CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL

Free AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL Exam Braindumps (page: 40)

Page 40 of 134
PDF with 528 Questions

A company has a website that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB is associated with an AWS WAF web ACL.

The website often encounters attacks in the application layer. The attacks produce sudden and significant increases in traffic on the application server. The access logs show that each attack originates from different IP addresses. A solutions architect needs to implement a solution to mitigate these attacks.

Which solution will meet these requirements with the LEAST operational overhead?

  1. Create an Amazon CloudWatch alarm that monitors server access. Set a threshold based on access by IP address. Configure an alarm action that adds the IP address to the web ACL’s deny list.
  2. Deploy AWS Shield Advanced in addition to AWS WAF. Add the ALB as a protected resource.
  3. Create an Amazon CloudWatch alarm that monitors user IP addresses. Set a threshold based on access by IP address. Configure the alarm to invoke an AWS Lambda function to add a deny rule in the application server’s subnet route table for any IP addresses that activate the alarm.
  4. Inspect access logs to find a pattern of IP addresses that launched the attacks. Use an Amazon Route 53 geolocation routing policy to deny traffic from the countries that host those IP addresses.

Answer(s): B

Explanation:

The selected solution is:

B) Deploy AWS Shield Advanced in addition to AWS WAF. Add the ALB as a protected resource.

Reasoning:
Mitigation of application layer attacks: AWS Shield Advanced provides enhanced protection against DDoS attacks, particularly for layer 7 (application layer) attacks, which is essential for safeguarding the web application hosted behind the ALB.
Automatic detection and mitigation: Shield Advanced automatically detects attacks and applies mitigations, reducing the need for manual intervention and allowing the application to remain available during an attack.
Minimal operational overhead: By integrating with AWS WAF and being managed by AWS, this solution reduces the administrative burden compared to creating and maintaining custom alarm and Lambda functions to respond to threats. It provides a comprehensive, robust security posture with less ongoing maintenance.
Enhanced reporting: Shield Advanced offers detailed attack diagnostics and insights, allowing for better understanding and future prevention strategies.



A company has a critical application in which the data tier is deployed in a single AWS Region. The data tier uses an Amazon DynamoDB table and an Amazon Aurora MySQL DB cluster. The current Aurora MySQL engine version supports a global database. The application tier is already deployed in two Regions.

Company policy states that critical applications must have application tier components and data tier components deployed across two Regions. The RTO and RPO must be no more than a few minutes each. A solutions architect must recommend a solution to make the data tier compliant with company policy.

Which combination of steps will meet these requirements? (Choose two.)

  1. Add another Region to the Aurora MySQL DB cluster
  2. Add another Region to each table in the Aurora MySQL DB cluster
  3. Set up scheduled cross-Region backups for the DynamoDB table and the Aurora MySQL DB cluster
  4. Convert the existing DynamoDB table to a global table by adding another Region to its configuration
  5. Use Amazon Route 53 Application Recovery Controller to automate database backup and recovery to the secondary Region

Answer(s): A,D

Explanation:

The selected solutions are:
A) Add another Region to the Aurora MySQL DB cluster.
D) Convert the existing DynamoDB table to a global table by adding another Region to its configuration.
Reasoning:
-A (Aurora MySQL Global Database): Adding another Region to the Aurora MySQL DB cluster allows for the creation of a global database setup. This provides high availability and low-latency reads across multiple Regions while ensuring that the data tier is compliant with the company's requirement for multi-Region deployment. The global database feature supports near real-time replication, which helps in meeting the RTO and RPO requirements.
-D (DynamoDB Global Tables): By converting the existing DynamoDB table to a global table and adding another Region, the application can maintain a fully replicated table across the specified Regions. This approach ensures that the data is available and consistent across both Regions, complying with the requirement for cross-Region deployment and minimizing the potential for data loss.
Both solutions ensure that the data tier can meet the company policy's requirements for redundancy, availability, and minimal downtime.



A telecommunications company is running an application on AWS. The company has set up an AWS Direct Connect connection between the company's on-premises data center and AWS. The company deployed the application on Amazon EC2 instances in multiple Availability Zones behind an internal Application Load Balancer (ALB). The company's clients connect from the on-premises network by using HTTPS. The TLS terminates in the ALB. The company has multiple target groups and uses path-based routing to forward requests based on the URL path.

The company is planning to deploy an on-premises firewall appliance with an allow list that is based on IP address. A solutions architect must develop a solution to allow traffic flow to AWS from the on-premises network so that the clients can continue to access the application.

Which solution will meet these requirements?

