Proper study guides for AWS-Certified-Solutions-Architect-Professional AWS-Certified-Solutions-Architect-Professional certified begins with aws certified solutions architect professional dumps preparation products which designed to deliver the aws certified solutions architect professional salary by making you pass the AWS-Certified-Solutions-Architect-Professional test at your first time. Try the free aws certified solutions architect professional salary right now.

Free demo questions for Amazon AWS-Certified-Solutions-Architect-Professional Exam Dumps Below:

NEW QUESTION 1
An organization is hosting a scalable web application using AWS. The organization has configured internet facing ELB and Auto Scaling to make the application scalable. Which of the below mentioned
statements is required to be followed when the application is planning to host a web application on VPC?

  • A. The ELB can be in a public or a private subnet but should have the ENI which is attached to an elastic IP.
  • B. The ELB must not be in any subnet; instead it should face the internet directly.
  • C. The ELB must be in a public subnet of the VPC to face the internet traffic.
  • D. The ELB can be in a public or a private subnet but must have routing tables attached to divert the internet traffic to it.

Answer: C

Explanation: The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances. There are two ELBs available with VPC: internet facing and internal (private) ELB. For internet facing ELB it is required that ELB should be in a public subnet.
After the user creates the public subnet, he should ensure to associate the route table of the public subnet with the internet gateway to enable the load balancer in the subnet to connect with the internet. Reference: http://docs.aws.amazon.com/EIasticLoadBalancing/latest/DeveIoperGuide/CreateVPCForELB.htmI

NEW QUESTION 2
You are designing Internet connectMty for your VPC. The Web sewers must be available on the Internet. The application must have a highly available architecture.
Which alternatives should you consider? (Choose 2 answers)

  • A. Configure a NAT instance in your VPC Create a default route via the NAT instance and associate itwith all subnets Configure a DNS A record that points to the NAT instance public IP address.
  • B. Configure a C|oudFront distribution and configure the origin to point to the private IP addresses of your Web sewers Configure a Route53 CNAME record to your CIoudFront distribution.
  • C. Place all your web servers behind ELB Configure a Route53 CNMIE to point to the ELB DNS name.
  • D. Assign EIPs to all web sewer
  • E. Configure a Route53 record set with all E|Ps, with health checks and DNS failover.
  • F. Configure ELB with an EIP Place all your Web servers behind ELB Configure a Route53 A record that points to the EIP.

Answer: CD

NEW QUESTION 3
ExamKiIIer has three separate departments and each department has their own AWS accounts. The HR department has created a file sharing site where all the on roll empIoyees’ data is uploaded. The Admin department uploads data about the employee presence in the office to their DB hosted in the VPC. The Finance department needs to access data from the HR department to know the on roll employees to calculate the salary based on the number of days that an employee is present in the office.
How can ExamKiI|er setup this scenario?

  • A. It is not possible to configure VPC peering since each department has a separate AWS account.
  • B. Setup VPC peering for the VPCs of Admin and Finance.
  • C. Setup VPC peering for the VPCs of Finance and HR as well as between the VPCs of Finance and Admin.
  • D. Setup VPC peering for the VPCs of Admin and HR

Answer: C

Explanation: A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. A VPC peering connection allows the user to route traffic between the peer VPCs using private IP addresses as if they are a part of the same network. This is helpful when one VPC from the same or different AWS account wants to connect with resources of the other VPC.
Reference:
http://docs.aws.amazon.com/AmazonVPC/Iatest/PeeringGuide/peering-configurations-full-access.htmI#t hree-vpcs-full-access

NEW QUESTION 4
An organization has developed an application which provides a smarter shopping experience. They need to show a demonstration to various stakeholders who may not be able to access the in premise
application so they decide to host a demo version of the application on AWS. Consequently they will need a fixed elastic IP attached automatically to the instance when it is launched.
In this scenario which of the below mentioned options will not help assign the elastic IP automatically?

