• Home
  • Articles
  • [Mar-2025 Newly Released] AWS-Solutions-Architect-Associate Exam Questions For You To Pass [Q156-Q174]

[Mar-2025 Newly Released] AWS-Solutions-Architect-Associate Exam Questions For You To Pass [Q156-Q174]

Share

[Mar-2025 Newly Released] AWS-Solutions-Architect-Associate Exam Questions For You To Pass

Amazon AWS-Solutions-Architect-Associate Exam: Basic Questions With Answers


The AWS Solutions Architect certification is ideal for professionals who are involved in designing and deploying scalable, reliable, and cost-effective applications on the AWS platform. AWS Certified Solutions Architect - Associate (SAA-C02) certification is also suitable for individuals who are responsible for managing and maintaining AWS-based systems, as well as those who are involved in developing solutions using AWS services. By earning this certification, professionals can demonstrate their expertise in AWS architecture and design principles, which can help them advance their career in the IT industry.

 

NEW QUESTION # 156
You are designing a multi-platform web application for AWS The application will run on EC2 instances and will be accessed from PCs. tablets and smart phones Supported accessing platforms are Windows.
MACOS. lOS and Android Separate sticky session and SSL certificate setups are required for different platform types which of the following describes the most cost effective and performance efficient architecture setup?

  • A. Assign multiple ELBS to an EC2 instance or group of EC2 instances running the common components of the web application, one ELB for each platform type Session stickiness and SSL termination are done at the ELBs.
  • B. Setup a hybrid architecture to handle session state and SSL certificates on-prem and separate EC2 Instance groups running web applications for different platform types running in a VPC
  • C. Set up one ELB for all platforms to distribute load among multiple instance under it Each EC2 instance implements ail functionality for a particular platform.
  • D. Set up two ELBs The first ELB handles SSL certificates for all platforms and the second ELB handles session stickiness for all platforms for each ELB run separate EC2 instance groups to handle the web application for each platform.

Answer: A


NEW QUESTION # 157
An existing client comes to you and says that he has heard that launching instances into a VPC (virtual private cloud) is a better strategy than launching instances into a EC2-classic which he knows is what you currently do. You suspect that he is correct and he has asked you to do some research about this and get back to him. Which of the following statements is true in regards to what ability launching your instances into a VPC instead of EC2-Classic gives you?

  • A. Assign static private IP addresses to your instances that persist across starts and stops
  • B. Define network interfaces, and attach one or more network interfaces to your instances
  • C. Change security group membership for your instances while they're running
  • D. All of the things listed here.

Answer: D

Explanation:
By launching your instances into a VPC instead of EC2-Classic, you gain the ability to:
Assign static private IP addresses to your instances that persist across starts and stops
Assign multiple IP addresses to your instances
Define network interfaces, and attach one or more network interfaces to your instances
Change security group membership for your instances while they're running
Control the outbound traffic from your instances (egress filtering) in addition to controlling the inbound traffic to them (ingress filtering)
Add an additional layer of access control to your instances in the form of network access control lists
(ACL)
Run your instances on single-tenant hardware
Reference: http://media.amazonwebservices.com/AWS_Cloud_Best_Practices.pdf


NEW QUESTION # 158
A company is developing an application to deliver dynamic content to users the globe. The content should to customize according to a user's device and be delivered with very low latency.
Which service should be used?

  • A. Amazon S3
  • B. Amazon API Gateway
  • C. Lamba@Edge
  • D. Amazon Cloud Front

Answer: D

Explanation:
Explanation
https://aws.amazon.com/cloudfront/dynamic-content/


NEW QUESTION # 159
You have a load balancer configured for VPC, and all back-end Amazon EC2 instances are in service. However, your web browser times out when connecting to the load balancer's DNS name. Which options are probable causes of this behavior? Choose 2 answers

  • A. The load balancer is not configured in a private subnet with a NAT instance.
  • B. The security groups or network ACLs are not property configured for web traffic.
  • C. The Amazon EC2 instances do not have a dynamically allocated private IP address
  • D. The VPC does not have a VGW configured.
  • E. The load balancer was not configured to use a public subnet with an Internet gateway configured

Answer: C,E


NEW QUESTION # 160
A company has an on-premises data center that is running out of storage capacity. The company wants to migrate its storage infrastructure to AWS while minimizing bandwidth costs The solution must allow for immediate retrieval of data at no additional cost.
How can these requirements be met?

