Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

Get $4 OFF in AWS Solutions Architect & Data Engineer Associate Practice Exams for $10.99 each ONLY!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional Please, I need help on these questions

  • Please, I need help on these questions

     benjamin-4 updated 2 years, 4 months ago 5 Members · 6 Posts
    AWS Certified Solutions Architect Professional

  • thierry

    Member
    July 16, 2020 at 11:10 am

    QUESTION 1: A company host a web application in AWS. The application runs on Amazon EC2 instances an Auto Scaling group. The database layer runs on a db.m5.4large Amazon RDS for PostgreSQL instance that has 5 tebibyte (TIB) of Amazon EBS General Purpose SSD (gp2) Storage. During peak usage periods, some user requests to the web application time out. A solutions Architect discovers that the Amazon CloudWatch DiskQueueDepth metric for the RDS instance spikes during peak usage periods.

    What should the Solutions Architect do to improve the availability of the application during peak periods?

    • Increase the size of the RDS instance’s gp2 volume to 16 TIB

    • Modify the RDS Instance’s storage type to Provisioned IOPS (io1) and provision maximum IOPS

    • Modify the DB instance to be a multi-AZ deployment

    • Enable Amazon EBS optimization on the DB instance

    QUESTION 2: A company runs a sensitive application on Amazon EC2 instances in a VPC. The company wants to monitor and analyze network traffic for possible threats. The solution must:

    • Require minimal development and administration

    • Scale to accommodate a large amount of network traffic

    • Allow queries and visualizations of the data

    Which solution will meet these requirements?

    • Create a flow log for this VPC and publish it to an Amazon DynamoDB table. Use an AWS Lambda function to read the data from the DynamoDB stream and write the log data to a table in Amazon Aurora. Connect the database from Amazon QuickSight to visualize the data.

    • Create a flow log for this VPC and publish it to an Amazon S3 bucket. Create an external table in Amazon Athena to query the log files and connect the database from Amazon QuickSight to visualize the data.

    • Use Amazon Kinesis Data Streams to capture the log files from Amazon CloudWatch. Use Kinesis Data Firehose to push the log files to Amazon S3. Create an external table in Amazon Athena to query the log files, and connect to Amazon Athena from Amazon QuickSight to visualize the data.

    • Create a flow log for the VPC and publish it into an in-memory Spark application running on an Amazon EMR cluster. Connect to the cluster from Amazon QuickSight to visualize the data using Spark SQL.

    QUESTION3: A company runs a web application on Amazon EC2 instances behind an ELB Application Load Balancer. There have been spikes in traffic that caused the application to slow down and fail several times. Logs reveal that the additional traffic contained malformed requests from multiple sources.

    Which solution will MOST quickly block these types of attacks in the future?

    • Create an Amazon CloudFront distribution and set the Elastic Load Balancer as the origin. Enable AWS Shield Standard to mitigate the attacks.

    • Apply an AWS WAF rule to the load balancer with string matching conditions to block requests that are malformed.

    • Create an AWS Lambda function to identify malformed requests from the Elastic Load Balancer access logs and update AWS WAF rules on the load balancer to block the source IP addresses of the malicious traffic.

    • Create an Amazon CloudFront distribution and set the Elastic Load Balancer as the origin. Create an AWS Lambda function to identify malformed requests from the CloudFront logs and update AWS WAF rules on CloudFront to block the source IP addresses of the malicious traffic.

    QUESTION 4: Each development team at a company has their own non-production AWS accounts in AWS Organizations. In each of those accounts, developers have IAM users in developer IAM groups who grant administrative and cost permissions to their users. Each development team has a monthly budget they routinely exceed. Finance has asked that constraints be placed on the development teams to address the spending problems. IT is adamant that any new controls should not limit the developer’s abilities to innovate and experiment.

    Which scenario will satisfy both Finance and IT?

    • In the master account, create a budget using AWS Budgets for each linked development account. When a forecasted budget reaches 100% of the monthly budget, publish to an SNS topic. Subscribe an AWS Lambda function to the topic that adds a policy to the developer IAM group that denies launching any new infrastructure.

    • In the master account, create a budget using AWS Budgets for each linked development account. When the forecasted budget reaches 100% of the monthly budget, publish to an SNS topic. Subscribe an AWS Lambda function to the topic that creates a new SCP for the account that denies launching any new infrastructure.

