AWS Certified Solutions Architect - Professional SAP-C02 考古題

AWS 專業架構師證照考古題大全20241023

AWS Certified Solutions Architect - Professional SAP-C02

Amazon Web Service（AWS 亞馬遜）全系列考古題，2024年最新題庫，持續更新，全網最完整。AWS 證照含金量高，自我進修、跨足雲端產業必備近期版本更新，隨時追蹤最新趨勢變化。

An e-commerce company is revamping its IT infrastructure and is planning to use AWS services. The company's CIO has asked a Solutions Architect to design a simple, highly available, and loosely coupled order processing application. The application is responsible for receiving and processing orders before storing them in an Amazon DynamoDB table. The application has a sporadic traffic pattern and should be able to scale during marketing campaigns to process the orders withminimal delays. Which of the following is the MOST reliable approach to meet the requirements?

A.       Receive the orders in an Amazon EC2-hosted database and use EC2 instances to process them.

B.       Receive the orders in an Amazon SQS queue and trigger an AWS Lambda function to process them.

C.      Receive the orders using the AWS Step Functions program and trigger an Amazon ECS container to process them.

D.      Receive the orders in Amazon Kinesis Data Streams and use Amazon EC2 instances to process them.

Correct Answer: B

Section: (none)

QUESTION 2

A Solutions Architect must establish a patching plan for a large mixed fleet of Windows and Linux servers. The patching planmust be implemented securely, be audit ready, and comply with the company's business requirements. Which option will meet these requirements with MINIMAL effort?

A.       Install and use an OS-native patching service to manage the update frequency and release approval for all instances. Use AWS Config to verify the OS state on each instance and report on any patch compliance issues.

B.       Use AWS Systems Manager on all instances to manage patching. Test patches outside of production and then deploy during a maintenance window with the appropriate approval.

C.      Use AWS OpsWorks for Chef Automate to run a set of scripts that will iterate through all instances of a given type. Issue the appropriate OS command to get and install updates on each instance, including any required restarts during the maintenance window.

D.      Migrate all applications to AWS OpsWorks and use OpsWorks automatic patching support to keep the OS up-to-date following the initial installation. Use AWS Config to provide audit and compliance reporting.

Correct Answer: B

Section: (none)

QUESTION 3

A company has a serverless application comprised of Amazon CloudFront, Amazon API Gateway, and AWS Lambdafunctions. The current deployment process of the application code is to create a new version number of the Lambda function and run an AWS CLI script to update. If the new function version has errors, another CLI script reverts by deploying the previous working version of the function. The company would like to decrease the time to deploy new versions of the application logic provided by the Lambda functions, and also reduce the time to detect and revert when errors are identified.

How can this be accomplished?

A.       Create and deploy nested AWS CloudFormation stacks with the parent stack consisting of the AWS CloudFront distribution and API Gateway, and the child stack containing the Lambda function. For changes to Lambda, create anAWS CloudFormation change set and deploy; if errors are triggered, revert the AWS CloudFormation change set to the previous version.

B.       Use AWS SAM and built-in AWS CodeDeploy to deploy the new Lambda version, gradually shift traffic to the newversion, and use pre-traffic and post-traffic test functions to verify code. Rollback if Amazon CloudWatch alarms are triggered.

C.      Refactor the AWS CLI scripts into a single script that deploys the new Lambda version.

When deployment is completed, the script tests execute. If errors are detected, revert to the previous Lambda version.

D.      Create and deploy an AWS CloudFormation stack that consists of a new API Gateway endpoint that references thenew Lambda version. Change the CloudFront origin to the new API Gateway endpoint, monitor errors and if detected, change the AWS CloudFront origin to the previous API Gateway

endpoint.

Correct Answer: B

Section: (none)

QUESTION 4

A company will several AWS accounts is using AWS Organizations and service control policies (SCPs). An Administrator created the following SCP and has attached it to an organizational unit (OU) that contains AWS account 1111-1111-1111:

{

"Version": "2012-10-27"

"Statement": [

{

"Side": "AllowsAllActions", "Effect": "Allow",

"Action": "*",

"Resource": "*"

},

{

"Side": "DenyCloudTrail", "Effect": "Deny","Action": "CloudTrail:*", "Resource": "*"

}

]

}

Developers working in account 1111-1111-1111 complain that they cannot create Amazon S3 buckets. How should the Administrator address this problem?

A.       Add s3:CreateBucket with "Allow" effect to the SCP.

B.       Remove the account from the OU, and attach the SCP directly to account 1111-1111-1111.

C.      Instruct the Developers to add Amazon S3 permissions to their IAM entities.

D.      Remove the SCP from account 1111-1111-1111.

Correct Answer: C

Section: (none)

QUESTION 5

A finance company is running its business-critical application on current-generation Linux EC2 instances. The application includes a self-managed MySQL database performing heavy I/O operations. The application is working fine to handle amoderate amount of traffic during the month. However, it slows down during the final three days of each month due to month-end reporting, even though the company is using Elastic Load Balancers and Auto Scaling within its infrastructure to meet the increased demand. Which of the following actions would allow the database to handle the month-end load with the LEAST impact on performance?

A.       Pre-warming Elastic Load Balancers, using a bigger instance type, changing all Amazon EBS volumes to GP2 volumes.

B.       Performing a one-time migration of the database cluster to Amazon RDS, and creating several additional read replicas to handle the load during end of month.

C.      Using Amazon CloudWatch with AWS Lambda to change the type, size, or IOPS of Amazon EBS volumes in the cluster based on a specific CloudWatch metric.

D.      Replacing all existing Amazon EBS volumes with new PIOPS volumes that have the maximum available storage size and I/O per second by taking snapshots before the end of the month and reverting back afterwards.

Correct Answer: B

Section: (none)

探索小豬科技的雲端解決方案，了解更多，幫助您加速業務發展！

QUESTION 6

A company is using AWS CloudFormation to deploy its infrastructure. The company is concerned that, if a production CloudFormation stack is deleted, important data stored in Amazon RDS databases or Amazon EBS volumes might also bedeleted. How can the company prevent users from accidentally deleting data in this way?

