Free AWS-Solution-Architect-Associate Exam Braindumps

- (Exam Topic 1)
A company is deploying a new public web application to AWS. The application will run behind an Application Load Balancer (ALB). The application needs to be encrypted at the edge with an SSL/TLS certificate that is issued by an external certificate authority (CA). The certificate must be rotated each year before the certificate expires.
What should a solutions architect do to meet these requirements?

1. A. Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificat
2. B. Apply the certificate to the AL
3. C. Use the managed renewal feature to automatically rotate the certificate.
4. D. Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificat
5. E. Import the key material from the certificat
6. F. Apply the certificate to the AL
7. G. Use the managed renewal feature to automatically rotate the certificate.
8. H. Use AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root C
9. I. Apply the certificate to the AL
10. J. Use the managed renewal feature to automatically rotate the certificate.
11. K. Use AWS Certificate Manager (ACM) to import an SSL/TLS certificat
12. L. Apply the certificate to the AL
13. M. Use Amazon EventBridge (Amazon CloudWatch Events) to send a notification when the certificate is nearing expiratio
14. N. Rotate the certificate manually.

Correct Answer: D

- (Exam Topic 2)
A company wants to migrate its on-premises data center to AWS. According to the company's compliance requirements, the company can use only the ap-northeast-3 Region. Company administrators are not permitted to connect VPCs to the internet.
Which solutions will meet these requirements? (Choose two.)

1. A. Use AWS Control Tower to implement data residency guardrails to deny internet access and deny access to all AWS Regions except ap-northeast-3.
2. B. Use rules in AWS WAF to prevent internet acces
3. C. Deny access to all AWS Regions except ap-northeast-3 in the AWS account settings.
4. D. Use AWS Organizations to configure service control policies (SCPS) that prevent VPCs from gaining internet acces
5. E. Deny access to all AWS Regions except ap-northeast-3.
6. F. Create an outbound rule for the network ACL in each VPC to deny all traffic from 0.0.0.0/0. Create an IAM policy for each user to prevent the use of any AWS Region other than ap-northeast-3.
7. G. Use AWS Config to activate managed rules to detect and alert for internet gateways and to detect and alert for new resources deployed outside of ap-northeast-3.

Correct Answer: AC

- (Exam Topic 3)
A company is using a content management system that runs on a single Amazon EC2 instance. The EC2 instance contains both the web server and the database software. The company must make its website platform highly available and must enable the website to scale to meet user demand. What should a solutions architect recommend to meet these requirements?

1. A. Move the database to Amazon RDS, and enable automatic backup
2. B. Manually launch another EC2 instance in the same Availability Zon
3. C. Configure an Application Load Balancer in the Availability Zone, and set the two instances as targets.
4. D. Migrate the database to an Amazon Aurora instance with a read replica in the same Availability Zone as the existing EC2 instanc
5. E. Manually launch another EC2 instance in the same Availability Zon
6. F. Configure an Application Load Balancer, and set the two EC2 instances as targets.
7. G. Move the database to Amazon Aurora with a read replica in another Availability Zon
8. H. Create an Amazon Machine Image (AMI) from the EC2 instanc
9. I. Configure an Application Load Balancer in two Availability Zone
10. J. Attach an Auto Scaling group that uses the AMI across two Availability Zones.
11. K. Move the database to a separate EC2 instance, and schedule backups to Amazon S3. Create an Amazon Machine Image (AMI) from the original EC2 instanc
12. L. Configure an Application Load Balancer in two Availability Zone
13. M. Attach an Auto Scaling group that uses the AMI across two Availability Zones.

Correct Answer: C
This approach will provide both high availability and scalability for the website platform. By moving the database to Amazon Aurora with a read replica in another availability zone, it will provide a failover option for the database. The use of an Application Load Balancer and an Auto Scaling group across two availability zones allows for automatic scaling of the website to meet increased user demand. Additionally, creating an AMI from the original EC2 instance allows for easy replication of the instance in case of failure.

- (Exam Topic 1)
A global company hosts its web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The web application has static data and dynamic data. The company stores its static data in an Amazon S3 bucket. The company wants to improve performance and reduce latency for the static data and dynamic data. The company is using its own domain name registered with Amazon Route 53.
What should a solutions architect do to meet these requirements?

1. A. Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins Configure Route 53 to route traffic to the CloudFront distribution.
2. B. Create an Amazon CloudFront distribution that has the ALB as an origin Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoin
3. C. Configure Route 53 to route traffic to the CloudFront distribution.
4. D. Create an Amazon CloudFront distribution that has the S3 bucket as an origin Create an AWS Global Accelerator standard accelerator that has the ALB and the CloudFront distribution as endpoints Create a custom domain name that points to the accelerator DNS name Use the custom domain name as an endpoint for the web application.
5. E. Create an Amazon CloudFront distribution that has the ALB as an origin
6. F. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint Create two domain name
7. G. Point one domain name to the CloudFront DNS name for dynamic content, Point the other domain name to the accelerator DNS name for static content Use the domain names as endpoints for the web application.

Correct Answer: C
Static content can be cached at Cloud front Edge locations from S3 and dynamic content EC2 behind the ALB whose performance can be improved by Global Accelerator whose one endpoint is ALB and other Cloud front. So with regards to custom domain name endpoint is web application is R53 alias records for the custom domain point to web application
https://aws.amazon.com/blogs/networking-and-content-delivery/improving-availability-and-performance-for-ap

- (Exam Topic 1)
A company has an application that generates a large number of files, each approximately 5 MB in size. The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be
deleted Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days
Which storage solution is MOST cost-effective?

1. A. Create an S3 bucket lifecycle policy to move Mm from S3 Standard to S3 Glacier 30 days from object creation Delete the Tiles 4 years after object creation
2. B. Create an S3 bucket lifecycle policy to move tiles from S3 Standard to S3 One Zone-infrequent Access (S3 One Zone-IA] 30 days from object creatio
3. C. Delete the fees 4 years after object creation
4. D. Create an S3 bucket lifecycle policy to move files from S3 Standard-infrequent Access (S3 Standard-lA) 30 from object creatio
5. E. Delete the ties 4 years after object creation
6. F. Create an S3 bucket Lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation Move the files to S3 Glacier 4 years after object carton.

Correct Answer: B
https://aws.amazon.com/s3/storage-classes/?trk=66264cd8-3b73-416c-9693-ea7cf4fe846a&sc_channel=ps&s_k