    • In each development account, create a budget using AWS Budgets. When the forecasted budget reaches 100% of the monthly budget, publish to an SNS topic. Subscribe an AWS Lambda function to the topic that adds a policy to the developer IAM group that denies launching any new infrastructure.

    • In each development account, create a budget using AWS Budgets. When the forecasted budget reaches 100% of the monthly budget, publish to an SNS topic. Subscribe an AWS Lambda function to the topic that creates a new SCP that denies launching any new infrastructure.

  • joseph

    Member
    July 16, 2020 at 11:38 am

    Dear All,

    Good morning, I am Joseph John, I am student and trying to study for the proffesional exam, so this forum post and replying, not sure my ansers are correct, I am posting it here, correct me If I am wrong

    thanks

    Joseph John

    QUESTION 1:

    I short listed

    • Modify the RDS Instance’s storage type to Provisioned IOPS (io1) and provision maximum IOPS

    • Modify the DB instance to be a multi-AZ deployment

    out of which the correct answer which I can select will be

    “• Modify the RDS Instance’s storage type to Provisioned IOPS (io1) and provision maximum IOPS”

    Because in time of peak usage it shows spike, that is read problem, so I am selecting to Modify the storage type

    ——

    QUESTION 2:

    At first glance I short listed

    ” • Create a flow log for this VPC and publish it to an Amazon S3 bucket. Create an external table in Amazon Athena to query the log files and connect the database from Amazon QuickSight to visualize the data.

    • Use Amazon Kinesis Data Streams to capture the log files from Amazon CloudWatch. Use Kinesis Data Firehose to push the log files to Amazon S3. Create an external table in Amazon Athena to query the log files, and connect to Amazon Athena from Amazon QuickSight to visualize the data.

    my answer choice is “Create a flow log for this VPC and publish it to an Amazon S3 bucket. Create an external table in Amazon Athena to query the log files and connect the database from Amazon QuickSight to visualize the data.”

    Reason is “Athena” can do SQL query and “QuickSight” can visulize the data

    Why Kinesis data streams option is not a answer, my thought are No need to use Kinesis Data Streams to capture the logs from Amazon cloudwatch to S3, cloudwatch logs data to S3, do not need Kinessis data stream to do the jon

    ———-

    QUESTION3

    • Create an Amazon CloudFront distribution and set the Elastic Load Balancer as the origin. Enable AWS Shield Standard to mitigate the attacks.

    The above option would be the quickest way to mitigate the attacks

    ———–

    Question 4

    Here I am not sure about my choice of answer, I am selecting

    “• In each development account, create a budget using AWS Budgets. When the forecasted budget reaches 100% of the monthly budget, publish to an SNS topic. Subscribe an AWS Lambda function to the topic that creates a new SCP that denies launching any new infrastructure.

  • thierry

    Member
    July 16, 2020 at 9:04 pm

    Hi @Joseph and thanks for sharing your replies.

    I agree with you except in Question 3 where I selected the option that says:

    “Apply an AWS WAF rule to the load balancer with string match conditions to block requests that are malformed.”

    Because of malformed requests, a WAF rule can be directly applied to the load balancer.

    Maybe someone else will also share his replies and we can discuss and go forward.

    Thanks

    • liongeek

      Member
      October 10, 2021 at 10:40 am

      In question 3, I totally discard ans A cause it states you enable AWS Shield Standard, which enabled by default. That leaves B and C, not sure which of them.

      • This reply was modified 2 years, 6 months ago by  liongeek.

  • Kenneth-Samonte-Tutorials-Dojo

    Member
    October 10, 2021 at 8:31 pm

    Hello,

    Can you please send screenshots which test question set are these questions from? I can’t seem to search them on our question bank for the SA-Pro.

    Questions like these should have explanations included for proper learning of the students who are reviewing them.

    BTW, if these are from official AWS Sample practice exams, please don’t post them here as we are not allowed to discuss those.

    Regards,

    Kenneth (Tutorials Dojo)

    • benjamin-4

      Member
      December 14, 2021 at 10:33 am

      Hi,

      I recognize these questions from PSI online AWS Certified Solutions Architect – Professional Practice exam. The practice exam does not come with explanations.

      Regards,

      Ben

Viewing 1 - 4 of 4 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now