1.

A call center application consists of a three-tier application using Auto Scaling groups to automatically scale
resources as needed. Users report that every morning at 9:00 AM the system becomes very slow for about 15
minutes. A Solution Architect determines that a large percentage of the call center staff starts work at 9:00 AM,
so Auto Scaling does not have enough time to scale out to meet demand. How can the Architect fix the
problem?

A. Change the Auto Scaling group's scale out event to scale based on network utilization.
B. Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30 AM every morning.
C. Use Reserved Instances to ensure the system has reserved the right amount of capacity for the scale-up events.
D. Use Reserved Instances to ensure the system has reserved the right amount of capacity for the scale-in events.

2. A company has a legacy application using a proprietary file system and plans to migrate the application to AWS.
Which storage service should the company use?

A. Amazon EBS
B. Amazon DynamoDB
C. Amazon S3
D. Amazon EFS

3. A company is launching a marketing campaign on their website tomorrow and expects a significant increase in
traffic. The website is designed as a multi-tiered web architecture, and the increase in traffic could potentially
overwhelm the current design. What should a Solutions Architect do to minimize the effects from a potential
failure in one or more of the tiers?

A. Use Auto Scaling to keep up with the demand.

B. Migrate the database to Amazon RDS.
C. Set up DNS failover to a statistic website
D. Use both a SQL and a NoSQL database in the design.

4. A company is launching a static website using the zone apex (mycompany.com). The company wants to use
Amazon Route 53 for DNS. Which steps should the company perform to implement a scalable and cost-effective
solution? (Choose two.)

A. Host the website on an Amazon EC2 instance, and map a Route 53 alias record to the public IP address of the
Amazon EC2 instance.
B. Serve the website from an Amazon S3 bucket, and map a Route 53 alias record to the website endpoint.
C. Host the website on an Amazon EC2 instance with ELB and Auto Scaling, and map a Route 53 alias record to the
ELB endpoint.
D. Host the website using AWS Elastic Beanstalk, and map a Route 53 alias record to the Beanstalk stack.

5. A company is using an Amazon S3 bucket located in us-west-2 to serve videos to their customers. Their
customers are located all around the world and the videos are requested a lot during peak hours. Customers in
Europe complain about experiencing slow downloaded speeds, and during peak hours, customers in all locations
report experiencing HTTP 500 errors. What can a Solutions Architect do to address these issues?

A. Use an Amazon Route 53 weighted routing policy for the CloudFront domain name to distribute the GET
request between CloudFront and the Amazon S3 bucket directly.
B. Place an elastic load balancer in front of the Amazon S3 bucket to distribute the load during peak hours.
C. Cache the web content with Amazon CloudFront and use all Edge locations for content delivery.
D. Replicate the bucket in eu-west-1 and use an Amazon Route 53 failover routing policy to determine which
bucket it should serve the request to.

6. A customer has a production application that frequently overwrites and deletes data, the
application requires the most up-to-date version of the data every time it is requested. Which
storage should a Solutions Architect recommend to bet accommodate this use case?

A. Amazon S3
B. Amazon RDS
C. Amazon RedShift
D. AWS Storage Gateway

7. A customer owns a simple API for their website that receives about 1,000 requests each day and has an average
response time of 50 ms. it is currently hosted on one c4.large instance. Which changes to the architecture will
provide high availability at the LOWEST cost?

A. Create an Auto Scaling group with a minimum of one instance and a maximum of two instances, then use an
Application Load Balancer to balance the traffic.
B. Recreate the API using Amazon API Gateway and use AWS Lambda as the service backend.
C. Create an Auto Scaling group with a maximum of two instances, then use an Application Load Balancer to
balance the traffic.
D. Recreate the API using Amazon API Gateway and integrate the new API with the existing backend service.

8. A Lambda function must execute a query against an Amazon RDS database in a private subnet. Which steps are
required to allow the Lambda function to access the Amazon RDS database? (Select two.)

A. Create a VPC Endpoint for Amazon RDS

B. Change the ingress rules of the Amazon RDS security group, allowing the Lambda security group.
C. Create the Lambda function within the Amazon RDS VPC.
D. Change the ingress rules of Lambda security group, allowing the Amazon RDS security group.

