Question: 1

A bank is re-architecting its mainframe-based credit card approval processing application to a cloud-native application on the AWS cloud. The new application will receive up to 1,000 requests per second at peak load. There are multiple steps to each transaction, and each step must receive the result of the previous step. The entire request must return an authorization response within less than 2 seconds with zero data loss. Every request must receive a response. The solution must be Payment Card Industry Data Security Standard (PCI DSS)- compliant. Which option will meet all of the bank’s objectives with the LEAST complexity and LOWEST cost while also, meeting compliance requirements?

A. Create an Amazon API Gateway to process inbound requests using a single AWS Lambda task that performs multiple steps and returns a JSON object with the approval status. Open a support case to increase the limit for the number of concurrent Lambdas to allow room for bursts of activity due to the new application.

B. Create an Application Load Balancer with an Amazon ECS cluster on Amazon EC2 Dedicated instances in a target group to process incoming requests. Use Auto Scaling to scale the cluster out/in based on average CPU utilization. Deploy a web service that processes all of the approval steps and returns a JSON object with the approval status.

C. Deploy the application on Amazon EC2 on Dedicated Instances. Use an Elastic Load Balancer in front of a farm of application servers in an Auto Scaling group to handle incoming requests. Scale-out/in based on a custom Amazon CloudWatch metric for the number of inbound requests per second after measuring the capacity of a single instance.

D. Create an Amazon API Gateway to process inbound requests using a series of AWS Lambda processes, each with an Amazon SQS input queue. As each step completes, it writes its result to the next step’s queue. The final step returns a JSON object with the approval status. Open a support case to increase the limit for the number of concurrent Lambdas to allow room for bursts of activity due to the new application.

Answer: B

Question: 2

A company has a standard three-tier architecture using two Availability Zones. During the company’s offseason, users report that the website is not working. The Solutions Architect finds that no changes have been made to the environment recently, the website is reachable, and it is possible to log in. However, when the Solutions Architect selects the “Find a store near you” function, the maps provided on the site by a third-party RESTful API call do not work about 50% of the time after refreshing the page. The outbound API calls are made through Amazon EC2 NAT instances. What is the MOST likely reason for this failure and how can it be mitigated in the future?

A. The network ACL for one subnet is blocking outbound web traffic. Open the network ACL and prevent the administration from making future changes through IAM. 

B. The fault is in the third-party environment. Contact the third party that provides the maps and request a fix that will provide better uptime.

C. One NAT instance has become overloaded. Replace both EC2 NAT instances with a larger-sized instance and make sure to account for growth when making the new instance size.

D. One of the NAT instances failed. Recommend replacing the EC2 NAT instances with a NAT gateway.

Answer: D 

Question: 3

A company is planning to migrate an application from on-premises to AWS. The application currently

uses an Oracle database and the company can tolerate a brief downtime of 1 hour when performing the

switch to the new infrastructure. As part of the migration, the database engine will be changed to

MySQL. A Solutions Architect needs to determine which AWS services can be used to perform the

migration while minimizing the amount of work and time required.

Which of the following will meet the requirements?

A. Use AWS SCT to generate the schema scripts and apply them to the target prior to migration. Use

AWS DMS to analyze the current schema and provide a recommendation for the optimal database

engine. Then, use AWS DMS to migrate to the recommended engineer. Use AWS SCT to identify what

embedded SQL code in the application can be converted and what has to be done manually.

B. Use AWS SCT to generate the schema scripts and apply them on the target prior to migration. Use

AWS DMS to begin moving data from the on-premises database to AWS. After the initial copy, continue to use AWS DMS to keep the databases in sync until cutting over to the new database. Use AWS SCT to identify what embedded SQL code in the application can be converted and what has to be done manually.

C. Use AWS DMS to help identify the best target deployment between installing the database engine on

Amazon EC2 directly or moving to Amazon RDS. Then, use AWS DMS to migrate to the platform. Use AWS Application Discovery Service to identify what embedded SQL code in the application can be converted and what has to be done manually.

D. Use AWS DMS to begin moving data from the on-premises database to AWS. After the initial copy,

continue to use AWS DMS to keep the databases in sync until cutting over to the new database. Use

AWS Application Discovery Service to identify what embedded SQL code in the application can be converted and what has to be done manually.

