Timed Mode Diagnostic Test – AWS Certified Solutions Architect Associate

A company is preparing a solution that the sales team can use for generating weekly revenue reports. The team must be able to run analysis on sales records stored in Amazon S3 and visualize the results of queries.

How can the solutions architect meet the requirement in the most cost-effective way possible?

A company has moved its suite of internal tools to AWS. For audit compliance, several CloudTrail trails are made to record all API calls. Each log file is also protected with server-side encryption with AWS KMS keys (SSE-KMS). Despite this, the company wants to ensure it can identify whether a log file has been tampered with.

Which security measure should the solutions architect employ?

A digital bank has recently deployed a fraud detection model in AWS Lambda. The company intends to put the model to test by processing transactions that are recorded in the production DynamoDB table. The security team must be immediately notified when a transaction is flagged as fraudulent.

How can the solutions architect satisfy the requirements while minimizing the impact on database operations and performance?

A serverless application has been launched on the DevOps team’s AWS account. Users from the development team’s account must be granted permission to invoke the Lambda function that runs the application. The solution must use the principle of least privilege access.

Which solution will fulfill these criteria?

A data center equipped with several physical servers is connected to AWS via a Direct Connect 10 Gbps link capacity. A solutions architect is tasked with rehosting all on-premises applications, data, and operating systems to AWS. Interruptions to business operations must be minimized as well.

Which solution meets the requirement?

A startup plans to scale out its cloud resources. With its rapid growth, the company needs an automated way of scanning its Amazon EC2 instances for security purposes. The company needs to automatically discover software vulnerabilities on its cloud resources and validate that its workloads meet security compliances.

Which of the following options should be implemented to meet the company requirements?

A retail company stores customer transaction data on AWS. The data sees high access rates during seasonal sales and fluctuating access patterns throughout the rest of the year. The company is looking for a cost-effective storage solution that guarantees both durability and high availability to accommodate these varying access patterns.

Which Amazon S3 storage classes fulfill these requirements?

A company has migrated its containerized workloads into the AWS Cloud. The microservices applications are hosted on Amazon EC2 instances with Docker installed, Amazon Elastic Container Service (Amazon ECS), and newer deployments are hosted on Amazon Elastic Kubernetes Service (Amazon EKS). The company is using open-source tools such as Prometheus and Grafana installed on a virtual machine in its data center for monitoring its applications. The management wants to use the same tools for monitoring its containerized applications in its cloud environment.

Which of the following options is the recommended implementation for this scenario?

A large company has several applications hosted on hundreds of virtual machines running in its data center. The company wants to take advantage of the scalability and cost-effectiveness of the AWS cloud, so it’s been decided to migrate all its applications to the cloud. Before starting the migration process, the management wants to have an inventory of all its servers and wants the ability to track the migration of each application to the cloud.

Which of the following options is the recommended action to meet the above requirements?

A FinTech company has been running its compute workload on the AWS Cloud. In order to quickly release the application, the developers have deployed several Amazon EC2 instances, Auto Scaling groups and AWS Lambda functions for the different components of the application stack. After a few weeks of operation, the users are complaining of slow performance in certain components of the application. The QA engineers suspect that the servers are not able to handle the traffic being sent to the application.

Which of the following actions should be taken to verify and resolve the above issue?

The DevOps Team at Agila Corporation aims to enforce an IAM policy that grants them exclusive permissions to start, stop, and terminate EC2 instances in the us-west-1 region. To maintain strict security measures, any requests originating outside the company’s network range (192.158.1.0/24) should be denied.

Which of the following IAM policies would satisfy these requirements? 

A company wants to transfer a large amount of data (50 TB) from its Amazon S3 bucket to its data center. Due to bandwidth constraints, downloading the data directly over the internet would take too long. The company needs to transfer the data as quickly and efficiently as possible.

Which of the following options is the MOST cost-effective way to transfer this data?

A manufacturing company is building an IoT-based system to detect faults in its production process in real-time. The system will feed sensor data to an Amazon API Gateway REST API, where the data will be analyzed for any anomalies or faults.

The result of the data processing will then determine the necessary remedial action to be taken. It’s critical that the data is processed in the sequence in which it was sent.

Which of the following is the most operationally efficient solution?

An e-commerce company is redesigning the architecture of its application. The new architecture needs a more robust application layer and an online transactional processing (OLTP) relational database that can handle spiky traffic loads. The company also wants to ensure the application is always available while minimizing computing costs during idle periods.

As the company’s solution architect, which solution would be the most cost-effective to meet these requirements?

A healthcare company has migrated its Electronic Health Record (EHR) system to AWS and is now seeking to protect its production VPC from a wide range of potential threats. The company requires a solution to monitor both incoming and outgoing VPC traffic and block any malicious connections.

