Free AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL Exam Braindumps (page: 64)

Page 64 of 134

A company is creating a centralized logging service running on Amazon EC2 that will receive and analyze logs from hundreds of AWS accounts. AWS PrivateLink is being used to provide connectivity between the client services and the logging service.

In each AWS account with a client, an interface endpoint has been created for the logging service and is available. The logging service running on EC2 instances with a Network Load Balancer (NLB) are deployed in different subnets. The clients are unable to submit logs using the VPC endpoint.

Which combination of steps should a solutions architect take to resolve this issue? (Choose two.)

  1. Check that the NACL is attached to the logging service subnet to allow communications to and from the NLB subnets. Check that the NACL is attached to the NLB subnet to allow communications to and from the logging service subnets running on EC2 instances.
  2. Check that the NACL is attached to the logging service subnets to allow communications to and from the interface endpoint subnets. Check that the NACL is attached to the interface endpoint subnet to allow communications to and from the logging service subnets running on EC2 instances.
  3. Check the security group for the logging service running on the EC2 instances to ensure it allows ingress from the NLB subnets.
  4. Check the security group for the logging service running on EC2 instances to ensure it allows ingress from the clients.
  5. Check the security group for the NLB to ensure it allows ingress from the interface endpoint subnets.

Answer(s): A,C

Explanation:

A) Ensuring that the NACL (Network Access Control List) attached to the logging service subnet allows communication to and from the NLB subnets is critical for the traffic flow between the EC2 instances hosting the logging service and the NLB. Similarly, the NACLs on the NLB subnets must allow communication to and from the EC2 instance subnets to ensure the connection works properly.
C) Checking the security group for the EC2 instances running the logging service to ensure it allows ingress from the NLB subnets is crucial. This step ensures that traffic coming from the NLB can reach the logging service hosted on the EC2 instances.
These steps address both the networking and security group configurations to resolve the issue preventing clients from submitting logs through the VPC endpoint.



A company has millions of objects in an Amazon S3 bucket. The objects are in the S3 Standard storage class. All the S3 objects are accessed frequently. The number of users and applications that access the objects is increasing rapidly. The objects are encrypted with server-side encryption with AWS KMS keys (SSE-KMS).

A solutions architect reviews the company’s monthly AWS invoice and notices that AWS KMS costs are increasing because of the high number of requests from Amazon S3. The solutions architect needs to optimize costs with minimal changes to the application.

Which solution will meet these requirements with the LEAST operational overhead?

  1. Create a new S3 bucket that has server-side encryption with customer-provided keys (SSE-C) as the encryption type. Copy the existing objects to the new S3 bucket. Specify SSE-C.
  2. Create a new S3 bucket that has server-side encryption with Amazon S3 managed keys (SSE-S3) as the encryption type. Use S3 Batch Operations to copy the existing objects to the new S3 bucket. Specify SSE-S3.
  3. Use AWS CloudHSM to store the encryption keys. Create a new S3 bucket. Use S3 Batch Operations to copy the existing objects to the new S3 bucket. Encrypt the objects by using the keys from CloudHSM.
  4. Use the S3 Intelligent-Tiering storage class for the S3 bucket. Create an S3 Intelligent-Tiering archive configuration to transition objects that are not accessed for 90 days to S3 Glacier Deep Archive.

Answer(s): B

Explanation:

B) Creating a new S3 bucket with server-side encryption using Amazon S3 managed keys (SSE-S3) and using S3 Batch Operations to copy the existing objects will significantly reduce the AWS KMS costs. SSE-S3 provides encryption without the overhead of using KMS keys, making it a cost-effective alternative while keeping encryption enabled. This solution requires minimal changes to the application and optimizes costs with the least operational overhead.



A media storage application uploads user photos to Amazon S3 for processing by AWS Lambda functions. Application state is stored in Amazon DynamoDB tables. Users are reporting that some uploaded photos are not being processed properly. The application developers trace the logs and find that Lambda is experiencing photo processing issues when thousands of users upload photos simultaneously. The issues are the result of Lambda concurrency limits and the performance of DynamoDB when data is saved.

Which combination of actions should a solutions architect take to increase the performance and reliability of the application? (Choose two.)

  1. Evaluate and adjust the RCUs for the DynamoDB tables.
  2. Evaluate and adjust the WCUs for the DynamoDB tables.
  3. Add an Amazon ElastiCache layer to increase the performance of Lambda functions.
  4. Add an Amazon Simple Queue Service (Amazon SQS) queue and reprocessing logic between Amazon S3 and the Lambda functions.
  5. Use S3 Transfer Acceleration to provide lower latency to users.

