[2024] Verified AWS-Solutions-Architect-Professional Dumps Q&As - 1 Year Free & Quickly Updates [Q23-Q47]

[2024] Verified AWS-Solutions-Architect-Professional Dumps Q&As - 1 Year Free & Quickly Updates

Latest 2024 Realistic Verified AWS-Solutions-Architect-Professional Dumps - 100% Free AWS-Solutions-Architect-Professional Exam Dumps

NEW QUESTION # 23
A company wants to migrate to AWS. The company is running thousands of VMs in a VMware ESXi environment. The company has no configuration management database and has little Knowledge about the utilization of the VMware portfolio.
A solutions architect must provide the company with an accurate inventory so that the company can plan for a cost-effective migration.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Export the VMware portfolio to a csv file. Check the disk utilization for each server. Remove servers that have high utilization. Export the data to AWS Application Migration Service. Use AWS Server Migration Service (AWS SMS) to migrate the remaining servers.
• B. Use AWS Systems Manager Patch Manager to deploy Migration Evaluator to each VM. Review the collected data in Amazon QuickSight. Identify servers that have high utilization. Remove the servers that have high utilization from the migration list. Import the data to AWS Migration Hub.
• C. Deploy the Migration Evaluator agentless collector to the ESXi hypervisor. Review the collected data in Migration Evaluator. Identify inactive servers. Remove the inactive servers from the migration list.
  Import the data to AWS Migration Hub.
• D. Deploy the AWS Application Migration Service Agent to each VM. When the data is collected, use Amazon Redshift to import and analyze the data. Use Amazon QuickSight for data visualization.

Answer: C

Explanation:
https://aws.amazon.com/migration-evaluator/features/

NEW QUESTION # 24
An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time.
What is the MOST secure way to do this?

• A. Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multi- factor authentication.
• B. Enable public read on the S3 object and provide the link to the vendor.
• C. Upload the file to Amazon WorkDocs and share the public link with the vendor.
• D. Generate a presigned URL and have the vendor download the log file before it expires.

Answer: D

NEW QUESTION # 25
An organization has two Amazon EC2 instances:
* The first is running an ordering application and an inventory application.
* The second is running a queuing system.
During certain times of the year, several thousand orders are placed per second. Some orders were lost when the queuing system was down. Also, the organization's inventory application has the incorrect quantity of products because some orders were processed twice.
What should be done to ensure that the applications can handle the increasing number of orders?

• A. Put the ordering and inventory applications into their own AWS Lambda functions. Have the ordering application write the messages into an Amazon SQS FIFO queue.
• B. Put the ordering and inventory applications into their own Amazon EC2 instances. Write the incoming orders to an Amazon Kinesis data stream Configure AWS Lambda to poll the stream and update the inventory application.
• C. Put the ordering and inventory applications into their own Amazon ECS containers and create an Auto Scaling group for each application. Then, deploy the message queuing server in multiple Availability Zones.
• D. Put the ordering and inventory applications into their own Amazon EC2 instances, and create an Auto Scaling group for each application. Use Amazon SQS standard queues for the incoming orders, and implement idempotency in the inventory application.

Answer: D

NEW QUESTION # 26
A finance company is running its business-critical application on current-generation Linux EC2 instances The application includes a self-managed MySQL database performing heavy I/O operations. The application is working fine to handle a moderate amount of traffic during the month. However, it slows down during the final three days of each month due to month-end reporting, even though the company is using Elastic Load Balancers and Auto Scaling within its infrastructure to meet the increased demand.
Which of the following actions would allow the database to handle the month-end load with the LEAST impact on performance?

• A. Pre-warming Elastic Load Balancers, using a bigger instance type, changing all Amazon EBS volumes to GP2 volumes.
• B. Replacing all existing Amazon EBS volumes with new PIOPS volumes that have the maximum available storage size and I/O per second by taking snapshots before the end of the month and reverting back afterwards.
• C. Performing a one-time migration of the database cluster to Amazon RDS. and creating several additional read replicas to handle the load during end of month
• D. Using Amazon CioudWatch with AWS Lambda to change the type. size, or IOPS of Amazon EBS volumes in the cluster based on a specific CloudWatch metric

Answer: C

Explanation:
In this scenario, the Amazon EC2 instances are in an Auto Scaling group already which means that the database read operations is the possible bottleneck especially during the month-end wherein the reports are generated. This can be solved by creating RDS read replicas.

