• Home
  • Articles
  • Valid AWS-Solutions-Architect-Professional Exam Q&A PDF AWS-Solutions-Architect-Professional Dump is Ready (Updated 216 Questions) [Q69-Q86]

Valid AWS-Solutions-Architect-Professional Exam Q&A PDF AWS-Solutions-Architect-Professional Dump is Ready (Updated 216 Questions) [Q69-Q86]

Share

Valid AWS-Solutions-Architect-Professional Exam Q&A PDF AWS-Solutions-Architect-Professional Dump is Ready (Updated 216 Questions)

Exam Questions and Answers for  AWS-Solutions-Architect-Professional Study Guide

NEW QUESTION 69
A Solutions Architect must design a highly available, stateless, REST service. The service will require multiple persistent storage layers for service object meta information and the delivery of content. Each request needs to be authenticated and securely processed. There is a requirement to keep costs as low as possible?
How can these requirements be met?

  • A. Set up Amazon API Gateway and create the required API resources and methods. Use an Amazon API Gateway custom authorizer to control access to the API. Configure the methods to use AWS Lambda custom integrations, and process each resource with a unique Lambda function. Store request meta information in an Amazon ElastiCache Multi-AZ cluster and static content in a secured S3 bucket.
    Generate presigned URLs when returning references to content stored in Amazon S3.
  • B. Use AWS Fargate to host a container that runs a self-contained REST service. Set up an ECS service that is fronted by a cross-zone ALB. Use an Amazon Cognito user pool to control access to the API.
    Store request meta information in DynamoDB with Auto Scaling and static content in a secured S3 bucket. Generate presigned URLs when returning references to content stored in Amazon S3.
  • C. Use AWS Fargate to host a container that runs a self-contained REST service. Set up an Amazon ECS service that is fronted by an Application Load Balancer (ALB). Use a custom authenticator to control access to the API. Store request meta information in Amazon DynamoDB with Auto Scaling and static content in a secured S3 bucket. Make secure signed requests for Amazon S3 objects and proxy the data through the REST service interface.
  • D. Set up Amazon API Gateway and create the required API resources and methods. Use an Amazon Cognito user pool to control access to the API. Configure the methods to use AWS Lambda proxy integrations, and process each resource with a unique AWS Lambda function.
    Store request meta information in DynamoDB with Auto Scaling and static content in a secured S3 bucket. Generate presigned URLs when returning references to content stored in Amazon S3.

Answer: D

Explanation:
The Cognito can be used for authentication. API Gateway for Stateless REST service.
A: uses custom authenticator. Self Contained REST service!!!
B: Self Contained REST service!!!
D: Elasticache is not persistent.

 

NEW QUESTION 70
A company wants to change its internal cloud billing strategy for each of its business units. Currently, the cloud governance team shares reports for overall cloud spending with the head of each business unit. The company uses AWS Organizations lo manage the separate AWS accounts for each business unit. The existing tagging standard in Organizations includes the application, environment, and owner. The cloud governance team wants a centralized solution so each business unit receives monthly reports on its cloud spending. The solution should also send notifications for any cloud spending that exceeds a set threshold.
Which solution is the MOST cost-effective way to meet these requirements?

  • A. Configure AWS Budgets in each account and configure budget alerts lhat are grouped by application, environment, and owner. Add each business unit to an Amazon SNS topic for each alert. Use the AWS Billing and Cost Management dashboard in each account to create monthly reports for each business unit.
  • B. Enable AWS Cost and Usage Reports in the organization's master account and configure reports grouped by application, environment, and owner. Create an AWS Lambda function that processes AWS Cost and Usage Reports, sends budget alerts, and sends monthly reports to each business unit's email list.
  • C. Configure AWS Budgets in the organization's master account and configure budget alerts that are grouped by application, environment, and owner. Add each business unit to an Amazon SNS topic for each alert. Use Cost Explorer in the organization's master account to create monthly reports for each business unit.
  • D. Configure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owner. Add each business unit to an Amazon SNS topic for each alert. Use Cost Explorer in each account to create monthly reports for each business unit.

Answer: C

 

NEW QUESTION 71
In order for a table write to succeed, the provisioned throughput settings for the table and global secondary indexes, in DynamoDB, must have __________; otherwise, the write to the table will be throttled.

  • A. the size less than or equal to 1 KB
  • B. 100 bytes of overhead per index item
  • C. enough write capacity to accommodate the write
  • D. no additional write cost for the index

Answer: C

Explanation:
In order for a table write to succeed in DynamoDB, the provisioned throughput settings for the table and global secondary indexes must have enough write capacity to accommodate the write; otherwise, the write will be throttled.
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.html

 

NEW QUESTION 72
You're trying to delete an SSL certificate from the IAM certificate store, and you're getting the message
"Certificate: <certificate-id> is being used by CloudFront." Which of the following statements is probably
the reason why you are getting this error?

  • A. Before you can delete an SSL certificate you need to set up https on your server.
  • B. You can't delete SSL certificates . You need to request it from AWS.
  • C. Before you can delete an SSL certificate, you need to either rotate SSL certificates or revert from using
    a custom SSL certificate to using the default CloudFront certificate.
  • D. Before you can delete an SSL certificate, you need to set up the appropriate access level in IAM

Answer: C

Explanation:
CloudFront is a web service that speeds up distribution of your static and dynamic web content, for
example, .html, .css, .php, and image files, to end users.
Every CloudFront web distribution must be associated either with the default CloudFront certificate or with
a custom SSL certificate. Before you can delete an SSL certificate, you need to either rotate SSL
certificates (replace the current custom SSL certificate with another custom SSL certificate) or revert from
using a custom SSL certificate to using the default CloudFront certificate.
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Troubleshooting.html

 

NEW QUESTION 73
A Solution Architect is designing a web application that runs on Amazon EC2 instances behind a load
balancer. All data in transit must be encrypted.
Which solutions will meet the encryption requirement? (Select TWO.)

  • A. Use a Network Load Balancer (NLB) with an HTTPS listener, then install SSL certificates on the NLB
    and EC2 instances.
  • B. Use an Application Load Balancer (ALB) with an HTTPS listener, then install SSL certificates on the
    ALB and EC2 instances.
  • C. Use an Application Load Balancer (ALB) in passthrough mode, then terminate SSL on EC2 instances.
  • D. Use an Application Load Balancer (ALB) with a TCP listener, then terminate SSL on EC2 instances.
  • E. Use a Network Load Balancer (NLB) with a TCP listener, then terminate SSL on EC2 instances.

Answer: E

 

NEW QUESTION 74
A company currently uses a single 1 Gbps AWS Direct Connect connection to establish connectivity between an AWS Region and its data center. The company has five Amazon VPCs, all of which are connected to the data center using the same Direct Connect connection. The Network team is worried about the single point of failure and is interested in improving the redundancy of the connections to AWS while keeping costs to a minimum.
Which solution would improve the redundancy of the connection to AWS while meeting the cost requirements?

  • A. Set up VPN tunnels from the data center to each VPC. Terminate each VPN tunnel at the virtual private gateway (VGW) of the respective VPC and set up BGP for route management.
  • B. Set up a new point-to-point Multiprotocol Label Switching (MPLS) connection to the AWS Region that's being used. Configure BGP to use this new circuit as passive, so that no traffic flows through this unless the AWS Direct Connect fails.
  • C. Provision another 1 Gbps Direct Connect connection and create new VIFs to each of the VPCs.
    Configure the VIFs in a load balancing fashion using BGP.
  • D. Create a public VIF on the Direct Connect connection and set up a VPN tunnel which will terminate on the virtual private gateway (VGW) of the respective VPC using the public VIF.
    Use BGP to handle the failover to the VPN connection.

Answer: A

Explanation:
A: is costly.
C: MPLS can not be used without dedicated link. Also, AWS does not support it.
D: using Public VIF over the same direct connect will be helpful, as it is not adding extra physical redundancy. Also, Public VIFs are not used to connect on-prim to VPCs. it is used to connect on- prim to AWS public services like S3, DynamoDB...etc.

 

NEW QUESTION 75
A Solutions Architect has been asked to deliver video content stored on Amazon S3 to specific users from
Amazon CloudFront while restricting access by unauthorized users.
How can the Architect implement a solution to meet these requirements?

