You are consulting for a finance company that has specific backup and archiving
policies. Financial documents for the past six months may need to be
... [Show More] accessed
frequently. You need to configure a setup that automatically sends any documents
that are older than six months to a lower-cost, but highly durable, environment for
archiving. Given that the company is using a Storage Gateway in File Gateway
configuration, which of the following would be the best setup to reach the objectives?
Answer- Enable S3 versioning with a lifecycle policy that sends objects older than
six months to Amazon Glacier
You business operates in a very security sensitive industry. You are looking at how
to secure a small VPC. Your environment consists of a single S3 bucket, and an
EC2 instance running in a internet connected VPC. What is the best way to lock
down the environment, allowing access to S3 but keeping the environment as secure
as possible? - Answer- Create an S3 VPC endpoint. Apply a policy restricting
access to the S3 bucket from the VPC endpoint, and remove the internet gateway.
Setup a VPN Endpoint and client to securely SSH into the EC2 instance when
needed.
You need to migrate a legacy application into AWS. It currently runs on a Linux
operating system and has a requirement for iSCSI based block storage. Which AWS
Service would you utilise to meet this requirement? - Answer- Storage Gateway
Which of the following AWS storage services are able to be natively mounted as
mount points on a Linux system. - Answer- - Instance Store
- EBS
- EFS
Which of the following are AWS managed services that can allow host access to
instances running on the respective services? (Choose all that apply) - Answer- -
Amazon EC2
- Amazon EMR
You have inherited a VPC which has a CIDR of 10.0.0.0/16. You need to design a
subnet layout which allows for four availability zones to be used. Which option below
is valid for this criteria? Pick the one which uses the least number of subnets to
decrease management overhead. - Answer- Create four subnets: 10.0.0.0/24,
10.0.1.0/24, 10.0.2.0/24 and 10.0.3.0/24, and put each one in its own availability
zone.
You are designing a VPC to host a small application. The VPC will be connected
back to your on-premises network using a VPN. An EC2 instance runs the
application, and will only need to connect to the internet for software updates. You
have a list of the software update DNS names. How can you restrict this within the
AWS CERTIFIED SOLUTIONS ARCHITECT
ASSOCIATE EXAM 100 QUESTIONS WITH VERIFIED
SOLUTIONS/A+ GRADE
AWS VPC? - Answer- Add an internet gateway to the VPC, and a proxy service
running on a EC2 instance in a public subnet with an elastic IP.
You will have an application running on an EC2 instance. The instance will be in a
private subnet. Outside of NACL's and Security groups being in place, what else is
needed to provide Internet access for the EC2 instance? - Answer- VPC, Subnets,
Route Table(s), Nat Gateway, and Internet Gateway.
You've been asked to host a docker container within your AWS environment. What is
the most appropriate product to use for this task? - Answer- ECS
Which of the following EC2 metrics will NOT be automatically collected by
CloudWatch? - Answer- - The number of running processes on the instance
- Average Memory Utilization
Your business has two EC2 instances, one is located in us-east, the other in uswest. You want to allow both machines to communicate with each other. Instances in
either VPC need to be able to communicate with each other as if they are within the
same network. What solution would you recommend? - Answer- Configure an interregion VPC peer between the VPCs and allow communications using the private IP
addresses of the instances.
Currently, you're helping to design and architect a highly-available application. After
building the initial environment, you've found that part of your application does not
work correctly until port 443 is added to the security group. After adding port 443 to
the appropriate security group, how much time will it take before the changes are
applied and the application begins working correctly? - Answer- Changes apply
instantly to the security group, and the application should be able to immediately
respond to 443 requests.
Your businesses risk team has asked you to add additional resiliency to a critical
business application. The application uses RDS and the MySQL engine and is based
in us-east-1. The risk team would like to protect the application against an AZ failure
and region issues, and wants to do it in a way which is as cost effective as possible.
What two options could you suggest? - Answer- - Enable Multi-AZ mode in two AZs
to protect against an AZ failure within the us-east-1 region.
- Add one or more read replicas in other regions.
You have been asked to design an upgrade to a legacy environment running in an
AWS VPC. There will be an EC2 instance in each AZ's private subnet. The region
the environment is in has four AZs. The VPC has eight subnets, four private (one in
each AZ) and four public (one in each AZ). You have been asked to ensure the
solution uses NAT gateways and that if any AZ fails, an instance in the other AZs
can ALWAYS access the internet. What is the minimum number of NAT Gateways
required? - Answer- 4 - Each is located in a single , but different public subnet. Each
private subnet is set to use the NAT gateway in the same AZ.
AWS CERTIFIED SOLUTIONS ARCHITECT
ASSOCIATE EXAM 100 QUESTIONS WITH VERIFIED
SOLUTIONS/A+ GRADE
You are designing the implementation of a new application deployment. The
application is capable of using a number of different DB engines, including MySQL
and PostgreSQL. The resilience of the application is critical. It needs to operate in
three availability zones, and have the ability to operate effectively even with the
failure of two zones. Which DB platform should you select? - Answer- Select Aurora
as the DB platform
You need to design a VPC which is resilient to AZ failure from an internet access
perspective. The VPC is in a four AZ region. How many Internet gateways are
required to ensure multiple AZ failures won't disrupt internet connectivity. - Answer1
You have a single EC2 instance, which is automatically built from a Cloud Formation
template, that runs some business-critical scripts on an hourly basis. The EC2
instance currently operates in a single AZ in us-east-1 and the business has asked
that you add resilience to the instance, They would like to be able to cope with one
or two AZ failures, and maintain its functionality. Which option below would you
present as a possible solution? - Answer- Adjust the CloudFormation template. Add
an LC and ASG, and add bootstrapping. Set the min/max/desired to 1/1/1. Define the
subnets in 3 AZs you would potentially want to be able to use in the configuration.
Optionally, add app specific health checking.
You've been tasked with building out a duplicate environment in another region for
disaster recovery purposes. Part of your environment relies on EC2 instances with
preconfigured software. What step(s) would you take to configure the instances in
another region? - Answer- Create a custom AMI of the EC2 instance and copy the
AMI to the desired region.
Your company is concerned with EBS volume backups on Amazon EC2, and wants
to ensure they have proper backups so that the data is durable. What solutions could
you implement (choose two)? - Answer- - Using CloudWatch Events, schedule a
rule that calls the EC2 CreateSnapshot API.
- Use a lifecycle policy for EBS Snapshots.
Which of the following services/service features is natively highly available in a
region, and can cope with a AZ failure without itself failing? - Answer- - DynamoDB
- S3
Which of the following services or service features are natively highly available in a
region and can cope with a AZ failure without itself failing? - Answer- - Internet
Gateway
- Virtual Private Gateway
- Dynamic Hardware VPC VPN
- EBS Snapshot
- VPC
AWS CERTIFIED SOLUTIONS ARCHITECT
ASSOCIATE EXAM 100 QUESTIONS WITH VERIFIED
SOLUTIONS/A+ GRADE
Which EC2 features can help mask the failure of an instance? (Choose all that
apply) - Answer- - EC2 Autorecovery
- Elastic IP [Show Less]