,Amazon.AWS-Solutions-Architect-
Professional.v2021-01-26.q127
Exam Code: AWS-Solutions-Architect-Professional
Exam Name: AWS Certified Solutions Architect - Professional
Certification Provider: Amazon
Free Question Number: 127
Version: v2021-01-26
# of views: 1584
# of Questions views: 46197
https://www.freecram.com/torrent/Amazon.AWS-Solutions-Architect-
Professional.v2021-01-26.q127.html
NEW QUESTION: 1
A solutions architect is designing a publicly accessible web application that is on an Amazon
CloudFront distribution with an Amazon S3 website endpoint as the origin When the solution is
deployed the website returns an Error 403: Access Denied message Which steps should the
solutions architect take to correct the issue1? (Select TWO )
A. Remove the origin access identity (OAI) from the CloudFront distribution
B. Change the storage class from S3 Standard to S3 One Zone-Infrequent Access (S3 One
Zone-IA)
C. Remove the S3 block public access option from the S3 bucket
D. Disable S3 object versioning
E. Remove the requester pays option from the S3 bucket
Answer: (SHOW ANSWER)
NEW QUESTION: 2
A financial services company receives a regular data feed from its credit card servicing partner
Approximately
5 000 records are sent every 15 minutes in plaintext delivered over HTTPS directly into an
Amazon S3 bucket with server-side encryption This feed contains sensitive credit card primary
account number (PAN) data The company needs to automatically mask the PAN before sending
the data to another S3 bucket for additional internal processing The company also needs to
remove and merge specific fields and then transform the record into JSON format Additionally
extra feeds are likely to be added in the future so any design needs to be easily expandable
Which solutions will meet these requirements?
A. Trigger an AWS Lambda function on file delivery that extracts each record and writes it to an
Amazon SQS queue Configure an AWS Fargate container application to automatically scale to a
,single instance when the SQS queue contains messages Have the application process each
record and transform the record into JSON format When the queue is empty send the results to
another S3 bucket for internal processing and scale down the AWS Fargate instance
B. Trigger an AWS Lambda function on file delivery that extracts each record and writes it to an
Amazon SQS queue Trigger another Lambda function when new messages arrive in the SQS
queue to process the records, writing the results to a temporary location in Amazon S3 Trigger a
final Lambda function once the SQS queue is empty to transform the records into JSON format
and send the results to another S3 bucket for internal processing n
C. Create an AWS Glue crawler and custom classifier based on the data feed formats and build a
table definition to match Trigger an AWS Lambda function on file delivery to start an AWS Glue
ETL job to transform the entire record according to the processing and transformation
requirements Define the output format as JSON Once complete have the ETL job send the
results to another S3 bucket for internal processing
D. Create an AWS Glue crawler and custom classifier based upon the data feed formats and
build a table definition to match Perform an Amazon Athena query on file delivery to start an
Amazon EMR ETL job to transform the entire record according to the processing and
transformation requirements Define the output format as JSON Once complete send the results to
another S3 bucket for internal processing and scale down the EMR cluster
Answer: (SHOW ANSWER)
NEW QUESTION: 3
An AWS customer has a web application that runs on premises. The web application (etches data
from a third party API that is behind a firewall. The third party accepts only one public CIDR block
in each client's allow list The customer wants to migrate their web application to the AWS Cloud
The application will be hosted on a set of Amazon EC2 instances behind an Application Load
Balancer (ALB) in a VPC. The ALB is located in public subnets The EC2 instances are located m
private subnets. NAT gateways provide internet access to the private subnets.
How should a solutions architect ensure that the web application can continue to call the third-
party API after the migration?
A. Associate a block of customer owned public IP addresses to the VPC Enable public IP
addressing for public subnets in the VPC
B. Create Elastic IP addresses from the block of customer owned IP addresses Assign the static
Elastic IP addresses to the ALB
C. Register a block of customer-owned public IP addresses in the AWS account Create Elastic IP
addresses from the address block and assign them to the NAT gateways in the VPC
D. Register a block of customer-owned public IP addresses in the AWS account Set up AWS
Global Accelerator to use Elastic IP addresses from the address block Set the ALB as the
accelerator endpoint
Answer: (SHOW ANSWER)
NEW QUESTION: 4
, A company runs a Windows Server host in a public subnet that is configured to allow a team of
administrators to connect over RDP to troubleshoot issues with hosts in a private subnet. The
host must be available at all times outside of a scheduled maintenance window, and needs to
receive the latest operating system updates within 3 days of release.
