QUESTION 6 You have a web application that is hosted on a series of EC2 instances that have an Application Load Balancer in front of them. You have created a new CloudFront distribution. You then set up its origin to point to your ALB. You need to provide access to hundreds of private files served by your CloudFront distribution. What should you use?

CloudFront Origin Access Identity

QUESTION 8 You have a subscription website that stores private images and videos in S3. You need to distribute that content globally, so you have set up a CloudFront distribution and configured your S3 bucket to only allow the distribution's Origin Access Identity to have access to the data. You want to distribute private content to users for a limited amount of time. Which CloudFront feature allows you to securely distribute this private content?

CloudFront Forward Distributors

QUESTION 9 A pharmaceutical company has created a hybrid cloud that connects their on-premises data center and cloud infrastructure in AWS. They need to back up their storage to AWS. The backups must be stored and retrieved from AWS using the Server Message Block (SMB) protocol. The backups must be immediately accessible within minutes for three months. What is the best solution?

Create a Direct Connect connection and store the backups in DynamoDB.

Create a Direct Connect connection and store the backups using Route 53.

QUESTION 11 You work for an insurance company that uses an AWS web application to look up customers' credit scores. For security purposes, this web application cannot traverse the internet or leave the Amazon network. It needs to communicate to Amazon DynamoDB and Amazon S3 in a custom VPC. What networking technology should you implement to achieve this?

Use VPC endpoints to connect the AWS web application to Amazon DynamoDB and Amazon S3.

Use AWS VPN CloudHub to connect the web application to Amazon DynamoDB and Amazon S3.

Use AWS Direct Connect to connect directly to Amazon DynamoDB and Amazon S3.

Use AWS WAF to connect the web application to Amazon DynamoDB and Amazon S3.

QUESTION 14 You work for a Fintech company that is migrating its application to AWS. You have a small team of six developers who need varying levels of access to the AWS platform. Using IAM, what is the most secure way to achieve this?

Create the appropriate groups with the appropriate permissions and then create an IAM user account per developer. Assign the accounts to the appropriate groups.

Give each developer a root level AWS account and join each of these accounts to AWS Organizations.

Create six IAM user accounts and add them to the administrator group, giving them full access to AWS.

Create one IAM user account with a user name and password and then share the login details with the six developers.

QUESTION 15 You work for a large advertising company that is moving its videos and photos to AWS. The size of the migration is 70 terabytes, and it needs to be completed as quickly and cost-effectively as possible. What is the best way to achieve this?

An AWS Snowball Edge Storage Optimized device

QUESTION 16 You run an online platform that specializes in five different dream vacations. The platform allows customers to submit queries about their five different experiences. You need to ensure that all queries are answered within 24 hours, either by a person or by a bot. You decide to create five separate SQS queues for each experience request. You need to automatically publish messages to their respective SQS queues as soon as customers submit their queries. Which architecture would be best suited to achieve this?

Create one SNS topic and configure the five SQS queues to subscribe to that topic. Configure the filter policies in the SNS subscription to publish the response to the designated SQS queue based on the experience request type.

Create five SNS topics and configure the five SQS queues to subscribe to those five topics. Publish the messages to the dedicated queue depending on the experience request.

Use AWS Lex and AWS Polly to respond automatically to the SQS queues.

Create 10 SNS topics and configure the five SQS queues to subscribe to two topics each. Publish the messages to the dedicated queue depending on the experience request.

QUESTION 17 You have launched an EC2 instance that will host a PHP application. You install all the required software such as PHP and MySQL. You make a note of the EC2 public IPv4 address and then you stop and restart your EC2 instance. You notice that after the restart, you can't access the EC2 instance and that the instance's public IPv4 has been changed. What should you do to make sure your IPv4 address does not change?

Create an elastic IP address and assign it to your EC2 instance.

Install the PHP application on an S3 bucket and configure the bucket to have a fixed IP address.

Raise a support request with AWS Support and ask them to issue you a permanent IPv4 address.

Create an Application Load Balancer with a fixed IP address and place the EC2 behind this.

QUESTION 19 You are migrating your automotive company's customer-facing systems to AWS. One of the backend systems requires a database that is scalable globally and that can handle frequent updates to the database schema. You need to ensure there is no downtime or performance issues every time there is a schema change. You always require low-latency responses to high-traffic queries. What database would best suit this requirement?