  • A. Use Amazon S3 static website as the origin of CloudFront, and configure CloudFront to deliver the
    videos by generating a signed URL for users.
  • B. Store the videos as private objects in Amazon S3, and let CloudFront serve the objects by using only
    Origin Access Identity (OAI).
  • C. Configure CloudFront to use signed-URLs to access Amazon S3.
  • D. Use OAI for CloudFront to access private S3 objects and select the Restrict Viewer Access option in
    CloudFront cache behavior to use signed URLs.

Answer: B

Explanation:
Explanation/Reference:
Reference https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-
restricting-access-to-s3.html

 

NEW QUESTION 76
A company needs to create a centralized logging architecture for all of its AWS accounts. The architecture should provide near-real-time data analysis for all AWS CloudTrail logs and VPC Flow Logs across all AWS accounts. The company plans to use Amazon Elasticsearch Service (Amazon ES) to perform log analysis in the logging account.
Which strategy a solution architect use to meet these requirements?

  • A. Configure CloudTrail and VPC Flow Logs to send data to a log group in Amazon CloudWatch account.
    Configure a CloudWatch subscription filter in each AWS account to send data to Amazon Kinesis Data Firehouse in the logging account. Load data from Kinesis Data Firehouse into Amazon ES in the logging account.
  • B. Configure CloudTrail and VPC Flow Logs to send data to a log group in Amazon CloudWatch logs in each AWS account. Create AWS Lambda function s in each AWS accounts to subscribe to the log groups and stream the data to an Amazon S3 bucket in the logging in the account. Create another Lambda function to load data from the S3 bucket to Amazon ES in the logging account.
  • C. Configure CloudTrail and VPC Flow Logs to send data to a separate Amazon S3 bucket in each AWS account. Create an AWS Lambda function triggered by S3 events to copy the data to a centralized logging bucket. Create another Lambda function to load data from the S3 bucket to Amazon ES in the logging account.
  • D. Configure CloudTrail and VPC Flow Logs in each AWS account to send data to centralized Amazon S3 bucket in the logging account. Create and AWS Lambda function to load data from the S3 bucket to Amazon ES in the logging account.

Answer: D

 

NEW QUESTION 77
A company is migrating applications from on premises to the AWS Cloud. These applications power the company's internal web forms. These web forms collect data for specific events several times each quarter.
The web forms use simple SQL statements to save the data to a local relational database.
Data collection occurs for each event, and the on-premises servers are idle most of the time. The company needs to minimize the amount of idle infrastructure that supports the web forms.
Which solution will meet these requirements?

  • A. Create one Amazon DynamoDB table to store data for all the data input Use the application form name as the table key to distinguish data items. Create an Amazon Kinesis data stream to receive the data input and store the input in DynamoDB. Use Amazon Route 53 to point the DNS names of the web forms to the Kinesis data stream's endpoint.
  • B. Create Docker images for each server of the legacy web form applications. Create an Amazon Elastic Container Service (Amazon ECS) cluster on AWS Fargate. Place an Application Load Balancer in front of the ECS cluster. Use Fargate task storage to store the web form data.
  • C. Use Amazon EC2 Image Builder to create AMIs for the legacy servers. Use the AMIs to provision EC2 instances to recreate the applications in the AWS.
    Cloud. Place an Application Load Balancer (ALB) in front of the EC2 instances. Use Amazon Route 53 to point the DNS names of the web forms to the ALB.
  • D. Provision an Amazon Aurora Serverless cluster. Build multiple schemas for each web form's data storage. Use Amazon API Gateway and an AWS Lambda function to recreate the data input forms. Use Amazon Route 53 to point the DNS names of the web forms to their corresponding API Gateway endpoint.

Answer: C

 

NEW QUESTION 78
A company runs a three-tier application in AWS. Users report that the application performance can vary greatly depending on the time of day and functionality being accessed.
The application includes the following components:
* Eight t2.large front-end web servers that serve static content and proxy dynamic content from the application tier.
* Four t2.large application servers.
* One db.m4.large Amazon RDS MySQL Multi-AZ DB instance.
Operations has determined that the web and application tiers are network constrained.
Which of the following should cost effective improve application performance? (Choose two.)

  • A. Use AWS Auto Scaling and m4.large instances for the web and application tiers
  • B. Increase the size of the Amazon RDS instance to db.m4.xlarge
  • C. Replace web and app tiers with t2.xlarge instances
  • D. Create an Amazon CloudFront distribution to cache content
  • E. Convert the MySQL RDS instance to a self-managed MySQL cluster on Amazon EC2

Answer: A,D

Explanation:
Explanation
https://aws.amazon.com/ec2/instance-types/

 

NEW QUESTION 79
You have setup an Auto Scaling group. The cool down period for the Auto Scaling group is 7 minutes. The first scaling activity request for the Auto Scaling group is to launch two instances. It receives the activity question at time "t", and the first instance is launched at t+3 minutes, while the second instance is launched at t+4 minutes.
How many minutes after time "t" will Auto Scaling accept another scaling activity request?

  • A. 11 minutes
  • B. 14 minutes
  • C. 10 minutes
  • D. 7 minutes

Answer: A

Explanation:
Explanation
If an Auto Scaling group is launching more than one instance, the cool down period for each instance starts after that instance is launched. The group remains locked until the last instance that was launched has completed its cool down period. In this case the cool down period for the first instance starts after 3 minutes and finishes at the 10th minute (3+7 cool down), while for the second instance it starts at the 4th minute and finishes at the 11th minute (4+7 cool down). Thus, the Auto Scaling group will receive another request only after 11 minutes.
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/AS_Concepts.html

 

NEW QUESTION 80
An organization is hosting a scalable web application using AWS. The organization has configured ELB
and Auto Scaling to make the application scalable. Which of the below mentioned statements is not
required to be followed for ELB when the application is planning to host a web application on VPC?

  • A. Configure the security group rules and network ACLs to allow traffic to be routed between the subnets
    in the VPC.
  • B. The internet facing ELB should be only in a public subnet.
  • C. The internet facing ELB should have a route table associated with the internet gateway.
  • D. The ELB and all the instances should be in the same subnet.

Answer: D

Explanation:
Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in
a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over
the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources,
such as an ELB, and EC2 instances. There are two ELBs available with VPC: internet facing and internal
(private) ELB. For the internet facing ELB it is required that the ELB should be in a public subnet. After the
user creates the public subnet, he should ensure to associate the route table of the public subnet with the
internet gateway to enable the load balancer in the subnet to connect with the internet. The ELB and
instances can be in a separate subnet. However, to allow communication between the instance and the
ELB the user must configure the security group rules and network ACLs to allow traffic to be routed
between the subnets in his VPC.
Reference:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/CreateVPCForELB.html

 

NEW QUESTION 81
Complete this statemente: "When you load your table directly from an Amazon ___________ table, you have the option to control the amount of provisioned throughput you consume."

  • A. DataPipeline
  • B. DynamoDB
  • C. RDS
  • D. S3

Answer: B

Explanation:
When you load your table directly from an Amazon DynamoDB table, you have the option to control the amount of Amazon DynamoDB provisioned throughput you consume.
http://docs.aws.amazon.com/redshift/latest/dg/t_Loading_tables_with_the_COPY_command.html

 

NEW QUESTION 82
A Solutions Architect needs to design a centralized logging solution for a group of web applications
running on Amazon EC2 instances. The solution requires minimal development effort due to budget
constraints.
Which of the following should the Architect recommend?

  • A. Enable Amazon CloudWatch Events in the AWS Management Console.
  • B. Create a crontab job script in each instance to push the logs regularly to Amazon S3.
  • C. Install and configure Amazon CloudWatch Logs agent in the Amazon EC2 instances.
  • D. Enable AWS CloudTrail to map all API calls invoked by the applications.

Answer: C

 

NEW QUESTION 83
A Solutions Architect is considering possible options for improving the security of the data on an Amazon
EBS volume attached to an Amazon EC2 instance.
Which solution will improve the security of the data?

  • A. Use AWS KMS to encrypt the EBS volume
  • B. Use Amazon single sign-on to control login access to the EC2 instance
  • C. Migrate the sensitive data to an instance store volume
  • D. Create an IAM policy that restricts read and write access to the volume

Answer: A

Explanation:
Explanation/Reference:
Reference https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

 

NEW QUESTION 84

An organization has recently grown through acquisitions. Two of the purchased companies use the same IP CIDR range. There is a new short-term requirement to allow AnyCompany A (VPC-A) to communicate with a server that has the IP address 10.0.0.77 in AnyCompany B (VPC-B). AnyCompany A must also communicate with all resources in AnyCompany C (VPC-C). The Network team has created the VPC peer links, but it is having issues with communications between VPC-A and VPC-B. After an investigation, the team believes that the routing tables in the VPCs are incorrect.
What configuration will allow AnyCompany A to communicate with AnyCompany C in addition to the database in AnyCompany B?

  • A. On VPC-A, create a static route for the VPC-B CIDR (10.0.0.77/32) database across VPC peer pcx-AB.Create a static route for the VPC-C CIDR on VPC peer pcx-AC.On VPC-B, create a static route for VPC-A CIDR (172.16.0.0/24) on peer pcx-AB.On VPC-C, create a static route for VPC-A CIDR (172.16.0.0/24) across peer pcx-AC.
  • B. On VPC-A, create a static route for the VPC-B CIDR range (10.0.0.0/24) across VPC peer pcx-AB.Create a static route of 10.0.0.0/16 across VPC peer pcx-AC.On VPC-B, create a static route for VPC-A CIDR (172.16.0.0/24) on peer pcx-AB.On VPC-C, create a static route for VPC-A CIDR (172.16.0.0/24) across peer pcx-AC.
  • C. On VPC-A, create network access control lists that block the IP address 10.0.0.77/32 on VPC peer pcx-AC.On VPC-A, create a static route for VPC-B CIDR (10.0.0.0/24) on pcx-AB and a static route for VPC-C CIDR (10.0.0.0/24) on pcx-AC.On VPC-B, create a static route for VPC-A CIDR (172.16.0.0/24) across peer pcx-AB.On VPC-C, create a static route for VPC-A CIDR (172.16.0.0/24) across peer pcx-AC.
  • D. On VPC-A, enable dynamic route propagation on pcx-AB and pcx-AC.On VPC-B, enable dynamic route propagation and use security groups to allow only the IP address 10.0.0.77/32 on VPC peer pcx-AB.On VPC-C, enable dynamic route propagation with VPC-A on peer pcx-AC.

Answer: A

 

NEW QUESTION 85
A Company has a security event whereby an Amazon S3 bucket with sensitive information was made public.
Company policy is to never have public S3 objects, and the Compliance team must be informed immediately when any public objects are identified.
How can the presence of a public S3 object be detected, set to trigger alarm notifications, and automatically remediated in the future? (Choose two.)

  • A. Turn on object-level logging for Amazon S3. Configure a CloudWatch event to notify by using an SNS topic when a PutObject API call with public-read permission is detected in the AWS CloudTrail logs.
  • B. Turn on object-level logging for Amazon S3. Turn on Amazon S3 event notifications to notify by using an Amazon SNS topic when a PutObject API call is made with a public-read permission.
  • C. Schedule a recursive Lambda function to regularly change all object permissions inside the S3 bucket.
  • D. Configure an Amazon CloudWatch Events rule that invokes an AWS Lambda function to secure the S3 bucket.
  • E. Use the S3 bucket permissions for AWS Trusted Advisor and configure a CloudWatch event to notify by using Amazon SNS.

Answer: A,E

 

NEW QUESTION 86
......

Certification dumps - AWS Certified Solutions Architect AWS-Solutions-Architect-Professional guides - 100% valid: https://www.actual4exams.com/AWS-Solutions-Architect-Professional-valid-dump.html

100% Pass Your AWS-Solutions-Architect-Professional AWS Certified Solutions Architect - Professional at First Attempt with Actual4Exams: https://drive.google.com/open?id=1pRKpczdBoWndMcQlPOqvqVLkp5lb91nW

Related Articles

more
Amazon AWS-Solutions-Architect-Professional Certification Practice Exam

Take our exam training material as your study reference, and pass your exam with the help of our actual exam dumps. When you choose our latest exam torrent, you will get your IT certification with more confident and more ease.

Latest Actual Exam Dump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Actual4Exams NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
Actual4Exams doesn't offer Real ARDMS Exam Questions.
Actual4Exams does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4Exams does not own or claim any ownership on any of the brands.