west-1 Region, which is incorrect as CloudFront requires a certificate in the us-east-1 Region.