Certshared now are offering 100% pass ensure AWS-Solution-Architect-Associate dumps!

https://www.certshared.com/exam/AWS-Solution-Architect-Associate/ (1052 Q&As)

Amazon
Exam Questions AWS-Solution-Architect-Associate
AWS Certified Solutions Architect - Associate

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure AWS-Solution-Architect-Associate dumps!
https://www.certshared.com/exam/AWS-Solution-Architect-Associate/ (1052 Q&As)

NEW QUESTION 1
You need to set up a complex network infrastructure for your organization that will be reasonably easy to deploy, replicate, control, and track changes on. Which
AWS service would be best to use to help you accomplish this?

A. AWS Import/Export
B. AWS CIoudFormation
C. Amazon Route 53
D. Amazon CIoudWatch

Answer: B

Explanation:
AWS CIoudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those
resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon
EC2 instances or Amazon RDS DB instances), and AWS CIoudFormation takes care of provisioning and configuring those resources for you. You don't need to
indMdually create and configure AWS resources
and figure out what's dependent on what. AWS CIoudFormation handles all of that.
Reference: http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/WeIcome.htmI

NEW QUESTION 2
You need to measure the performance of your EBS volumes as they seem to be under performing. You have come up with a measurement of 1,024 KB I/O but
your colleague tells you that EBS volume performance is measured in IOPS. How many IOPS is equal to 1,024 KB I/O?

A. 16
B. 256
C. 8
D. 4

Answer: D

Explanation:
Several factors can affect the performance of Amazon EBS volumes, such as instance configuration, I/O characteristics, workload demand, and storage
configuration.
IOPS are input/output operations per second. Amazon EBS measures each I/O operation per second
(that is 256 KB or smaller) as one IOPS. I/O operations that are larger than 256 KB are counted in 256 KB capacity units.
For example, a 1,024 KB I/O operation would count as 4 IOPS.
When you provision a 4,000 IOPS volume and attach it to an EBS-optimized instance that can provide the necessary bandwidth, you can transfer up to 4,000
chunks of data per second (provided that the I/O does not exceed the 128 MB/s per volume throughput limit of General Purpose (SSD) and Provisioned IOPS
(SSD) volumes).
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSPerformance.htmI

NEW QUESTION 3
Which one of the following answers is not a possible state of Amazon CIoudWatch Alarm?

A. INSUFFICIENT_DATA
B. ALARM
C. OK
D. STATUS_CHECK_FAILED

Answer: D

Explanation:
Amazon CIoudWatch Alarms have three possible states: OK: The metric is within the defined threshold ALARM: The metric is outside of the defined threshold
INSUFFICIENT_DATA: The alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state
Reference: http://docs.aws.amazon.com/AmazonCIoudWatch/latest/DeveloperGuide/AlarmThatSendsEmaiI.html

NEW QUESTION 4
A client of yours has a huge amount of data stored on Amazon S3, but is concerned about someone stealing it while it is in transit. You know that all data is
encrypted in transit on AWS, but which of the following is wrong when describing server-side encryption on AWS?

A. Amazon S3 server-side encryption employs strong multi-factor encryption.

B. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
C. In server-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools.
D. Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your data as it writes it to disks.

Answer: C

Explanation:
Amazon S3 encrypts your object before saving it on disks in its data centers and decrypts it when you download the objects. You have two options depending on
how you choose to manage the encryption keys: Server-side encryption and client-side encryption.
Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it for you when
you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted
objects. Amazon S3 manages encryption and decryption for you. For example, if you share your objects using a pre-signed URL, that URL works the same way for
both encrypted and unencrypted objects.
In client-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools. Server-side encryption is an alternative to client-
side encryption in which Amazon S3 manages the encryption of your data, freeing you from the tasks of managing encryption and encryption keys.
Amazon S3 server-side encryption employs strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it
encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure AWS-Solution-Architect-Associate dumps!
https://www.certshared.com/exam/AWS-Solution-Architect-Associate/ (1052 Q&As)

Advanced Encryption Standard (AES-256), to encrypt your data.

Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/UsingServerSideEncryption.htmI

NEW QUESTION 5
Any person or application that interacts with AWS requires security credentials. AWS uses these credentials to identify who is making the call and whether to allow
the requested access. You have just set up a VPC network for a client and you are now thinking about the best way to secure this network. You set up a security
group called vpcsecuritygroup. Which following statement is true in respect to the initial settings that will be applied to this security group if you choose to use the
default settings for this group?

