DumpsFree AWS-Solutions-Architect-Associate dumps & AWS Certified Solutions Architect Sure Practice with 501 Questions
New AWS-Solutions-Architect-Associate Exam Questions| Real AWS-Solutions-Architect-Associate Dumps
Difficulty in Writing AWS Solutions Associate
This examination can not be instantly finished because the AMAZON AWS SOLUTIONS ASSOCIATE exam dumps are needed to pass the examinations. These exam dumps require time and correct and up to date content to pass the exam with effectiveness. Several applicants are doubtful about the nature of questions posed in the exam and the complexity of exam questions and the time needed to finish the questions before writing a credential AWS Accredited Developer Professional certification. The most suitable way to pass the Professional Test is to question and prepare with AWS Solutions associate- Associate PROFESSIONAL exam dumps. AWS Accredited Developer Applicants are assessing their education and finding places for change in the real review style. The most solid way is to practice the Professional Credential Review with an AWS Certified Developer, as the examination is an important part of the AWS Certified Developer.
NEW QUESTION 249
What is the role of the PollForTask action when it is called by a task runner in AWS Data Pipeline?
- A. It is used to inform AWS Data Pipeline of the outcome when the task runner completes a task.
- B. It is used to report the progress of the task runner to AWS Data Pipeline.
- C. It is used to receive a task to perform from AWS Data Pipeline.
- D. It is used to retrieve the pipeline definition.
Answer: C
Explanation:
Task runners call PollForTask to receive a task to perform from AWS Data Pipeline. If tasks are ready in the work queue, PollForTask returns a response immediately. If no tasks are available in the queue, PollForTask uses long-polling and holds on to a poll connection for up to 90 seconds, during which time any newly scheduled tasks are handed to the task agent. Your remote worker should not call PollForTask again on the same worker group until it receives a response, and this may take up to 90 seconds.
http://docs.aws.amazon.com/datapipeline/latest/APIReference/API_PollForTask.html
NEW QUESTION 250
A company has instances in private subnets that require outbound access to the internet. This requires:
- A. Updating the security group associated with the subnet to allow ingress on 0.0.0.0/0
- B. Updating the route table associated with the subnet to point internet traffic through a NAT gateway
- C. Routing traffic from the instance through a VPC endpoint that has internet access
- D. Assigning a public IP address to the instance
Answer: B
NEW QUESTION 251
A company stores user data in AWS. The data is used continuously with peak usage during business hours.
Access patterns vary, with some data not being used for months at a time.
A solution architect must choose a cost that maintains the highest level ot durability while maintaining high availability.
Which storage solution meets these requirements?
- A. Amazon S3 Standard
- B. Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
- C. Amazon S3 Glacier Deep Archive
- D. Amazon S3 intelligent Tiering
Answer: D
NEW QUESTION 252
A web application stores all data in an Amazon RDS Aurora database instance. A Solutions Architect wants to provide access to the data for a detailed report for the Marketing team, but is concerned that the additional load on the database will affect the performance of the web application.
How can the report be created without affecting the performance of the application?
- A. Configure the database to be in multiple regions.
- B. Provision a new RDS instance as a secondary master.
- C. Create a read replica of the database.
- D. Increase the number of provisioned storage IOPS.
Answer: C
Explanation:
Explanation
https://aws.amazon.com/premiumsupport/knowledge-center/create-read-replica-rds/
NEW QUESTION 253
A customer's security team requires the logging of all network access attempts to Amazon EC2 instances in their production VPC on AWS.Which configuration will meet the security team's requirement?
- A. Enable both CloudTrail and VPC Flow Logs for the AWS account.
- B. Enable CloudTrail for the production VPC.
- C. Enable VPC Flow Logs for the production VPC.
- D. Enable both CloudTrail and VPC Flow Logs for the production VPC.
Answer: C
Explanation:
Explanation
Amazon VPC provides features that you can use to increase and monitor the security for your VPC:
* Security groups - Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
* Network access control lists (ACLs) - Act as a firewall for associated subnets, controlling both
* inbound and outbound traffic at the subnet level
* Flow logs - Capture information about the IP traffic going to and from network interfaces in your VPC When you launch an instance in a VPC, you can associate one or more security groups that you've created.
Each instance in your VPC could belong to a different set of security groups. If you don't specify a security group when you launch an instance, the instance automatically belongs to the default security group for the VPC. For more information about security groups, see Security Groups for Your VPC You can secure your VPC instances using only security groups; however, you can add network ACLs as a second layer of defense. For more information about network ACLs, see Network ACLs.
You can monitor the accepted and rejected IP traffic going to and from your instances by creating a flow log for a VPC, subnet, or individual network interface. Flow log data is published to CloudWatch Logs, and can help you diagnose overly restrictive or overly permissive security group and network ACL rules. For more information, see VPC Flow Logs.