What should be done to manage the host with the LEAST amount of administrative effort?
A. Run the host in AWS OpsWorks Stacks. Use a Chief recipe to harden the AMI during instance
launch.
Use an AWS Lambda scheduled event to run the Upgrade Operating System stack command to
apply system updates.
B. Run the host in a single-instance AWS Elastic Beanstalk environment. Configure the
environment with a custom AMI to use a hardened machine image from AWS Marketplace. Apply
system updates with AWS Systems Manager Patch Manager.
C. Run the host on AWS WorkSpaces. Use Amazon WorkSpaces Application Manager (WAM) to
harden the host. Configure Windows automatic updates to occur every 3 days.
D. Run the host in an Auto Scaling group with a minimum and maximum instance count of 1. Use
a hardened machine image from AWS Marketplace. Apply system updates with AWS Systems
Manager Patch Manager.
Answer: D (LEAVE A REPLY)
NEW QUESTION: 5
A company is using AWS Organizations to manage multiple AWS accounts. For security
purposes, the company requires the creation of an Amazon Simple Notification Service (Amazon
SNS) topic that enables integration with a third-party alerting system in all the Organizations
member accounts.
A solutions architect used an AWS CloudFormation template to create the SNS topic and stack
sets to automate the deployment of CloudFormation attacks. Trusted access has been enabled in
Organizations.
What should the solutions architect do to deploy the CloudFormation StackSets in all AWS
accounts?
A. Create stacks in the Organizations master account. Use service-managed permissions. Set
deployment options to deploy to the organization. Enable CloudFormation StackSets automatic
deployment.
B. Create stacks in the Organizations member accounts. Use self-service permissions. Set
deployment options to deploy to an organization. Enable the CloudFormation StackSets
automatic deployment.
C. Create a stack set in the Organizations member accounts. Use service-managed permissions.
Set deployment options to deploy to an organization. Use CloudFormation StackSets drift
detection.
D. Create stacks in the Organization master account. Use service-managed permissions. Set
deployment options to deploy to the organization. Enable CloudFormation StackSets drift
detection.
Professional.v2021-01-26.q127
Exam Code: AWS-Solutions-Architect-Professional
Exam Name: AWS Certified Solutions Architect - Professional
Certification Provider: Amazon
Free Question Number: 127
Version: v2021-01-26
# of views: 1584
# of Questions views: 46197
https://www.freecram.com/torrent/Amazon.AWS-Solutions-Architect-
Professional.v2021-01-26.q127.html
NEW QUESTION: 1
A solutions architect is designing a publicly accessible web application that is on an Amazon
CloudFront distribution with an Amazon S3 website endpoint as the origin When the solution is
deployed the website returns an Error 403: Access Denied message Which steps should the
solutions architect take to correct the issue1? (Select TWO )
A. Remove the origin access identity (OAI) from the CloudFront distribution
B. Change the storage class from S3 Standard to S3 One Zone-Infrequent Access (S3 One
Zone-IA)
C. Remove the S3 block public access option from the S3 bucket
D. Disable S3 object versioning
E. Remove the requester pays option from the S3 bucket
Answer: (SHOW ANSWER)
NEW QUESTION: 2
A financial services company receives a regular data feed from its credit card servicing partner
Approximately
5 000 records are sent every 15 minutes in plaintext delivered over HTTPS directly into an
Amazon S3 bucket with server-side encryption This feed contains sensitive credit card primary
account number (PAN) data The company needs to automatically mask the PAN before sending
the data to another S3 bucket for additional internal processing The company also needs to
remove and merge specific fields and then transform the record into JSON format Additionally
extra feeds are likely to be added in the future so any design needs to be easily expandable
Which solutions will meet these requirements?
A. Trigger an AWS Lambda function on file delivery that extracts each record and writes it to an
Amazon SQS queue Configure an AWS Fargate container application to automatically scale to a
,single instance when the SQS queue contains messages Have the application process each
record and transform the record into JSON format When the queue is empty send the results to
another S3 bucket for internal processing and scale down the AWS Fargate instance
B. Trigger an AWS Lambda function on file delivery that extracts each record and writes it to an
Amazon SQS queue Trigger another Lambda function when new messages arrive in the SQS
queue to process the records, writing the results to a temporary location in Amazon S3 Trigger a
final Lambda function once the SQS queue is empty to transform the records into JSON format
and send the results to another S3 bucket for internal processing n
C. Create an AWS Glue crawler and custom classifier based on the data feed formats and build a
table definition to match Trigger an AWS Lambda function on file delivery to start an AWS Glue
ETL job to transform the entire record according to the processing and transformation
requirements Define the output format as JSON Once complete have the ETL job send the
results to another S3 bucket for internal processing
D. Create an AWS Glue crawler and custom classifier based upon the data feed formats and
build a table definition to match Perform an Amazon Athena query on file delivery to start an
Amazon EMR ETL job to transform the entire record according to the processing and
transformation requirements Define the output format as JSON Once complete send the results to
another S3 bucket for internal processing and scale down the EMR cluster
Answer: (SHOW ANSWER)
NEW QUESTION: 3
An AWS customer has a web application that runs on premises. The web application (etches data
from a third party API that is behind a firewall. The third party accepts only one public CIDR block
in each client's allow list The customer wants to migrate their web application to the AWS Cloud
The application will be hosted on a set of Amazon EC2 instances behind an Application Load
Balancer (ALB) in a VPC. The ALB is located in public subnets The EC2 instances are located m
private subnets. NAT gateways provide internet access to the private subnets.
How should a solutions architect ensure that the web application can continue to call the third-
party API after the migration?
A. Associate a block of customer owned public IP addresses to the VPC Enable public IP
addressing for public subnets in the VPC
B. Create Elastic IP addresses from the block of customer owned IP addresses Assign the static
Elastic IP addresses to the ALB
C. Register a block of customer-owned public IP addresses in the AWS account Create Elastic IP
addresses from the address block and assign them to the NAT gateways in the VPC
D. Register a block of customer-owned public IP addresses in the AWS account Set up AWS
Global Accelerator to use Elastic IP addresses from the address block Set the ALB as the
accelerator endpoint
Answer: (SHOW ANSWER)
NEW QUESTION: 4
, A company runs a Windows Server host in a public subnet that is configured to allow a team of
administrators to connect over RDP to troubleshoot issues with hosts in a private subnet. The
host must be available at all times outside of a scheduled maintenance window, and needs to
receive the latest operating system updates within 3 days of release.
What should be done to manage the host with the LEAST amount of administrative effort?
A. Run the host in AWS OpsWorks Stacks. Use a Chief recipe to harden the AMI during instance
launch.
Use an AWS Lambda scheduled event to run the Upgrade Operating System stack command to
apply system updates.
B. Run the host in a single-instance AWS Elastic Beanstalk environment. Configure the
environment with a custom AMI to use a hardened machine image from AWS Marketplace. Apply
system updates with AWS Systems Manager Patch Manager.
C. Run the host on AWS WorkSpaces. Use Amazon WorkSpaces Application Manager (WAM) to
harden the host. Configure Windows automatic updates to occur every 3 days.
D. Run the host in an Auto Scaling group with a minimum and maximum instance count of 1. Use
a hardened machine image from AWS Marketplace. Apply system updates with AWS Systems
Manager Patch Manager.
Answer: D (LEAVE A REPLY)
NEW QUESTION: 5
A company is using AWS Organizations to manage multiple AWS accounts. For security
purposes, the company requires the creation of an Amazon Simple Notification Service (Amazon
SNS) topic that enables integration with a third-party alerting system in all the Organizations
member accounts.
A solutions architect used an AWS CloudFormation template to create the SNS topic and stack
sets to automate the deployment of CloudFormation attacks. Trusted access has been enabled in
Organizations.
What should the solutions architect do to deploy the CloudFormation StackSets in all AWS
accounts?
A. Create stacks in the Organizations master account. Use service-managed permissions. Set
deployment options to deploy to the organization. Enable CloudFormation StackSets automatic
deployment.
B. Create stacks in the Organizations member accounts. Use self-service permissions. Set
deployment options to deploy to an organization. Enable the CloudFormation StackSets
automatic deployment.
C. Create a stack set in the Organizations member accounts. Use service-managed permissions.
Set deployment options to deploy to an organization. Use CloudFormation StackSets drift
detection.
D. Create stacks in the Organization master account. Use service-managed permissions. Set
deployment options to deploy to the organization. Enable CloudFormation StackSets drift
detection.
