AWS SOLUTION ARCHITECT
ASSOCIATE EXAM GUIDE QUESTIONS
WITH 100% CORRECT ANSWERS
You are designing a multi-platform web application for AWS The application will run
on EC2 instances and will be accessed from PCs. tablets and smart phones
Supported accessing platforms are Windows. MACOS. IOS and Android Separate
sticky session and SSL certificate setups are required for different platform types
which of the following describes the most cost effective and performance efficient
architecture setup?
A. Setup a hybrid architecture to handle session state and SSL certificates on-prem
and separate EC2 Instance groups running web applications for different platform
types running in a VPC.
B. Set up one ELB for all platforms to distribute load among multiple instance under
it Each EC2 instance implements ail functionality for a particular platform.
C. Set up two ELBs The first ELB handles SSL certificates for all platforms and the
second ELB handles session stickiness for all platforms fo - Answer-D
A 3-tier e-commerce web application is current deployed on-premises and will be
migrated to AWS for greater scalability and elasticity The web server currently
shares read-only data using a network distributed file system The app server tier
uses a clustering mechanism for discovery and shared session state that depends
on IP multicast The database tier uses shared-storage clustering to provide
database fall over capability, and uses several read slaves for scaling Data on all
servers and the distributed file system directory is backed up weekly to off-site tapes
Which AWS storage and database architecture meets the requirements of the
application?
A. Web servers, store read-only data in S3, and copy from S3 to root volume at boot
time App servers snare state using a combination or DynamoDB and IP unicast
Database use RDS with multi-AZ deployment and one or more Read Replicas
Backup web and app serv - Answer-B
You are designing a photo sharing mobile app the application will store all pictures in
a single Amazon S3 bucket.
Users will upload pictures from their mobile device directly to Amazon S3 and will be
able to view and download their own pictures directly from Amazon S3.
You want to configure security to handle potentially millions of users in the most
secure manner possible. What should your server-side application do when a new
user registers on the photo-sharing mobile application?
A. Create a set of long-term credentials using AWS Security Token Service with
appropriate permissions Store these credentials in the mobile app and use them to
access Amazon S3.
B. Record the user's Information in Amazon RDS and create a role in IAM with
appropriate permissions. When the user uses their mobile app create temporary
credentials using the AWS Security Token Service 'AssumeRole' function Store
these crede - Answer-B
,You are designing an SSUTLS solution that requires HTTPS clients to be
authenticated by the Web server using client certificate authentication. The solution
must be resilient.
Which of the following options would you consider for configuring the web server
infrastructure? (Choose 2 answers)
Configure ELB with TCP listeners on TCP/4d3. And place the Web servers behind it.
Configure your Web servers with EIPS Place the Web servers in a Route53 Record
Set
and configure health checks against all Web servers.
Configure ELB with HTTPS listeners, and place the Web servers behind it.
Configure your web servers as the origins for a CloudFront distribution. Use custom
SSL certificates on your CloudFront distribution. - Answer-A,B
An administrator is using Amazon CloudFormation to deploy a three tier web
application that consists of a web tier and application tier that will utilize Amazon
DynamoDB for storage when creating the CloudFormation template which of the
following would allow the application instance access to the DynamoDB tables
without exposing API credentials?
A. Create an Identity and Access Management Role that has the required
permissions to read and write from the required DynamoDB table and associate the
Role to the application instances by referencing an instance profile.
B. Use me Parameter section in the Cloud Formation template to nave the user input
Access and Secret Keys from an already created IAM user that has me permissions
required to read and write from the required DynamoDB table.
C. Create an Identity and Access Management Role that has the required
permissions to read and write from the required - Answer-C
Your department creates regular analytics reports from your company's log files All
log data is collected in Amazon S3 and processed by daily Amazon Elastic
MapReduce (EMR) jobs that generate daily PDF reports and aggregated tables in
CSV format for an Amazon Redshift data warehouse.
Your CFO requests that you optimize the cost structure for this system.
Which of the following alternatives will lower costs without compromising average
performance of the system or data integrity for the raw data?
A. Use reduced redundancy storage (RRS) for PDF and csv data in Amazon S3. Add
Spot instances to Amazon EMR jobs Use Reserved Instances for Amazon Redshift.
B. Use reduced redundancy storage (RRS) for all data in S3. Use a combination of
Spot instances and Reserved Instances for Amazon EMR jobs use Reserved
instances for Amazon Redshift.
C. Use reduced redundancy storage (RRS) for all data in Amazon S3 Add - Answer-
B
Your website is serving on-demand training videos to your workforce. Videos are
uploaded monthly in high resolution MP4 format. Your workforce is distributed
globally often on the move and using company-provided tablets that require the
HTTP Live Streaming (HLS) protocol to watch a video. Your company has no video
transcoding expertise and it required you may need to pay for a consultant.
