Time to get ready to test our knowledge. I started to approach the quizzes in the course of Stephane Maarek and Abhishek Singh:
Practice Exams | AWS Certified Solutions Architect Associate — https://www.udemy.com/course/practice-exams-aws-certified-solutions-architect-associate/
Let me start by giving you my impressions of the differences between the Cloud Practitioner tests and these for the exam we are currently preparing.
- AWS Cloud Practitioner Exam is designed for individuals who have a general knowledge of AWS, without requiring deep hands-on experience. Questions are more general in nature and aim to assess understanding of basic AWS concepts, core services offered by AWS, deployment models, basic use cases, and the benefits of cloud computing in general.
- AWS Solutions Architect Associate Exam instead, is designed for individuals who have practical knowledge of services and cloud architecture best practices. Questions are more detailed and may require the ability to design complex solutions using a variety of AWS services.
They focus on solution architecture, migration strategies, performance optimization, security, and scalability of applications on AWS. Questions may include practical scenarios and require the ability to select the most appropriate AWS service to meet specific requirements.
Having said that, I will now begin a series of articles in which I will bring you some of the questions present with their corresponding solutions. I will try to highlight the keywords within a question in order to speed up the link with the corresponding topic to be known.
The aim will not be to list all the questions but to give you examples that allow you to mentally prepare for the expected level of difficulty.
Question 1:
A company runs a data processing workflow that takes about 60 minutes to complete. The workflow can withstand disruptions and it can be started and stopped multiple times. Which is the most cost-effective solution to build a solution for the workflow?
For the given use case, spot instances offer the most cost-effective solution as the workflow can withstand disruptions and can be started and stopped multiple times. A Lambda function turns out to be 20 times more expensive than a spot instance to meet the workflow requirements of the given use case, so this option is incorrect.
Question 2:
The sourcing team is preparing a spreadsheet of the new product catalog. The spreadsheet is saved on an Amazon EFS created in us-east-1 region. The sourcing team counterparts from other AWS regions such as Asia Pacific and Europe also want to collaborate on this spreadsheet. What is your recommendation to enable this collaboration with the LEAST amount of operational overhead?
Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability. Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN. You can connect to Amazon EFS file systems from EC2 instances in other AWS regions using an inter-region VPC peering connection, and from on-premises servers using an AWS VPN connection.
Question 3:
A logistics company is building a multi-tier application to track the location of its trucks during peak operating hours. The company wants these data points to be accessible in real-time in its analytics platform via a REST API. The company has hired you as an AWS Certified Solutions Architect Associate to build a multi-tier solution to store and retrieve this location data for analysis. Which of the following options addresses the given use case?
You can use Kinesis Data Analytics to transform and analyze streaming data in real-time with Apache Flink. For the given use case, you can use Amazon API Gateway to create a REST API that handles incoming requests having location data from the trucks and sends it to the Kinesis Data Analytics application on the back end.
Question 4:
A developer has configured inbound traffic for the relevant ports in both the Security Group of the Amazon EC2 instance as well as the network access control list (network ACL) of the subnet for the Amazon EC2 instance. The developer is, however, unable to connect to the service running on the Amazon EC2 instance. As a solutions architect, how will you fix this issue?
Security groups are stateful, so allowing inbound traffic to the necessary ports enables the connection. Network ACLs are stateless, so you must allow both inbound and outbound traffic. To enable the connection to a service running on an instance, the associated network ACL must allow both inbound traffic on the port that the service is listening on as well as allow outbound traffic from ephemeral ports.
Question 5:
Every time the instance needs to be stopped and started again, the application takes about 3 minutes to start as some auxiliary software programs need to be executed so that the application can function. The research group would like to minimize the application boostrap time whenever the system needs to be stopped and then started at a later point in time. As a solutions architect, which of the following solutions would you recommend for this use-case?
When you hibernate an instance, AWS signals the operating system to perform hibernation (suspend-to-disk). Hibernation saves the contents from the instance memory (RAM) to your Amazon EBS root volume. AWS then persists the instance’s Amazon EBS root volume and any attached Amazon EBS data volumes.
Question 6:
A company is developing a global healthcare application that requires the least possible latency for database read/write operations from users in several geographies across the world. The company has hired you as an AWS Certified Solutions Architect Associate to build a solution using Amazon Aurora that offers an effective recovery point objective (RPO) of seconds and a recovery time objective (RTO) of a minute. Which of the following options would you recommend?
Amazon Aurora Global Database is designed for globally distributed applications, allowing a single Amazon Aurora database to span multiple AWS Regions. It replicates your data with no impact on database performance, enables fast local reads with low latency in each Region, and provides disaster recovery from Region-wide outages.
Question 7:
You have multiple AWS accounts within a single AWS Region managed by AWS Organizations and you would like to ensure all Amazon EC2 instances in all these accounts can communicate privately. Which of the following solutions provides the capability at the CHEAPEST cost?
Create a virtual private cloud (VPC) in an account and share one or more of its subnets with the other accounts using Resource Access Manager. RAM is a service that enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization; it eliminates the need to create duplicate resources in multiple accounts, reducing the operational overhead of managing those resources in every single account you own.
Incorrect options:
- Private Link is a distractor in this question. Private Link is leveraged to create a private connection between an application that is fronted by an NLB in an account, and an Elastic Network Interface (ENI) in another account.
- VPC peering connections will work, but won’t efficiently scale if you add more accounts (you’ll have to create many connections).
- A Transit Gateway will work but will be an expensive solution. Here we want to minimize cost.
Question 8:
A silicon valley based startup has a content management application with the web-tier running on Amazon EC2 instances and the database tier running on Amazon Aurora. Currently, the entire infrastructure is located in us-east-1 region. The startup has 90% of its customers in the US and Europe. The engineering team is getting reports of deteriorated application performance from customers in Europe with high application load time. Which of the following would you recommend addressing these performance issues? (Select two)
Amazon Aurora read replicas can be used to scale out reads across regions. This will improve the application performance for users in Europe
Use latency based routing when you have resources in multiple AWS Regions and you want to route traffic to the region that provides the lowest latency.
Question 9:
A cybersecurity company uses a fleet of Amazon EC2 instances to run a proprietary application. The infrastructure maintenance group at the company wants to be notified via an email whenever the CPU utilization for any of the Amazon EC2 instances breaches a certain threshold. Which of the following services would you use for building a solution with the LEAST amount of development effort? (Select two)
Amazon Simple Notification Service (Amazon SNS) + Amazon CloudWatch
- Amazon SNS provides topics for high-throughput, push-based, many-to-many messaging.
- Amazon CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health.
Question 10:
A company has historically operated only in the us-east-1 region and stores encrypted data in Amazon S3 using SSE-KMS. The company wants to store the encrypted data in Amazon S3 that is replicated into the us-west-1 AWS region. The security policies mandate that the data must be encrypted and decrypted using the same key in both AWS regions. Which of the following represents the best solution to address these requirements?
AWS KMS supports multi-region keys, which are AWS KMS keys in different AWS regions that can be used interchangeably — as though you had the same key in multiple regions. You can use multi-region AWS KMS keys in Amazon S3. However, Amazon S3 currently treats multi-region keys as though they were single-region keys, and does not use the multi-region features of the key.
Question 11:
To improve the performance and security of the application, the engineering team at a company has created an Amazon CloudFront distribution with an Application Load Balancer as the custom origin. The team has also set up an AWS Web Application Firewall (AWS WAF) with Amazon CloudFront distribution. The security team at the company has noticed a surge in malicious attacks from a specific IP address to steal sensitive data stored on the Amazon EC2 instances. As a solutions architect, which of the following actions would you recommend to stop the attacks?
AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define.
Incorrect options:
- Network ACL are not associated with instances. So this option is also ruled out.
- You cannot deny rules in Security Groups. So this option is ruled out.
Question 12:
A weather forecast agency collects key weather metrics across multiple cities in the US and sends this data in the form of key-value pairs to AWS Cloud at a one-minute frequency. As a solutions architect, which of the following AWS services would you use to build a solution for processing and then reliably storing this data with high availability? (Select two)
AWS Lambda can be combined with DynamoDB to process and capture the key-value data from the IoT sources described in the use-case. So both these options are correct.
Incorrect options:
- You cannot use Redshift to capture data in key-value pairs from the IoT sources, so this option is not correct.
- Elasticache is used as a caching layer in front of relational databases. It is not a good fit to store data in key-value pairs from the IoT sources, so this option is not correct.
- Relational databases are not a good fit to store data in key-value pairs, so this option is not correct.