A. Allow all inbound traffic and allow no outbound traffic.

B. Allow no inbound traffic and allow all outbound traffic.
C. Allow inbound traffic on port 80 only and allow all outbound traffic.
D. Allow all inbound traffic and allow all outbound traffi

Answer: B

Explanation:
Amazon VPC provides advanced security features such as security groups and network access control lists to enable inbound and outbound filtering at the
instance level and subnet level.
AWS assigns each security group a unique ID in the form sg-xxxxxxxx. The following are the initial settings for a security group that you create:
Allow no inbound traffic Allow all outbound traffic
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html

NEW QUESTION 6
What is the time period with which metric data is sent to CIoudWatch when detailed monitoring is enabled on an Amazon EC2 instance?

A. 15 minutes
B. 5 minutes
C. 1 minute
D. 45 seconds

Answer: C

Explanation:
By default, Amazon EC2 metric data is automatically sent to CIoudWatch in 5-minute periods. However, you can, enable detailed monitoring on an Amazon EC2
instance, which sends data to CIoudWatch in
1-minute periods
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.htmI

NEW QUESTION 7
Content and IV|edia Server is the latest requirement that you need to meet for a client.
The client has been very specific about his requirements such as low latency, high availability, durability, and access control. Potentially there will be millions of
views on this server and because of "spiky" usage patterns, operations teams will need to provision static hardware, network, and management resources to
support the maximum expected need. The Customer base will be initially low but is expected to grow and become more geographically distributed.
Which of the following would be a good solution for content distribution?

A. Amazon S3 as both the origin server and for caching

B. AWS Storage Gateway as the origin server and Amazon EC2 for caching
C. AWS CIoudFront as both the origin server and for caching
D. Amazon S3 as the origin server and Amazon CIoudFront for caching

Answer: D

Explanation:
As your customer base grows and becomes more geographically distributed, using a high- performance edge cache like Amazon CIoudFront can provide
substantial improvements in latency, fault tolerance, and cost.
By using Amazon S3 as the origin server for the Amazon CIoudFront distribution, you gain the advantages of fast in-network data transfer rates, simple
publishing/caching workflow, and a unified security framework.
Amazon S3 and Amazon CIoudFront can be configured by a web service, the AWS Management Console, or a host of third-party management tools.
Reference:http://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_media_02.pdf

NEW QUESTION 8
You want to establish a dedicated network connection from your premises to AWS in order to save money by transferring data directly to AWS rather than through
your internet service provider. You are sure there must be some other benefits beyond cost savings. Which of the following would not be considered a benefit if
you were to establish such a connection?

A. Elasticity
B. Compatibility with all AWS services.
C. Private connectMty to your Amazon VPC.
D. Everything listed is a benefi

Answer: D

Explanation:
AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS.
Using AWS Direct Connect, you can establish private connectMty between AWS and your datacenter, office, or colocation environment, which in many cases can
reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based
connections.
You could expect the following benefits if you use AWS Direct Connect. Reduced bandwidth costs

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure AWS-Solution-Architect-Associate dumps!
https://www.certshared.com/exam/AWS-Solution-Architect-Associate/ (1052 Q&As)

Consistent network performance Compatibility with all AWS services Private connectMty to your Amazon VPC Elasticity
Simplicity
Reference: http://aws.amazon.com/directconnect/

NEW QUESTION 9
Just when you thought you knew every possible storage option on AWS you hear someone mention Reduced Redundancy Storage (RRS) within Amazon S3.
What is the ideal scenario to use Reduced Redundancy Storage (RRS)?

A. Huge volumes of data

B. Sensitve data
C. Non-critical or reproducible data
D. Critical data

Answer: C

Explanation:
Reduced Redundancy Storage (RRS) is a new storage option within Amazon S3 that enables customers to reduce their costs by storing non-critical, reproducible
data at lower levels of redundancy than Amazon S3’s standard storage. RRS provides a lower cost, less durable, highly available storage option that is designed
to sustain the loss of data in a single facility.
RRS is ideal for non-critical or reproducible data.
For example, RRS is a cost-effective solution for sharing media content that is durably stored elsewhere. RRS also makes sense if you are storing thumbnails and
other resized images that can be easily reproduced from an original image.
Reference: https://aws.amazon.com/s3/faqs/

NEW QUESTION 10
Identify a true statement about the On-Demand instances purchasing option provided by Amazon EC2.

A. Pay for the instances that you use by the hour, with no long-term commitments or up-front payments.
B. Make a low, one-time, up-front payment for an instance, reserve it for a one- or three-year term, and pay a significantly lower hourly rate for these instances.
C. Pay for the instances that you use by the hour, with long-term commitments or up-front payments.
D. Make a high, one-time, all-front payment for an instance, reserve it for a one- or three-year term, andpay a significantly higher hourly rate for these instance

Answer: A

Explanation:
On-Demand instances allow you to pay for the instances that you use by the hour, with no long-term commitments or up-front payments.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/reserved-instances-offerings.html

NEW QUESTION 11
You need to set up a security certificate for a cIient's e-commerce website as it will use the HTTPS protocol. Which of the below AWS services do you need to
access to manage your SSL server certificate?