A.       Modify the CloudFormation templates to add a DeletionPolicy attribute to RDS and EBS resources.

B.       Configure a stack policy that disallows the deletion of RDS and EBS resources.

C.      Modify IAM policies to deny deleting RDS an EBS resources that are tagged with an "aws:cloudformation:stackname" tag.

D.      Use AWS Config rules to prevent deleting RDS and EBS resources.

Correct Answer: A

Section: (none)

QUESTION 7

A company used Amazon EC2 instances to deploy a web fleet to host a blog site. The EC2 instances are behind an Application Load Balancer (ALB) and are configured in an Auto Scaling group. The web application stores all blog content on an Amazon EFS volume. The company recently added a feature for bloggers to add video to their posts, attracting 10 timesthe previous user traffic. At peak times of day, users report buffering and timeout issues while attempting to reach the site or watch videos. Which is the MOST cost-efficient and scalable deployment that will resolve the issues for users?

A.       Reconfigure Amazon EFS to enable maximum I/O.

B.       Update the blog site to use instance store volumes for storage. Copy the site contents to the volumes at launch and to Amazon S3 at shutdown.

C.      Configure an Amazon CloudFront distribution. Point the distribution to an S3 bucket, and migrate the videos from EFS to Amazon S3.

D.      Set up an Amazon CloudFront distribution for all suite contents, and point the distribution at the ALB.

Correct Answer: C

Section: (none)

QUESTION 8

A company runs an IoT platform on AWS. IoT sensors in various locations send data to the company's Node.js API serverson Amazon EC2 instances running behind an Application Load Balancer. The data is stored in an Amazon RDS MySQL DB instance that uses a 4 TB General Purpose SSD volume. The

number of sensors the company has deployed in the field has increased over time, and is expected to grow significantly. TheAPI servers are consistently overloaded and RDS metrics show high write latency. Which of the following steps together will resolve the issues permanently and enable growth as new sensors are provisioned, while keeping this platform cost-efficient? (Choose two.)

A.       Resize the MySQL General Purpose SSD storage to 6 TB to improve the volume's IOPS

B.       Re-architect the database tier to use Amazon Aurora instead of an RDS MySQL DB instance and add read replicas

C.      Leverage Amazon Kinesis Data Streams and AWS Lambda to ingest and process the raw data

D.      Use AWS-X-Ray to analyze and debug application issues and add more API servers to match the load

E.       Re-architect the database tier to use Amazon DynamoDB instead of an RDS MySQL DB instance

Correct Answer: CE

Section: (none)

QUESTION 9

A solutions architect needs to migrate an on-premises legacy application to AWS. The application runs on two serversbehind a load balancer. The application requires a license file that is associated with the MAC address of the server's network adapter. It takes the software vendor 12hours to send new license files.

The application also uses configuration files with a static IP address to access a database server. host names are not supported.

Given these requirements, which combination of steps should be taken to enable highly available architecture for the application servers in AWS? (Select TWO)

A.       Create a pool of ENIs. Request license files from the vendor for the pool, and store the license files in Amazon S3 Create a bootstrap automation script to download a license file and attach the corresponding ENI to an Amazon EC2 instance

B.       Create a pool of ENIs. Request license files from the vendor for the pool, store the license files on an AmazonEC2instance Create an AMI from the instance and use this AMI for all future EC2 instances

C.      Create a bootstrap automation script to request a new license file from the vendor When the response is received, apply the license fie to an Amazon EC2 instance

D.      Edit the bootstrap automation script to read the database server IP address from the AWS Systems Manager Parameter Store, and inject the value into the local configuration files

E.       Edit an Amazon EC2 instance to include the database server IP address in the configuration files and re-create the AMI to use for all futureEC2 instances

Correct Answer: AD

Section: (none)

QUESTION 10

A Solutions Architect is designing the data storage and retrieval architecture for a new application that a company will be launching soon. The application is designed to ingest millions of small records per minute from devices all around the world.Each record is less than 4 KB in size and needs to be stored in a durable location where it can be retrieved with low latency. The data is ephemeral and the company is required to store the data for 120 days only, after which the data can bedeleted.The Solutions Architect calculates that, during the course of a year, the storage requirements would be about 10-15 TB. Which storage strategy is the MOST cost-effective and meets the design requirements?

A.       Design the application to store each incoming record as a single .CSV file in an Amazon S3 bucket to allow for indexed retrieval. Configure a lifecycle policy to delete data older than 120 days.

B.       Design the application to store each incoming record in an Amazon DynamoDB table properly configured for thescale.Configure the DynamoDB Time to Live (TTL) feature to delete records older than 120 days.

C.      Design the application to store each incoming record in a single table in an Amazon RDS MySQL database. Run anightly cron job that executes a query to delete any records older than 120 days.

D.      Design the application to batch incoming records before writing them to an Amazon S3 bucket. Update the metadata forthe object to contain the list of records in the batch and use the Amazon S3 metadata search feature to retrieve the data.Configure a lifecycle policy to delete the data after 120 days.

Correct Answer: B

Section: (none)

擁有彈性、可擴展的雲端服務，立即註冊 體驗無縫連接！

QUESTION 11

An enterprise company wants to allow its Developers to purchase third-party software through AWS Marketplace. The company uses an AWS Organizations account structure with full features enabled, and has a shared services account in eachorganizational unit (OU) that will be used by Procurement Managers. The Procurement team's policy indicates thatDevelopers should be able to obtain third-party software from an approved list only and use Private Marketplace in AWS Marketplace to achieve this requirement. The Procurement team wants administration of Private Marketplace to be restricted to a role named procurement-manager-role, which could be assumed by Procurement Managers. Other IAM users, groups, roles, and account administrators in the company should be denied Private Marketplace administrative access.

What is the MOST efficient way to design an architecture to meet these requirements?

A.       Create an IAM role named procurement-manager-role in all AWS accounts in the organization. Add the PowerUserAccess managed policy to the role. Apply an inline policy to all IAM users and roles in every AWS account to deny permissions on the AWSPrivateMarketplaceAdminFullAccess managed policy.

B.       Create an IAM role named procurement-manager-role in all AWS accounts in the organization. Add the AdministratorAccess managed policy to the role. Define a permissions boundary with the AWSPrivateMarketplaceAdminFullAccess managed policy and attach it to all the Developer roles.

C.      Create an IAM role named procurement-manager-role in all the shared services accounts in the organization. Add theAWSPrivateMarketplaceAdminFullAccess managed policy to the role. Create an organization root-level SCP to denypermissions to administer Private Marketplace to everyone except the role named procurement- manager-role. Create another organization root-level SCP to deny permissions to create an IAM role named procurement-manager-role toeveryone in the organization.

D.      Create an IAM role named procurement-manager-role in the AWS accounts that will be used by Developers. Add the AWSPrivateMarketplaceAdminFullAccess managed policy to the role. Create an SCP in Organizations to denypermissions to administer Private Marketplace to everyone except the role named procurement-manager-role. Apply the SCP to all the shared services accounts in the organization.

Correct Answer: C

Section: (none)

QUESTION 12

A company is hosting a three-tier web application in an on-premises environment. Due to a recent surge in traffic that resulted in downtime and a significant financial impact, company management has ordered that the application be moved to AWS. The application is written in NET and has a dependency on a MySQL database. a Solutions Architect must design a scalableand highly available solution to meet the demand of 200, 000 daily users

Which steps should the Solutions Architect take to design an appropriate solution?

A.       Use AWS Elastic Beanstalk to create a new application with a web server environment and an Amazon RDS MySQL Multi-AZ DB instance. The environment should launch a Network Load Balancer(NLB)in front of an Amazon EC2 Auto Scaling group in multiple Availability Zones. Use an Amazon Route 53 alias record to route traffic from the company's domain to the NLB.

B.       Use AWS CloudFormation to launch a stack containing an Application Load Balancer(ALB)in front of an Amazon EC2Auto Scaling group spanning three Availability Zones. The stack should launch a Multi-AZ deployment of an Amazon Aurora MySQL DB cluster with a Retain deletion policy. Use an Amazon Route 53 alias record to route traffic from the company's domain to the ALB.

C.      Use AWS Elastic Beanstalk to create an automatically scaling web server environment that spans two separate Regions with an Application Load Balancer(ALB)in each Region. Create a Multi-azZ deployment of an Amazon Aurora MySQL DB cluster with a cross-Region read replica. Use Amazon Route 53 with a geoproximity routing policy to route traffic between the two regions.

D.      Use AWS CloudFormation to launch a stack containing an Application Load Balancer(ALB)in front of an Amazon ECS cluster of Spot Instances spanning three Availability Zones. The stack should launch an Amazon RDS MySQL DB instance with a Snapshot deletion policy. Use an Amazon Route 53 alias record to route traffic from the company s domain to the ALB.

Correct Answer: B

Section: (none) QUESTION 13

A company is in the process of implementing AWS Organizations to constrain its Developers to use only Amazon EC2, Amazon S3,and Amazon DynamoDB. The Developers account resides in a dedicated organizational unit (OU). The Solutions Architecthas implemented the following SCP on the Developers account:

When this policy is deployed. IAM users in the Developers account are still able to use AWS services that are not listed in the policy?

What should the solutions Architect do to eliminate the developers' ability to use services outside the scope of this poll.

A.       Create an explicit deny statement for each AWS service that should be constrained

B.       Remove the FullAWSAccess SCP from the Developer account's OU

C.      Modify the FullAWSAccess SCP to explicitly deny all services

D.      Add an explicit deny statement using a wildcard to the end of the SCP.

Correct Answer: B

Section: (none)

QUESTION 14

A company is developing a new service that will be accessed using TCP on a static port. A Solutions Architect must ensurethat the service is highly available, has redundancy across Availability Zones, and is accessible using the DNS name my.service.com, which is publicly accessible. The service must use fixed address assignments SO other companies can add the addresses to their allow lists. Assuming that resources are deployed in multiple Availability Zones in a single Region, which solution will meet these requirements?

A.       Create Amazon EC2 instances with an Elastic IP address for each instance. Create a Network Load Balancer (NLB)and expose the static TCP port. Register EC2 instances with the NLB. Create a new name server record set named my.service. com, and assign the Elastic IP addresses of the EC2 instances to the record set. Provide the Elastic IP addresses of the EC2 instances to the other companies to add to their allow lists.

B.       Create an Amazon ECS cluster and a service definition for the application. Create and assign public IP addresses for the ECS cluster. Create a Network Load Balancer (NLB) and expose the TCP port. Create a target group and assign theECS cluster name to the NLB. Create a new A record set named my.service .com, and assign the public IP addresses of the ECS cluster to the record set. Provide the public IP addresses of the ECS cluster to the other companies to add to their allow lists.

C.      Create Amazon EC2 instances for the service. Create one Elastic IP address for each Availability Zone. Create a Network Load Balancer (NLB) and expose the assigned TCP port. Assign the Elastic IP addresses to the NLB for each Availability Zone. Create a target group and register the EC2 instances with the NLB. Create a new A (alias) record set named my.service .com, and assign the NLB DNS name to the record set.

D.      Create an Amazon ECS cluster and a service definition for the application. Create and assign public IP address for eachhost in the cluster. Create an Application Load Balancer (ALB) and expose the static TCP port. Create a target groupand assign the ECS service definition name to the ALB. Create a new CNAME record set and associate the public IP addresses to the record set. Provide the Elastic IP addresses of the Amazon EC2 instances to the other companies to add to their allow lists .

Correct Answer: C

Section: (none)

QUESTION 15

A company is using multiple AWS accounts. The DNS records are stored in a private hosted zone for Amazon Route 53 inAccount A. The company's applications and databases are running in Account B.

A solutions architect will deploy a two-tier application in a new VPC. To simplify the configuration, the db.example.com CNAMErecord set for the Amazon RDS endpoint was created in a private hosted zone for Amazon Route 53.

During deployment, the application failed to start. Troubleshooting revealed that db.example.com is not resolvable on theAmazon EC2 instance. The solutions architect confirmed that the record set was created correctly in Route 53.

Which combination of steps should the solutions architect take to resolve this issue? (Select TWO.)

A.       Deploy the database on a separate EC2 instance in the new VPC. Create a record set for the instance's private IP in the private hosted zone.

B.       Use SSH to connect to the application tier EC2 instance. Add an RDS endpoint IP address to the /etc/ resolv.conf file.