  • A. Write a script which will fetch the instance metadata on system boot and assign the public IP using that metadata.
  • B. Provide an elastic IP in the user data and setup a bootstrapping script which will fetch that elastic IP and assign it to the instance.
  • C. Create a controlling application which launches the instance and assigns the elastic IP based on the parameter provided when that instance is booted.
  • D. Launch instance with VPC and assign an elastic IP to the primary network interfac

Answer: A

Explanation: EC2 allows the user to launch On-Demand instances. If the organization is using an application temporarily only for demo purposes the best way to assign an elastic IP would be:
Launch an instance with a VPC and assign an EIP to the primary network interface. This way on every instance start it will have the same IP Create a bootstrapping script and provide it some metadata, such as user data which can be used to assign an EIP Create a controller instance which can schedule the start and stop of the instance and provide an EIP as a parameter so that the controller instance can check the instance boot and assign an EIP
The instance metadata gives the current instance data, such as the public/private IP. It can be of no use for assigning an EIP.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html

NEW QUESTION 5
Attempts, one of the three types of items associated with the schedule pipeline in the AWS Data Pipeline, provides robust data management.
Which of the following statements is NOT true about Attempts?

  • A. Attempts provide robust data management.
  • B. AWS Data Pipeline retries a failed operation until the count of retries reaches the maximum number of allowed retry attempts.
  • C. An AWS Data Pipeline Attempt object compiles the pipeline components to create a set of actionable instances.
  • D. AWS Data Pipeline Attempt objects track the various attempts, results, and failure reasons if applicable.

Answer: C

Explanation: Attempts, one of the three types of items associated with a schedule pipeline in AWS Data Pipeline, provides robust data management. AWS Data Pipeline retries a failed operation. It continues to do so until the task reaches the maximum number of allowed retry attempts. Attempt objects track the various attempts, results, and failure reasons if applicable. Essentially, it is the instance with a counter. AWS Data Pipeline performs retries using the same resources from the previous attempts, such as Amazon EMR clusters and EC2 instances.
Reference:
http://docs.aws.amazon.com/datapipeline/latest/DeveIoperGuide/dp-how-tasks-scheduled.htmI

NEW QUESTION 6
You have deployed a three-tier web application in a VPC with a CIDR block of 10.0.0.0/28 You initially deploy two web servers, two application sewers, two database sewers and one NAT instance tor a total of seven EC2 instances The web. Application and database sewers are deployed across two availability zones (AZs). You also deploy an ELB in front of the two web servers, and use Route53 for DNS Web (raffile gradually increases in the first few days following the deployment, so you attempt to double the number of instances in each tier of the application to handle the new load unfortunately some of these new instances fail to launch.
Which of the following could be the root caused? (Choose 2 answers)

  • A. AWS reserves the first and the last private IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances
  • B. The Internet Gateway (IGW) of your VPC has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches
  • C. The ELB has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches
  • D. AWS reserves one IP address in each subnet's CIDR block for Route53 so you do not have enough addresses left to launch all of the new EC2 instances
  • E. AWS reserves the first four and the last IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances

Answer: CE

NEW QUESTION 7
The CFO of a company wants to allow one of his employees to view only the AWS usage report page. Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?

  • A. "Effect": "AIIow", "Action": ["Describe"], "Resource": "BiIIing"
  • B. "Effect": "AIIow", "Action": ["aws-portal: ViewBi||ing"], "Resource": "*"
  • C. "Effect": "AIIow", "Action": ["aws-portaI:ViewUsage"], "Resource": "*"
  • D. "Effect": "AIIow", "Action": ["AccountUsage], "Resource": "*"

Answer: C

Explanation: AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the CFO wants to allow only AWS usage report page access, the policy for that IAM user will be as given below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "A||ow", "Action": [
"aws-portaI:ViewUsage"
]!
"Resource": "*"
} I
}
Reference: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html

NEW QUESTION 8
While implementing the policy keys in AWS Direct Connect, if you use and the request comes from
an Amazon EC2 instance, the instance's public IP address is evaluated to determine if access is allowed.

  • A. aws:SecureTransport
  • B. aws:EpochIP
  • C. aws:SourceIp
  • D. aws:CurrentTime

Answer: C

Explanation: While implementing the policy keys in Amazon RDS, if you use aws:SourceIp and the request comes from an Amazon EC2 instance, the instance's public IP address is evaluated to determine if access is allowed. Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/using_iam.htmI

NEW QUESTION 9
The user has provisioned the PIOPS volume with an EBS optimized instance. Generally speaking, in which I/O chunk should the bandwidth experienced by the user be measured by AWS?

  • A. 128 KB
  • B. 256 KB
  • C. 64 KB
  • D. 32 KB

Answer: B

Explanation: IOPS are input/output operations per second. Amazon EBS measures each I/O operation per second (that is 256 KB or smaller) as one IOPS.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html

NEW QUESTION 10
An organization is planning to create a secure scalable application with AWS VPC and ELB. The organization has two instances already running and each instance has an ENI attached to it in addition to a primary network interface. The primary network interface and additional ENI both have an elastic IP attached to it.
If those instances are registered with ELB and the organization wants ELB to send data to a particular EIP of the instance, how can they achieve this?

  • A. The organization should ensure that the IP which is required to receive the ELB traffic is attached to a primary network interface.
  • B. It is not possible to attach an instance with two EN|s with ELB as it will give an IP conflict error.
  • C. The organization should ensure that the IP which is required to receive the ELB traffic is attached to an additional ENI.
  • D. It is not possible to send data to a particular IP as ELB will send to any one EI

Answer: A

Explanation: Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances. There are two ELBs available with VPC: internet facing and internal (private) ELB. For the internet facing ELB it is required that the ELB should be in a public subnet.
When the user registers a multi-homed instance (an instance that has an Elastic Network Interface (ENI) attached) with a load balancer, the load balancer will route the traffic to the IP address of the primary network interface (eth0).
Reference: http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/gs-ec2VPC.html

NEW QUESTION 11
A customer has established an AWS Direct Connect connection to AWS. The link is up and routes are being advertised from the customer's end, however the customer is unable to connect from EC2 instances inside its VPC to servers residing in its datacenter.
Which of the following options provide a viable solution to remedy this situation? (Choose 2 answers)

  • A. Add a route to the route table with an IPsec VPN connection as the target.
  • B. Enable route propagation to the virtual pinnate gateway (VGW).
  • C. Enable route propagation to the customer gateway (CGW).
  • D. Modify the route table of all Instances using the 'route' command.
  • E. Modify the Instances VPC subnet route table by adding a route back to the customer's on-premises environment.

Answer: AC

NEW QUESTION 12
An organization is creating a VPC for their application hosting. The organization has created two private subnets in the same AZ and created one subnet in a separate zone. The organization wants to make a
HA system with the internal ELB. Which of these statements is true with respect to an internal ELB in this scenario?

  • A. ELB can support only one subnet in each availability zone.
  • B. ELB does not allow subnet selection; instead it will automatically select all the available subnets of the VPC.
  • C. If the user is creating an internal ELB, he should use only private subnets.
  • D. ELB can support all the subnets irrespective of their zone

Answer: A

Explanation: The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances.
There are two ELBs available with VPC: internet facing and internal (private) ELB. For internal servers, such as App sewers the organization can create an internal load balancer in their VPC and then place back-end application instances behind the internal load balancer. The internal load balancer will route requests to the back-end application instances, which are also using private IP addresses and only accept requests from the internal load balancer.
The Internal ELB supports only one subnet in each AZ and asks the user to select a subnet while configuring internal ELB.
Reference: http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/USVPC_creating_basic_Ib.html

NEW QUESTION 13
An organization is planning to host an application on the AWS VPC. The organization wants dedicated instances. However, an AWS consultant advised the organization not to use dedicated instances with VPC as the design has a few limitations. Which of the below mentioned statements is not a limitation of dedicated instances with VPC?

  • A. All instances launched with this VPC will always be dedicated instances and the user cannot use a default tenancy model for them.
  • B. It does not support the AWS RDS with a dedicated tenancy VPC.
  • C. The user cannot use Reserved Instances with a dedicated tenancy model.
  • D. The EBS volume will not be on the same tenant hardware as the EC2 instance though the user has configured dedicated tenancy.

Answer: C

Explanation: The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Dedicated instances are Amazon EC2 instances that run in a Virtual Private Cloud (VPC) on hardware that is dedicated to a single customer. The cIient’s dedicated instances are physically isolated at the host hardware level from instances that are not dedicated instances as well as from instances that belong to other AWS accounts.
All instances launched with the dedicated tenancy model of VPC will always be dedicated instances. Dedicated tenancy has a limitation that it may not support a few services, such as RDS. Even the EBS will not be on dedicated hardware. However the user can save some cost as well as reserve some capacity
by using a Reserved Instance model with dedicated tenancy.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/dedicated-instance.html

NEW QUESTION 14
An organization has setup RDS with VPC. The organization wants RDS to be accessible from the internet. Which of the below mentioned configurations is not required in this scenario?

  • A. The organization must enable the parameter in the console which makes the RDS instance publicly accessible.
  • B. The organization must allow access from the internet in the RDS VPC security group,
  • C. The organization must setup RDS with the subnet group which has an external IP.
  • D. The organization must enable the VPC attributes DNS hostnames and DNS resolutio

Answer: C

Explanation: A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources, such as RDS into a virtual network that the user has defined. Subnets are segments of a VPC's IP address range that the user can designate to a group of VPC resources based on security and operational needs. A DB subnet group is a collection of subnets (generally private) that the user can create in a VPC and which the user assigns to the RDS DB instances. A DB subnet group allows the user to specify a particular VPC when creating DB instances. If the RDS instance is required to be accessible from the internet:
The organization must setup that the RDS instance is enabled with the VPC attributes, DNS hostnames and DNS resolution.
The organization must enable the parameter in the console which makes the RDS instance publicly accessible.
The organization must allow access from the internet in the RDS VPC security group. Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html

NEW QUESTION 15
A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials. Amazon Cognito has two different flows for authentication with public providers. Which of the following are the two flows?

  • A. Authenticated and non-authenticated
  • B. Public and private
  • C. Enhanced and basic
  • D. Single step and multistep

Answer: C

Explanation: A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials. Amazon Cognito has two different flows for authentication with public providers: enhanced and basic.
Reference: http://docs.aws.amazon.com/cognito/devguide/identity/concepts/authentication-f|ow/

NEW QUESTION 16
A user has created a NIySQL RDS instance with PIOPS. Which of the below mentioned statements will help user understand the advantage of PIOPS?

  • A. The user can achieve additional dedicated capacity for the EBS I/O with an enhanced RDS option
  • B. It uses a standard EBS volume with optimized configuration the stacks
  • C. It uses optimized EBS volumes and optimized configuration stacks
  • D. It provides a dedicated network bandwidth between EBS and RDS

Answer: C

Explanation: RDS DB instance storage comes in two types: standard and provisioned IOPS. Standard storage is allocated on the Amazon EBS volumes and connected to the user’s DB instance. Provisioned IOPS uses
optimized EBS volumes and an optimized configuration stack. It provides additional, dedicated capacity for the EBS I/O.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

NEW QUESTION 17
What is the role of the PoIIForTask action when it is called by a task runner in AWS Data Pipeline?

  • A. It is used to retrieve the pipeline definition.
  • B. It is used to report the progress of the task runner to AWS Data Pipeline.
  • C. It is used to receive a task to perform from AWS Data Pipeline.
  • D. It is used to inform AWS Data Pipeline of the outcome when the task runner completes a tas

Answer: C

Explanation: Task runners call Po||ForTask to receive a task to perform from AWS Data Pipeline. If tasks are ready in the work queue, PoIIForTask returns a response immediately. If no tasks are available in the queue, PoIIForTask uses long-polling and holds on to a poll connection for up to 90 seconds, during which time any newly scheduled tasks are handed to the task agent. Your remote worker should not call PoIIForTask again on the same worker group until it receives a response, and this may take up to 90 seconds. Reference: http://docs.aws.amazon.com/datapipeline/latest/APIReference/AP|_Po||ForTask.htmI

NEW QUESTION 18
An organization is setting up a multi-site solution where the application runs on premise as well as on AWS to achieve the minimum recovery time objective(RTO). Which of the below mentioned configurations will not meet the requirements of the multi-site solution scenario?

  • A. Configure data replication based on RTO.
  • B. Keep an application running on premise as well as in AWS with full capacity.
  • C. Setup a single DB instance which will be accessed by both sites.
  • D. Setup a weighted DNS service like Route 53 to route traffic across site

Answer: C

Explanation: AWS has many solutions for DR(Disaster recovery) and HA(High Availability). When the organization wants to have HA and DR with multi-site solution, it should setup two sites: one on premise and the other on AWS with full capacity. The organization should setup a weighted DNS service which can route traffic to both sites based on the weightage. When one of the sites fails it can route the entire load to another site. The organization would have minimal RTO in this scenario. If the organization setups a single DB instance, it will not work well in failover.
Instead they should have two separate DBs in each site and setup data replication based on RTO(recovery time objective )of the organization.
Reference: http://d36cz9buwru1tt.cIoudfront.net/AWS_Disaster_Recovery.pdf

Recommend!! Get the Full AWS-Certified-Solutions-Architect-Professional dumps in VCE and PDF From Surepassexam, Welcome to Download: https://www.surepassexam.com/AWS-Certified-Solutions-Architect-Professional-exam-dumps.html (New 272 Q&As Version)