Online Access Free AWS-Solutions-Associate Exam Questions

A company hosts an application in an Amazon EC2 Auto Scaling group. The company has observed that during periods of high demand, new instances take too long to join the Auto Scaling group and serve the increased demand. The company determines that the root cause of the issue is the long boot time of the instances in the Auto Scaling group. The company needs to reduce the time required to launch new instances to respond to demand. Which solution will meet this requirement?

• A.Increase the health check grace period for the Auto Scaling group by 50%.
• B.Create a warm pool for the Auto Scaling group. Use the default specification for the warm pool size.
• C.Create a scheduled scaling action. Set the desired capacity equal to the maximum capacity of the Auto Scaling group.
• D.Increase the maximum capacity of the Auto Scaling group by 50%.

A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to serve a static website. The solution must use AWS WAF to inspect all website traffic.

• A.Configure a security group that allows only CloudFront IP addresses to access Amazon S3. Associate AWS WAF to the CloudFront distribution.
• B.Configure an S3 bucket policy to accept only requests that come from the AWS WAF Amazon Resource Name (ARN).
• C.Configure CloudFront to forward all incoming requests to AWS WAF before CloudFront requests content from the S3 origin.
• D.Configure CloudFront and Amazon S3 to use an origin access control (OAC) to secure the origin S3 bucket. Associate AWS WAF to the CloudFront distribution.

A company is designing a new multi-tier web application that consists of the following components:
* Web and application servers that run on Amazon EC2 instances as part of Auto Scaling groups
* An Amazon RDS DB instance for data storage
A solutions architect needs to limit access to the application servers so that only the web servers can access them. Which solution will meet these requirements?

• A.Deploy a VPC endpoint in front of the application servers Configure the security group to allow only the web servers to access the application servers
• B.Deploy a Network Load Balancer with a target group that contains the application servers' Auto Scaling group Configure the network ACL to allow only the web servers to access the application servers.
• C.Deploy AWS PrivateLink in front of the application servers. Configure the network ACL to allow only the web servers to access the application servers.
• D.Deploy an Application Load Balancer with a target group that contains the application servers' Auto Scaling group. Configure the security group to allow only the web servers to access the application servers.

A company collects 10 GB of telemetry data every day from multiple devices. The company stores the data in an Amazon S3 bucket that is in a source data account.
The company has hired several consulting agencies to analyze the company's data. Each agency has a unique AWS account. Each agency requires read access to the company's data.
The company needs a secure solution to share the data from the source data account to the consulting agencies.
Which solution will meet these requirements with the LEAST operational effort?

• A.Configure cross-account access for the S3 bucket to the accounts that the agencies own.
• B.Set up an IAM user for each agency in the source data account. Grant each agency IAM user access to the company's S3 bucket.
• C.Make the S3 bucket public for a limited time. Inform only the agencies that the bucket is publicly accessible.
• D.Set up an Amazon CloudFront distribution. Use the S3 bucket as the origin.

A company needs a data encryption solution for a machine learning (ML) process. The solution must use an AWS managed service. The ML process currently reads a large number of objects in Amazon S3 that are encrypted by a customer managed AWS KMS key. The current process incurs significant costs because of excessive calls to AWS Key Management Service (AWS KMS) to decrypt S3 objects. The company wants to reduce the costs of API calls to decrypt S3 objects.

• A.Switch from a customer managed KMS key to an AWS managed KMS key.
• B.Recreate the KMS key in AWS CloudHSM.
• C.Use S3 Bucket Keys to perform server-side encryption with AWS KMS keys (SSE-KMS) to encrypt and decrypt objects from Amazon S3.
• D.Remove the AWS KMS encryption from the S3 bucket. Use a bucket policy to encrypt the data instead.