[Q61-Q83] Get 100% Passing Success With True AWS-Solutions-Architect-Professional Exam! [Sep-2021]

Get 100% Passing Success With True AWS-Solutions-Architect-Professional Exam! [Sep-2021] 

Amazon AWS-Solutions-Architect-Professional PDF Questions - Exceptional Practice To AWS Certified Solutions Architect - Professional

NEW QUESTION 61
Identify an application that polls AWS Data Pipeline for tasks and then performs those tasks.

• A. A task deployer
• B. A task runner
• C. A task optimizer
• D. A task executor

Answer: B

Explanation:
Explanation
A task runner is an application that polls AWS Data Pipeline for tasks and then performs those tasks. You can either use Task Runner as provided by AWS Data Pipeline, or create a custom Task Runner application.
Task Runner is a default implementation of a task runner that is provided by AWS Data Pipeline. When Task Runner is installed and configured, it polls AWS Data Pipeline for tasks associated with pipelines that you have activated. When a task is assigned to Task Runner, it performs that task and reports its status back to AWS Data Pipeline. If your workflow requires non-default behavior, you'll need to implement that functionality in a custom task runner.
http://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-how-remote-taskrunner-client.html

 

NEW QUESTION 62
A company that develops consumer electronics with offices in Europe and Asia has 60 TB oi software images stored on premises m Europe The company wants to transfer the images to an Amazon S3 bucket in the ap-northeast-1 Region New software images are created daily and must be encrypted in transit The company needs a solution that does not require custom development to automatically transfer all existing and new software images to Amazon S3 What is the next step in the transfer process?

• A. Use an AWS Snowball device to transfer the images with the S3 bucket as the target
• B. Transfer the images over a Site-to-Site VPN connection using the S3 API with multipart upload
• C. Configure Amazon Kinesis Data Firehose to transfer the images using S3 Transfer Acceleration
• D. Deploy an AWS DataSync agent and configure a task to transfer the images to the S3 bucket

Answer: D

 

NEW QUESTION 63
A solution architect must enable an AWS CloudHSM M of N access control-also named a quorum authentication mechanism-to allow security officers to make administrative changes to a hardware security module (MSM). The new security policy states that at least three of the five security officers must authorize any administrative changes to CloudHSM.
Which well-architected design ensures the security officers can authenticate as a quorum?

• A. Create an Amazon Cognito-authenticated Amazon API Gateway API endpoint with an AWS Lambda proxy integration. Allow an officer to create a CloudHSM quorum token and post it to the API Gateway.
  API after signing in with Amazon Cognito. Configure the Lambda function to perform a signing procedure on the quorum token using the officer's Amazon Cognito IAM role, and store the signed token in Amazon DynamoOB. Once at least three officers have signed the quorum token, allow a POST method to administer CloudHSM with the signed token.
• B. Create a static website on Amazon S3 integrated with Amazon API Gateway to allow an officer to initiate a quorum request. Use Amazon SNS to notify the officers of a quorum request. Allow the officers to download the CloudHSM quorum token, sign the token offline, and upload the signed token through the website. Use Amazon DynamoDB to store the quorum token and additional officer responses with their signed quorum tokens. Configure an AWS Step Functions workflow to orchestrate officer notifications, count signed tokens in Amazon DynamoDB, and notify the initiating officer once at least three officers have stoned the token. Use the signed quorum token to administer CloudHSM.
• C. Create a status website on Amazon S3 integrated with Amazon API Gateway to allow an officer to imuate a quorum request. Use the website to redirect the officers to sign in to CloudHSM with their federated Identity credentials. Once at least three officers are signed in to CloudHSM, initiate a synchronous quorum token signing process. Use the stoned quorum token to administer CloudHSM.
• D. Create a quorum signing application hosted on multiple Amazon EC2 instances behind an Application Load Balancer to allow an officer to initiate a quorum request. Require officers to log in to the application with their federated identity credentials. Each officer will then use the application to approve the quorum signing request. Configure the application to use AWS STS to sign the CloudHSM quorum token on behalf of the officers. Once at least three officers have approved the quorum signing request use EC2 IAM service roles to administer CloudHSM with the signed quorum token.

