[PDF&VCE] Official AWS Certified Solutions Architect – Associate Exam Preparation Download From Lead2pass (251-275)
2016 October Amazon Official New Released AWS Certified Solutions Architect – Associate Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Our PDF dumps of AWS Certified Solutions Architect – Associate exam is designed to ensure everything which you need to pass your exam successfully. At Lead2pass, we have a completely customer oriented policy. We invite the professionals who have rich experience and expert knowledge of the IT certification industry to guarantee the PDF details precisely and logically. Our customers’ time is a precious concern for us. This requires us to provide you the products that can be utilized most efficiently.
Following questions and answers are all new published by Amazon Official Exam Center: http://www.lead2pass.com/aws-certified-solutions-architect-associate.html
You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost-effective way.
Which of the following will meet your requirements?
A. Spot Instances
B. Reserved instances
C. Dedicated instances
D. On-Demand instances
Using reserved instances is not the most cost-effective way.
“Scheduled Reserved Instance model allows you to reserve instances for predefined blocks of time on a recurring basis for a one-year term, with prices that are generally 5 to 10% lower than the equivalent On-Demand rates.”
You can get spot instances with much lower prices:
“Spot instances are also available to run for a predefined duration – in hourly increments up to six hours in length – at a significant discount (30-45%) compared to On-Demand pricing plus an additional 5% during off-peak times for a total of up to 50% savings.”
Which of the following are true regarding AWS CloudTrail? Choose 3 answers
A. CloudTrail is enabled globally
B. CloudTrail is enabled by default
C. CloudTrail is enabled on a per-region basis
D. CloudTrail is enabled on a per-service basis.
E. Logs can be delivered to a single Amazon S3 bucket for aggregation.
F. CloudTrail is enabled for all available services within a region.
G. Logs can only be processed and delivered to the region in which they are generated.
A:have a trail with the Apply trail to all regions option enabled.
C:have multiple single region trails.
E: Log files from all the regions can be delivered to a single S3 bucket
Global service events are always delivered to trails that have the Apply trail to all regions option enabled. Events are delivered from a single region to the bucket for the trail. This setting cannot be changed.
If you have a single region trail, you should enable the Include global services option.
If you have multiple single region trails, you should enable the Include global services option in only one of the trails.
D Incorrect: once enabled it is applicable for all the supported services, service can’t be selected
You have a content management system running on an Amazon EC2 instance that is approaching 100% CPU utilization. Which option will reduce load on the Amazon EC2 instance?
A. Create a load balancer, and register the Amazon EC2 instance with it
B. Create a CloudFront distribution, and configure the Amazon EC2 instance as the origin
C. Create an Auto Scaling group from the instance using the CreateAutoScalingGroup action
D. Create a launch configuration from the instance using the CreateLaunchConfiguration action
You can create an ASG from instance ID
You have a load balancer configured for VPC, and all back-end Amazon EC2 instances are in service. However, your web browser times out when connecting to the load balancer’s DNS name. Which options are probable causes of this behavior? Choose 2 answers
A. The load balancer was not configured to use a public subnet with an Internet gateway configured
B. The Amazon EC2 instances do not have a dynamically allocated private IP address
C. The security groups or network ACLs are not property configured for web traffic.
D. The load balancer is not configured in a private subnet with a NAT instance.
E. The VPC does not have a VGW configured.
There is no such thing as VGW. Hence E is not correct answer.
A company needs to deploy services to an AWS region which they have not previously used. The company currently has an AWS identity and Access Management (IAM) role for the Amazon EC2 instances, which permits the instance to have access to Amazon DynamoDB. The company wants their EC2 instances in the new region to have the same privileges. How should the company achieve this?
A. Create a new IAM role and associated policies within the new region
B. Assign the existing IAM role to the Amazon EC2 instances in the new region
C. Copy the IAM role and associated policies to the new region and attach it to the instances
D. Create an Amazon Machine Image (AMI) of the instance and copy it to the desired region using the AMI Copy feature
Which of the following notification endpoints or clients are supported by Amazon Simple Notification Service? Choose 2 answers
B. CloudFront distribution
C. File Transfer Protocol
D. Short Message Service
E. Simple Network Management Protocol
SNS Supported Endpoints
Amazon SNS provides the ability to send Email notifications
Amazon SNS provides the ability to send and receive Short Message Service (SMS) notifications to SMS-enabled mobile phones and smart phones
Which set of Amazon S3 features helps to prevent and recover from accidental data loss?
A. Object lifecycle and service access logging
B. Object versioning and Multi-factor authentication
C. Access controls and server-side encryption
D. Website hosting and Amazon S3 policies
Versioning-enabled buckets enable you to recover objects from accidental deletion or overwrite
In addition to that, they have made it a requirement that delete operations on versioned data can only be done using MFA (Multi factor authentication).
