AWS-Solutions-Associate PDF Dumps Apr 15, 2024 Exam Questions – Valid AWS-Solutions-Associate Dumps [Q110-Q127]

AWS-Solutions-Associate PDF Dumps Apr 15, 2024 Exam Questions – Valid AWS-Solutions-Associate Dumps

Ultimate AWS-Solutions-Associate Guide to Prepare Free Latest Amazon Practice Tests Dumps

The AWS Certified Solutions Architect - Associate exam covers a wide range of topics, including AWS architecture, design principles, deployment, and management. Candidates are tested on their ability to design and deploy scalable, highly available, and fault-tolerant systems on AWS. They are also evaluated on their knowledge of AWS services, including EC2, S3, RDS, and Route 53, among others.

The Amazon AWS-Solutions-Associate exam is designed to validate candidates' ability to design and deploy scalable, cost-effective, and secure applications on AWS platform. It covers a wide range of topics, including AWS services and their usage, designing and deploying highly available and fault-tolerant systems, designing and deploying cost-effective solutions, security and compliance, and troubleshooting. Passing AWS-Solutions-Associate exam demonstrates that an individual has the necessary skills and knowledge to design and deploy scalable and reliable applications on AWS platform, making them a valuable asset to any organization that uses AWS.

 

NEW QUESTION # 110
A solutions architect is tasked with transferring 750 TB of data from a network-attached file system located at a branch office to Amazon S3 Glacier The solution must avoid saturating the branch office's tow-bandwidth internet connection What is the MOST cost-effective solution?

• A. Create a site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly. Create a bucket policy to enforce a VPC endpoint
• B. Mount the network-attached file system to Amazon S3 and copy the files directly. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier
• C. Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination. Create a bucket policy to enforce a VPC endpoint
• D. Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier

Answer: D

NEW QUESTION # 111
Your fortune 500 company has under taken a TCO analysis evaluating the use of Amazon S3 versus acquiring more hardware The outcome was that ail employees would be granted access to use Amazon S3 for storage of their personal documents.
Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket? (Choose 3 Answers)

• A. Setting up a matching IAM user for every user in your corporate directory that needs access to a folder in the bucket
• B. Using AWS Security Token Service to generate temporary tokens
• C. Configuring IAM role
• D. Tagging each folder in the bucket
• E. Setting up a federation proxy or identity provider

Answer: B,D,E

NEW QUESTION # 112
A Solutions Architect is designing a highly available web application on AWS. The data served on the website is dynamic and is pulled from Amazon DynamoDB. All users are geographically close to one another How can the Solutions Architect make the application highly available?

• A. Host the application on EC2 instances in a single Availability Zone. Replicate the EC2 instances to a separate region, and use an Application Load Balancer for high availability.
• B. Host the website data on Amazon S3 and set permissions to enable public read-only access for users.
• C. Host the web server data on Amazon CloudFront and update the objects in the CloudFront distribution when they change.
• D. Host the application on EC2 instances across multiple Availability Zones, Use an Auto Scaling group coupled with an Application Load Balancer.

Answer: C

NEW QUESTION # 113
What action is required to establish a VPC VPN connection between an on-premises data center and an Amazon VPC virtual private gateway?

• A. Establish a dedicated networking connection using AWS Direct Connect.
• B. Modify the main route table to allow traffic to a network address translation instance.
• C. Assign a static Internet-routable IP address to an Amazon VPC customer gateway.
• D. Use a dedicated network address translation instance in the public subnet.

Answer: A

NEW QUESTION # 114
A company has a three-tier environment on AWS that ingests sensor data from its users' devices. The traffic flows through a Network Load Balancer (NLB) then to Amazon EC2 instances for the web tier, and finally to EC2 instances for the application tier that makes database calls What should a solutions architect do to improve the security of data in transit to the web tier?

• A. Configure a TLS listener and add the server certificate on the NLB.
• B. Change the load balancer to an Application Load Balancer and attach AWS WAF to it.
• C. Configure AWS Shield Advanced and enable AWS WAF on the NLB
• D. Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances using AWS Key Management Service (AWS KMS)

Answer: B

NEW QUESTION # 115
When an EC2 instance that is backed by an 53-based AMI is terminated, what happens to the data on the root volume?

• A. Data is automatically saved as an EBS volume.
• B. Data is automatically deleted.
• C. Data is unavailable until the instance is restarted.
• D. Data is automatically saved as an EBS snapshot.

Answer: B

NEW QUESTION # 116
An application that is hosted on Amazon EC2 instances needs to access an Amazon S3 bucket Traffic must not traverse the internet How should a solutions architect configure access to meet these requirements?

• A. Set up a gateway VPC endpoint for Amazon S3 in the VPC
• B. Create a private hosted zone by using Amazon Route 53
• C. Establish an AWS Site-to-Site VPN connection between the VPC and the S3 bucket
• D. Configure the EC2 instances to use a NAT gateway to access the S3 bucket

Answer: A

Explanation:
This option is the most efficient because it uses a gateway VPC endpoint for Amazon S3, which provides reliable connectivity to Amazon S3 without requiring an internet gateway or a NAT device for the VPC1. A gateway VPC endpoint routes traffic from the VPC to Amazon S3 using a prefix list for the service and does not leave the AWS network2. This meets the requirement of not traversing the internet. Option A is less efficient because it uses a private hosted zone by using Amazon Route 53, which is a DNS service that allows you to create custom domain names for your resources within your VPC3. However, this does not provide connectivity to Amazon S3 without an internet gateway or a NAT device. Option C is less efficient because it uses a NAT gateway to access the S3 bucket, which is a highly available, managed Network Address Translation (NAT) service that enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances4. However, this does not meet the requirement of not traversing the internet. Option D is less efficient because it uses an AWS Site-to-Site VPN connection between the VPC and the S3 bucket, which is a secure and encrypted network connection between your on-premises network and your VPC. However, this does not meet the requirement of not traversing the internet.

NEW QUESTION # 117
You've been tasked with choosing a datastore to persist GPS coordinates for a new app.
The service needs consistent, single-digit-millisecond latency at any scale. Which AWS service meets your requirements?

• A. Amazon S3
• B. Amazon DynamoDB
• C. Amazon RDS
• D. Amazon Redshift

Answer: B

Explanation:
Explanation: Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. Its flexible data model, reliable performance, and automatic scaling of throughput capacity, makes it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications.
Start today by downloading the local version of DynamoDB, then read our Getting Started Guide.

NEW QUESTION # 118
A company's website is used to sell products to the public. The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). There is also an Amazon CloudFront distribution, and AWS WAF is being used to protect against SQL injection attacks. The ALB is the origin for the CloudFront distribution. A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website.
What should a solutions architect do to protect the application?

• A. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
• B. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address.
• C. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
• D. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address.

Answer: D

Explanation:
AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF allows users to create rules that block, allow, or count web requests based on customizable web security rules. One of the types of rules that can be created is an IP match rule, which allows users to specify a list of IP addresses or IP address ranges that they want to allow or block. By modifying the configuration of AWS WAF to add an IP match condition to block the malicious IP address, the solution architect can prevent the attacker from accessing the website through the CloudFront distribution and the ALB.
The other options are not correct because they do not effectively block the malicious IP address from accessing the website. Modifying the network ACL on the CloudFront distribution or the EC2 instances in the target groups behind the ALB will not work because network ACLs are stateless and do not evaluate traffic at the application layer. Modifying the security groups for the EC2 instances in the target groups behind the ALB will not work because security groups are stateful and only evaluate traffic at the instance level, not at the load balancer level.
References:
AWS WAF
How AWS WAF works
Working with IP match conditions

NEW QUESTION # 119
You are setting up some IAM user policies and have also become aware that some services support resource-based permissions, which let you attach policies to the service's resources instead of to IAM users or groups. Which of the below statements is true in regards to resource-level permissions?

• A. Some services support resource-level permissions only for some actions.
• B. All services support resource-level permissions for all actions.
• C. All services support resource-level permissions only for some actions.
• D. Resource-level permissions are supported by Amazon CloudFront

Answer: A

Explanation:
AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.
In addition to supporting IAM user policies, some services support resource-based permissions, which let you attach policies to the service's resources instead of to IAM users or groups. Resource-based permissions are supported by Amazon S3, Amazon SNS, and Amazon SQS.
The resource-level permissions service supports IAM policies in which you can specify individual resources using Amazon Resource Names (ARNs) in the policy's Resource element.
Some services support resource-level permissions only for some actions.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SpecificProducts.html

NEW QUESTION # 120
A company is launching a new slake website on Amazon S3 and Amazon CloudFront The company wants to ensure that all web requests go through only CloudFront How can a Solutions Architect meet this requirement?