Answer: C

 

NEW QUESTION 64
A company wants to migrate an application to Amazon EC2 from VMware Infrastructure that runs in an on-premises data center. A solutions architect must preserve the software and configuration settings during the migration.
What should the solutions architect do to meet these requirements?

• A. Configure the AWS DataSync agent to start replicating the data store to Amazon FSx for Windows File Server. Use the SMB share to host the VMware data store. Use VM Import/Export to move the VMs to Amazon EC2.
• B. Use the VMware vSphere client to export the application as an image in Open Visualization Format (OVF) format. Create an Amazon S3 bucket to store the image in the destination AWS Region. Create and apply an 1AM role for VM Import. Use the AWS CLI to run the EC2 import command.
• C. Configure AWS Storage Gateway for files service to export a Common Internet File System (CIFS) share. Create a backup copy to the shared folder. Sign in to the AWS Management Console and create an AMI from the backup copy. Launch an EC2 instance that is based on the AMI.
• D. Create a managed-instance activation for a hybrid environment in AWS Systems Manager. Download and install Systems Manager Agent on the on-premises VM. Register the VM with Systems Manager to be a managed instance. Use AWS Backup to create a snapshot of the VM and create an AMI.
  Launch an EC2 instance that is based on the AMI.

Answer: A

 

NEW QUESTION 65
When using the AWS CLI for AWS CloudFormation, which of the following commands returns a description of the specified resource in the specified stack?

• A. describe-stack-resource
• B. create-stack-resource
• C. describe-stack-returns
• D. describe-stack-events

Answer: A

Explanation:
Explanation
awsclicloudformation describe-stack-resource Description
Returns a description of the specified resource in the specified stack. For deleted stacks, describe-stack-resource returns resource information for up to 90 days after the stack has been deleted.
http://docs.aws.amazon.com/cli/latest/reference/cloudformation/describe-stack-resource.html

 

NEW QUESTION 66
You deployed your company website using Elastic Beanstalk and you enabled log file rotation to S3. An Elastic MapReduce Job is periodically analyzing the logs on S3 to build a usage dashboard that you share with your CIO.
You recently improved overall performance of the website using CloudFront for dynamic content delivery and your website as the origin.
After this architectural change, the usage dashboard shows that the traffic on your website dropped by an order of magnitude.
How do you fix your usage dashboard?

• A. Use Elastic Beanstalk "Rebuild Environment" option to update log delivery to the Elastic MapReduce job.
• B. Enable CloudFront to deliver access logs to S3 and use them as input of the Elastic MapReduce job.
• C. Change your log collection process to use CloudWatch ELB metrics as input of the Elastic MapReduce Job.
• D. Use Elastic Beanstalk "Restart App Server(s)" option to update log delivery to the Elastic MapReduce job.
• E. Turn on CloudTrail and use trail log files on S3 as input of the Elastic MapReduce job.

Answer: B

Explanation:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html

 

NEW QUESTION 67
A software as a service (SaaS) company offers a cloud solution for document management to private law firms and the public sector. A Local Government client recently mandated that highly confidential documents cannot be stored outside the country. The company CIO asks a solutions architect to ensure the application can adapt to this new requirement The CIO also wants to have a proper backup plan for these documents, as backups are not currently performed What solution meets these requirements?

• A. Tag documents as either regular or secret in Amazon S3. Create an individual S3 backup bucket in the same AWS account and AWS Region. Create a cross-region S3 bucket in a separate AWS account. Set proper 1AM roles to allow cross-region permissions to the S3 buckets. Configure an AWS Lambda function triggered by Amazon CloudWatch scheduled events to copy objects that are tagged as secret to the S3 backup bucket and objects tagged as normal to the cross-region S3 bucket
• B. Tag documents as either regular or secret in Amazon S3. Create an individual S3 backup bucket in the same AWS account and AWS Region. Use S3 selective cross-region replication based on object tags to move regular documents to an S3 bucket in a different AWS Region. Configure an AWS Lambda function that triggers when new S3 objects are created in the main bucket to replicate only documents tagged as secret into the S3 bucket in the same AWS Region
• C. Tag highly confidential documents as secret in Amazon S3. Create an individual S3 backup bucket m the same AWS account and AWS Region. Use S3 selective cross-region replication based on object tags to move regular documents to a different AWS Region Create an Amazon CloudWatch Events rule for a S3 objects tagged as secret to trigger an AWS Lambda function to replicate them into a separate bucket in the same AWS Region.
• D. Tag documents that are not highly confidential as regular in Amazon S3. Create individual S3 buckets for each user Upload objects to each user's bucket. Set S3 bucket replication from these buckets to a central S3 bucket in a different AWS account and AWS Region. Configure an AWS Lambda function triggered by scheduled events in Amazon CloudWatch to delete objects that are tagged as secret in the S3 backup bucket.

