SC-01.6 Professional Development Quiz

1.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Company XYZ has hired you as a Solutions Architect for their Flight Deals web application which is currently hosted on their on-premises data center. The website hosts high-resolution photos of top tourist destinations in the world and uses a third-party payment platform to accept payments.

Recently, they have heavily invested on their global marketing campaign and there is a high probability that the incoming traffic to their Flight Deals website will increase in the coming days.

Due to a tight deadline, the company does not have the time to fully migrate the website to AWS. A set of security rules that block common attack patterns, such as SQL injection and cross-site scripting should also be implemented to improve the website security.

Which of the following options will maintain the website's functionality despite the massive amount of incoming traffic?

Use CloudFront to cache and distribute the high-resolution images and other static assets of the website. Deploy AWS WAF on the Amazon CloudFront distribution to protect the website from common web attacks

Create and configure an S3 bucket as a static website hosting. Move the web domain of the website from your on-premises data center to Route 53 then route the newly created S3 bucket as the origin. Enable Amazon S3 server-side encryption with AWS Key Management Service managed keys

Use the AWS Server Migration Service to easily migrate the website from your on-premises data center to your VPC. Create an Auto Scaling group to automatically scale the web tier based on the incoming traffic. Deploy AWS WAF on the Amazon CloudFront distribution to protect the website from common web attacks

Generate an AMI based on the existing Flight Deals website. Launch the AMI to a fleet of EC2 instances with Auto Scaling group enabled, for it to automatically scale up or scale down based on the incoming traffic. Place these EC2 instances behind an ALB which can balance traffic between the web servers in the on-premises data center and the web servers hosted in AWS

2.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

A company is planning to launch a global e-commerce marketplace that will be accessible to multiple countries and regions. The Solutions Architect must ensure that the clients are protected from common web vulnerabilities as well as man-in-the-middle attacks to secure their sensitive financial information.

Which of the following is MOST secure setup that the Architect should implement in this scenario?

For the web domain registration, use Amazon Route 53 and enable Domain Name System Security Extensions (DNSSEC). Also use Amazon Route 53 for all DNS services. Use the AWS Certificate Manager (ACM) to register TLS/SSL certificates for the e-commerce marketplace then attach them on the Application Load Balancer. Configure the Server Name Identification extension in all user requests to the website

For the web domain registration, use Amazon Route 53 and then register a 2048-bit RSASHA256 encryption key from a third-party certificate service. Enable Domain Name System Security Extensions (DNSSEC) by using a 3rd party DNS provider that uses customer managed keys. Register the SSL certificates in ACM and attach them to the Application Load Balancer of the global e-commerce marketplace. Configure the Server Name Identification extension in all user requests to the website

For the web domain registration, use another DNS registry other than Amazon Route 53. Register a 2048-bit RSASHA256 encryption keys from a third-party certificate service. Enable Domain Name System Security Extensions (DNSSEC) by using a separate 3rd party DNS provider that uses customer managed keys. Use Amazon Route 53 to manage all DNS services. Register TLS/SSL certificates for the e-commerce marketplace using AWS Certificate Manager (ACM) then attach them to each Amazon EC2 instance. Configure the Server Name Identification extension in all user requests to the website

For the web domain registration, use Amazon Route 53 and enable Domain Name System Security Extensions (DNSSEC). Set up a BIND DNS server hosted in a Reserved EC2 instance for all DNS services. Use AWS Certificate Manager (ACM) to register TLS/SSL certificates for the e- commerce marketplace then attach them on the Application Load Balancer. Configure the Server Name Identification extension in all user requests to the website

3.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

A web application is composed of an Application Load Balancer and EC2 instances across three Availability Zones. During peak load, the web servers operate at 95% utilization. The system is set up to use Reserved Instances to handle steady state load and On-Demand Instances to handle the peak load. Your manager instructed you to review the current architecture and do the necessary changes to improve the system.

Which of the following provides the most cost-effective architecture to allow the application to recover quickly if an Availability Zone is unavailable during peak load?

Use a combination of Reserved and On-Demand instances on each AZ to handle both the steady state and peak load

Launch a Spot Fleet using a diversified allocation strategy, with Auto Scaling enabled on each AZ to handle the peak load instead of On- Demand instances. Retain the current set up for handling the steady state load

Launch an Auto Scaling group of Reserved instances on each AZ to handle the peak load. Retain the current set up for handling the steady state load

Use a combination of Spot and On-Demand instances on each AZ to handle both the steady state and peak load

4.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

You were just promoted as the IT Manager of a small, yet rapidly developing software consultancy company. Your CTO asked you to prepare the needed items in order to have a hybrid cloud architecture in which you must connect your on-premises network to AWS Cloud.

Which of the following will enable federated user access to the AWS Management Console? (Choose 2)

Create a SAML provider in your on-premises data center

Create an IAM user with Multi-Factor Authentication (MFA) for each employee of the software consultancy company

Create an IAM group with a set of IAM users for each employee of the software consultancy company

Create a SAML provider in IAM and create an IAM role that establishes a trust relationship between IAM and your organization's IdP that identifies your IdP as a principal (trusted entity) for purposes of federation

Inside your organization's network, you configure your identity store (such as Windows Active Directory) to work with a SAML-based identity provider (IdP) like Windows Active Directory Federation Services, Shibboleth, etc

5.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

A company is planning to build its new customer relationship management (CRM) portal in AWS. The application architecture will be using a containerized microservices hosted on an Amazon ECS cluster. A Solutions Architect has been tasked to set up the architecture and comply with the AWS security best practice of granting the least privilege. The architecture should also support the use of security groups and standard network monitoring tools at the container level to comply with the company’s strict IT security policies.

Which of the following provides the MOST secure configuration for the CRM portal?

Use the awsvpc network mode in the task definition in your Amazon ECS Cluster. Attach security groups to the ECS tasks then use IAM roles for tasks to access other resources

Use the bridge network mode in the task definition in your Amazon ECS Cluster. Attach security groups to the ECS tasks then use IAM roles for tasks to access other resources

Use the bridge network mode in the task definition in your Amazon ECS Cluster. Attach security groups to Amazon EC2 instances then use IAM roles for EC2 instances to access other resources

Use the awsvpc network mode in the task definition in your Amazon ECS Cluster. Attach security groups to the ECS tasks then pass IAM credentials into the container at launch time to access other AWS resources

6.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

An innovative Business Process Outsourcing (BPO) startup is planning to launch a scalable and cost-effective call center system using AWS. The system should be able to receive inbound calls from thousands of customers and generate user contact flows. Callers must have the capability to perform

basic tasks such as changing their password or checking their balance without them having to speak to a call center agent.

It should also have advanced deep learning functionalities such as automatic speech recognition (ASR) to achieve highly engaging user experiences and lifelike conversational interactions. A feature that allows the solution to query other business applications and send relevant data back to callers must also be implemented.

Which of the following is the MOST suitable solution that the Solutions Architect should implement?

Set up a cloud-based contact center using the Amazon Connect service. Create a conversational chatbot using Amazon Lex with automatic speech recognition and natural language understanding to recognize the intent of the caller then integrate it with Amazon Connect. Connect the solution to various business applications and other internal systems using AWS Lambda functions

Set up a cloud-based contact center using the AWS Ground Station service. Create a conversational chatbot using Amazon Alexa for Business with automatic speech recognition and natural language understanding to recognize the intent of the caller then integrate it with AWS Ground Station. Connect the solution to various business applications and other internal systems using AWS Lambda functions

Set up a cloud-based contact center using the Amazon Direct Connect service. Create a conversational chatbot using Amazon Rekognition with automatic speech recognition and natural language understanding to recognize the intent of the caller then integrate it with Amazon Direct Connect. Connect the solution to various business applications and other internal systems using AWS Lambda functions

A. Set up a cloud-based contact center using the AWS Elemental MediaConnect service. Create a conversational chatbot using Amazon Polly with automatic speech recognition and natural language understanding to recognize the intent of the caller then integrate it with AWS Elemental MediaConnect. Connect the solution to various business applications and other internal systems using AWS Lambda

functions

7.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

You are working as a Senior Solutions Architect for a leading accounting firm which conducts monthly performance checks of their Windows and Linux EC2 instances. They have more than 200 On-Demand EC2 instances running in their production environment and you were instructed to ensure that each instance has a logging feature that collects various system details such as memory usage, disk space, and other metrics. The system logs will be analyzed using AWS Analytics tools and the results will be stored to an S3 bucket.

Which of the following is the most efficient way to collect and analyze logs from the instances with minimal effort?

Set up and install the AWS Systems Manager Agent (SSM Agent) on each On-Demand EC2 instance which will automatically collect and push data to CloudWatch Logs. Analyze the log data with CloudWatch Logs Insights

Set up and configure a unified CloudWatch Logs agent in each On- Demand EC2 instance which will automatically collect and push data to CloudWatch Logs. Analyze the log data with CloudWatch Logs Insights

Install AWS SDK on each On-Demand EC2 instance and create a custom daemon script that would collect and push data to CloudWatch Logs periodically. Enable CloudWatch detailed monitoring and use CloudWatch Logs Insights to analyze the log data of all instances

Set up and install AWS Inspector Agent on each On-Demand EC2 instance which will collect and push data to CloudWatch Logs periodically. Set up a CloudWatch dashboard to properly analyze the log data of all instances

8.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

You are working as a Solutions Architect for Air France. The government requires every major airline institution, including your company, to perform a compulsory audit every year. An internal auditor from a major audit firm has been assigned to review your company's internal AWS services.

In this situation, what is the best solution that will provide the auditor the necessary access required to audit your services without compromising the security of your data?

Create an IAM user with full VPC access for the auditor but set a condition that will not allow any kind of modification if the request came from any IP other than his/her own

Give the auditor root access to the company's AWS services

Create an IAM user that is attached to an administrator role for the auditor. Also enable MFA to provide an additional level of security

Assign an IAM Role to the IAM user of the auditor and provide permissions for read-only access to the company's AWS services

9.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

A top university has launched its serverless online portal using Lambda and API Gateway in AWS that enables its students to enroll, manage their class schedule, and see their grades online. After a few weeks, the portal abruptly stopped working and lost all its data. The university hired an external cyber security consultant and based on the investigation; the outage was due to an SQL injection vulnerability on the portal's login page in which the attacker simply injected the malicious SQL code. You also need to track historical changes to the rules and metrics associated to your firewall.

Which of the following is the most suitable and cost-effective solution to avoid another SQL Injection attack against their infrastructure in AWS?

Use AWS WAF to add a web access control list (web ACL) in front of the Lambda functions to block requests that contain malicious SQL code. Use AWS Firewall Manager, to track changes to your web access control lists (web ACLs) such as the creation and deletion of rules including the updates to the WAF rule configurations

Create a new Application Load Balancer (ALB) and set up AWS WAF in the load balancer. Place the API Gateway behind the ALB and configure a web access control list (web ACL) in front of the ALB to block requests that contain malicious SQL code. Use AWS Firewall Manager to track changes to your web access control lists (web ACLs) such as the creation and deletion of rules including the updates to the WAF rule configurations

Use AWS WAF to add a web access control list (web ACL) in front of the API Gateway to block requests that contain malicious SQL code. Use AWS Config to track changes to your web access control lists (web ACLs) such as the creation and deletion of rules including the updates to the WAF rule configurations

Block the IP address of the attacker in the Network Access Control List of your VPC and then set up a CloudFront distribution. Set up AWS WAF to add a web access control list (web ACL) in front of the CloudFront distribution to block requests that contain malicious SQL code. Use AWS Config to track changes to your web access control lists (web ACLs) such as the creation and deletion of rules including the updates to the WAF rule configurations

10.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

A media company has a suite of internet-facing web applications hosted in US West (N. California) region in AWS. The architecture is composed of several On-Demand Amazon EC2 instances behind an Application Load Balancer, which is configured to use public SSL/TLS certificates.

The Application Load Balancer also enables incoming HTTPS traffic through the fully qualified domain names (FQDNs) of the applications for SSL termination. A Solutions Architect has been instructed to upgrade the corporate web applications to a multi-region architecture that uses various AWS Regions such as ap-southeast-2, ca-central-1, eu-west-3, and so forth.

Which of the following approach should the Architect implement to ensure that all HTTPS services will continue to work without interruption?

Use the AWS Certificate Manager service in the US West (N. California) region to request for SSL/TLS certificates for each FQDN which will be used to all regions. Associate the new certificates to the new Application Load Balancer on each new AWS Region that the Architect will add

In each new AWS Region, request for SSL/TLS certificates using the AWS Certificate Manager for each FQDN. Associate the new certificates to the corresponding Application Load Balancer of the same AWS Region

Use the AWS KMS in the US West (N. California) region to request for SSL/TLS certificates for each FQDN which will be used to all regions. Associate the new certificates to the new Application Load Balancer on each new AWS Region that the Architect will add

In each new AWS Region, request for SSL/TLS certificates using AWS KMS for each FQDN. Associate the new certificates to the corresponding Application Load Balancer of the same AWS Region

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground