CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL

Free AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL Exam Braindumps (page: 71)

Page 71 of 134
PDF with 528 Questions

A company wants to send data from its on-premises systems to Amazon S3 buckets. The company created the S3 buckets in three different accounts. The company must send the data privately without the data traveling across the internet. The company has no existing dedicated connectivity to AWS.

Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

  1. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a private VIF between the on-premises environment and the private VPC.
  2. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a public VIF between the on-premises environment and the private VPC.
  3. Create an Amazon S3 interface endpoint in the networking account.
  4. Create an Amazon S3 gateway endpoint in the networking account.
  5. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Peer VPCs from the accounts that host the S3 buckets with the VPC in the network account.

Answer(s): A,C

Explanation:

A) Establishing a networking account in the AWS Cloud and creating a private VPC with an AWS Direct Connect connection using a private VIF ensures that data is sent securely from the on-premises environment to AWS without traveling over the internet.
C) Creating an Amazon S3 interface endpoint in the networking account allows the company to privately access Amazon S3 from within the VPC, ensuring the data is transferred securely and without the use of the internet.
These steps satisfy the requirement of sending data privately and securely to the S3 buckets in different AWS accounts.



A company operates quick-service restaurants. The restaurants follow a predictable model with high sales traffic for 4 hours daily. Sales traffic is lower outside of those peak hours.

The point of sale and management platform is deployed in the AWS Cloud and has a backend that is based on Amazon DynamoDB. The database table uses provisioned throughput mode with 100,000 RCUs and 80,000 WCUs to match known peak resource consumption.

The company wants to reduce its DynamoDB cost and minimize the operational overhead for the IT staff.

Which solution meets these requirements MOST cost-effectively?

  1. Reduce the provisioned RCUs and WCUs.
  2. Change the DynamoDB table to use on-demand capacity.
  3. Enable Dynamo DB auto scaling for the table.
  4. Purchase 1-year reserved capacity that is sufficient to cover the peak load for 4 hours each day.

Answer(s): C

Explanation:

C) Enabling DynamoDB auto scaling is the most cost-effective solution because it allows the DynamoDB table to automatically adjust its provisioned throughput based on actual traffic patterns. This reduces operational overhead and ensures that the company is only paying for the required RCUs and WCUs during peak and off-peak hours, instead of overprovisioning.
A) Reducing provisioned capacity would result in under-provisioning during peak hours.
B) On-demand capacity is more expensive for workloads with predictable traffic patterns like this one.
D) Reserved capacity is not flexible for traffic that fluctuates daily.



A company hosts a blog post application on AWS using Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. The application currently does not use API keys to authorize requests. The API model is as follows:

•GET /posts/{postId}: to get post details
•GET /users/{userId}: to get user details
•GET /comments/{commentId}: to get comments details

The company has noticed users are actively discussing topics in the comments section, and the company wants to increase user engagement by making the comments appear in real time.

Which design should be used to reduce comment latency and improve user experience?

  1. Use edge-optimized API with Amazon CloudFront to cache API responses.
  2. Modify the blog application code to request GET/comments/{commentId} every 10 seconds.
  3. Use AWS AppSync and leverage WebSockets to deliver comments.
  4. Change the concurrency limit of the Lambda functions to lower the API response time.

Answer(s): C

Explanation:

C) Using AWS AppSync with WebSockets is the best design for delivering real-time comments. WebSockets allow bidirectional communication between the client and the server, enabling updates to be pushed instantly to users without the need for constant polling or repeated requests. This approach will improve user experience by reducing latency and providing real-time updates in the comments section.
A) CloudFront caching might reduce latency for static content but does not address real-time communication.
B) Polling every 10 seconds increases latency and puts unnecessary load on the system.
D) Changing the concurrency limit of Lambda functions doesn't specifically improve real-time capabilities for delivering comments.



A company manages hundreds of AWS accounts centrally in an organization in AWS Organizations. The company recently started to allow product teams to create and manage their own S3 access points in their accounts. The S3 access points can be accessed only within VPCs, not on the internet.

What is the MOST operationally efficient way to enforce this requirement?

  1. Set the S3 access point resource policy to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
  2. Create an SCP at the root level in the organization to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
  3. Use AWS CloudFormation StackSets to create a new IAM policy in each AWS account that allows the s3:CreateAccessPoint action only if the s3:AccessPointNetworkOrigin condition key evaluates to VP
  4. Set the S3 bucket policy to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.

Answer(s): B

Explanation:

B) The most operationally efficient way to enforce the requirement that S3 access points can be accessed only within VPCs is to create a Service Control Policy (SCP) at the root level of the AWS Organization. The SCP can deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC. This ensures that all accounts in the organization comply with the policy, and the enforcement is centralized, reducing operational overhead.
A) Setting a resource policy would work for individual resources but requires manual configuration in each account, which is less efficient than using an SCP.
C) Using CloudFormation StackSets for IAM policy creation would increase operational complexity compared to using an SCP.
D) Modifying the S3 bucket policy applies to specific buckets, not the creation of access points, and would not provide a centralized solution.



Page 71 of 134



Post your Comments and Discuss Amazon AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL exam with other Community members:

Zak commented on June 28, 2024
@AppleKid, I manged to pass this exam after failing once. Do not set for your exam without memorizing these questions. These are what you will see in the real exam.
Anonymous
upvote

Apple Kid commented on June 26, 2024
Did anyone gave exam recently and tell if these are good?
Anonymous
upvote

Captain commented on June 26, 2024
This is so helpful
Anonymous
upvote

udaya commented on April 25, 2024
stulll learning and seem to be questions are helpful
Anonymous
upvote

Jerry commented on February 18, 2024
very good for exam !!!!
HONG KONG
upvote

AWS-Guy commented on February 16, 2024
Precise and to the point. I aced this exam and now going for the next exam. Very great full to this site and it's wonderful content.
CANADA
upvote

Jerry commented on February 12, 2024
very good exam stuff
HONG KONG
upvote

travis head commented on November 16, 2023
I gave the Amazon SAP-C02 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous
upvote

Weed Flipper commented on October 07, 2020
This is good stuff man.
CANADA
upvote

IT-Guy commented on September 29, 2020
Xengine software is good and free. Too bad it is only in English and no support for French.
FRANCE
upvote

pema commented on August 30, 2019
Can I have the latest version of this exam?
GERMANY
upvote

MrSimha commented on February 23, 2019
Thank you
Anonymous
upvote

Phil C. commented on November 12, 2018
To soon to tell, but I will be back to post a review after my exam.
Anonymous
upvote

MD EJAZ ALI TANWIR commented on August 20, 2017
This is valid dump in US. Thank you guys for providing this.
UNITED STATES
upvote

flypig commented on June 02, 2017
The Braindumps will short my ready time for this exam!
CHINA
upvote