Answer: B

 

NEW QUESTION 68
A company uses AWS Transit Gateway for a hub-and-spoke model to manage network traffic between many VPCs. The company is developing a new service that must be able to send data at 100 Gbps. The company needs a faster connection to other VPCs in the same AWS Region.
Which solution will meet these requirements?

• A. Create an additional attachment from the necessary VPCs to the existing transit gateway.
• B. Attach an additional transit gateway to the VPCs. Update the route tables accordingly.
• C. Create AWS Site-to-Site VPN connections that use equal-cost multi-path (ECMP) routing between the necessary VPCs.
• D. Establish VPC peering between the necessary VPCs. Ensure that all route tables are updated as required.

Answer: A

 

NEW QUESTION 69
The company Security team queries that all data uploaded into an Amazon S3 bucket must be encrypted. The encryption keys must be highly available and the company must be able to control access on a per- user basis, with different users having access to different encryption keys.
Which of the following architectures will meet these requirements? (Choose two.)

• A. Use Amazon S3 server-side encryption with customer-managed keys, and use two AWS CloudHSM instances configured in high-availability mode to manage the keys. Use IAM to control access to the keys that are generated in CloudHSM.
• B. Use Amazon S3 server-side encryption with customer-managed keys, and use two AWS CloudHSM instances configured in high-availability mode to manage the keys. Use the Cloud HSM client software to control access to the keys that are generated.
• C. Use Amazon S3 server-side encryption with Amazon S3-managed keys. Allow Amazon S3 to generate an AWS/S3 master key, and use IAM to control access to the data keys that are generated.
• D. Use Amazon S3 server-side encryption with customer-managed keys, and use AWS CloudHSM to manage the keys. Use CloudHSM client software to control access to the keys that are generated.
• E. Use Amazon S3 server-side encryption with AWS KMS-managed keys, create multiple customer master keys, and use key policies to control access to them.

Answer: B,E

Explanation:
A: customer can not control the keys!
B: AWS-KMS managed keys, allow the user to create Master keys, and control them. It is high available as it is a managed service by AWS.
C: CloudHSM can be high available by including a second instance in different AZ.
D: Meet the requirement of management and high availability.
E: Managing the keys by CloudHSM client, not IAM user!!

 

NEW QUESTION 70
Your team has a tomcat-based Java application you need to deploy into development, test and production
environments. After some research, you opt to use Elastic Beanstalk due to its tight integration with your
developer tools and RDS due to its ease of management. Your QA team lead points out that you need to
roll a sanitized set of production data into your environment on a nightly basis.
Similarly, other software teams in your org want access to that same restored data via their EC2 instances
in your VPC .The optimal setup for persistence and security that meets the above requirements would be
the following.

• A. Create your RDS instance separately and add its IP address to your application's DB connection
  strings in your code Alter its security group to allow access to it from hosts within your VPC's IP address
  block.
• B. Create your RDS instance as part of your Elastic Beanstalk definition and alter its security group to
  allow access to it from hosts in your application subnets.
• C. Create your RDS instance separately and pass its DNS name to your app's DB connection string as an
  environment variable. Create a security group for client machines and add it as a valid source for DB
  traffic to the security group of the RDS instance itself.
• D. Create your RDS instance separately and pass its DNS name to your's DB connection string as an
  environment variable Alter its security group to allow access to It from hosts In your application subnets.