A company needs to monitor the read and write IOPs metrics for their AWS MySQL RDS instance and send real-time alerts to their operations team. Which AWS services can accomplish this? Choose 2 answers
A. Amazon Simple Email Service
B. Amazon CloudWatch
C. Amazon Simple Queue Service
D. Amazon Route 53
E. Amazon Simple Notification Service
B: Amazon RDS provides metrics in real time for the operating system (OS) that your DB instance runs on. You can view the metrics for your DB instance using the console, or consume the Enhanced Monitoring JSON output from CloudWatch Logs in a monitoring system of your choice
E: Use Amazon RDS DB events to monitor failovers. For example, you can be notified by text message or email when a DB instance fails over.
Amazon RDS uses the Amazon Simple Notification Service (Amazon SNS) to provide notification when an Amazon RDS event occurs.
A company is preparing to give AWS Management Console access to developers Company policy mandates identity federation and role-based access control. Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console? (Select 2) Choose 2 answers
A. AWS Directory Service AD Connector
B. AWS Directory Service Simple AD
C. AWS Identity and Access Management groups
D. AWS identity and Access Management roles
E. AWS identity and Access Management users
What is the durability of S3 RRS?
What does specifying the mapping /dev/sdc=none when launching an instance do?
A. Prevents /dev/sdc from creating the instance.
B. Prevents /dev/sdc from deleting the instance.
C. Set the value of /dev/sdc to ‘zero’.
D. Prevents /dev/sdc from attaching to the instance.
You are deploying an application to track GPS coordinates of delivery trucks in the United States. Coordinates are transmitted from each delivery truck once every three seconds.
You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. Which service should you use to implement data ingestion?
A. Amazon Kinesis
B. AWS Data Pipeline
C. Amazon AppStream
D. Amazon Simple Queue Service
A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an OpenID Connect-compatible identity provider. Which AWS Security Token Service approach to temporary access should you use for the Amazon S3 operations?
A. SAML-based Identity Federation
B. Cross-Account Access
C. AWS Identity and Access Management roles
D. Web Identity Federation
Web identity federation – You can let users sign in using a well-known third party identity provider such as Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC) 2.0 compatible provider.
AWS STS web identity federation supports Login with Amazon, Facebook, Google, and any OpenID Connect (OICD)-compatible identity provider.
You have an application running on an Amazon Elastic Compute Cloud instance, that uploads 5 GB video objects to Amazon Simple Storage Service (S3). Video uploads are taking longer than expected, resulting in poor application performance.
Which method will help improve performance of your application?
A. Enable enhanced networking
B. Use Amazon S3 multipart upload
C. Leveraging Amazon CloudFront, use the HTTP POST method to reduce latency.
D. Use Amazon Elastic Block Store Provisioned IOPs and use an Amazon EBS-optimized instance
Using multipart upload provides the following advantages:
– Improved throughput – You can upload parts in parallel to improve throughput.
– Quick recovery from any network issues – Smaller part size minimizes the impact of restarting a failed upload due to a network error.
– Pause and resume object uploads – You can upload object parts over time. Once you initiate a multipart upload there is no expiry; you must explicitly complete or abort the multipart upload.
– Begin an upload before you know the final object size – You can upload an object as you are creating it.
A customer wants to track access to their Amazon Simple Storage Service (S3) buckets and also use this information for their internal security and access audits. Which of the following will meet the Customer requirement?
A. Enable AWS CloudTrail to audit all Amazon S3 bucket access.
B. Enable server access logging for all required Amazon S3 buckets.
C. Enable the Requester Pays option to track access via AWS Billing
D. Enable Amazon S3 event notifications for Put and Post.
If its just for internal audit, then Server access logging, I assume is sufficient:
For external audits I would go for CloudTrail:
A company is deploying a two-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing lower Overall CPU resources for the web tier?
A. Amazon EBS volume
B. Amazon S3
C. Amazon EC2 instance store
D. Amazon RDS instance
You are designing a web application that stores static assets in an Amazon Simple Storage Service (S3) bucket. You expect this bucket to immediately receive over 150 PUT requests per second. What should you do to ensure optimal performance?
A. Use multi-part upload.
B. Add a random prefix to the key names.
C. Amazon S3 will automatically manage performance at this scale.
D. Use a predictable naming scheme, such as sequential numbers or date time sequences, in the key names
If you anticipate that your workload will consistently exceed 100 requests per second, you should avoid sequential key names. If you must use sequential numbers or date and time patterns in key names, add a random prefix to the key name. The randomness of the prefix more evenly distributes key names across multiple index partitions. Examples of introducing randomness are provided later in this topic.
When will you incur costs with an Elastic IP address (EIP)?
A. When an EIP is allocated.
B. When it is allocated and associated with a running instance.
C. When it is allocated and associated with a stopped instance.
D. Costs are incurred regardless of whether the EIP is associated with a running instance.
You are allowed one EIP to be attached to a running instance at no charge. otherwise, it will incur a small fee. in this case, the instance is stopped, and thus, the EIP will be billed at the normal rate.
A company has an AWS account that contains three VPCs (Dev, Test, and Prod) in the same region. Test is peered to both Prod and Dev. All VPCs have non-overlapping CIDR blocks.
The company wants to push minor code releases from Dev to Prod to speed up time to market.
Which of the following options helps the company accomplish this?
A. Create a new peering connection Between Prod and Dev along with appropriate routes.
B. Create a new entry to Prod in the Dev route table using the peering connection as the target.
C. Attach a second gateway to Dev. Add a new entry in the Prod route table identifying the gateway as the target.
D. The VPCs have non-overlapping CIDR blocks in the same account. The route tables contain local routes for all VPCs.
Which of the following instance types are available as Amazon EBS-backed only? Choose 2 answers
A. General purpose T2
B. General purpose M3
C. Compute-optimized C4
D. Compute-optimized C3
E. Storage-optimized 12
A customer is hosting their company website on a cluster of web servers that are behind a public-facing load balancer. The customer also uses Amazon Route 53 to manage their public DNS. How should the customer configure the DNS zone apex record to point to the load balancer?
A. Create an A record pointing to the IP address of the load balancer
B. Create a CNAME record pointing to the load balancer DNS name.
C. Create a CNAME record aliased to the load balancer DNS name.
D. Create an A record aliased to the load balancer DNS name
You try to connect via SSH to a newly created Amazon EC2 instance and get one of the following error messages:
"Network error: Connection timed out" or "Error connecting to [instance], reason: -> Connection timed out: connect,"
You have confirmed that the network and security group rules are configured correctly and the instance is passing status checks. What steps should you take to identify the source of the behavior? Choose 2 answers
A. Verify that the private key file corresponds to the Amazon EC2 key pair assigned at launch.
B. Verify that your IAM user policy has permission to launch Amazon EC2 instances.
C. Verify that you are connecting with the appropriate user name for your AMI.
D. Verify that the Amazon EC2 Instance was launched with the proper IAM role.
E. Verify that your federation trust to AWS has been established.
A customer is running a multi-tier web application farm in a virtual private cloud (VPC) that is not connected to their corporate network. They are connecting to the VPC over the Internet to manage all of their Amazon EC2 instances running in both the public and private subnets. They have only authorized the bastion-security-group with Microsoft Remote Desktop Protocol (RDP) access to the application instance security groups, but the company wants to further limit administrative access to all of the instances in the VPC.
Which of the following Bastion deployment scenarios will meet this requirement?
A. Deploy a Windows Bastion host on the corporate network that has RDP access to all instances in the VPC.
B. Deploy a Windows Bastion host with an Elastic IP address in the public subnet and allow SSH access to the bastion from anywhere.
C. Deploy a Windows Bastion host with an Elastic IP address in the private subnet, and restrict RDP access to the bastion from only the corporate public IP addresses.
D. Deploy a Windows Bastion host with an auto-assigned Public IP address in the public subnet, and allow RDP access to the bastion from only the corporate public IP addresses.
A customer has a single 3-TB volume on-premises that is used to hold a large repository of images and print layout files. This repository is growing at 500 GB a year and must be presented as a single logical volume. The customer is becoming increasingly constrained with their local storage capacity and wants an off-site backup of this data, while maintaining low-latency access to their frequently accessed data.
Which AWS Storage Gateway configuration meets the customer requirements?
A. Gateway-Cached volumes with snapshots scheduled to Amazon S3
B. Gateway-Stored volumes with snapshots scheduled to Amazon S3
C. Gateway-Virtual Tape Library with snapshots to Amazon S3
D. Gateway-Virtual Tape Library with snapshots to Amazon Glacier
You are building an automated transcription service in which Amazon EC2 worker instances process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved. You do not know what the storage capacity requirements are. Which storage option is both cost-efficient and scalable?
A. Multiple Amazon EBS volume with snapshots
B. A single Amazon Glacier vault
C. A single Amazon S3 bucket
D. Multiple instance stores
If you want to get more AWS Certified Solutions Architect – Associate exam preparation material, you can download the free AWS Certified Solutions Architect – Associate braindumps in PDF files on Lead2pass. It would be great helpful for your exam. All the AWS Certified Solutions Architect – Associate dumps are updated and cover every aspect of the examination. Welcome to choose.
AWS Certified Solutions Architect – Associate new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDNlBGazRSTENUQW8
2016 Amazon AWS Certified Solutions Architect – Associate exam dumps (All 423 Q&As) from Lead2pass:
http://www.lead2pass.com/aws-certified-solutions-architect-associate.html [100% Exam Pass Guaranteed]