AWS-Solution-Architect-Associate Free Practice Test

- (Exam Topic 2)
A security team wants to limit access to specific services or actions in all of the team's AWS accounts. All accounts belong to a large organization in AWS Organizations. The solution must be scalable and there must be a single point where permissions can be maintained.
What should a solutions architect do to accomplish this?

1. A. Create an ACL to provide access to the services or actions.
2. B. Create a security group to allow accounts and attach it to user groups.
3. C. Create cross-account roles in each account to deny access to the services or actions.
4. D. Create a service control policy in the root organizational unit to deny access to the services or actions.

Correct Answer: D
Service control policies (SCPs) are one type of policy that you can use to manage your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization's access control guidelines. See https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html.

- (Exam Topic 3)
A company’s reporting system delivers hundreds of .csv files to an Amazon S3 bucket each day. The company must convert these files to Apache Parquet format and must store the files in a transformed data bucket.
Which solution will meet these requirements with the LEAST development effort?

1. A. Create an Amazon EMR cluster with Apache Spark installe
2. B. Write a Spark application to transform the dat
3. C. Use EMR File System (EMRFS) to write files to the transformed data bucket.
4. D. Create an AWS Glue crawler to discover the dat
5. E. Create an AWS Glue extract, transform, and load (ETL) job to transform the dat
6. F. Specify the transformed data bucket in the output step.
7. G. Use AWS Batch to create a job definition with Bash syntax to transform the data and output the data to the transformed data bucke
8. H. Use the job definition to submit a jo
9. I. Specify an array job as the job type.
10. J. Create an AWS Lambda function to transform the data and output the data to the transformed data bucke
11. K. Configure an event notification for the S3 bucke
12. L. Specify the Lambda function as the destination for the event notification.

Correct Answer: B
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/three-aws-glue-etl-job-types-for-converting-d

- (Exam Topic 3)
A company hosts a multi-tier web application that uses an Amazon Aurora MySQL DB cluster for storage. The application tier is hosted on Amazon EC2 instances. The company's IT security guidelines mandate that the database credentials be encrypted and rotated every 14 days
What should a solutions architect do to meet this requirement with the LEAST operational effort?

1. A. Create a new AWS Key Management Service (AWS KMS) encryption key Use AWS Secrets Manager to create a new secret that uses the KMS key with the appropriate credentials Associate the secret with the Aurora DB cluster Configure a custom rotation period of 14 days
2. B. Create two parameters in AWS Systems Manager Parameter Store one for the user name as a string parameter and one that uses the SecureStnng type for the password Select AWS Key Management Service (AWS KMS) encryption for the password parameter, and load these parameters in the application tier Implement an AWS Lambda function that rotates the password every 14 days.
3. C. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encryptedAmazon Elastic File System (Amazon EFS) file system Mount the EFS file system in all EC2 instances of the application tie
4. D. Restrict the access to the file on the file system so that the application can read the file and that only super users can modify the file Implement an AWS Lambda function that rotates the key in Aurora every 14 days and writes new credentials into the file
5. E. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon S3 bucket that the application uses to load the credentials Download the file to the application regularly to ensure that the correct credentials are used Implement an AWS Lambda function that rotates the Aurora credentials every 14 days and uploads these credentials to the file in the S3 bucket

Correct Answer: A

- (Exam Topic 3)
A company has implemented a self-managed DNS service on AWS. The solution consists of the following:
• Amazon EC2 instances in different AWS Regions
• Endpomts of a standard accelerator m AWS Global Accelerator
The company wants to protect the solution against DDoS attacks What should a solutions architect do to meet this requirement?

1. A. Subscribe to AWS Shield Advanced Add the accelerator as a resource to protect
2. B. Subscribe to AWS Shield Advanced Add the EC2 instances as resources to protect
3. C. Create an AWS WAF web ACL that includes a rate-based rule Associate the web ACL with the accelerator
4. D. Create an AWS WAF web ACL that includes a rate-based rule Associate the web ACL with the EC2 instances

Correct Answer: B

- (Exam Topic 3)
A company has an application that is backed ny an Amazon DynamoDB table. The company's compliance requirements specify that database backups must be taken every month, must be available for 6 months, and must be retained for 7 years.
Which solution will meet these requirements?

1. A. Create an AWS Backup plan to back up the DynamoDB table on the first day of each mont
2. B. Specify a lifecycle policy that transitions the backup to cold storage after 6 month
3. C. Set the retention period foreach backup to 7 years.
4. D. Create a DynamoDB on-damand backup of the DynamoDB table on the first day of each month Transition the backup to Amazon S3 Glacier Flexible Retrieval after 6 month
5. E. Create an S3 Lifecycle policy to delete backups that are older than 7 years.
6. F. Use the AWS SDK to develop a script that creates an on-demand backup of the DynamoDB tabl
7. G. Set up an Amzon EvenlBridge rule that runs the script on the first day of each mont
8. H. Create a second script that will run on the second day of each month to transition DynamoDB backups that are older than 6 months to cold storage and to delete backups that are older than 7 years.
9. I. Use the AWS CLI to create an on-demand backup of the DynamoDB table Set up an Amazon EventBridge rule that runs the command on the first day of each month with a cron expression Specify in the command to transition the backups to cold storage after 6 months and to delete the backups after 7 years.

Correct Answer: A