9. A legacy application running in premises requires a Solutions Architect to be able to open a firewall to allow
access to several Amazon S3 buckets. The Architect has a VPN connection to AWS in place. How should the
Architect meet this requirement?

A. Create an IAM role that allows access from the corporate network to Amazon S3.
B. Use Amazon API Gateway to do IP whitelisting.
C. Configure a proxy on Amazon EC2 and use an Amazon S3 VPC endpoint.
D. Configure IP whitelisting on the customer's gateway.

10. A mobile application serves scientific articles from individual files in an Amazon S3 bucket. Articles older than 30
days are rarely read. Articles older than 60 days no longer need to be available through the application, but the
application owner would like to keep them for historical purposes. Which cost-effective solution BEST meets
these requirements?

A. Create lifecycle rules to move files older than 30 days to Amazon S3 Standard Infrequent Access and move
files older than 60 days to Amazon Glacier.
B. Create a Lambda function to move files older than 30 days to Amazon EBS and move files older than 60 days to
Amazon Glacier.
C. Create a Lambda function to move files older than 30 days to Amazon Glacier and move files older than 60 days
to Amazon EBS.
D. Create lifecycle rules to move files older than 30 days to Amazon Glacier and move files older than 60 days to
Amazon S3 Standard Infrequent Access.

11. A popular e-commerce application runs on AWS. The application encounters performance issues. The database
is unable to handle the amount of queries and load during peak times. The database is running on the RDS
Aurora engine on the largest instance size available. What should an administrator do to improve performance?

A. Convert the database to use EBS Provisioned IOPS.

B. Convert the database to Amazon Redshift.
C. Create a CloudFront distribution
D. Create one or more read replicas.
12. A Solution Architect is designing a disaster recovery solution for a 5 TB Amazon Redshift cluster. The recovery
site must be at least 500 miles (805 kilometers) from the live site. How should the Architect meet these
requirements?

A. Enable cross-region snapshots to a different region.

B. Use AWS CloudFormation to deploy the cluster in a second region
C. Take a snapshot of the cluster and copy it to another Availability Zone.
D. Modify the Redshift cluster to span two regions.

13. A Solution Architect is designing a three-tier web application. The Architect wants to restrict access to the
database tier to accept traffic from the application servers only. However, these application servers are in an
Auto Scaling group and may vary in quantity. How should the Architect configure the database servers to meet
the requirements?

A. Configure the database subnet network ACL to deny all inbound non-database traffic from the application-tier
subnet.
B. Configure the database security group to allow database traffic from the application server IP addresses.
C. Configure the database security group to allow database traffic from the application server security group.
D. Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet.

14. A Solution Architect is designing an application that uses Amazon EBS volumes. The volumes must be backed up
to a different region. How should the Architect meet this requirement?

A. Create EBS snapshots and then copy them to the desired region.
B. Create EBS snapshots directly from one region to another.
C. Move the data to an Amazon S3 bucket and enable cross-region replication.
D. Use a script to copy data from the current Amazon EBS volume to the destination Amazon EBS volume.

15. A Solutions Architect is building a multi-tier website. The web servers will be in a public subnet, and the
database servers will be in a private subnet. Only the web servers can be accessed from the Internet. The
database servers must have Internet access for software updates. Which solution meets the requirements?

A. Use a NAT Gateway.

B. Assign Elastic IP addresses to the database instances.
C. Allow Internet traffic on the private subnet through the network ACL.
D. Use an egress-only Internet Gateway.
16. A Solutions Architect is designing a Lambda function that calls an API to list all running Amazon RDS instances.
How should the request be authorized?

A. Create an IAM role to Amazon RDS with permissions to list all Amazon RDS instances.
B. Create an IAM access and secret key, and store it in the Lambda function.
C. Create an IAM role to the Lambda function with permissions to list all Amazon RDS instances.
D. Create an IAM access and secret key, and store it in an encrypted RDS database.

17. A Solutions Architect is designing a new application that needs to access data in a different AWS account located
within the same region. The data must not be accessed over the Internet. Which solution will meet these
requirements with the LOWEST cost?

A. Establish a VPC Peering connection between accounts.

B. Add rules to the security groups in each account.
C. Configure Direct Connect in each account.
D. Add a NAT Gateway to the data account.

