• Home
  • Blogs
  • Valid AWS Certified Solutions Architect AWS-Solutions-Architect-Associate Dumps Ensure Your Passing [Q138-Q157]

Valid AWS Certified Solutions Architect AWS-Solutions-Architect-Associate Dumps Ensure Your Passing [Q138-Q157]

Share

Valid AWS Certified Solutions Architect AWS-Solutions-Architect-Associate Dumps Ensure Your Passing

AWS-Solutions-Architect-Associate Dumps Real Exam Questions Test Engine Dumps Training

NEW QUESTION # 138
A mobile application serves scientific articles from individual files in an Amazon S3 bucket. Articles older than 30 days are rarely read. Articles older than 60 days no longer need to be available through the application, but the application owner would like to keep them for historical purposes.
Which cost-effective solution BEST meets these requirements?

  • A. Create lifecycle rules to move files older than 30 days to Amazon S3 Standard Infrequent Access and move files older than 60 days to Amazon Glacier.
  • B. Create lifecycle rules to move files older than 30 days to Amazon Glacier and move files older than 60 days to Amazon S3 Standard Infrequent Access.
  • C. Create a Lambda function to move files older than 30 days to Amazon EBS and move files older than 60 days to Amazon Glacier.
  • D. Create a Lambda function to move files older than 30 days to Amazon Glacier and move files older than 60 days to Amazon EBS.

Answer: A


NEW QUESTION # 139
A customer needs to capture all client connection information from their load balancer every five minutes. The company wants to use data for analyzing traffic patterns and troubleshooting their applications. Which of the following options meets the customer requirements?

  • A. Install the Amazon CloudWatch Logs agent on the Application load balancer
  • B. Enable Amazon CloudWatch metrics on the Application load balancer
  • C. Enable access logs on the Application load balancer
  • D. Enable AWS CloudTrail for the Application load balancer

Answer: C


NEW QUESTION # 140
By default, when an EBS volume is attached to a Windows instance, it may show up as any drive letter on the instance. You can change the settings of the _____ Service to set the drive letters of the EBS volumes per your specifications.

  • A. Ec2Config Service
  • B. EBSConfig Service
  • C. Ec2-AMIConfig Service
  • D. AMIConfig Service

Answer: A


NEW QUESTION # 141
You currently operate a web application In the AWS US-East region The application runs on an autoscaled layer of EC2 instances and an RDS Multi-AZ database Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2.1AM And RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of these solutions would you recommend?

  • A. Create a new CloudTrail with one new 53 bucket to store the logs Configure SNS to send log file delivery notifications to your management system Use lAM roles and 53 bucket policies on the 53 bucket mat stores your logs.
  • B. Create a new CloudTrail trail with an existing 53 bucket to store the logs and with the global services option selected Use 53 ACLs and Multi Factor Authentication (MFA) Delete on the 53 bucket that stores your logs.
  • C. Create a new CloudTrail trail with one new 53 bucket to store the logs and with the global services option selected Use lAM roles 53 bucket policies and Multi Factor Authentication (MFA) Delete on the 53 bucket that stores your logs.
  • D. Create three new CloudTrail trails with three new 53 buckets to store the logs one for the AWS Management console, one for AWS 5DKs and one for command line tools Use lAM roles and 53 bucket policies on the 53 buckets that store your logs.

Answer: C


NEW QUESTION # 142
A company collects data from a large number of participants who use wearabledevices.The company stores the data in an Amazon DynamoDB table and uses applications to analyze the data. The data workload is constant and predictable. The company wants to stay at or below its forecasted budget for DynamoDB.
Whihc solution will meet these requirements MOST cost-effectively?

  • A. Use on-demand mode. Specify the read capacity units (RCUs) and write capacity units (WCUs) with reserved capacity.
  • B. Use on-demand mode. Set the read capacity unite (RCUs) and write capacity units (WCUs) high enough to accommodate changes in the workload.
  • C. Use provisioned mode and DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA). Reserve capacity for the forecasted workload.
  • D. Use provisioned mode Specify the read capacity units (RCUs) and write capacity units (WCUs).

Answer: D

Explanation:
Explanation
This option is the most efficient because it uses provisioned mode, which is a read/write capacity mode for processing reads and writes on your tables that lets you specify how much read and write throughput you expect your application to perform . It also specifies the read capacity units (RCUs) and write capacity units (WCUs), which are the amount of data your application needs to read or write per second. It also meets the requirement of staying at or below its forecasted budget for DynamoDB, as provisioned mode has lower costs than on-demand mode for predictable workloads. This solution meets the requirement of collecting data from a large number of participants who use wearable devices with a constant and predictable data workload. Option A is less efficient because it uses provisioned mode and DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA), which is a storage class for infrequently accessed items that require milliseconds latency2.
However, this does not meet the requirement of collecting data from a large number of participants who use wearable devices with a constant and predictable data workload, as DynamoDB Standard-IA is more suitable for items that are accessed less frequently than once every 30 days. Option C is less efficient because it uses on-demand mode, which is a read/write capacity mode that lets you pay only for what you use by automatically adjusting your table's capacity in response to changing demand . However, this does not meet the requirement of staying at or below its forecasted budget for DynamoDB, as on-demand mode has higher costs than provisioned mode for predictable workloads. Option D is less efficient because it uses on-demand mode and specifies the RCUs and WCUs with reserved capacity, which is a way to reserve read and write capacity for your tables in exchange for discounted hourly rates. However, this does not meet the requirement of staying at or below its forecasted budget for DynamoDB, as on-demand mode has higher costs than provisioned mode for predictable workloads. Also, specifying RCUs and WCUs with reserved capacity is not possible with on-demand mode, as it only applies to provisioned mode.


NEW QUESTION # 143
A company is planning on deploying a newly built application on AWS in a default VPC The application will consist of a web layer and database layer. The web server was created in public subnets, and the MySQL database was created in private subnets. All subnets are created with the default network ACL settings, and the default security group in the VPC will be replaced with new custom security groups.
The following are the key requirements:
* The web servers must be accessible only to users on an SSL connection.
* The database should be accessible to the web layer, which is created in a public subnet only.
* All traffic to and from the IP range 182.20.0.0/16 subnet should be blocked.
Which combination of steps meets these requirements? (Select TWO.)

  • A. Create a database server security group with inbound and outbound rules for MySQL port 3306 traffic to and from anywhere (0 0.0.0/0)
  • B. Create a web server security group with inbound and outbound rules for HTTPS port 443 traffic to and from anywhere (0.0.0.0/0). Create a network ACL inbound deny rule for IP range 182.20.0.0/16.
  • C. Create a web server security group with an inbound rule for HTTPS port 443 traffic from anywhere (0.0
    0 0/0) Create network ACL inbound and outbound deny rules for IP range 182 20.00/16
  • D. Create a web server security group with an inbound allow rule for HTTPS port 443 traffic from anywhere (0.0.0.0/0) and an inbound deny rule for IP range 182.20.0 0/16.
  • E. Create a database server security group with an inbound rule for MySQL port 3306 and specify the source as a web server security group.

Answer: C,E


NEW QUESTION # 144
A Solutions Architect has designed a VPC that meets all necessary security requirements for their organization. Any applications deployed in the organization must use this VPC design.
How can project teams deploy, manage, and delete VPCs that meet this design with the LEAST administrative effort?

  • A. Clone the existing authorized VPC for each new project.
  • B. Run a script that uses the AWS Command Line Interface to deploy the VPC.
  • C. Use AWS Elastic Beanstalk to deploy both the VPC and the application.
  • D. Deploy an AWS CloudFormation template that defines components of the VPC.

Answer: B


NEW QUESTION # 145
Select the correct statement about Amazon ElastiCache.

  • A. It does not integrate with other Amazon Web Services.
  • B. It allows you to quickly deploy your cache environment only if you install software.
  • C. It cannot run in the Amazon Virtual Private Cloud (Amazon VPC) environment.
  • D. It makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud.

Answer: D

Explanation:
ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in memory cache environment in the cloud. It provides a high-performance, scalable, and cost- effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment. With ElastiCache, you can quickly deploy your cache environment, without having to provision hardware or install software.
http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/WhatIs.html


NEW QUESTION # 146
Within the IAM service a GROUP is regarded as a:

  • A. It's the group of EC2 machines that gain the permissions specified in the GROUP.
  • B. There's no GROUP in IAM, but only USERS and RESOURCES.
  • C. A collection of users.
  • D. A collection of AWS accounts

Answer: C


NEW QUESTION # 147
By default, temporary security credentials for an IAM user are valid for a maximum of 12 hours, but you can request a duration as long as _________ hours.

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

Explanation:
By default, temporary security credentials for an IAM user are valid for a maximum of 12 hours, but you can request a duration as short as 15 minutes or as long as 36 hours.
http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSessionTokens.html


NEW QUESTION # 148
An application has components running in a public subnet and a private subnet. The components within the private subnet must connect to the internet to receive updates.
How should this be accomplished without moving the components into a public subnet?

  • A. Add an internet gateway to the private subnet and update the private subnet route table.
  • B. Add a NAT gateway to the public subnet and update the public subnet route table.
  • C. Add a NAT gateway to the public subnet and update the private subnet route table.
  • D. Add an internet gateway to the VPC and update the private subnet route table.

Answer: A


NEW QUESTION # 149
A customer has a service based out of Oregon, U.S. and Paris, France. The application is storing data in an S3 bucket located in Oregon, and that data is updated frequently. The Paris office is experiencing slow response times when retrieving objects.
What should a Solution Architect do to resolve the slow response times for the Paris office?

