Free AWS-Solution-Architect-Associate Exam Braindumps

- (Exam Topic 3)
A company is using a fleet of Amazon EC2 instances to ingest data from on-premises data sources. The data is in JSON format and Ingestion rates can be as high as 1 MB/s. When an EC2 instance is rebooted, the data in-flight is lost. The company's data science team wants to query Ingested data In near-real time.
Which solution provides near-real -time data querying that is scalable with minimal data loss?

1. A. Publish data to Amazon Kinesis Data Streams Use Kinesis data Analytics to query the data.
2. B. Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination Use Amazon Redshift to query the data
3. C. Store ingested data m an EC2 Instance store Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destinatio
4. D. Use Amazon Athena to query the data.
5. E. Store ingested data m an Amazon Elastic Block Store (Amazon EBS) volume Publish data to Amazon ElastiCache tor Red Subscribe to the Redis channel to query the data

Correct Answer: B

- (Exam Topic 3)
A company selves a dynamic website from a flee! of Amazon EC2 instances behind an Application Load Balancer (ALB) The website needs to support multiple languages to serve customers around the world The website's architecture is running in the us-west-1 Region and is exhibiting high request latency tor users that are located in other parts of the world
The website needs to serve requests quickly and efficiently regardless of a user's location However the company does not want to recreate the existing architecture across multiple Regions
What should a solutions architect do to meet these requirements?

1. A. Replace the existing architecture with a website that is served from an Amazon S3 bucket Configure an Amazon CloudFront distribution with the S3 bucket as the origin Set the cache behavior settings to cache based on the Accept-Language request header
2. B. Configure an Amazon CloudFront distribution with the ALB as the origin Set the cache behavior settings to cache based on the Accept-Language request header
3. C. Create an Amazon API Gateway API that is integrated with the ALB Configure the API to use the HTTP integration type Set up an API Gateway stage to enable the API cache based on theAccept-Language request header
4. D. Launch an EC2 instance in each additional Region and configure NGINX to act as a cache server for that Region Put all the EC2 instances and the ALB behind an Amazon Route 53 record set with a geolocation routing policy

Correct Answer: B

- (Exam Topic 1)
A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.
2. B. Attach the appropriate IAM role to each existing instance and new instanc
3. C. Use AWS Systems Manager Session Manager to establish a remote SSH session.
4. D. Create an administrative SSH key pai
5. E. Load the public key into each EC2 instanc
6. F. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.
7. G. Establish an AWS Site-to-Site VPN connectio
8. H. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.

Correct Answer: B
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-launch-managed-instance.html

- (Exam Topic 1)
A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.
What should a solutions architect do to secure the audit documents?

1. A. Enable the versioning and MFA Delete features on the S3 bucket.
2. B. Enable multi-factor authentication (MFA) on the IAM user credentials for each audit team IAM user account.
3. C. Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3:DeleteObject action during audit dates.
4. D. Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit team IAM user accounts from accessing the KMS key.

Correct Answer: A

- (Exam Topic 3)
A company’s security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently.
What should a solutions architect do to meet these requirements when configuring the logs?

1. A. Use Amazon CloudWatch as the targe
2. B. Set the CloudWatch log group with an expiration of 90 days
3. C. Use Amazon Kinesis as the targe
4. D. Configure the Kinesis stream to always retain the logs for 90 days.
5. E. Use AWS CloudTrail as the targe
6. F. Configure CloudTrail to save to an Amazon S3 bucket, and enable S3 Intelligent-Tiering.
7. G. Use Amazon S3 as the targe
8. H. Enable an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days.

Correct Answer: D
There's a table here that specifies that VPC Flow logs can go directly to S3. Does not need to go via CloudTrail and then to S3. Nor via CW.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-i