You can use AWS Identity and Access Management to control who in your organization has permission to create and manage security groups, network ACLs and flow logs. For example, you can give only your network administrators that permission, but not personnel who only need to launch instances. For more information, see Controlling Access to Amazon VPC Resources.
Amazon security groups and network ACLs don't filter traffic to or from link-local addresses (169.254.0.0/16) or AWS-reserved IPv4 addresses-these are the first four IPv4 addresses of the subnet (including the Amazon DNS server address for the VPC). Similarly, flow logs do not capture IP traffic to or from these addresses.
These addresses support the services: Domain Name Services (DNS), Dynamic Host Configuration Protocol (DHCP), Amazon EC2 instance metadata, Key Management Server (KMS-license management for Windows instances), and routing in the subnet. You can implement additional firewall solutions in your instances to block network communication with link-local addresses.
NEW QUESTION 254
A client application requires operating system privileges on a relational database server.
What is an appropriate configuration for a highly available database architecture?
- A. A standalone Amazon EC2 instance
- B. Amazon EC2 instances in a replication configuration utilizing two different Availability Zones
- C. Amazon RDS in a Multi-AZ configuration
- D. Amazon EC2 instances in a replication configuration utilizing a single Availability Zone
Answer: B
Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability- zones.html
NEW QUESTION 255
A retail company is running an application that stores invoice files in an Amazon S3 bucket and metadata about the files in an Amazon DynamoDB table. The application software runs in both us-east-1 and eu- west-1. The S3 bucket and DynamoDB table are in us-east-1. The company wants to protect itself from data corruption and loss of connectivity to either Region.
Which option meets these requirements?
- A. Create an AWS Lambda function triggered by Amazon CloudWatch Events to make regular backups of the DynamoDB table. Set up S3 cross-region replication from us-east-1 to eu-west-1. Set up MFA delete on the S3 bucket in us-east-1.
- B. Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable continuous backup on the DynamoDB table in us-east-1. Enable versioning on the S3 bucket.
- C. Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable versioning on the S3 bucket. Implement strict ACLs on the S3 bucket.
- D. Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable continuous backup on the DynamoDB table in us-east-1. Set up S3 cross-region replication from us-east-1 to eu- west-1.
Answer: D
NEW QUESTION 256
An online gaming site asked you if you can deploy a database that is a fast, highly scalable NoSQL database service in AWS for a new site that he wants to build. Which database should you recommend?
- A. Amazon Redshift
- B. Amazon DynamoDB
- C. Amazon RDS
- D. Amazon SimpleDB
Answer: B
Explanation:
Amazon DynamoDB is ideal for database applications that require very low latency and predictable performance at any scale but don't need complex querying capabilities like joins or transactions. Amazon DynamoDB is a fully-managed NoSQL database service that offers high performance, predictable throughput and low cost. It is easy to set up, operate, and scale.
With Amazon DynamoDB, you can start small, specify the throughput and storage you need, and easily scale your capacity requirements on the fly. Amazon DynamoDB automatically partitions data over a number of servers to meet your request capacity. In addition, DynamoDB automatically replicates your data synchronously across multiple Availability Zones within an AWS Region to ensure high-availability and data durability.
Reference: https://aws.amazon.com/running_databases/#dynamodb_anchor
NEW QUESTION 257
You can seamlessly join an EC2 instance to your directory domain. What connectivity do you need to be able to connect remotely to this instance?
- A. You must have IP connectivity to the instance from the network you are connecting from.
- B. You must have enough bandwidth to connect to the instance.
- C. You must have the correct encryption keys to connect to the instance remotely.
- D. You must use MFA authentication to be able to connect to the instance remotely.
Answer: A
Explanation:
You can seamlessly join an EC2 instance to your directory domain when the instance is launched using the Amazon EC2 Simple Systems Manager. If you need to manually join an EC2 instance to your domain, you must launch the instance in the proper region and security group or subnet, then join the instance to the domain. To be able to connect remotely to these instances, you must have IP connectivity to the instances from the network you are connecting from. In most cases, this requires that an Internet gateway be attached to your VPC and that the instance has a public IP address.
Reference: http://docs.aws.amazon.com/directoryservice/latest/admin-guide/join_a_directory.html
NEW QUESTION 258
A Solutions Architect is working with a company that operates a standard three-tier web application in AWS. The web and application tiers run on Amazon EC2 and the database tier runs on Amazon RDS. The company is redesigning the web and application tiers to use Amazon API Gateway and AWS Lambda, and the company intends to deploy the new application within 6 months. The IT Manager has asked the Solutions Architect to reduce costs in the interim.
Which solution will be MOST cost effective while maintaining reliability?
- A. Use Reserved Instances for the web, application, and database tiers.
- B. Use On-Demand Instances for the web and application tiers, and Reserved Instances for the database tier.
- C. Use Spot Instances for the web tier, On-Demand Instances for the application tier, and Reserved Instances for the database tier.
- D. Use Spot Instances for the web and application tiers, and Reserved Instances for the database tier.