18. A Solutions Architect is designing a new social media application. The application must provide a secure method
for uploading profile photos. Each user should be able to upload a profile photo into a shared storage location
for one week after their profile is created. Which approach will meet all of these requirements?

A. Use Amazon S3 with the default private access policy and generate pre-signed URLs each time a new site
profile is created.
B. Use Amazon Kinesis with AWS CloudTrail for auditing the specific times when profile photos are uploaded.
C. Use Amazon EBS volumes with IAM policies restricting user access to specific time periods.
D. Use Amazon CloudFront with AWS CloudTrail for auditing the specific times when profile photos are uploaded.

19. A Solutions Architect is designing a photo application on AWS. Every time a user uploads a photo to Amazon S3,
the Architect must insert a new item to a DynamoDB table. Which AWS-managed service is the BEST fit to insert
the item?

A. AWS Lambda
B. Lambda@Edge
C. Amazon API Gateway
D. Amazon EC2 instances
20. A Solutions Architect is designing a web application. The web and application tiers need to access the Internet,
but they cannot be accessed from the Internet. Which of the following steps is required?

A. Launch a NAT gateway in the public subnet and add a route to it from the private subnet.
B. Attach an Elastic IP address to each Amazon EC2 instance and add a route from the private subnet to the public
subnet.
C. Launch Amazon EC2 instances in the public subnet and change the security group to allow outbound traffic on
port 80.
D. Launch a NAT gateway in the private subnet and deploy a NAT instance in the private subnet.

21. A Solutions Architect is designing an application on AWS that uses persistent block storage. Data must be
encrypted at rest. Which solution meets the requirement?

A. Encrypt Amazon EBS volumes on Amazon EC2 instances.

B. Enable SSL on Amazon EC2 instances.
C. Enable server-side encryption on Amazon S3
D. Encrypt Amazon EC2 Instance Storage.

22. A Solutions Architect is designing network architecture for an application that has compliance requirements. The
application will be hosted on Amazon EC2 instances in a private subnet and will be using Amazon S3 for storing
data. The compliance requirements mandate that the data cannot traverse the public Internet. What is the
MOST secure way to satisfy this requirement?

A. Use a VPC endpoint.

B. Use a NAT Instance
C. Use a NAT Gateway.
D. Use a Virtual Private Gateway.

23. A Solutions Architect is designing the architecture for a new three-tier web-based e-commerce site that must be
available 24/7. Requests are expected to range from 100 to 10,000 each minute. Usage can vary depending on
time of day, holidays, and promotions. The design should be able to handle these volumes, with the ability to
handle higher volumes if necessary. How should the Architect design the architecture to ensure the web tier is
cost-optimized and can handle the expected traffic? (Select two.)

A. Launch Amazon EC2 instances in an Auto Scaling group behind an ELB

B. Create an CloudFront distribution pointing to static content in Amazon S3.
C. Store all static files in a multi-AZ Amazon Aurora database.
D. Use Amazon Route 53 to route traffic to the correct region.
24. A Solutions Architect needs to design a solution that will enable a security team to detect, review, and perform
root cause analysis of security incidents that occur in a cloud environment. The Architect must provide a
centralized view of all API events for current and future AWS regions. How should the Architect accomplish this
task?

A. Enable AWS CloudTrail by creating a new trail and apply the trail to all regions.
B. Enable AWS CloudTrail logging in each individual region. Repeat this for all future regions.
C. Enable Amazon CloudWatch logs for all AWS services across all regions and aggregate them in a single Amazon
S3 bucket.
D. Enable AWS Trusted Advisor security checks and report all security incidents for all regions.

25. A website experiences unpredictable traffic. During peak traffic times, the database is unable to keep up with
the write request. Which AWS service will help decouple the web application from the database?

A. Amazon SQS
B. Amazon EFS
C. Amazon S3
D. AWS Lambda

26. An application relies on messages being sent and received in order. The volume will never exceed more than 300
transactions each second. Which service should be used?

A. Amazon SQS
B. Amazon SNS
C. Amazon ECS
D. AWS STS

27. An application requires block storage for file updates. The data is 500 GB and must continuously sustain 100
MiB/s of aggregate read/write operations. Which storage option is appropriate for this application?

