• Home
  • Articles
  • Latest Jul-2023 Amazon AWS-Solutions-Architect-Professional Dumps Updated 221 Questions [Q60-Q77]

Latest Jul-2023 Amazon AWS-Solutions-Architect-Professional Dumps Updated 221 Questions [Q60-Q77]

Share

Latest Jul-2023 Amazon AWS-Solutions-Architect-Professional Dumps Updated 221 Questions

PDF Download Free of AWS-Solutions-Architect-Professional Valid Practice Test Questions


The AWS Certified Solutions Architect – Professional exam is an industry-leading certification that validates the skills and expertise of professionals in designing and deploying AWS solutions. AWS Certified Solutions Architect - Professional certification is highly valued by employers and can open up new career opportunities for professionals in the cloud computing industry. AWS Certified Solutions Architect - Professional certification also demonstrates a commitment to ongoing learning and development, which is essential in today's fast-paced technology landscape.


How to book the AWS Solutions Architect Professional Exam

To apply for the AWS Solutions Architect Professional Exam, You have to follow these steps:

  • Step 1: Go to the AWS-Solutions-Architect-Professional Official Site
  • Step 2: Read the instruction Carefully
  • Step 3: Follow the given steps
  • Step 4: Apply for the AWS-Solutions-Architect-Professional Exam

 

NEW QUESTION # 60
A company has data stored in an on-premises data center that is used by several on-premises applications.
The company wants to maintain its existing application environment and be able to use AWS services for data analytics and future visualizations.
Which storage service should a solutions architect recommend?

  • A. Amazon Elastic Block Store (Amazon EBS)
  • B. Amazon Redshift
  • C. AWS Storage Gateway for files
  • D. Amazon Elastic File System (Amazon EFS)

Answer: C


NEW QUESTION # 61
A company has developed a custom tool used in its workflow that runs within a Docker container The company must perform manual steps each time the container code is updated to make the container image available to new workflow executions The company wants to automate this process to eliminate manual effort and ensure a new container image is generated every time the tool code is updated Which combination of actions should a solutions architect take to meet these requirements? (Select THREE.)

  • A. Configure an AWS CodePipeline pipeline that sources the tool code from the AWS CodeCommit repository and initiates an AWS CodeDeptoy application update
  • B. Configure an Amazon EventBridge rule that triggers on commits to the AWS CodeCommrt repository for the tool Configure the event to trigger an update to the tool container image in Amazon ECR Push the updated container image to Amazon ECR
  • C. Configure an AWS CodeDeptoy application that triggers an application version update that pulls the latest tool container image from Amazon ECR, updates the container with code from the AWS CodeCommrt repository, and pushes the updated container image to Amazon ECR.
  • D. Configure an AWS CodePipeline pipeline that sources the tool code from the AWS CodeCommit repository and initiates an AWS CodeBuild build
  • E. Configure an Amazon ECR repository for the tool Configure an AWS CodeCommit repository containing code for the tool being deployed to the container image in Amazon ECR
  • F. Configure an AWS CodeBuild project that pulls the latest tool container image from Amazon ECR, updates the container with code from the source AWS CodeCommit repository, and pushes the updated container image to Amazon ECR

Answer: A,D,F


NEW QUESTION # 62
A company runs a popular public-facing ecommerce website. Its user base is growing quickly from a local market to a national market. The website is hosted in an on-premises data center with web servers and a MySQL database. The company wants to migrate its workload to AWS. A solutions architect needs to create a solution to:
* Improve security
* Improve reliability
* Improve availability
* Reduce latency
* Reduce maintenance
Which combination of steps should the solutions architect take to meet these requirements? (Select THREE.)

  • A. Migrate the database to a Multi-AZ Amazon Aurora MySQL DB cluster.
  • B. Use Amazon EC2 instances in two Availability Zones for the web servers in an Auto Scaling group behind an Application Load Balancer.
  • C. Use Amazon EC2 instances in two Availability Zones to host a highly available MySQL database cluster.
  • D. Host static website content in Amazon S3. Use Amazon CloudFront to reduce latency while serving webpages. Use AWS WAF to improve website security.
  • E. Migrate the database to a single-AZ Amazon RDS for MySQL DB instance
  • F. Host static website content in Amazon S3. Use S3 Transfer Acceleration to reduce latency while serving webpages. Use AWS WAF to improve website security.

Answer: A,B,D


NEW QUESTION # 63
A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the subnet.
Which of the below mentioned statements is true with respect to this scenario?

  • A. The user cannot delete the VPC since the subnet is not deleted
  • B. Secondary network interfaces attached to the terminated instances may persist.
  • C. When the user launches a new instance it cannot use the same subnet
  • D. The subnet to which the instances were launched with will be deleted

Answer: B

Explanation:
Explanation
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he terminates the instance and deletes the network interface. By default, network interfaces that are automatically created and attached to instances using the console are set to terminate when the instance terminates. However, network interfaces created using the command line interface aren't set to terminate when the instance terminates.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html


NEW QUESTION # 64
A company that recently started using AWS establishes a Site-to-Site VPN between its on-premises datacenter and AWS. The company's security mandate states that traffic originating from on premises should stay within the company's private IP space when communicating with an Amazon Elastic Container Service (Amazon ECS) cluster that is hosting a sample web application.
Which solution meets this requirement?

  • A. Create a Network Load Balancer and AWS PrivateLink endpoint for Amazon ECS in the same VPC that is hosting the ECS cluster.
  • B. Configure an Amazon Route 53 record with Amazon ECS as the target. Apply a server certificate to Route 53 from AWS Certificate Manager (ACM) for SSL offloading.
  • C. Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VPC. Connect the two VPCs by using VPC peering.
  • D. Configure a gateway endpoint for Amazon ECS. Modify the route table to include an entry pointing to the ECS cluster.

Answer: C


NEW QUESTION # 65
A company plans to use AWS for all new batch processing workloads. The company's developers use
Docker containers for the new batch processing. The system design must accommodate critical and non-
critical batch processing workloads 24/7.
How should a Solutions Architect design this architecture in a cost-efficient manner?

  • A. Use Amazon ECS orchestration and Auto Scaling groups: one with Reserve Instances, one with Spot
    Instances.
  • B. Purchase Reserved Instances to run all containers. Use Auto Scaling groups to schedule jobs.
  • C. Host a container management service on Spot Instances. Use Reserved Instances to run Docker
    containers.
  • D. Use Amazon ECS to manage container orchestration. Purchase Reserved Instances to run all batch
    workloads at the same time.

Answer: A


NEW QUESTION # 66
A company runs an loT application in the AWS Cloud. The company has millions of sensors that collect data from houses in the United States. The sensors use the MOTT protocol to connect and send data to a custom MQTT broker. The MQTT broker stores the data on a single Amazon EC2 instance. The sensors connect to the broker through the domain named iot.example.com. The company uses Amazon Route 53 as its DNS service. The company stores the data in Amazon DynamoDB.
On several occasions, the amount of data has overloaded the MOTT broker and has resulted in lost sensor data. The company must improve the reliability of the solution.
Which solution will meet these requirements?

  • A. Set up AWS loT Core to receive the sensor data. Create and configure a custom domain to connect to AWS loT Core. Update the DNS record in Route 53 to point to the AWS loT Core Data-ATS endpoint.
    Configure an AWS loT rule to store the data.
  • B. Create an Application Load Balancer (ALB) and an Auto Scaling group for the MOTT broker. Use the Auto Scaling group as the target for the ALB. Update the DNS record in Route 53 to an alias record.
    Point the alias record to the ALB. Use the MQTT broker to store the data.
  • C. Set up AWS loT Greengrass to receive the sensor data. Update the DNS record in Route 53 to point to the AWS loT Greengrass endpoint. Configure an AWS loT rule to invoke an AWS Lambda function to store the data.
  • D. Create a Network Load Balancer (NLB). Set the MQTT broker as the target. Create an AWS Global Accelerator accelerator. Set the NLB as the endpoint for the accelerator. Update the DNS record in Route 53 to a multivalue answer record. Set the Global Accelerator IP addresses as values. Use the MQTT broker to store the data.

