AWS Solutions Architect - Associate SAA-C01 Practice Exams Set 29

You are creating an application, which stores extremely sensitive financial information. All information in the system must be encrypted at rest and in transit. Which of these is a violation of this policy?


Options are :

  • A. ELB SSL termination (Correct)
  • B. ELB Using Proxy Protocol v1
  • C. CloudFront Viewer Protocol Policy set to HTTPS redirection
  • D. Telling S3 to use AES 256 on the server-side

Answer :A. ELB SSL termination

An Administrator is tasked with creating a detailed report that shows expenditures over the past 12 months, as well as a forecast of expenditures over the next three months. The report should be split across the different AWS sections the company is utilizing. What should the Administrator use to generate the reports?


Options are :

  • A. Use Cost Explorer to generate the report for the past 12 months and to provide the forecast. (Correct)
  • B. Use the AWS Usage Reports to generate the report spend over the last 12 months, and project the forecast based on the results for those reports.
  • C. Use the Consolidated Bill Details reports for the report spend over the last 12 months, and project the forecast based on the results of those reports.
  • D. Use Amazon CloudWatch to generate the report spend over the last 12 months, and AWS Config to help determine the forecast.

Answer :A. Use Cost Explorer to generate the report for the past 12 months and to provide the forecast.

An application requires a highly available relational database with an initial storage capacity of 8 TB. The database will grow by 8 GB every day. To support expected traffic, at least eight read replicas will be required to handle database reads. Which option will meet these requirements?


Options are :

  • A. Amazon DynamoDB
  • B. Amazon S3
  • C. Amazon Aurora (Correct)
  • D. Amazon Redshift

Answer :C. Amazon Aurora

AWS Solutions Architect - Associate SAA-C01 Practice Exams Set 3

A Company is designing a highly scalable system to track records. These records must remain available for immediate download for up to three months and then must be deleted. What is the most cost effective solution?


Options are :

  • A. Store the files in Amazon EBS and create a Lifecycle Policy to remove files after 3 months.
  • B. Store the files in Amazon S3 and create a Lifecycle Policy to remove files after 3 months. (Correct)
  • C. Store the files in Amazon Glacier and create a Lifecycle Policy to remove files after 3 months.
  • D. Store the files in Amazon EFS and create a Lifecycle Policy to remove files after 3 months.

Answer :B. Store the files in Amazon S3 and create a Lifecycle Policy to remove files after 3 months.

A company has opted to store their cold data on EBS Volumes. Ensuring optimal cost, which of the following would be the ideal EBS Volume type to host this type of data?


Options are :

  • A. EBS Provisioned IOPS SSD
  • B. EBS Throughput Optimized HDD
  • C. EBS General Purpose SSD
  • D. EBS Cold HDD (Correct)

Answer :D. EBS Cold HDD

A company has an infrastructure that consists of machines which keep sending log information every minute. The number of these machines can run into thousands and it is required to ensure that the data can be analyzed at a later stage. Which of the following would help in fulfilling this requirement?


Options are :

  • A. Use Kinesis Data Firehose with S3 to take the logs and store them in S3 for further processing. (Correct)
  • B. Launch an Elastic Beanstalk application to take the processing job of the logs.
  • C. Launch an EC2 instance with enough EBS volumes to consume the logs which can be used for further processing.
  • D. Use CloudTrail to store all the logs which can be analyzed at a later stage.

Answer :A. Use Kinesis Data Firehose with S3 to take the logs and store them in S3 for further processing.

AWS Solutions Architect - Associate SAA-C01 Practice Exams Set 4

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?


Options are :

  • A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
  • B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block (Correct)
  • C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
  • D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

Answer :B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block

IOT sensors monitor the number of bags that are handled at an airport. The data gets sent back to a Kinesis stream with default settings. Every alternate day, the data from the stream is sent to S3 for processing. But it is noticed that S3 is not receiving all of the data that is being sent to the Kinesis stream. What could be the reason for this?


