aws certified solutions architect professional dumps are updated and aws certified solutions architect professional dumps are verified by experts. Once you have completely prepared with our aws certified solutions architect professional salary you will be ready for the real AWS-Certified-Solutions-Architect-Professional exam without a problem. We have aws certified solutions architect professional exam dumps. PASSED aws certified solutions architect professional dumps First attempt! Here What I Did.

Free demo questions for Amazon AWS-Certified-Solutions-Architect-Professional Exam Dumps Below:

NEW QUESTION 1
Which is a valid Amazon Resource name (ARN) for IAM?

  • A. aws:iam::123456789012:instance-profile/\Nebserver
  • B. arn:aws:iam::123456789012:instance-profile/Webserver
  • C. 123456789012:aws:iam::instance-profi|e/\Nebserver
  • D. arn:aws:iam::123456789012::instance-profile/\Nebserver

Answer: B

NEW QUESTION 2
Once the user has set EIastiCache for an application and it is up and running, which services, does Amazon not provide for the user:

  • A. The ability for client programs to automatically identify all of the nodes in a cache cluster, and to initiate and maintain connections to all of these nodes
  • B. Automating common administrative tasks such as failure detection and recovery, and software patching
  • C. Providing default Time To Live (TTL) in the AWS Elasticache Redis Implementation for different type of data.
  • D. Providing detailed monitoring metrics associated with your Cache Nodes, enabling you to diagnose and react to issues very quickly

Answer: C

Explanation: Amazon provides failure detection and recovery, and software patching and monitoring tools which is called CIoudWatch. In addition it provides also Auto Discovery to automatically identify and initialize all nodes of cache cluster for Amazon EIastiCache.
Reference: http://docs.aws.amazon.com/AmazonEIastiCache/Iatest/UserGuide/Whatls.html

NEW QUESTION 3
When you put objects in Amazon S3, what is the indication that an object was successfully stored?

  • A. A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
  • B. Amazon S3 is engineered for 99.999999999% durabilit
  • C. Therefore there is no need to confirm that data was inserted.
  • D. A success code is inserted into the S3 object metadata.
  • E. Each S3 account has a special bucket named _s3_Iog
  • F. Success codes are written to this bucket witha timestamp and checksum.

Answer: A

NEW QUESTION 4
Your company currently has a 2-tier web application running in an on-premises data center. You have experienced several infrastructure failures in the past two months resulting in significant financial losses. Your CIO is strongly agreeing to move the application to AWS. While working on achieving buy-in from the other company executives, he asks you to develop a disaster recovery plan to help improve Business continuity in the short term. He specifies a target Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 1 hour or less. He also asks you to implement the solution within 2 weeks. Your database is 200GB in size and you have a 20Mbps Internet connection. How would you do this while minimizing costs?

  • A. Create an EBS backed private AMI which includes a fresh install of your applicatio
  • B. Develop a Cloud Formation template which includes your AMI and the required EC2, AutoScaIing, and ELB resources to support deploying the application across Multiple- Availability-Zone
  • C. Asynchronously replicate transactions from your on-premises database to a database instance in AWS across a secure VPN connection.
  • D. Deploy your application on EC2 instances within an Auto Scaling group across multiple availability zone
  • E. Asynchronously replicate transactions from your on-premises database to a database instance in AWS across a secure VPN connection.
  • F. Create an EBS backed private AMI which includes a fresh install of your applicatio
  • G. Setup a script in your data center to backup the local database every 1 hour and to encrypt and copy the resulting file to an S3 bucket using multi-part upload.
  • H. Install your application on a compute-optimized EC2 instance capable of supporting the appIication's average loa
  • I. Synchronously replicate transactions from your on-premises database to a database instance in AWS across a secure Direct Connect connection.

Answer: A

NEW QUESTION 5
Is there any way to own a direct connection to Amazon Web Services?

