AWS-Certified-Solutions-Architect-Professional Free Practice Test

- (Exam Topic 1)
A company uses an on-premises data analytics platform. The system is highly available in a fully redundant configuration across 12 servers in the company's data center.
The system runs scheduled jobs, both hourly and daily, in addition to one-time requests from users. Scheduled jobs can take between 20 minutes and 2 hours to finish running and have tight SLAs. The scheduled jobs account for 65% of the system usage. User jobs typically finish running in less than 5 minutes and have no SLA. The user jobs account for 35% of system usage. During system failures, scheduled jobs must continue to meet SLAs. However, user jobs can be delayed.
A solutions architect needs to move the system to Amazon EC2 instances and adopt a consumption-based model to reduce costs with no long-term commitments. The solution must maintain high availability and must not affect the SLAs.
Which solution will meet these requirements MOST cost-effectively?

1. A. Split the 12 instances across two Availability Zones in the chosen AWS Regio
2. B. Run two instances in each Availability Zone as On-Demand Instances with Capacity Reservation
3. C. Run four instances in each Availability Zone as Spot Instances.
4. D. Split the 12 instances across three Availability Zones in the chosen AWS Regio
5. E. In one of the Availability Zones, run all four instances as On-Demand Instances with Capacity Reservation
6. F. Run the remaining instances as Spot Instances.
7. G. Split the 12 instances across three Availability Zones in the chosen AWS Regio
8. H. Run two instances in each Availability Zone as On-Demand Instances with a Savings Pla
9. I. Run two instances in each Availability Zone as Spot Instances.
10. J. Split the 12 instances across three Availability Zones in the chosen AWS Regio
11. K. Run three instances in each Availability Zone as On-Demand Instances with Capacity Reservation
12. L. Run one instance in each Availability Zone as a Spot Instance.

Correct Answer: D

- (Exam Topic 2)
A company has deployed an application to multiple environments in AWS. including production and testing the company has separate accounts for production and testing, and users are allowed to create additional application users for team members or services. as needed. The security team has asked the operations team tor better isolation between production and testing with centralized controls on security credentials and improved management of permissions between environments
Which of the following options would MOST securely accomplish this goal?

1. A. Create a new AWS account to hold user and service accounts, such as an identity account Create users and groups m the identity accoun
2. B. Create roles with appropriate permissions in the production and testing accounts Add the identity account to the trust policies for the roles
3. C. Modify permissions in the production and testing accounts to limit creating new IAM users to members of the operations team Set a strong IAM password policy on each account Create new IAM users and groups in each account to Limit developer access to just the services required to complete their job function.
4. D. Create a script that runs on each account that checks user accounts For adherence to a security policy.Disable any user or service accounts that do not comply.
5. E. Create all user accounts in the production account Create roles for access in me production account and testing account
6. F. Grant cross-account access from the production account to the testing account

Correct Answer: A

- (Exam Topic 2)
A company wants to migrate its website from an on-premises data center onto AWS At the same time it wants to migrate the website to a containerized microservice-based architecture to improve the availability and cost efficiency The company's security policy states that privileges and network permissions must be configured according to best practice, using least privilege
A solutions architect must create a containerized architecture that meets the security requirements and has deployed the application to an Amazon ECS cluster
What steps are required after the deployment to meet the requirements'? (Select TWO.)

1. A. Create tasks using the bridge network mode
2. B. Create tasks using the awsvpc network mode
3. C. Apply security groups to Amazon EC2 instances and use IAM roles for EC2 instances to access other resources
4. D. Apply security groups to the tasks, and pass IAM credentials into the container at launch time to access other resources
5. E. Apply security groups to the tasks; and use IAM roles for tasks to access other resources

Correct Answer: BE

- (Exam Topic 2)
A company is running an application in the AWS Cloud. The application uses AWS Lambda functions and Amazon Elastic Container Service (Amazon ECS) containers that run with AWS Fargate technology as its primary compute. The load on the application is irregular. The application experiences long periods of no usage, followed by sudden and significant increases and decreases in traffic. The application is write-heavy and stores data in an Amazon Aurora MySQL database. The database runs on an Amazon RDS memory optimized D8 instance that is not able to handle the load.
What is the MOST cost-effective way for the company to handle the sudden and significant changes in traffic?

1. A. Add additional read replicas to the databas
2. B. Purchase Instance Savings Plans and RDS Reserved Instances.
3. C. Migrate the database to an Aurora multi-master DB cluste
4. D. Purchase Instance Savings Plans.
5. E. Migrate the database to an Aurora global database Purchase Compute Savings Plans and RDS Reserved Instances
6. F. Migrate the database to Aurora Serverless v1. Purchase Compute Savings Plans

Correct Answer: D

- (Exam Topic 1)
A developer reports receiving an Error 403: Access Denied message when they try to download an object from an Amazon S3 bucket. The S3 bucket is accessed using an S3 endpoint inside a VPC. and is encrypted with an AWS KMS key. A solutions architect has verified that (he developer is assuming the correct IAM role in the account that allows the object to be downloaded. The S3 bucket policy and the NACL are also valid.
Which additional step should the solutions architect take to troubleshoot this issue?

1. A. Ensure that blocking all public access has not been enabled in the S3 bucket.
2. B. Verify that the IAM rote has permission to decrypt the referenced KMS key.
3. C. Verify that the IAM role has the correct trust relationship configured.
4. D. Check that local firewall rules are not preventing access to the S3 endpoint.

Correct Answer: B