Options are :

  • A. Sensors probably stopped working on some days, hence data is not sent to the stream.
  • B. S3 can only store data for a day.
  • C. Data records are only accessible for a default of 24 hours from the time they are added to a stream. (Correct)
  • D. Kinesis streams are not meant to handle IoT related data.

Answer :C. Data records are only accessible for a default of 24 hours from the time they are added to a stream.

A company has a lot of data hosted on their On-premise infrastructure. Running out of storage space, the company wants a quick win solution using AWS. Which of the following would allow easy extension of their data infrastructure to AWS?


Options are :

  • A. Company could start using Gateway Cached Volumes. (Correct)
  • B. Company could start using Gateway Stored Volumes.
  • C. Company could start using the Simple Storage Service.
  • D. Company could start using Amazon Glacier.

Answer :A. Company could start using Gateway Cached Volumes.

AWS Solutions Architect - Associate SAA-C01 Practice Exams Set 5

A company wants to deploy docker containers to the AWS Cloud. They also want a highly scalable service which can help manage the orchestration of these containers. Which of the following would be ideal for such a requirement?


Options are :

  • A. Use the Amazon Elastic Container Service for Kubernetes. (Correct)
  • B. Install a custom orchestration tool on EC2 Instances.
  • C. Use SQS to orchestrate the messages between docker containers.
  • D. Use AWS Lambda functions to embed the logic for container orchestration.

Answer :A. Use the Amazon Elastic Container Service for Kubernetes.

You have a requirement to host a web application using EC2 Instances in AWS. You need to have high availability built for your application. You also want to ensure that requests to the relative URL /video/* is directed to a set of EC2 Instances for processing. Which of the following can be used to fulfil this requirement?


Options are :

  • A. Create separate Target Groups, create a classic Load Balancer and attach the different Target Groups
  • B. Use the SQS Queue to store the videos which need to be directed to the relative EC2 Instances
  • C. Create separate Target Groups, create an Application Load Balancer and attach the different Target Groups (Correct)
  • D. Use Placement Groups to direct the requests for the videos to the set of EC2 Instances in that placement Groups.

Answer :C. Create separate Target Groups, create an Application Load Balancer and attach the different Target Groups

A company is planning to use RDS for their production online transaction processing (OLTP) workloads. The application is I/O intensive and requires low I/O latency and consistent I/O throughput. What is an ideal storage solution?


Options are :

  • A. Use General Purpose SSD
  • B. Use Provisioned IOPS (Correct)
  • C. Use SSD Instance Store
  • D. Use Magnetic

Answer :B. Use Provisioned IOPS

AWS Solutions Architect - Associate SAA-C01 Practice Exams Set 6

An application running on EC2 instances processes sensitive information stored on Amazon S3. The information is accessed over the Internet. The security team is concerned that the Internet connectivity to Amazon S3 is a security risk. Which solution will resolve the security concern?


Options are :

  • A. Access the data through an Internet Gateway.
  • B. Access the data through a VPN connection.
  • C. Access the data through a VPC endpoint for Amazon S3. (Correct)
  • D. Access the data through a NAT Gateway.

Answer :C. Access the data through a VPC endpoint for Amazon S3.

Your company needs to keep all system logs for audit purposes, and may rarely need to retrieve these logs for audit purposes and present them upon request within a week. The logs are 10TB in size. Which option would be the most cost-effective one for storing all these system logs?


Options are :

  • A. Amazon Glacier (Correct)
  • B. S3-Reduced Redundancy Storage
  • C. EBS backed storage connected to EC2
  • D. AWS CloudFront

Answer :A. Amazon Glacier

A company is hosting an application on a single EC2 instance. The users are accessing the instance using the host name. The Company added a new instance to host the same application but do not want the user to make a choice to access the application. How can the company provide user a single access point?