  1. Configure the existing ALB to use static IP addresses. Assign IP addresses in multiple Availability Zones to the ALB. Add the ALB IP addresses to the firewall appliance.
  2. Create a Network Load Balancer (NLB). Associate the NLB with one static IP addresses in multiple Availability Zones. Create an ALB-type target group for the NLB and add the existing ALAdd the NLB IP addresses to the firewall appliance. Update the clients to connect to the NL
  3. Create a Network Load Balancer (NLB). Associate the LNB with one static IP addresses in multiple Availability Zones. Add the existing target groups to the NLB. Update the clients to connect to the NLB. Delete the ALB Add the NLB IP addresses to the firewall appliance.
  4. Create a Gateway Load Balancer (GWLB). Assign static IP addresses to the GWLB in multiple Availability Zones. Create an ALB-type target group for the GWLB and add the existing ALB. Add the GWLB IP addresses to the firewall appliance. Update the clients to connect to the GWLB.

Answer(s): B

Explanation:

The selected solution is:
B) Create a Network Load Balancer (NLB). Associate the NLB with one static IP address in multiple Availability Zones. Create an ALB-type target group for the NLB and add the existing ALB. Add the NLB IP addresses to the firewall appliance. Update the clients to connect to the NLB.
Reasoning:
1.Static IP Addresses: By using a Network Load Balancer (NLB) with static IP addresses, the solution allows the on-premises firewall to allow traffic based on these known IPs. This is essential for the firewall appliance's allow list, ensuring that only traffic from these static IPs is permitted.
2.Integration with ALB: The NLB can direct traffic to the existing Application Load Balancer (ALB) via a target group. This setup maintains the current architecture while enabling the use of static IPs for the firewall configuration.
3.Traffic Flow: Clients can continue to access the application without changes to the internal architecture, as the NLB will forward the requests to the ALB, preserving the path-based routing that the application relies on.
Overall, this solution minimizes disruption to the existing setup while meeting the security requirements imposed by the new firewall.



A company runs an application on a fleet of Amazon EC2 instances that are in private subnets behind an internet-facing Application Load Balancer (ALB). The ALB is the origin for an Amazon CloudFront distribution. An AWS WAF web ACL that contains various AWS managed rules is associated with the CloudFront distribution.

The company needs a solution that will prevent internet traffic from directly accessing the ALB.

Which solution will meet these requirements with the LEAST operational overhead?

  1. Create a new web ACL that contains the same rules that the existing web ACL contains. Associate the new web ACL with the ALB.
  2. Associate the existing web ACL with the AL
  3. Add a security group rule to the ALB to allow traffic from the AWS managed prefix list for CloudFront only.
  4. Add a security group rule to the ALB to allow only the various CloudFront IP address ranges.

Answer(s): C

Explanation:

The selected solution is:
C) Add a security group rule to the ALB to allow traffic from the AWS managed prefix list for CloudFront only.
Reasoning:
1.Restricting Access: By adding a security group rule to the Application Load Balancer (ALB) that only allows traffic from the AWS managed prefix list for CloudFront, the solution effectively prevents any direct internet traffic from accessing the ALB. This ensures that all traffic must go through the CloudFront distribution first.
2.Minimal Operational Overhead: Using the AWS managed prefix list simplifies management because it automatically updates to include the necessary IP address ranges for CloudFront, reducing the need for manual updates or maintenance.
3.Maintaining Existing Setup: This solution leverages the existing architecture, allowing CloudFront to handle incoming requests and route them to the ALB while ensuring that direct access is blocked, thus maintaining the intended security posture.
Overall, this solution provides a straightforward and efficient way to achieve the desired outcome with minimal operational overhead.



Page 40 of 134



Post your Comments and Discuss Amazon AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL exam with other Community members:

Zak commented on June 28, 2024
@AppleKid, I manged to pass this exam after failing once. Do not set for your exam without memorizing these questions. These are what you will see in the real exam.
Anonymous
upvote

Apple Kid commented on June 26, 2024
Did anyone gave exam recently and tell if these are good?
Anonymous
upvote

Captain commented on June 26, 2024
This is so helpful
Anonymous
upvote

udaya commented on April 25, 2024
stulll learning and seem to be questions are helpful
Anonymous
upvote

Jerry commented on February 18, 2024
very good for exam !!!!
HONG KONG
upvote

AWS-Guy commented on February 16, 2024
Precise and to the point. I aced this exam and now going for the next exam. Very great full to this site and it's wonderful content.
CANADA
upvote

Jerry commented on February 12, 2024
very good exam stuff
HONG KONG
upvote

travis head commented on November 16, 2023
I gave the Amazon SAP-C02 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous
upvote

Weed Flipper commented on October 07, 2020
This is good stuff man.
CANADA
upvote

IT-Guy commented on September 29, 2020
Xengine software is good and free. Too bad it is only in English and no support for French.
FRANCE
upvote

pema commented on August 30, 2019
Can I have the latest version of this exam?
GERMANY
upvote

MrSimha commented on February 23, 2019
Thank you
Anonymous
upvote

Phil C. commented on November 12, 2018
To soon to tell, but I will be back to post a review after my exam.
Anonymous
upvote

MD EJAZ ALI TANWIR commented on August 20, 2017
This is valid dump in US. Thank you guys for providing this.
UNITED STATES
upvote

flypig commented on June 02, 2017
The Braindumps will short my ready time for this exam!
CHINA
upvote