Answer: B

Explanation:
Explanation
it describes a solution that uses an Application Load Balancer (ALB) and an Auto Scaling group for the MQTT broker. The ALB distributes incoming traffic across the instances in the Auto Scaling group and allows for automatic scaling based on incoming traffic. The use of an alias record in Route 53 allows for easy updates to the DNS record without changing the IP address. This solution improves the reliability of the MQTT broker by allowing it to automatically scale based on incoming traffic, reducing the likelihood of lost data due to broker overload.
Reference:
https://aws.amazon.com/elasticloadbalancing/applicationloadbalancer/
https://aws.amazon.com/autoscaling/
https://aws.amazon.com/route53/


NEW QUESTION # 67
A Solutions Architect is working with a company that operates a standard three-tier web application in AWS. The web and application tiers run on Amazon EC2 and the database tier runs on Amazon RDS. The company is redesigning the web and application tiers to use Amazon API Gateway and AWS Lambda, and the company intends to deploy the new application within 6 months. The IT Manager has asked the Solutions Architect to reduce costs in the interim.
Which solution will be MOST cost effective while maintaining reliability?

  • A. Use Spot Instances for the web and application tiers, and Reserved Instances for the database tier.
  • B. Use On-Demand Instances for the web and application tiers, and Reserved Instances for the database tier.
  • C. Use Spot Instances for the web tier, On-Demand Instances for the application tier, and Reserved Instances for the database tier.
  • D. Use Reserved Instances for the web, application, and database tiers.

Answer: B

Explanation:
A\C: You cannot use spot instances if not the application will go down.
D: You should not use reserved instances as you are going to shutdown the instance after 6 months.


NEW QUESTION # 68
A company hosts an application on Amazon EC2 instances and needs to store files in Amazon S3. The files should never traverse the public internet and only the application EC2 instances are granted access to a specific Amazon S3 bucket. A solutions architect has created a VPC endpoint for Amazon S3 and connected the endpoint to the application VPC.
Which additional steps should the solutions architect take to meet these requirements?

  • A. Assign an endpoint policy to the endpoint that restricts access to a specific S3 bucket. Attach a bucket policy to the S3 bucket that grants access to the VPC endpoint. Add the gateway prefix list to a NACL of the instances to limit access to the application EC2 instances only.
  • B. Assign an endpoint policy to the VPC endpoint that restricts access to S3 in the current Region. Attach a bucket policy to the S3 bucket that grants access to the VPC private subnets only. Add the gateway prefix list to a NACL to limit access to the application EC2 instances only.
  • C. Attach a bucket policy to the S3 bucket that grants access to application EC2 instances only using the aws:Sourcelp condition. Update the VPC route table so only the application EC2 instances can access the VPC endpoint.
  • D. Assign an endpoint policy to the VPC endpoint that restricts access to a specific S3 bucket Attach a bucket policy to the S3 bucket that grants access to the VPC endpoint Assign an I AM role to the application EC2 instances and only allow access to this role in the S3 bucket's policy

Answer: C


NEW QUESTION # 69
A company is currently using AWS CodeCommit for its source control and AWS CodePipeline for continuous integration. The pipeline has a build stage for building the artifacts which is then staged in an Amazon S3 bucket.
The company has identified various improvement opportunities in the existing process, and a Solutions Architect has been given the following requirement:
* Create a new pipeline to support feature development
* Support feature development without impacting production applications
* Incorporate continuous testing with unit tests
* Isolate development and production artifacts
* Support the capability to merge tested code into production code.
How should the Solutions Architect achieve these requirements?

  • A. Trigger a separate pipeline from CodeCommit tags Use Jenkins for running unit tests. Create a stage in the pipeline with S3 as the target for staging the artifacts with an S3 bucket in a separate testing account.
  • B. Create a separate CodeCommit repository for feature development and use it to trigger the pipeline. Use AWS Lambda for running unit tests. Use AWS CodeBuild to stage the artifacts within different S3 buckets in the same production account.
  • C. Trigger a separate pipeline from CodeCommit feature branches. Use AWS CodeBuild for running unit tests. Use CodeBuild to stage the artifacts within an S3 bucket in a separate testing account.
  • D. Trigger a separate pipeline from CodeCommit feature branches. Use AWS Lambda for running unit tests. Use AWS CodeDeploy to stage the artifacts within an S3 bucket in a separate testing account.