  • A. No, AWS only allows access from the public Internet.
  • B. No, you can create an encrypted tunnel to VPC, but you cannot own the connection.
  • C. Yes, you can via Amazon Dedicated Connection.
  • D. Yes, you can via AWS Direct Connec

Answer: D

Explanation: AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS Direct Connect router. With this connection in place, you can create virtual interfaces directly to the AWS cloud (for example, to Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3)) and to Amazon Virtual Private Cloud (Amazon VPC), bypassing Internet service providers in your network path.
Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

NEW QUESTION 6
How much memory does the cr1.8xIarge instance type provide?

  • A. 224 GB
  • B. 124 GB
  • C. 184 GB
  • D. 244 GB

Answer: D

Explanation: The CR1 instances are part of the memory optimized instances. They offer lowest cost per GB RAM among all the AWS instance families. CR1 instances are part of the new generation of memory optimized instances, which can offer up to 244 GB RAM and run on faster CPUs (Intel Xeon E5-2670 with NUMA support) in comparison to the NI2 instances of the same family. They support cluster networking for bandwidth intensive applications. cr1.8x|arge is one of the largest instance types of the CR1 family, which can offer 244 GB RAM.
Reference: http://aws.amazon.com/ec2/instance-types/

NEW QUESTION 7
A company is running a batch analysis every hour on their main transactional DB, running on an RDS MySQL instance, to populate their central Data Warehouse running on Redshift. During the execution of the batch, their transactional applications are very slow. When the batch completes they need to update the top management dashboard with the new data. The dashboard is produced by another system running on-premises that is currently started when a manually-sent email notifies that an update is required. The on-premises system cannot be modified because is managed by another team.
How would you optimize this scenario to solve performance issues and automate the process as much as possible?

  • A. Replace RDS with Redshift for the batch analysis and SNS to notify the on-premises system to update the dashboard
  • B. Replace RDS with Redshift for the oaten analysis and SQS to send a message to the on-premises system to update the dashboard
  • C. Create an RDS Read Replica for the batch analysis and SNS to notify me on-premises system to update the dashboard
  • D. Create an RDS Read Replica for the batch analysis and SQS to send a message to the on-premises system to update the dashboard.

Answer: A

NEW QUESTION 8
You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to access software depots and distributions on the Internet for product updates. The depots and distributions are accessible via third party CDNs by their URLs. You want to explicitly deny any other outbound connections from your VPC instances to hosts on the internet.
Which of the following options would you consider?

  • A. Configure a web proxy server in your VPC and enforce URL-based rules for outbound access Remove default routes.
  • B. Implement security groups and configure outbound rules to only permit traffic to software depots.
  • C. Move all your instances into private VPC subnets remove default routes from all routing tables and add specific routes to the software depots and distributions only.
  • D. Implement network access control lists to all specific destinations, with an Implicit deny as a rul

Answer: A

NEW QUESTION 9
You currently operate a web application In the AWS US-East region The application runs on an
auto-scaled layer of EC2 instances and an RDS Multi-AZ database Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2.IAM And RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of these solutions would you recommend?

  • A. Create a new C|oudTrai| trail with one new S3 bucket to store the logs and with the global services option selected Use IAM roles S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
  • B. Create a new CIoudTraiI with one new S3 bucket to store the logs Configure SNS to send log file delivery notifications to your management system Use IAM roles and S3 bucket policies on the S3 bucket mat stores your logs.
  • C. Create a new CIoudTraiI trail with an existing S3 bucket to store the logs and with the global services option selected Use S3 ACLs and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
  • D. Create three new CIoudTraiI trails with three new S3 buckets to store the logs one for the AWS Management console, one for AWS SDKs and one for command line tools Use IAM roles and S3 bucket policies on the S3 buckets that store your logs.

Answer: A

NEW QUESTION 10
Company B is launching a new game app for mobile devices. Users will log into the game using their existing social media account to streamline data capture. Company B would like to directly save player data and scoring information from the mobile app to a DynamoDS table named Score Data When a user saves their game the progress data will be stored to the Game state S3 bucket. What is the best approach for storing data to DynamoDB and S3?

  • A. Use an EC2 Instance that is launched with an EC2 role providing access to the Score Data DynamoDB table and the GameState S3 bucket that communicates with the mobile app via web services.
  • B. Use temporary security credentials that assume a role providing access to the Score Data DynamoDB table and the Game State S3 bucket using web identity federation.
  • C. Use Login with Amazon allowing users to sign in with an Amazon account providing the mobile app with access to the Score Data DynamoDB table and the Game State S3 bucket.
  • D. Use an IAM user with access credentials assigned a role providing access to the Score Data DynamoDB table and the Game State S3 bucket for distribution with the mobile app.

Answer: B

NEW QUESTION 11
An AWS customer runs a public blogging website. The site users upload two million blog entries a month. The average blog entry size is 200 KB. The access rate to blog entries drops to negligible 6 months after publication and users rarely access a blog entry 1 year after publication. Additionally, blog entries have a high update rate during the first 3 months following publication, this drops to no updates after 6 months. The customer wants to use CIoudFront to improve his user's load times. Which of the following recommendations would you make to the customer?

  • A. Duplicate entries into two different buckets and create two separate CIoudFront distributions where S3 access is restricted only to Cloud Front identity
  • B. Create a CIoudFront distribution with "US Europe" price class for US/Europe users and a different CIoudFront distribution with "AII Edge Locations" for the remaining users.
  • C. Create a CIoudFront distribution with S3 access restricted only to the CIoudFront identity and partition the blog entry's location in S3 according to the month it was uploaded to be used with CIoudFront behaviors.
  • D. Create a CIoudFront distribution with Restrict Viewer Access Forward Query string set to true and minimum TTL of 0.

Answer: C

NEW QUESTION 12
An organization is setting up an application on AWS to have both High Availabilty (HA) and Disaster Recovery (DR). The organization wants to have both Recovery point objective (RPO) and Recovery time objective (RTO) of 10 minutes. Which of the below mentioned service configurations does not help the organization achieve the said RPO and RTO?

  • A. Take a snapshot of the data every 10 minutes and copy it to the other region.
  • B. Use an elastic IP to assign to a running instance and use Route 53 to map the user’s domain with that IP.
  • C. Create ELB with multi- region routing to allow automated failover when required.
  • D. Use an AMI copy to keep the AMI available in other region

Answer: C

Explanation: AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On-Demand instances and the organization should create an AMI of the running instance. Copy the AMI to another region to enable Disaster Recovery (DR) in case of region failure. The organization should also use EBS for persistent storage and take a snapshot every 10 minutes to meet Recovery time objective (RTO). They should also setup an elastic IP and use it with Route 53 to route requests to the same IP.
When one of the instances fails the organization can launch new instances and assign the same EIP to a new instance to achieve High Availability (HA). The ELB works only for a particular region and does not route requests across regions.
Reference: http://d36cz9buwru1tt.c|oudfront.net/AWS_Disaster_Recovery.pdf

NEW QUESTION 13
In the context of AWS Cloud Hardware Security ModuIe(HSM), does your application need to reside in the same VPC as the CIoudHSM instance?

  • A. No, but the sewer or instance on which your application and the HSNI client is running must have network (IP) reachability to the HSNI.
  • B. Yes, always
  • C. No, but they must reside in the same Availability Zone.
  • D. No, but it should reside in same Availability Zone as the DB instanc

Answer: A

Explanation: Your application does not need to reside in the same VPC as the CIoudHSM instance.
However, the server or instance on which your application and the HSM client is running must have network (IP) reachability to the HSM. You can establish network connectMty in a variety of ways, including operating your application in the same VPC, with VPC peering, with a VPN connection, or with Direct Connect.
Reference: https://aws.amazon.com/cIoudhsm/faqs/

NEW QUESTION 14
IAM users do not have permission to create Temporary Security Credentials for federated users and roles by default. In contrast, IAM users can call without the need of any special permissions

  • A. GetSessionName
  • B. GetFederationToken
  • C. GetSessionToken
  • D. GetFederationName

Answer: C

Explanation: Currently the STS API command GetSessionToken is available to every IAM user in your account without previous permission. In contrast, the GetFederationToken command is restricted and explicit permissions need to be granted so a user can issue calls to this particular Action
Reference: http://docs.aws.amazon.com/STS/latest/UsingSTS/STSPermission.htmI

NEW QUESTION 15
In AWS IAM, which of the following predefined policy condition keys checks how long ago (in seconds) the MFA-validated security credentials making the request were issued using multi-factor authentication
(MFA)?

  • A. aws:MuItiFactorAuthAge
  • B. aws:Mu|tiFactorAuthLast
  • C. aws:MFAAge
  • D. aws:MuItiFactorAuthPrevious

Answer: A

Explanation: aws:MuItiFactorAuthAge is one of the predefined keys provided by AWS that can be included within a Condition element of an IAM policy. The key allows to check how long ago (in seconds) the
MFA-validated security credentials making the request were issued using Multi-Factor Authentication (MFA).
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPoIicyLanguage_EIementDescriptions.htmI

NEW QUESTION 16
An organization is planning to use NoSQL DB for its scalable data needs. The organization wants to host an application securely in AWS VPC. What action can be recommended to the organization?

  • A. The organization should setup their own NoSQL cluster on the AWS instance and configure route tables and subnets.
  • B. The organization should only use a DynamoDB because by default it is always a part of the default subnet provided by AWS.
  • C. The organization should use a DynamoDB while creating a table within the public subnet.
  • D. The organization should use a DynamoDB while creating a table within a private subne

Answer: A

Explanation: The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Currently VPC does not support DynamoDB. Thus, if the user wants to implement VPC, he has to setup his own NoSQL DB within the VPC. Reference: http://docs.aws.amazon.com/AmazonVPC/Iatest/UserGuide/VPC_Introduction.htm|

NEW QUESTION 17
You require the ability to analyze a large amount of data, which is stored on Amazon S3 using Amazon Elastic Map Reduce. You are using the cc2 8x large Instance type, whose CPUs are mostly idle during processing. Which of the below would be the most cost efficient way to reduce the runtime of the job?

  • A. Create more smaller flies on Amazon S3.
  • B. Add additional cc2 8x large instances by introducing a task group.
  • C. Use smaller instances that have higher aggregate I/O performance.
  • D. Create fewer, larger files on Amazon S3.

Answer: C

NEW QUESTION 18
An organization is setting a website on the AWS VPC. The organization has blocked a few IPs to avoid a D-DOS attack. How can the organization configure that a request from the above mentioned IPs does not access the application instances?

  • A. Create an IAM policy for VPC which has a condition to disallow traffic from that IP address.
  • B. Configure a security group at the subnet level which denies traffic from the selected IP.
  • C. Configure the security group with the EC2 instance which denies access from that IP address.
  • D. Configure an ACL at the subnet which denies the traffic from that IP addres

Answer: D

Explanation: A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. Security group works at the instance level while ACL works at the subnet level. ACL allows both allow and deny rules.
Thus, when the user wants to reject traffic from the selected IPs it is recommended to use ACL with subnets.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

P.S. Easily pass AWS-Certified-Solutions-Architect-Professional Exam with 272 Q&As Certleader Dumps & pdf Version, Welcome to Download the Newest Certleader AWS-Certified-Solutions-Architect-Professional Dumps: https://www.certleader.com/AWS-Certified-Solutions-Architect-Professional-dumps.html (272 New Questions)