CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL

Free AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL Exam Braindumps (page: 77)

Page 77 of 134
PDF with 528 Questions

A company uses AWS Organizations to manage a multi-account structure. The company has hundreds of AWS accounts and expects the number of accounts to increase. The company is building a new application that uses Docker images. The company will push the Docker images to Amazon Elastic Container Registry (Amazon ECR). Only accounts that are within the company’s organization should have access to the images.

The company has a CI/CD process that runs frequently. The company wants to retain all the tagged images. However, the company wants to retain only the five most recent untagged images.

Which solution will meet these requirements with the LEAST operational overhead?

  1. Create a private repository in Amazon ECR. Create a permissions policy for the repository that allows only required ECR operations. Include a condition to allow the ECR operations if the value of the aws:PrincipalOrglD condition key is equal to the ID of the company’s organization. Add a lifecycle rule to the ECR repository that deletes all untagged images over the count of five
  2. Create a public repository in Amazon ECR. Create an IAM role in the ECR account. Set permissions so that any account can assume the role if the value of the aws:PrincipalOrglD condition key is equal to the ID of the company’s organization. Add a lifecycle rule to the ECR repository that deletes all untagged images over the count of five.
  3. Create a private repository in Amazon ECR. Create a permissions policy for the repository that includes only required ECR operations. Include a condition to allow the ECR operations for all account IDs in the organization Schedule a daily Amazon EventBridge rule to invoke an AWS Lambda function that deletes all untagged images over the count of five.
  4. Create a public repository in Amazon ECR. Configure Amazon ECR to use an interface VPC endpoint with an endpoint policy that includes the required permissions for images that the company needs to pull. Include a condition to allow the ECR operations for all account IDs in the company’s organization. Schedule a daily Amazon EventBridge rule to invoke an AWS Lambda function that deletes all untagged images over the count of five.

Answer(s): A

Explanation:

To meet the company's requirements of restricting access to ECR images to accounts within the company's AWS Organization, while managing Docker image retention effectively, the solution with the least operational overhead is:
A)
-Private repository in Amazon ECR: This is ideal for limiting access to the company's organization.
-Permissions policy with aws:PrincipalOrgID condition key: This allows the company to restrict access to the repository to all accounts within the organization, ensuring only authorized accounts can access the Docker images. This meets the security requirement.
-Lifecycle rule for untagged images: The lifecycle rule automatically deletes all untagged images over the count of five, which meets the retention policy without requiring manual intervention or a scheduled job (like Lambda). This minimizes operational overhead.
Other options:
-B) uses a public repository, which is unnecessary for limiting access within an organization, and creates security risks.
-C introduces additional complexity with a Lambda function for image deletion, which increases operational overhead.
-D also uses a public repository and requires unnecessary scheduling for cleanup, adding to operational overhead.
Thus, A provides the least operational overhead while meeting both the security and retention requirements.



A solutions architect is reviewing a company's process for taking snapshots of Amazon RDS DB instances. The company takes automatic snapshots every day and retains the snapshots for 7 days.

The solutions architect needs to recommend a solution that takes snapshots every 6 hours and retains the snapshots for 30 days. The company uses AWS Organizations to manage all of its AWS accounts. The company needs a consolidated view of the health of the RDS snapshots.

Which solution will meet these requirements with the LEAST operational overhead?

  1. Turn on the cross-account management feature in AWS Backup. Create a backup plan that specifies the frequency and retention requirements. Add a tag to the DB instances. Apply the backup plan by using tags. Use AWS Backup to monitor the status of the backups.
  2. Turn on the cross-account management feature in Amazon RDS. Create a snapshot global policy that specifies the frequency and retention requirements. Use the RDS console in the management account to monitor the status of the backups.
  3. Turn on the cross-account management feature in AWS CloudFormation. From the management account, deploy a CloudFormation stack set that contains a backup plan from AWS Backup that specifies the frequency and retention requirements. Create an AWS Lambda function in the management account to monitor the status of the backups. Create an Amazon EventBridge rule in each account to run the Lambda function on a schedule.
  4. Configure AWS Backup in each account. Create an Amazon Data Lifecycle Manager lifecycle policy that specifies the frequency and retention requirements. Specify the DB instances as the target resource Use the Amazon Data Lifecycle Manager console in each member account to monitor the status of the backups.

Answer(s): A

Explanation:

The most appropriate solution to meet the requirements with the least operational overhead is:
A.
-AWS Backup is a centralized service that allows for backup management across accounts and services like Amazon RDS. By turning on cross-account management in AWS Backup, the company can consolidate its backup and snapshot management across multiple AWS accounts within an organization.
-Backup plan: AWS Backup provides the capability to create a backup plan that specifies the required backup frequency (every 6 hours) and retention period (30 days). The plan can be applied to RDS DB instances based on tags, which simplifies the process of managing the backup lifecycle.
-Monitoring with AWS Backup: AWS Backup can be used to monitor the status of backups across multiple accounts, providing a consolidated view of the backup health, which minimizes the operational overhead compared to setting up custom Lambda functions or other manual interventions.
This solution reduces manual setup and overhead because AWS Backup automates snapshot management and monitoring across accounts without requiring additional tools or custom solutions.