Answer(s): B,D

Explanation:

B) Adjusting the WCUs (Write Capacity Units) for the DynamoDB tables will help address write performance issues, especially when large numbers of users are uploading photos simultaneously. DynamoDB's write capacity should be scaled up to handle the increased data ingestion.
D) Adding an Amazon SQS queue between Amazon S3 and the Lambda functions helps decouple the photo upload and processing, allowing the system to handle bursts of traffic without hitting Lambda concurrency limits. SQS will buffer the requests, enabling Lambda to process them asynchronously and reliably.
This combination improves both the performance of DynamoDB and the reliability of the Lambda functions under heavy load.



A company runs an application in an on-premises data center. The application gives users the ability to upload media files. The files persist in a file server. The web application has many users. The application server is overutilized, which causes data uploads to fail occasionally. The company frequently adds new storage to the file server. The company wants to resolve these challenges by migrating the application to AWS.

Users from across the United States and Canada access the application. Only authenticated users should have the ability to access the application to upload files. The company will consider a solution that refactors the application, and the company needs to accelerate application development.

Which solution will meet these requirements with the LEAST operational overhead?

  1. Use AWS Application Migration Service to migrate the application server to Amazon EC2 instances. Create an Auto Scaling group for the EC2 instances. Use an Application Load Balancer to distribute the requests. Modify the application to use Amazon S3 to persist the files. Use Amazon Cognito to authenticate users.
  2. Use AWS Application Migration Service to migrate the application server to Amazon EC2 instances. Create an Auto Scaling group for the EC2 instances. Use an Application Load Balancer to distribute the requests. Set up AWS IAM Identity Center (AWS Single Sign-On) to give users the ability to sign in to the application. Modify the application to use Amazon S3 to persist the files.
  3. Create a static website for uploads of media files. Store the static assets in Amazon S3. Use AWS AppSync to create an API. Use AWS Lambda resolvers to upload the media files to Amazon S3. Use Amazon Cognito to authenticate users.
  4. Use AWS Amplify to create a static website for uploads of media files. Use Amplify Hosting to serve the website through Amazon CloudFront. Use Amazon S3 to store the uploaded media files. Use Amazon Cognito to authenticate users.

Answer(s): D

Explanation:

D) Using AWS Amplify to create a static website for media file uploads with Amplify Hosting and Amazon CloudFront provides a highly scalable and low-maintenance solution. Amazon S3 is ideal for storing the uploaded media files, and Amazon Cognito offers a straightforward method for user authentication. This solution refactors the application with the least operational overhead, leveraging fully managed services for storage, authentication, and content delivery, which accelerates application development.



Page 64 of 134



Post your Comments and Discuss Amazon AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL exam with other Community members:

Zak commented on June 28, 2024
@AppleKid, I manged to pass this exam after failing once. Do not set for your exam without memorizing these questions. These are what you will see in the real exam.
Anonymous
upvote

Apple Kid commented on June 26, 2024
Did anyone gave exam recently and tell if these are good?
Anonymous
upvote

Captain commented on June 26, 2024
This is so helpful
Anonymous
upvote

udaya commented on April 25, 2024
stulll learning and seem to be questions are helpful
Anonymous
upvote

Jerry commented on February 18, 2024
very good for exam !!!!
HONG KONG
upvote

AWS-Guy commented on February 16, 2024
Precise and to the point. I aced this exam and now going for the next exam. Very great full to this site and it's wonderful content.
CANADA
upvote

Jerry commented on February 12, 2024
very good exam stuff
HONG KONG
upvote

travis head commented on November 16, 2023
I gave the Amazon SAP-C02 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous
upvote

Weed Flipper commented on October 07, 2020
This is good stuff man.
CANADA
upvote

IT-Guy commented on September 29, 2020
Xengine software is good and free. Too bad it is only in English and no support for French.
FRANCE
upvote

pema commented on August 30, 2019
Can I have the latest version of this exam?
GERMANY
upvote

MrSimha commented on February 23, 2019
Thank you
Anonymous
upvote

Phil C. commented on November 12, 2018
To soon to tell, but I will be back to post a review after my exam.
Anonymous
upvote

MD EJAZ ALI TANWIR commented on August 20, 2017
This is valid dump in US. Thank you guys for providing this.
UNITED STATES
upvote

flypig commented on June 02, 2017
The Braindumps will short my ready time for this exam!
CHINA
upvote