  • A. Create a Amazon CloudFront distribution with the bucket located in Oregon as the origin and set the Maximum Time to Live (TTL) for cache behavior to 0
  • B. Create an Application Load Balancer that load balances data retrieval between the Oregon S3 bucket and a new Paris S3 bucket
  • C. Set up an S3 bucket based in Paris, and enable a lifecycle management rule to transition data from the Oregon bucket to the Paris bucket
  • D. Set up an S3 bucket based in Paris, and enable cross-region replication from the Oregon bucket to the Paris bucket

Answer: D


NEW QUESTION # 150
A company has a legacy application that processes data in two parts The second part of the process takes longer than the first, so the company has decided to rewrite the application as two microservices running on Amazon ECS that can scale independently.
How should a solutions architect integrate the microservices?

  • A. Implement code in microservice 1 to publish data to an Amazon SNS topic Implement code in microservice 2 to subscribe to this topic
  • B. Implement code in microservice 1 to send data to an Amazon SQS queue Implement code in microservice 2 to process messages from the queue
  • C. Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose. Implement code in microservice 2 to read from Kinesis Data Firehose.
  • D. Implement code in microservice 1 to send data to an Amazon S3 bucket. Use S3 event notifications to invoke microservice 2.

Answer: D


NEW QUESTION # 151
A company delivers files in Amazon S3 to certain users who do not have AWS credentials. These users must be given access for a limited lime. What should a solutions architect do to securely meet these requirements?

  • A. Create and assign 1AM roles that will grant GetObject permissions to the users.
  • B. Generate a presigned URL to share with the users.
  • C. Encrypt files using AWS KMS and provide keys to the users.
  • D. Enable public access on an Amazon S3 bucket.

Answer: B


NEW QUESTION # 152
What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?

  • A. Update the bucket policy to deny if the PutObject does not have an s3 x-amz-acl header set
  • B. Update the bucket policy to deny if the PutObject does not have an aws SecureTransport header set to true
  • C. Update the bucket policy to deny if the PutObject does not have an s3:x-amz-aci header set to private.
  • D. Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.

Answer: D


NEW QUESTION # 153
After an Amazon VPC instance is launched, can I change the VPC security groups it belongs to?

  • A. Yes. You can.
  • B. Only if you are the root user
  • C. No. You cannot.
  • D. Only if the tag "VPC_Change_Group" is true

Answer: B


NEW QUESTION # 154
Out of the stripping options available for the EBS volumes, which one has the following disadvantage :
'Doubles the amount of 1/0 required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.'?

  • A. RAID 1+0 (RAID 10)
  • B. Raid 0
  • C. Raid
  • D. Raid 1

Answer: A


NEW QUESTION # 155
You need to create a load balancer in a VPC network that you are building. You can make your load balancer internal (private) or internet-facing (public). When you make your load balancer internal, a DNS name will be created, and it will contain the private IP address of the load balancer. An internal load balancer is not exposed to the internet. When you make your load balancer internet-facing, a DNS name will be created with the public IP address. If you want the Internet-facing load balancer to be connected to the Internet, where must this load balancer reside?

  • A. The load balancer must reside in a subnet that is not connected to the internet.
  • B. The load balancer must be completely outside of your VPC.
  • C. The load balancer must not reside in a subnet that is connected to the internet.
  • D. The load balancer must reside in a subnet that is connected to the internet using the internet gateway.

Answer: D

Explanation:
When you create an internal Elastic Load Balancer in a VPC, you need to select private subnets that are in the same Availability Zone as your instances. If the VPC Elastic Load Balancer is to be public facing, you need to create the Elastic Load Balancer in a public subnet. A subnet is a public subnet if it is attached to an Internet Gateway (IGW) with a defined route to that gateway. Selecting more than one public subnet increases the availability of your Elastic Load Balancer.
NB - Elastic Load Balancers in EC2-Classic are always Internet-facing load balancers.
Reference:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balan cers.html


NEW QUESTION # 156
A company has an Amazon RDS-managed online transaction processing system that has very heavy read and write. The Solutions Architect notices throughput issues with the system.
How can the responsiveness of the primary database be improved?

  • A. Offload SELECT query that needs the most current data to READ replica.
  • B. Offload SELECT queries that can tolerate stale data to READ replica.
  • C. Use asynchronous replication for standby to maximize throughput during peak demand.
  • D. Offload SELECT and UPDATE queries to READ replica.

Answer: B

Explanation:
Explanation
In a Multi AZ, AWS runs just one DB but copies the data synchronously to the standby replica The question targets Read Contention( responsiveness ) and write is not an issue and hence the Read Replicas.


NEW QUESTION # 157
......

Amazon AWS-Solutions-Architect-Associate: Selling AWS Certified Solutions Architect Products and Solutions: https://pass4sure.actual4cert.com/AWS-Solutions-Architect-Associate-pass4sure-vce.html

Related Blogs

more
Amazon AWS-Solutions-Architect-Associate Certification Practice Exam

Copyright © 2026 ACTUAL4CERT.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.