Options are :

  • A. Auto Scaling
  • B. CloudFront
  • C. Elastic Load Balancer (Correct)
  • D. WAF

Answer :C. Elastic Load Balancer

AWS Solutions Architect - Associate SAA-C01 Practice Exams Set 7

An application tier currently hosts two web services on the same set of instances, listening on different ports. Which AWS service should a solutions architect use to route traffic to the service based on the incoming request?A


Options are :

  • A. AWS Application Load Balancer (Correct)
  • B. Amazon CloudFront
  • C. Amazon Route 53
  • D. AWS Classic Load Balancer

Answer :A. AWS Application Load Balancer

A Company is developing several critical long-running applications hosted on Docker. How should a Solutions Architect design a solution to meet the scalability and orchestration requirements on AWS?


Options are :

  • A. Use AWS OpsWorks to launch containers in new Amazon EC2 Instances.
  • B. Use Amazon ECS and Service Auto Scaling. (Correct)
  • C. Use Spot Instances for orchestration and for scaling containers on existing Amazon EC2 Instances.
  • D. Use Auto Scaling groups to launch containers on existing Amazon EC2 Instances.

Answer :B. Use Amazon ECS and Service Auto Scaling.

An application is running on Amazon EC2 instances behind an Application Load Balancer. The Instances run in an auto scaling group across multiple Availability Zones. Four instances are required to handle a predictable traffic load. The Solutions Architect wants to ensure that the operation is fault-tolerant up to the loss of one Availability Zone. Which is the MOST cost-efficient way to meet these requirements?


Options are :

  • A. Deploy two instances in each of three Availability Zones. (Correct)
  • B. Deploy two instances in each of two Availability Zones.
  • C. Deploy four instances in each of two Availability Zones.
  • D. Deploy one instance in each of three Availability Zones.

Answer :A. Deploy two instances in each of three Availability Zones.

AWS Solutions Architect - Associate SAA-C01 Practice Exams Set 8

Two Auto Scaling applications, Application A and Application B currently run within a shared set of subnets. A solution architect wants to make sure that Application A can make request to Application B, but Application B should be denied from making request to Application A. Which is the SIMPLEST solution to achieve this policy?


Options are :

  • A. Using security groups that reference the security groups of the other application. (Correct)
  • B. Using security groups that reference the application servers IP address.
  • C. Using Network Access Control Lists to allow/deny traffic based on application IP address.
  • D. Migrating the applications to separate subnets from each other.

Answer :A. Using security groups that reference the security groups of the other application.

A Solutions Architect is developing a solution for sharing files in an organization. The solution must allow multiple users to access the storage service at once from different virtual machines and scale automatically. It must also support file-level locking. Which storage service meets the requirements of this use case?


Options are :

  • A. Amazon S3
  • B. Amazon EFS (Correct)
  • C. Amazon EBS
  • D. Cached Volumes

Answer :B. Amazon EFS

A solutions Architect is deploying a new production MySQL database on AWS. It is critical that the database is highly available. What should the Architect to do achieve this goal with Amazon RDS?


Options are :

  • A. Create a Read Replica of the primary database and deploy it in a different AWS Region.
  • B. Enable Multi-AZ to create a standby database in a different Availability Zone. (Correct)
  • C. Enable Multi-AZ to create a standby database in a different AWS Region.
  • D. Create a Read Replica of the primary database and deploy it in a different Availability Zone.

Answer :B. Enable Multi-AZ to create a standby database in a different Availability Zone.

AWS Solutions Architect - Associate SAA-C01 Practice Exams Set 9

A Solutions Architect is designing an Amazon VPC. Applications in the VPC must have private connectivity to Amazon DynamoDB in the same AWS Region. The design should route DynamoDB traffic through.


Options are :

  • A. VPC peering connection.
  • B. NAT gateway
  • C. VPC Endpoint. (Correct)
  • D. AWS Direct Connect.

Answer :C. VPC Endpoint.

A Solutions Architect is building a multi-tier website. The web servers will be in a public subnet, and the database servers will be in private subnet. Only the web servers can be accessed from the internet. The database servers must have internet access for software updates. Which solution meets these requirements?


