Free AWS-Certified-Solutions-Architect-Professional Exam Braindumps

- (Exam Topic 2)
A company that develops consumer electronics with offices in Europe and Asia has 60 TB of software images stored on premises in Europe. The company wants to transfer the images to an Amazon S3 bucket in the ap-northeast-1 Region. New software images are created daily and must be encrypted in transit. The company needs a solution that does not require custom development to automatically transfer all existing and new software images to Amazon S3.
What is the next step in the transfer process?

1. A. Deploy an AWS DataSync agent and configure a task to transfer the images to the S3 bucket.
2. B. Configure Amazon Kinesis Data Firehose to transfer the images using S3 Transfer Acceleration.
3. C. Use an AWS Snowball device to transfer the images with the S3 bucket as the target.
4. D. Transfer the images over a Site-to-Site VPN connection using the S3 API with multipart upload.

Correct Answer: A

- (Exam Topic 2)
Example Corp. has an on-premises data center and a VPC named VPC A in the Example Corp. AWS account. The on-premises network connects to VPC A through an AWS Site-To-Site VPN. The on-premises servers can properly access VPC A. Example Corp. just acquired AnyCompany, which has a VPC named VPC B. There is no IP address overlap among these networks. Example Corp. has peered VPC A and VPC B.
Example Corp. wants to connect from its on-premise servers to VPC B. Example Corp. has properly set up the network ACL and security groups.
Which solution will meet this requirement with the LEAST operational effort?

1. A. Create a transit gatewa
2. B. Attach the Site-to-Site VPN, VPC A, and VPC B to the transit gateway.Update the transit gateway route tables for all networks to add IP range routes for all other networks.
3. C. Create a transit gatewa
4. D. Create a Site-to-Site VPN connection between the on-premises network and VPC
5. E. and connect the VPN connection to the transit gatewa
6. F. Add a route to direct traffic to the peered VPCs, and add an authorization rule to give clients access to the VPCs A and B.
7. G. Update the route tables for the Site-to-Site VPN and both VPCs for all three network
8. H. Configure BGP propagation for all three network
9. I. Wait for up to 5 minutes for BGP propagation to finish.
10. J. Modify the Site-to-Site VPN's virtual private gateway definition to include VPC A and VPC
11. K. Split the two routers of the virtual private getaway between the two VPCs.

Correct Answer: D

- (Exam Topic 1)
A company built an ecommerce website on AWS using a three-tier web architecture. The application is
Java-based and composed of an Amazon CloudFront distribution, an Apache web server layer of Amazon EC2 instances in an Auto Scaling group, and a backend Amazon Aurora MySQL database.
Last month, during a promotional sales event, users reported errors and timeouts while adding items to their shopping carts. The operations team recovered the logs created by the web servers and reviewed Aurora DB cluster performance metrics. Some of the web servers were terminated before logs could be collected and the Aurora metrics were not sufficient for query performance analysis.
Which combination of steps must the solutions architect take to improve application performance visibility during peak traffic events? (Select THREE.)

1. A. Configure the Aurora MySQL DB cluster to publish slow query and error logs to Amazon CloudWatch Logs.
2. B. Implement the AWS X-Ray SDK to trace incoming HTTP requests on the EC2 instances and implement tracing of SQL queries with the X-Ray SDK for Java.
3. C. Configure the Aurora MySQL DB cluster to stream slow query and error logs to Amazon Kinesis.
4. D. Install and configure an Amazon CloudWatch Logs agent on the EC2 instances to send the Apache logs to CloudWatch Logs.
5. E. Enable and configure AWS CloudTrail to collect and analyze application activity from Amazon EC2 and Aurora.
6. F. Enable Aurora MySQL DB cluster performance benchmarking and publish the stream to AWS X-Ray.

Correct Answer: ABD
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.Concepts.MySQL.html# https://aws.amazon.com/blogs/mt/simplifying-apache-server-logs-with-amazon-cloudwatch-logs-insights/ https://docs.aws.amazon.com/xray/latest/devguide/xray-sdk-dotnet-messagehandler.html https://docs.aws.amazon.com/xray/latest/devguide/xray-sdk-java-sqlclients.html

- (Exam Topic 1)
A company has an Amazon VPC that is divided into a public subnet and a pnvate subnet. A web application runs in Amazon VPC. and each subnet has its own NACL The public subnet has a CIDR of 10.0.0 0/24 An Application Load Balancer is deployed to the public subnet The private subnet has a CIDR of 10.0.1.0/24.
Amazon EC2 instances that run a web server on port 80 are launched into the private subnet
Onty network traffic that is required for the Application Load Balancer to access the web application can be allowed to travel between the public and private subnets
What collection of rules should be written to ensure that the private subnet's NACL meets the requirement? (Select TWO.)

1. A. An inbound rule for port 80 from source 0.0 0.0/0
2. B. An inbound rule for port 80 from source 10.0 0 0/24
3. C. An outbound rule for port 80 to destination 0.0.0.0/0
4. D. An outbound rule for port 80 to destination 10.0.0.0/24
5. E. An outbound rule for ports 1024 through 65535 to destination 10.0.0.0/24

Correct Answer: BE
Ephemeral ports are not covered in the syllabus so be careful that you don't confuse day to day best practise with what is required for the exam. Link to an explanation on Ephemeral ports here. https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-KUbcwo4lXefMl7janaK/netw

- (Exam Topic 2)
A solutions architect uses AWS Organizations to manage several AWS accounts for a company. The full Organizations feature set is activated for the organization. All production AWS accounts exist under an OU that is named "production ‘’ Systems operators have full administrative privileges within these accounts by using IAM roles.
The company wants to ensure that security groups in all production accounts do not allow inbound traffic for TCP port 22. All noncompliant security groups must be remediated immediately, and no new rules that allow port 22 can be created.
Winch solution will meet these requirements?

1. A. Write an SCP that denies the CreateSecurityGroup action with a condition o( ec2:tngress rule with value 22. Apply the SCP to the 'production' OU.
2. B. Configure an AWS CloudTrail trail for all accounts Send CloudTrail logs to an Amazon S3 bucket In the Organizations management accoun
3. C. Configure an AWS Lambda function on the management account with permissions to assume a role in all production accounts to describe and modify security group
4. D. Configure Amazon S3 to invoke the Lambda function on every PutObject event on the S3 bucket Configure the Lambda function to analyze each CloudTrail event for noncompliant security group actions and to automatically remediate any issues.
5. E. Create an Amazon EvertBridge (Amazon CloudWatch Events) event bus in the Organizations management accoun
6. F. Create an AWS Cloud Formation template to deploy configurations that send CreateSecurityGroup events to the even! bus from an production accounts Configure an AWS Lambda function in the management account with permissions to assume a role «i all production accounts to describe and modify security group
7. G. Configure the event bus to invoke the Lambda function Configure the Lambda function to analyse each event for noncompliant security group actions and to automatically remediate any issues.
8. H. Create an AWS CloudFormation template to turn on AWS Config Activate the INCOMING_SSH_DISABLED AWS Config managed rule Deploy an AWS Lambda function that will run based on AWS Config findings and will remediate noncompliant resources Deploy the CloudFormation template by using a StackSet that is assigned to the "production" O
9. I. Apply an SCP to the OU to deny modification of the resources that the CloudFormation template provisions.

Correct Answer: D