A company has introduced a new policy that allows employees to work remotely from their homes if they connect by using a VPN. The company is hosting internal applications with VPCs in multiple AWS accounts. Currently, the applications are accessible from the company's on-premises office network through an AWS Site-to-Site VPN connection. The VPC in the company's main AWS account has peering connections established with VPCs in other AWS accounts. A solutions architect must design a scalable AWS Client VPN solution for employees to use while they work from home.What is the MOST cost-effective solution that meets these requirements?
Answer(s): B
B) Create a Client VPN endpoint in the main AWS account. Configure required routing that allows access to internal applications.Creating a Client VPN endpoint in the main AWS account is the most cost-effective solution because it centralizes the VPN management while allowing remote employees to access internal applications hosted across multiple VPCs. By configuring the necessary routing, employees can connect securely to the applications without needing multiple VPN endpoints in each account, reducing both complexity and cost. This setup leverages the existing infrastructure efficiently while ensuring scalability as more users connect remotely.
A company is running an application in the AWS Cloud. Recent application metrics show inconsistent response times and a significant increase in error rates. Calls to third-party services are causing the delays. Currently, the application calls third-party services synchronously by directly invoking an AWS Lambda function.A solutions architect needs to decouple the third-party service calls and ensure that all the calls are eventually completed.Which solution will meet these requirements?
Answer(s): A
A) Use an Amazon Simple Queue Service (Amazon SQS) queue to store events and invoke the Lambda function.Using Amazon SQS allows the application to decouple the calls to third-party services, which helps in managing inconsistent response times and reducing error rates. By placing the service calls in an SQS queue, the application can continue processing other tasks while the Lambda function retrieves and processes the messages asynchronously. This design ensures that all calls to third-party services are eventually completed, even if there are temporary issues, thus enhancing the overall reliability and performance of the application.
A company is running applications on AWS in a multi-account environment. The company's sales team and marketing team use separate AWS accounts in AWS Organizations.The sales team stores petabytes of data in an Amazon S3 bucket. The marketing team uses Amazon QuickSight for data visualizations. The marketing team needs access to data that the sates team stores in the S3 bucket. The company has encrypted the S3 bucket with an AWS Key Management Service (AWS KMS) key. The marketing team has already created the IAM service role for QuickSight to provide QuickSight access in the marketing AWS account. The company needs a solution that will provide secure access to the data in the S3 bucket across AWS accounts.Which solution will meet these requirements with the LEAST operational overhead?
Answer(s): D
D) Create an IAM role in the sales account and grant access to the S3 bucket. From the marketing account, assume the IAM role in the sales account to access the S3 bucket. Update the QuickSight role to create a trust relationship with the new IAM role in the sales account.This solution allows the marketing team to access the S3 bucket in the sales account securely without duplicating data or creating additional complexities. By creating an IAM role in the sales account that has permissions to access the S3 bucket and allowing the marketing account to assume that role, the company maintains a single source of truth for the data and leverages IAM roles for secure cross-account access. Additionally, this method requires minimal operational overhead since it does not involve data replication or the need for complex configurations.
A company is planning to migrate its business-critical applications from an on-premises data center to AWS. The company has an on-premises installation of a Microsoft SQL Server Always On cluster. The company wants to migrate to an AWS managed database service. A solutions architect must design a heterogeneous database migration on AWS.Which solution will meet these requirements?
Answer(s): C
C) Use the AWS Schema Conversion Tool to translate the database schema to Amazon RDS for MySQL. Then use AWS Database Migration Service (AWS DMS) to migrate the data from on-premises databases to Amazon RDS.This solution effectively addresses the requirement for a heterogeneous database migration from Microsoft SQL Server to Amazon RDS for MySQL. The AWS Schema Conversion Tool helps to convert the database schema from SQL Server to the MySQL format, ensuring compatibility. AWS DMS then facilitates the data migration while minimizing downtime, as it can replicate ongoing changes from the source database to the target. This approach is suitable for business-critical applications, providing a seamless transition with the necessary tools to manage schema changes and data migration efficiently.