C.      Create an authorization to associate the private hosted zone in Account A with the new VPC in Account B

D.      Create a private hosted zone for the example.com domain in Account B. Configure Route 53 replication between AWS accounts.

E.       Associate a new VPC in Account B with a hosted zone in Account A.Delete the association authorization in Account A

Correct Answer: CE

Section: (none)

有關雲端服務的任何問題，點擊這裡，聯絡我們的小豬科技專員！

QUESTION 16

A company has a web application that allows users to upload short videos. The videos are stored on Amazon EBS volumes and analyzed by custom recognition software for categorization. The website contains static content that has variable traffic with peaks in certain months. The architecture consists of Amazon EC2 instances running in an Auto Scaling group for theweb application and EC2 instances running in an Auto Scaling group to process an Amazon SQS queue. The company wants to re- architect the application to reduce operational overhead using AWS managed services.where possible and remove dependencies on third-party software.

Which solution meets these requirements?

A.       Use Amazon ECS containers for the web application and Spot Instances for the Auto Scaling group that processes the SQS queue. Replace the custom software with Amazon Rekognition to categorize the videos.

B.       Store the uploaded videos in Amazon EFS and mount the file system to the EC2 instances for the web application.Process the SQS queue with an AWS Lambda function that calls the Amazon Rekognition API to categorize the videos.

C.      Host the web application in Amazon S3. Store the uploaded videos in Amazons S3. Use S3 event notifications to publishevents to the SQS queue. Process the SQS queue with an AWS lambda function that calls the Amazon Rekognition API to categorize the videos.

D.      Use AWS Elastic Beanstalk to launch EC2 instances in an Auto Scaling group for the web application and launch a worker environment to process the SQS queue. Replace the custom software with Amazon Rekognition to categorize the videos.

Correct Answer: C

Section: (none)

QUESTION 17

A company plans to refactor a monolithic application into a modern application design deployed on AWS. The CI/CD pipeline needs to be upgraded to support the modern design for the application with the following requirements:

--It should allow changes to be released several times every hour. --It should be able to roll back the changes as quickly as possible.

Which design will meet these requirements?

A.       Deploy a CI/CD pipeline that incorporates AMIs to contain the application and their configurations. Deploy the application by replacing Amazon EC2 instances.

B.       Specify AWS Elastic Beanstalk to stage in a secondary environment as the deployment target for the CI/ CD pipeline of the application. To deploy, swap the staging and production environment URLS.

C.      Use AWS Systems Manager to re-provision the infrastructure for each deployment Update the Amazon EC2 user data to pull the latest code artifact from amazon S3 and use Amazon Route 53 weighted routing to point to the new environment.

D.      Roll out the application update as part of an auto Scaling event using prebuilt AMIs.Use new versions of the AMIs to add instances,and phase out all instances that use the previous AMI version with version with the configured termination policy during a deployment event.

Correct Answer: B

Section: (none)

QUESTION 18

The company user AWS Organizations with a single OU named Production to manage multiple accounts.All accounts are members of the Production OU Administrators use deny list SCPs in the root of the organization to manage access to restricted services.

The company recently acquired a new business unit and invited the new unit' s existing AWS account to the organization Onceon boarded,the administrators of the new business unit discovered that they are not able to update existing AWS Config rules to meet the company' s policies.

Which option will allow administrators to make changes and continue to enforce the current policies without introducing additional long-term maintenance?

A.       Remove the organization's root SCPs that limit access to AWS Config. Create AWS Service Catalog products tor thecompany's standard AWS Config rules and deploy them throughout the organization, including the new account.

B.       Create a temporary OU named Onboarding for the new account Apply an SCP to the Onboarding OU to allow AWS Config actions. Move the new account to the Production OU when adjustments to AWS Config are complete.

C.      Convert the organization's root SCPs from deny list SCPs to allow list SCPs to allow the required services only.Temporarily apply an SCP to the organization's root that allows AWS Config actions for principals only in the new account.

D.      Create a temporary ou named Onboarding for the new account Apply an SCP to the Onboarding OU to

allow AWS Config actions. Move the organization's root SCP to the Production OU Move the new account to the Production OU when adjustments to AWS Config are complete.

Correct Answer: D

Section: (none)

QUESTION 19

A weather service provides high-resolution weather maps from a web application hosted on AWS in the eu- west-1 Region.The weather maps are updated frequently and stored in Amazon S3 along with static HTML content. The web application is fronted by Amazon CloudFront:

The company recently expanded to serve users in the us-east-1 Region, and these new users report that viewing theirrespective weather maps is slow from time to time. Which combination of steps will resolve the us-east-1 performance issues? (Select TWO)

A.       Configure the AWS Global Accelerator endpoint for the S3 bucket in eu-west-1. Configure endpoint groups for TCP ports 80 and 443 in us-east-1.

B.       Create a new S3 bucket in us-east-1. Configure S3 cross-Region replication to synchronize from the S3 bucket in eu-west-1.

C.      Use Lambda@Edge to modify requests from North America to use the S3 Transfer Acceleration endpoint in us-east-1.

D.      Use Lambda@Edge to modify requests from North America to use the S3 bucket in us east-1.

E.       Configure the AWS Global Accelerator endpoint for us-east-1 as an origin on the CloudFront distribution. UseLambda@Edge to modify requests from North America to use the new origin.

Correct Answer: BD

Section: (none)

QUESTION 20

A North American company with headquarters on the East Coast is deploying a new web application running on Amazon EC2 in the us-east-1 Region. The application should dynamically scale to meet user demand and maintain resiliency.Additionally, the application must have disaster recovery capabilities in an active-passive configuration with the us-west-1 Region.

Which steps should a solutions architect take after creating a VPC in the us-east-1 Region?

A.       Create a VPC in the us-west-1 Region Use inter. Region VPC peering to connect both VPCs. Deploy an Application LoadBalancer (ALB) spanning multiple Availability Zones (AZs) to the VPC in the us-east-1 Region. Deploy EC2 instances across multiple AZs in each Region as part of an Auto Scaling group spanning both VPCs and served by the ALB.

B.       Deploy an Application Load Balancer (ALB) spanning multiple Availability Zones (AZs) to the VPC in the us- east-1 Region.Deploy EC2 instances across multiple AZs as part of an Auto Scaling group served by the ALB. Deploy the samesolution to the us-west-1 Region. Create an Amazon Route 53 record set with a failover routing policy and health checksenabled to provide high availability across both Regions.