A. Amazon EFS
B. Amazon S3
C. Amazon EBS
D. Amazon Glacier
28. An e-commerce application is hosted in AWS. The last time a new product was launched, the application
experienced a performance issue due to an enormous spike in traffic. Management decided that capacity must
be doubled the week after the product is launched. Which is the MOST efficient way for management to ensure
that capacity requirements are met?

A. Add a Dynamic Scaling policy.

B. Add a Step Scaling policy.
C. Add a Scheduled Scaling action.
D. Add Amazon EC2 Spot Instances.

29. An Internet-facing multi-tier web application must be highly available. An ELB Classic Load Balancer is deployed
in front of the web tier. Amazon EC2 instances at the web application tier are deployed evenly across two
Availability Zones. The database is deployed using RDS Multi-AZ. A NAT instance is launched for Amazon EC2
instances and database resources to access the Internet. These instances are not assigned with public IP
addresses. Which component poses a potential single point of failure in this architecture?

A. ELB Classic Load Balancer

B. Amazon EC2
C. NAT instance
D. Amazon RDS

30. An organization is currently hosting a large amount of frequently accessed data consisting of key-value pairs and
semi-structured documents in their data center. They are planning to move this data to AWS. Which of one of
the following services MOST effectively meets their needs?

A. Amazon DynamoDB
B. Amazon Redshift
C. Amazon RDS
D. Amazon Aurora

31. Azure Cloud Question

You create an Azure Storage account named contosostorage. You plan to create a file share named data. Users
need to map a drive to the data file share from home computers that run Windows 10. Which outbound port
should you open between the home computers and the data file share?

A. 445
B. 80
C. 443
D. 3389
32. Azure Cloud Question
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates
to the NSGs. What should you use?

A. IP flow verify in Azure Network Watcher

B. Diagram in VNet1
C. The security recommendations in Azure Advisor
D. Diagnostic settings in Azure Monitor

33. Azure Cloud Question

You download an Azure Resource Manager template based on an existing virtual machine. The template will be
used to deploy 100 virtual machines. You need to modify the template to reference an administrative password.
You must prevent the password from being stored in plain text. What should you create to store the password?

A. an Azure Key Vault and an access policy

B. a Recovery Services vault and a backup policy
C. Azure Active Directory (AD) Identity Protection and an Azure policy
D. an Azure Storage account and an access policy

34. Azure Cloud Question

You have a public load balancer that balances ports 80 and 443 across three virtual machines. You need to direct
all the Remote Desktop Protocol (RDP) connections to VM3 only. What should you configure?

A. an inbound NAT rule

B. a load balancing rule
C. a new public load balancer for VM3
D. a frontend IP configuration

35. Azure Cloud Question

You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a
virtual machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1.
You apply a ReadOnly lock to RG1. What can you do from the Azure portal?

A. View the keys of storageaccount1.

B. Generate an automation script for RG1.
C. Start VM1.
D. Upload a blob to storageaccount1
36. Azure Cloud Question
You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named VM1 to
Subscription1. You need to monitor the metrics and the logs of VM1. What should you use?

A. The AzurePerformanceDiagnostics extension

B. Azure HDInsight
C. Linux Diagnostic Extension (LAD) 3.0
D. Azure Analysis Services

37. Azure Cloud Question

You have an Azure subscription named Subscription1. You have 5 TB of data that you need to transfer to
Subscription1. You plan to use an Azure Import/Export job. What can you use as the destination of the imported
data?

A. Azure File Storage

B. an Azure Cosmos DB database
C. The Azure File Sync Storage Sync Service
D. Azure Data Factory

38. Azure Cloud Question

You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual
machines. You need to identify unattached disks that can be deleted. What should you do?

A. From Microsoft Azure Storage Explorer, view the Account Management properties.
B. From the Azure portal, configure the Advisor recommendations.
C. From Azure Cost Management, view Advisor Recommendations.
D. From Azure Cost Management, view Cost Analysis.

39. Azure Cloud Question

You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines.
Your company has three cost centers named Manufacturing, Sales, and Finance. You need to associate each
virtual machine to a specific cost center. What should you do?

