AWS Solution Architect - Associate

Exit

Question 1 of 1

  Time Left


0 [{"id":612195,"quiz_id":"30072","answer_id":null,"answerType_id":"0","created_at":"2018-11-08 14:37:00","updated_at":"2018-11-08 14:37:00","questionName":"A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI. The security team has mandated a more secure solution.\r\nWhich solution will meet the security team\u2019s mandate?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"IAM roles for EC2 instances allow applications running on the instance to access AWS resources without having to create and store any access keys. Any solution involving the creation of an access key then introduces the complexity of managing that secret.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":612276,"quiz_id":"30072","answer_id":null,"answerType_id":"0","created_at":"2018-11-08 14:44:36","updated_at":"2018-11-08 14:44:36","questionName":"A web application allows customers to upload orders to an S3 bucket. The resulting Amazon S3 events trigger a Lambda function that inserts a message to an SQS queue. A single EC2 instance reads messages from the queue, processes them, and stores them in an DynamoDB table partitioned by unique order ID. Next month traffic is expected to increase by a factor of 10 and a Solutions Architect is reviewing the architecture for possible scaling problems.\r\nWhich component is MOST likely to need re-architecting to be able to scale to accommodate the new traffic?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"A single EC2 instance will not scale and is a single point of failure in the architecture. A much better solution would be to have EC2 instances in an Auto Scaling group across 2 availability zones read messages from the queue. The other responses are all managed services that can be configured to scale or will scale automatically.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":612274,"quiz_id":"30072","answer_id":null,"answerType_id":"0","created_at":"2018-11-08 14:43:08","updated_at":"2018-11-08 14:43:08","questionName":"An application requires a highly available relational database with an initial storage capacity of 8 TB. The database will grow by 8 GB every day. To support expected traffic, at least eight read replicas will be required to handle database reads.\r\nWhich option will meet these requirements?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"Amazon Aurora is a relational database that will automatically scale to accommodate data growth. Amazon Redshift does not support read replicas and will not automatically scale. DynamoDB is a NoSQL service, not a relational database. Amazon S3 is object storage, not a relational database.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":612275,"quiz_id":"30072","answer_id":null,"answerType_id":"0","created_at":"2018-11-08 14:43:55","updated_at":"2018-11-08 14:43:55","questionName":"A Solutions Architect is designing a critical business application with a relational database that runs on an EC2 instance. It requires a single EBS volume that can support up to 16,000 IOPS.\r\nWhich Amazon EBS volume type can meet the performance requirements of this application?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"EBS Provisioned IOPS SSD provides sustained performance for mission-critical low-latency workloads. EBS General Purpose SSD can provide bursts of performance up to 10,000 IOPS. The 2 HDD options are lower cost, high throughput volumes.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":612273,"quiz_id":"30072","answer_id":null,"answerType_id":"0","created_at":"2018-11-08 14:42:20","updated_at":"2018-11-08 14:42:20","questionName":"Company salespeople upload their sales figures daily. A Solutions Architect needs a durable storage solution for these documents that also protects against users accidentally deleting important documents.\r\nWhich action will protect against unintended user actions?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"If a versioned object is deleted, then it can still be recovered by retrieving the final version. Response A would lose any changes committed since the previous snapshot. Storing the data in 2 S3 buckets would provide slightly more protection, but a user could still delete the object from both buckets. EC2 instance storage is ephemeral and should never be used for data requiring durability.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":612279,"quiz_id":"30072","answer_id":null,"answerType_id":"0","created_at":"2018-11-08 14:47:00","updated_at":"2018-11-08 14:47:00","questionName":"An organization is building an Amazon Redshift cluster in their shared services VPC. The cluster will host sensitive data.\r\nHow can the organization control which networks can access the cluster?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"A security group can grant access to traffic from the allowed networks via the CIDR range for each network. VPC peering and VPN are connectivity services and cannot control traffic for security. Amazon Redshift user accounts address authentication and authorization at the user level and have no control over network traffic.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":612277,"quiz_id":"30072","answer_id":null,"answerType_id":"0","created_at":"2018-11-08 14:45:24","updated_at":"2018-11-08 14:45:24","questionName":"An application saves the logs to an S3 bucket. A user wants to keep the logs for one month for troubleshooting purposes, and then purge the logs.\r\nWhat feature will enable this?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"Lifecycle configuration allows lifecycle management of objects in a bucket. The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects. Bucket policies and IAM define access to objects in an S3 bucket. CORS enables clients in one domain to interact with resources in a different domain.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":612280,"quiz_id":"30072","answer_id":null,"answerType_id":"0","created_at":"2018-11-08 14:47:42","updated_at":"2018-11-08 14:47:42","questionName":"A Solutions Architect is designing an online shopping application running in a VPC on EC2 instances behind an ELB Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer managed database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"The online application must be in public subnets to allow access from clients' browsers. The database cluster must be in private subnets to meet the requirement that there be no access from the Internet. A NAT Gateway is required to give the database cluster the ability to download patches from the Internet. NAT Gateways must be deployed in public subnets.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":612196,"quiz_id":"30072","answer_id":null,"answerType_id":"0","created_at":"2018-11-08 14:40:58","updated_at":"2018-11-08 14:40:58","questionName":"A company is developing a highly available web application using stateless web servers. Which services are suitable for storing session state data? (Select TWO.)","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"Both DynamoDB and ElastiCache provide high performance storage of key-value pairs. CloudWatch and ELB are not storage services. Storage Gateway is a storage service, but it is a hybrid storage service that enables on-premises applications to use cloud storage.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":612278,"quiz_id":"30072","answer_id":null,"answerType_id":"0","created_at":"2018-11-08 14:46:10","updated_at":"2018-11-08 14:46:10","questionName":"An application running on EC2 instances processes sensitive information stored on Amazon S3. The information is accessed over the Internet. The security team is concerned that the Internet connectivity to Amazon S3 is a security risk.\r\nWhich solution will resolve the security concern?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"VPC endpoints for Amazon S3 provide secure connections to S3 buckets that do not require a gateway or NAT instances. NAT Gateways and Internet Gateways still route traffic over the Internet to the public endpoint for Amazon S3. There is no way to connect to Amazon S3 via VPN.","question_score_id":null,"lang":"","questionAudioPath":null}]
612195
0
120
block

A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI. The security team has mandated a more secure solution. Which solution will meet the security team’s mandate?

Select the Correct Answers  

(0/0)












612276
0
120
none
612274
0
120
none
612275
0
120
none
612273
0
120
none
612279
0
120
none
612277
0
120
none
612280
0
120
none
612196
0
120
none
612278
0
120
none