aws solution architect associate dumps (241 to 250)

It is more faster and easier to pass the Amazon aws solution architect associate certification exam by using Verified Amazon AWS Certified Solutions Architect – Associate questuins and answers. Immediate access to the Up to the minute aws solution architect associate certification Exam and find the same core area aws solution architect associate exam dumps questions with professionally verified answers, then PASS your exam with a high score now.


Free VCE & PDF File for Amazon AWS-Solution-Architect-Associate Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW AWS-Solution-Architect-Associate Exam Dumps (PDF & VCE):
Available on:

Q241. How can I change the security group membership for interfaces owned by other AWS, such as Elastic Load Balancing?

A. By using the service specific console or API\\CLI commands

B. None of these

C. Using Amazon EC2 API/CLI

D. using all these methods 

Answer: A

Q242. A newspaper organization has a on-premises application which allows the public to search its back catalogue and retrieve indMdual newspaper pages via a website written in Java They have scanned the old newspapers into JPEGs (approx 17TB) and used Optical Character Recognition (OCR) to populate a commercial search product. The hosting platform and software are now end of life and the organization wants to migrate Its archive to AW5 and produce a cost efficient architecture and still be designed for availability and durability. Which is the most appropriate?

A. Use 53 with reduced redundancy Io store and serve the scanned files, install the commercial search application on EC2 Instances and configure with auto-scaling and an Elastic Load Balancer.

B. Model the environment using CIoudFormation use an EC2 instance running Apache webserver and an open source search application, stripe multiple standard EB5 volumes together to store the JPEGs and search index.

C. Use 53 with standard redundancy to store and serve the scanned files, use CIoud5earch for query

processing, and use Elastic Beanstalk to host the website across multiple availability zones.

D. Use a single-AZ RD5 My5QL instance Io store the search index 33d the JPEG images use an EC2 instance to serve the website and translate user queries into 5QL.

E. Use a CIoudFront download distribution to serve the JPEGs to the end users and Install the current commercial search product, along with a Java Container Tor the website on EC2 instances and use Route53 with DNS round-robin.



There is no such thing as "NIost appropriate" without knowing all your goals. I find your scenarios very fuzzy, since you can obviously mix-n-match between them. I think you should decide by layers instead: Load Balancer Layer: ELB or just DNS, or roll-your-own. (Using DNS+EIPs is slightly cheaper, but less reliable than ELB.)

Storage Layer for 17TB of Images: This is the perfect use case for 53. Off-load all the web requests directly to the relevant JPEGs in 53. Your EC2 boxes just generate links to them.

If your app already serves it's own images (not links to images), you might start with EFS. But more than likely, you can just setup a web server to re-write or re-direct all JPEG links to 53 pretty easily.

If you use 53, don't serve directly from the bucket- Serve via a CNAME in domain you control. That way, you can switch in C|oudFront easily.

EBS will be way more expensive, and you'II need 2x the drives if you need 2 boxes. Yuck. Consider a smaller storage format. For example, JPEG200 or WebP or other tools might make for smaller images. There is also the DejaVu format from a while back.

Cache Layer: Adding Cloud Front in front of 53 will help people on the other side of the world– well, possibly. Typical archives follow a power law. The long tail of requests means that most JPEGs won't be requested enough to be in the cache. So you are only speeding up the most popular objects. You can always wait, and switch in CF later after you know your costs better. (In some cases, it can actually lower costs.)

You can also put CIoudFront in front of your app, since your archive search results should be fairly static. This will also allow you to run with a smaller instance type, since CF will handle much of the load if you do it right.

Database Layer: A few options:

Use whatever your current server does for now, and replace with something else down the road. Don't under-estimate this approach, sometimes it's better to start now and optimize later.

Use RDS to run MySQL/ Postgres

I'm not as familiar with EIasticSearch I Cloudsearch, but obviously Cloudsearch will be less maintenance+setup.

App Layer:

When creating the app layer from scratch, consider Cloud Formation and/or OpsWorks. It's extra stuff to learn, but helps down the road.

Java+ Tomcat is right up the alley of E|asticBeanstaIk. (Basically EC2 + Autoscale + ELB).

Preventing Abuse: When you put something in a public 53 bucket, people will hot-link it from their web pages. If you want to prevent that, your app on the EC2 box can generate signed links to 53 that expire in a few hours. Now everyone will be forced to go thru the app, and the app can apply rate limiting, etc. Saving money: If you don't mind having downtime:

run everything in one AZ (both DBs and EC2s). You can always add servers and AZs down the road, as long as it's architected to be stateless. In fact, you should use multiple regions if you want it to be really robust.

use Reduced Redundancy in 53 to save a few hundred bucks per month (Someone will have to "go fix it" every time it breaks, including having an off-line copy to repair 53.)

Buy Reserved Instances on your EC2 boxes to make them cheaper. (Start with the RI market and buy a partially used one to get started.) It's just a coupon saying "if you run this type of box in this AZ, you will save on the per-hour costs." You can get 1/2 to 1/3 off easily.

Rewrite the application to use less memory and CPU -that way you can run on fewer/ smaller boxes. (Nlay or may not be worth the investment.)

If your app will be used very infrequently, you will save a lot of money by using Lambda. I'd be worried that it would be quite slow if you tried to run a Java application on it though ..

