Certification : AWS Certified Solutions Architect Associate Practice Exams Set 5

You have a VPC that has a CIDR block of 10.31.0.0/27 which is connected to your on-premises data center. There was a requirement to create a Lambda function that will process massive amounts of cryptocurrency transactions every minute and then store the results to EFS. After you set up the serverless architecture and connected Lambda function to your VPC, you noticed that there is an increase in invocation errors with EC2 error types such as EC2ThrottledException on certain times of the day.

Which of the following are the possible causes of this issue? (Choose 2)


Options are :

  • You only specified one subnet in your Lambda function configuration. That single subnet runs out of available IP addresses and there is no other subnet or Availability Zone which can handle the peak load. (Correct)
  • Your VPC does not have a NAT gateway.
  • Your VPC does not have sufficient subnet ENIs or subnet IPs. (Correct)
  • The associated security group of your function does not allow outbound connections.
  • The attached IAM execution role of your function does not have the necessary permissions to access the resources of your VPC.

Answer : You only specified one subnet in your Lambda function configuration. That single subnet runs out of available IP addresses and there is no other subnet or Availability Zone which can handle the peak load. Your VPC does not have sufficient subnet ENIs or subnet IPs.

You are a Solutions Architect working for an aerospace engineering company which recently adopted a hybrid cloud infrastructure with AWS. One of your tasks is to launch a VPC with both public and private subnets for their EC2 instances as well as their database instances respectively.   

Which of the following statements are true regarding Amazon VPC subnets? (Choose 2)


Options are :

  • EC2 instances in a private subnet can communicate with the Internet only if they have an Elastic IP.
  • Each subnet maps to a single Availability Zone. (Correct)
  • The allowed block size in VPC is between a /16 netmask (65,536 IP addresses) and /27 netmask (16 IP addresses).
  • Every subnet that you create is automatically associated with the main route table for the VPC. (Correct)
  • Each subnet spans to 2 Availability Zones.

Answer : Each subnet maps to a single Availability Zone. Every subnet that you create is automatically associated with the main route table for the VPC.

You are working as a Solutions Architect for a tech company where you are instructed to build a web architecture using On-Demand EC2 instances and a database in AWS. However, due to budget constraints, the company instructed you to choose a database service in which they no longer need to worry about database management tasks such as hardware or software provisioning, setup, configuration, scaling and backups.

Which database service in AWS is best to use in this scenario?


Options are :

  • AWS RDS
  • DynamoDB (Correct)
  • Amazon ElastiCache
  • Redshift

Answer : DynamoDB

You are a Solutions Architect for a major TV network. They have a web application running on eight Amazon EC2 instances, consuming about 55% of resources on each instance. You are using Auto Scaling to make sure that eight instances are running at all times. The number of requests that this application processes are consistent and do not experience spikes. Your manager instructed you to ensure high availability of this web application at all times to avoid any loss of revenue. You want the load to be distributed evenly between all instances. You also want to use the same Amazon Machine Image (AMI) for all EC2 instances.

How will you be able to achieve this?


Options are :

  • Deploy eight EC2 instances with Auto Scaling in one Availability Zone behind an Amazon Elastic Load Balancer.
  • Deploy four EC2 instances with Auto Scaling in one region and four in another region behind an Amazon Elastic Load Balancer.
  • Deploy four EC2 instances with Auto Scaling in one Availability Zone and four in another availability zone in the same region behind an Amazon Elastic Load Balancer. (Correct)
  • Deploy two EC2 instances with Auto Scaling in four regions behind an Amazon Elastic Load Balancer.

Answer : Deploy four EC2 instances with Auto Scaling in one Availability Zone and four in another availability zone in the same region behind an Amazon Elastic Load Balancer.

Your IT Manager instructed you to set up a bastion host in the cheapest, most secure way, and that you should be the only person that can access it via SSH.   

Which of the following steps would satisfy your IT Manager's request?


Options are :

  • Set up a small EC2 instance and a security group which only allows access on port 22 via your IP address (Correct)
  • Set up a large EC2 instance and a security group which only allows access on port 22 via your IP address
  • Set up a large EC2 instance and a security group which only allows access on port 22
  • Set up a small EC2 instance and a security group which only allows access on port 22

Answer : Set up a small EC2 instance and a security group which only allows access on port 22 via your IP address

In Amazon EC2, you can manage your instances from the moment you launch them up to their termination. You can flexibly control your computing costs by changing the EC2 instance state. Which of the following statements is true regarding EC2 billing? (Choose 2)


Options are :

  • You will be billed when your On-Demand instance is in pending state.
  • You will be billed when your Spot instance is preparing to stop with a stopping state.
  • You will be billed when your On-Demand instance is preparing to hibernate with a stopping state. (Correct)
  • You will be billed when your Reserved instance is in terminated state. (Correct)
  • You will not be billed for any instance usage while an instance is not in the running state.

