Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 15

One is planning on using SQS queues and AWS Lambda to create a leverage the serverless aspects of the AWS Cloud. Each invocation to AWS Lambda will send a message to an SQS queue. In order for messages to be sent, which of the following must be in place


Options are :

  • The queue must be a FIFO queue
  • An IAM Role with the required permissions (Correct)
  • The code for Lambda must be written in C#
  • An IAM Group with the required permissions

Answer : An IAM Role with the required permissions

You are developing a new mobile application and are considering storing user preferences in AWS. Each data item is expected to be 20KB in size. There would initially be thousands of customers who would be using the mobile application. You need to have a data store which could be used to store the user preferences. The solution needs to be cost-effective, highly available, scalable and secure. How would you design the data layer?


Options are :

  • Create a new AWS MySQL RDS instance and store the user data there.
  • Create a DynamoDB table with the required Read and Write capacity and use it as the data layer (Correct)
  • Use Amazon Glacier to store the user data
  • Use a Amazon Redshift cluster for managing the user preferences

Answer : Create a DynamoDB table with the required Read and Write capacity and use it as the data layer

In Cloudtrail, where does it store all of the logs that it creates? Choose one answer from the options given below.


Options are :

  • A separate EC2 instance with EBS storage
  • A RDS instance
  • A DynamoDB instance
  • Amazon S3 (Correct)

Answer : Amazon S3

You are deploying an application to track GPS coordinates of delivery trucks in the United States. Coordinates are transmitted from each delivery truck once every three seconds. You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. Which service should you use to implement data ingestion?


Options are :

  • Amazon Kinesis (Correct)
  • AWS Data Pipeline
  • Amazon AppStream
  • Amazon Simple Queue Service

Answer : Amazon Kinesis

You have instances hosted in a private subnet in a VPC. There is a need for the instance to download updates from the internet. As an architect what change can you suggest to the IT operations team which would be MOST efficient and secure.


Options are :

  • Create a new public subnet and move the instance to that subnet
  • Create a new EC2 Instance to download the updates separately and then push them to the required instance.
  • Use a NAT gateway to allow the instances in the private subnet to download the updates (Correct)
  • Create a VPC link to the internet to allow the instances in the private subnet to download the updates

Answer : Use a NAT gateway to allow the instances in the private subnet to download the updates

The Availability Zone that your RDS database instance is located in is suffering from outages, and you have lost access to the database. What could you have done to prevent losing access to your database (in the event of this type of failure) without any downtime? Choose the correct answer from the options below


Options are :

  • Made a snapshot of the database
  • Enabled multi-AZ failover (Correct)
  • Increased the database instance size
  • Created a read replica

Answer : Enabled multi-AZ failover

In consolidated billing what are the 2 different types of accounts.


Options are :

  • Paying account and Linked account (Correct)
  • Parent account and Child account
  • Main account and Sub account.
  • Primary account and Secondary account.

Answer : Paying account and Linked account

While performing status checks on your volume in AWS , you can see that the volume check has a status of "insufficient-data". What can you derive from this status check


Options are :

  • All checks have passed
  • A particular check has failed only
  • All checks have failed
  • The check on the volume is still in progress. (Correct)

Answer : The check on the volume is still in progress.

A Solutions Architect is designing a web page for event registrations and needs a managed service to send a text message to users every time users sign up for an event. Which AWS Service should the Architect use to achieve this?


Options are :

  • Amazon STS
  • Amazon SQS
  • AWS Lambda
  • Amazon SNS (Correct)

Answer : Amazon SNS

What is the service provided by aws that allows developers to let connected devices interact with cloud based applications? Please choose on answer from the options below.


Options are :

  • CloudFormation
  • Elastic Beanstalk
  • AWS IoT (Correct)
  • Container service

Answer : AWS IoT

Which of the following is false when you create an encrypted EBS volume?


Options are :

  • Data is encrypted at rest inside the volume
  • Data is encrypted when it is moved from one instance to another in the same subnet. (Correct)
  • Data is encrypted when data is moved between the volume and the instance
  • All snapshots created from the volume are encrypted

Answer : Data is encrypted when it is moved from one instance to another in the same subnet.

Company salespeople upload their sales figures daily. A Solutions Architect needs a durable storage solution for these documents that also protects against users accidentally deleting important documents. Which action will protect against unintended user actions?


Options are :

  • Store data in an EBS volume and create snapshots once a week.
  • Store data in an S3 bucket and enable versioning. (Correct)
  • Store data in two S3 buckets in different AWS regions.
  • Store data on EC2 instance storage.

Answer : Store data in an S3 bucket and enable versioning.

What are the different types of identities available AWS. Please choose 3 answers form the options given below.


Options are :

  • Roles (Correct)
  • Users (Correct)
  • EC2 Instances
  • Groups (Correct)

Answer : Roles Users Groups

As part of your application architecture requirements, the company you are working for has requested the ability to run analytics against all combined log files from the Elastic Load Balancer. Which services are used together to collect logs and process log file analysis in an AWS environment? Choose the correct option.


Options are :

  • Amazon DynamoDB to store the logs and EC2 for running custom log analysis scripts
  • Amazon EC2 for storing and processing the log files
  • Amazon S3 for storing the ELB log files and EC2 for processing the log files in analysis
  • Amazon S3 for storing ELB log files and Amazon EMR for processing the log files in analysis (Correct)

Answer : Amazon S3 for storing ELB log files and Amazon EMR for processing the log files in analysis

When designing a health check for your web application which is hosted behind an elastic load balancer, which of the following health checks is ideal to implement


Options are :

  • A TCP health check
  • A UDP health check
  • A HTTP health check (Correct)
  • A combination of TCP and UDP health checks

Answer : A HTTP health check

When you create a default VPC, what are the services you get by default in the VPC? Select 2 options.


Options are :

  • An Elastic Load Balancer
  • Default subnet in each Availability Zone (Correct)
  • An Internet Gateway attached to the default VPC (Correct)
  • A light weight rds such as SQL Server Express.

Answer : Default subnet in each Availability Zone An Internet Gateway attached to the default VPC

You have started a new role as a solutions architect for an architectural firm that designs large sky scrapers in the Middle East. Your company hosts large volumes of data and has about 250 TB of data on internal servers. They have decided to store this data on S3 due to the redundancy offered by it. The company currently has a telecoms line of 2Mbps connecting their head office to the internet. What method should they use to import this data on to S3 in the fastest manner possible?


Options are :

  • Upload it directly to S3
  • Purchase and AWS Direct connect and transfer the data over that once it is installed.
  • AWS Data pipeline
  • AWS Snowball (Correct)

Answer : AWS Snowball

There is a requirement for a database for a two tier application. The data would go through multiple schema changes. The database needs to be durable and also changes to the database should not result in downtime for the database. Which of the following is the best option for data storage


Options are :

  • AWS S3
  • AWS Redshift
  • AWS DynamoDB (Correct)
  • AWS Aurora

Answer : AWS DynamoDB

Your application is having a very high traffic, so you have enabled autoscaling in multi availability zone to suffice the needs of your application but you observe that one of the availability zone is not receiving any traffic. What can be wrong here?


Options are :

  • Autoscaling only works for single availability zone
  • Autoscaling can be enabled for multi AZ only in north Virginia region
  • Availability zone is not added to Elastic load balancer (Correct)
  • Instances need to manually added to availability zone

Answer : Availability zone is not added to Elastic load balancer

An application requires a highly available relational database with an initial storage capacity of 8 TB. The database will grow by 8 GB every day. To support expected traffic, at least eight read replicas will be required to handle database reads. Which option will meet these requirements?


Options are :

  • DynamoDB
  • Amazon S3
  • Amazon Aurora
  • Amazon Redshift (Correct)

Answer : Amazon Redshift

You are a consultant tasked with migrating an on-premise application architecture to AWS. During your design process you have to give consideration to current on-premise security and determine which security attributes you are responsible for on AWS. Which of the following does AWS provide for you as part of the shared responsibility model? Choose the 2 correct options


Options are :

  • EC2 Instance security
  • Physical network infrastructure (Correct)
  • User access to the AWS environment via IAM.
  • Virtualization infrastructure (Correct)

Answer : Physical network infrastructure Virtualization infrastructure

Which of the AWS Services following can be used to build an application based on a serverless architecture. Choose 3 answers from the options given below


Options are :

  • AWS API Gateway (Correct)
  • AWS Lambda (Correct)
  • AWS DynamoDB (Correct)
  • AWS EC2

Answer : AWS API Gateway AWS Lambda AWS DynamoDB

You work for a market analysis firm who are designing a new environment. They will ingest large amounts of market data via Kinesis and then analyze this data using Elastic Map Reduce. The data is then imported in to a high performance NoSQL Cassandra database which will run on EC2 and then be accessed by traders from around the world. The database volume itself will sit on 2 EBS volumes that will be grouped into a RAID 0 volume. They are expecting very high demand during peak times, with an IOPS performance level of approximately 15,000. Which EBS volume should you recommend?