We're missing some information like load, latency expectations from search, indexing speed, size of the search index, etc. But with what you've given us, I would go with 53 as the storage for the files (53 rocks. It is really, really awesome). If you're stuck with the commercial search application, then on EC2 instances with autoscaling and an ELB. If you are allowed an alternative search engine, Elasticsearch is probably  your best bet. I'd run it on EC2 instead ofthe AWS Elasticsearch service, as IMHO it's not ready yet. Don't autoscale Elasticsearch automatically though, it'II cause all sorts of issues. I have zero experience with CIoudSearch so I can't comment on that. Regardless of which option, I'd use Cloud Formation for all of it.

Q243. A client of yours has a huge amount of data stored on Amazon S3, but is concerned about someone stealing it while it is in transit. You know that all data is encrypted in transit on AWS, but which of the following is wrong when describing server-side encryption on AWS?

A. Amazon S3 server-side encryption employs strong multi-factor encryption.

B. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.

C. In server-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools.

D. Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your data as it writes it to disks.



Amazon S3 encrypts your object before saving it on disks in its data centers and decrypts it when you download the objects. You have two options depending on how you choose to manage the encryption keys: Server-side encryption and client-side encryption.

Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects. Amazon S3 manages encryption and decryption for you. For example, if you share your objects using a pre-signed URL, that URL works the same way for both encrypted and unencrypted objects.

In client-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools. Server-side encryption is an alternative to client-side encryption in which Amazon S3 manages the encryption of your data, freeing you from the tasks of managing encryption and encryption keys.

Amazon S3 server-side encryption employs strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.


Q244. Once again your customers are concerned about the security of their sensitive data and with their latest enquiry ask about what happens to old storage devices on AWS. What would be the best answer to this QUESTION ?

A. AWS reformats the disks and uses them again.

B. AWS uses the techniques detailed in DoD 5220.22-M to destroy data as part of the decommissioning process.

C. AWS uses their own proprietary software to destroy data as part of the decommissioning process.

D. AWS uses a 3rd party security organization to destroy data as part of the decommissioning process. 

Answer: B


When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized indMduals.

AWS uses the techniques detailed in DoD 5220.22-M ("Nationa| Industrial Security Program Operating ManuaI ") or NIST 800-88 ("GuideIines for Media Sanitization") to destroy data as part of the decommissioning process.

All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance

with industry-standard practices.


Q245. You are the new IT architect in a company that operates a mobile sleep tracking application

When activated at night, the mobile app is sending collected data points of 1 kilobyte every 5 minutes to

your backend

The backend takes care of authenticating the user and writing the data points into an Amazon DynamoDB table.

Every morning, you scan the table to extract and aggregate last night's data on a per user basis, and store the results in Amazon 53.

Users are notified via Amazon 5NI5 mobile push notifications that new data is available, which is parsed and visualized by (The mobile app Currently you have around IOOk users who are mostly based out of North America.

You have been tasked to optimize the architecture of the backend system to lower cost what would you recommend? (Choose 2 answers}

A. Create a new Amazon DynamoDB (able each day and drop the one for the previous day after its data is on Amazon 53.

B. Have the mobile app access Amazon DynamoDB directly instead of J50N files stored on Amazon 53.

C. Introduce an Amazon SQS queue to buffer writes to the Amazon DynamoDB table and reduce provisioned write throughput.

D. Introduce Amazon Elasticache Io cache reads from the Amazon DynamoDB table and reduce provisioned read throughput.

E. Write data directly into an Amazon Redshift cluster replacing both Amazon DynamoDB and Amazon 53.

Answer: B, D

Q246. Name the disk storage supported by Amazon Elastic Compute Cloud (EC2).

A. None of these

B. Amazon AppStream store

C. Amazon SNS store

D. Amazon Instance Store 

Answer: D


Amazon EC2 supports the following storage options: Amazon Elastic Block Store (Amazon EBS) Amazon EC2 Instance Store Amazon Simple Storage Service (Amazon S3)


Q247. In Amazon CIoudFront, if you use Amazon EC2 instances and other custom origins with CIoudFront, it is recommended to .

A. not use Elastic Load Balancing

B. restrict Internet communication to private instances while allowing outgoing traffic

C. enable access key rotation for CIoudWatch metrics

D. specify the URL of the load balancer for the domain name of your origin server 

Answer: D


In Amazon CIoudFront, you should use an Elastic Load Balancing load balancer to handle traffic across multiple Amazon EC2 instances and to isolate your application from changes to Amazon EC2 instances. When you create your C|oudFront distribution, specify the URL of the load balancer for the domain name of your origin server.


Q248. Which is the default region in AWS?

A. eu-west-1

B. us-east-1

C. us-east-2

D. ap-southeast-1 

Answer: B

Q249. Can you move a Reserved Instance from one Availability Zone to another?

A. Yes, but each Reserved Instance is associated with a specific Region that cannot be changed.

B. Yes, only in US-West-2.

C. Yes, only in US-East-1.

D. No



Each Reserved Instance is associated with a specific Region, which is fixed for the lifetime of the reservation and cannot be changed. Each reservation can, however, be used in any of the available AZs within the associated Region.


Q250. Amazon EC2 has no Amazon Resource Names (ARNs) because you can't specify a particular Amazon EC2 resource in an IAM policy.



Answer: A