A. AWS Directory Service

B. AWS Identity & Access Management
C. AWS CIoudFormation
D. Amazon Route 53

Answer: B

Explanation:
AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in
AWS.
All your SSL server certificates are managed by AWS Identity and Access management (IAM). Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingServerCerts.htm|

NEW QUESTION 12
Will my standby RDS instance be in the same Availability Zone as my primary?

A. Only for Oracle RDS types

B. Yes
C. Only if configured at launch
D. No

Answer: D

NEW QUESTION 13
While signing in REST/ Query requests, for additional security, you should transmit your requests using Secure Sockets Layer (SSL) by using

A. HTIP
B. Internet Protocol Security(IPsec)
C. TLS (Transport Layer Security)
D. HTIPS

Answer: D

NEW QUESTION 14

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure AWS-Solution-Architect-Associate dumps!
https://www.certshared.com/exam/AWS-Solution-Architect-Associate/ (1052 Q&As)

When you use the AWS Management Console to delete an IAM user, IAM also deletes any signing certificates and any access keys belonging to the user.

A. FALSE
B. This is configurable
C. TRUE

Answer: C

NEW QUESTION 15
What does Amazon Elastic Beanstalk provide?

A. An application container on top of Amazon Web Services.

B. A scalable storage appliance on top of Amazon Web Services.
C. A scalable cluster of EC2 instances.
D. A service by this name doesn't exis

Answer: C

NEW QUESTION 16
Select the correct set of steps for exposing the snapshot only to specific AWS accounts

A. Select public for all the accounts and check mark t hose accounts with whom you want to expose the snapshots and cl ick save.
B. Select Private, enter the IDs oft hose AWS accounts, and click Save.
C. Select Public, enter the IDs of those AWS accounts, and click Save.
D. Select Public, mark the IDs of those AWS accounts as private, and click Sav

Answer: C

NEW QUESTION 17
How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

A. Detach the volume and attach it to another EC2 instance in the other AZ.
B. Simply create a new volume in the other AZ and specify the original volume as the source.
C. Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.
D. Detach the volume, then use the ec2-migrate-voiume command to move it to another A

Answer: C

NEW QUESTION 18
A company needs to deploy virtual desktops to its customers in a virtual private cloud, leveraging existing security controls. Which set of AWS services and
features will meet the company's requirements?

A. Virtual Private Network connectio

B. AWS Directory Services, and Classic link
C. Virtual Private Network connectio
D. AWS Di rectory Services, and Amazon Workspaces
E. AWS Directory Service, Amazon Workspaces, and AWS Identity and Access Management
F. Amazon Elastic Compute Cloud, and AWS Identity and Access Management

Answer: C

NEW QUESTION 19
Which features can be used to restrict access to data in 53? Choose 2 answers

A. Set an 53 ACL on the bucket or the object.

B. Create a Cloud Front distribution for the bucket.
C. Set an 53 bucket policy.
D. Enable IAM Identity Federation
E. Use 53 Virtua I Hosting

Answer: CD

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCioudFront/latest/DeveIoperGuide/private-contentrestricting-access
-to-s3.html

NEW QUESTION 20
You run an ad-supported photo sharing website using 53 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the
photos on your site, causing loss to your business. What is an effective method to mitigate this?

A. Remove public read access and use signed URLs with expiry dates.
B. Use Cloud Front distributions for static content.
C. Block the IPs of the offending websites in Security Groups.
D. Store photos on an EBS volume of the web serve

Answer:

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure AWS-Solution-Architect-Associate dumps!
https://www.certshared.com/exam/AWS-Solution-Architect-Associate/ (1052 Q&As)

NEW QUESTION 21
......

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure AWS-Solution-Architect-Associate dumps!
https://www.certshared.com/exam/AWS-Solution-Architect-Associate/ (1052 Q&As)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

AWS-Solution-Architect-Associate Practice Exam Features:

* AWS-Solution-Architect-Associate Questions and Answers Updated Frequently

* AWS-Solution-Architect-Associate Practice Questions Verified by Expert Senior Certified Staff

* AWS-Solution-Architect-Associate Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* AWS-Solution-Architect-Associate Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The AWS-Solution-Architect-Associate Practice Test Here

Guaranteed success with Our exam guides visit - https://www.certshared.com

Powered by TCPDF (www.tcpdf.org)