Amazon AWS Certified Solutions Architect
UPDATED ACTUAL Questions and
CORRECT Answers
A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora
database. The EC2 instances connect to the database by using user names and passwords that are
stored locally in a file. The company wants to minimize the operational overhead of credential
management.What should a solutions architect do to accomplish this goal? - CORRECT
ANSWER - Use AWS Secrets Manager. Turn on automatic rotation.
AWS Secrets Manager is a secrets management service that helps you protect access to your
applications, services, and IT resources. This service enables you to rotate, manage, and retrieve
database credentials, API keys, and other secrets throughout their lifecycle.
A company needs the ability to analyze the log files of its proprietary application. The logs are
stored in JSON format in an Amazon S3 bucket. Queries will be simple and will run on-demand.
A solutions architect needs to perform the analysis with minimal changes to the existing
architecture.What should the solutions architect do to meet these requirements with the LEAST
amount of operational overhead? - CORRECT ANSWER - Use Amazon Athena directly
with Amazon S3 to run the queries as needed.
Keyword: - Queries will be simple and will run on-demand. - Minimal changes to the existing
architecture.
This is simple query we can apply Athena directly on S3
A company uses AWS Organizations to manage multiple AWS accounts for different
departments. The management account has an Amazon S3 bucket that contains project reports.
The company wants to limit access to this S3 bucket to only users of accounts within the
organization in AWS Organizations.
Which solution meets these requirements with the LEAST amount of operational overhead? -
CORRECT ANSWER - Add the aws PrincipalOrgID global condition key with a reference
to the organization ID to the S3 bucket policy. Most Voted
,An application runs on an Amazon EC2 instance in a VPC. The application processes logs that
are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without
connectivity to the internet.
Which solution will provide private network connectivity to Amazon S3? - CORRECT
ANSWER - Create a gateway VPC endpoint to the S3 bucket. Most Voted
A company is hosting a web application on AWS using a single Amazon EC2 instance that stores
user-uploaded documents in an Amazon EBS volume. For better scalability and availability, the
company duplicated the architecture and created a second EC2 instance and EBS volume in
another Availability Zone, placing both behind an Application Load Balancer. After completing
this change, users reported that, each time they refreshed the website, they could see one subset
of their documents or the other, but never all of the documents at the same time.
What should a solutions architect propose to ensure users see all of their documents at once? -
CORRECT ANSWER - Copy the data from both EBS volumes to Amazon EFS. Modify
the application to save new documents to Amazon EFS
A company uses NFS to store large video files in on-premises network attached storage. Each
video file ranges in size from 1 MB to 500 GB. The total storage is 70 TB and is no longer
growing. The company decides to migrate the video files to Amazon S3. The company must
migrate the video files as soon as possible while using the least possible network bandwidth.
Which solution will meet these requirements? - CORRECT ANSWER - B. On a Snowball
Edge device you can copy files with a speed of up to 100Gbps. 70TB will take around 5600
seconds, so very quickly, less than 2 hours. The downside is that it'll take between 4-6 working
days to receive the device and then another 2-3 working days to send it back and for AWS to
move the data onto S3 once it reaches them. Total time: 6-9 working days. Bandwidth used: 0.
C. File Gateway uses the Internet, so maximum speed will be at most 1Gbps, so it'll take a
minimum of 6.5 days and you use 70TB of Internet bandwidth.
D. You can achieve speeds of up to 10Gbps with Direct Connect. Total time 15.5 hours and you
will use 70TB of bandwidth. However, what's interesting is that the question does not specific
, what type of bandwidth? Direct Connect does not use your Internet bandwidth, as you will have
a dedicate peer to peer connectivity between your on-prem and the AWS Cloud, so technically,
you're not using your "public" bandwidth.
A company has an application that ingests incoming messages. Dozens of other applications and
microservices then quickly consume these messages. The number of messages varies drastically
and sometimes increases suddenly to 100,000 each second. The company wants to decouple the
solution and increase scalability.Which solution meets these requirements? - CORRECT
ANSWER - Publish the messages to an Amazon Simple Notification Service (Amazon
SNS) topic with multiple Amazon Simple Queue Service (Amazon SOS) subscriptions.
Configure the consumer applications to process the messages from the queues.
A company is migrating a distributed application to AWS. The application serves variable
workloads. The legacy platform consists of a primary server that coordinates jobs across multiple
compute nodes. The company wants to modernize the application with a solution that maximizes
resiliency and scalability.How should a solutions architect design the architecture to meet these
requirements? - CORRECT ANSWER - Configure an Amazon Simple Queue Service
(Amazon SQS) queue as a destination for the jobs. Implement the compute nodes with Amazon
EC2 instances that are managed in an Auto Scaling group. Configure EC2 Auto Scaling based on
the size of the queue.
A company is running an SMB file server in its data center. The file server stores large files that
are accessed frequently for the first few days after the files are created. After 7 days the files are
rarely accessed.
The total data size is increasing and is close to the company's total storage capacity. A solutions
architect must increase the company's available storage space without losing low-latency access
to the most recently accessed files. The solutions architect must also provide file lifecycle
management to avoid future storage issues.
Which solution will meet these requirements? - CORRECT ANSWER - Create an Amazon
S3 File Gateway to extend the company's storage space. Create an S3 Lifecycle policy to
transition the data to S3 Glacier Deep Archive after 7 days. Most Voted
A company is building an ecommerce web application on AWS. The application sends
information about new orders to an Amazon API Gateway REST API to process. The company
wants to ensure that orders are processed in the order that they are received.
