CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL

Free AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL Exam Braindumps (page: 27)

Page 27 of 134
PDF with 528 Questions

A company has an asynchronous HTTP application that is hosted as an AWS Lambda function. A public Amazon API Gateway endpoint invokes the Lambda function. The Lambda function and the API Gateway endpoint reside in the us-east-1 Region. A solutions architect needs to redesign the application to support failover to another AWS Region.

Which solution will meet these requirements?

  1. Create an API Gateway endpoint in the us-west-2 Region to direct traffic to the Lambda function in us-east-1. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.
  2. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure API Gateway to direct traffic to the SQS queue instead of to the Lambda function. Configure the Lambda function to pull messages from the queue for processing.
  3. Deploy the Lambda function to the us-west-2 Region. Create an API Gateway endpoint in us-west-2 10 direct traffic to the Lambda function in us-west-2. Configure AWS Global Accelerator and an Application Load Balancer to manage traffic across the two API Gateway endpoints.
  4. Deploy the Lambda function and an API Gateway endpoint to the us-west-2 Region. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.

Answer(s): D

Explanation:

D) Deploy the Lambda function and an API Gateway endpoint to the us-west-2 Region. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.
This solution ensures that both the Lambda function and the API Gateway are deployed in the secondary region (us-west-2), providing a complete failover setup. By using Amazon Route 53 with a failover routing policy, traffic can be directed to the primary region (us-east-1) unless it is unhealthy, at which point it will automatically route traffic to the backup in the secondary region. This setup meets the requirement for failover while ensuring that the application remains operational in the event of a regional failure.



A retail company has structured its AWS accounts to be part of an organization in AWS Organizations. The company has set up consolidated billing and has mapped its departments to the following OUs: Finance, Sales, Human Resources (HR), Marketing, and Operations. Each OU has multiple AWS accounts, one for each environment within a department. These environments are development, test, pre-production, and production.

The HR department is releasing a new system that will launch in 3 months. In preparation, the HR department has purchased several Reserved Instances (RIs) in its production AWS account. The HR department will install the new application on this account. The HR department wants to make sure that other departments cannot share the RI discounts.

Which solution will meet these requirements?

  1. In the AWS Billing and Cost Management console for the HR department's production account turn off RI sharing.
  2. Remove the HR department's production AWS account from the organization. Add the account 10 the consolidating billing configuration only.
  3. In the AWS Billing and Cost Management console. use the organization’s management account 10 turn off RI Sharing for the HR departments production AWS account.
  4. Create an SCP in the organization to restrict access to the RIs. Apply the SCP to the OUs of the other departments.

Answer(s): C

Explanation:

To prevent other departments from sharing the Reserved Instance (RI) discounts in the HR department's production AWS account, you need to manage the RI sharing settings at the organizational level.

Option C allows you to use the management account of the AWS Organization to turn off RI sharing specifically for the HR department's production account. This ensures that the RIs purchased by the HR department will only apply to that account and cannot be utilized by any other accounts in the organization, effectively isolating the RI discounts as required.

Other options either do not directly address the need to restrict RI sharing (like A), would unnecessarily remove the account from the organization (B), or would not effectively prevent sharing as SCPs cannot restrict RI sharing directly (D). Thus, option C is the most suitable and efficient solution for the given requirements.



A large company is running a popular web application. The application runs on several Amazon EC2 Linux instances in an Auto Scaling group in a private subnet. An Application Load Balancer is targeting the instances in the Auto Scaling group in the private subnet. AWS Systems Manager Session Manager is configured, and AWS Systems Manager Agent is running on all the EC2 instances.

The company recently released a new version of the application. Some EC2 instances are now being marked as unhealthy and are being terminated. As a result, the application is running at reduced capacity. A solutions architect tries to determine the root cause by analyzing Amazon CloudWatch logs that are collected from the application, but the logs are inconclusive.

How should the solutions architect gain access to an EC2 instance to troubleshoot the issue?

  1. Suspend the Auto Scaling group’s HealthCheck scaling process. Use Session Manager to log in to an instance that is marked as unhealthy.
  2. Enable EC2 instance termination protection. Use Session Manager to log in to an instance that is marked as unhealthy.
  3. Set the termination policy to OldestInstance on the Auto Scaling group. Use Session Manager to log in to an instance that is marked an unhealthy.
  4. Suspend the Auto Scaling group’s Terminate process. Use Session Manager to log in to an instance that is marked as unhealthy.

Answer(s): D

Explanation:

To troubleshoot the issue with the unhealthy EC2 instances in the Auto Scaling group, the solutions architect should suspend the Auto Scaling group's Terminate process. This allows the affected instance to remain running even if it is marked as unhealthy. Once suspended, the architect can use AWS Systems Manager Session Manager to gain access to the instance without needing to rely on SSH access, which is especially useful in a private subnet where direct access may not be available.