Answer : You will be billed when your On-Demand instance is preparing to hibernate with a stopping state. You will be billed when your Reserved instance is in terminated state.

You are a new Solutions Architect in your department and you have created 7 CloudFormation templates. Each template has been defined for a specific purpose.

What determines the cost of using these new CloudFormation templates?


Options are :

  • $2.50 per template per month
  • The length of time it takes to build the architecture with CloudFormation
  • It depends on the region where you will deploy.
  • CloudFormation templates are free but you are charged for the underlying resources it builds. (Correct)

Answer : CloudFormation templates are free but you are charged for the underlying resources it builds.

You are working for a large financial firm and you are instructed to set up a Linux bastion host. It will allow access to the Amazon EC2 instances running in their VPC. For security purposes, only the clients connecting from the corporate external public IP address 175.45.116.100 should have SSH access to the host.

Which is the best option that can meet the customer's requirement?


Options are :

  • Security Group Inbound Rule: Protocol TCP. Port Range 22, Source 175.45.116.100/32 (Correct)
  • Security Group Inbound Rule: Protocol UDP, Port Range 22, Source 175.45.116.100/32
  • Network ACL Inbound Rule: Protocol UDP, Port Range 22, Source 175.45.116.100/32
  • Network ACL Inbound Rule: Protocol TCP, Port Range-22, Source 175.45.116.100/0

Answer : Security Group Inbound Rule: Protocol TCP. Port Range 22, Source 175.45.116.100/32

Your customer has clients all across the globe that access product files stored in several S3 buckets, which are behind each of their own CloudFront web distributions. They currently want to deliver their content to a specific client, and they need to make sure that only that client can access the data. Currently, all of their clients can access their S3 buckets directly using an S3 URL or through their CloudFront distribution.

Which of the following are possible solutions that you could implement to meet the above requirements?


Options are :

  • Use CloudFront Signed Cookies to ensure that only their client can access the files.
  • Use CloudFront signed URLs to ensure that only their client can access the files.
  • Use S3 pre-signed URLs to ensure that only their client can access the files. Remove permission to use Amazon S3 URLs to read the files for anyone else. (Correct)
  • Create an origin access identity (OAI) and give it permission to read the files in the bucket.

Answer : Use S3 pre-signed URLs to ensure that only their client can access the files. Remove permission to use Amazon S3 URLs to read the files for anyone else.

A travel company has a suite of web applications hosted in an Auto Scaling group of On-Demand EC2 instances behind an Application Load Balancer that handles traffic from various web domains such as i-love-manila.com, i-love-boracay.com, i-love-cebu.com and many others. To improve security and lessen the overall cost, you are instructed to secure the system by allowing multiple domains to serve SSL traffic without the need to reauthenticate and reprovision your certificate everytime you add a new domain. This migration from HTTP to HTTPS will help improve their SEO and Google search ranking.

Which of the following is the most cost-effective solution to meet the above requirement?


Options are :

  • Use a wildcard certificate to handle multiple sub-domains and different domains.
  • Add a Subject Alternative Name (SAN) for each additional domain to your certificate.
  • Create a new CloudFront web distribution and configure it to serve HTTPS requests using dedicated IP addresses in order to associate your alternate domain names with a dedicated IP address in each CloudFront edge location.
  • Upload all SSL certificates of the domains in the ALB using the console and bind multiple certificates to the same secure listener on your load balancer. ALB will automatically choose the optimal TLS certificate for each client using Server Name Indication (SNI). (Correct)

Answer : Upload all SSL certificates of the domains in the ALB using the console and bind multiple certificates to the same secure listener on your load balancer. ALB will automatically choose the optimal TLS certificate for each client using Server Name Indication (SNI).

A data analytics company has been building its new generation big data and analytics platform on their AWS cloud infrastructure. They need a storage service that provides the scale and performance that their big data applications require such as high throughput to compute nodes coupled with read-after-write consistency and low-latency file operations. In addition, their data needs to be stored redundantly across multiple AZs and allows concurrent connections from multiple EC2 instances hosted on multiple AZs.   

Which of the following AWS storage services will you use to meet this requirement?