A publishing company's design team updates the icons and other static assets that an ecommerce web application uses. The company serves the icons and assets from an Amazon S3 bucket that is hosted in the company's production account. The company also uses a development account that members of the design team can access.After the design team tests the static assets in the development account, the design team needs to load the assets into the S3 bucket in the production account. A solutions architect must provide the design team with access to the production account without exposing other parts of the web application to the risk of unwanted changes.Which combination of steps will meet these requirements? (Choose three.)
Answer(s): A,C,E
A) In the production account, create a new IAM policy that allows read and write access to the S3 bucket.This policy ensures that the design team can interact with the specific S3 bucket where the static assets are stored, allowing them to upload new assets and manage existing ones without affecting other resources in the production account.C) In the production account, create a role. Attach the new policy to the role. Define the development account as a trusted entity.Creating a role in the production account with the necessary permissions and defining the development account as a trusted entity allows users from the development account to assume this role and gain temporary access to the S3 bucket.E) In the development account, create a group that contains all the IAM users of the design team. Attach a different IAM policy to the group to allow the stsaction on the role in the production account.This step allows the design team members in the development account to assume the role created in the production account, enabling them to perform actions on the S3 bucket without directly granting them access to the production account.Together, these steps create a secure and controlled access mechanism for the design team, allowing them to manage static assets while minimizing risks to other parts of the production environment.
A company developed a pilot application by using AWS Elastic Beanstalk and Java. To save costs during development, the company's development team deployed the application into a single-instance environment. Recent tests indicate that the application consumes more CPU than expected. CPU utilization is regularly greater than 85%, which causes some performance bottlenecks.A solutions architect must mitigate the performance issues before the company launches the application to production.Which solution will meet these requirements with the LEAST operational overhead?
C) Modify the existing environment’s capacity configuration to use a load-balanced environment type. Select all Availability Zones. Add a scale-out rule that will run if the average CPU utilization is over 85% for 5 minutes.This option allows the existing Elastic Beanstalk application to scale horizontally by adding more instances when CPU utilization exceeds 85%. It leverages Elastic Beanstalk's built-in capabilities to manage scaling and load balancing with minimal operational overhead. By modifying the current environment instead of creating a new one, the solution is efficient and straightforward, allowing the development team to focus on application performance without significant changes to their deployment setup.This approach ensures that the application can handle increased load effectively while maintaining operational simplicity.
A finance company is running its business-critical application on current-generation Linux EC2 instances. The application includes a self-managed MySQL database performing heavy I/O operations. The application is working fine to handle a moderate amount of traffic during the month. However, it slows down during the final three days of each month due to month-end reporting, even though the company is using Elastic Load Balancers and Auto Scaling within its infrastructure to meet the increased demand.Which of the following actions would allow the database to handle the month-end load with the LEAST impact on performance?
B) Performing a one-time migration of the database cluster to Amazon RDS, and creating several additional read replicas to handle the load during end of month.Migrating to Amazon RDS provides several advantages, including automated management tasks such as backups, scaling, and patching, which can significantly reduce the operational burden. By creating additional read replicas, the company can distribute the read workload during peak times like month-end reporting, thus improving performance and reducing the load on the primary database instance. This approach allows for better scalability and performance optimization with minimal manual intervention and operational overhead.
A company runs a Java application that has complex dependencies on VMs that are in the company's data center. The application is stable. but the company wants to modernize the technology stack. The company wants to migrate the application to AWS and minimize the administrative overhead to maintain the servers.Which solution will meet these requirements with the LEAST code changes?