How do you implement the most cost-efficient architecture without compromising
high availability and quality of video delivery'?
,A. Elastic Transcoder to transcode original high-resolution MP4 videos to HLS S3 to
host videos with Utecycle Management to archive original flies to Glacier after a few
days
CloudFront to serve HLS transcoded videos from S3
B. A video transcoding pipeline running on EC2 using SQS to distribute tasks and
Auto Scaling to adjust the number or nodes depending on the length of the queue S3
t - Answer-D
You are migrating a legacy client-server application to AWS The application
responds to a specific DNS domain (e g www example com) and has a 2-tier
architecture, with multiple application servers and a database server Remote clients
use TCP to connect to the application servers. The application servers need to know
the IP address of the clients in order to function properly and are currently taking that
information from the TCP socket A Multi-AZ RDS MySQL instance will be used for
the database.
During the migration you can change the application code but you have to file a
change request.
How would you implement the architecture on AWS In order to maximize scalability
and high ability?
File a change request to implement Proxy Protocol support In the application Use an
EL8 with a TCP Listener and Proxy Protocol enabled to distribute load on two
application servers in different AZs.
File a change r - Answer-D
A web company is looking to implement an intrusion detection and prevention
system into their deployed VPC. This platform should have the ability to scale to
thousands of instances running inside of the VPC.
How should they architect their solution to achieve these goals?
A. Configure an instance with monitoring software and the elastic network interface
(ENI) set to promiscuous mode packet sniffing to see an traffic across the VPC.
B. Create a second VPC and route all traffic from the primary application VPC
through the second VPC where the scalable virtualized IDS/IPS platform resides.
C. Configure servers running in the VPC using the host-based 'route' commands to
send all traffic through the platform to a scalable virtualized IDS/IPS.
D. Configure each host with an agent that collects all network traffic and sends that
traffic to the IDS/IPS platform for inspection. - Answer-C
Your customer wishes to deploy an enterprise application to AWS which will consist
of several web servers, several application servers and a small (50GB) Oracle
database
information is stored, both in the database and the file systems of the various
servers. The backup system must support database recovery whole server and
whole disk restores, and individual file restores with a recovery time of no more than
two hours. They have chosen to use RDS Oracle as the database
Which backup architecture will meet these requirements?
Backup RDS using automated daily DB backups Backup the EC2 instances using
AMIs and supplement with file-level backup to S3 using traditional enterprise backup
software to provide file level restore
Backup RDS using a Multi-AZ Deployment Backup the EC2 instances using Amis,
and supplement by copying file system data to S3 to provide file level restore.
, Backup RDS using automat - Answer-C
Reference: http://www.boyter.org/wp-content/uploads/2014/12/Backup-And-
Recovery- Approaches-Using-Aws.pdf
You are tasked with moving a legacy application from a virtual machine running
Inside your datacenter to an Amazon VPC Unfortunately this app requires access to
a number of onpremises services and no one who configured the app still works for
your company. Even worse there's no documentation for it. What will allow the
application running inside the VPC to reach back and access its internal
dependencies without being reconfigured? (Choose 3 answers)
An AWS Direct Connect link between the VPC and the network housing the internal
services.
An Internet Gateway to allow a VPN connection.
An Elastic IP address on the VPC instance
An IP address space that does not conflict with the one on-premises
Entries in Amazon Route 53 that allow the Instance to resolve its dependencies' IP
addresses
A VM Import of the current virtual machine - Answer-A,C,F
An International company has deployed a multi-tier web application that relies on
DynamoDB in a single region For regulatory reasons they need disaster recovery
capability In a separate region with a Recovery Time Objective of 2 hours and a
Recovery Point Objective of 24 hours They should synchronize their data on a
regular basis and be able to provision me web application rapidly using
CloudFormation.
The objective is to minimize changes to the existing web application, control the
throughput of DynamoDB used for the synchronization of data and synchronize only
the modified elements.
Which design would you choose to meet these requirements?
A. Use AWS data Pipeline to schedule a DynamoDB cross region copy once a day.
create a Lastupdated' attribute in your DynamoDB table that would represent the
timestamp of the last update and use it as a filter.
B. Use EMR and write a custom script to retrieve d - Answer-C
Your company plans to host a large donation website on Amazon Web Services
(AWS). You anticipate a large and undetermined amount of traffic that will create
many database writes. To be certain that you do not drop any writes to a database
hosted on AWS. Which service should you use?
Amazon RDS with provisioned IOPS up to the anticipated peak write throughput.
Amazon Simple Queue Service (SOS) for capturing the writes and draining the
queue to
write to the database.
Amazon ElastiCache to store the writes until the writes are committed to the
database.
