Top Quality AWS-Solution-Architect-Associate Braindump 2019
It is impossible to pass Amazon AWS-Solution-Architect-Associate exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed Amazon AWS-Solution-Architect-Associate practice questions. You will get a surprising result by our Regenerate Amazon AWS Certified Solutions Architect - Associate practice guides.
NEW QUESTION 1
While signing in REST/ Query requests, for additional security, you should transmit your requests using Secure Sockets Layer (SSL) by using
- A. HTIP
- B. Internet Protocol Security(IPsec)
- C. TLS (Transport Layer Security)
- D. HTIPS
NEW QUESTION 2
You are designing an SSUTLS solution that requires HTIPS clients to be authenticated by the Web server using client certificate authentication. The solution must be resilient.
Which of the following options would you consider for configuring the web server infrastructure? (Choose 2 answers)
- A. Configure ELB with TCP listeners on TCP/4d3. And place the Web servers behind it.
- B. Configure your Web servers with EIPS Place the Web servers in a Route53 Record Set and configure health checks against all Web servers.
- C. Configure ELB with HTIPS listeners, and place the Web servers behind it.
- D. Configure your web servers as the origins for a Cloud Front distributio
- E. Use custom SSL certificates on your Cloud Front distribution.
NEW QUESTION 3
You manually launch a NAT AMI in a public subnet. The network is properly configured. Security groups and network access control lists are property configured. Instances in a private subnet can access the NAT. The NAT can access the Internet. However, private instances cannot access the Internet. What additional step is required to allow access from the private instances?
- A. Enable Source/Destination Check on the private Instances.
- B. Enable Source/Destination Check on the NAT instance.
- C. Disable Source/Destination Check on the private instances.
- D. Disable Source/Destination Check on the NAT instanc
NEW QUESTION 4
You are implementing AWS Direct Connect. You intend to use AWS public service end points such as Amazon 53, across the AWS Direct Connect link. You want other Internet traffic to use your existing link to an Internet Service Provider.
What is the correct way to configure AW5 Direct connect for access to services such as Amazon 53?
- A. Configure a public Interface on your AW5 Direct Connect link Configure a static route via your AW5 Direct Connect link that points to Amazon 53 Advertise a default route to AW5 using BGP.
- B. Create a private interface on your AW5 Direct Connect lin
- C. Configure a static route via your AW5 Direct connect link that points to Amazon 53 Configure specific routes to your network in your VPC,
- D. Create a public interface on your AW5 Direct Connect link Redistribute BGP routes into your existing routing infrastructure advertise specific routes for your network to AW5.
- E. Create a private interface on your AW5 Direct connect lin
- F. Redistribute BGP routes into your existing routing infrastructure and advertise a default route to AW5.
NEW QUESTION 5
Amazon RDS provides high availability and failover support for DB instances using .
- A. customized deployments
- B. Appstream customizations
- C. log events
- D. MuIti-AZ deployments
Amazon RDS provides high availability and failover support for DB instances using MuIti-AZ deployments. MuIti-AZ deployments for Oracle, PostgreSQL, MySQL, and MariaDB DB instances use Amazon technology, while SQL Server DB instances use SQL Server Mrroring.
NEW QUESTION 6
When should I choose Provisioned IOPS over Standard RDS storage?
- A. If you use production online transaction processing (OLTP) workloads.
- B. If you have batch-oriented workloads
- C. If you have workloads that are not sensitive to consistent performance
NEW QUESTION 7
Your website is serving on-demand training videos to your workforce. Videos are uploaded monthly in high resolution MP4 format. Your workforce is distributed globally often on the move and using company-provided tablets that require the HTTP Live Streaming (HLS) protocol to watch a video. Your company has no video transcoding expertise and it required you may need to pay for a consultant.
How do you implement the most cost-efficient architecture without compromising high availability and quality of video delivery'?
- A. A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust the number of nodes depending on the length of the queu
- B. EBS volumes to host videos and EBS snapshots to incrementally backup original files after a few day
- C. CIoudFront to serve HLS transcoded videos from EC2.
- D. Elastic Transcoder to transcode original high-resolution MP4 videos to HL
- E. EBS volumes to host videos and EBS snapshots to incrementally backup original files after a few day
- F. CIoudFront to serve HLS transcoded videos from EC2.
- G. Elastic Transcoder to transcode original high-resolution NIP4 videos to HL
- H. 53 to host videos with Lifecycle Management to archive original files to Glacier after a few day
- I. C|oudFront to serve HLS transcoded videos from 53.
- J. A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust the number of nodes depending on the length of the queu
- K. 53 to host videos with Lifecycle Management to archive all files to Glacier after a few day
- L. CIoudFront to serve HLS transcoded videos from Glacier.
NEW QUESTION 8
You're trying to delete an SSL certificate from the IAM certificate store, and you're getting the message "Certificate: <certificate-id> is being used by CIoudFront." Which of the following statements is probably the reason why you are getting this error?
- A. Before you can delete an SSL certificate, you need to either rotate SSL certificates or revert from using a custom SSL certificate to using the default CIoudFront certificate.
- B. You can't delete SSL certificates . You need to request it from AWS.
- C. Before you can delete an SSL certificate, you need to set up the appropriate access level in IAM
- D. Before you can delete an SSL certificate you need to set up https on your serve
CIoudFront is a web service that speeds up distribution of your static and dynamic web content, for example, .htmI, .css, .php, and image files, to end users.
Every CIoudFront web distribution must be associated either with the default CIoudFront certificate or with a custom SSL certificate. Before you can delete an SSL certificate, you need to either rotate SSL certificates (replace the current custom SSL certificate with another custom SSL certificate) or revert from using a custom SSL certificate to using the default CIoudFront certificate.
NEW QUESTION 9
A customer has a 10 GB AWS Direct Connect connection to an AWS region where they have a web application hosted on Amazon Elastic Computer Cloud (EC2). The application has dependencies on an on-premises mainframe database that uses a BASE (Basic Available. Sort stale Eventual consistency) rather than an ACID (Atomicity. Consistency isolation. Durability) consistency model.
The application is exhibiting undesirable behavior because the database is not able to handle the volume of writes. How can you reduce the load on your on-premises database resources in the most
- A. Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization mechanism between the on-premises database and a Hadoop cluster on AWS.
- B. Modify the application to write to an Amazon SQS queue and develop a worker process to flush the queue to the on-premises database.
- C. Modify the application to use DynamoDB to feed an EMR cluster which uses a map function to write to the on-premises database.
- D. Provision an RDS read-replica database on AWS to handle the writes and synchronize the two databases using Data Pipeline.
NEW QUESTION 10
When you view the block device mapping for your instance, you can see only the EBS volumes, not the instance store volumes.
- A. Depends on the instance type
- B. FALSE
- C. Depends on whether you use API call
- D. TRUE
NEW QUESTION 11
You need to set up a security certificate for a cIient's e-commerce website as it will use the HTTPS protocol. Which of the below AWS services do you need to access to manage your SSL server certificate?
- A. AWS Directory Service
- B. AWS Identity & Access Management
- C. AWS CIoudFormation
- D. Amazon Route 53
AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS.
All your SSL server certificates are managed by AWS Identity and Access management (IAM). Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingServerCerts.htm|
NEW QUESTION 12
How are the EBS snapshots saved on Amazon 53?
- A. Exponentially
- B. Incrementally
- C. EBS snapshots are not stored in the Amazon 53
- D. Decrementally
NEW QUESTION 13
You currently operate a web application In the AWS US-East region The application runs on an autoscaled layer of EC2 instances and an RDS Multi-AZ database Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2.1AM And RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of these solutions would you recommend?
- A. Create a new C|oudTraiI trail with one new 53 bucket to store the logs and with the global services option selected Use IAM roles 53 bucket policies and Multi Factor Authentication (MFA) Delete on the 53 bucket that stores your logs.
- B. Create a new CIoudTraiI with one new 53 bucket to store the logs Configure SNS to send log file delivery notifications to your management system Use IAM roles and 53 bucket policies on the 53 bucket mat stores your logs.
- C. Create a new CIoudTraiI trail with an existing 53 bucket to store the logs and with the global services option selected Use 53 ACLs and Multi Factor Authentication (MFA) Delete on the 53 bucket that stores your logs.
- D. Create three new C|oudTrai| trails with three new 53 buckets to store the logs one for the AWS Management console, one for AWS 5DKs and one for command line tools Use IAM roles and 53 bucket policies on the 53 buckets that store your logs.
NEW QUESTION 14
For each DB Instance class, what is the maximum size of associated storage capacity?
- A. 5GB
- B. 1 TB
- C. 2TB
- D. 500GB
NEW QUESTION 15
A, _ is an indMdual, system, or application that interacts with AWS programmatically.
- A. user
- B. AWS Account
- C. Group
- D. Role
NEW QUESTION 16
Can I initiate a "forced failover" for my MySQL Multi-AZ DB Instance deployment?
- A. Only in certain regions
- B. Only in VPC
- C. Yes
- D. No
NEW QUESTION 17
What does Amazon Cloud Formation provide?
- A. The ability to setup Autoscaling for Amazon EC2 instances.
- B. None of these.
- C. A templated resource creation for Amazon Web Services.
- D. A template to map network resources for Amazon Web Service
NEW QUESTION 18
You have a Business support plan with AWS. One of your EC2 instances is running Mcrosoft Windows Server 2008 R2 and you are having problems with the software. Can you receive support from AWS for this software?
- A. Yes
- B. No, AWS does not support any third-party software.
- C. No, Mcrosoft Windows Server 2008 R2 is not supported.
- D. No, you need to be on the enterprise support pla
Third-party software support is available only to AWS Support customers enrolled for Business or Enterprise Support. Third-party support applies only to software running on Amazon EC2 and does not extend to assisting with on-premises software. An exception to this is a VPN tunnel configuration running supported devices for Amazon VPC.