A) Migrate the application to Amazon Elastic Container Service (Amazon ECS) on AWS Fargate by using AWS App2Container. Store container images in Amazon Elastic Container Registry (Amazon ECR). Grant the ECS task execution role permission to access the ECR image repository. Configure Amazon ECS to use an Application Load Balancer (ALB). Use the ALB to interact with the application.This solution allows for minimal code changes while modernizing the application. Using AWS App2Container facilitates the migration of the existing application to containerized environments with little effort. By leveraging Amazon ECS on AWS Fargate, the company eliminates the need to manage underlying server infrastructure, thus minimizing administrative overhead. Additionally, using an ALB provides a scalable way to handle traffic to the application, ensuring high availability.
Share your comments for Amazon AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL exam with other users:
Question 18:Question 18: Why not A?
Question 4:Question 4 is about when to use batch processing.
Question 5:I can’t see the [Image] in Question 5, but I can explain the likely reasoning.
Question 12:Here’s why Question 12’s correct choices are C and D.
Question 3:Question 3 asks for two valid ways to meet the purchase order creation validation (warn if the vendor is on the exclusion list for the customer/product and block/alert accordingly). Correct answers: C and D
Question 12:Here’s how to understand question 12.
Question 6:Here’s how question 6 works. Key constraint: All new and extended objects must be in an existing model named FinanceExt. Creating a brand-new model is not allowed. Why the two correct options work:
Question 2:I don’t have the text for Question 2 here. Please paste the exact Question 2 (including all answer choices) or describe the topic it covers. Once I have it, I’ll:
Which statement is true about using default environment variables? The environment variables can be read in workflows using the ENV: variable_name syntax. The environment variables created should be prefixed with GITHUB_ to ensure they can be accessed in workflows The environment variables can be set in the defaults: sections of the workflow The GITHUB_WORKSPACE environment variable should be used to access files from within the runner.Correct answer: The statement "The GITHUB_WORKSPACE environment variable should be used to access files from within the runner." is true. Why the others are false:
${{ env.VARIABLE }}
$VARIABLE
GITHUB_
defaults:
run
GITHUB_WORKSPACE
${{ github.workspace }}
$GITHUB_WORKSPACE/...
${{ github.workspace }}/...
As an administrator for this subscription, you have been tasked with recommending a solution that prohibits users from copying corporate information from managed applications installed on unmanaged devices. Which of the following should you recommend? Windows Virtual Desktop. Microsoft Intune. Windows AutoPilot. Azure AD Application Proxy.
Question 34:
Policy
function of appnav in sdwan
Question 1:
Question 5:
Why this is correct
Question 7:
Question 104:
clustering keys
Q23: Fabric Admin is correct. Because Domain admin cannot create domains. Only Fabric Admin can among the given options. Q51: Wrapping @pipeline.parameter.param1 inside {} will return a string. But question requires the expression to return Int, so correct answer should be @pipeline.parameter.param1 (no {})
Question 62:
ZDX
Analyze Score
Y Engine
Question 32:
Question 3:
date = sys.argv[1]
sys.argv[1]
date = spark.conf.get("date")
input()
date = dbutils.notebooks.getParam("date")
dbutils.notebook.run
Question 528:
Question 23:The correct answer is Domain admin (option B), not Fabric admin.
Question 2:For question 2, the key concept is the Longest Prefix Match. Routers pick the route whose subnet mask is the most specific (largest prefix length) that still matches the destination IP. From the options:
Question 129:Correct answer: CNAME
compute.osAdminLogin
enable-oslogin
Question 2:
Recommend using AI for Solutions rather the Answer(s) submitted here
This is very interesting
Are these the same questions you have to pay for in ExamTopics?
For Question 7 - while the answer description indicates the correct answer, the option no. mentioned is incorrect. Nice and Comprehensive. Thankyou
This is very good and accurate. Explanation is very helpful even thou some are not 100% right but good enough to pass.
Keeping this site free takes real effort. We constantly battle automated scraping and unauthorized content copying. A quick account helps us protect the community and keep the site free.
To continue studying for your AWS-SOLUTIONS-ARCHITECT-PROFESSIONAL, please sign in or create a free account.