  • A. Deploy AWS Storage Gateway using stored volumes to store data locally. Use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3
  • B. Deploy Amazon S3 Glacier Vault and enable expedited retrieval. Enable provisioned retrieval capacity for the workload
  • C. Deploy AWS Storage Gateway using cached volumes. Use Storage Gateway to store data in Amazon S3 while retaining copies of frequently accessed data subsets locally.
  • D. Deploy AWS Direct Connect to connect with the on-premises data center. Configure AWS Storage Gateway to store data locally. Use Storage Gateway to asynchronously bacK up potnt-tn-time snapshots of the data to Amazon S3.

Answer: C


NEW QUESTION # 161
A company hosts an application on AWS. The application uses AWS Lambda functions and stores data in Amazon DynamoDB tables. The Lambda functions are connected to a VPC that does not have internet access.
The traffic to access DynamoDB must not travel across the internet. The application must have write access to only specific DynamoDB tables.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

  • A. Attach a VPC endpoint policy for DynamoDB to allow write access to only the specific DynamoDB tables.
  • B. Create an interface VPC endpoint for DynamoDB that is associated with the Lambda VPC. Ensure that the Lambda execution role can access the interface VPC endpoint.
  • C. Create a gateway VPC endpoint for DynamoDB that is associated with the Lambda VPC. Ensure that the Lambda execution role can access the gateway VPC endpoint.
  • D. Create a resource-based 1AM policy to grant write access to only the specific DynamoDB tables. Attach the policy to the DynamoDB tables.
  • E. Attach a security group to the interface VPC endpoint to allow write access to only the specific DynamoDB tables.

Answer: A,C


NEW QUESTION # 162
A, _____ is an individual, system, or application that interacts with AWS programmatically.

  • A. user
  • B. AWS Account
  • C. Role
  • D. Group

Answer: A


NEW QUESTION # 163
Which of the following are valid statements about Amazon 53? Choose 2 answers

  • A. Partially saved objects are immediately readable with a GET after an overwrite PUT.
  • B. A successful response to a PUT request only occurs when a complete object is saved.
  • C. 53 provides read-after-write consistency for any type of PUT or DELETE
  • D. Consistency is not guaranteed for any type of PUT or DELETE
  • E. S3 provides eventual consistency for overwrite PUTS and DELETES.

Answer: B,E

Explanation:
Reference:
http://api-portal.anypoint.mulesoft.com/amazon/api/amazon-s3-api/docs/concepts#DataConsistencyMod el


NEW QUESTION # 164
If your DB instance runs out of storage space or file system resources, its status will change to_____ and your DB Instance will no longer be available.

  • A. storage-overflow
  • B. storage-exceed
  • C. storage-full
  • D. storage-overage

Answer: C


NEW QUESTION # 165
A company's website is using an Amazon RDS MySQL Multi-AZ DB instance for its transactional data storage.
There are other internal systems that query this DB instance to fetch data for internal batch processing. The RDS DB instance slows down significantly the internal systems fetch data. This impacts the website's read and write performance, and the users experience slow response times.
Which solution will improve the website's performance?

  • A. Use Amazon ElastiCache to cache the query responses for the website.
  • B. Add an additional Availability Zone to the current RDS MySQL Multi.AZ DB instance.
  • C. Add a read replica to the RDS DB instance and configure the internal systems to query the read replica.
  • D. Use an RDS PostgreSQL DB instance instead of a MySQL database.

Answer: C

Explanation:
Explanation
Amazon RDS Read Replicas
Enhanced performance
You can reduce the load on your source DB instance by routing read queries from your applications to the read replica. Read replicas allow you to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. Because read replicas can be promoted to master status, they are useful as part of a sharding implementation.
To further maximize read performance, Amazon RDS for MySQL allows you to add table indexes directly to Read Replicas, without those indexes being present on the master.
https://aws.amazon.com/rds/features/read-replicas/


NEW QUESTION # 166
An application stack includes an Elastic Load Balancer in a public subnet a fleet of Amazon EC2 instances in an Auto Scaling group, and an Amazon RDS MySQL cluster Users connect to the application from the Internet. The application servers and database must be secure.
How should a Solutions Architect perform this task?

  • A. Create a public subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster.
  • B. Create a private subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster.
  • C. Create a private subnet tor the Amazon EC2 instances and a private subnet for the Amazon RDS cluster.
  • D. Create a public subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster.

Answer: D


NEW QUESTION # 167
A company's packaged application dynamically creates and returns single-use text files in response to user requests. The company is using Amazon CloudFront for distribution, but wants to future reduce data transfer costs. The company modify the application's source code.
What should a solution architect do to reduce costs?

  • A. Use Lambda adage to compress the files as they are sent to users.
  • B. Use Amazon S3 multipart uploads to move the files to Amazon S3 before returning them to users.
  • C. Enable caching on the CloudFront distribution to store generated files at the edge.
  • D. Enable Amazon S3 Transfer Acceleration to reduce the response times.

Answer: A


NEW QUESTION # 168
A company has NFS servers in an on-premises data center that need to periodically back up small amounts of data to Amazon S3. Which solution meets these requirements and is MOST cost-effective?

  • A. Set up an SFTP sync using AWS Transfer for SFTP to sync data from on premises to Amazon S3.
  • B. Set up an AWS DataSync agent on the on-premises servers, and sync the data to Amazon S3.
  • C. Set up AWS Glue to copy the data from the on-premises servers to Amazon S3.
  • D. Set up an AWS Direct Connect connection between the on-premises data center and a VPC, and copy the data to Amazon S3.

Answer: B

Explanation:
AWS DataSync is a service that makes it easy to move large amounts of data online between on-premises storage and AWS storage services. AWS DataSync can transfer data at speeds up to 10 times faster than open-source tools by using a purpose-built network protocol and parallelizing data transfers. AWS DataSync also handles encryption, data integrity verification, and bandwidth optimization. To use AWS DataSync, users need to deploy a DataSync agent on their on-premises servers, which connects to the NFS servers and syncs the data to Amazon S3. Users can schedule periodic or one-time sync tasks and monitor the progress and status of the transfers.
The other options are not correct because they are either not cost-effective or not suitable for the use case.
Setting up AWS Glue to copy the data from the on-premises servers to Amazon S3 is not cost-effective because AWS Glue is a serverless data integration service that is mainly used for extract, transform, and load (ETL) operations, not for simple data backup. Setting up an SFTP sync using AWS Transfer for SFTP to sync data from on premises to Amazon S3 is not cost-effective because AWS Transfer for SFTP is a fully managed service that provides secure file transfer using the SFTP protocol, which is more suitable for exchanging data with third parties than for backing up data. Setting up an AWS Direct Connect connection between the on-premises data center and a VPC, and copying the data to Amazon S3 is not cost-effective because AWS Direct Connect is a dedicated network connection between AWS and the on-premises location, which has high upfront costs and requires additional configuration.
References:
AWS DataSync
How AWS DataSync works
AWS DataSync FAQs


NEW QUESTION # 169
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs to share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses a customer managed customer master key (CMK) to encrypt EBS volume snapshots.
What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?

  • A. Export the AMI from the source account to an Amazon S3 bucket in the MSP Partner's AWS account.Encrypt the S3 bucket with a CMK that is owned by the MSP Partner Copy and launch the AMI in the MSP Partner's AWS account.
  • B. Modify the launchPermission property of the AMI Share the AMI with the MSP Partner's AWS account only. Modify the CMK's key policy to trust a new CMK that is owned by the MSP Partner for encryption.
  • C. Modify the launchPermission property of the AMI. Share the AMI with the MSP Partner's AWS account only. Modify the CMK's key policy to allow the MSP Partner's AWS account to use the key.
  • D. Make the encrypted AMI and snapshots publicly available. Modify the CMK's key policy to allow the MSP Partner's AWS account to use the key

Answer: C

Explanation:
Share the existing KMS key with the MSP external account because it has already been used to encrypt the AMI snapshot.
https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html


NEW QUESTION # 170
Identify a correct statement about the expiration date of the "Letter of Authorization and Connecting Facility Assignment (LOA-CFA)," which lets you complete the Cross Connect step of setting up your AWS Direct Connect.

  • A. If the cross connect is not completed within the specified duration from the appropriate provider, the LOA-CFA expires.
  • B. If the virtual interface is not created within 72 days, the LOA-CFA becomes outdated.
  • C. If the cross connect is not completed within 90 days, the authority granted by the LOA-CFA expires.
  • D. If the cross connect is not completed within a user-defined time, the authority granted by the LOA- CFA expires.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
An AWS Direct Connect location provides access to AWS in the region it is associated with. You can establish connections with AWS Direct Connect locations in multiple regions, but a connection in one region does not provide connectivity to other regions. Note: If the cross connect is not completed within 90 days, the authority granted by the LOA-CFA expires.
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Colocation.html


NEW QUESTION # 171
What is an isolated database environment running in the cloud (Amazon RDS) called?

  • A. DB Volume
  • B. DB Server
  • C. DB Instance
  • D. DB Unit

Answer: C


NEW QUESTION # 172
A gaming company hosts a browser-based application on AWS. The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users.
The application has increased in popularity, and millions of users worldwide are accessing these media files.
The company wants to provide the files to the users while reducing the load on the origin.
Which solution meets these requirements MOST cost-effectively?

  • A. Deploy an AWS Global Accelerator accelerator in front of the web servers.
  • B. Deploy an Amazon CloudFront web distribution in front of the S3 bucket.
  • C. Deploy an Amazon ElastiCache for Redis instance in front of the web servers.
  • D. Deploy an Amazon ElastiCache for Memcached instance in front of the web servers.

Answer: B


NEW QUESTION # 173
A customer set up an Amazon VPC with one private subnet and one public subnet with a NAT gateway. The VPC will contain a group of Amazon EC2 instances. All instances will configure themselves at startup by downloading a bootstrap script from an Amazon S3 bucket with a policy that only allows access from the customer's Amazon EC2 instances and then deploys an application through GIT. A Solutions Architect has been asked to design a solution that provides the highest level of security regarding network connectivity to the Amazon EC2 instances.
How should the Architect design the infrastructure?

  • A. Place the Amazon EC2 instances in a private subnet, and assign EIPs; route outgoing traffic through the internet gateway.
  • B. Place the Amazon EC2 instances in a private subnet, with no EIPs; route outgoing traffic through the NAT gateway
  • C. Place the Amazon EC2 instances in the public subnet, with no EIPs; route outgoing traffic through the internet gateway.
  • D. Place the Amazon EC2 instances in a public subnet, and assign EIPs; route outgoing traffic through the NAT gateway.

Answer: D


NEW QUESTION # 174
......


Amazon AWS-Solutions-Architect-Associate certification exam is intended for individuals who have experience in designing and deploying scalable and highly available systems on AWS. AWS-Solutions-Architect-Associate exam covers a wide range of topics, including AWS services, design patterns, and architectural best practices. Candidates are required to have a solid understanding of AWS services such as EC2, S3, RDS, DynamoDB, and AWS Lambda, as well as a deep understanding of network design, security, and high availability concepts.


The AWS-Solutions-Associate exam covers a wide range of topics, including AWS architecture, deployment and management, security, and networking. AWS-Solutions-Architect-Associate exam aims to validate the candidate's ability to design and deploy cost-effective, scalable, and reliable solutions on AWS. AWS-Solutions-Architect-Associate exam consists of multiple-choice and multiple-response questions, and the candidate must pass with a score of 720 out of 1000 to obtain the certification.

 

New 2025 Realistic Free Amazon AWS-Solutions-Architect-Associate Exam Dump Questions and Answer: https://vceplus.practicevce.com/Amazon/AWS-Solutions-Architect-Associate-practice-exam-dumps.html

Related Articles

more
Amazon AWS-Solutions-Architect-Associate Certification Practice Exam