Free AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL Exam Braindumps (page: 62)

Page 62 of 134

A large company runs workloads in VPCs that are deployed across hundreds of AWS accounts. Each VPC consists of public subnets and private subnets that span across multiple Availability Zones. NAT gateways are deployed in the public subnets and allow outbound connectivity to the internet from the private subnets.

A solutions architect is working on a hub-and-spoke design. All private subnets in the spoke VPCs must route traffic to the internet through an egress VPC. The solutions architect already has deployed a NAT gateway in an egress VPC in a central AWS account.

Which set of additional steps should the solutions architect take to meet these requirements?

  1. Create peering connections between the egress VPC and the spoke VPCs. Configure the required routing to allow access to the internet.
  2. Create a transit gateway, and share it with the existing AWS accounts. Attach existing VPCs to the transit gateway. Configure the required routing to allow access to the internet.
  3. Create a transit gateway in every account. Attach the NAT gateway to the transit gateways. Configure the required routing to allow access to the internet.
  4. Create an AWS PrivateLink connection between the egress VPC and the spoke VPCs. Configure the required routing to allow access to the internet.

Answer(s): B

Explanation:

B) Creating a transit gateway and sharing it with the existing AWS accounts allows the spoke VPCs to route traffic to the egress VPC. By attaching the existing VPCs to the transit gateway, the solution centralizes the outbound traffic flow, enabling private subnets in the spoke VPCs to access the internet through the egress VPC’s NAT gateway. This approach efficiently manages routing and scales across multiple AWS accounts, making it the best fit for the hub-and-spoke design.



An education company is running a web application used by college students around the world. The application runs in an Amazon Elastic Container Service (Amazon ECS) cluster in an Auto Scaling group behind an Application Load Balancer (ALB). A system administrator detects a weekly spike in the number of failed login attempts, which overwhelm the application's authentication service. All the failed login attempts originate from about 500 different IP addresses that change each week. A solutions architect must prevent the failed login attempts from overwhelming the authentication service.

Which solution meets these requirements with the MOST operational efficiency?

  1. Use AWS Firewall Manager to create a security group and security group policy to deny access from the IP addresses.
  2. Create an AWS WAF web ACL with a rate-based rule, and set the rule action to Block. Connect the web ACL to the AL
  3. Use AWS Firewall Manager to create a security group and security group policy to allow access only to specific CIDR ranges.
  4. Create an AWS WAF web ACL with an IP set match rule, and set the rule action to Block. Connect the web ACL to the ALB.

Answer(s): B

Explanation:

B) Creating an AWS WAF web ACL with a rate-based rule that blocks IP addresses generating excessive failed login attempts is the most operationally efficient solution. This rule can automatically detect and block IP addresses that exceed a specified request threshold, preventing the authentication service from being overwhelmed. The web ACL can be connected to the ALB to provide centralized protection for the entire application. This solution is automated and requires minimal ongoing management.



A company operates an on-premises software-as-a-service (SaaS) solution that ingests several files daily. The company provides multiple public SFTP endpoints to its customers to facilitate the file transfers. The customers add the SFTP endpoint IP addresses to their firewall allow list for outbound traffic. Changes to the SFTP endpoint IP addresses are not permitted.

The company wants to migrate the SaaS solution to AWS and decrease the operational overhead of the file transfer service.

Which solution meets these requirements?

  1. Register the customer-owned block of IP addresses in the company's AWS account. Create Elastic IP addresses from the address pool and assign them to an AWS Transfer for SFTP endpoint. Use AWS Transfer to store the files in Amazon S3.
  2. Add a subnet containing the customer-owned block of IP addresses to a VPC. Create Elastic IP addresses from the address pool and assign them to an Application Load Balancer (ALB). Launch EC2 instances hosting FTP services in an Auto Scaling group behind the ALStore the files in attached Amazon Elastic Block Store (Amazon EBS) volumes.
  3. Register the customer-owned block of IP addresses with Amazon Route 53. Create alias records in Route 53 that point to a Network Load Balancer (NLB). Launch EC2 instances hosting FTP services in an Auto Scaling group behind the NLB. Store the files in Amazon S3.
  4. Register the customer-owned block of IP addresses in the company’s AWS account. Create Elastic IP addresses from the address pool and assign them to an Amazon S3 VPC endpoint. Enable SFTP support on the S3 bucket.

Answer(s): A

Explanation:

A) Registering the customer-owned block of IP addresses in the company's AWS account and assigning Elastic IP addresses to an AWS Transfer for SFTP endpoint allows the company to maintain the same IP addresses that customers have added to their firewall allow lists. AWS Transfer for SFTP enables secure and managed SFTP file transfers with files stored in Amazon S3, reducing operational overhead by eliminating the need to manage SFTP servers directly.
This solution meets the requirements of preserving IP addresses while decreasing operational effort.



A company has a new application that needs to run on five Amazon EC2 instances in a single AWS Region. The application requires high-throughput, low-latency network connections between all of the EC2 instances where the application will run. There is no requirement for the application to be fault tolerant.

Which solution will meet these requirements?

  1. Launch five new EC2 instances into a cluster placement group. Ensure that the EC2 instance type supports enhanced networking.
  2. Launch five new EC2 instances into an Auto Scaling group in the same Availability Zone. Attach an extra elastic network interface to each EC2 instance.
  3. Launch five new EC2 instances into a partition placement group. Ensure that the EC2 instance type supports enhanced networking.
  4. Launch five new EC2 instances into a spread placement group. Attach an extra elastic network interface to each EC2 instance.

Answer(s): A

Explanation:

A) Launching the EC2 instances into a cluster placement group provides high-throughput, low-latency network connections between instances within the same group. A cluster placement group is designed to achieve low-latency networking by keeping instances physically close together in the same Availability Zone. Ensuring that the EC2 instance type supports enhanced networking further improves network performance.
This solution meets the requirement for high-throughput, low-latency connections between the EC2 instances.



Page 62 of 134



Post your Comments and Discuss Amazon AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL exam with other Community members:

Zak commented on June 28, 2024
@AppleKid, I manged to pass this exam after failing once. Do not set for your exam without memorizing these questions. These are what you will see in the real exam.
Anonymous
upvote

Apple Kid commented on June 26, 2024
Did anyone gave exam recently and tell if these are good?
Anonymous
upvote

Captain commented on June 26, 2024
This is so helpful
Anonymous
upvote

udaya commented on April 25, 2024
stulll learning and seem to be questions are helpful
Anonymous
upvote

Jerry commented on February 18, 2024
very good for exam !!!!
HONG KONG
upvote

AWS-Guy commented on February 16, 2024
Precise and to the point. I aced this exam and now going for the next exam. Very great full to this site and it's wonderful content.
CANADA
upvote

Jerry commented on February 12, 2024
very good exam stuff
HONG KONG
upvote

travis head commented on November 16, 2023
I gave the Amazon SAP-C02 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous
upvote

Weed Flipper commented on October 07, 2020
This is good stuff man.
CANADA
upvote

IT-Guy commented on September 29, 2020
Xengine software is good and free. Too bad it is only in English and no support for French.
FRANCE
upvote

pema commented on August 30, 2019
Can I have the latest version of this exam?
GERMANY
upvote

MrSimha commented on February 23, 2019
Thank you
Anonymous
upvote

Phil C. commented on November 12, 2018
To soon to tell, but I will be back to post a review after my exam.
Anonymous
upvote

MD EJAZ ALI TANWIR commented on August 20, 2017
This is valid dump in US. Thank you guys for providing this.
UNITED STATES
upvote

flypig commented on June 02, 2017
The Braindumps will short my ready time for this exam!
CHINA
upvote