Options are :

  • A. Assign Elastic IP addresses to the database instances
  • B. Use a NAT Gateway (Correct)
  • C. Allow Internet traffic on the private subnet through the network ACL
  • D. Use an egress-only Internet Gateway

Answer :B. Use a NAT Gateway

A company’s website receives 50,000 requests each second, and the company wants to use multiple applications to analyze the navigation patterns of the users on their website so that the experience can be personalized. What can a Solutions Architect use to collect page clicks for the website and process them sequentially for each user?


Options are :

  • A. Amazon Kinesis Stream (Correct)
  • B. Amazon SQS standard queue
  • C. Amazon SQS FIFO queue
  • D. AWS CloudTrail trail

Answer :A. Amazon Kinesis Stream

AWS Certified Solutions Architect Associate

A company has a legacy application using a proprietary file system and plans to migrate the application to AWS. Which storage service should the company use?


Options are :

  • A. Amazon DynamoDB
  • B. Amazon S3
  • C. Amazon EBS
  • D. Amazon EFS (Correct)

Answer :D. Amazon EFS

A call center application consists of a three-tier application using Auto Scaling groups to automatically scale resources as needed. Users report that every morning at 9:00 AM the system becomes very slow for about 15 minutes. A Solutions Architect determines that a large percentage of the call center staff starts work at 9:00 AM, so Auto Scaling does not have enough time to scale out to meet demand. How can the Architect fix the problem?


Options are :

  • A. Change the Auto Scaling group’s scale out event to scale based on network utilization.
  • B. Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30 AM every morning. (Correct)
  • C. Use Reserved Instances to ensure the system has reserved the right amount of capacity for the scale-up events.
  • D. Permanently keep a steady state of instances that is needed at 9:00 AM to guarantee available resources, but leverage Spot Instances.

Answer :B. Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30 AM every morning.

An e-commerce application is hosted in AWS. The last time a new product was launched, the application experienced a performance issue due to an enormous spike in traffic. Management decided that capacity must be doubled the week before of future product launches. Which is the MOST efficient way for management to ensure that capacity requirements are met?


Options are :

  • A. Add a Step Scaling policy
  • B. Add a Dynamic Scaling policy
  • C. Add a Scheduled Scaling action (Correct)
  • D. Add Amazon EC2 Spot instances.

Answer :C. Add a Scheduled Scaling action

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 1

A Solutions Architect is building a new feature using Lambda to create metadata when a user uploads a picture to Amazon S3. All metadata must be indexed. Which AWS service should the Architecture use to store this metadata?


Options are :

  • A. Amazon S3
  • B. Amazon EFS
  • C. Amazon Kinesis
  • D. Amazon DynamoDB (Correct)

Answer :D. Amazon DynamoDB

You have a business-to-business web application running in a VPC consisting of an Application Load Balancer (ALB), application servers and a database. Your web application should only accept traffic from predefined customer IP addresses. Which two options meet this security requirement? Choose 2 answers


Options are :

  • A. Configure web server VPC security groups to allow traffic from your customers’ IPs
  • B. Configure your web servers to filter traffic based on the ALB’s "X-forwarded-for" header (Correct)
  • C. Configure your web servers to filter traffic based on the ALB’s "Proxy Protocol" header
  • D. Configure ELB security groups to allow traffic from your customers’ IPs and deny all outbound traffic (Correct)
  • E. Configure a VPC NACL to allow web traffic from your customers’ IPs and deny all outbound traffic

Answer :B. Configure your web servers to filter traffic based on the ALB’s "X-forwarded-for" header D. Configure ELB security groups to allow traffic from your customers’ IPs and deny all outbound traffic

You are designing a scalable web application with stateless web servers. Which service or feature is well suited to store user session information?


Options are :

  • A. Amazon EBS
  • B. Amazon DynamoDB (Correct)
  • C. Amazon EC2 Instance Store
  • D. Amazon SQS

Answer :B. Amazon DynamoDB

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 10

Which of the following does AWS own under the shared security responsibility model? Choose 3 answers.


Options are :

  • A. Physical security of AWS data centers and facilities (Correct)
  • B. Logical security of customer SSH private key material
  • C. Patching of Amazon Elastic Compute Cloud hypervisors (Correct)
  • D. Decommissioning storage devices at end of life (Correct)
  • E. Encryption of traffic within a virtual private cloud
  • F. Access control within a virtual private cloud

Answer :A. Physical security of AWS data centers and facilities C. Patching of Amazon Elastic Compute Cloud hypervisors D. Decommissioning storage devices at end of life

You have an application running on an Amazon EC2 instance that uploads 10 GB video objects to amazon S3. Video uploads are taking longer than expected inspite of using multipart upload cause of internet bandwidth, resulting in poor application performance. Which action can help improve the upload performance?


Options are :

  • A. Apply an Amazon S3 Bucket policy
  • B. Use Amazon EBS provisioned IOPS
  • C. Use VPC endpoints for S3 (Correct)
  • D. Request a service limit increase

Answer :C. Use VPC endpoints for S3

A retail company has sensors placed in its physical retail stores. The sensors send messages over HTTP when customers interact with in-store product. A Solutions Architect needs to implement a system for processing those sensor messages, the results must be available for the Data Analysis team. Which scalable architecture should be used to meet these requirements?


Options are :

  • A. Implement an Amazon API Gateway to serve as the HTTP endpoint , Have the API Gateway trigger an AWS Lambda function to process the messages, and save the results to an Amazon DynamoDB table. (Correct)
  • B. Create an Amazon EC2 instance to serve as the HTTP endpoint and to process the messages. Save the results to Amazon S3 for the Data Analysis team to download.
  • C. Use Amazon Route 53 to direct incoming sensor messages to a Lambda function to process the message and save the results to an Amazon DynamoDB table.
  • D. Use AWS Direct Connect to connect sensors to DynamoDB so that data can be written directly to a DynamoDB table where it can be accessed by the Data Analysis team.

Answer :A. Implement an Amazon API Gateway to serve as the HTTP endpoint , Have the API Gateway trigger an AWS Lambda function to process the messages, and save the results to an Amazon DynamoDB table.

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 11

An application is used to process customer orders using an Amazon EC2 instance which saves the orders to an Amazon Aurora database. Occasionally when traffic is high the workload does not process orders fast enough. What will ensure that the orders are written to the database as quickly as possible?


Options are :

  • A. Use an ALB and an auto scaling group to distribute the load across multiple instances. Write orders to an Amazon SQS queue. Use EC2 instances in an AutoScaling group to read from the SQS queue and process orders into the database. (Correct)
  • B. Increase the instance size of the web server when traffic is high. Write orders as messages to Amazon SNS, ensuring the database is subscribed to the SNS topic.
  • C. Use an ALB and an Auto Scaling group to distribute the load across multiple instances. Write orders to an SQS queue. When instances have spare CPU available, read from the SQS and process orders into the database.
  • D. Use an ALB and an Auto Scaling group to distribute the load across multiple instances. Write orders as messages to SNS, ensuring that the database is subscribed to the SNS topic.

Answer :A. Use an ALB and an auto scaling group to distribute the load across multiple instances. Write orders to an Amazon SQS queue. Use EC2 instances in an AutoScaling group to read from the SQS queue and process orders into the database.

A company has a Node.js application running on Amazon EC2 that currently retrieves data for customers from a DynamoDB table. The company is seeing many repeat queries for the same items, and the number of queries is continuing to increase as the application gains popularity. What solution will reduce the number of read capacity units (RCUs) required while minimizing the amount of refactoring that must be done to the application?