C.      Create a VPC in the us-west-1 Region. Use inter-Region VPC peering to connect both VPCs. Deploy an Application Load Balancer (ALB) that spans both VPCs. Deploy EC2 instances across multiple Availability Zones as part of an Auto Scaling group in each VPC served by the ALB. Create an Amazon Route 53 record that points to the ALB.

D.      Deploy an Application Load Balancer (ALB) spanning multiple Availability Zones (AZs) to the VPC in the us east-1Region.Deploy EC2 instances across multiple AZs as part of an Auto Scaling group served by the ALB. Deploy the samesolution to the us-west-1 Region. Create separate Amazon Route 53 records in each Region that point to the ALB in the Region. Use Route 53 health checks to provide high availability across both Regions.

Correct Answer: B

Section: (none)

小豬科技，您的最佳雲端合作夥伴，點擊這裡 了解更多！

QUESTION 21

A company built an application based on AWS Lambda deployed in an AWS CloudFormation stack. The last productionrelease of the web application introduced an issue that resulted in an outage lasting several minutes. A solutions architect must adjust the deployment process to support a canary release.

Which solution will meet these requirements?

A.       Create an alias for every new deployed version of the Lambda function. Use the AWS CLI update-alias command with the routing-config parameter to distribute the load .

B.       Deploy the application into a new CloudFormation stack. Use an Amazon Route 53 weighted routing policy to distribute the load.

C.      Create a version for every new deployed Lambda function. Use the AWS CLI update-function - configuration command with the routing-config parameter to distribute the load.

D.      Configure AWS CodeDeploy and use CodeDeployDefault OneAtATime in the Deployment configuration to distribute the load.

Correct Answer: A

Section: (none)

QUESTION 22

An AWS partners company it building a service in AWS Organizations using its organization named org1. This service requires the partner company to have access to AWS resources in a customer account,which is in a separate organizationnamed org2.The company must establish least privilege security access using an API or command line foot to the customer account.

What is the MOST secure way to allow org1 to access resources in org2?

A.       The customer should provide the partner company with their AWS account access keys to log in and perform the required tasks.

B.       The customer should create an IAM user and assign the required permissions to the IAM user. The customer shouldthen provide the credentials to the partner company to log in and perform the required tasks.

C.      The customer should create an IAM role and assign the required permissions to the IAM role. The partner companyshould then use the IAM role's Amazon Resource Name (ARN) when requesting access to perform the required tasks.

D.      The customer should create an IAM role and assign the required permissions to the IAM role. The partner companyshould then use the IAM role's Amazon Resource Name (ARN), including the external ID in the IAM role's trust policy, when requesting access to perform the required tasks.

Correct Answer: D

Section: (none)

QUESTION 23

A solutions architect needs to advise a company on how to migrate its on-premises data processing application to the AWSCloud.Currently, users upload input files through a web portal. The web server then stores the uploaded files on NAS andmessages the processing server over a message queue. Each media file can take up to 1 hour to process. The company has determined that the number of media files awaiting processing is significantly higher during business hours, with the number of files rapidly declining after business hours.

What is the MOST cost effective migration recommendation?

A.       Create a queue using Amazon SQS. Configure the existing web server to publish to the new queue. When there aremessages in the queue, invoke an AWS Lambda function to pull requests from the queue and process the files. Store the processed files in an Amazon S3 bucket.

B.       Create a queue using Amazon MQ. Configure the existing web server to publish to the new queue. When there aremessages in the queue, create a new Amazon EC2 instance to pull requests from the queue and process the files. Store the processed files in Amazon EFS. Shut down the EC2 instance after the task is complete.

C.      Create a queue using Amazon MQ. Configure the existing web server to publish to the new queue. When there aremessages in the queue, invoke an AWS Lambda function to pull requests from the queue and process the files. Store the processed files in Amazon EFS.

D.      Create a queue using Amazon SQS. Configure the existing web server to publish to the new queue. Use Amazon EC2instances in an EC2 Auto Scaling group to pull requests from the queue and process the files. Scale the EC2 instances based on the SQS queue length. Store the processed files in an Amazon S3 bucket.

Correct Answer: D

Section: (none)

QUESTION 24

A security engineer determined that an existing application retrieves credentials to an Amazon RDS for MySQL databasefrom an encrypted file in Amazon S3 For the next version of the application, the security engineer wants to implement tho following application design changes to improve security:

--The database must use strong, randomly generated passwords stored in a secure AWS managed service.

--The application resources must be deployed through AWS CloudFormation. --The application must rotate credentials for thedatabase every 90 days. A solutions architect will generate a CloudFormation template to deploy the application.

Which resources specified in the CloudFormation template will meet the security engineer's requirements with the LEAST amount of operational overhead?

A.       Generate the database password as a secret resource using AWS Secrets Manager Create an AWS Lambda function resource to rotate the database password. Specify a Secrets Manager RotationSchedule resource to rotate the database password every 90 days.

B.       Generate the database password as a SecureString parameter type using AWS Systems Manager Parameter StoreCreate an AWS Lambda function resource to rotate the database password Specify a Parameter Store RotationSchedule resource to rotate the database password every 90 days.

C.      Generate the database password as a secret resource using AWS Secrets Manager. Create an AWS Lambda functionresource to rotate the database password. Create an Amazon EventBridge scheduled rule resource to trigger the Lambda function password rotation every 90 days.

D.      Generate the database password as a SecureString parameter type using AWS Systems Manager ParameterStore.Specify an AWS AppSyn DataSource resource to automatically rotate the database password every 90 days.

Correct Answer: A

Section: (none)

QUESTION 25

A company is running a two-tier web-based application in an on-premises data center. The application layer consists of a single server running a stateful application. The application connects to a PostgreSQL database running on a separate server.

The application's user base is expected to grow significantly, so the company is migrating the application and database to AWS.

The solution will use Amazon Aurora PostgreSQL, Amazon EC2 Auto Scaling, and Elastic Load Balancing. Which solutionwill provide a consistent user experience that will allow the application and database tiers to scale?

A.       Enable Aurora Auto Scaling for Aurora Replicas. Use a Network Load Balancer with the least outstanding requests routing algorithm and sticky sessions enabled.