NEW QUESTION # 27
A company has implemented a global multiplayer gaming platform The platform requires gaming clients to have reliable, low-latency access to the server infrastructure that is hosted on a fleet of Amazon EC2 instances in a single AWS Region The gaming clients use a custom TCP protocol to connect to the server infrastructure The application architecture requires client IP addresses to be available to the server software Which solution meets these requirements?

• A. Use an AWS Direct Connect gateway to connect multiple Direct Connect locations in different Regions globally Configure Amazon Route 53 with geolocation routing to send traffic to the nearest Direct Connect location Associate the VPC that contains the EC2 instances with the Direct Connect gateway
• B. Create a Network Load Balancer (NLB), and add the EC2 instances to a target group Create an Amazon CloudFront Real Time Messaging Protocol (RTMP) distribution and configure the origin to point to the DNS endpoint of the NLB Use proxy protocol version 2 headers to preserve client IP addresses
• C. Create an Application Load Balancer (ALB) and add the EC2 instances to a target group Create a set of Amazon Route 53 latency-based alias records that point to the DNS endpoint of the ALB Use X-Forwarded-For headers to preserve client IP addresses
• D. Create an accelerator in AWS Global Accelerator and configure the listener to point to a single endpoint group Add each of the EC2 instances as endpoints to the endpoint group Configure the endpoint group weighting equally across all of the EC2 endpoints

Answer: A

NEW QUESTION # 28
A company has a legacy application running on servers on premises. To increase the application's reliability, the company wants to gain actionable insights using application logs.
A Solutions Architect has been given following requirements for the solution:
- Aggregate logs using AWS.
- Automate log analysis for errors.
- Notify the Operations team when errors go beyond a specified
threshold.
What solution meets the requirements?

• A. Install the Amazon CloudWatch agent on servers, send logs to Amazon CloudWatch Logs and use metric filters to identify errors, create a CloudWatch alarm to notify the Operations team of errors.
• B. Install Amazon Kinesis Agent on servers, send logs to Amazon Kinesis Data Streams and use Amazon Kinesis Data Analytics to identify errors, create an Amazon CloudWatch alarm to notify the Operations team of errors
• C. Install an AWS X-Ray agent on servers, send logs to AWS Lambda and analyze them to identify errors, use Amazon CloudWatch Events to notify the Operations team of errors.
• D. Install Logstash on servers, send logs to Amazon S3 and use Amazon Athena to identify errors, use sendmail to notify the Operations team of errors.

Answer: B

Explanation:
https://docs.aws.amazon.com/kinesis-agent-windows/latest/userguide/what-is-kinesis-agent- windows.html
https://medium.com/@khandelwal12nidhi/build-log-analytic-solution-on-aws-cc62a70057b2

NEW QUESTION # 29
A company has implemented an ordering system using an event-driven architecture. During initial testing, the system stopped processing orders. Further log analysis revealed that one order message in an Amazon Simple Queue Service (Amazon SQS) standard queue was causing an error on the backend and blocking all subsequent order messages. The visibility timeout of the queue is set to 30 seconds, and the backend processing timeout is set to 10 seconds. A solutions architect needs to analyze faulty order messages and ensure that the system continues to process subsequent messages.
Which step should the solutions architect take to meet these requirements?

• A. Configure a new SQS standard queue as a dead-letter queue to isolate the faulty messages.
• B. Reduce the visibility timeout of the queue to automatically remove the faulty message.
• C. Increase the backend processing timeout to 30 seconds to match the visibility timeout.
• D. Configure a new SQS FIFO queue as a dead-letter queue to isolate the faulty messages.

Answer: A

NEW QUESTION # 30
A company runs an application on an Amazon EC2 instance backed by Amazon Elastic Block Store (Amazon EBS). The instance needs to be available for 12 hours daily. The company wants to save costs by making the instance unavailable outside the window required for the application. However, the contents of the instance's memory must be preserved whenever the instance is unavailable.
What should a solutions architect do to meet this requirement?

• A. Use Auto Scaling to scale down the instance outside the application's availability window. Scale up the instance when required.
• B. Stop the instance outside the application's availability window. Start up the instance again when required.
• C. Hibernate the instance outside the application's availability window. Start up the instance again when required.
• D. Terminate the instance outside the application's availability window. Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required.

