LMS MRGT (Pvt) Ltd.

AWS

Name: Majid Bashir Date: 09-Dec-2022

Batch #: CCBC-ISB-BATCH-1
Course #: Cloud Native Computing Boot Camp
Total Marks: 60 Obtained Marks: 36
Percentage: 60%

Q#1 : A company runs a high performance computing (HPC) workload on AWS. The workload required low-
latency network performance and high network throughput with tightly coupled node-to-node
communication. The Amazon EC2 instances are properly sized for compute and storage capacity, and are
launched using default options.What should a solutions architect propose to improve the performance of
the workload?

A. Choose a cluster placement group while launching Amazon EC2 instances. CORRECT
B.?? Choose dedicated instance tenancy while launching Amazon EC2 instances.
C. Choose an Elastic Inference accelerator while launching Amazon EC2 instances.

Q#2 : A company runs multiple Windows workloads on AWS. The company's employees use Windows file
shares that are hosted on two Amazon EC2 instances. The file shares synchronize data between
themselves and maintain duplicate copies. The company wants a highly available and durable storage
solution that preserves how users currently access the files.What should a solutions architect do to meet
these requirements?

A. Migrate all the data to Amazon S3 Set up IAM authentication for users to access files
B. Set up an Amazon S3 File Gateway. Mount the S3 File Gateway on the existing EC2 Instances.
C. Extend the file share environment to Amazon FSx for Windows File Server with a Multi-AZ configuration
Migrate all the data to FSx for Windows File Server. CORRECT
D. Extend the file share environment to Amazon Elastic File System (Amazon EFS) with a Multi-AZ configu
Migrate all the data to Amazon EFS. WRONG

Q#3 : A company uses AWS Organizations to manage multiple AWS accounts for different departments.
The management account has an Amazon S3 bucket that contains project reports. The company wants to
limit access to this S3 bucket to only users of accounts within the organization in AWS
Organizations.Which solution meets these requirements with the LEAST amount of operational overhead?

A. Add the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucke
policy. CORRECT
B.Create an organizational unit (OU) for each department. Add the aws:PrincipalOrgPaths global condition
the S3 bucket policy
C. Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, a
RemoveAccountFromOrganization events. Update the S3 bucket policy accordingly.
D. Tag each user that needs access to the S3 bucket. Add the aws:PrincipalTag global condition key to the
bucket policy. WRONG
Q#4 : A company has a website hosted on AWS. The website is behind an Application Load Balancer (ALB)
that is configured to handle HTTP and HTTPS separately. The company wants to forward all requests to the
website so that the requests will use HTTPS.What should a solutions architect do to meet this
requirement?

A. Update the ALB's network ACL to accept only HTTPS traffic

B. Create a rule that replaces the HTTP in the URL with HTTPS.
C. Create a listener rule on the ALB to redirect HTTP traffic to HTTPS. CORRECT
D. Replace the ALB with a Network Load Balancer configured to use Server Name Indication (SNI).

Q#5 : A company has a production workload that runs on 1,000 Amazon EC2 Linux instances. The
workload is powered by third-party software. The company needs to patch the third-party software on all
EC2 instances as quickly as possible to remediate a critical security vulnerability.What should a solutions
architect do to meet these requirements?

A. Create an AWS Lambda function to apply the patch to all EC2 instances.
B. Configure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances.
C. Schedule an AWS Systems Manager maintenance window to apply the patch to all EC2 instances.
D. Use AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2
instances. CORRECT

Q#6 : A company's HTTP application is behind a Network Load Balancer (NLB). The NLB's target group is
configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web
service.The company notices that the NLB is not detecting HTTP errors for the application. These errors
require a manual restart of the EC2 instances that run the web service. The company needs to improve the
application's availability without writing custom scripts or code.What should a solutions architect do to
meet these requirements?

A. Enable HTTP health checks on the NLB. supplying the URL of the company's application.
B.Add a cron job to the EC2 instances to check the local application's logs once each minute. If HTTP erro
detected, the application will restart.
C. Replace the NLB with an Application Load Balancer. Enable HTTP health checks by supplying the URL
company's application. Configure an Auto Scaling action to replace unhealthy instances. CORRECT
D. Create an Amazon Cloud Watch alarm that monitors the UnhealthyHostCount metric for the NLB. Confi
Auto Scaling action to replace unhealthy instances when the alarm is in the ALARM state.