Answer: B
NEW QUESTION 259
A company stores use' data in AWS The data is used continuously with peak usage during business hours Access patterns vary with some data not being used for months at a time A solutions architect must choose a cost-effective solution that maintains the highest level of durability while maintaining high availability.
Which storage solution meets these requirements?
- A. Amazon S3 Intelligent-Tiering
- B. Amazon S3 Standard
- C. Amazon S3 Glacier Deep Archive
- D. Amazon S3 One Zone-infrequent Access (S3 One Zone-IA)
Answer: A
NEW QUESTION 260
A company runs a static website through its on-premises data center. The company has multiple servers that handle all of its traffic, but on busy days, services are interrupted and the website becomes unavailable. The company wants to expand its presence globally and plans to triple its website traffic.
What should a solutions architect recommend to meet these requirements?
- A. Migrate the website content to Amazon EC2 instances with public Elastic IP addresses in multiple AWS Regions.
- B. Migrate the website content to Amazon S3 and host the website on Amazon CloudFront.
- C. Migrate the website content to Amazon EC2 instances and vertically scale as the load increases.
- D. Use Amazon Route 53 to distribute the loads across multiple Amazon CloudFront distributions for each AWS Region that exists globally.
Answer: D
NEW QUESTION 261
A Solutions Architect is designing an application on AWS that will connect to the on-premise data center through a VPN connection. The solution must be able to log network traffic over the VPN. Which service logs this network traffic?
- A. logs Amazon VPC flow logs
- B. Amazon S3 bucket logs
- C. Amazon CloudWatch Logs
- D. AWS CloudTrail
Answer: A
Explanation:
Explanation
VPC Flow LogsIn order to provide better support for this important aspect of network monitoring, we are introducing Flow Logs for the Amazon Virtual Private Cloud. Once enabled for a particular VPC, VPC subnet, or Elastic Network Interface (ENI), relevant network traffic will be logged to CloudWatch Logs for storage and analysis by your own applications or third-party tools.
You can create alarms that will fire if certain types of traffic are detected; you can also create metrics to help you to identify trends and patterns.
The information captured includes information about allowed and denied traffic (based on security group and network ACL rules). It also includes source and destination IP addresses, ports, the IANA protocol number, packet and byte counts, a time interval during which the flow was observed, and an action (ACCEPT or REJECT).
NEW QUESTION 262
A company runs a public-facing application that uses a Java-based web service via a RESTful API. It is hosted on Apache Tomcat on a single server in a data center that runs consistently at 30% CPU utilization. Use of the API is expected to increase by 10 times with a new product launch. The business wants to migrate the application to AWS with no disruption, and needs it to scale to meet demand.
The company has already decided to use Amazon Route 53 and CNAME records to redirect traffic. How can these requirements be met with the LEAST amount of effort?
- A. Create a Docker image and migrate the image to Amazon ECS. Then change the application code to direct web service queries to the ECS container.
- B. Modify the application to call the web service via Amazon API Gateway. Then create a new AWS Lambda Java function to run the Java web service code. After testing, change API Gateway to use the Lambda function.
- C. Use AWS Elastic Beanstalk to deploy the Java web service and enable Auto Scaling. Then switch the application to use the new web service.
- D. Lift and shift the Apache server to the cloud using AWS SMS. Then switch the application to direct web service traffic to the new instance.
Answer: B
NEW QUESTION 263
What is Oracle SQL Developer?
- A. An AWS developer who is an expert in Amazon RDS using both the Oracle and SQL Server DB engines
- B. It is a variant of the SQL Server Management Studio designed by Microsoft to support Oracle DBMS functionalities
- C. A graphical Java tool distributed without cost by Oracle.
- D. A different DBMS released by Microsoft free of cost
Answer: C
NEW QUESTION 264
A Solutions Architect plans to migrate NAT instances to NAT gateway. The Architect has NAT instances with scripts to manage high availability.
What is the MOST efficient method to achieve similar high availability with NAT gateway?
- A. Add an ELB Application Load Balancer in front of NAT gateway
- B. Launch a NAT gateway in each Availability Zone.
- C. Use a mix of NAT instances and NAT gateway.
- D. Remove source/destination check on NAT instances.
Answer: B
Explanation:
Explanation
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html
NEW QUESTION 265
You want to define permissions for a role in an IAM policy. Which of the following configuration formats should you use?
- A. An XML document written in the IAM Policy Language
- B. A JSON document written in the IAM Policy Language
- C. JSON document written in a language of your choice
- D. An XML document written in a language of your choice
Answer: B
Explanation:
You define the permissions for a role in an IAM policy. An IAM policy is a JSON document written in the IAM Policy Language.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html
NEW QUESTION 266
......
AWS-Solutions-Architect-Associate Braindumps – AWS-Solutions-Architect-Associate Questions to Get Better Grades: https://prep4sure.dumpsfree.com/AWS-Solutions-Architect-Associate-valid-exam.html