Free AWS-Certified-Solutions-Architect-Professional Exam Braindumps

- (Exam Topic 2)
A solutions architect must update an application environment within AWS Elastic Beanstalk using a With green deployment methodology. The solutions architect creates an environment that is identical to the existing application environment and deploys the application to the new environment.
What should be done next to complete the update?

1. A. Redirect to the new environment using Amazon Route 53
2. B. Select the Swap Environment URLs option.
3. C. Replace the Auto Scaling launch configuration
4. D. Update the DNS records to point to the green environment

Correct Answer: B

- (Exam Topic 1)
A company provides a centralized Amazon EC2 application hosted in a single shared VPC. The centralized application must be accessible from client applications running in the VPCs of other business units. The centralized application front end is configured with a Network Load Balancer (NLB) for scalability.
Up to 10 business unit VPCs will need to be connected to the shared VPC. Some of the business unit VPC CIDR blocks overlap with the shared VPC. and some overlap with each other. Network connectivity to the centralized application in the shared VPC should be allowed from authorized business unit VPCs only.
Which network configuration should a solutions architect use to provide connectivity from the client applications in the business unit VPCs to the centralized application in the shared VPC?

1. A. Create an AW5 Transit Gatewa
2. B. Attach the shared VPC and the authorized business unit VPCs to the transit gatewa
3. C. Create a single transit gateway route table and associate it with all of the attached VPC
4. D. Allow automatic propagation of routes from the attachments into the route tabl
5. E. Configure VPC routing tables to send traffic to the transit gateway.
6. F. Create a VPC endpoint service using the centralized application NLB and enable (he option to require endpoint acceptanc
7. G. Create a VPC endpoint in each of the business unit VPCs using the service name of the endpoint servic
8. H. Accept authorized endpoint requests from the endpoint service console.
9. I. Create a VPC peering connection from each business unit VPC to Ihe shared VP
10. J. Accept the VPC peering connections from the shared VPC consol
11. K. Configure VPC routing tables to send traffic to theVPC peering connection.
12. L. Configure a virtual private gateway for the shared VPC and create customer gateways for each of the authorized business unit VPC
13. M. Establish a Sile-to-Site VPN connection from the business unit VPCs to the shared VP
14. N. Configure VPC routing tables to send traffic to the VPN connection.

Correct Answer: B
Amazon Transit Gateway doesn’t support routing between Amazon VPCs with overlapping CIDRs. If you attach a new Amazon VPC that has a CIDR which overlaps with an already attached Amazon VPC, Amazon Transit Gateway will not propagate the new Amazon VPC route into the Amazon Transit Gateway route table.
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-pre

- (Exam Topic 1)
A company has an application that sells tickets online and experiences bursts of demand every 7 days. The application has a stateless presentation layer running on Amazon EC2. an Oracle database to store
unstructured data catalog information, and a backend API layer. The front-end layer uses an Elastic Load Balancer to distribute the load across nine On-Demand Instances over three Availability Zones (AZs). The Oracle database is running on a single EC2 instance. The company is experiencing performance issues when running more than two concurrent campaigns. A solutions architect must design a solution that meets the following requirements:
• Address scalability issues.
• Increase the level of concurrency.
• Eliminate licensing costs.
• Improve reliability.
Which set of steps should the solutions architect take?

1. A. Create an Auto Scaling group for the front end with a combination of On-Demand and Spot Instances to reduce cost
2. B. Convert the Oracle database into a single Amazon RDS reserved DB instance.
3. C. Create an Auto Scaling group for the front end with a combination of On-Demand and Spot Instances to reduce cost
4. D. Create two additional copies of the database instance, then distribute the databases in separate AZs.
5. E. Create an Auto Scaling group for the front end with a combination of On-Demand and Spot Instances to reduce cost
6. F. Convert the tables in the Oracle database into Amazon DynamoDB tables.
7. G. Convert the On-Demand Instances into Spot Instances to reduce costs for the front en
8. H. Convert the tables in the Oracle database into Amazon DynamoDB tables.

Correct Answer: C
Combination of On-Demand and Spot Instances + DynamoDB.

- (Exam Topic 2)
A company is in the process of implementing AWS Organizations to constrain its developers to use only Amazon EC2, Amazon S3, and Amazon DynamoDB. The developers account resides in a dedicated organizational unit (OU). The solutions architect has implemented the following SCP on the developers account:

When this policy is deployed, IAM users in the developers account are still able to use AWS services that are not listed in the policy.
What should the solutions architect do to eliminate the developers’ ability to use services outside the scope of this policy?

1. A. Create an explicit deny statement for each AWS service that should be constrained.
2. B. Remove the FullAWSAccess SCP from the Developer account's OU.
3. C. Modify the FullAWSAccess SCP to explicitly deny all services.
4. D. Add an explicit deny statement using a wildcard to the end of the SCP.

Correct Answer: B
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_strategies.html#orgs_p "To use SCPs as an allow list, you must replace the AWS managed FullAWSAccess SCP with an SCP that explicitly permits only those services and actions that you want to allow. By removing the default FullAWSAccess SCP, all actions for all services are now implicitly denied. Your custom SCP then overrides the implicit Deny with an explicit Allow for only those actions that you want to permit."

- (Exam Topic 2)
A company is planning to migrate its business-critical applications from an on-premises data center to AWS. The company has an on-premises installation of a Microsoft SQL Server Always On cluster. The company wants to migrate to an AWS managed database service. A solutions architect must design a heterogeneous database migration on AWS.
Which solution will meet these requirements?

1. A. Migrate the SQL Server databases to Amazon RDS for MySQL by using backup and restore utilities.
2. B. Use an AWS Snowball Edge Storage Optimized device to transfer data to Amazon S3. Set up Amazon RDS for MySQ
3. C. Use S3 integration with SQL Server features, such as BULK INSERT.
4. D. Use the AWS Schema Conversion Tool to translate the database schema to Amazon RDS for MeSQ
5. E. Then use AWS Database Migration Service (AWS DMS) to migrate the data from on-premises databases to Amazon RDS.
6. F. Use AWS DataSync to migrate data over the network between on-premises storage and Amazon S3. Set up Amazon RDS for MySQ
7. G. Use S3 integration with SQL Server features, such as BULK INSERT.

Correct Answer: C
https://aws.amazon.com/dms/schema-conversion-tool/