Options are :

  • EFS (Correct)
  • EBS
  • S3
  • Glacier

Answer : EFS

You are employed by a large electronics company that uses Amazon Simple Storage Service. For reporting purposes, they want to track and log every request access to their S3 buckets including the requester, bucket name, request time, request action, referrer, turnaround time, and error code information. The solution should also provide more visibility into the object-level operations of the bucket.

Which is the best solution among the following options that can satisfy the requirement?


Options are :

  • Enable AWS CloudTrail to audit all Amazon S3 bucket access.
  • Enable server access logging for all required Amazon S3 buckets. (Correct)
  • Enable the Requester Pays option to track access via AWS Billing.
  • Enable Amazon S3 Event Notifications for PUT and POST.

Answer : Enable server access logging for all required Amazon S3 buckets.

You are working for a tech company which currently has an on-premises infrastructure. They are currently running low on storage and want to have the ability to extend their storage using AWS cloud.

Which AWS service can help you achieve this requirement?


Options are :

  • Amazon EC2
  • Amazon Storage Gateway (Correct)
  • Amazon Elastic Block Storage
  • Amazon SQS

Answer : Amazon Storage Gateway

You recently launched a new FTP server using an On-Demand EC2 instance in a newly created VPC with default settings. The server should not be accessible publicly but only through your IP address 175.45.116.100 and nowhere else.

Which of the following is the most suitable way to implement this requirement?


Options are :

  • Create a new inbound rule in the security group of the EC2 instance with the following details: Protocol: TCP Port Range: 20 - 21 Source: 175.45.116.100/32 (Correct)
  • Create a new inbound rule in the security group of the EC2 instance with the following details: Protocol: UDP Port Range: 20 - 21 Source: 175.45.116.100/32
  • Create a new Network ACL inbound rule in the subnet of the EC2 instance with the following details: Protocol: TCP Port Range: 20 - 21 Source: 175.45.116.100/0 Allow/Deny: ALLOW
  • Create a new Network ACL inbound rule in the subnet of the EC2 instance with the following details: Protocol: UDP Port Range: 20 - 21 Source: 175.45.116.100/0 Allow/Deny: ALLOW

Answer : Create a new inbound rule in the security group of the EC2 instance with the following details: Protocol: TCP Port Range: 20 - 21 Source: 175.45.116.100/32

The IT Operations team of your company wants to retrieve all of the Public IP addresses assigned to a running EC2 instance via the Instance metadata.

Which of the following URLs will you use?


Options are :

  • http://169.254.169.254/latest/meta-data/public-ipv4 (Correct)
  • http://169.255.169.255/latest/meta-data/public-ipv4
  • http://254.169.254.169/metadata/public-ipv4
  • http://255.169.255.169/latest/public-ipv4

Answer : http://169.254.169.254/latest/meta-data/public-ipv4

A customer is transitioning their ActiveMQ messaging broker service onto the AWS cloud in which they require an alternative asynchronous service that supports NMS and MQTT messaging protocol. The customer does not have the time and resources needed to recreate their messaging service in the cloud. The service has to be highly available and should require almost no management overhead.

Which of the following is the most suitable service to use to meet the above requirement?


Options are :

  • Amazon SNS
  • Amazon MQ (Correct)
  • Amazon SQS
  • Amazon SWF

Answer : Amazon MQ

The company you are working for has a set of AWS resources hosted in ap-northeast-1 region. You have been requested by your IT Manager to create a shell script which could create duplicate resources in another region in the event that ap-northeast-1 region fails.

Which of the following AWS services could help fulfill this task?


Options are :

  • AWS Elastic Beanstalk
  • AWS SQS
  • AWS CloudFormation (Correct)
  • AWS SNS

Answer : AWS CloudFormation

You have an Auto Scaling group which is configured to launch new t2.micro EC2 instances when there is a significant load increase in the application. To cope with the demand, you now need to replace those instances with a larger t2.2xlarge instance type. How would you implement this change?


Options are :

  • Just change the instance type to t2.2xlarge in the current launch configuration
  • Create another Auto Scaling Group and attach the new instance type.
  • Create a new launch configuration with the new instance type and update the Auto Scaling Group. (Correct)
  • Change the instance type of each EC2 instance manually.

Answer : Create a new launch configuration with the new instance type and update the Auto Scaling Group.

An auto-scaling group of Linux EC2 instances is created with basic monitoring enabled in CloudWatch. You noticed that your application is slow so you asked one of your engineers to check all of your EC2 instances. After checking your instances, you noticed that the auto scaling group is not launching more instances as it should be, even though the servers already have high memory usage.

What is the best solution that will fix this issue?


Options are :

  • Install AWS SDK in the EC2 instances. Create a script that will trigger the Auto Scaling event if there is a high memory usage.
  • Install CloudWatch monitoring scripts in the instances. Send custom metrics to CloudWatch which will trigger your Auto Scaling group to scale up. (Correct)
  • Enable detailed monitoring on the instances.
  • Modify the scaling policy to increase the threshold to scale up the number of instances.

Answer : Install CloudWatch monitoring scripts in the instances. Send custom metrics to CloudWatch which will trigger your Auto Scaling group to scale up.

You have a set of linux servers running on multiple On-Demand EC2 Instances. The Audit team wants to collect and process the application log files generated from these servers for their report.

Which of the following services is the best to use in this case?


Options are :

  • Amazon S3 for storing the application log files and Amazon Elastic MapReduce for processing the log files. (Correct)
  • Amazon Glacier for storing the application log files and Spot EC2 Instances for processing them.
  • A single On-Demand Amazon EC2 instance for both storing and processing the log files
  • Amazon RedShift to store the logs and Amazon Lambda for running custom log analysis scripts

Answer : Amazon S3 for storing the application log files and Amazon Elastic MapReduce for processing the log files.

To save costs, your manager instructed you to analyze and review the setup of your AWS cloud infrastructure. You should also provide an estimate of how much your company will pay for all of the AWS resources that they are using. In this scenario, which of the following will incur costs? (Choose 2)


Options are :

  • A running EC2 Instance (Correct)
  • A stopped On-Demand EC2 Instance
  • EBS Volumes attached to stopped EC2 Instances (Correct)
  • Using an Amazon VPC
  • Public Data Set

Answer : A running EC2 Instance EBS Volumes attached to stopped EC2 Instances

A financial company instructed you to automate the recurring tasks in your department such as patch management, infrastructure selection, and data synchronization to improve their current processes. You need to have a service which can coordinate multiple AWS services into serverless workflows.   

Which of the following is the most cost-effective service to use in this scenario?


Options are :

  • SWF
  • AWS Lambda
  • AWS Step Functions (Correct)
  • AWS Batch

Answer : AWS Step Functions

The game development company that you are working for has an Amazon VPC with a public subnet. It has 4 EC2 instances that are deployed in the public subnet. These 4 instances can successfully communicate with other hosts on the Internet. You launch a fifth instance in the same public subnet, using the same AMI and security group configuration that you used for the others. However, this new instance cannot be accessed from the internet unlike the other instance.

What should you do to enable access to the fifth instance over the Internet?


Options are :

  • Deploy a NAT instance into the public subnet.
  • Assign an Elastic IP address to the fifth instance. (Correct)
  • Configure a publicly routable IP Address in the host OS of the fifth instance.
  • Modify the routing table for the public subnet.

Answer : Assign an Elastic IP address to the fifth instance.

A technology company is building a new cryptocurrency trading platform that allows buying and selling of Bitcoin, Ethereum, XRP, Ripple and many others. You were hired as a Cloud Engineer to build the required infrastructure needed for this new trading platform. On your first week at work, you started to create CloudFormation YAML scripts that defines all of the needed AWS resources for the application. Your manager was shocked that you haven't created the EC2 instances, S3 buckets and other AWS resources straight away. He does not understand the text-based scripts that you have done and was disappointed that you are just slacking off at your job. 

In this scenario, what are the benefits of using the Amazon CloudFormation service that you should tell your manager to clarify his concerns? (Choose 2)


Options are :

  • Provides highly durable and scalable data storage
  • A storage location for the code of your application
  • Enables modeling, provisioning, and version-controlling of your entire AWS infrastructure (Correct)
  • Allows you to model your entire infrastructure in a text file (Correct)
  • Using CloudFormation itself is free, including the AWS resources that have been created.

Answer : Enables modeling, provisioning, and version-controlling of your entire AWS infrastructure Allows you to model your entire infrastructure in a text file

You have a web application hosted in AWS cloud where the application logs are sent to Amazon CloudWatch. Lately, the web application has recently been encountering some errors which can be resolved simply by restarting the instance.

What will you do to automatically restart the EC2 instances whenever the same application error occurs?