B.       Enable Aurora Auto Scaling for Aurora writers Use an Application Load Balancer with the round robin routing algorithm and sticky sessions enabled.

C.      Enable Aurora Auto Scaling for Aurora Replicas. Use an Application Load Balancer with the round robin routing algorithm and sticky sessions enabled.

D.      Enable Aurora Auto Scaling for Aurora writers. Use a Network Load Balancer with the least outstanding requests routing algorithm and sticky sessions enabled.

Correct Answer: C

Section: (none)

馬上開始雲端旅程，立即註冊 小豬科技！

QUESTION 26

A company wants to change its internal cloud billing strategy for each of its business units. Currently, the cloud govemanceteam shares reports for overall cloud spending with the head of each business unit. The company uses AWS Organizations to manage the separate AWS accounts for each business unit. The existing tagging standard in Organizations includes the application, environment, and owner. The cloud governance team wants a centralized solution SO each business unitreceives monthly reports on its cloud spending. The solution should also send notifications for any cloud spending thatexceeds a set threshold. Which solution is the MOST cost- effective way to meet these requirements?

A.       Configure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owner. Add each business unit to an Amazon SNS topic for each alert. Use Cost

Explorer in each account to create monthly reports for each business unit.

B.       Configure AWS Budgets in the organization's master account and configure budget alerts that are grouped byapplication,environment, and owner. Add each business unit to an Amazon SNS topic for each alert. Use Cost Explorerin the organization's master account to create monthly reports for each business unit.,

C.      Configure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, andowner. Add each business unit to an Amazon SNS topic for each alert. Use the AWS Billing and Cost Management dashboard in each account to create monthly reports for each business unit.

D.      Enable AWS Cost and Usage Reports in the organization's master account and configure reports grouped byapplication,environment, and owner. Create an AWS Lambda function that processes AWS Cost and Usage Reports,sends budget alerts, and sends monthly reports to each business unit's email list.

Correct Answer: B

Section: (none)

QUESTION 27

A company has an on-premises monitoring solution using a PostgreSQL database for persistence of events. The database isunable to scale due to heavy ingestion and it frequently runs out of storage. The company wants to create a hybrid solutionand has already set up a VPN connection between its network and AWS. The solution should include the following attributes:

--Managed AWS services to minimize operational complexity --A buffer that automatically scales to match the throughput ofdata and requires no ongoing administration. --A visualization tool to create dashboards to observe events in near-real time. --Support for semi- structured JSON data and dynamic schemas. Which combination of components will enable the companyto create a monitoring solution that will satisfy these requirements? (Select TWO.)

A.       Use Amazon Kinesis Data Firehose to buffer events. Create an AWS Lambda function to process and transform events.

B.       Create an Amazon Kinesis data stream to buffer events. Create an AWS Lambda function to process and transform events.

C.      Configure an Amazon Aurora PostgreSQL DB cluster to receive events. Use Amazon QuickSight to read from the database and create near-real-time visualizations and dashboards.

D.      Configure Amazon Elasticsearch Service (Amazon ES) to receive events. Use the Kibana endpoint deployed with Amazon ES to create near-real-time visualizations and dashboards .

E.       Configure an Amazon Neptune DB instance to receive events. Use Amazon QuickSight to read from the database and create near-real-time visualizations and dashboards

Correct Answer: AD

Section: (none)

QUESTION 28

A company is using AWS Organizations to manage multiple AWS accounts. For security purposes, the company requires thecreation of an Amazon Simple Notification Service (Amazon SNS) topic that enables integration with a third- party alerting system in all the Organizations member accounts. A solutions architect used an AWS CloudFormation template to create the SNS topic and stack sets to automate the deployment of CloudFormation stacks. Trusted access has been enabled in Organizations. What should the solutions architect do to deploy the CloudFormation StackSets in all AWS accounts?

A.       Create a stack set in the Organizations member accounts. Use service-managed permissions. Set deployment options to deploy to an organization. Use CloudFormation StackSets drift detection.

B.       Create stacks in the Organizations member accounts. Use self-service permissions. Set deployment options to deploy to an organization. Enable the CloudFormation StackSets automatic deployment.

C.      Create a stack set in the Organizations master account. Use service-managed permissions.

Set deployment options to deploy to the organization. Enable CloudFormation StackSets automatic deployment.

D.      Create stacks in the Organizations master account. Use service- managed permissions Set deployment options to deploy to the organization. Enable CloudFormation StackSets drift detection.

Correct Answer: C

Section: (none)

QUESTION 29

A life sciences company is using a combination of open source tools to manage data analysis workflows and Docker containers running on servers in its on-premises data center to process genomics data.

Sequencing data is generated and stored on a local storage area network (SAN), and then the data is processed. The researchand development teams are running into capacity issues and have decided to re- architect their genomics analysis platform on AWS to scale based on workload demands and reduce the turnaround time from weeks to days.

The company has a high-speed AWS Direct Connect connection. Sequencers will generate around 200 GB of data for eachgenome;and individual jobs can take several hours to process the data with ideal compute capacity. The end result will be stored in Amazon S3. The company is expecting 10-15 job requests each day.

Which solution meets these requirements?

A.       Use regularly scheduled AWS Snowball Edge devices to transfer the sequencing data into AWS. When AWS receives the Snowball Edge device and the data is loaded into Amazon S3, use S3 events to trigger an AWS Lambda function to process the data.

B.       Use AWS Data Pipeline to transfer the sequencing data to Amazon S3. Use S3 events to trigger an Amazon EC2 AutoScaling group to launch custom-AMl EC2 instances running the Docker containers to process the data.

C.      Use AWS DataSync to transfer the sequencing data to Amazon S3. Use S3 events to trigger an AWS Lambda function that starts an AWS Step Functions workflow. Store the Docker images in Amazon Elastic Container Registry (AmazonECR) and trigger AWS Batch to run the container and process the sequencing data.

D.      Use an AWS Storage Gateway file gateway to transfer the sequencing data to Amazon S3. Use S3 events to trigger an AWS Batch job that executes on Amazon EC2 instances running the Docker containers to process the data.