Answer: B

 

NEW QUESTION 71
A group of research institutions and hospitals are in a partnership to study 2 PBs of genomic data. The institute that owns the data stores it in an Amazon S3 bucket and updates it regularly. The institute would like to give all of the organizations in the partnership read access to the data. All members of the partnership are extremety cost-conscious, and the institute that owns the account with the S3 bucket is concerned about covering the costs tor requests and data transfers from Amazon S3.
Which solution allows for secure datasharing without causing the institute that owns the bucket to assume all the costs for S3 requests and data transfers'?

• A. Ensure that all organizations in the partnership have AWS accounts. Create a bucket policy on the bucket that owns the data The policy should allow the accounts in the partnership read access to the bucket. Enable Requester Pays on the bucket. Have the organizations use their AWS credentials when accessing the data.
• B. Ensure that all organizations in the partnership have AWS accounts. In the account with the S3 bucket, create a cross-account role for each account in the partnership that allows read access to the data. Enable Requester Pays on the bucket. Have the organizations assume and use that read role when accessing the data.
• C. Ensure that all organizations in the partnership have AWS accounts. Configure buckets in each of the accounts with a bucket policy that allows the institute that owns the data the ability to write to the bucket Periodically sync the data from the institute's account to the other organizations. Have the organizations use their AWS credentials when accessing the data using their accounts
• D. Ensure that all organizations in the partnership have AWS accounts. In the account with the S3 bucket, create a cross-account role for each account in the partnership that allows read access to the data. Have the organizations assume and use that read role when accessing the data.

Answer: A

 

NEW QUESTION 72
A company is using Amazon Aurora MySQL for a customer relationship management (CRM) application. The application requires frequent maintenance on the database and the Amazon EC2 instances on which the application runs For AW5 Management Console access, the system administrators authenticate against AWS Identity and Access Management (1AM) using an internal identity provider. For database access, each system administrator has a user name and password that have previously been configured within the database.
A recent security audit revealed that the database passwords are not frequently rotated The company wants to replace the passwords with temporary credentials using the company's existing AWS access controls Which set of options will meet the company's requirements?

• A. Enable 1AM database authentication on the database Configure the database to use the 1AM identity provider to map the administrator roles to the database user Install the Amazon Aurora SSL certificate bundle to the system administrators' certificate trust store Use the AWS CLI to generate an authentication token used when connecting to the database.
• B. Create a new AWS Systems Manager Parameter Store entry for each database password Enable parameter expiration to invoke an AWS Lambda function to perform password rotation by updating the parameter value Create an 1AM policy allowing each system administrator to retrieve their current password from the Parameter Store. Use the AWS CLI to retrieve credentials when connecting to the database
• C. Create a new AWS Secrets Manager entry for each database password Configure password rotation for each secret using an AWS Lambda function in the same VPC as the database cluster Create an 1AM policy allowing each system administrator to retrieve their current password Use the AWS CLI to retrieve credentials when connecting to the database.
• D. Enable 1AM database authentication on the database Attach an 1AM policy to each system administrator's role to map the role to the database user name Install the Amazon Aurora SSL certificate bundle to the system administrators' certificate trust store. Use the AWS CLI to generate an authentication token used when connecting to The database

Answer: D

 

NEW QUESTION 73
A company runs an application in the cloud that consists of a database and a website Users can post data to the website, have the data processed, and have the data sent back to them in an email. Data is stored in a MySQL database running on an Amazon EC2 instance The database is running in a VPC with two private subnets The website is running on Apache Tomcat in a single EC2 instance in a different VPC with one public subnet There is a single VPC peering connection between the database and website VPC.
The website has suffered several outages during the last month due to high traffic Which actions should a solutions architect take to increase the reliability of the application? (Select THREE )

• A. Place the Tomcat server in an Auto Scaling group with multiple EC2 instances behind an Application Load Balancer
• B. Provision two NAT gateways in the database VPC
• C. Migrate the MySQL database to Amazon Aurora with one Aurora Replica
• D. Move the Tomcat server to the database VPC
• E. Create an additional public subnet in a different Availability Zone in the website VPC
• F. Provision an additional VPC peering connection

Answer: A,C,E

 

NEW QUESTION 74
During an audit a Security team discovered that a Development team was putting IAM user secret access keys in their code and then committing it to an AWS CodeCommit repository The Security team wants to automatically find and remediate instances of this security vulnerability Which solution will ensure that the credentials are appropriately secured automatically?

• A. Use a scheduled AWS Lambda function to download and scan the application code from CodeCommit If credentials are found generate new credentials and store them in AWS KMS
• B. Configure Amazon Macie to scan for credentials in CodeCommit repositories If credentials are found, trigger an AWS Lambda function to disable the credentials and notify the user
• C. Configure a CodeCommit trigger to invoke an AWS Lambda function to scan new code submissions for credentials lf credentials are found, disable them in AWS IAM and notify the user
• D. Run a script rightly using AWS Systems Manager Run Command to search (or credentials on the development instances It found, use AWS Secrets Manager to rotate the credentials

Answer: B

 

NEW QUESTION 75
A company has released a new version of a website to target an audience in Asia and South America. The website's media assets are hosted on Amazon S3 and have an Amazon CloudFront distribution to improve end-user performance. However, users are having a poor login experience the authentication service is only available in the us-east-1 AWS Region.
How can the Solutions Architect improve the login experience and maintain high security and performance with minimal management overhead?

• A. Replicate the setup in each geography and use Network Load Balancers to route traffic to the authentication service running in the closest region to users.
• B. Use Amazon Lambda@Edge attached to the CloudFront viewer request trigger to authenticate and authorize users by maintaining a secure cookie token with a session expiry to improve the user experience in multiple geographies.
• C. Replicate the setup in each new geography and use Amazon Route 53 geo-based routing to route traffic to the AWS Region closest to the users.
• D. Use an Amazon Route 53 weighted routing policy to route traffic to the CloudFront distribution.
  Use CloudFront cached HTTP methods to improve the user login experience.

Answer: B

Explanation:
There are several benefits to using Lambda@Edge for authorization operations. First, performance is improved by running the authorization function using Lambda@Edge closest to the viewer, reducing latency and response time to the viewer request. The load on your origin servers is also reduced by offloading CPU-intensive operations such as verification of JSON Web Token (JWT) signatures. Finally, there are security benefits such as filtering out unauthorized requests before they reach your origin infrastructure.
https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use- lambdaedge-and-json-web-tokens-to-enhance-web-application-security/

 

NEW QUESTION 76
A Solutions Architect is building a new feature using a Lambda to create metadata when a user uploads a
picture to Amazon S3. All metadata must be indexed.
Which AWS service should the Architect use to store this metadata?

• A. Amazon S3
• B. Amazon Kinesis
• C. Amazon DynamoDB
• D. Amazon EFC

Answer: C

 

NEW QUESTION 77
A company has an application behind a load balancer with enough Amazon EC2 instances to satisfy peak demand. Scripts and third-party deployment solutions are used to configure EC2 instances when demand increases or an instance fails. The team must periodically evaluate the utilization of the instance types to ensure that the correct sizes are deployed.
How can this workload be optimized to meet these requirements?

• A. Deploy the application as a Docker image by using Amazon ECS. Set up Amazon EC2 Auto Scaling and Amazon ECS scaling. Register for AWS Business Support and use Trusted Advisor checks to provide suggestions on cost savings.
• B. Deploy the application by using AWS Elastic Beanstalk with default options. Register for an AWS Support Developer plan. Review the instance usage for the application by using Amazon CloudWatch, and identify less expensive instances that can handle the load. Hold monthly meetings to review new instance types and determine whether Reserved instances should be purchased.
• C. Create an Auto Scaling group to scale the instances, and use AWS CodeDeploy to perform the configuration. Change from a load balancer to an Application Load Balancer. Purchase a third-party product that provides suggestions for cost savings on AWS resources.
• D. Use CloudFormer` to create AWS CloudFormation stacks from the current resources. Deploy that stack by using AWS CloudFormation in the same region. Use Amazon CloudWatch alarms to send notifications about underutilized resources to provide cost-savings suggestions.