Options are :

  • First, look at the existing CloudWatch logs for keywords related to the application error to create a custom metric. Then, create a CloudWatch alarm for that custom metric which invokes an action to restart the EC2 instance. (Correct)
  • First, look at the existing CloudWatch logs for keywords related to the application error to create a custom metric. Then, create an alarm in Amazon SNS for that custom metric which invokes an action to restart the EC2 instance.
  • First, look at the existing Flow logs for keywords related to the application error to create a custom metric. Then, create a CloudWatch alarm for that custom metric which invokes an action to restart the EC2 instance.
  • First, look at the existing Flow logs for keywords related to the application error to create a custom metric. Then, create a CloudWatch alarm for that custom metric which calls a Lambda function that invokes an action to restart the EC2 instance.

Answer : First, look at the existing CloudWatch logs for keywords related to the application error to create a custom metric. Then, create a CloudWatch alarm for that custom metric which invokes an action to restart the EC2 instance.

A real-time data analytics application is using AWS Lambda to process data and store results in JSON format to an S3 bucket. To speed up the existing workflow, you have to use a service where you can run sophisticated Big Data analytics on your data without moving them into a separate analytics system.   

Which of the following group of services can you use to meet this requirement? 


Options are :

  • S3 Select, Amazon Neptune, DynamoDB DAX
  • Amazon X-Ray, Amazon Neptune, DynamoDB
  • Amazon Glue, Glacier Select, Amazon Redshift
  • S3 Select, Amazon Athena, Amazon Redshift Spectrum (Correct)

Answer : S3 Select, Amazon Athena, Amazon Redshift Spectrum

You have a web application hosted in an On-Demand EC2 instance in your VPC. You are creating a shell script that needs the instance's public and private IP addresses.

What is the best way to get the instance's associated IP addresses which your shell script can use?


Options are :

  • By using IAM.
  • By using a CloudWatch metric.
  • By using a Curl or Get Command to get the latest metadata information from http://169.254.169.254/latest/meta-data/ (Correct)
  • By using a Curl or Get Command to get the latest user data information from http://169.254.169.254/latest/user-data/

Answer : By using a Curl or Get Command to get the latest metadata information from http://169.254.169.254/latest/meta-data/

You are the technical lead of the Cloud Infrastructure team in your company and you were consulted by a software developer regarding the required AWS resources of the web application that he is building. He knows that an Instance Store only provides ephemeral storage where the data is automatically deleted when the instance is terminated. To ensure that the data of his web application persists, the app should be launched in an EC2 instance that has a durable, block-level storage volume attached. He knows that they need to use an EBS volume, but they are not sure what type they need to use. 

In this scenario, which of the following is true about Amazon EBS volume types and their respective usage? (Choose 2)


Options are :

  • Spot volumes provide the lowest cost per gigabyte of all EBS volume types and are ideal for workloads where data is accessed infrequently, and applications where the lowest storage cost is important.
  • Provisioned IOPS volumes offer storage with consistent and low-latency performance, and are designed for I/O intensive applications such as large relational or NoSQL databases. (Correct)
  • Magnetic volumes provide the lowest cost per gigabyte of all EBS volume types and are ideal for workloads where data is accessed infrequently, and applications where the lowest storage cost is important. (Correct)
  • Reduced Redundancy Storage volumes offer consistent and low-latency performance, and are designed for I/O intensive applications such as large relational or NoSQL databases.
  • Single root I/O virtualization (SR-IOV) volumes are suitable for a broad range of workloads, including small to medium sized databases, development and test environments, and boot volumes.

Answer : Provisioned IOPS volumes offer storage with consistent and low-latency performance, and are designed for I/O intensive applications such as large relational or NoSQL databases. Magnetic volumes provide the lowest cost per gigabyte of all EBS volume types and are ideal for workloads where data is accessed infrequently, and applications where the lowest storage cost is important.

A company is using hundreds of AWS resources in multiple AWS regions. They require a way to uniquely identify all of their AWS resources that will allow them to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.   

Which of the following is the most suitable option to use in this scenario? 


Options are :

  • AWS Resource ID
  • AWS Service Namespaces
  • Amazon Resource Name (Correct)
  • Tags

Answer : Amazon Resource Name

You are a Solutions Architect for a large London-based software company. You are assigned to improve the performance and current processes of supporting the AWS resources in your VPC. Upon checking, you noticed that the Operations team does not have an automated way to monitor and resolve issues with their on-demand EC2 instances.

What can be used to automatically monitor your EC2 instances and notify the Operations team for any incidents?


Options are :

  • AWS Cloudtrail
  • AWS Cloudwatch (Correct)
  • AWS SWF
  • AWS SQS

Answer : AWS Cloudwatch