AWS-Certified-Solutions-Architect-Professional Free Practice Test

- (Exam Topic 1)
A company runs a Java application that has complex dependencies on VMs that are in the company's data center. The application is stable. but the company wants to modernize the technology stack. The company wants to migrate the application to AWS and minimize the administrative overhead to maintain the servers.
Which solution will meet these requirements with the LEAST code changes?

1. A. Migrate the application to Amazon Elastic Container Service (Amazon ECS) on AWS Fargate by using AWS App2Containe
2. B. Store container images in Amazon Elastic Container Registry (Amazon ECR). Grant the ECS task execution role permission 10 access the ECR image repositor
3. C. Configure Amazon ECS to use an Application Load Balancer (ALB). Use the ALB to interact with the application.
4. D. Migrate the application code to a container that runs in AWS Lambd
5. E. Build an Amazon API Gateway REST API with Lambda integratio
6. F. Use API Gateway to interact with the application.
7. G. Migrate the application to Amazon Elastic Kubernetes Service (Amazon EKS) on EKS managed node groups by using AWS App2Containe
8. H. Store container images in Amazon Elastic Container Registry (Amazon ECR). Give the EKS nodes permission to access the ECR image repositor
9. I. Use Amazon API Gateway to interact with the application.
10. J. Migrate the application code to a container that runs in AWS Lambd
11. K. Configure Lambda to use an Application Load Balancer (ALB). Use the ALB to interact with the application.

Correct Answer: A
According to the AWS documentation1, AWS App2Container (A2C) is a command line tool for migrating and modernizing Java and .NET web applications into container format. AWS A2C analyzes and builds an inventory of applications running in bare metal, virtual machines, Amazon Elastic Compute Cloud (EC2) instances, or in the cloud. You can use AWS A2C to generate container images for your applications and deploy them on Amazon ECS or Amazon EKS.
Option A meets the requirements of the scenario because it allows you to migrate your existing Java application to AWS and minimize the administrative overhead to maintain the servers. You can use AWS A2C to analyze your application dependencies, extract application artifacts, and generate a Dockerfile. You can then store your container images in Amazon ECR, which is a fully managed container registry service. You can use AWS Fargate as the launch type for your Amazon ECS cluster, which is a serverless compute engine that eliminates the need to provision and manage servers for your containers. You can grant the ECS task execution role permission to access the ECR image repository, which allows your tasks to pull images from ECR. You can configure Amazon ECS to use an ALB, which is a load balancer that distributes traffic across multiple targets in multiple Availability Zones using HTTP or HTTPS protocols. You can use the ALB to interact with your application.

- (Exam Topic 1)
A company is running a traditional web application on Amazon EC2 instances. The company needs to refactor the application as microservices that run on containers. Separate versions of the application exist in two distinct environments: production and testing. Load for the application is variable, but the minimum load and the maximum load are known. A solutions architect needs to design the updated application with a serverless architecture that minimizes operational complexity.
Which solution will meet these requirements MOST cost-effectively?

1. A. Upload the container images to AWS Lambda as function
2. B. Configure a concurrency limit for the associated Lambda functions to handle the expected peak loa
3. C. Configure two separate Lambda integrations within Amazon API Gateway: one for production and one for testing.
4. D. Upload the container images to Amazon Elastic Container Registry (Amazon ECR). Configure two auto scaled Amazon Elastic Container Service (Amazon ECS) clusters with the Fargate launch type to handle the expected loa
5. E. Deploy tasks from the ECR image
6. F. Configure two separate Application Load Balancers to direct traffic to the ECS clusters.
7. G. Upload the container images to Amazon Elastic Container Registry (Amazon ECR). Configure two auto scaled Amazon Elastic Kubernetes Service (Amazon EKS) clusters with the Fargate launch type to handle the expected loa
8. H. Deploy tasks from the ECR image
9. I. Configure two separate Application Load Balancers to direct traffic to the EKS clusters.
10. J. Upload the container images to AWS Elastic Beanstal
11. K. In Elastic Beanstalk, create separate environments and deployments for production and testin
12. L. Configure two separate Application Load Balancers to direct traffic to the Elastic Beanstalk deployments.

