• Practice Test 4 (SAA-C03)
  
  Domain: Design Secure Architectures
  

  You have implemented AWS Cognito services to require users to sign in and sign up to your app through social identity providers like Facebook, Google, etc. Your marketing department wants users to anonymously try out the app because the current log-in requirement is excessive, which may reduce the demand for products and services offered through the app. What would you suggest to the marketing department in this regard?

Correct Answer - B

• Option B is correct. Amazon Cognito Identity Pools can support unauthenticated identities by providing a unique identifier and AWS credentials for users who do not authenticate with an identity provider. Unauthenticated users can be associated with a role with limited access to resources compared to a role for authenticated users.

• Option A is incorrect. Cognito will allow unauthenticated users without being a security risk.

• Option C is incorrect. Cognito supports both authenticated and unauthenticated users.

• Practice Test 4 (SAA-C03)

Domain: Design High-Performing Architectures

You are working for a start-up company that develops mobile gaming applications using AWS resources. For creating AWS resources, the project team is using CloudFormation Templates. The Project Team is concerned about the changes made in EC2 instance properties by the Operations Team, apart from parameters specified in CloudFormation Templates. To observe changes in AWS EC2 instance, you advise using CloudFormation Drift Detection. After Drift detection, when you check drift status for all AWS EC2 instances, drift for certain property values with default values for resource properties is not displayed. What would you do to include these resource properties to be captured in CloudFormation Drift Detection?

Correct Answer – B

AWS CloudFormation Drift Detection can be used to detect changes made to AWS resources outside the CloudFormation Templates. AWS CloudFormation Drift Detection only checks property values explicitly set by stack templates or by specifying template parameters. It does not determine drift for property values that are set by default. To determine drift for these resources, you can explicitly set property values that can be the same as that of the default value.

•  Option A is incorrect. If property values are assigned explicitly to these properties, running AWS CloudFormation Drift Detection would be detected in both individuals and the entire CloudFormation Stack.
  

• Option C is incorrect as CloudFormation Drift Detection supports the AWS EC2 instance.
  

• Option D is incorrect. Since for all other resources, CloudFormation Drift Detection has already determined drift, there is no other read permission to be granted further.

• Practice Test 4 (SAA-C03)
  
  Domain: Design High-Performing Architectures
  

  You are creating a new architecture for a financial firm. The architecture consists of some EC2 instances with the same type and size (M5.large). In this architecture, all the EC2 mostly communicate with each other. Business people have asked you to create this architecture keeping in mind low latency as a priority. Which placement group option could you suggest for the instances?

Answer: B

• Option A is incorrect. Partition Placement Groups distribute the instances in different partitions. The partitions are placed in the same AZ, but do not share the same rack. This type of placement group does not provide low latency throughput to the instances. More details-

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
  

• Option B is CORRECT. Clustered Placement Group places all the instances on the same rack. This placement group option provides 10 Gbps connectivity between instances ( Internet connectivity in the instances has a maximum of 5 Gbps). This option of placement group is perfect for the workload that needs low latency. More details-

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
  

• Option C is incorrect. Placement Groups place all the instances in different racks in the same AZ. These types of placement groups do not provide low latency throughput to the instances. More details-

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
  

• Option D is incorrect. Enhanced Networking Placement Group does not exist. More details-

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

• Practice Test 3(SAP-C02)
  
  Domain: Continuous Improvement for Existing Solutions
  

  You are an AWS administrator. Recently, you started to use various AWS services in AWS Systems Manager to maintain over 20 EC2 and on-premises instances. In the past month, the AWS bill has increased by about 10% than before. The company’s accountant asked you about the potential cause of this. For the AWS Systems Manager services, which ones may bring additional charges? (Select TWO)

Correct Answers: D and E

For the services provided by AWS Systems Manager, most of them are free without extra cost. However, there are still some priced features when used. For the details, please refer to https://aws.amazon.com/systems-manager/pricing/on AWS Systems Manager Pricing.

• Option A is incorrect because on-premises Instance Management does not incur any charges, it is free.

• Option B is incorrect because Run Command is free. Check the above link.

• Option C is incorrect because Patch Manager automates the process of patching managed instances, which is a free service.

• Option D is CORRECT: Parameter Store is a secure place to store parameters or secrets. When you create advanced parameters, you are charged based on the number of advanced parameters stored each month and per API interaction.

• Option E is CORRECT because the Automation will bring additional charges.

• Practice Test 3(SAP-C02)
  
  Domain: Accelerate Workload Migration and Modernization
  

  You work in the integration team of a company, and your team is integrating the infrastructure with Amazon VPC. You are recently assigned a task to create a VPN connection. You have the AWS management console logging access. The first step that you plan to do is to create a customer gateway in the AWS VPC console. In order to do that, which information do you need? (Select TWO)

Correct Answers: A and D

• The first step of creating a VPN connection is to set up a customer gateway in the AWS VPC console according to https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html.

• Option A is Correct: AWS VPN has used BGP ASN to establish the connection for dynamic routing.
  

• Option B is incorrect: For static routing, no BGP ASN is needed.
  

• Option C is incorrect: The internet-routable IP address for the customer gateway device's external interface is required. And the value must be static.
  

• Option D is Correct: Same reason as option C.

• Practice Test 3(SAP-C02)

• 
  Domain: Design for New Solutions

• As an AWS Solutions Architect for a large e-commerce company, you have been tasked with designing a highly available and scalable DNS solution that can handle millions of queries per second. The company currently uses Amazon Route 53 as its primary DNS service, but the management team is concerned about the potential for a single point of failure and the need for faster query resolution.

  To address these concerns, you decide to implement Amazon Route 53 Resolver, a powerful tool that allows for faster query resolution and increased availability by providing inbound and outbound DNS query capabilities.

  Which of the following combination of options would meet the requirement to enable Amazon Route 53 Resolver for the company's DNS infrastructure, while also ensuring high availability and scalability? (Select TWO)

Correct Answers: A and D

• Option A is correct as by creating an inbound resolver endpoint in each availability zone, the company can ensure high availability by providing a DNS resolution service that is close to the client. This reduces the chances of a single point of failure and improves query resolution time.

• Option D is correct as by enabling Amazon Route 53 Resolver for all VPCs within the company's AWS infrastructure, the company can ensure high scalability and availability by providing a DNS resolution service that can handle millions of queries per second. Using Route 53 Resolver to forward queries to on-premises DNS servers for resolution provides a hybrid solution that can leverage both on-premises and cloud-based resources to resolve queries.

• Option B is incorrect because setting up a secondary hosted zone in Amazon Route 53 can provide some level of high availability, it does not address the concern of a single point of failure and it does not provide a scalable solution to handle millions of queries per second as Route 53 Resolver does.

• Option C is incorrect because Amazon Route 53 Resolver Rules can help optimize query resolution time, but it does not address the concern of high availability and scalability that the company is facing.

• Option E is incorrect because creating an outbound resolver endpoint in each availability zone and configuring Amazon Route 53 to forward all queries to the endpoint in the nearest region can improve query resolution time, but it does not address the concern of high availability and scalability.