Correct Answer: C

Section: (none)

QUESTION 30

An AWS customer has a web application that runs on premises. The web application fetches data from a third-party APIthat is behind a firewall. The third party accepts only one public CIDR block in each client's allow list.

The customer wants to migrate their web application to the AWS Cloud. The application will be hosted on a set of Amazon EC2 instances behind an Application Load Balancer (ALB) in a VPC. The ALB is located in public subnets. The EC2instances are located in private subnets. NAT gateways provide internet access to the private subnets.

How should a solutions architect ensure that the web application can continue to call the third-party API after the migration?

A.       Associate a block of customer-owned public IP addresses to the VPC. Enable public IP addressing for public subnets in the VPC .

B.       Register a block of customer-owned public IP addresses in the AWS account. Create Elastic IP addresses from the address block and assign them to the NAT gateways in the VPC.

C.      Create Elastic IP addresses from the block of customer-owned IP addresses. Assign the static Elastic IP addresses to the ALB.

D.      Register a block of customer-owned public IP addresses in the AWS account. Set up AWS Global Accelerator to use Elastic IP addresses from the address block. Set the AL .B as the accelerator endpoint.

Correct Answer: B

Section: (none)

雲端解決方案專家在這裡，點擊這裡 聯絡小豬科技，獲取支援。

QUESTION 31

A company needs to architect a hybrid DNS solution. This solution will use an Amazon Route 53 private hosted zone for thedomain cloud.example.com for the resources stored within VPCs. The company has the following DNS resolution requirements:

--On-premises systems should be able to resolve and connect to cloud .example.com.

--All VPCs should be able to resolve cloud.example .com.

There is already an AWS Direct Connect connection between the on-premises corporate network and AWS Transit Gateway.

Which architecture should the company use to meet these requirements with the HIGHEST performance?

A.       Associate the private hosted zone to all the VPCs. Create a Route 53 inbound resolver in the shared services VPC.Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud. example .com that point to the inbound resolver.

B.       Associate the private hosted zone to all the VPCs. Deploy an Amazon EC2 conditional forwarder in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on- premises DNS server for cloud.example.com that point to the conditional forwarder.

C.      Associate the private hosted zone to the shared services VPC. Create a Route 53 outbound resolver in the sharedservices VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on- premises DNS server for cloud. example .com that point to the outbound resolver.

D.      Associate the private hosted zone to the shared services VPC. Create a Route 53 inbound resolver in the sharedservices VPC. Attach the shared services VPC to the transit gateway and create forwarding rules in the on-premises DNS server for cloud example .com that point to the inbound resolver.

Correct Answer: A

Section: (none)

QUESTION 32

A startup company hosts a fleet of Amazon EC2 instances in private subnets using the latest Amazon Linux 2 AMI. The company's engineers rely heavily on SSH access to the instances for troubleshooting. The company's existing architecture includes the following:

--A VPC with private and public subnets, and a NAT gateway --Site-to-Site VPN for connectivity with the on- premises environment --EC2 security groups with direct SSH access from the on-premises environment The company needs to increase security controls around SSH access and provide auditing of commands executed by the engineers.

Which strategy should a solutions architect use?

A.       Install and configure EC2 Instance Connect on the fleet of EC2 instances. Remove all security group rules attached toEC2 instances that allow inbound TCP on port 22. Advise the engineers to remotely access the instances by using the EC2 Instance Connect CLI.

B.       Update the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer'sdevices.Install the Amazon CloudWatch agent on all EC2 instances and send operating system audit logs to CloudWatch Logs.

C.      Update the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer'sdevices.Enable AWS Config for EC2 security group resource changes. Enable AWS Firewall Manager and apply a security group policy that automatically remediates changes to rules.

D.      Create an IAM role with the AmazonSSMManagedInstanceCore managed policy attached. Attach the IAM role to all the EC2 instances. Remove all security group rules attached to the EC2 instances that allow inbound TCP on port 22. Havethe engineers install the AWS Systems Manager Session Manager plugin for their devices and remotely access the instances by using the start-session API call from Systems Manager.

Correct Answer: D

Section: (none)

QUESTION 33

A company is storing data on premises on a Windows file server. The company produces 5 GB of new data daily.

The company migrated part of its Windows-based workload to AWS and needs the data to be available on a file system in the cloud. The company already has established an AWS Direct Connect connection between the on-premises network and AWS.

Which data migration strategy should the company use?

A.       Use the file gateway option in AWS Storage Gateway to replace the existing Windows file server, and point the existing file share to the new file gateway

B.       Use AWS DataSync to schedule a daily task to replicate data between the on-premises Windows file

server and Amazon FSx

C.      Use AWS Data Pipeline to schedule a daily task to replicate data between the on-premises Windows file server and Amazon Elastic File System (Amazon EFS)

D.      Use AWS DataSync to schedule a daily task to replicate data between the on-premises Windows file server and Amazon Elastic File System (Amazon EFS)

Correct Answer: B

Section: (none)

QUESTION 34

A company is developing and hosting several projects in the AWS Cloud. The projects are developed across multiple AWS accounts under the same organization in AWS Organizations. The company requires the cost for cloud infrastructure to be allocated to the owning project. The team responsible for all of the AWS accounts has discovered that several Amazon EC2instances are lacking the Project tag used for cost allocation Which actions should a solutions architect take to resolve the problem and prevent it from happening in the future? (Select THREE )

A.       Create an AWS Config rule in each account to find resources with missing tags

B.       Create an SCP in the organization with a deny action for ec2:Runlnstances if the Project tag is missing

C.      Use Amazon Inspector in the organization to find resources with missing tags

D.      Create an IAM policy in each account with a deny action for ec2:Runlnstances if the Project tag is missing

E.       Create an AWS Config aggregator for the organization to collect a list of EC2 instances with the missing Project tag

F.       Use AWS Security Hub to aggregate a list of EC2 instances with the missing Project tag

Correct Answer: ABE

Section: (none)

QUESTION 35

A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect mustimplement a solution that the company can use to share a common network across multiple accounts.

The company's infrastructure team has a dedicated infrastructure account that has a VPC. The infrastructure team must usethis account to manage the network Individual accounts cannot have the ability to manage their own networks.