NEW QUESTION 19
Can a single EBS volume be attached to multiple EC2 instances at the same time?
- A. Yes
- B. No
- C. Only for high-performance EBS volumes.
- D. Only when the instances are located in the US region
You can't attach an EBS volume to multiple EC2 instances. This is because it is equivalent to using a single hard drive with many computers at the same time.
NEW QUESTION 20
A customer implemented AWS Storage Gateway with a gateway-cached volume at their main office.
An event takes the link between the main and branch office offline. Which methods will enable the branch office to access their data? Choose 3 answers
- A. Use a HTTPS GET to the Amazon 53 bucket where the files are located.
- B. Restore by implementing a lifecycle policy on the Amazon 53 bucket.
- C. IV|ake an Amazon Glacier Restore API ca II to load the files into another Amazon 53 bucket within four to six hours.
- D. Launch a new AWS Storage Gateway instance AM in Amazon EC2, and restore from a gateway snapshot
- E. Create an Amazon EBS volume from a gateway snapshot, and mount it to an Amazon EC2 instance.
- F. Launch an AWS Storage Gateway virtual iSCSI device at the branch office, and restore from a gateway snapshot
NEW QUESTION 21
What does Amazon EBS stand for?
- A. Elastic Block Storage
- B. Elastic Business Server
- C. Elastic Blade Server
- D. Elastic Block Store
NEW QUESTION 22
If I want an instance to have a public IP address, which IP address should I use'?
- A. Elastic I P Address
- B. Class B IP Address
- C. Class A IP Address
- D. Dynamic IP Address
NEW QUESTION 23
Which of the following services natively encrypts data at rest within an AWS region? Choose 2 answers
- A. AWS Storage Gateway
- B. Amazon DynamoDB
- C. Amazon C|oudFront
- D. Amazon Glacier
- E. Amazon Simple Queue Senrice
https://media.amazonwebservices.com/AWS_Securing_Data_ at_Rest_ with_E ncryption. pdf (page 12)
NEW QUESTION 24
What is the maximum write throughput I can provision for a single Dynamic DB table?
- A. 1,000 write capacity units
- B. 100,000 write capacity units
- C. Dynamic DB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.
- D. 10,000 write capacity units
NEW QUESTION 25
If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect?
- A. No
- B. Yes
NEW QUESTION 26
Location of Insta nces are -----
- A. Regional
- B. based on Availability Zone
- C. Global
NEW QUESTION 27
What happens when you create a topic on Amazon SNS?
- A. The topic is created, and it has the name you specified for it.
- B. An ARN (Amazon Resource Name) is created.
- C. You can create a topic on Amazon SQS, not on Amazon SNS.
- D. This QUESTION doesn't make sens
NEW QUESTION 28
You've been brought in as solutions architect to assist an enterprise customer with their migration of an e-commerce platform to Amazon Virtual Private Cloud (VPC) The previous architect has already deployed a 3-tier VPC, The configuration is as follows:
VPC: vpc-2f8bc447 IGW: igw-2d8bc445 NACL: ad-208bc448
5ubnets and Route Tables: Web sewers: subnet-258bc44d
Application servers: subnet-248bc44c Database sewers: subnet-9189c6f9 Route Tables:
rrb-218bc449 rtb-238bc44b Associations:
subnet-258bc44d : rtb-218bc449 subnet-248bc44c : rtb-238bc44b subnet-9189c6f9 : rtb-238bc44b
You are now ready to begin deploying EC2 instances into the VPC Web servers must have direct access to the internet Application and database sewers cannot have direct access to the internet.
Which configuration below will allow you the ability to remotely administer your application and database servers, as well as allow these sewers to retrieve updates from the Internet?
- A. Create a bastion and NAT instance in subnet-258bc44d, and add a route from rtb- 238bc44b to the NAT instance.
- B. Add a route from rtb-238bc44b to igw-2d8bc445 and add a bastion and NAT instance within subnet-248bc44c.
- C. Create a bastion and NAT instance in subnet-248bc44c, and add a route from rtb- 238bc44b to subneb258bc44d.
- D. Create a bastion and NAT instance in subnet-258bc44d, add a route from rtb-238bc44b to Igw- 2d8bc445, and a new NACL that allows access between subnet-258bc44d and subnet -248bc44c.
NEW QUESTION 29
The Trusted Advisor service provides insight regarding which four categories of an AWS account?
- A. Security, fault tolerance, high availability, and connectMty
- B. Security, access control, high availability, and performance
- C. Performance, cost optimization, security, and fault tolerance
- D. Performance, cost optimization, access control, and connectMty
NEW QUESTION 30
P.S. Surepassexam now are offering 100% pass ensure AWS-Solution-Architect-Associate dumps! All AWS-Solution-Architect-Associate exam questions have been updated with correct answers: https://www.surepassexam.com/AWS-Solution-Architect-Associate-exam-dumps.html (1487 New Questions)