Q#7 : An ecommerce company hosts its analytics application in the AWS Cloud. The application generates
about 300 MB of data each month. The data is stored in JSON format. The company is evaluating a disaster
recovery solution to back up the data. The data must be accessible in milliseconds if it is needed, and the
data must be kept for 30 days.Which solution meets these requirements MOST cost-effectively?

A. Amazon OpenSearch Service (Amazon Elasticsearch Service)

B. Amazon S3 Glacier
C. Amazon S3 Standard CORRECT
D.?? Amazon RDS for PostgreSQL WRONG

Q#8 : Organizers for a global event want to put daily reports online as static HTML pages. The pages are
expected to generate millions of views from users around the world. The files are stored In an Amazon S3
bucket. A solutions architect has been asked to design an efficient and effective solution.Which action
should the solutions architect take to accomplish this?
 A. Generate presigned URLs for the files.
B. Use cross-Region replication to all Regions.
C. Use the geoproximtty feature of Amazon Route 53.
D. Use Amazon CloudFront with the S3 bucket as its origin. CORRECT

Q#9 : A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific
AWS Region for an upcoming event that will last 1 week. What should the company do to guarantee the
EC2 capacity?

A.Purchase Reserved instances that specify the Region needed

B.?? Create an On Demand Capacity Reservation that specifies the Region needed
C. Purchase Reserved instances that specify the Region and three Availability Zones needed
D. Create an On-Demand Capacity Reservation that specifies the Region and three Availability Zones
needed CORRECT

Q#10 : A company is designing a cloud communications platform that is driven by APIs. The application is
hosted on Amazon EC2 instances behind a Network Load Balancer (NLB). The company uses Amazon API
Gateway to provide external users with access to the application through APIs. The company wants to
protect the platform against web exploits like SQL injection and also wants to detect and mitigate large,
sophisticated DDoS attacks.Which combination of solutions provides the MOST protection?

A. Use AWS WAF to protect the NLB.

B. Use AWS Shield Advanced with the NLB. CORRECT
C. Use AWS WAF to protect Amazon API Gateway. CORRECT
D. Use Amazon GuardDuty with AWS Shield Standard.

Q#11 : A company receives 10 TB of instrumentation data each day from several machines located at a
single factory. The data consists of JSON files stored on a storage area network (SAN) in an on-premises
data center located within the factory. The company wants to send this data to Amazon S3 where it can be
accessed by several additional systems that provide critical near-real-lime analytics. A secure transfer is
important because the data is considered sensitive. Which solution offers the MOST reliable data transfer?

A. AWS DataSync over public internet

B. AWS DataSync over AWS Direct Connect WRONG
C. AWS Database Migration Service (AWS DMS) over public internet
D. AWS Database Migration Service (AWS DMS) over AWS Direct Connect

Q#12 : A company has an Amazon S3 bucket that contains critical data. The company must protect the
data from accidental deletion.Which combination of steps should a solutions architect take to meet these
requirements?

A. Enable versioning on the S3 bucket. CORRECT

B. Enable MFA Delete on the S3 bucket.
C. Create a bucket policy on the S3 bucket.
D. Enable default encryption on the S3 bucket.

Q#13 : A company runs a global web application on Amazon EC2 instances behind an Application Load
Balancer The application stores data in Amazon Aurora. The company needs to create a disaster recovery
solution and can tolerate up to 30 minutes of downtime and potential data loss. The solution does not need
to handle the load when the primary infrastructure is healthyWhat should a solutions architect do to meet
these requirements?

A. Deploy the application with the required infrastructure elements in place Use Amazon Route 53 to config
active-passive failover Create an Aurora Replica in a second AWS Region
B. Host a scaled-down deployment of the application in a second AWS Region Use Amazon Route 53 to c
active-active failover Create an Aurora Replica in the second Region
C. Replicate the primary infrastructure in a second AWS Region Use Amazon Route 53 to configure active
failover Create an Aurora database that is restored from the latest snapshot CORRECT
D. Back up data with AWS Backup Use the backup to create the required infrastructure in a second AWS R
Use Amazon Route 53 to configure active-passive failover Create an Aurora second primary instance in th
second Region WRONG

Q#14 : A company maintains a searchable repository of items on its website. The data is stored in an
Amazon RDS for MySQL database table that contains more than 10 million rows The database has 2 TB of
General Purpose SSD storage There are millions of updates against this data every day through the
company's website.The company has noticed that some insert operations are taking 10 seconds or longer
The company has determined that the database storage performance is the problem.Which solution
addresses this performance issue?