Answer: C


NEW QUESTION # 70
A company wants to improve cost awareness for its Amazon EMR platform. The company has allocated budgets for each team's Amazon EMR usage. When a budgetary threshold is reached, a notification should be sent by email to the budget office's distribution list. Teams should be able to view their EMR cluster expenses to date. A solutions architect needs to create a solution that ensures the policy is proactrvely and centrally enforced in a multi-account environment.
Which combination of steps should the solutions architect take to meet these requirements? (Select TWO )

  • A. Create an EMR bootstrap action that runs at startup that calls the Cost Explorer API to set the budget on the cluster with the GetCostForecast and NotificationsWithSubscribers actions.
  • B. Implement Amazon CloudWatch dashboards for Amazon EMR usage
  • C. Create an Amazon CloudWatch metric for billing. Create a custom alert when costs exceed the budgetary threshold.
  • D. Create an AWS Service Catalog portfolio tor each team. Add each team's Amazon EMR cluster as an AWS Cloud Formationtemplate to their Service Catalog portfolio as a Product.
  • E. Update the AWS ClouddFormation template to include the AWS::Budgets::Budget::resource with the NotificationsWithSubscribers property.

Answer: C,D


NEW QUESTION # 71
Is there any way to own a direct connection to Amazon Web Services?

  • A. No, AWS only allows access from the public Internet.
  • B. Yes, you can via Amazon Dedicated Connection.
  • C. Yes, you can via AWS Direct Connect.
  • D. No, you can create an encrypted tunnel to VPC, but you cannot own the connection.

Answer: C

Explanation:
AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS Direct Connect router. With this connection in place, you can create virtual interfaces directly to the AWS cloud (for example, to Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3)) and to Amazon Virtual Private Cloud (Amazon VPC), bypassing Internet service providers in your network path.
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html


NEW QUESTION # 72
A company with multiple accounts is currently using a configuration that does not meet the following security governance policies
* Prevent ingress from port 22 to any Amazon EC2 instance
* Require billing and application tags for resources
* Encrypt all Amazon EBS volumes
A Solutions Architect wants to provide preventive and detective controls including notifications about a specific resource, if there are policy deviations.
Which solution should the Solutions Architect implement?

  • A. Use AWS Service Catalog to build a portfolio with products that are in compliance with the governance policies in a central account Restrict users across all accounts lo AWS Service Catalog products Share a compliant portfolio to other accounts Use AWS Config managed rules to detect deviations from the policies Configure an Amazon CloudWatch Events rule to send a notification when a deviation occurs
  • B. Implement policy-compliant AWS Cloud Formation templates for each account and ensure that all provisioning is completed by Cloud Formation Configure Amazon Inspector to perform regular checks against resources Perform policy validation and write the assessment output to Amazon CloudWatch Logs. Create a CloudWatch Logs metric filter to increment a metric when a deviation occurs Configure a CloudWatch alarm to send notifications when the configured metric is greater than zero
  • C. Restrict users and enforce least privilege access using AWS I AM. Consolidate all AWS CloudTrail logs into a single account Send the CloudTrail logs to Amazon Elasticsearch Service (Amazon ES). Implement monitoring alerting, and reporting using the Kibana dashboard in Amazon ES and with Amazon SNS.
  • D. Create an AWS CodeCommit repository containing policy-compliant AWS Cloud Formation templates. Create an AWS Service Catalog portfolio Import the Cloud Formation templates by attaching the CodeCommit repository to the portfolio Restrict users across all accounts to items from the AWS Service Catalog portfolio Use AWS Config managed rules to detect deviations from the policies. Configure an Amazon CloudWatch Events rule for deviations, and associate a CloudWatch alarm to send notifications when the TriggeredRules metric is greater than zero.

Answer: B


NEW QUESTION # 73
A Company has a security event whereby an Amazon S3 bucket with sensitive information was made public.
Company policy is to never have public S3 objects, and the Compliance team must be informed immediately when any public objects are identified.
How can the presence of a public S3 object be detected, set to trigger alarm notifications, and automatically remediated in the future? (Choose two.)