D. Amazon DynamoDB with provisioned write throughput up to the anticipated peak
write throughput. - Answer-A
Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html
ASSOCIATE EXAM GUIDE QUESTIONS
WITH 100% CORRECT ANSWERS
You are designing a multi-platform web application for AWS The application will run
on EC2 instances and will be accessed from PCs. tablets and smart phones
Supported accessing platforms are Windows. MACOS. IOS and Android Separate
sticky session and SSL certificate setups are required for different platform types
which of the following describes the most cost effective and performance efficient
architecture setup?
A. Setup a hybrid architecture to handle session state and SSL certificates on-prem
and separate EC2 Instance groups running web applications for different platform
types running in a VPC.
B. Set up one ELB for all platforms to distribute load among multiple instance under
it Each EC2 instance implements ail functionality for a particular platform.
C. Set up two ELBs The first ELB handles SSL certificates for all platforms and the
second ELB handles session stickiness for all platforms fo - Answer-D
A 3-tier e-commerce web application is current deployed on-premises and will be
migrated to AWS for greater scalability and elasticity The web server currently
shares read-only data using a network distributed file system The app server tier
uses a clustering mechanism for discovery and shared session state that depends
on IP multicast The database tier uses shared-storage clustering to provide
database fall over capability, and uses several read slaves for scaling Data on all
servers and the distributed file system directory is backed up weekly to off-site tapes
Which AWS storage and database architecture meets the requirements of the
application?
A. Web servers, store read-only data in S3, and copy from S3 to root volume at boot
time App servers snare state using a combination or DynamoDB and IP unicast
Database use RDS with multi-AZ deployment and one or more Read Replicas
Backup web and app serv - Answer-B
You are designing a photo sharing mobile app the application will store all pictures in
a single Amazon S3 bucket.
Users will upload pictures from their mobile device directly to Amazon S3 and will be
able to view and download their own pictures directly from Amazon S3.
You want to configure security to handle potentially millions of users in the most
secure manner possible. What should your server-side application do when a new
user registers on the photo-sharing mobile application?
A. Create a set of long-term credentials using AWS Security Token Service with
appropriate permissions Store these credentials in the mobile app and use them to
access Amazon S3.
B. Record the user's Information in Amazon RDS and create a role in IAM with
appropriate permissions. When the user uses their mobile app create temporary
credentials using the AWS Security Token Service 'AssumeRole' function Store
these crede - Answer-B
,You are designing an SSUTLS solution that requires HTTPS clients to be
authenticated by the Web server using client certificate authentication. The solution
must be resilient.
Which of the following options would you consider for configuring the web server
infrastructure? (Choose 2 answers)
Configure ELB with TCP listeners on TCP/4d3. And place the Web servers behind it.
Configure your Web servers with EIPS Place the Web servers in a Route53 Record
Set
and configure health checks against all Web servers.
Configure ELB with HTTPS listeners, and place the Web servers behind it.
Configure your web servers as the origins for a CloudFront distribution. Use custom
SSL certificates on your CloudFront distribution. - Answer-A,B
An administrator is using Amazon CloudFormation to deploy a three tier web
application that consists of a web tier and application tier that will utilize Amazon
DynamoDB for storage when creating the CloudFormation template which of the
following would allow the application instance access to the DynamoDB tables
without exposing API credentials?
A. Create an Identity and Access Management Role that has the required
permissions to read and write from the required DynamoDB table and associate the
Role to the application instances by referencing an instance profile.
B. Use me Parameter section in the Cloud Formation template to nave the user input
Access and Secret Keys from an already created IAM user that has me permissions
required to read and write from the required DynamoDB table.
C. Create an Identity and Access Management Role that has the required
permissions to read and write from the required - Answer-C
Your department creates regular analytics reports from your company's log files All
log data is collected in Amazon S3 and processed by daily Amazon Elastic
MapReduce (EMR) jobs that generate daily PDF reports and aggregated tables in
CSV format for an Amazon Redshift data warehouse.
Your CFO requests that you optimize the cost structure for this system.
Which of the following alternatives will lower costs without compromising average
performance of the system or data integrity for the raw data?
A. Use reduced redundancy storage (RRS) for PDF and csv data in Amazon S3. Add
Spot instances to Amazon EMR jobs Use Reserved Instances for Amazon Redshift.
B. Use reduced redundancy storage (RRS) for all data in S3. Use a combination of
Spot instances and Reserved Instances for Amazon EMR jobs use Reserved
instances for Amazon Redshift.
C. Use reduced redundancy storage (RRS) for all data in Amazon S3 Add - Answer-
B
Your website is serving on-demand training videos to your workforce. Videos are
uploaded monthly in high resolution MP4 format. Your workforce is distributed
globally often on the move and using company-provided tablets that require the
HTTP Live Streaming (HLS) protocol to watch a video. Your company has no video
transcoding expertise and it required you may need to pay for a consultant.
