CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL

Free AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL Exam Braindumps (page: 31)

Page 31 of 134
PDF with 528 Questions

A company is migrating some of its applications to AWS. The company wants to migrate and modernize the applications quickly after it finalizes networking and security strategies. The company has set up an AWS Direct Connect connection in a central network account.

The company expects to have hundreds of AWS accounts and VPCs in the near future. The corporate network must be able to access the resources on AWS seamlessly and also must be able to communicate with all the VPCs. The company also wants to route its cloud resources to the internet through its on-premises data center.

Which combination of steps will meet these requirements? (Choose three.)

  1. Create a Direct Connect gateway in the central account. In each of the accounts, create an association proposal by using the Direct Connect gateway and the account ID for every virtual private gateway.
  2. Create a Direct Connect gateway and a transit gateway in the central network account. Attach the transit gateway to the Direct Connect gateway by using a transit VIF.
  3. Provision an internet gateway. Attach the internet gateway to subnets. Allow internet traffic through the gateway.
  4. Share the transit gateway with other accounts. Attach VPCs to the transit gateway.
  5. Provision VPC peering as necessary.
  6. Provision only private subnets. Open the necessary route on the transit gateway and customer gateway to allow outbound internet traffic from AWS to flow through NAT services that run in the data center.

Answer(s): B,D,F

Explanation:

To successfully migrate and modernize the applications while ensuring seamless access to AWS resources from the corporate network, the following steps are essential:

B) Create a Direct Connect gateway and a transit gateway in the central network account. Attach the transit gateway to the Direct Connect gateway using a transit VIF. This setup enables a central point for routing traffic from the on-premises data center to multiple VPCs across various AWS accounts, leveraging the high bandwidth and low latency of AWS Direct Connect.

D) Share the transit gateway with other accounts. Attach VPCs to the transit gateway. By sharing the transit gateway, all associated VPCs can communicate with one another and with the on-premises data center, facilitating efficient routing between accounts.

F) Provision only private subnets. Open the necessary route on the transit gateway and customer gateway to allow outbound internet traffic from AWS to flow through NAT services that run in the data center. This ensures that internet-bound traffic is routed through the on-premises data center, maintaining compliance with the company's networking strategy.

This approach ensures scalability, efficient resource access, and the ability to route traffic as required, all while minimizing operational complexity.



A company has hundreds of AWS accounts. The company recently implemented a centralized internal process for purchasing new Reserved Instances and modifying existing Reserved Instances. This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement. Previously, business units directly purchased or modified Reserved Instances in their own respective AWS accounts autonomously.

A solutions architect needs to enforce the new process in the most secure way possible.

Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

  1. Ensure that all AWS accounts are part of an organization in AWS Organizations with all features enabled.
  2. Use AWS Config to report on the attachment of an IAM policy that denies access to the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action.
  3. In each AWS account, create an IAM policy that denies the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action.
  4. Create an SCP that denies the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action. Attach the SCP to each OU of the organization.
  5. Ensure that all AWS accounts are part of an organization in AWS Organizations that uses the consolidated billing feature.

Answer(s): A,D

Explanation:

To enforce a centralized process for purchasing and modifying Reserved Instances in a secure manner across multiple AWS accounts, the following steps should be taken:

A) Ensure that all AWS accounts are part of an organization in AWS Organizations with all features enabled. This setup allows for centralized management of policies and permissions across all accounts, enabling the implementation of Service Control Policies (SCPs) to restrict actions at the organizational level.

D) Create an SCP that denies the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action. Attach the SCP to each OU of the organization. By using SCPs, the organization can enforce the new procurement process across all accounts within the specified OUs, ensuring that no business unit can independently purchase or modify Reserved Instances without going through the designated procurement team.

Together, these steps ensure that the process is both secure and compliant with the new centralized purchasing strategy.



A company is running a critical application that uses an Amazon RDS for MySQL database to store data. The RDS DB instance is deployed in Multi-AZ mode.

A recent RDS database failover test caused a 40-second outage to the application. A solutions architect needs to design a solution to reduce the outage time to less than 20 seconds.

Which combination of steps should the solutions architect take to meet these requirements? (Choose three.)

  1. Use Amazon ElastiCache for Memcached in front of the database
  2. Use Amazon ElastiCache for Redis in front of the database
  3. Use RDS Proxy in front of the database.
  4. Migrate the database to Amazon Aurora MySQL.
  5. Create an Amazon Aurora Replica.
  6. Create an RDS for MySQL read replica

Answer(s): C,D,E

Explanation:

To reduce the outage time during RDS database failover to less than 20 seconds, the following steps should be taken:

C) Use RDS Proxy in front of the database. RDS Proxy helps manage connections to the RDS database and allows for connection pooling, which can reduce failover times by maintaining connections through the proxy. In case of a failover, the proxy can quickly redirect connections to the new primary database instance.

D) Migrate the database to Amazon Aurora MySQL. Amazon Aurora is designed for high availability and can provide faster failover times compared to RDS for MySQL. It offers a more resilient architecture that can minimize downtime during failovers.

E) Create an Amazon Aurora Replica. Aurora Replicas can be used to offload read traffic and, during a failover, they can be promoted quickly to a primary instance, thus significantly reducing the downtime experienced during a failover.

By implementing these solutions, the company can enhance its application's availability and ensure that failover times are minimized.



An AWS partner company is building a service in AWS Organizations using its organization named org1. This service requires the partner company to have access to AWS resources in a customer account, which is in a separate organization named org2. The company must establish least privilege security access using an API or command line tool to the customer account.

What is the MOST secure way to allow org1 to access resources in org2?

  1. The customer should provide the partner company with their AWS account access keys to log in and perform the required tasks.
  2. The customer should create an IAM user and assign the required permissions to the IAM user. The customer should then provide the credentials to the partner company to log in and perform the required tasks.
  3. The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role’s Amazon Resource Name (ARN) when requesting access to perform the required tasks.
  4. The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role’s Amazon Resource Name (ARN), including the external ID in the IAM role’s trust policy, when requesting access to perform the required tasks.

Answer(s): D

Explanation:

The most secure way to allow the partner company in org1 to access resources in the customer account in org2 is:

D) The customer should create an IAM role and assign the required permissions to that role. The partner company should then use the IAM role’s Amazon Resource Name (ARN), including an external ID in the IAM role’s trust policy, when requesting access to perform the required tasks.

This approach provides several security benefits:

IAM Role: Roles are designed for temporary access and can have permissions tailored to specific tasks, adhering to the principle of least privilege.
Trust Policy with External ID: Using an external ID helps mitigate the risk of the confused deputy problem, ensuring that only the intended third party (the partner company) can assume the role, even if the ARN is known to others.
By using IAM roles with external IDs, the customer can securely grant access without sharing long-term credentials or access keys, minimizing the risk of unauthorized access.



Page 31 of 134



Post your Comments and Discuss Amazon AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL exam with other Community members:

Zak commented on June 28, 2024
@AppleKid, I manged to pass this exam after failing once. Do not set for your exam without memorizing these questions. These are what you will see in the real exam.
Anonymous
upvote

Apple Kid commented on June 26, 2024
Did anyone gave exam recently and tell if these are good?
Anonymous
upvote

Captain commented on June 26, 2024
This is so helpful
Anonymous
upvote

udaya commented on April 25, 2024
stulll learning and seem to be questions are helpful
Anonymous
upvote

Jerry commented on February 18, 2024
very good for exam !!!!
HONG KONG
upvote

AWS-Guy commented on February 16, 2024
Precise and to the point. I aced this exam and now going for the next exam. Very great full to this site and it's wonderful content.
CANADA
upvote

Jerry commented on February 12, 2024
very good exam stuff
HONG KONG
upvote

travis head commented on November 16, 2023
I gave the Amazon SAP-C02 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous
upvote

Weed Flipper commented on October 07, 2020
This is good stuff man.
CANADA
upvote

IT-Guy commented on September 29, 2020
Xengine software is good and free. Too bad it is only in English and no support for French.
FRANCE
upvote

pema commented on August 30, 2019
Can I have the latest version of this exam?
GERMANY
upvote

MrSimha commented on February 23, 2019
Thank you
Anonymous
upvote

Phil C. commented on November 12, 2018
To soon to tell, but I will be back to post a review after my exam.
Anonymous
upvote

MD EJAZ ALI TANWIR commented on August 20, 2017
This is valid dump in US. Thank you guys for providing this.
UNITED STATES
upvote

flypig commented on June 02, 2017
The Braindumps will short my ready time for this exam!
CHINA
upvote