RDS SQL Server with read replicas

Amazon Aurora Database with read replicas enabled

QUESTION 21 You host a web application on Amazon EC2 that contains a large number of files that are infrequently accessed. Currently, the files are hosted on provisioned IOPS; however, due to budget cuts, your manager asks you to move the files to a more cost-effective solution. What storage solution should you choose?

Use an S3 Infrequent Access storage bucket. Create a role in IAM granting S3 access and attach this role to your EC2 instance.

Use a Throughput Optimized HDD (st1).

Use an Elastic Block Storage General Purpose SSD (gp3).

QUESTION 22 You are planning to migrate a complex big data application to AWS using EC2. The application requires complex software to be installed, which typically takes a couple of hours. You need this application to be behind an Auto Scaling group so that it can react in a scaling event. How do you recommend speeding up the installation process when there's a scale-out event?

Create a golden AMI with the software pre-installed.

Pre-deploy the software on an Application Load Balancer so when there's a scaling event it will automatically be installed on the EC2 instance.

Create a bootstrap script to automatically install the software.

Create an EBS volume with PIOPS for faster installation performance.

QUESTION 24 You work for a small startup that has a shoestring budget. You accidentally leave a large EC2 instance running over a few days and are hit with a huge bill. You need to prevent this from happening in the future. What should you do?

Create a billing alarm to monitor your AWS charges for when they go above a certain threshold.

Enable AWS CloudTrail to terminate any EC2 instance that has been running for more than 24 hours.

Enable CloudFormation to alert you when any EC2 instance has been running for more than 24 hours.

Use AWS Trusted Advisor to notify you whenever an EC2 instance has been running for more than 24 hours.

QUESTION 27 You have a serverless image-sharing website that utilizes S3 to store high-quality images. Unfortunately, your competitors start linking to your website and borrowing your photos. How can you best prevent unauthorized access?

Restrict public access to the bucket and turn on presigned URLs with expiry dates.

Block the IP addresses of the websites using AWS WAF.

Enable CloudFront on the website.

Store the images in an RDS database and restrict access.

QUESTION 28 You are a solutions architect for an online gambling company. You notice a series of web-layer DDoS attacks. This is coming from a large number of multiple IP addresses. In order to mitigate these web-layer DDoS attacks, you have been asked to implement a rule capable of blocking all IPs that have more than 2,000 requests in the last 5 minute interval. What should you do?

Create a rate-based rule on your AWS WAF and associate the web access control list (ACL) to the Application Load Balancer

Create a standard rule on your AWS WAF and associate the web access control list (ACL) to the Application Load Balancer

Update your VPC's network access control list (NACL) and block access to the IP addresses as and when they come in

Use AWS Trusted Advisor to filter the traffic

QUESTION 30 A large fintech company is using a web application that stores its data on Amazon RDS. As a solutions architect, you have been asked to upgrade the web application so that users around the world can access it using an API. The application will need to be able to handle large bursts of traffic in seconds from time to time. What would an ideal solution look like?

Create an API using API Gateway and use Lambda to process the requests and Lambda functions to push the requests to an SQS queue, consume messages from the queue, and interact with RDS.

Create an API using API Gateway and use EC2 with Auto Scaling to quickly handle the sudden burst of traffic.

Create an API using API Gateway and use Route 53 to route traffic to CloudFront.

Create an API using API Gateway and use RDS Auto Scaling to handle the bursts in traffic.

QUESTION 32 A junior intern just started working at your company. During the course of the day, they accidentally delete a critical encryption key that you had stored securely in S3. You need to prevent this from happening in the future. Which two steps should you take to prevent this from happening again in the future? (Choose 2)

Enable multi-factor authentication (MFA) delete

QUESTION 34 You have been tasked with designing a strategy for backing up EBS volumes attached to an instance-store-backed EC2 instance. You have been asked for an executive summary on your design, and the executive summary should include an answer to the question, “What can an EBS volume do when snapshotting the volume is in progress”?

The volume can be used normally while the snapshot is in progress.

The volume can only accommodate writes while a snapshot is in progress.

The volume can only accommodate reads while a snapshot is in progress.

The volume cannot be used while a snapshot is in progress.

QUESTION 35 A recent audit of IT services deployed within many of the AWS Organization member accounts in your company has caused numerous remediation tasks for the SecOps team, as well as the member account owners. Post-remediation efforts, the CISO has asked you to identify a solution within AWS for preventing this from repeating. They would like you to instead find a way to allow end users in the accounts to deploy preapproved services within AWS to avoid them accidentally using the offending services. Which of the following is the optimal approach for this solution?

Create approved CloudFormation templates containing the required services that can be used throughout the organization. Load the templates to a shared catalog within AWS Service Catalog. List the templates as products, and then share the catalog with your Organization.

Create approved Terraform templates containing the required services that are used throughout the organization. Create a shared catalog within AWS Service Catalog, list the templates as products, and then share the catalog with your Organization.

Create a CloudFormation Stack Set for each approved IT service. Have an organization administrator manually deploy these templates to the targeted accounts after approval.

Create approved CloudFormation templates containing the required services that are used throughout the organization. Send email templates out to the account owners, so they can reference them as needed.

QUESTION 36 You manage 12 EC2 instances and you need to have a central file repository that these EC2 instances can access. What would be the best possible solutions for this? (Choose 2)

Attach a volume to multiple instances with Amazon EBS Multi-Attach.

Create an EFS volume and attach this to the EC2 instances.

Create a Route53 EBS storage record and create a network mount on your EC2 instances pointing at the Route53 alias record.

Create a custom Lambda function behind API Gateway. Point your EC2 instances to the Lambda function when they need to access the centralized storage system.

QUESTION 37 You are a solutions architect working for a biotech company that has a large private cloud deployment using VMware. You have been tasked to setup their disaster recovery solution on AWS. What is the simplest way to achieve this?

Purchase VMware Cloud on AWS, leveraging VMware disaster recovery technologies and the speed of AWS cloud to protect your virtual machines

Use the VMware landing page on AWS to provision a EC2 instance with VMware vCenter installed on it

Deploy an EC2 instance into a private subnet and install vCenter on it

Deploy an EC2 instance into a public subnet and install vCenter on it

QUESTION 39 You have a custom VPC hosted in the AWS cloud that contains your secure web application. During routine analysis, you notice some port scans coming in from unrecognizable IP addresses. You are suspicious, and decide to block these IP addresses for the next 48 hours. What is the best way to achieve this?

Modify your network access control list (NACL) for all public IP addresses and block traffic to the suspicious IP addresses.

Modify your VPC control list and block access to the IP addresses.

Modify your security group for all public IP addresses and block traffic to the suspicious IP addresses.

Modify your internet gateway for all private IP addresses and block traffic to the suspicious IP addresses.

QUESTION 40 You work for an insurance company that has just been merged with two other insurance companies. All companies have production workloads on AWS using multiple AWS accounts. Which of the following is something you could recommend to your boss to immediately start saving money?

Create a root AWS account using AWS Organizations and connect all subsequent AWS accounts to the Organization. You can then take advantage of consolidated billing.

Run Amazon Macie to identify where you can save costs.

Migrate all AWS accounts to a single AWS account and close the migrated accounts.

Use AWS CloudTrail to start keeping track of what you are spending.

QUESTION 41 A financial institution has begun using AWS services and plans to migrate as much of their IT infrastructure and applications to AWS as possible. The nature of the business dictates that strict compliance practices be in place. The AWS team has configured AWS CloudTrail to help meet compliance requirements and be ready for any upcoming audits. Which item is not a feature of AWS CloudTrail?

Monitor Auto Scaling Groups and optimize resource utilization.

Answer simple questions about user activity.

QUESTION 42 Your company has a small web application hosted on an EC2 instance. The application has just been deployed but no one is able to connect to the web application from a browser. You had recently ssh’d into this EC2 instance to perform a small update, but you also cannot browse to the application from Google Chrome. You have checked and there is an internet gateway attached to the VPC and a route in the route table to the internet gateway. Which situation most likely exists?

The instance security group has ingress on port 22 but not port 80.

The instance security group has no ingress on port 22 or port 80.

The instance security group has ingress on port 443 but not port 22.

The instance security group has ingress on port 80 but not port 22.

QUESTION 43 You have an online store and you are preparing for the week before Christmas, which is your busiest period of the year. You estimate that your traffic will increase by 50% during this period. Your website is using an SQS standard queue, and you're running a fleet of EC2 instances configured in an Auto Scaling group which then consumes the SQS messages. What should you do to prepare your SQS queue for the 50% increase in traffic?

Nothing. SQS scales automatically.

Create multiple SQS queues and deploy these behind an SQS Load Balancer.

Increase the size of your SQS queue.

Create additional EC2 instances to help query the SQS queue.

QUESTION 47 Janelle works as a cloud solutions architect for a large enterprise that has begun the process of migrating to AWS for all of their application needs. The CTO and CISO have already decided that AWS Organizations is a required service for the multi-account environment that will be put into place. Janelle has been brought in to help solve the primary concern of member AWS accounts not following the required compliance rules set forth by the company. They want to both send alerts on configuration changes and prevent specific actions from occurring. Which solution would be the most efficient in solving this projected problem?

Create new AWS accounts using AWS Control Tower. Leverage the preventative and detective guardrails that come with it to prevent governance drift as well as send alerts on suspicious activities.

Install third-party SIEM software on Amazon EC2 instances in each account. Attach to them a Read-Only IAM instance profile within the respective account. Have them generate alerts for each flagged activity.

Create a set of Global AWS Config rules that can cover all Regions in the management account that apply to the member accounts. Set up an AWS Lambda function in the management AWS account to alert an administrator when drift is detected.

Create individual AWS Config rules in each AWS account. Set up AWS Lambda functions in each AWS account to remediate any suspected drift.

QUESTION 48 You are working for a small startup that wants to design a content management system (CMS). The company wants to architect the CMS so that the company only incurs a charge when someone tries to access their content. They want to try and keep costs as low as possible and remain in the AWS Free Tier if possible. Which of the following options is the most cost-effective architecture?

API Gateway > Lambda > DynamoDB > S3

Elastic Load Balancer > EC2 > DynamoDB

Application Load Balancer > EC2 > RDS

QUESTION 49 You are a solutions architect at an insurance company. Someone on a previous shift has deployed an EC2 instance using a bootstrap script. However, the EC2 instance does not have the required software installed on it. You do not have access to the bootstrap script that they used. However, you do have admin access to the EC2 instance that was provisioned. How can you review the bootstrap script used to deploy the EC2 instance?

Run the command curl http://169.254.169.254/latest/user-data/.

Run the command curl http://254.169.254.169/latest/meta-data/.

Run the command curl http://254.169.254.169/latest/user-data/.

Run the command curl http://169.254.169.254/latest/meta-data/.

AWS Certified Solutions Architect - Associate Exam-2

Authored by Rahmatullah Faqiri

others

Used 1+ times

AWS Certified Solutions Architect - Associate Exam-2

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

67 questions

Show all answers

OPEN ENDED QUESTION

30 sec • Ungraded

Name

Evaluate responses using AI:

OFF

OPEN ENDED QUESTION

Use a VPN concentrator to connect the AWS accounts back to the on-premises data center.

Create a new Direct Connect gateway and set this up with the existing Direct Connect connection. Set up a transit gateway between the AWS accounts and connect the transit gateway to the Direct Connect gateway.

Provision an AWS VPN CloudHub and connect the AWS accounts directly back to the Direct Connect connection via a VPN connection.

Provision a new Direct Connect connection for each AWS account and connect it back to your on-premises data center.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

65 questions

7th Grade Spring Semester Test

Quiz

•

KG - University

66 questions

Combo: Jesus' Message

Quiz

•

KG - University

62 questions

8th Grade Bible Midterm Kyle

Quiz

•

KG - University

63 questions

United States Constitution Test (Sections 1, 2, & 3)

Quiz

•

KG - University

67 questions

Illinois State Constitution

Quiz

•

KG - University

64 questions

Unit 3.1 Test

Quiz

•

11th Grade

71 questions

AOS_ACT2_INDIVIDUAL_2025

Quiz

•

KG - University

65 questions

Physical Science Semester 1 Final Exam

Quiz

•

KG - University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for others

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

AWS Certified Solutions Architect - Associate Exam-2

Name

Surname

QUESTION 2 You use AWS Route53 as your DNS service and you have updated your domain, hello.acloud.guru, to point to a new Elastic Load Balancer (ELB). However, when you check the update it looks like users are still redirected to the old ELB. What could be the problem?

QUESTION 7 A small startup is beginning to configure IAM for their organization. The user logins have been created and now the focus will shift to the permissions to grant to those users. An admin starts creating identity-based policies. To which item can an identity-based policy not be attached?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for others