However, individual accounts must be able to create AWS resources within subnets. Which combination of actions should the solutions architect perform to meet these requirements? (Select TWO)

A.       Create a transit gateway in the infrastructure account.

B.       Enable resource sharing from the AWS Organizations management account.

C.      Create VPCs in each AWS account within the organization in AWS Organizations Configure the VPCs to share thesame CIDR range and subnets as the VPC in the infrastructure account Peer the VPCs in each individual account with the VPC in the infrastructure account.

D.      Create a resource share in AWS Resource Access Manager in the infrastructure account Select the specific AWSOrganizations OU that will use the shared network Select each subnet to associate with the resource share.

E.       Create a resource share in AWS Resource Access Manager in the infrastructure account Select the specific AWSOrganizations OU that will use the shared network Select each prefix list to associate with the resource share.

Correct Answer: BD

Section: (none)

讓您的業務快速上雲，點擊這裡 註冊小豬科技！

QUESTION 36

A large company is running a popular web application. The application runs on several Amazon EC2 Linux instances in an Auto Scaling group in a private subnet.

An Application Load Balancer is targeting the instances in the Auto Scaling group in the private subnet. AWS SystemsManager Session Manager is configured, and AWS Systems Manager Agent is running on all the EC2 instances.

The company recently released a new version of the application Some EC2 instances are now being

marked as unhealthy and are being terminated.

As a result, the application is running at reduced capacity. A solutions architect tries to determine the root cause by analyzing Amazon CloudWatch logs that are collected from the application, but the logs are Inconclusive. How should the solutionsarchitect gam access to an EC2 instance to troubleshoot the issue?

A.       Suspend the Auto Scaling group's HealthCheck scaling process.

Use Session Manager to log in to an instance that is marked as unhealthy

B.       Enable EC2 instance termination protection.

Use Session Manager to log in to an instance that is marked as unhealthy.

C.      Set the termination policy to Oldestlnstance on the Auto Scaling group Use Session Manager to log in to an instance that is marked as unhealthy.

D.      Suspend the Auto Scaling group's Terminate process.

Use Session Manager to log in to an instance that is marked as unhealthy.

Correct Answer: D

Section: (none)

QUESTION 37

A company wants to migrate an application to Amazon EC2 from VMware Infrastructure that runs in an on- premises data center.

A solutions architect must preserve the software and configuration settings during the migration. What should the solutions architect do to meet these requirements?

A.       Configure the AWS DataSync agent to start replicating the data store to Amazon FSx for Windows File Server.

Use the SMB share to host the VMware data store.

Use VM Import/Export to move the VMs to Amazon EC2.

B.       Use the VMware vSphere client to export the application as an image in Open Visualization Format (OVF) format.

Create an Amazon S3 bucket to store the image in the destination AWS Region. Create and apply an IAM role for VM Import.

Use the AWS CLI to run the EC2 import command.

C.      Configure AWS Storage Gateway for files service to export a Common Internet File System (CIFS) share.

Create a backup copy to the shared folder.

Sign in to the AWS Management Console and create an AMI from the backup copy. Launch an EC2 instance that is based on the AMI.

D.      Create a managed-instance activation for a hybrid environment in AWS Systems Manager. Download and install Systems Manager Agent on the on-premises VM.

Register the VM with Systems Manager to be a managed instance. Use AWS Backup tocreate a snapshot of the VM and create an AMI. Launch an EC2 instance that is based on the AMI.

Correct Answer: B

Section: (none)

QUESTION 38

A software company hosts an application on AWS with resources in multiple AWS accounts and Regions. The applicationruns on a group of Amazon EC2 instances m an application VPC located in the us-east-1 Region with an IPv4 CIDR block of 10.10.0.0/16. In a different AWS account, a shared services VPC is located in the us-east-2 Region with an IPv4 CIDR block of 10.10.10.0/24. When a cloud engineer uses AWS CloudFormation to attempt to peer the application VPC with the shared services VPC. an error message indicates a peering failure.

Which factors could cause this error? (Select TWO )

A.       The IPv4 CIDR ranges of the two VPCs overlap

B.       The VPCs are not in the same Region

C.      One or both accounts do not have access to an internet gateway

D.      One of the VPCs was not shared through AWS Resource Access Manager.

E.       The IAM role in the peer accepter account does not have the correct permissions.

Correct Answer: AE

Section: (none)

QUESTION 39

A company needs to implement a patching process for its servers. The on-premises servers and Amazon EC2 instances usea variety of tools to perform patching. Management requires a single report showing the patch status of all the servers andinstances. Which set of actions should a solutions architect take to meet these requirements?

A.       Use AWS Systems Manager to manage patches on the on-premises servers and EC2 instances. Use Systems Manager to generate patch compliance reports.

B.       Use AWS OpsWorks to manage patches on the on-premises servers and EC2 instances. Use AmazonQuickSight integration with OpsWorks to generate patch compliance reports.

C.      Use an Amazon EventBridge (Amazon CloudWatch Events) rule to apply patches by scheduling an AWS Systems Manager patch remediation job.

Use Amazon Inspector to generate patch compliance reports

D.      Use AWS OpsWorks to manage patches on the on-premises servers and EC2 instances.

Use AWS X- Ray to post the patch status to AWS Systems Manage OpsCenter to generate patch compliance reports.

Correct Answer: A

Section: (none)

QUESTION 40

A company runs a proprietary stateless ETL application on an Amazon EC2 Linux instance. The application is a Linux binary,and the source code cannot be modified. The application is single-threaded, uses 2 GB of RAM. and is highly CPU intensive. The application is scheduled to run every 4 hours and runs for up to 20 minutes. A solutions architect wants to revise the architecture for the solution.

Which strategy should the solutions architect use?

A.       Use AWS Lambda to run the application.

Use Amazon CloudWatch Logs to invoke the Lambda function every 4 hours.

B.       Use AWS Batch to run the application.

Use an AWS Step Functions state machine to invoke the AWS Batch job every 4 hours.

C.      Use AWS Fargate to run the application.

Use Amazon EventBridge (Amazon CloudWatch Events) to invoke the Fargate task every 4 hours.

D.      Use Amazon EC2 Spot Instances to run the application.

Use AWS CodeDeploy to deploy and run the application every 4 hours.

Correct Answer: C

Section: (none)

需要量身訂製的雲端方案？立即聯絡，我們的專員隨時為您服務！