Answer: B 

Question: 4 

A company has an Amazon VPC that is divided into a public subnet and a private subnet A web

application runs in Amazon VPC, and each subnet has its own NACL The public subnet has a CIDR of 10.0.0.0/24. An Application Load Balancer is deployed to the public subnet. The private subnet has a

CIDR of 10.0.1.0/24. Amazon EC2 instances that run a web server on port 80 are launched into the private subnet. Only network traffic that is required for the Application Load Balancer to access the web application can be allowed to travel between the public and private subnets What collection of rules should be written to ensure that the private subnet's NACL meets the requirement? (Select TWO.)

A. An inbound rule for port 80 from source 0.0.0 0/0

B. An inbound rule for port 80 from source 10.0.0.0/24

C. An outbound rule for port 80 to destination 0.0.0.0/0

D. An outbound rule for port 80 to destination 10.0.0.0/24

E. An outbound rule for ports 1024 through 65535 to destination 10.0.0.0/24

Answer: B, E 

Question: 5

A Solutions Architect must establish a patching plan for a large mixed fleet of Windows and Linux

servers. The patching plan must be implemented securely, be audit-ready, and comply with the

company’s business requirements. Which option will meet these requirements with MINIMAL effort?

A. Install and use an OS-native patching service to manage the update frequency and release approval

for all instances. Use AWS Config to verify the OS state on each instance and report on any patch

compliance issues.

B. Use AWS Systems Manager on all instances to manage patching. Test patches outside of production

and then deploy during a maintenance window with the appropriate approval.

C. Use AWS OpsWorks for Chef Automate to run a set of scripts that will iterate through all instances of a given type. Issue the appropriate OS command to get and install updates on each instance, including any required restarts during the maintenance window.

D. Migrate all applications to AWS OpsWorks and use OpsWorks automatic patching support to keep the OS up-to-date following the initial installation. Use AWS Config to provide audit and compliance

reporting.

Answer: B 

Question: 6 

A company has released a new version of a website to target an audience in Asia and South America.

The website’s media assets are hosted on Amazon S3 and have an Amazon CloudFront distribution to

improve end-user performance. However, users are having a poor login experience the authentication

service is only available in the us-east-1 AWS Region. How can the Solutions Architect improve the login experience and maintain high security and performance with minimal management overhead?

A. Replicate the setup in each new geography and use Amazon Route 53 geo-based routing to route

traffic to the AWS Region closest to the users.

B. Use an Amazon Route 53 weighted routing policy to route traffic to the CloudFront distribution. Use

CloudFront cached HTTP methods to improve the user login experience.

C. Use Amazon Lambda@Edge attached to the CloudFront viewer request trigger to authenticate and

authorize users by maintaining a secure cookie token with a session expiry to improve the user

experience in multiple geographies.

D. Replicate the setup in each geography and use Network Load Balancers to route traffic to the

authentication service running in the closest region to users.

Answer: C 

Question: 7

A Solutions Architect needs to design a highly available application that will allow authenticated users to stay connected to the application even when there are underlying failures.

Which solution will meet these requirements?

A. Deploy the application on Amazon EC2 instances Use Amazon Route 53 to forward requests to the

EC2 Instances Use Amazon DynamoDB to save the authenticated connection details

B. Deploy the application on Amazon EC2 instances in an Auto Scaling group Use an internet-facing

Application Load Balancer to handle requests Use Amazon DynamoDB to save the authenticated

connection details

C. Deploy the application on Amazon EC2 instances in an Auto Scaling group Use an internet-facing

Application Load Balancer on the front end Use EC2 instances to save the authenticated connection

details

D. Deploy the application on Amazon EC2 instances in an Auto Scaling group Use an internet-facing

Application Load Balancer on the front end Use EC2 instances hosting a MySQL database to save the

authenticated connection details

Answer: B 

Question: 8

A company has an application written using an in-house software framework. The framework

installation takes 30 minutes and is performed with a user data script. Company Developers deploy

changes to the application frequently. The framework installation is becoming a bottleneck in this

process. Which of the following would speed up this process?

A. Create a pipeline to build a custom AMI with the framework installed and use this AMI as a baseline

for application deployments.

B. Employ a user-data script to install the framework but compress the installation files to make them

smaller.

C. Create a pipeline to parallelize the installation tasks and call this pipeline from a user data script.

D. Configure an AWS OpsWorks cookbook that installs the framework instead of employing user data.

Use this cookbook as a base for all deployments.

Answer: A 

For More Info:

https://www.amazondumps.us/aws-certified-solutions-architect-professional.html