A company is using AWS Organizations with a multi-account architecture. The company's current security configuration for the account architecture includes SCPs, resource-based policies, identity-based policies, trust policies, and session policies.

A solutions architect needs to allow an IAM user in Account A to assume a role in Account B.

Which combination of steps must the solutions architect take to meet this requirement? (Choose three.)

  1. Configure the SCP for Account A to allow the action.
  2. Configure the resource-based policies to allow the action.
  3. Configure the identity-based policy on the user in Account A to allow the action.
  4. Configure the identity-based policy on the user in Account B to allow the action.
  5. Configure the trust policy on the target role in Account B to allow the action.
  6. Configure the session policy to allow the action and to be passed programmatically by the GetSessionToken API operation.

Answer(s): A,C,E

Explanation:

To allow an IAM user in Account A to assume a role in Account B, the solutions architect must complete the following steps:
-A. Configure the SCP (Service Control Policy) for Account A to allow the action. SCPs control the maximum available permissions within an organization. If an SCP restricts role assumption across accounts, it must be adjusted to allow this action.
-C. Configure the identity-based policy on the user in Account A to allow the action. This policy must explicitly allow the user in Account A to assume the role in Account B by including the sts:AssumeRole permission.
-E. Configure the trust policy on the target role in Account B to allow the action. The trust policy on the role in Account B must trust the user (or entity) in Account A, enabling the user to assume the role.
These steps ensure that the IAM user in Account A has the necessary permissions and that Account B allows this role assumption through its trust policy.



A company wants to use Amazon S3 to back up its on-premises file storage solution. The company’s on-premises file storage solution supports NFS, and the company wants its new solution to support NFS. The company wants to archive the backup files after 5 days. If the company needs archived files for disaster recovery, the company is willing to wait a few days for the retrieval of those files.

Which solution meets these requirements MOST cost-effectively?

  1. Deploy an AWS Storage Gateway file gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the file gateway. Create an S3 Lifecycle rule to move the files to S3 Standard-Infrequent Access (S3 Standard-IA) after 5 days.
  2. Deploy an AWS Storage Gateway volume gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the volume gateway. Create an S3 Lifecycle rule to move the files to S3 Glacier Deep Archive after 5 days.
  3. Deploy an AWS Storage Gateway tape gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the tape gateway. Create an S3 Lifecycle rule to move the files to S3 Standard-Infrequent Access (S3 Standard-IA) after 5 days.
  4. Deploy an AWS Storage Gateway file gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the file gateway. Create an S3 Lifecycle rule to move the files to S3 Glacier Deep Archive after 5 days.

Answer(s): D

Explanation:

The most cost-effective solution for backing up on-premises file storage that uses NFS and wants to archive files after 5 days while being willing to wait a few days for disaster recovery retrieval is:
D. Deploy an AWS Storage Gateway file gateway that is associated with an Amazon S3 bucket. This solution allows the company to:
-Use NFS, which is supported by the file gateway.
-Move the files to S3 for backup.
-Apply an S3 Lifecycle rule to automatically transition the files to S3 Glacier Deep Archive after 5 days, which is the most cost-effective storage class for long-term archiving. Retrieval from Glacier Deep Archive can take a few days, which aligns with the company's willingness to wait for disaster recovery.
This approach meets the company's requirements in terms of both NFS support and cost-effective archiving.



Page 77 of 134



Post your Comments and Discuss Amazon AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL exam with other Community members:

Zak commented on June 28, 2024
@AppleKid, I manged to pass this exam after failing once. Do not set for your exam without memorizing these questions. These are what you will see in the real exam.
Anonymous
upvote

Apple Kid commented on June 26, 2024
Did anyone gave exam recently and tell if these are good?
Anonymous
upvote

Captain commented on June 26, 2024
This is so helpful
Anonymous
upvote

udaya commented on April 25, 2024
stulll learning and seem to be questions are helpful
Anonymous
upvote

Jerry commented on February 18, 2024
very good for exam !!!!
HONG KONG
upvote

AWS-Guy commented on February 16, 2024
Precise and to the point. I aced this exam and now going for the next exam. Very great full to this site and it's wonderful content.
CANADA
upvote

Jerry commented on February 12, 2024
very good exam stuff
HONG KONG
upvote

travis head commented on November 16, 2023
I gave the Amazon SAP-C02 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous
upvote

Weed Flipper commented on October 07, 2020
This is good stuff man.
CANADA
upvote

IT-Guy commented on September 29, 2020
Xengine software is good and free. Too bad it is only in English and no support for French.
FRANCE
upvote

pema commented on August 30, 2019
Can I have the latest version of this exam?
GERMANY
upvote

MrSimha commented on February 23, 2019
Thank you
Anonymous
upvote

Phil C. commented on November 12, 2018
To soon to tell, but I will be back to post a review after my exam.
Anonymous
upvote

MD EJAZ ALI TANWIR commented on August 20, 2017
This is valid dump in US. Thank you guys for providing this.
UNITED STATES
upvote

flypig commented on June 02, 2017
The Braindumps will short my ready time for this exam!
CHINA
upvote