UPDATED ACTUAL Questions and
CORRECT Answers
A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora
database. The EC2 instances connect to the database by using user names and passwords that are
stored locally in a file. The company wants to minimize the operational overhead of credential
management.What should a solutions architect do to accomplish this goal? - CORRECT
ANSWER - Use AWS Secrets Manager. Turn on automatic rotation.
AWS Secrets Manager is a secrets management service that helps you protect access to your
applications, services, and IT resources. This service enables you to rotate, manage, and retrieve
database credentials, API keys, and other secrets throughout their lifecycle.
A company needs the ability to analyze the log files of its proprietary application. The logs are
stored in JSON format in an Amazon S3 bucket. Queries will be simple and will run on-demand.
A solutions architect needs to perform the analysis with minimal changes to the existing
architecture.What should the solutions architect do to meet these requirements with the LEAST
amount of operational overhead? - CORRECT ANSWER - Use Amazon Athena directly
with Amazon S3 to run the queries as needed.
Keyword: - Queries will be simple and will run on-demand. - Minimal changes to the existing
architecture.
This is simple query we can apply Athena directly on S3
A company uses AWS Organizations to manage multiple AWS accounts for different
departments. The management account has an Amazon S3 bucket that contains project reports.
The company wants to limit access to this S3 bucket to only users of accounts within the
organization in AWS Organizations.
Which solution meets these requirements with the LEAST amount of operational overhead? -
CORRECT ANSWER - Add the aws PrincipalOrgID global condition key with a reference
to the organization ID to the S3 bucket policy. Most Voted
,An application runs on an Amazon EC2 instance in a VPC. The application processes logs that
are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without
connectivity to the internet.
Which solution will provide private network connectivity to Amazon S3? - CORRECT
ANSWER - Create a gateway VPC endpoint to the S3 bucket. Most Voted
A company is hosting a web application on AWS using a single Amazon EC2 instance that stores
user-uploaded documents in an Amazon EBS volume. For better scalability and availability, the
company duplicated the architecture and created a second EC2 instance and EBS volume in
another Availability Zone, placing both behind an Application Load Balancer. After completing
this change, users reported that, each time they refreshed the website, they could see one subset
of their documents or the other, but never all of the documents at the same time.
What should a solutions architect propose to ensure users see all of their documents at once? -
CORRECT ANSWER - Copy the data from both EBS volumes to Amazon EFS. Modify
the application to save new documents to Amazon EFS
A company uses NFS to store large video files in on-premises network attached storage. Each
video file ranges in size from 1 MB to 500 GB. The total storage is 70 TB and is no longer
growing. The company decides to migrate the video files to Amazon S3. The company must
migrate the video files as soon as possible while using the least possible network bandwidth.
Which solution will meet these requirements? - CORRECT ANSWER - B. On a Snowball
Edge device you can copy files with a speed of up to 100Gbps. 70TB will take around 5600
seconds, so very quickly, less than 2 hours. The downside is that it'll take between 4-6 working
days to receive the device and then another 2-3 working days to send it back and for AWS to
move the data onto S3 once it reaches them. Total time: 6-9 working days. Bandwidth used: 0.
C. File Gateway uses the Internet, so maximum speed will be at most 1Gbps, so it'll take a
minimum of 6.5 days and you use 70TB of Internet bandwidth.
D. You can achieve speeds of up to 10Gbps with Direct Connect. Total time 15.5 hours and you
will use 70TB of bandwidth. However, what's interesting is that the question does not specific
, what type of bandwidth? Direct Connect does not use your Internet bandwidth, as you will have
a dedicate peer to peer connectivity between your on-prem and the AWS Cloud, so technically,
you're not using your "public" bandwidth.
A company has an application that ingests incoming messages. Dozens of other applications and
microservices then quickly consume these messages. The number of messages varies drastically
and sometimes increases suddenly to 100,000 each second. The company wants to decouple the
solution and increase scalability.Which solution meets these requirements? - CORRECT
ANSWER - Publish the messages to an Amazon Simple Notification Service (Amazon
SNS) topic with multiple Amazon Simple Queue Service (Amazon SOS) subscriptions.
Configure the consumer applications to process the messages from the queues.
A company is migrating a distributed application to AWS. The application serves variable
workloads. The legacy platform consists of a primary server that coordinates jobs across multiple
compute nodes. The company wants to modernize the application with a solution that maximizes
resiliency and scalability.How should a solutions architect design the architecture to meet these
requirements? - CORRECT ANSWER - Configure an Amazon Simple Queue Service
(Amazon SQS) queue as a destination for the jobs. Implement the compute nodes with Amazon
EC2 instances that are managed in an Auto Scaling group. Configure EC2 Auto Scaling based on
the size of the queue.
A company is running an SMB file server in its data center. The file server stores large files that
are accessed frequently for the first few days after the files are created. After 7 days the files are
rarely accessed.
The total data size is increasing and is close to the company's total storage capacity. A solutions
architect must increase the company's available storage space without losing low-latency access
to the most recently accessed files. The solutions architect must also provide file lifecycle
management to avoid future storage issues.
Which solution will meet these requirements? - CORRECT ANSWER - Create an Amazon
S3 File Gateway to extend the company's storage space. Create an S3 Lifecycle policy to
transition the data to S3 Glacier Deep Archive after 7 days. Most Voted
A company is building an ecommerce web application on AWS. The application sends
information about new orders to an Amazon API Gateway REST API to process. The company
wants to ensure that orders are processed in the order that they are received.
