Browse SAP Questions
Study all 100 questions at your own pace with detailed explanations
Total: 100 questionsPage: 4 of 10
Question 31 of 100
You're migrating an existing application to the AWS cloud. The application will be primarily using EC2 instances. This application needs to be built with the highest availability architecture available. The application currently relies on hardcoded hostnames for intercommunication between the three tiers. You've migrated the application and configured the multi-tiers using the internal Elastic Load Balancer for serving the traffic. The load balancer hostname is example-app.us-east-1.elb.amazonaws.com. The current hard-coded hostname in your application used to communicate between your multi-tier application is applayer.example.com. What is the best method for architecting this setup to have as much high availability as possible? Choose the correct answer:
ACreate a public resource record set using Route 53 with a hostname of applayer.example.com and an alias record to example-app.us-east-1.elb.amazonaws.com
BCreate a private resource record set using Route 53 with a hostname of applayer.example.com and an alias record to example-app.us-east-1.elb.amazonaws.com
CAdd a cname record to the existing on-premise DNS server with a value of example-app.us-east-1.elb.amazonaws.com. Create a public resource record set using Route 53 with a hostname of applayer.example.com and an alias record to example-app.us-east-1.elb.amazonaws.com.
DCreate an environment variable passed to the EC2 instances using user-data with the ELB hostname, example-app.us-east-1.elb.amazonaws.com.
π‘ Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 32 of 100
A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across two Availability Zones. The load balancer is in public subnets and the EC2 instances are in private subnets. Separate security groups are associated with the load balancer and the EC2 instances. The application reads data from an on-premises database in the company data center over a 1 Gbps AWS Direct Connect connection using a private virtual interface. Multiple applications in the data center also reference the on-premises database. What change will improve the architecture?
AReplace the private virtual interface with a public virtual interface.
BHave the application synchronously invoke a new AWS Lambda function to access the on-premises database.
CAdd a VPN connection between the data center and the virtual private gateway on the VPC.
DMigrate the on-premises database to EC2 instances in the VPC.
π‘ Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 33 of 100
You need to perform ad-hoc business analytics queries on well-structured data. Data comes in constantly at a high velocity. Your business intelligence team can understand SQL. What AWS service(s) should you look to first?
AKinesis Firehose + RDS
BKinesis Firehose + Redshift
CEMR using Hive
DEMR running Apache Spark
π‘ Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 34 of 100
You manage an application, which distributes media to a global audience. The application historically used local instance storage to store the media content and an EC2 instance to serve it to customers. A previous SA rearchitected the solution to use S3 for static content hosting with a CloudFront distribution for global content delivery. You have been called into a meeting to address an urgent issue. It appears that customers can now access content without paying or being logged into the application. What ways can you suggest to address the issue (Choose 2)
AEnsure the instance is using an IAM role; configure the S3 bucket policy to only allow access from this role.
BConfigure a bucket policy and set Origin Access Identity (OAI)
CAdd Trusted signers to a CloudFront behaviour
DRestrict based on application user name and the user-passthrough authentication type on the CloudFront IDP setting
EIntegrate the CloudFront distribution with the application using web identity federation and Cognito
π‘ Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 35 of 100
A company hired a Solutions Architect to assist with the migration of its on-premises application and MySQL database. The application is actively utilized by hundreds of users, and new data is constantly generated and stored in the database. The application is mission critical, so downtime must be minimized. The most recent data must be readily available to users. What migration strategy should the Solutions Architect use to migrate the database to AWS?
ACreate a new Amazon RDS MySQL DB instance and an AWS DMS replication instance. Configure an AWS DMS task to copy data from the on-premises database to the RDS instance using a full load migration strategy.
BUse the mysqldump utility to export the data to local storage. Copy the data to an Amazon S3 bucket. Create a new Amazon RDS MySQL DB instance. Import the data into the new RDS instance.
CUse AWS Storage Gateway to copy database data to an Amazon S3 bucket. Create a new Amazon RDS instance using the AWS Management Console, and import the data from Amazon S3.
DCreate a new Amazon RDS MySQL DB instance and an AWS DMS replication instance. Configure an AWS DMS task to copy data from the on-premises database to the RDS instance using a full load and change data capture (CDC) strategy.