Options are :

  • Magnetic
  • General Purpose SSD
  • Provisioned IOPS (PIOPS) (Correct)
  • Turbo IOPS (TIOPS)

Answer : Provisioned IOPS (PIOPS)

In AWS, which security aspects are the customer’s responsibility? Choose 4 answers


Options are :

  • Security Group and ACL (Access Control List) settings (Correct)
  • Decommissioning storage devices
  • Patch management on the EC2 instance’s operating system (Correct)
  • Life-cycle management of IAM credentials (Correct)
  • Controlling physical access to compute resources
  • Encryption of EBS (Elastic Block Storage) volumes (Correct)

Answer : Security Group and ACL (Access Control List) settings Patch management on the EC2 instance’s operating system Life-cycle management of IAM credentials Encryption of EBS (Elastic Block Storage) volumes

You are a solutions architect working for a large digital media company. Your company is migrating their production estate to AWS and you are in the process of setting up access to the AWS console using Identity Access Management (IAM). You have created 5 users for your system administrators. What further steps do you need to take to enable your system administrators to get access to the AWS console?


Options are :

  • Generate an Access Key ID & Secret Access Key, and give these to your system administrators.
  • Enable multi-factor authentication on their accounts and define a password policy.
  • Generate a password for each user created and give these passwords to your system administrators. (Correct)
  • Give the system administrators the secret access key and access key id, and tell them to use these credentials to log in to the AWS console.

Answer : Generate a password for each user created and give these passwords to your system administrators.

If you want to point a domain name to an AWS VPC elastic load balancer in Route 53, how would you need to configure the record set? Choose the correct answer from the options below


Options are :

  • Non-Alias with a type "A" record set
  • Alias with a type "AAAA" record set
  • Alias with a type "CNAME" record set
  • Alias with a type "A" record set (Correct)

Answer : Alias with a type "A" record set

What are the different types of scale out options available in the AutoScaling service provided by AWS? Select 3 options.


Options are :

  • Scheduled Scaling (Correct)
  • Dynamic Scaling (Correct)
  • Manual Scaling (Correct)
  • Static Scaling

Answer : Scheduled Scaling Dynamic Scaling Manual Scaling

A Solutions Architect is designing an online shopping application running in a VPC on EC2 instances behind an ELB Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer managed database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements?


Options are :

  • Public subnets for both the application tier and the database cluster
  • Public subnets for the application tier, and private subnets for the database cluster
  • Public subnets for the application tier and NAT Gateway, and private subnets for the database cluster (Correct)
  • Public subnets for the application tier, and private subnets for the database cluster and NAT Gateway

Answer : Public subnets for the application tier and NAT Gateway, and private subnets for the database cluster

A company wants to store their primary data in S3 but at the same time they want to store frequently access data locally. This is because they are not having the option to extend their on-premise storage, hence they are looking at aws for an option. What is the best solution that can be provided?


Options are :

  • an EC2 instance with EBS volumes to store the commonly used data.
  • A Redis cache for frequently accessed data and S3 for frequently accessed data
  • Use the Gateway Cached Volumes (Correct)
  • There is no option available

Answer : Use the Gateway Cached Volumes

An existing application stores sensitive information on a non-boot Amazon EBS data volume attached to an Amazon Elastic Compute Cloud instance. Which of the following approaches would protect the sensitive data on an Amazon EBS volume?


Options are :

  • Upload your customer keys to AWS CloudHSM. Associate the Amazon EBS volume with AWS CloudHSM. Remount the Amazon EBS volume.
  • Create and mount a new, encrypted Amazon EBS volume. Move the data to the new volume. Delete the old Amazon EBS volume. (Correct)
  • Unmount the EBS volume. Toggle the encryption attribute to True. Remount the Amazon EBS volume.
  • Snapshot the current Amazon EBS volume. Restore the snapshot to a new, encrypted Amazon EBS volume. Mount the Amazon EBS volume

Answer : Create and mount a new, encrypted Amazon EBS volume. Move the data to the new volume. Delete the old Amazon EBS volume.