Answer: C

NEW QUESTION # 31
A company is migrating a document processing workload to AWS. The company has updated many applications to natively use the Amazon S3 API to store, retrieve, and modify documents that a processing server generates at a rate of approximately 5 documents every second. After the document processing is finished, customers can download the documents directly from Amazon S3.
During the migration, the company discovered that it could not immediately update the processing server that generates many documents to support the S3 API. The server runs on Linux and requires fast local access to the files that the server generates and modifies. When the server finishes processing, the files must be available to the public for download within 30 minutes.
Which solution will meet these requirements with the LEAST amount of effort?

• A. Configure AWS DataSync to connect to an Amazon EC2 instance. Configure a task to synchronize the generated files to and from Amazon S3.
• B. Configure Amazon FSx for Lustre with an import and export policy. Link the new file system to an S3 bucket. Install the Lustre client and mount the document store to an Amazon EC2 instance by using NFS.
• C. Migrate the application to an AWS Lambda function. Use the AWS SDK for Java to generate, modify, and access the files that the company stores directly in Amazon S3.
• D. Set up an Amazon S3 File Gateway and configure a file share that is linked to the document store.
  Mount the file share on an Amazon EC2 instance by using NFS. When changes occur in Amazon S3, initiate a RefreshCache API call to update the S3 File Gateway.

Answer: B

Explanation:
Explanation
Amazon FSx for Lustre is a fully managed service that provides cost-effective, high-performance, scalable storage for compute workloads. Powered by Lustre, the world's most popular high-performance file system, FSx for Lustre offers shared storage with sub-ms latencies, up to terabytes per second of throughput, and millions of IOPS. FSx for Lustre file systems can also be linked to Amazon Simple Storage Service (S3) buckets, allowing you to access and process data concurrently from both a high-performance file system and from the S3 API.

NEW QUESTION # 32
A large company has increased its utilization of AWS over time in an unmanaged way. As such, they have a large number of independent AWS accounts across different business units, projects, and environments. The company has created a Cloud Center of Excellence team, which is responsible for managing all aspects of the AWS Cloud, including their AWS accounts.
Which of the following should the Cloud Center of Excellence team do to BEST address their requirements in a centralized way? (Select two.)

• A. Control all AWS account root user credentials. Assign AWS IAM users in the account of each user who needs to access AWS resources. Follow the policy of least privilege in assigning permissions to each user.
• B. Tag all AWS resources with details about the business unit, project, and environment. Send all AWS Cost and Usage reports to a central Amazon S3 bucket, and use tools such as Amazon Athena and Amazon QuickSight to collect billing details by business unit.
• C. Use the AWS Marketplace to choose and deploy a Cost Management tool. Tag all AWS resources with details about the business unit, project, and environment. Send all AWS Cost and Usage reports for the AWS accounts to this tool for analysis.
• D. Set up AWS Organizations. Enable consolidated billing, and link all existing AWS accounts to a master billing account. Tag all AWS resources with details about the business unit, project and environment.
  Analyze Cost and Usage reports using tools such as Amazon Athena and Amazon QuickSight to collect billing details by business unit.
• E. Using a master AWS account, create IAM users within the master account. Define IAM roles in the other AWS accounts, which cover each of the required functions in the account. Follow the policy of least privilege in assigning permissions to each role, then enable the IAM users to assume the roles that they need to use.

Answer: A,D

NEW QUESTION # 33
A retail company is operating its ecommerce application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses an Amazon RDS DB instance as the database backend. Amazon CloudFront is configured with one origin that points to the ALB. Static content is cached. Amazon Route 53 is used to host all public zones.
After an update of the application, the ALB occasionally returns a 502 status code (Bad Gateway) error. The root cause is malformed HTTP headers that are returned to the ALB. The webpage returns successfully when a solutions architect reloads the webpage immediately after the error occurs.
While the company is working on the problem, the solutions architect needs to provide a custom error page instead of the standard ALB error page to visitors.
Which combination of steps will meet this requirement with the LEAST amount of operational overhead?
(Choose two.)

• A. Add a custom error response by configuring a CloudFront custom error page. Modify DNS records to point to a publicly accessible web page.
• B. Modify the existing Amazon Route 53 records by adding health checks. Configure a fallback target if the health check fails. Modify DNS records to point to a publicly accessible webpage.
• C. Create an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Target.FailedHealthChecks is greater than 0. Configure the Lambda function to modify the forwarding rule at the ALB to point to a publicly accessible web server.
• D. Create an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Elb.InternalError is greater than 0. Configure the Lambda function to modify the forwarding rule at the ALB to point to a public accessible web server.
• E. Create an Amazon S3 bucket. Configure the S3 bucket to host a static webpage. Upload the custom error pages to Amazon S3.

Answer: A,E

Explanation:
Explanation
"Save your custom error pages in a location that is accessible to CloudFront. We recommend that you store them in an Amazon S3 bucket, and that you don't store them in the same place as the rest of your website or application's content. If you store the custom error pages on the same origin as your website or application, and the origin starts to return 5xx errors, CloudFront can't get the custom error pages because the origin server is unavailable."
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GeneratingCustomErrorResponses.htm

NEW QUESTION # 34
Is there any way to own a direct connection to Amazon Web Services?

• A. No, you can create an encrypted tunnel to VPC, but you cannot own the connection.
• B. No, AWS only allows access from the public Internet.
• C. Yes, you can via Amazon Dedicated Connection.
• D. Yes, you can via AWS Direct Connect.

Answer: D

Explanation:
AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard 1
gigabit or 10 gigabit Ethernet fiber-optic cable. One end of the cable is connected to your router, the other
to an AWS Direct Connect router. With this connection in place, you can create virtual interfaces directly
to the AWS cloud (for example, to Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple
Storage Service (Amazon S3)) and to Amazon Virtual Private Cloud (Amazon VPC), bypassing Internet
service providers in your network path.
Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

NEW QUESTION # 35
You have been given the task to define multiple AWS Data Pipeline schedules for different activities in the same pipeline. Which of the following would successfully accomplish this task?

• A. Defining multiple schedule objects in the schedule field
• B. Creating multiple pipeline definition files
• C. Defining multiple pipeline definitions in your schedule objects file and associating the desired schedule to the correct activity via its schedule field
• D. Defining multiple schedule objects in your pipeline definition file and associating the desired schedule to the correct activity via its schedule field

Answer: D

Explanation:
To define multiple schedules for different activities in the same pipeline, in AWS Data Pipeline, you should define multiple schedule objects in your pipeline definition file and associate the desired schedule to the correct activity via its schedule field. As an example of this, it could allow you to define a pipeline in which log files are stored in Amazon S3 each hour to drive generation of an aggregate report once a day.
https://aws.amazon.com/datapipeline/faqs/

NEW QUESTION # 36
A company is running a serverless application that consists of several AWS Lambda functions and Amazon DynamoDB tables. The company has created new functionality that requires the Lambda functions to access an Amazon Neptune DB cluster. The Neptune DB cluster is located in three subnets in a VPC.
Which of the possible solutions will allow the Lambda functions to access the Neptune DB cluster and DynamoDB tables? (Select TWO.)

• A. Create three public subnets in the Neptune VPC, and route traffic through an internet gateway. Host the Lambda functions in the three new public subnets.
• B. Create three private subnets in the Neptune VPC, and route internet traffic through a NAT gateway.
  Host the Lambda functions in the three new private subnets.
• C. Host the Lambda functions outside the VPC. Update the Neptune security group to allow access from the IP ranges of the Lambda functions.
• D. Host the Lambda functions outside the VPC. Create a VPC endpoint for the Neptune database, and have the Lambda functions access Neptune over the VPC endpoint.
• E. Create three private subnets in the Neptune VPC. Host the Lambda functions in the three new isolated subnets. Create a VPC endpoint for DynamoDB, and route DynamoDB traffic to the VPC endpoint.

Answer: B,E

Explanation:
Explanation: This option allows the company to use private subnets and VPC endpoints to connect the Lambda functions to the Neptune DB cluster and DynamoDB tables securely and efficiently1. By creating three private subnets in the Neptune VPC, the company can isolate the Lambda functions from the public internet and reduce the attack surface2. By routing internet traffic through a NAT gateway, the company can enable the Lambda functions to access AWS services that are outside the VPC, such as Amazon S3 or Amazon CloudWatch3. By hosting the Lambda functions in the three new private subnets, the company can ensure that the Lambda functions can access the Neptune DB cluster within the same VPC4. By creating a VPC endpoint for DynamoDB, the company can enable the Lambda functions to access DynamoDB tables without going through the internet or a NAT gateway5. By routing DynamoDB traffic to the VPC endpoint, the company can improve the performance and availability of the DynamoDB access5.
References:
Configuring a Lambda function to access resources in a VPC
Working with VPCs and subnets
NAT gateways
Accessing Amazon Neptune from AWS Lambda
VPC endpoints for DynamoDB

NEW QUESTION # 37
You are responsible for a web application that consists of an Elastic Load Balancing (ELB) load balancer
in front of an Auto Scaling group of Amazon Elastic Compute Cloud (EC2) instances. For a recent
deployment of a new version of the application, a new Amazon Machine Image (AMI) was created, and
the Auto Scaling group was updated with a new launch configuration that refers to this new AMI. During
the deployment, you received complaints from users that the website was responding with errors. All
instances passed the ELB health checks.
What should you do in order to avoid errors for future deployments? (Choose 2 answer)

• A. Create a new launch configuration that refers to the new AMI, and associate it with the group. Double
  the size of the group, wait for the new instances to become healthy, and reduce back to the original size.
  If new instances do not become healthy, associate the previous launch configuration.
• B. Add an Elastic Load Balancing health check to the Auto Scaling group. Set a short period for the health
  checks to operate as soon as possible in order to prevent premature registration of the instance to the
  load balancer.
• C. Enable EC2 instance CloudWatch alerts to change the launch configuration's AMI to the previous one.
  Gradually terminate instances that are using the new AMI.
• D. Set the Elastic Load Balancing health check configuration to target a part of the application that fully
  tests application health and returns an error if the tests fail.
• E. Increase the Elastic Load Balancing Unhealthy Threshold to a higher value to prevent an unhealthy
  instance from going into service behind the load balancer.

Answer: A,D

NEW QUESTION # 38
An internal security audit of AWS resources within a company found that a number of Amazon EC2 instances running Microsoft Windows workloads were missing several important operating system-level patches. A Solutions Architect has been asked to fix existing patch deficiencies, and to develop a workflow to ensure that future patching requirements are identified and taken care of quickly. The Solutions Architect has decided to use AWS Systems Manager. It is important that EC2 instance reboots do not occur at the same time on all Windows workloads to meet organizational uptime requirements.
Which workflow will meet these requirements in an automated manner?

• A. Add a Patch Group tag a value of Windows Servers to all existing EC2 instances. Ensure that all Windows EC2 instances are assigned this tag. Associate the AWS-WindowsPatchBaseline document as a task associated with the Windows Servers patch group. Create an Amazon CloudWatch Events rule configured to use a cron expression to schedule the execution of patching using the AWS Systems Manager run command. Create an AWS Systems Manager State Manager document to define commands to be executed during patch execution.
• B. Add a Patch Group tag with a value of either Windows servers1 or Windows Server2 to all existing EC2 instances. Ensure that all Windows EC2 instances are assigned this tag. Associate the AWS- WindowsPatchBaseline with both Windows Servers patch groups. Define two non- overlapping AWS Systems Manager maintenance windows, conduct patching within them, and associate each with a different patch group. Assign the AWS-RunWindowsPatchBaseline document as a task within each maintenance window. Create an AWS Systems Manager State Manager document to define commands to be executed during patch execution.
• C. Add a Patch Group tag with a value of Windows Servers to all existing EC2 instances. Ensure that all Windows EC2 instances are assigned this tag. Associate the AWS-DefaultPatchBaseline to the Windows servers patch group. Define an AWS Systems Manager maintenance window, conduct patching within it, and associate it with the Windows Servers patch group. Register instances with the maintenance window using associated subnet IDs. Assign the AWS- RunPatchBaseline document as a task within each maintenance window.
• D. Add a Patch Group tag with a value of either Windows Servers1 or Windows Server2 to all existing EC2 instances. Ensure that all Windows EC2 instances are assigned this tag. Associate the AWS- DefaultPatchBaseline with both Windows Servers patch groups. Define two non- overlapping AWS Systems Manager maintenance windows, conduct patching within them, and associate each with a different patch group. Register targets with specific maintenance windows using the Patch Group tags.
  Assign the AWS-RunPatchBaseline document as a task within each maintenance window.

Answer: D

Explanation:
A\B: Need 2 different maintenance window so they don't reboot at the same time.
https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-patch-group- tagging.html
https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-create- mw.html
https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-patch-working.html D: The following list describes the types of tasks you can perform with State Manager. Does not include patching. It's more like desired state configuration more then patching.
* Bootstrap instances with specific software at start-up
* Download and update agents on a defined schedule, including SSM Agent
* Configure network settings
* Join instances to a Windows domain (Windows instances only)
* Patch instances with software updates throughout their lifecycle
* Run scripts on Linux and Windows managed instances throughout their lifecycle
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-state.html

NEW QUESTION # 39
A company uses Amazon S3 to store files and images in a variety of storage classes. The company's S3 costs have increased substantially during the past year.
A solutions architect needs to review data trends for the past 12 months and identity the appropriate storage class for the objects.
Which solution will meet these requirements?

• A. Use Access Analyzer for S3. Download the Access Analyzer for S3 report for the last 12 months. Import the csvfile to an Amazon QuickSight dashboard.
• B. Use S3 storage class analysis. Import data trends into an Amazon QuickSight dashboard to analyze storage trends.
• C. Use Amazon S3 Storage Lens. Upgrade the default dashboard to include advanced metrics for storage trends.
• D. Download AWS Cost and Usage Reports for the last 12 months of S3 usage. Review AWS Trusted Advisor recommendations for cost savings.

Answer: B

Explanation:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens.html

NEW QUESTION # 40
A company is creating a web application that allows customers to view photos in their web browsers. The
website is hosted in us-east-1 on Amazon EC2 instances behind an Application Load Balancer. Users will
be located in many places around the world.
Which solution should provide all users with the fastest photo viewing experience?

• A. Implement an AWS Auto Scaling group for the web server instances behind the Application Load
  Balancer.
• B. Enable Amazon CloudFront for the website and specify the Application Load Balancer as the origin.
• C. Move the photos into an Amazon S3 bucket and enable static website hosting.
• D. Enable Amazon ElastiCache in the web server subnet.

Answer: A

Explanation:
Explanation/Reference:
Reference: http://jayendrapatil.com/tag/elb/

NEW QUESTION # 41
In the context of IAM roles for Amazon EC2, which of the following NOT true about delegating permission to make API requests?

• A. You can specify the role when you launch your instances.
• B. You can have the application retrieve a set of temporary credentials and use them.
• C. You can define which accounts or AWS services can assume the role.
• D. You cannot create an IAM role.

Answer: D

Explanation:
Amazon designed IAM roles so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use.
Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles as follows: Create an IAM role. Define which accounts or AWS services can assume the role. Define which API actions and resources the application can use after assuming the role. Specify the role when you launch your instances. Have the application retrieve a set of temporary credentials and use them.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

NEW QUESTION # 42
A company hosts its core network services, including directory services and DNS, in its on-premises data center. The data center is connected to the AWS Cloud using AWS Direct Connect (DX). Additional AWS accounts are planned that will require quick, cost-effective, and consistent access to these network services.
What should a solutions architect implement to meet these requirements with the LEAST amount of operational overhead?

• A. Create a DX connection in each new account. Route the network traffic to the on-premises servers.
• B. Configure AWS Transit Gateway between the accounts. Assign DX to the transit gateway and route network traffic to the on-premises servers.
• C. Configure VPC endpoints in the DX VPC for all required services. Route the network traffic to the on- premises servers.
• D. Create a VPN connection between each new account and the DX VPC. Route the network traffic to the on-premises servers.

Answer: B

NEW QUESTION # 43
A large company has a business-critical application that runs in a single AWS Region The application consists of multiple Amazon EC2 instances and an Amazon RDS Multi-AZ DB instance The EC2 instances run In an Amazon EC2 Auto Scaling group across multiple Availability Zones A solutions architect is implementing a disaster recovery (DR) plan for the application The solutions architect has created a pilot light application deployment in a new Region, which is referred to as the DR Region The DR environment has an Auto Scaling group with a single EC2 instance and a read replica of the RDS DB instance The solutions architect must automate a failover from the primary application environment to the pilot light environment in the DR Region Which solution meets these requirements with the MOST operational efficiency''