A. Assign tags to the virtual machines.

B. Configure locks for the virtual machine.
C. Add an extension to the virtual machines.
D. Modify the inventory settings of the virtual machine
40. Azure Cloud Question
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets
named Gateway, Perimeter, NVA, and Production. The NVA subnet contains two network virtual appliances
(NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet.
You need to implement an Azure load balancer for the NVAs. The solution must meet the following
requirements:

The NVAs must run in an active-active configuration that uses automatic failover.
The NVAs must load balance traffic to two services on the Production subnet. The services have different IP
addresses.

Which three actions should you perform?

A. Add a frontend IP configuration, two backend pools, and a health probe.

B. Add two load balancing rules that have HA Ports and Floating IP enabled.
C. Deploy a standard load balancer.
D. Add two load balancing rules that have HA Ports enabled and Floating IP disabled.

41. Azure Cloud Question

You have an Azure subscription. Users access the resources in the subscription from either home or from
customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on
the customer sites access the Azure resources by using site-to-site VPNs. You have a line-of-business app named
App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016. You need to
ensure that the connections to App1 are spread across all the virtual machines. What are possible Azure services
that you can use?

A. an internal load balancer

B. an Azure Content Delivery Network (CDN)
C. an Azure Application Gateway
D. Traffic Manager

42. Azure Cloud Question

You have an Azure virtual machine named VM1 that you use for testing. VM1 is protected by Azure Backup. You
delete VM1. You need to remove the backup data stored for VM1. What should you do first?

A. Modify the backup policy.

B. Delete the Recovery Services vault.
C. Delete the storage account.
D. Stop the backup
43. Azure Cloud Question
You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1
and RSV2. VM2 is protected by RSV1. You need to use RSV2 to protect VM2. What should you do first?

A. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery
Services vault.
B. From the RSV1 blade, click Backup items and stop the VM2 backup.
C. From the RSV2 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then
click Backup.
D. From the RSV1 blade, click Backup Jobs and export the VM2 job.

44. Azure Cloud Question

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named
VM1. VNet2 contains an Azure virtual machine named VM2. VM1 hosts a frontend application that connects to
VM2 to retrieve data. Users report that the frontend application is slower than usual. You need to view the
average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should
you use?

A. Connection monitor
B. IP flow verify
C. NSG flow logs
D. Connection troubleshoot

45. Azure Cloud Question

You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain
name should you use?

A. humongousinsurance.com
B. ad.humongousinsurance.com
C. humingousinsurance.onmicrosoft.com
D. humongousinsurance.local

46. Azure Cloud Question

You need to implement a backup solution for App1 after the application is moved. What should you create first?

A. a Recovery Services vault

B. a recovery plan
C. an Azure Backup Server
D. a backup policy

47. Azure Cloud Question

You need to move the blueprint files to Azure. What should you do?

A. Use Azure Storage Explorer to copy the files.

B. Use the Azure Import/Export service
C. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
D. Generate an access key. Map a drive, and then copy the files by using File Explorer.

48. Azure Cloud Question

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016
Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web
server components installed. Which two actions should you perform? (Choose two)

A. Modify the extensionProfile section of the Azure Resource Manager template.

B. Create a new virtual machine scale set in the Azure portal.
C. Create an automation account.
D. Upload a configuration script.

49. Azure Cloud Question

You plan to back up an Azure virtual machine named VM1. You discover that the Backup Pre-Check status
displays a status of Warning. What is a possible cause of the Warning status?

A. VM1 does not have the latest version of WaAppAgent.exe installed.

B. VM1 is stopped.
C. VM1 has an unmanaged disk
D. A Recovery Services vault is unavailable.

50. Azure Cloud Question

Your company has an Azure subscription named Subscription1. The company also has two on-premises servers
named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a
primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS records. You manage Server1 and
Subscription1 from Server2. Server2 has the following tools installed:

The DNS Manager console

Azure PowerShell
Azure CLI 2.0
 You need to move the adatum.com zone to Subscription1. The solution must minimize administrative effort.
What should you use?

A. Azure CLI
B. The Azure portal
C. The DNS Manager console
D. Azure PowerShell