• A. Convert the S3 bucket to an EC2 instance then give CloudFront access to the instance by using security groups
• B. Create a CloudFront origin access identity (OAI) then update the S3 bucket policy to allow the OAl read access
• C. Configure the S3 bucket policy to allow only CloudFront IP addresses to read objects.
• D. Create 1AM users in a group mat has read access to the S3 bucket Configuration CloudFront to pass credential to the S3 bucket

Answer: B

NEW QUESTION # 121
A company is using AWS Key Management Service (AWS KMS) to secure their Amazon RDS databases. An auditor has recommended that the company log all use of their AWS KMS keys.
What is the SIMPLEST solution?

• A. Poll AWS KMS periodically with a scheduled job.
• B. Associate AWS KMS metrics with Amazon CloudWatch.
• C. Use AWS CloudTrail to log AWS KMS key usage.
• D. Deploy a monitoring agent on the RDS instances.

Answer: C

Explanation:
https://aws.amazon.com/kms/

NEW QUESTION # 122
A company hosts a training site on a fleet of Amazon EC2 instances. The company anticipates that its new course, which consists of dozens of training videos on the site, will be extremely popular when it is released in
1 week.
What should a solutions architect do to minimize the anticipated server load?

• A. Store the videos in an Amazon S3 bucket. Create an AWS Storage Gateway file gateway to access the S3 bucket Create a user data script for the web servers to mount the file gateway
• B. Store the videos in an Amazon S3 bucket Create an Amazon CloudFlight distribution with an origin access identity (OAI) of that S3 bucket Restrict Amazon S3 access to the OAI.
• C. Store the videos in Amazon ElastiCache for Redis Update the web servers to serve the videos using the Elastic ache API
• D. Store the videos in Amazon Elastic File System (Amazon EFS) Create a user data script for the web servers to mount the EFS volume.

Answer: B

NEW QUESTION # 123
A web application runs on Amazon EC2 instances behind an Application Load Balancer. The application allows users to create custom reports of historical weather data. Generating a report can take up to 5 minutes. These long-running requests use many of the available incoming connections, making the system unresponsive to other users.
How can a solutions architect make the system more responsive?

• A. Update the client-side application code to increase its request timeout to 5 minutes.
• B. Use Amazon SQS with AWS Lambda to generate reports.
• C. Publish the reports to Amazon S3 and use Amazon CloudFront for downloading to the user.
• D. Increase the idle timeout on the Application Load Balancer to 5 minutes.

Answer: B

NEW QUESTION # 124
A company plans to deploy a new application in AWS that reads and writes information to a database. The company wants to deploy the application in two different AWS Regions in an active-active configuration. The databases need to replicate to keep information in sync.
What should be used to meet these requirements?

• A. Amazon RDS for PostgreSQL with a cross-region Read Replica
• B. AWS Database Migration Service with change data capture
• C. Amazon DynamoDB with global tables
• D. Amazon Athena with Amazon S3 cross-region replication

Answer: C

Explanation:
Explanation
https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-dynamodb-global-tables-regional-expansion/
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.CrossRegionRepl.html
https://aws.amazon.com/es/blogs/database/how-to-use-amazon-dynamodb-global-tables-to-power-multiregion-ar

NEW QUESTION # 125
A company is using Amazon S3 as its local repository for weekly analysis reports. One of the company-wide requirements is to secure data at rest using encryption. The company chose Amazon S3 server-wide encryption. The company wants to know how the object is decrypted when a GET request is issued.
Which of the following answers this question?

• A. Amazon S3 manages encryption and decryption automatically
• B. The user needs to decrypt the object using a private key
• C. The user needs to place a PUT request to decrypt the object
• D. Amazon S3 provides a server-side key for decrypting the object

Answer: A

NEW QUESTION # 126
What is an isolated database environment running in the cloud (Amazon RDS) called?

• A. DB Server
• B. DB Volume
• C. DB Instance
• D. DB Unit

Answer: C

NEW QUESTION # 127
......

The AWS-Solutions-Architect-Associate exam consists of multiple-choice and multiple-response questions and must be completed within 130 minutes. AWS-Solutions-Associate exam covers topics such as AWS core services, security, networking, storage, databases, and application development. To pass the exam, candidates must score 720 or higher out of a possible 1000 points. Achieving the AWS Certified Solutions Architect - Associate certification demonstrates the candidate's expertise in AWS technologies and validates their ability to design and deploy applications on the AWS platform.

 

Passing Key To Getting AWS-Solutions-Associate Certified Exam Engine PDF: https://examtests.passcollection.com/AWS-Solutions-Associate-valid-vce-dumps.html