π‘ Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 36 of 100
Big Brother Bank has been acquiring smaller banks. BBB has a security requirement that all bank employees are required to log into a central identity solution, so that when they log on they gain access to central bank resources. Given that each bank has their own AWS account, and existing application instances with which to run their bank software, how would BBB connect each bank's AWS networks to the central VPC, as to allow each bank to use the central identity solution? Each bank runs their VPC in the us-west-1 region, requires a high availability solution, and regulation does not allow each bank access to the others' resources. How would you best design this solution? Choose the correct answer
ACreate a Direct Connect connection from each VPC endpoint to the main BBB VPC.
BCreate a VPC peering connection with BBB's VPC peered to each branch's AWS account, ensuring that the peered subnets do not have an overlapping CIDR block range.
CCreate an OpenVPN instance in BBB's VPC and establish an IPSec tunnel between VPCs.
DMigrate the acquired banks' AWS accounts to the main BBB account using migration tools such as Import/Export, Snapshot, AMI Copy, and S3 sharing.
π‘ Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 37 of 100
You are excited that your company has just purchased a Direct Connect link from AWS as everything you now do on AWS should be much faster and more reliable. Your company is based in Sydney, Australia so obviously the Direct Connect Link to AWS will go into the Asia Pacific (Sydney) region. Your first job after the new link purchase is to create a multi-region design across the Asia Pacific(Sydney) region and the US West (N. California) region. You soon discover that all the infrastructure you deploy in the Asia Pacific(Sydney) region is extremely fast and reliable, however the infrastructure you deploy in the US West (N. California) region is much slower and unreliable. Which of the following would be the best option to make the US West (N. California) region a more secure and reliable connection? Choose the correct answer from the options below
ACreate a private virtual interface to the Asia Pacific region's public endpoints and use VPN over the public virtual interface to protect the data.
BCreate a private virtual interface to the US West region's public endpoints and use VPN over the public virtual interface to protect the data
CCreate a public virtual interface to the Asia Pacific region's public endpoints and use VPN over the public virtual interface to protect the data.
DCreate a public virtual interface to the US West region's public endpoints and use VPN over the public virtual interface to protect the data.
π‘ Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 38 of 100
A company runs a web application on Amazon EC2 instances behind an ELB Application Load Balancer. There have been spikes in traffic that caused the application to slow down and fail several times. Logs reveal that the additional traffic contained malformed requests from multiple sources. Which solution will MOST quickly block these types of attacks in the future?
ACreate an Amazon CloudFront distribution and set the Elastic Load Balancer as the origin. Enable AWS Shield Standard to mitigate the attacks.
BApply an AWS WAF rule to the load balancer with string match conditions to block requests that are malformed.
CCreate an AWS Lambda function to identify malformed requests from the Elastic Load Balancer access logs and update AWS WAF rules on the load balancer to block the source IP addresses of the malicious traffic.
DCreate an Amazon CloudFront distribution and set the Elastic Load Balancer as the origin. Create an AWS Lambda function to identify malformed requests from the Cloud Front logs and update AWS WAF rules on CloudFront to block the source IP addresses of the malicious traffic.
π‘ Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 39 of 100
Your firm has uploaded a large amount of aerial image data to S3. In the past, in your on-premises environment, you used a dedicated group of servers to often process this data and used Rabbit MQ, an open source messaging system, to get job information to the servers. Once processed the data would go to tape and be shipped offsite. Your manager told you to stay with the current design, and leverage AWS archival storage and messaging services to minimize cost. Which is correct?
AUse SQS for passing job messages, use Cloud Watch alarms to terminate EC2 worker instances when they become idle. Once data is processed, change the storage class of the S3 objects to Reduced Redundancy Storage.
BSetup Auto-Scaled workers triggered by queue depth that use spot instances to process messages in SQS. Once data is processed, change the storage class of the S3 objects to Reduced Redundancy Storage.
CSetup Auto-Scaled workers triggered by queue depth that use spot instances to process messages in SQS. Once data is processed, change the storage class of the S3 objects to Glacier.
DUse SNS to pass job messages use Cloud Watch alarms to terminate spot worker instances when they become idle. Once data is processed, change the storage class of the S3 object to Glacier.
π‘ Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 40 of 100Multiple Choice
You have configured Direct Connect between your company's on-premise data center and the new AWS company account. After the configuration is complete and routes are being advertised, you cannot connect from EC2 instances to the on-premises servers. What steps can you take? (Select TWO)
AYour Internet Gateway needs a route to the Internet.
BEnable route propagation to the customer gateway (CGW).
CThe route table for VPC needs to have a route back to the on-premises environment.
DEnable route propagation to the virtual private gateway (VGW)
π‘ Try to answer first, then click "Show Answer" to see the correct answer and explanation