AWS-Certified-Solutions-Architect-Professional | Renewal AWS-Certified-Solutions-Architect-Professional Dumps For Amazon AWS Certified Solutions Architect Professional Certification

we provide Practical Amazon AWS-Certified-Solutions-Architect-Professional free draindumps which are the best for clearing AWS-Certified-Solutions-Architect-Professional test, and to get certified by Amazon Amazon AWS Certified Solutions Architect Professional. The AWS-Certified-Solutions-Architect-Professional Questions & Answers covers all the knowledge points of the real AWS-Certified-Solutions-Architect-Professional exam. Crack your Amazon AWS-Certified-Solutions-Architect-Professional Exam with latest dumps, guaranteed!

Also have AWS-Certified-Solutions-Architect-Professional free dumps questions for you:

NEW QUESTION 1
An organization is setting up their website on AWS. The organization is working on various security measures to be performed on the AWS EC2 instances. Which of the below mentioned security mechanisms will not help the organization to avoid future data leaks and identify security weaknesses?

  • A. Run penetration testing on AWS with prior approval from Amazon.
  • B. Perform SQL injection for application testing.
  • C. Perform a Code Check for any memory leaks.
  • D. Perform a hardening test on the AWS instanc

Answer: C

Explanation:
AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a public cloud it is bound to be targeted by hackers. If an organization is planning to host their application on AWS EC2, they should perform the below mentioned security checks as a measure to find any security weakness/data leaks:
Perform penetration testing as performed by attackers to find any vulnerability. The organization must take an approval from AWS before performing penetration testing
Perform hardening testing to find if there are any unnecessary ports open Perform SQL injection to find any DB security issues
The code memory checks are generally useful when the organization wants to improve the application performance.
Reference: http://aws.amazon.com/security/penetration-testing/

NEW QUESTION 2
By default, what is the maximum number of Cache Nodes you can run in Amazon EIastiCache?

  • A. 20
  • B. 50
  • C. 100
  • D. 200

Answer: A

Explanation:
In Amazon EIastiCache, you can run a maximum of 20 Cache Nodes. Reference: http://aws.amazon.com/e|asticache/faqs/

NEW QUESTION 3
An IAM user is trying to perform an action on an object belonging to some other root account’s bucket. Which of the below mentioned options will AWS S3 not verify?

  • A. The object owner has provided access to the IAM user
  • B. Permission provided by the parent of the IAM user on the bucket
  • C. Permission provided by the bucket owner to the IAM user
  • D. Permission provided by the parent ofthe IAM user

Answer: B

Explanation:
If the IAM user is trying to perform some action on the object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner.
Reference:
http://docs.aws.amazon.com/AmazonS3/Iatest/dev/access-control-auth-workflow-object-operation.htmI

NEW QUESTION 4
Which of the following AWS services can be used to define alarms to trigger on a certain actMty, such as actMty success, failure, or delay in AWS Data Pipeline?

  • A. Amazon SES
  • B. Amazon CodeDepIoy
  • C. Amazon SNS
  • D. Amazon SQS

Answer: C

Explanation:
In AWS Data Pipeline, you can define Amazon SNS alarms to trigger on actMties such as success, failure, or delay by creating an alarm object and referencing it in the onFaiI, onSuccess, or onLate slots of the actMty object.
Reference: https://aws.amazon.com/datapipe|ine/faqs/

NEW QUESTION 5
Which of following IAM policy elements lets you specify an exception to a list of actions?

  • A. NotException
  • B. ExceptionAction
  • C. Exception
  • D. NotAction

Answer: D

Explanation:
The NotAction element lets you specify an exception to a list of actions. Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPoIicyLanguage_EIementDescriptions.html

NEW QUESTION 6
Your fortune 500 company has under taken a TCO analysis evaluating the use of Amazon S3 versus acquiring more hardware The outcome was that ail employees would be granted access to use Amazon S3 for storage of their personal documents.
Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket? (Choose 3 Answers)

  • A. Setting up a federation proxy or identity provider
  • B. Using AWS Security Token Service to generate temporary tokens
  • C. Tagging each folder in the bucket
  • D. Configuring IAM role
  • E. Setting up a matching IAM user for every user in your corporate directory that needs access to a folder in the bucket

Answer: ABD

NEW QUESTION 7
An organization is having a VPC for the HR department, and another VPC for the Admin department. The HR department requires access to all the instances running in the Admin VPC while the Admin department requires access to all the resources in the HR department. How can the organization setup
this scenario?

  • A. Setup VPC peering between the VPCs of Admin and HR.
  • B. Setup ACL with both VPCs which will allow traffic from the CIDR of the other VPC.
  • C. Setup the security group with each VPC which allows traffic from the CIDR of another VPC.
  • D. It is not possible to connect resources of one VPC from another VPC.

Answer: A

Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. A VPC peering connection allows the user to route traffic between the peer VPCs using private IP addresses as if they are a part of the same network.
This is helpful when one VPC from the same or different AWS account wants to connect with resources of the other VPC.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.htmI

NEW QUESTION 8
By default, temporary security credentials for an IAM user are valid for a maximum of 12 hours, but you can request a duration as long as hours.

  • A. 24
  • B. 36
  • C. 10
  • D. 48

Answer: B

Explanation:
By default, temporary security credentials for an IAM user are valid for a maximum of 12 hours, but you can request a duration as short as 15 minutes or as long as 36 hours.
Reference: http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSessionTokens.html

NEW QUESTION 9
An enterprise wants to use a third-party SaaS application. The SaaS application needs to have access to issue several API commands to discover Amazon EC2 resources running within the enterprise's account The enterprise has internal security policies that require any outside access to their environment must conform to the principles of least prMlege and there must be controls in place to ensure that the credentials used by the SaaS vendor cannot be used by any other third party. Which of the following would meet all of these conditions?

  • A. From the AWS Management Console, navigate to the Security Credentials page and retrieve the access and secret key for your account.
  • B. Create an IAM user within the enterprise account assign a user policy to the IAM user that allows only the actions required by the SaaS application create a new access and secret key for the user and provide these credentials to the SaaS provider.
  • C. Create an IAM role for cross-account access allows the SaaS provider's account to assume the role and assign it a policy that allows only the actions required by the SaaS application.
  • D. Create an IAM role for EC2 instances, assign it a policy that allows only the actions required tor the Saas application to work, provide the role ARN to the SaaS provider to use when launching their application instances.

Answer: C

NEW QUESTION 10
A 3-tier e-commerce web application is current deployed on-premises and will be migrated to AWS for greater scalability and elasticity The web server currently shares read-only data using a network distributed file system The app server tier uses a clustering mechanism for discovery and shared session state that depends on IP multicast The database tier uses shared-storage clustering to provide database fall over capability, and uses several read slaves for scaling Data on all servers and the distributed file system directory is backed up weekly to off-site tapes
Which AWS storage and database architecture meets the requirements of the application?

  • A. Web servers: store read-only data in S3, and copy from S3 to root volume at boot tim
  • B. App servers: share state using a combination of DynamoDB and IP unicas
  • C. Database: use RDS with multi-AZ deployment and one or more read replica
  • D. Backup: web sewers, app sewers, and database backed up weekly to Glacier using snapshots.
  • E. Web sewers: store read-only data in an EC2 NFS sewer; mount to each web server at boot tim
  • F. App servers: share state using a combination of DynamoDB and IP multicas
  • G. Database: use RDS with multi-AZ deployment and one or more Read Replica
  • H. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.
  • I. Web sewers: store read-only data in S3, and copy from S3 to root volume at boot tim
  • J. App sewers: share state using a combination of DynamoDB and IP unicas
  • K. Database: use RDS with multi-AZ deployment and one or more Read Replica
  • L. Backup: web and app sewers backed up weekly via AMIs, database backed up via DB snapshots.
  • M. Web sewers: store read-only data in S3, and copy from S3 to root volume at boot tim
  • N. App sewers: share state using a combination of DynamoDB and IP unicas
  • O. Database: use RDS with multi-AZ deploymen
  • P. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.

Answer: C

NEW QUESTION 11
Your company produces customer commissioned one-of-a-kind skiing helmets combining nigh fashion with custom technical enhancements Customers can show off their IndMduality on the ski slopes and have access to head-up-displays. GPS rear-view cams and any other technical innovation they wish to embed in the helmet.
The current manufacturing process is data rich and complex including assessments to ensure that the custom electronics and materials used to assemble the helmets are to the highest standards Assessments are a mixture of human and automated assessments you need to add a new set of assessment to model the failure modes of the custom electronics using GPUs with CUDA, across a cluster of servers with low latency networking.
What architecture would allow you to automate the existing process using a hybrid approach and ensure that the architecture can support the evolution of processes over time?

  • A. Use AWS Data Pipeline to manage movement of data & meta-data and assessments Use an auto-scaling group of G2 instances in a placement group.
  • B. Use Amazon Simple Workflow (SWF) to manages assessments, movement of data & meta-data Use an auto-scaling group of G2 instances in a placement group.
  • C. Use Amazon Simple Workflow (SWF) to manages assessments movement of data & meta-data Use an auto-scaling group of C3 instances with SR-IOV (Single Root I/O Virtualization).
  • D. Use AWS data Pipeline to manage movement of data & meta-data and assessments use auto-scaling group of C3 with SR-IOV (Single Root I/O virtualization).

Answer: B

NEW QUESTION 12
An EC2 instance that performs source/destination checks by default is launched in a private VPC subnet. All security, NACL, and routing definitions are configured as expected. A custom NAT instance is launched.
Which of the following must be done for the custom NAT instance to work?

  • A. The source/destination checks should be disabled on the NAT instance.
  • B. The NAT instance should be launched in public subnet.
  • C. The NAT instance should be configured with a public IP address.
  • D. The NAT instance should be configured with an elastic IP addres

Answer: A

Explanation:
Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the NAT instance.
Reference:
http://docs.aws.amazon.com/AmazonVPC/Iatest/UserGuide/VPC_NAT_|nstance.htm|#EIP_Disab|e_Src DestCheck

NEW QUESTION 13
Identify a true statement about using an IAM role to grant permissions to applications running on Amazon EC2 instances.

  • A. When AWS credentials are rotated, developers have to update only the root Amazon EC2 instance that uses their credentials.
  • B. When AWS credentials are rotated, developers have to update only the Amazon EC2 instance on which the password policy was applied and which uses their credentials.
  • C. When AWS credentials are rotated, you don't have to manage credentials and you don't have to worry about long-term security risks.
  • D. When AWS credentials are rotated, you must manage credentials and you should consider precautions for long-term security risks.

Answer: C

Explanation:
Using IAM roles to grant permissions to applications that run on EC2 instances requires a bit of extra configuration. Because role credentials are temporary and rotated automatically, you don't have to manage credentials, and you don't have to worry about long-term security risks.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/role-usecase-ec2app.htmI

NEW QUESTION 14
You are the new IT architect in a company that operates a mobile sleep tracking application.
When activated at night, the mobile app is sending collected data points of 1 kilobyte every 5 minutes to your backend.
The backend takes care of authenticating the user and writing the data points into an Amazon DynamoDB table.
Every morning, you scan the table to extract and aggregate last night's data on a per user basis, and store the results in Amazon S3. Users are notified via Amazon SNS mobile push notifications that new data is available, which is parsed and visualized by the mobile app.
Currently you have around 100k users who are mostly based out of North America. You have been tasked to optimize the architecture of the backend system to lower cost. What would you recommend? Choose 2 answers

  • A. Have the mobile app access Amazon DynamoDB directly Instead of JSON files stored on Amazon S3.
  • B. Write data directly into an Amazon Redshift cluster replacing both Amazon DynamoDB and Amazon S3.
  • C. Introduce an Amazon SQS queue to buffer writes to the Amazon DynamoDB table and reduce provisioned write throughput.
  • D. Introduce Amazon Elasticache to cache reads from the Amazon DynamoDB table and reduce provisioned read throughput.
  • E. Create a new Amazon DynamoDB table each day and drop the one for the previous day after its data is on Amazon S3.

Answer: AD

NEW QUESTION 15
A government client needs you to set up secure cryptographic key storage for some of their extremely confidential data. You decide that the AWS CIoudHSM is the best service for this. However, there seem to be a few pre-requisites before this can happen, one of those being a security group that has certain ports open. Which of the following is correct in regards to those security groups?

  • A. A security group that has no ports open to your network.
  • B. A security group that has only port 3389 (for RDP) open to your network.
  • C. A security group that has only port 22 (for SSH) open to your network.
  • D. A security group that has port 22 (for SSH) or port 3389 (for RDP) open to your networ

Answer: D

Explanation:
AWS CIoudHSM provides secure cryptographic key storage to customers by making hardware security modules (HSMs) available in the AWS cloud.
AWS C|oudHSM requires the following environment before an HSM appliance can be provisioned. A virtual private cloud (VPC) in the region where you want the AWS CIoudHSM service.
One private subnet (a subnet with no Internet gateway) in the VPC. The HSM appliance is provisioned into this subnet.
One public subnet (a subnet with an Internet gateway attached). The control instances are attached to this subnet.
An AWS Identity and Access Management (IAM) role that delegates access to your AWS resources to AWS CIoudHSM.
An EC2 instance, in the same VPC as the HSM appliance, that has the SafeNet client software installed. This instance is referred to as the control instance and is used to connect to and manage the HSM appliance.
A security group that has port 22 (for SSH) or port 3389 (for RDP) open to your network. This security group is attached to your control instances so you can access them remotely.

NEW QUESTION 16
......

P.S. Easily pass AWS-Certified-Solutions-Architect-Professional Exam with 185 Q&As Dumps-files.com Dumps & pdf Version, Welcome to Download the Newest Dumps-files.com AWS-Certified-Solutions-Architect-Professional Dumps: https://www.dumps-files.com/files/AWS-Certified-Solutions-Architect-Professional/ (185 New Questions)