As a Solution Architect, how will you meet these requirements?

A large electronics company is using Amazon Simple Storage Service to store important documents. For reporting purposes, they want to track and log every request access to their S3 buckets including the requester, bucket name, request time, request action, referrer, turnaround time, and error code information. The solution should also provide more visibility into the object-level operations of the bucket.

Which is the best solution among the following options that can satisfy the requirement?

A Solutions Architect designed a serverless architecture that allows AWS Lambda to access an Amazon DynamoDB table named tutorialsdojo in the US East (N. Virginia) region. The IAM policy attached to a Lambda function allows it to put and delete items in the table. The policy must be updated to only allow two operations in the tutorialsdojo table and prevent other DynamoDB tables from being modified.

Which of the following IAM policies fulfill this requirement and follow the principle of granting the least privilege?

A company faces performance degradation due to intermittent traffic spikes in its application. The application is deployed across multiple EC2 instances within an Auto Scaling group and is fronted by a Network Load Balancer (NLB). The operations team found out that HTTP errors are not being detected by the NLB. As a result, clients are continuously routed to unhealthy targets and are never replaced, which impacts the availability of the application.

Which solution could resolve the issue with the least amount of development overhead?

A solutions architect is designing a plan to recover from accidental writes and deletes on an Amazon DynamoDB table. The solution must be capable of recovering data up to an hour prior to the occurrence of an incident.

Which approach should be taken to meet these criteria?

A retail website has intermittent, sporadic, and unpredictable transactional workloads throughout the day that are hard to predict. The website is currently hosted on-premises and is slated to be migrated to AWS. A new relational database is needed that autoscales capacity to meet the needs of the application’s peak load and scales back down when the surge of activity is over.

Which of the following option is the MOST cost-effective and suitable database setup in this scenario?

A company runs its multitier online shopping platform on AWS. Every new sale transaction is published as a message in an open-source RabbitMQ queue that runs on an Amazon EC2 instance. There is a consumer application is hosted on a separate EC2 instance that consumes the incoming messages, which then stores the transaction in a self-hosted PostgreSQL database on another EC2 instance.

All of the EC2 instances used are in the same Availability Zone in the eu-central-1 Region. A solutions architect needs to redesign its cloud architecture to provide the highest availability with the least amount of operational overhead.

What should a solutions architect do to meet the company’s requirements above?

A technology company has a suite of container-based web applications and serverless solutions that are hosted in AWS. The Solutions Architect must define a standard infrastructure that will be used across development teams and applications. There are application-specific resources too that change frequently, especially during the early stages of application development. Developers must be able to add supplemental resources to their applications, which are beyond what the architects predefined in the system environments and service templates.

Which of the following should be implemented to satisfy this requirement?

An online shopping platform is hosted on an Auto Scaling group of On-Demand EC2 instances with a default Auto Scaling termination policy and no instance protection configured. The system is deployed across three Availability Zones in the US West region (us-west-1) with an Application Load Balancer in front to provide high availability and fault tolerance for the shopping platform. The us-west-1a, us-west-1b, and us-west-1c Availability Zones have 10, 8 and 7 running instances respectively. Due to the low number of incoming traffic, the scale-in operation has been triggered.

Which of the following will the Auto Scaling group do to determine which instance to terminate first in this scenario? (Select THREE.)

A company plans to design an application that can handle batch processing of large amounts of financial data. The Solutions Architect is tasked to create two Amazon S3 buckets to store the input and output data. The application will transfer the data between multiple EC2 instances over the network to complete the data processing.

Which of the following options would reduce the data transfer costs?

A company plans to set up a cloud infrastructure in AWS. In the planning, it was discussed that you need to deploy two EC2 instances that should continuously run for three years. The CPU utilization of the EC2 instances is also expected to be stable and predictable.

Which is the most cost-efficient Amazon EC2 Pricing type that is most appropriate for this scenario?

A tech startup has recently received a Series A round of funding to continue building their mobile forex trading application. You are hired to set up their cloud architecture in AWS and to implement a highly available, fault tolerant system. For their database, they are using DynamoDB and for authentication, they have chosen to use Cognito. Since the mobile application contains confidential financial transactions, there is a requirement to add a second authentication method that doesn’t rely solely on user name and password.

How can you implement this in AWS?

A company needs to design an online analytics application that uses Redshift Cluster for its data warehouse. Which of the following services allows them to monitor all API calls in Redshift instance and can also provide secured data for auditing and compliance purposes?

A solutions architect is formulating a strategy for a startup that needs to transfer 50 TB of on-premises data to Amazon S3. The startup has a slow network transfer speed between its data center and AWS which causes a bottleneck for data migration.

Which of the following should the solutions architect implement?

A Solutions Architect must ensure that AWS resources in an Amazon VPC do not exceed their service limits. To achieve this, the architect requires a system that provides recommendations to ensure resource usage aligns with AWS best practices.

Which service is the MOST effective for this task?

A company has both on-premises data center as well as AWS cloud infrastructure. Multimedia assets, such as graphics, audio, and videos, are primarily stored in an on-premises storage server, with an Amazon S3 Standard storage class bucket used for backup. The data is heavily utilized for only one week (7 days), but after that period, it is infrequently accessed by customers. The Solutions Architect is tasked with saving storage costs in AWS while maintaining the ability to retrieve a subset of media assets within minutes for an annual data audit, which will be conducted on cloud storage.

Which of the following are valid options that the Solutions Architect can implement to meet the above requirement? (Select TWO.)

A Solutions Architect is developing a three-tier cryptocurrency web application for a FinTech startup. The Architect has been instructed to restrict access to the database tier to only accept traffic from the application-tier and deny traffic from other sources. The application-tier is composed of application servers hosted in an Auto Scaling group of EC2 instances.


Which of the following options is the MOST suitable solution to implement in this scenario?

A company has a two-tier environment in its on-premises data center which is composed of an application tier and database tier. You are instructed to migrate their environment to the AWS cloud, and to design the subnets in their VPC with the following requirements:

1. There is an application load balancer that would distribute the incoming traffic among the servers in the application tier.
2. The application tier and the database tier must not be accessible from the public Internet. The application tier should only accept traffic coming from the load balancer.
3. The database tier contains very sensitive data. It must not share the same subnet with other AWS resources and its custom route table with other instances in the environment.
4. The environment must be highly available and scalable to handle a surge of incoming traffic over the Internet.

How many subnets should you create to meet the above requirements?

A multimedia company needs to deploy web services to an AWS region that they have never used before. The company currently has an IAM role for its Amazon EC2 instance that permits the instance to access Amazon DynamoDB. They want their EC2 instances in the new region to have the exact same privileges.

What should be done to accomplish this?

An advertising company is currently working on a proof of concept project that automatically provides SEO analytics for its clients. Your company has a VPC in AWS that operates in a dual-stack mode in which IPv4 and IPv6 communication is allowed. You deployed the application to an Auto Scaling group of EC2 instances with an Application Load Balancer in front that evenly distributes the incoming traffic. You are ready to go live but you need to point your domain name (tutorialsdojo.com) to the Application Load Balancer.

In Route 53, which record types will you use to point the DNS name of the Application Load Balancer? (Select TWO.)

A company has a running m5ad.large EC2 instance with a default attached 75 GB SSD instance-store backed volume. You shut it down and then start the instance. You noticed that the data which you saved earlier on the attached volume is no longer available.

What might be the cause of this?

A Solutions Architect is working for a company that has multiple VPCs in various AWS regions. The Architect is assigned to set up a logging system that will track all of the changes made to their AWS resources in all regions, including the configurations made in IAM, CloudFront, AWS WAF, and Route 53. In order to pass the compliance requirements, the solution must ensure the security, integrity, and durability of the log data. It should also provide an event history of all API calls made in AWS Management Console and AWS CLI.

Which of the following solutions is the best fit for this scenario?

A company conducted a surprise IT audit on all of the AWS resources being used in the production environment. During the audit activities, it was noted that you are using a combination of Standard and Convertible Reserved EC2 instances in your applications.

Which of the following are the characteristics and benefits of using these two types of Reserved EC2 instances? (Select TWO.)

A Solutions Architect is working for an online hotel booking firm with terabytes of customer data coming from the websites and applications. There is an annual corporate meeting where the Architect needs to present the booking behavior and acquire new insights from the customers’ data. The Architect is looking for a service to perform super-fast analytics on massive data sets in near real-time.

Which of the following services gives the Architect the ability to store huge amounts of data and perform quick and flexible queries on it?

A well-known music streaming service is planning to broaden its platform globally. However, the company must ensure that listeners in certain countries cannot access specific music content until it is officially launched in their respective regions, in accordance with its music licensing agreements and restrictions.

To achieve this, the company will utilize Amazon CloudFront’s content delivery network and Origin Access Control (OAC) feature to prevent unauthorized users from accessing the content. Customized error messages must also be configured for users who are not authorized to access particular music tracks.

What solution would be able to fulfill these requirements?

The Bureau of Census and Statistics manages a geographic information systems (GIS) image database which has a single-table design. The system hosts high-resolution images that are uniquely identified by geographic codes. The database is updated on a minute-by-minute basis to detect any natural disasters like floods, volcanic eruptions, and other calamities.

Due to the substantial volume of data, the department wants to migrate its existing Oracle database to the AWS Cloud. The department also aims to achieve a highly available and scalable solution, particularly during critical events and high data inflow.

Which of the following options is the MOST cost-effective solution in this scenario?

A Solution Architect is working on a cloud infrastructure project for a company that uses AWS services. The company uses multiple EC2 and Amazon RDS DB instances on various applications. As part of the task, the company asked to create a solution that automatically starts and stops the EC2 and DB instances based on a predetermined schedule.

Which option will enable the Solution Architect to fulfill the company’s requirements while minimizing cost and infrastructure maintenance?

A large consulting firm is in the process of conducting an internal security audit of its cloud infrastructure. The goal is to ensure that the information in its Amazon S3 bucket, which is associated with the firm’s AWS Lake Formation data lake, doesn’t include confidential data related to its customers or staff.

The firm aims to uncover financial or personally identifiable information (PII), such as passport, credit card numbers, and taxpayer identification numbers, in its S3 bucket. This will prevent any sensitive data from being ingested into a data lake.

What solution would be the most operationally effective solution in meeting these particular requirements?

A large corporation has several Windows file servers in various departments within its on-premises data center. To improve its data management and scalability, the corporation has to migrate and integrate its files into an Amazon FSx for Windows File Server file system while keeping the current file permissions intact.

Which of the following solutions will fulfill the company’s requirements? (Select TWO.)

A Solutions Architect uses AWS Lake Formation to manage a data lake that stores petabytes of data spread across various AWS accounts. The data lake contains various reporting data that are uploaded by both the Data Analytics and the DevOps team.

The Data Analytics team wants to selectively share certain data from its accounts in a secure manner with the company’s DevOps team for reporting purposes. Strict data access control and monitoring must be implemented to meet security and compliance requirements.

Which of the following is the most operationally efficient way to fulfill these requirements with MINIMAL operational overhead?

A company has a mission-critical, public-facing containerized application running on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that has a microservices architecture.

There is a requirement to implement a fully managed centralized application logging solution that automatically collects metrics and application logs. The company also requires a dashboard to easily monitor the application metrics.

Which of the following can meet the above requirements with the LEAST amount of operational overhead?

A startup company running applications on multiple Amazon EC2 instances is utilizing Amazon FSx for NetApp ONTAP for its shared storage on its primary region. File shares in the region are configured over NFS and CIFS protocols.

As part of resiliency requirements, the company needs to implement a storage disaster recovery (DR) solution in a secondary region using the same protocol as the primary region.

Which of the following satisfies the given requirements with the LEAST amount of management overhead?

A DevOps Engineer is asked to deploy a web application on Amazon EC2 instances. The instances are defined in a target group and are able to scale horizontally based on the configuration of an Auto Scaling group.

The domain should be available publicly via the internet and is to be configured with session affinity (sticky sessions) to improve the user session management of the application. The application should be secured with an AWS WAF for additional protection against web attacks.

Which among the choices below should be set up to satisfy this requirement? (Select TWO.)

An enterprise company uses multiple AWS accounts for different business units. The AWS accounts are set up and consolidated into an organization via the AWS Organizations service.

The company sites are distributed globally across different countries and regions. There is a need to centrally manage security group rules across the organization to allow CIDR ranges of new office locations and remove old CIDR ranges as needed.

What design should the solutions architect propose to meet the requirements in the MOST cost-effective manner?

A global company runs a daily data processing job that takes 10 hours to complete. The company is looking to design an Amazon EMR cluster configuration that not only supports this critical workload but also integrates with Apache Ranger for table-level and column-level permission control as well as fine-grained authorization using AWS Lake Formation. Also, it is required that no data is lost during the process.

Which configuration would meet the requirements while being the MOST cost-effective?

A bank runs a daily AWS Glue ETL job to process XML financial data in an Amazon S3 bucket. New datasets are added to this S3 bucket each day. The solutions architect has observed that AWS Glue is repeatedly processing the entire dataset, including previously processed data, in every execution.

The bank seeks an efficient method to ensure the AWS Glue ETL job processes only new or altered data, thus optimizing resources and processing time while maintaining data integrity.

Which solution can satisfy this requirement?

An organization seeks to enhance its customer experience by integrating and visualizing its diverse data sources. The organization has a robust Amazon S3 data lake, governed by AWS Lake Formation, containing detailed purchase histories. Additionally, they store operational data, including real-time inventory and sales information, in an Amazon Aurora MySQL database.

The goal is to create a dynamic visualization in Amazon QuickSight, joining the data lake content with the Aurora database. The company requires stringent column-level authorization, allowing its marketing team to access only specific columns in the database for targeted promotions and customer insights.

What is the most efficient solution to meet these requirements with minimal operational overhead?