• A. Publish an application availability metric to Amazon CloudWatch in the DR Region from the application environment in the pnmary Region Create a CloudWatch alarm in the DR Region that is invoked when the application availability metric stops being delivered Configure the CloudWatch alarm to send a notification to an Amazon Simple Notification Service (Amazon SNS> topic in the DR Region Add an email subscription to the SNS topic that sends messages to the application owner upon notification, instruct a systems operator to sign in to the AWS Management Console and initiate failover operations for the application
• B. Create a cron task that runs every 5 minutes by using one of the application's EC2 instances in the primary Region Configure the cron task to check whether the application is available Upon failure, the cron task notifies a systems operator and attempts to restart the application services
• C. Create a cron task that runs every 5 minutes by using one of the application's EC2 instances in the primary Region Configure the cron task to check whether the application is available Upon failure, the cron task modifies the DR environment by promoting the read replica and by adding EC2 instances to the Auto Scaling group
• D. Publish an application availability metric to Amazon CloudWatch in the DR Region from the application environment in the primary Region Create a CloudWatch alarm in the DR Region that is invoked when the application availability metric stops being delivered Configure the CloudWatch alarm to send a notification to an Amazon Simple Notification Service (Amazon SNS) topic in the DR Region Use an AWS Lambda function that is invoked by Amazon SNS in the DR Region to promote the read replica and to add EC2 instances to the Auto Scaling group

Answer: D

NEW QUESTION # 44
Cognito Sync is an AWS service that you can use to synchronize user profile data across mobile devices without requiring your own backend. When the device is online, you can synchronize data.
If you also set up push sync, what does it allow you to do?

• A. Notify other devices immediately that an update is available
• B. Synchronize online data faster
• C. Synchronize user profile data with less latency
• D. Notify other devices that a user profile is available across multiple devices

Answer: A

Explanation:
Explanation
Cognito Sync is an AWS service that you can use to synchronize user profile data across mobile devices without requiring your own backend. When the device is online, you can synchronize data, and if you have also set up push sync, notify other devices immediately that an update is available.
http://docs.aws.amazon.com/cognito/devguide/sync/

NEW QUESTION # 45
A company runs a processing engine in the AWS Cloud The engine processes environmental data from logistics centers to calculate a sustainability index The company has millions of devices in logistics centers that are spread across Europe The devices send information to the processing engine through a RESTful API The API experiences unpredictable bursts of traffic The company must implement a solution to process all data that the devices send to the processing engine Data loss is unacceptable Which solution will meet these requirements?

• A. Create an Amazon CloudFront distribution for the RESTful API Create a data stream in Amazon Kinesis Data Streams Set the data stream as the origin for the distribution Create an AWS Lambda function to consume and process data in the data stream
• B. Create an Application Load Balancer (ALB) for the RESTful API Create an Amazon Simple Queue Service (Amazon SQS) queue Create a listener and a target group for the ALB Add the SQS queue as the target Use a container that runs in Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type to process messages in the queue
• C. Create an Amazon API Gateway REST API that implements the RESTful API Create a fleet of Amazon EC2 instances in an Auto Scaling group Create an API Gateway Auto Scaling group proxy integration Use the EC2 instances to process incoming data
• D. Create an Amazon API Gateway HTTP API that implements the RESTful API Create an Amazon Simple Queue Service (Amazon SQS) queue Create an API Gateway service integration with the SQS queue Create an AWS Lambda function to process messages in the SQS queue

Answer: B

Explanation:
Explanation
it will use the ALB to handle the unpredictable bursts of traffic and route it to the SQS queue. The SQS queue will act as a buffer to store incoming data temporarily and the container running in Amazon ECS with the Fargate launch type will process messages in the queue. This approach will ensure that all data is processed and prevent data loss.

NEW QUESTION # 46
True or False: The Amazon ElastiCache clusters are not available for use in VPC at this time.

• A. True, but they are available only on request.
• B. TRUE
• C. FALSE
• D. True, but they are available only in the GovCloud.

Answer: C

Explanation:
Amazon Elasticache clusters can be run in an Amazon VPC. With Amazon VPC, you can define a virtual
network topology and customize the network configuration to closely resemble a traditional network that
you might operate in your own datacenter. You can now take advantage of the manageability, availability
and scalability benefits of Amazon ElastiCache Clusters in your own isolated network. The same
functionality of Amazon ElastiCache, including automatic failure detection, recovery, scaling, auto
discovery, Amazon CloudWatch metrics, and software patching, are now available in Amazon VPC.
Reference:
http://aws.amazon.com/about-aws/whats-new/2012/12/20/amazon-elasticache-announces-support-for-a
mazon-vpc/

NEW QUESTION # 47
......

AWS-Solutions-Architect-Professional Dumps PDF and Test Engine Exam Questions: https://examtests.passcollection.com/AWS-Solutions-Architect-Professional-valid-vce-dumps.html