Option D is the best approach because it ensures the instance stays up for investigation, allowing for troubleshooting of the application issues that are causing the unhealthy status. The other options either do not prevent termination of the instance or do not directly facilitate access for troubleshooting.



A company wants to deploy an AWS WAF solution to manage AWS WAF rules across multiple AWS accounts. The accounts are managed under different OUs in AWS Organizations.

Administrators must be able to add or remove accounts or OUs from managed AWS WAF rule sets as needed. Administrators also must have the ability to automatically update and remediate noncompliant AWS WAF rules in all accounts.

Which solution meets these requirements with the LEAST amount of operational overhead?

  1. Use AWS Firewall Manager to manage AWS WAF rules across accounts in the organization. Use an AWS Systems Manager Parameter Store parameter to store account numbers and OUs to manage. Update the parameter as needed to add or remove accounts or OUs. Use an Amazon EventBridge rule to identify any changes to the parameter and to invoke an AWS Lambda function to update the security policy in the Firewall Manager administrative account.
  2. Deploy an organization-wide AWS Config rule that requires all resources in the selected OUs to associate the AWS WAF rules. Deploy automated remediation actions by using AWS Lambda to fix noncompliant resources. Deploy AWS WAF rules by using an AWS CloudFormation stack set to target the same OUs where the AWS Config rule is applied.
  3. Create AWS WAF rules in the management account of the organization. Use AWS Lambda environment variables to store account numbers and OUs to manage. Update environment variables as needed to add or remove accounts or OUs. Create cross-account IAM roles in member accounts. Assume the roles by using AWS Security Token Service (AWS STS) in the Lambda function to create and update AWS WAF rules in the member accounts.
  4. Use AWS Control Tower to manage AWS WAF rules across accounts in the organization. Use AWS Key Management Service (AWS KMS) to store account numbers and OUs to manage. Update AWS KMS as needed to add or remove accounts or OUs. Create IAM users in member accounts. Allow AWS Control Tower in the management account to use the access key and secret access key to create and update AWS WAF rules in the member accounts.

Answer(s): A

Explanation:

The most efficient way to manage AWS WAF rules across multiple accounts in an organization is to use AWS Firewall Manager. This service allows centralized management of WAF rules, making it easier for administrators to add or remove accounts or OUs as needed.

Option A provides a streamlined approach by leveraging AWS Firewall Manager for rule management while using AWS Systems Manager Parameter Store to dynamically store and update the account numbers and OUs. The integration with Amazon EventBridge and AWS Lambda facilitates automated updates and remediation for noncompliant WAF rules across all accounts. This setup requires minimal operational overhead, as administrators can manage the parameter store easily and trigger necessary updates without extensive manual intervention.

The other options involve more complex setups or require more manual processes, which could lead to increased operational overhead, making Option A the most suitable choice for the given requirements.



Page 27 of 134



Post your Comments and Discuss Amazon AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL exam with other Community members:

Zak commented on June 28, 2024
@AppleKid, I manged to pass this exam after failing once. Do not set for your exam without memorizing these questions. These are what you will see in the real exam.
Anonymous
upvote

Apple Kid commented on June 26, 2024
Did anyone gave exam recently and tell if these are good?
Anonymous
upvote

Captain commented on June 26, 2024
This is so helpful
Anonymous
upvote

udaya commented on April 25, 2024
stulll learning and seem to be questions are helpful
Anonymous
upvote

Jerry commented on February 18, 2024
very good for exam !!!!
HONG KONG
upvote

AWS-Guy commented on February 16, 2024
Precise and to the point. I aced this exam and now going for the next exam. Very great full to this site and it's wonderful content.
CANADA
upvote

Jerry commented on February 12, 2024
very good exam stuff
HONG KONG
upvote

travis head commented on November 16, 2023
I gave the Amazon SAP-C02 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous
upvote

Weed Flipper commented on October 07, 2020
This is good stuff man.
CANADA
upvote

IT-Guy commented on September 29, 2020
Xengine software is good and free. Too bad it is only in English and no support for French.
FRANCE
upvote

pema commented on August 30, 2019
Can I have the latest version of this exam?
GERMANY
upvote

MrSimha commented on February 23, 2019
Thank you
Anonymous
upvote

Phil C. commented on November 12, 2018
To soon to tell, but I will be back to post a review after my exam.
Anonymous
upvote

MD EJAZ ALI TANWIR commented on August 20, 2017
This is valid dump in US. Thank you guys for providing this.
UNITED STATES
upvote

flypig commented on June 02, 2017
The Braindumps will short my ready time for this exam!
CHINA
upvote