How do you implement the most cost-efficient architecture without compromising
high availability and quality of video delivery'?
,A. Elastic Transcoder to transcode original high-resolution MP4 videos to HLS S3 to
host videos with Utecycle Management to archive original flies to Glacier after a few
days
CloudFront to serve HLS transcoded videos from S3
B. A video transcoding pipeline running on EC2 using SQS to distribute tasks and
Auto Scaling to adjust the number or nodes depending on the length of the queue S3
t - Answer-D
You are migrating a legacy client-server application to AWS The application
responds to a specific DNS domain (e g www example com) and has a 2-tier
architecture, with multiple application servers and a database server Remote clients
use TCP to connect to the application servers. The application servers need to know
the IP address of the clients in order to function properly and are currently taking that
information from the TCP socket A Multi-AZ RDS MySQL instance will be used for
the database.
During the migration you can change the application code but you have to file a
change request.
How would you implement the architecture on AWS In order to maximize scalability
and high ability?
File a change request to implement Proxy Protocol support In the application Use an
EL8 with a TCP Listener and Proxy Protocol enabled to distribute load on two
application servers in different AZs.
File a change r - Answer-D
A web company is looking to implement an intrusion detection and prevention
system into their deployed VPC. This platform should have the ability to scale to
thousands of instances running inside of the VPC.
How should they architect their solution to achieve these goals?
A. Configure an instance with monitoring software and the elastic network interface
(ENI) set to promiscuous mode packet sniffing to see an traffic across the VPC.
B. Create a second VPC and route all traffic from the primary application VPC
through the second VPC where the scalable virtualized IDS/IPS platform resides.
C. Configure servers running in the VPC using the host-based 'route' commands to
send all traffic through the platform to a scalable virtualized IDS/IPS.
D. Configure each host with an agent that collects all network traffic and sends that
traffic to the IDS/IPS platform for inspection. - Answer-C
Your customer wishes to deploy an enterprise application to AWS which will consist
of several web servers, several application servers and a small (50GB) Oracle
database
information is stored, both in the database and the file systems of the various
servers. The backup system must support database recovery whole server and
whole disk restores, and individual file restores with a recovery time of no more than
two hours. They have chosen to use RDS Oracle as the database
Which backup architecture will meet these requirements?
Backup RDS using automated daily DB backups Backup the EC2 instances using
AMIs and supplement with file-level backup to S3 using traditional enterprise backup
software to provide file level restore
Backup RDS using a Multi-AZ Deployment Backup the EC2 instances using Amis,
and supplement by copying file system data to S3 to provide file level restore.
, Backup RDS using automat - Answer-C
Reference: http://www.boyter.org/wp-content/uploads/2014/12/Backup-And-
Recovery- Approaches-Using-Aws.pdf
You are tasked with moving a legacy application from a virtual machine running
Inside your datacenter to an Amazon VPC Unfortunately this app requires access to
a number of onpremises services and no one who configured the app still works for
your company. Even worse there's no documentation for it. What will allow the
application running inside the VPC to reach back and access its internal
dependencies without being reconfigured? (Choose 3 answers)
An AWS Direct Connect link between the VPC and the network housing the internal
services.
An Internet Gateway to allow a VPN connection.
An Elastic IP address on the VPC instance
An IP address space that does not conflict with the one on-premises
Entries in Amazon Route 53 that allow the Instance to resolve its dependencies' IP
addresses
A VM Import of the current virtual machine - Answer-A,C,F
An International company has deployed a multi-tier web application that relies on
DynamoDB in a single region For regulatory reasons they need disaster recovery
capability In a separate region with a Recovery Time Objective of 2 hours and a
Recovery Point Objective of 24 hours They should synchronize their data on a
regular basis and be able to provision me web application rapidly using
CloudFormation.
The objective is to minimize changes to the existing web application, control the
throughput of DynamoDB used for the synchronization of data and synchronize only
the modified elements.
Which design would you choose to meet these requirements?
A. Use AWS data Pipeline to schedule a DynamoDB cross region copy once a day.
create a Lastupdated' attribute in your DynamoDB table that would represent the
timestamp of the last update and use it as a filter.
B. Use EMR and write a custom script to retrieve d - Answer-C
Your company plans to host a large donation website on Amazon Web Services
(AWS). You anticipate a large and undetermined amount of traffic that will create
many database writes. To be certain that you do not drop any writes to a database
hosted on AWS. Which service should you use?
Amazon RDS with provisioned IOPS up to the anticipated peak write throughput.
Amazon Simple Queue Service (SOS) for capturing the writes and draining the
queue to
write to the database.
Amazon ElastiCache to store the writes until the writes are committed to the
database.
D. Amazon DynamoDB with provisioned write throughput up to the anticipated peak
write throughput. - Answer-A
Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html