Correct Answer: B
minimizes operational + microservices that run on containers = AWS Elastic Beanstalk

- (Exam Topic 3)
A company has multiple AWS accounts. The company recently had a security audit that revealed many unencrypted Amazon Elastic Block Store (Amazon EBS) volumes attached to Amazon EC2 instances.
A solutions architect must encrypt the unencrypted volumes and ensure that unencrypted volumes will be detected automatically in the future. Additionally, the company wants a solution that can centrally manage multiple AWS accounts with a focus on compliance and security.
Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

1. A. Create an organization in AWS Organization
2. B. Set up AWS Control Tower, and turn on the strongly recommended guardrail
3. C. Join all accounts to the organizatio
4. D. Categorize the AWS accounts into OUs.
5. E. Use the AWS CLI to list all the unencrypted volumes in all the AWS account
6. F. Run a script to encrypt all the unencrypted volumes in place.
7. G. Create a snapshot of each unencrypted volum
8. H. Create a new encrypted volume from the unencrypted snapsho
9. I. Detach the existing volume, and replace it with the encrypted volume.
10. J. Create an organization in AWS Organization
11. K. Set up AWS Control Tower, and turn on the mandatory guardrail
12. L. Join all accounts to the organizatio
13. M. Categorize the AWS accounts into OUs.
14. N. Turn on AWS CloudTrai
15. O. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to detect and automatically encrypt unencrypted volumes.

Correct Answer: AC
(https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-guardrails.html)

- (Exam Topic 2)
A company has built a high performance computing (HPC) cluster in AWS tor a tightly coupled workload that generates a large number of shared files stored in Amazon EFS. The cluster was performing well when the number of Amazon EC2 instances in the cluster was 100. However, when the company increased the cluster size to 1,000 EC2 instances, overall performance was well below expectations.
Which collection of design choices should a solutions architect make to achieve the maximum performance from the HPC cluster? (Select THREE.)

1. A. Ensure the HPC cluster Is launched within a single Availability Zone.
2. B. Launch the EC2 instances and attach elastic network interfaces in multiples of four.
3. C. Select EC2 Instance types with an Elastic Fabric Adapter (EFA) enabled.
4. D. Ensure the cluster Is launched across multiple Availability Zones.
5. E. Replace Amazon EFS with multiple Amazon EBS volumes in a RAID array.
6. F. Replace Amazon EFS with Amazon FSx for Lustre.

Correct Answer: ACF
* A. High performance computing (HPC) workload cluster should be in a single AZ.
* C. Elastic Fabric Adapter (EFA) is a network device that you can attach to your Amazon EC2 instances to accelerate High Performance Computing (HPC)
* F. Amazon FSx for Lustre - Use it for workloads where speed matters, such as machine learning, high performance computing (HPC), video processing, and financial modeling.
Cluster – packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

- (Exam Topic 1)
A company is running an application in the AWS Cloud. The company's security team must approve the creation of all new IAM users. When a new IAM user is created, all access for the user must be removed automatically. The security team must then receive a notification to approve the user. The company has a multi-Region AWS CloudTrail trail In the AWS account.
Which combination of steps will meet these requirements? (Select THREE.)

1. A. Create an Amazon EventBridge (Amazon CloudWatch Events) rul
2. B. Define a pattern with the detail-type value set to AWS API Call via CloudTrail and an eventName of CreateUser.
3. C. Configure CloudTrail to send a notification for the CreateUser event to an Amazon Simple Notification Service (Amazon SNS) topic.
4. D. Invoke a container that runs in Amazon Elastic Container Service (Amazon ECS) with AWS Fargate technology to remove access
5. E. Invoke an AWS Step Functions state machine to remove access.
6. F. Use Amazon Simple Notification Service (Amazon SNS) to notify the security team.
7. G. Use Amazon Pinpoint to notify the security team.

Correct Answer: ADE
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/send-a-notification-when-an-iam-user-is-crea