Options are :

  • A. Use Amazon ElastiCache to provide a caching layer
  • B. Use a Lambda function to make concurrent request for caching
  • C. Use Amazon DynamoDB Accelerator (DAX) to provide a caching layer (Correct)
  • D. Obtain reserved Capacity for Amazon DynamoDB to manage the increased number of queries

Answer :C. Use Amazon DynamoDB Accelerator (DAX) to provide a caching layer

A Solutions Architect is designing a ride-sharing application. The application needs consistent and single-digit millisecond latency. In addition, the application must integrate with a highly scalable and fully managed database service to track GPS coordinate and user data for all rides. Which database service should the Solutions Architect use to meet these performance requirements?


Options are :

  • A. Amazon RDS
  • B. Amazon Redshift
  • C. Amazon DynamoDB (Correct)
  • D. Amazon Aurora

Answer :C. Amazon DynamoDB

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 12

A Solution Architect is designing a three-tier web application that will allow customers to upload pictures from a mobile application. The application will then generate a thumbnail of the picture and return a message to the user confirming that the image was successfully uploaded. Generation of the thumbnail may take up to 5 seconds. To provide a sub-second response time to the customers uploading the images, the solutions architect wants to separate the web tier from the application tier. Which service would allow the presentation tier to asynchronously dispatch the request to the application tier?


Options are :

  • A. AWS Step Functions
  • B. AWS Lambda
  • C. Amazon SNS
  • D. Amazon SQS (Correct)

Answer :D. Amazon SQS

A workload in an Amazon VPC consists of an Elastic Load Balancer that distributes incoming requests across a fleet of six Amazon EC2 instances. Each instance stores and retrieves data from an Amazon DynamoDB table. Which of the following provisions will ensure that this workload is highly available?


Options are :

  • A. Provision DynamoDB tables across a minimum of two Availability Zones
  • B. Provision the EC2 instances evenly across a minimum of two AZ in two regions
  • C. Provision the EC2 instances evenly across a minimum of two AZ in a single region (Correct)
  • D. Provision the ELB to distribute connections across multiple AZ

Answer :C. Provision the EC2 instances evenly across a minimum of two AZ in a single region

An application that runs on an Amazon EC2 instance must make secure calls to Amazon S3 buckets. Which steps can a Solutions Architect take to ensure that the calls are made without exposing credentials?


Options are :

  • A. Generate an access key ID and a secret key, and assign an IAM role with least privilege
  • B. Create an IAM policy granting access to all services and assign it to the Amazon EC2 instance profile
  • C. Create an IAM role granting least privilege and assign it to the Amazon EC2 instance profile (Correct)
  • D. Generate temporary access keys to grant users temporary access to the Amazon EC2 instance

Answer :C. Create an IAM role granting least privilege and assign it to the Amazon EC2 instance profile

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 13

A university is running an internal web application on AWS that students can access from the university network to check their exam results. The web application runs on Amazon EC2 instances and pulls results from an Amazon DynamoDB table. Auto Scaling is currently configured to add a new web server when CPU greater than 80% for 5 minutes. DynamoDB is configured to increase both read and write capacity units by five when utilization is greater than 80%. Exam are released at 9:00 a.m., each Monday, and 80% of students attempt to access their unique results within the first 30 minutes. Despite Auto Scaling enabled, students are complaining of slow response times and errors when they view the site. There are no performance complaints after 9:30 a.m. Which recommendation should a Solutions Architect make to improve performance in a cost-effective manner?


Options are :

  • A. Implement Amazon ElastiCache to improve database performance and remove the need to scale the read/write units.
  • B. Implement Amazon DynamoDB Accelerator to improve database performance and remove the need to scale the read/write units.
  • C. Use a scheduled job to scale out EC2 before 9:00 a.m. on Monday and to scale down after 9:30 a.m. (Correct)
  • D. Use Amazon CloudFront to cache web request and reduce the load on EC2 and DynamoDB

Answer :C. Use a scheduled job to scale out EC2 before 9:00 a.m. on Monday and to scale down after 9:30 a.m.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions