Free AWS-Solution-Architect-Associate Exam Braindumps

- (Exam Topic 1)
A company is storing sensitive user information in an Amazon S3 bucket The company wants to provide secure access to this bucket from the application tier running on Ama2on EC2 instances inside a VPC.
Which combination of steps should a solutions architect take to accomplish this? (Select TWO.)

1. A. Configure a VPC gateway endpoint for Amazon S3 within the VPC
2. B. Create a bucket policy to make the objects to the S3 bucket public
3. C. Create a bucket policy that limits access to only the application tier running in the VPC
4. D. Create an IAM user with an S3 access policy and copy the IAM credentials to the EC2 instance
5. E. Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket

Correct Answer: AC
https://aws.amazon.com/premiumsupport/knowledge-center/s3-private-connection-no-authentication/

- (Exam Topic 1)
A company's HTTP application is behind a Network Load Balancer (NLB). The NLB's target group is configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web service.
The company notices that the NLB is not detecting HTTP errors for the application. These errors require a manual restart of the EC2 instances that run the web service. The company needs to improve the application's availability without writing custom scripts or code.
What should a solutions architect do to meet these requirements?

1. A. Enable HTTP health checks on the NL
2. B. supplying the URL of the company's application.
3. C. Add a cron job to the EC2 instances to check the local application's logs once each minut
4. D. If HTTP errors are detected, the application will restart.
5. E. Replace the NLB with an Application Load Balance
6. F. Enable HTTP health checks by supplying the URL of the company's applicatio
7. G. Configure an Auto Scaling action to replace unhealthy instances.
8. H. Create an Amazon Cloud Watch alarm that monitors the UnhealthyHostCount metric for the NL
9. I. Configure an Auto Scaling action to replace unhealthy instances when the alarm is in the ALARM state.

Correct Answer: C

- (Exam Topic 3)
A company has hundreds of Amazon EC2 Linux-based instances in the AWS Cloud. Systems administrators have used shared SSH keys to manage the instances After a recent audit, the company's security team is mandating the removal of all shared keys. A solutions architect must design a solution that provides secure access to the EC2 instances.
Which solution will meet this requirement with the LEAST amount of administrative overhead?

1. A. Use AWS Systems Manager Session Manager to connect to the EC2 instances.
2. B. Use AWS Security Token Service (AWS STS) to generate one-time SSH keys on demand.
3. C. Allow shared SSH access to a set of bastion instance
4. D. Configure all other instances to allow only SSH access from the bastion instances
5. E. Use an Amazon Cognito custom authorizer to authenticate user
6. F. Invoke an AWS Lambda function to generate a temporary SSH key.

Correct Answer: B

- (Exam Topic 3)
A company is building an application that consists of several microservices. The company has decided to use container technologies to deploy its software on AWS. The company needs a solution that minimizes the amount of ongoing effort for maintenance and scaling. The company cannot manage additional infrastructure.
Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)

1. A. Deploy an Amazon Elastic Container Service (Amazon ECS) cluster.
2. B. Deploy the Kubernetes control plane on Amazon EC2 instances that span multiple Availability Zones.
3. C. Deploy an Amazon Elastic Container Service (Amazon ECS) service with an Amazon EC2 launch type.Specify a desired task number level of greater than or equal to 2.
4. D. Deploy an Amazon Elastic Container Service (Amazon ECS) service with a Fargate launch type.Specify a desired task number level of greater than or equal to 2.
5. E. Deploy Kubernetes worker nodes on Amazon EC2 instances that span multiple Availability Zones.Create a deployment that specifies two or more replicas for each microservice.

Correct Answer: AD
AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers. https://docs.aws.amazon.com/AmazonECS/latest/userguide/what-is-fargate.html

- (Exam Topic 1)
An application allows users at a company's headquarters to access product data. The product data is stored in an Amazon RDS MySQL DB instance. The operations team has isolated an application performance slowdown and wants to separate read traffic from write traffic. A solutions architect needs to optimize the application's performance quickly.
What should the solutions architect recommend?

1. A. Change the existing database to a Multi-AZ deploymen
2. B. Serve the read requests from the primary Availability Zone.
3. C. Change the existing database to a Multi-AZ deploymen
4. D. Serve the read requests from the secondary Availability Zone.
5. E. Create read replicas for the databas
6. F. Configure the read replicas with half of the compute and storage resources as the source database.
7. G. Create read replicas for the databas
8. H. Configure the read replicas with the same compute and storage resources as the source database.

Correct Answer: D
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_MySQL.Replication.ReadReplicas.html