Answer: A

 

NEW QUESTION 78
Does Autoscaling automatically assign tags to resources?

• A. No, not unless they are configured via API.
• B. No, it does not.
• C. Yes, it does.
• D. Yes, by default.

Answer: C

Explanation:
Explanation
Tags don't have any semantic meaning to Amazon EC2 and are interpreted strictly as a string of characters.
Tags are assigned automatically to the instances created by an Auto Scaling group. Auto Scaling adds a tag to the instance with a key of aws: autoscaling:groupName and a value of the name of the Auto Scaling group.
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Using_Tags.html

 

NEW QUESTION 79
You are looking to migrate your Development (Dev) and Test environments to AWS. You have decided to use separate AWS accounts to host each environment. You plan to link each accounts bill to a Master AWS account using Consolidated Billing. To make sure you keep within budget you would like to implement a way for administrators in the Master account to have access to stop, delete and/or terminate resources in both the Dev and Test accounts.
Identify which option will allow you to achieve this goal.

• A. Create IAM users in the Master account with full Admin permissions. Create cross-account roles in the Dev and Test accounts that grant the Master account access to the resources in the account by inheriting permissions from the Master account.
• B. Create IAM users and a cross-account role in the Master account that grants full Admin permissions to the Dev and Test accounts.
• C. Link the accounts using Consolidated Billing. This will give IAM users in the Master account access to resources in the Dev and Test accounts
• D. Create IAM users in the Master account. Create cross-account roles in the Dev and Test accounts that have full Admin permissions and grant the Master account access.

Answer: D

Explanation:
Explanation
Bucket Owner Granting Cross-account Permission to objects It Does Not Own In this example scenario, you own a bucket and you have enabled other AWS accounts to upload objects. That is, your bucket can have objects that other AWS accounts own.
Now, suppose as a bucket owner, you need to grant cross-account permission on objects, regardless of who the owner is, to a user in another account. For example, that user could be a billing application that needs to access object metadata. There are two core issues:
The bucket owner has no permissions on those objects created by other AWS accounts. So for the bucket owner to grant permissions on objects it does not own, the object owner, the AWS account that created the objects, must first grant permission to the bucket owner. The bucket owner can then delegate those permissions.
Bucket owner account can delegate permissions to users in its own account but it cannot delegate permissions to other AWS accounts, because cross-account delegation is not supported.
In this scenario, the bucket owner can create an AWS Identity and Access Management (IAM) role with permission to access objects, and grant another AWS account permission to assume the role temporarily enabling it to access objects in the bucket.
Background: Cross-Account Permissions and Using IAM Roles
IAM roles enable several scenarios to delegate access to your resources, and cross-account access is one of the key scenarios. In this example, the bucket owner, Account A, uses an IAM role to temporarily delegate object access cross-account to users in another AWS account, Account
C. Each IAM role you create has two policies attached to it:
A trust policy identifying another AWS account that can assume the role.
An access policy defining what permissions-for example, s3:GetObject-are allowed when someone assumes the role. For a list of permissions you can specify in a policy, see Specifying Permissions in a Policy.
The AWS account identified in the trust policy then grants its user permission to assume the role. The user can then do the following to access objects:
Assume the role and, in response, get temporary security credentials.
Using the temporary security credentials, access the objects in the bucket.
For more information about IAM roles, go to Roles (Delegation and Federation) in IAM User Guide.
The following is a summary of the walkthrough steps:

Account A administrator user attaches a bucket policy granting Account B conditional permission to upload objects.
Account A administrator creates an IAM role, establishing trust with Account C, so users in that account can access Account
A. The access policy attached to the role limits what user in Account C can do when the user accesses Account A.
Account B administrator uploads an object to the bucket owned by Account A, granting full-control permission to the bucket owner.
Account C administrator creates a user and attaches a user policy that allows the user to assume the role.
User in Account C first assumes the role, which returns the user temporary security credentials. Using those temporary credentials, the user then accesses objects in the bucket.
For this example, you need three accounts. The following table shows how we refer to these accounts and the administrator users in these accounts. Per IAM guidelines (see About Using an Administrator User to Create Resources and Grant Permissions) we do not use the account root credentials in this walkthrough. Instead, you create an administrator user in each account and use those credentials in creating resources and granting them permissions

 

NEW QUESTION 80
An AWS Solutions Architect has noticed that their company is using almost exclusively EBS General Purpose SSD (gp2) volume types for their EBS volumes. They are considering modifying the type of some of these volumes, but it is important that performance is not affected.
Which of the following actions could the Solutions Architect consider? (Select TWO)

• A. A 1TB gp2 volume that is attached to an instance as a non-root volume can be modified to a Throughput Optimized HDD (st1) volume without stopping the instance or detaching the volume.
• B. A 50GB gp2 root volume can be modified to an EBS Provisioned IOPS SSD (io1) without stopping the instance.
• C. A gp2 volume that is attached to an instance as a root volume needs can be modified to a Throughput Optimized HDD (st1) volume.
• D. A 1GB gp2 volume that is attached to an instance as a non-root volume can be modified to a Cold HDD (sc1) volume.

Answer: A,B

 

NEW QUESTION 81
A retail company processes point-of-state data on application servers in its data center and writes outputs to Amazon DynamoDB table. The data center is connected to the company's VPC with an AWS Direct Connect (DX) connection, and the application servers require a consistent network connection at speed greater than 2 Gbps.
The company decides that the DynamoDB table needs to be highly available and fault tolerant. The company policy states that the data should be available across two regions.
What changes should the company make to meet these requirements?

• A. Use an AWS managed VPN as a backup to DX. Create an identical DynamoDB table in a second Region. Modify the application to replicate data to both regions.
• B. Establish a second DX connection for redundancy. Create an identical DynamoDB table in a second Region. Enable DynamoDB auto scaling to manage throughput capacity. Modify the application to write to the second Region.
• C. Establish a second DX connection for redundancy. Use DynamoDB global tables to replicate data to a second Region. Modify the application to fail over to the second Region.
• D. Use AWS managed VPN as a backup to DX. Create an identical DynamoDB table in a second Region. Enable DynamoDB streams to capture changes to the table. Use AWS Lambda to replicate changes to the second Region.

Answer: C

 

NEW QUESTION 82
A healthcare company runs a production workload on AWS that stores highly sensitive personal information. The security team mandates that, for auditing purposes, any AWS API action using AWS account root user credentials must automatically create a high-priority ticket in the company's ticketing system. The ticketing system has a monthly 3-hour maintenance window when no tickets can be created.
To meet security requirements, the company enabled AWS CloudTrail logs and wrote a scheduled AWSLambda function that uses Amazon Athena to query API actions performed by the root user. The Lambda function submits any actions found to the ticketing system API. During a recent security audit, the security team discovered that several tickets were not created because the ticketing system was unavailable due to planned maintenance.
Which combination of steps should a solutions architect take to ensure that the incidents are reported to the ticketing system even during planned maintenance? (Select TWO.)

• A. Modify the Lambda function to be triggered when there are messages in the Amazon SQS queue and to return successfully when the ticketing system API has processed the request.
• B. Create an Amazon SQS queue to which Amazon CloudWatch alarms will be published. Configure a CloudWatch alarm to publish to the SQS queue.
• C. Create an Amazon EventBridge rule that triggers on all API events where the invoking user identity is root. Configure the EventBridge rule to write the event to an Amazon SQS queue.
• D. Modify the Lambda function to be triggered by messages published to an Amazon SNS topic. Update the existing application code to retry every 5 minutes if the ticketing system's API endpoint is unavailable.
• E. Create an Amazon SNS topic to which Amazon CloudWatch alarms will be published. Configure a CloudWatch alarm to invoke the Lambda function.

Answer: A,D

 

NEW QUESTION 83
......

AWS-Solutions-Architect-Professional dumps - TestInsides - 100% Passing Guarantee: https://www.testinsides.top/AWS-Solutions-Architect-Professional-dumps-review.html

Fast, Hands-On AWS-Solutions-Architect-Professional exam: https://drive.google.com/open?id=1hPBC-pwgMn98-WPo-9QIquHLDSmMTcl1