Free AWS-Certified-Solutions-Architect-Professional Exam Braindumps

- (Exam Topic 2)
A company operates quick-service restaurants. The restaurants follow a predictable model with high sales traffic for -4 hours daily Sates traffic is lower outside of those peak hours.
The point of sale and management platform is deployed in the AWS Cloud and has a backend that is based or Amazon DynamoDB The database table uses provisioned throughput mode with 100.000 RCUs and 80.000 WCUs to match Known peak resource consumption.
The company wants to reduce its DynamoDB cost and minimize the operational overhead for the IT staff. Which solution meets these requirements MOST cost-effectively?

1. A. Reduce the provisioned RCUs and WCUs
2. B. Change the DynamoDB table to use on-demand capacity
3. C. Enable Dynamo DB auto seating for the table.
4. D. Purchase 1-year reserved capacity that is sufficient to cover the peak load for 4 hours each day.

Correct Answer: C

- (Exam Topic 2)
A company with several AWS accounts is using AWS Organizations and service control policies (SCPs). An Administrator created the following SCP and has attached it to an organizational unit (OU) that contains AWS account 1111-1111-1111:

Developers working in account 1111-1111-1111 complain that they cannot create Amazon S3 buckets. How should the Administrator address this problem?

1. A. Add s3:CreateBucket with €Allow€ effect to the SCP.
2. B. Remove the account from the OU, and attach the SCP directly to account 1111-1111-1111.
3. C. Instruct the Developers to add Amazon S3 permissions to their IAM entities.
4. D. Remove the SCP from account 1111-1111-1111.

Correct Answer: C
is incorrect - https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
"SCPs are similar to AWS Identity and Access Management (IAM) permission policies and use almost the same syntax. However, an SCP never grants permissions."
SCPs alone are not sufficient to granting permissions to the accounts in your organization. No permissions are granted by an SCP. An SCP defines a guardrail, or sets limits, on the actions that the account's administrator can delegate to the IAM users and roles in the affected accounts. The administrator must still attach identity-based or resource-based policies to IAM users or roles, or to the resources in your accounts to actually grant permissions. The effective permissions are the logical intersection between what is allowed by the SCP and what is allowed by the IAM and resource-based policies.

- (Exam Topic 1)
A company with global offices has a single 1 Gbps AWS Direct Connect connection to a single AWS Region. The company's on-premises network uses the connection to communicate with the company's resources in the AWS Cloud. The connection has a single private virtual interface that connects to a single VPC.
A solutions architect must implement a solution that adds a redundant Direct Connect connection in the same Region. The solution also must provide connectivity to other Regions through the same pair of Direct Connect connections as the company expands into other Regions.
Which solution meets these requirements?

1. A. Provision a Direct Connect gatewa
2. B. Delete the existing private virtual interface from the existing connectio
3. C. Create the second Direct Connect connectio
4. D. Create a new private virtual interlace on each connection, and connect both private victual interfaces to the Direct Connect gatewa
5. E. Connect the Direct Connect gateway to the single VPC.
6. F. Keep the existing private virtual interfac
7. G. Create the second Direct Connect connectio
8. H. Create a new private virtual interface on the new connection, and connect the new private virtual interface to the single VPC.
9. I. Keep the existing private virtual interfac
10. J. Create the second Direct Connect connectio
11. K. Create a new public virtual interface on the new connection, and connect the new public virtual interface to the single VPC.
12. L. Provision a transit gatewa
13. M. Delete the existing private virtual interface from the existing connection.Create the second Direct Connect connectio
14. N. Create a new private virtual interface on each connection, and connect both private virtual interfaces to the transit gatewa
15. O. Associate the transit gateway with the single VPC.

Correct Answer: A
A Direct Connect gateway is a globally available resource. You can create the Direct Connect gateway in any Region and access it from all other Regions. The following describe scenarios where you can use a Direct Connect gateway.
https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways-intro.html

- (Exam Topic 2)
A company is running a workload that consists of thousands of Amazon EC2 instances The workload is running in a VPC that contains several public subnets and private subnets The public subnets have a route for 0 0 0 0/0 to an existing internet gateway. The private subnets have a route for 0 0 0 0/0 to an existing NAT gateway
A solutions architect needs to migrate the entire fleet of EC2 instances to use IPv6 The EC2 instances that are in private subnets must not be accessible from the public internet
What should the solutions architect do to meet these requirements?

1. A. Update the existing VPC and associate a custom IPv6 CIDR block with the VPC and all subnets Update all the VPC route tables and add a route for /0 to the internet gateway
2. B. Update the existing VP
3. C. and associate an Amazon-provided IPv6 CIDR block with the VPC and all subnets Update the VPC route tables for all private subnets, and add a route for /0 to the NAT gateway
4. D. Update the existing VP
5. E. and associate an Amazon-provided IPv6 CIDR block with the VPC and ail subnets Create an egress-only internet gateway Update the VPC route tables for all private subnets, and add a route for /0 to the egress-only internet gateway
6. F. Update the existing VPC and associate a custom IPv6 CIDR block with the VPC and all subnets Create a new NAT gateway, and enable IPv6 support Update the VPC route tables for all private subnets and add a route for 70 to the IPv6-enabled NAT gateway.

Correct Answer: C

- (Exam Topic 1)
A travel company built a web application that uses Amazon Simple Email Service (Amazon SES) to send email notifications to users. The company needs to enable logging to help troubleshoot email delivery issues. The company also needs the ability to do searches that are based on recipient, subject, and time sent.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

1. A. Create an Amazon SES configuration set with Amazon Kinesis Data Firehose as the destinatio
2. B. Choose to send logs to an Amazon S3 bucket.
3. C. Enable AWS CloudTrail loggin
4. D. Specify an Amazon S3 bucket as the destination for the logs.
5. E. Use Amazon Athena to query the fogs in the Amazon S3 bucket for recipient, subject, and time sent.
6. F. Create an Amazon CloudWatch log grou
7. G. Configure Amazon SES to send logs to the log group
8. H. Use Amazon Athena to query the logs in Amazon CloudWatch for recipient, subject, and time sent.

Correct Answer: AC
https://docs.aws.amazon.com/ses/latest/dg/event-publishing-retrieving-firehose.html
To enable you to track your email sending at a granular level, you can set up Amazon SES to publish email sending events to Amazon CloudWatch, Amazon Kinesis Data Firehose, or Amazon Simple Notification Service based on characteristics that you define.
https://docs.aws.amazon.com/ses/latest/dg/monitor-using-event-publishing.html
https://aws.amazon.com/getting-started/hands-on/build-serverless-real-time-data-processing-app-lambda-kinesis