  • A. Turn on object-level logging for Amazon S3. Configure a CloudWatch event to notify by using an SNS topic when a PutObject API call with public-read permission is detected in the AWS CloudTrail logs.
  • B. Use the S3 bucket permissions for AWS Trusted Advisor and configure a CloudWatch event to notify by using Amazon SNS.
  • C. Configure an Amazon CloudWatch Events rule that invokes an AWS Lambda function to secure the S3 bucket.
  • D. Turn on object-level logging for Amazon S3. Turn on Amazon S3 event notifications to notify by using an Amazon SNS topic when a PutObject API call is made with a public-read permission.
  • E. Schedule a recursive Lambda function to regularly change all object permissions inside the S3 bucket.

Answer: B,C


NEW QUESTION # 74
An organization, which has the AWS account ID as 999988887777, has created 50 IAM users. All the users are added to the same group Pass4test. If the organization has enabled that each IAM user can login with the AWS console, which AWS login URL will the IAM users use??

  • A. https://Pass4test.signin.aws.amazon.com/999988887777/console/
  • B. https://signin.aws.amazon.com/Pass4test/
  • C. https://999988887777.signin.aws.amazon.com/console/
  • D. https://999988887777.aws.amazon.com/Pass4test/

Answer: C

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Once the organization has created the IAM users, they will have a separate AWS console URL to login to the AWS console. The console login URL for the IAM user will be https:// AWS_Account_ID.signin.aws.amazon.com/console/. It uses only the AWS account ID and does not depend on the group or user ID.
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html


NEW QUESTION # 75
An enterprise company wants to allow its developers to purchase third-party software through AWS Marketplace. The company uses an AWS Organizations account structure with full features enabled, and has a shared services
46 account in each organizational unit (OU) that will be used by procurement managers. The procurement team's policy indicates that developers should be able to obtain third-party software from an approved list only and use Private Marketplace in AWS Marketplace to achieve this requirement. The procurement team wants administration of Private Market procurement managers. Other IAM users, groups, roles, and account administrators in the company should be denied Private Marketplace administrative access.
What is the MOST efficient way to design an architecture to meet these requirements?

  • A. Create an IAM role named procurement-manager-role in all AWS accounts in the organization. Add the AdministratorAccess managed policy to the role. Define a permissions boundary with the AWSPrivateMarketplaceAdminFullAccess managed policy and attach it to all the developer roles.
  • B. Create an IAM role named procurement-manager-role in all AWS accounts in the organization. Add the PowerUserAccess managed policy to the role. Apply an inline policy to all IAM users and roles in every AWS account to deny permissions on the AWSPrivateMarketplaceAdminFullAccess managed policy.
  • C. Create an IAM role named procurement-manager-role in the AWS accounts that will be used by developers. Add the AWSPrivateMarketplaceAdminFullAccess managed policy to the role. Create an SCP in Organizations to deny permissions to administer Private Marketplace to everyone except the role named procurement
  • D. Create an IAM role named procurement-manager-role in all the shared services accounts in the organization. Add the AWSPrivateMarketplaceAdminFullAccess managed policy to the role. Create an organization root- level SCP to deny permissions to administer Private Marketplace to everyone except the role named procurement-manage named procurement-manager-role to everyone in the organization.

Answer: D


NEW QUESTION # 76
How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability
Zone to another?

  • A. Detach the volume, then use the ec2-migrate-voiume command to move it to another AZ.
  • B. Detach the volume and attach it to another EC2 instance in the other AZ.
  • C. Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.
  • D. Simply create a new volume in the other AZ and specify the original volume as the source.

Answer: C


NEW QUESTION # 77
......

AWS-Solutions-Architect-Professional Test Engine files, AWS-Solutions-Architect-Professional Dumps PDF: https://www.exam4tests.com/AWS-Solutions-Architect-Professional-valid-braindumps.html

Latest Amazon AWS-Solutions-Architect-Professional PDF and Dumps (2023) Free Exam Questions Answers: https://drive.google.com/open?id=1jHFaAZD4a0QGD4-hnZM1_sxwGsxbCDhC

Related Articles

more
Amazon AWS-Solutions-Architect-Professional Certification Practice Exam

Copyright © 2026 Exam4Tests NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy