Skip to content
Home » AWS Solutions Architect Questions and Answers Part-20

AWS Solutions Architect Questions and Answers Part-20

    AWS Solutions Architect Questions and Answers Part-20

    Get ready to excel in your AWS Solutions Architect certification with this comprehensive collection of questions and answers. Covering critical topics like cloud architecture design, AWS services, security best practices, and cost optimization, these Q&A sessions will help you gain a deep understanding of AWS concepts and prepare effectively for the exam. Whether you are a beginner or an experienced professional, these answers provide clear explanations and practical examples to solidify your AWS knowledge and boost your confidence.

     

    Test Your skills

    1.Your team has a tomcat-based Java application you need to deploy into development, test and production environments. After some research, you opt to use Elastic Beanstalk due to its tight integration with your developer tools and RDS due to its ease of management.Your QA team lead points out that you need to roll a sanitized set of production data into your environment on a nightly basis. Similarly, other software teams in your org want access to that same restored data via their EC2 instances in your VPC .The optimal setup for persistence and security that meets the above requirements would be the following.

    A. Create your RDS instance as part of your Elastic Beanstalk definition and alter its security group to allow access to it from hosts in your application subnets.
     
    B. Create your RDS instance separately and add its IP address to your application’s DB connection strings in your code Alter its security group to allow access to it from hosts within your VPC’s IP address block.
     
    C. Create your RDS instance separately and pass its DNS name to your app’s DB connection string as an environment variable. Create a security group for client machines and add it as a valid source for DB traffic to the security group of the RDS instance itself.
     
    D. Create your RDS instance separately and pass its DNS name to your’s DB connection string as an environment variable Alter its security group to allow access to It from hosts In your application subnets.
     

    Answer: C

    C. Create your RDS instance separately and pass its DNS name to your app’s DB connection string as an environment variable. Create a security group for client machines and add it as a valid source for DB traffic to the security group of the RDS instance itself.

    Click to know the Answer Collapse

    2. You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks. Which of the below are viable mitigation techniques? (Choose 3 answers)

    A. Add multiple elastic network interfaces (ENIs) to each EC2 instance to increase the network bandwidth.
     
    B. Use dedicated instances to ensure that each instance has the maximum performance possible.
     
    C. Use an Amazon CloudFront distribution for both static and dynamic content.
     
    D. Use an Elastic Load Balancer with auto scaling groups at the web. App and Amazon Relational Database Service (RDS) tiers
     
    E. Add alert Amazon CloudWatch to look for high Network in and CPU utilization.
     
    F. Create processes and capabilities to quickly add and remove rules to the instance OS firewall.
     
    Answer: B, D & F
     
    B. Use dedicated instances to ensure that each instance has the maximum performance possible.
     
    D. Use an Elastic Load Balancer with auto scaling groups at the web. App and Amazon Relational Database Service (RDS) tiers
     
    F. Create processes and capabilities to quickly add and remove rules to the instance OS firewall.
     
     
     
    Click to know the Answer Collapse

    3. You have deployed a web application targeting a global audience across multiple AWS Regions under the domain name.example.com. You decide to use Route53 Latency-Based Routing to serve web requests to users from the region closest to the user. To provide business continuity in the event of server downtime you configure weighted record sets associated with two web servers in separate Availability Zones per region. Dunning a DR test you notice that when you disable all web servers in one of the regions Route53 does not automatically direct all users to the other region. What could be happening? (Choose 2 answers)

    A. Latency resource record sets cannot be used in combination with weighted resource record sets.
     
    B. You did not setup an http health check tor one or more of the weighted resource record sets associated with me disabled web servers.
     
    C. The value of the weight associated with the latency alias resource record set in the region with the disabled servers is higher than the weight for the other region.
     
    D. One of the two working web servers in the other region did not pass its HTTP health check.
     
    E. You did not set “Evaluate Target Health” to “Yes” on the latency alias resource record set associated with example com in the region where you disabled the servers.
     
     

    Answer: Both B & E

    B. You did not setup an http health check tor one or more of the weighted resource record sets associated with me disabled web servers.

    E. You did not set “Evaluate Target Health” to “Yes” on the latency alias resource record set associated with example com in the region where you disabled the servers.

    Click to to know the Answer Collapse

    4. A web design company currently runs several FTP servers that their 250 customers use to upload and download large graphic files They wish to move this system to AWS to make it more scalable, but they wish to maintain customer privacy and Keep costs to a minimum. What AWS architecture would you recommend?

    A. ASK their customers to use an S3 client instead of an FTP client. Create a single S3 bucket Create an IAM user for each customer Put the IAM Users in a Group that has an IAM policy that permits access to sub-directories within the bucket via use of the ‘username’ Policy variable.
     
    B. Create a single S3 bucket with Reduced Redundancy Storage turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket for each customer with a Bucket Policy that permits access only to that one customer.
     
    C. Create an auto-scaling group of FTP servers with a scaling policy to automatically scale-in when minimum network traffic on the auto-scaling group is below a given threshold. Load a central list of ftp users from S3 as part of the user Data startup script on each Instance.
     
    D. Create a single S3 bucket with Requester Pays turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket tor each customer with a Bucket Policy that permits access only to that one customer.
     

    Answer: A

    A. ASK their customers to use an S3 client instead of an FTP client. Create a single S3 bucket Create an IAM user for each customer Put the IAM Users in a Group that has an IAM policy that permits access to sub-directories within the bucket via use of the ‘username’ Policy variable.

    Click to know the Answer Collapse

    5. You’ve been brought in as solutions architect to assist an enterprise customer with their migration of an e-commerce platform to Amazon Virtual Private Cloud (VPC) The previous architect has already deployed a 3-tier VPC.

    The configuration is as follows:

    VPC vpc-2f8t>C447

    IGVV ig-2d8bc445

    NACL acl-2080c448

    Subnets and Route Tables:

    Web server’s subnet-258Dc44d

    Application server’s suDnet-248bc44c

    Database server’s subnet-9189c6f9

    Route Tables:

    rrb-218DC449

    rtb-238bc44b

    Associations:

    subnet-258bc44d: rtb-2i8bc449

    Subnet-248DC44C rtb-238tX44b

    subnet-9189c6f9 rtb-238Dc 44b

    You are now ready to begin deploying EC2 instances into the VPC Web servers must have direct access to the internet Application and database servers cannot have direct access to the internet. Which configuration below will allow you the ability to remotely administer your application and database servers, as well as allow these servers to retrieve updates from the Internet?

    A. Create a bastion and NAT Instance in subnet-248bc44c and add a route from rtb-238bc44b to subnet-258bc44d.
     
    B. Add a route from rtD-238bc44D to igw-2d8bc445 and add a bastion and NAT instance within suonet-248bc44c.
     
    C. Create a bastion and MAT Instance In subnet-258bc44d. Add a route from rtb-238bc44b to igw-2d8bc445. And a new NACL that allows access between subnet-258bc44d and subnet-248bc44c.
     
    D. Create a bastion and mat instance in suDnet-258Dc44d and add a route from rtD-238Dc44D to the mat instance.
     

    Answer: A

    A. Create a bastion and NAT Instance in subnet-248bc44c and add a route from rtb-238bc44b to subnet-258bc44d.

    Click to know the Answer Collapse
    Need Help?
    Call Now