A. Change the storage type to Provisioned IOPS SSD CORRECT

B.Change the DB instance to a memory optimized instance class WRONG
Change the DB instance to a burstable performance instance class
D. Enable Multi-AZ RDS read replicas with MySQL native asynchronous replication.

Q#15 : An application runs on Amazon EC2 instances across multiple Availability Zones The instances run
in an Amazon EC2 Auto Scaling group behind an Application Load Balancer The application performs best
when the CPU utilization of the EC2 instances is at or near 40%..What should a solutions architect do to
maintain the desired performance across all instances in the group?

A. Use a simple scaling policy to dynamically scale the Auto Scaling group
B. Use a target tracking policy to dynamically scale the Auto Scaling group CORRECT
C. Use an AWS Lambda function to update the desired Auto Scaling group capacity.
D. Use scheduled scaling actions to scale up and scale down the Auto Scaling group

Q#16 : A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for
help with an application migration initiative. A solutions architect needs to share an Amazon Machine
Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by
Amazon Elastic Block Store (Amazon EBS) and uses a customer managed customer master key (CMK) to
encrypt EBS volume snapshots.What is the MOST secure way for the solutions architect to share the AMI
with the MSP Partner's AWS account?

A. Make the encrypted AMI and snapshots publicly available. Modify the CMK's key policy to allow the MSP
Partner's AWS account to use the key
B. Modify the launchPermission property of the AMI. Share the AMI with the MSP Partner's AWS account o
Modify the CMK's key policy to allow the MSP Partner's AWS account to use the key. CORRECT
C. Modify the launchPermission property of the AMI Share the AMI with the MSP Partner's AWS account o
Modify the CMK's key policy to trust a new CMK that is owned by the MSP Partner for encryption.
D. Export the AMI from the source account to an Amazon S3 bucket in the MSP Partner's AWS account. E
the S3 bucket with a CMK that is owned by the MSP Partner Copy and launch the AMI in the MSP Partner
account.
Q#17 : An entertainment company is using Amazon DynamoDB to store media metadata. The application is
read intensive and experiencing delays. The company does not have staff to handle additional operational
overhead and needs to improve the performance efficiency of DynamoDB without reconfiguring the
application.What should a solutions architect recommend to meet this requirement?

A. Use Amazon ElastiCache for Redis.

B. Use Amazon DynamoDB Accelerator (DAX). CORRECT
C. Replicate data by using DynamoDB global tables.
D. Use Amazon ElastiCache for Memcached with Auto Discovery enabled.

Q#18 : A company has an ecommerce checkout workflow that writes an order to a database and calls a
service to process the payment. Users are experiencing timeouts during the checkout process. When
users resubmit the checkout form, multiple unique orders are created for the same desired
transaction.How should a solutions architect refactor this workflow to prevent the creation of multiple
orders?

Configure the web application to send an order message to Amazon Kinesis Data Firehose. Set the payme
service to retrieve the message from Kinesis Data Firehose and process the order.
B.Create a rule in AWS CloudTrail to invoke an AWS Lambda function based on the logged application pa
request Use Lambda to query the database, call the payment service, and pass in the order information
C. Store the order in the database. Send a message that includes the order number to Amazon Simple
Notification Service (Amazon SNS). Set the payment service to poll Amazon SNS. retrieve the message, a
process the order.
D. Store the order in the database. Send a message that includes the order number to an Amazon Simple
Service (Amazon SQS) FIFO queue. Set the payment service to retrieve the message and process the ord
Delete the message from the queue. CORRECT

Q#19 : A company has a production web application in which users upload documents through a web
interlace or a mobile app. According to a new regulatory requirement, new documents cannot be modified
or deleted after they are stored.What should a solutions architect do to meet this requirement?

A. Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock
enabled CORRECT
B. Store the uploaded documents in an Amazon S3 bucket. Configure an S3 Lifecycle policy to archive the
documents periodically.
C. Store the uploaded documents in an Amazon S3 bucket with S3 Versioning enabled Configure an ACL
restrict all access to read-only.
D. Store the uploaded documents on an Amazon Elastic File System (Amazon EFS) volume. Access the d
mounting the volume in read-only mode.

Q#20 : A global company hosts its web application on Amazon EC2 instances behind an Application Load
Balancer (ALB). The web application has static data and dynamic data. The company stores its static data
in an Amazon S3 bucket. The company wants to improve performance and reduce latency for the static
data and dynamic data. The company is using its own domain name registered with Amazon Route
53.What should a solutions architect do to meet these requirements?

A. Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins Configure Rou
route traffic to the CloudFront distribution. WRONG
B. Create an Amazon CloudFront distribution that has the ALB as an origin Create an AWS Global Acceler
standard accelerator that has the S3 bucket as an endpoint. Configure Route 53 to route traffic to the Clou
distribution.
 C. Create an Amazon CloudFront distribution that has the S3 bucket as an origin Create an AWS Global
Accelerator standard accelerator that has the ALB and the CloudFront distribution as endpoints Create a c
domain name that points to the accelerator DNS name.Use the custom domain name as an endpoint for th
application. CORRECT
D. Create an Amazon CloudFront distribution that has the ALB as an origin C. Create an AWS Global Acce
standard accelerator that has the S3 bucket as an endpoint Create two domain names. Point one domain n
the CloudFront DNS name for dynamic content, Point the other domain name to the accelerator DNS name
static content Use the domain names as endpoints for the web application.

Q#21 : A company hosts its multi-tier applications on AWS. For compliance, governance, auditing, and
security, the company must track configuration changes on its AWS resources and record a history of API
calls made to these resources.What should a solutions architect do to meet these requirements?

A. Use AWS CloudTrail to track configuration changes and AWS Config to record API calls
B.Use AWS Config to track configuration changes and AWS CloudTrail to record API calls CORRECT
C. Use AWS Config to track configuration changes and Amazon CloudWatch to record API calls
D.?? Use AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls

Q#22 : A company uses AWS Organizations to manage multiple AWS accounts for different departments.
The management account has an Amazon S3 bucket that contains project reports. The company wants to
limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations.
Which solution meets these requirements with the LEAST amount of operational overhead?

A. Add the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucke
policy. CORRECT
B.?? Create an organizational unit (OU) for each department. Add the aws:PrincipalOrgPaths global condit
to the S3 bucket policy.
C. Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, a
RemoveAccountFromOrganization events. Update the S3 bucket policy accordingly.
D.?? Tag each user that needs access to the S3 bucket. Add the aws:PrincipalTag global condition key to
bucket policy. WRONG

Q#23 : A company performs monthly maintenance on its AWS infrastructure. During these maintenance
activities, the company needs to rotate the credentials tor its Amazon ROS tor MySQL databases across
multiple AWS RegionsWhich solution will meet these requirements with the LEAST operational overhead?

A. Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the re
Regions Configure Secrets Manager to rotate the secrets on a schedule CORRECT
B. Store the credentials as secrets in AWS Systems Manager by creating a secure string parameter Use m
Region secret replication for the required Regions Configure Systems Manager to rotate the secrets on a
schedule
C. Store the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled Use Amaz
EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function to rotate the credentials
D. Encrypt the credentials as secrets by using AWS Key Management Service (AWS KMS) multi-Region c
managed keys Store the secrets in an Amazon DynamoDB global table Use an AWS Lambda function to r
the secrets from DynamoDB Use the RDS API to rotate the secrets.

Q#24 : A company is migrating its on-premises PostgreSQL database to Amazon Aurora PostgreSQL. The
on-premises database must remain online and accessible during the migration. The Aurora database must
remain synchronized with the on-premises database. Which combination of actions must a solutions
architect take to meet these requirements?
 A. Create an ongoing replication task.
B. Create a database backup of the on-premises database
C. Create an AWS Database Migration Service (AWS DMS) replication server CORRECT
D. Convert the database schema by using the AWS Schema Conversion Tool (AWS SCT).

Q#25 : A hospital wants to create digital copies for its large collection of historical written records. The
hospital will continue to add hundreds of new documents each day. The hospital's data team will scan the
documents and will upload the documents to the AWS Cloud.A solutions architect must implement a
solution to analyze the documents, extract the medical information, and store the documents so that an
application can run SQL queries on the data. The solution must maximize scalability and operational
efficiency.Which combination of steps should the solutions architect take to meet these requirements?

A. Write the document information to an Amazon EC2 instance that runs a MySQL database.
B. Write the document information to an Amazon S3 bucket. Use Amazon Athena to query the data.
C. Create an Auto Scaling group of Amazon EC2 instances to run a custom application that processes the
scanned files and extracts the medical information. WRONG
D. Create an AWS Lambda function that runs when new documents are uploaded. Use Amazon Recogniti
convert the documents to raw text. Use Amazon Transcribe Medical to detect and extract relevant medical
information from the text CORRECT

Q#26 : A company?s website provides users with downloadable historical performance reports. The
website needs a solution that will scale to meet the company?s website demands globally. The solution
should be cost-effective, limit the provisioning of infrastructure resources, and provide the fastest possible
response time. Which combination should a solutions architect recommend to meet these requirements?

A. Amazon CloudFront and Amazon S3 CORRECT

B.AWS Lambda and Amazon DynamoDB
C. Application Load Balancer with Amazon EC2 Auto Scaling
D. Amazon Route 53 with internal Application Load Balancers

Q#27 : A company recently launched Linux-based application instances on Amazon EC2 in a private
subnet and launched a Linux-based bastion host on an Amazon EC2 instance in a public subnet of a VPC
A solutions architect needs to connect from the on-premises network, through the company's internet
connection to the bastion host and to the application servers The solutions architect must make sure that
the security groups of all the EC2 instances will allow that access.Which combination of steps should the
solutions architect take to meet these requirements?

A. Replace the current security group of the bastion host with one that only allows inbound access from the
application instances
B. Replace the current security group of the bastion host with one that only allows inbound access from the
internal IP range for the company
C. Replace the current security group of the bastion host with one that only allows inbound access from the
external IP range for the company CORRECT
D. Replace the current security group of the application instances with one that allows inbound SSH acces
only the public IP address of the bastion host

Q#28 : A company has a web application lhat is based on Java and PHP The company plans to move the
application from on premises to AWS The company needs the ability to test new site features trequenlty.
The company also needs a highly available and managed solution that requires minimum operational
overhead.Which solution will meel these requirements?

A. Create an Amazon S3 bucket Enable static web hosting on the S3 bucket Upload the static content to th
 bucket Use AWS Lambda to process all dynamic content
B. Deploy the web application to an AWS Elastic Beanstalk environment Use URL swapping to switch betw
multiple Elastic Beanstalk environments for feature testing CORRECT
C. Deploy the web application lo Amazon EC2 instances that are configured with Java and PHP Use Auto
groups and an Application Load Balancer to manage the website's availability
D. Containerize the web application Deploy the web application to Amazon EC2 instances Use the AWS L
Balancer Controller to dynamically route traffic between containers thai contain the new site features for
testing WRONG

Q#29 : A company provides a Voice over Internet Protocol (VoIP) service that uses UDP connections. The
service consists of Amazon EC2 instances that run in an Auto Scaling group. The company has
deployments across multiple AWS Regions. The company needs to route users to the Region with the
lowest latency. The company also needs automated failover between Regions.Which solution will meet
these requirements?

A. Deploy a Network Load Balancer (NLB) and an associated target group. Associate the target group with
Auto Scaling group. Use the NLB as an AWS Global Accelerator endpoint in each Region. CORRECT
B. Deploy an Application Load Balancer (ALB) and an associated target group. Associate the target group
Auto Scaling group. Use the ALB as an AWS Global Accelerator endpoint in each Region.
C. Deploy a Network Load Balancer (NLB) and an associated target group. Associate the target group with
Auto Scaling group. Create an Amazon Route 53 latency record that points to aliases for each NLB. Create
Amazon CloudFront distribution that uses the latency record as an origin.
D. Deploy an Application Load Balancer (ALB) and an associated target group. Associate the target group

Q#30 : A company wants to run applications in containers in the AWS Cloud. These applications are
stateless and can tolerate disruptions within the underlying infrastructure. The company needs a solution
that minimizes cost and operational overhead.What should a solutions architect do to meet these
requirements

A. Use Spot Instances in an Amazon EC2 Auto Scaling group to run the application containers. CORREC
B. Use Spot Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.
C. Use On-Demand Instances in an Amazon EC2 Auto Scaling group to run the application containers.
WRONG
D. Use On-Demand Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node gr

Powered by TCPDF (www.tcpdf.org)