Architecting Solutions on AWS Final Assessment
Course Name: Architecting Solutions on AWS (AWS Cloud Solutions Architect)
Course Link: Architecting Solutions on AWS
These are Architecting Solutions on AWS Final Assessment Answers
Question 1
A solutions architect must design a solution to help manage their customer’s containerized applications. Currently, the customer workload runs in Docker containers on top of Amazon Elastic Compute Cloud (Amazon EC2) instances and on-premises servers that run a hybrid Kubernetes cluster. The customer wants to migrate part of their hybrid Kubernetes deployment to the cloud with a minimum amount of effort, and they want to keep all the native features of Kubernetes. The customer also wants to reduce their operational overhead for managing their Kubernetes cluster. Which managed AWS service should the solutions architect suggest to best satisfy these requirements?
AWS Fargate with Amazon Elastic Container Service (Amazon ECS)
AWS Fargate with Amazon Elastic Kubernetes Service (Amazon EKS)
Amazon Elastic Container Service (Amazon ECS)
Amazon Elastic Kubernetes Service (Amazon EKS)
Answer: Amazon Elastic Kubernetes Service (Amazon EKS)
These are Architecting Solutions on AWS Final Assessment Answers
Question 2
Which of the following options includes true statements for both Amazon Simple Storage Service (Amazon S3) cross-Region replication and AWS Key Management Service (AWS KMS)?
To configure S3 cross-Region replication, both the source and destination buckets must belong to the same AWS account. Server-side encryption (SSE) is possible for replicated objects.
To configure Amazon S3 cross-Region replication, both the source and destination buckets must belong to the same AWS account. Server-side encryption (SSE) is not possible for replicated objects.
To configure Amazon S3 cross-Region replication, the source and destination buckets can belong to different AWS accounts. Server-side encryption (SSE) is possible for replicated objects.
To configure Amazon S3 cross-Region replication, the source and destination buckets can belong to different AWS accounts. Server-side encryption is not possible for replicated objects.
Answer: To configure Amazon S3 cross-Region replication, the source and destination buckets can belong to different AWS accounts. Server-side encryption (SSE) is possible for replicated objects.
These are Architecting Solutions on AWS Final Assessment Answers
Question 3
True or False: Amazon Relational Database Service (Amazon RDS) is more suitable for databases that handle structured or relational data, where users can count with features like auto-increment and table joins. Amazon DynamoDB is more suitable for NoSQL database workloads, where tables are collection of items that have their own attributes.
True
False
Answer: True
These are Architecting Solutions on AWS Final Assessment Answers
Question 4
Amazon DynamoDB is designed for scale and performance. In most cases, the DynamoDB response times can be measured in single-digit milliseconds. However, there are certain use cases that require response times in microseconds. For these use cases, DynamoDB Accelerator (DAX) delivers fast response times for accessing eventually consistent data. Which statements about DAX are correct? (Choose THREE.)
DAX reduces operational and application complexity by providing a managed service that is compatible with the DynamoDB API.
Although using DAX has a cost, it can reduce the consumption of DynamoDB table capacity. If the data is read intensive (that is, millions of requests per second), DAX can result in cost savings by caching the data while also providing better read latency, being beneficial for scenarios in need of repeated reads for individual keys.
DAX does not support server-side encryption (SSE).
DAX is not designed for applications that are write-intensive. It can also add cost to applications that do not perform much read activity.
DAX does not support encrypting data in transit, which means that communication between an application and DAX cannot be encrypted.
Answer:
DAX reduces operational and application complexity by providing a managed service that is compatible with the DynamoDB API.
Although using DAX has a cost, it can reduce the consumption of DynamoDB table capacity. If the data is read intensive (that is, millions of requests per second), DAX can result in cost savings by caching the data while also providing better read latency, being beneficial for scenarios in need of repeated reads for individual keys.
DAX is not designed for applications that are write-intensive. It can also add cost to applications that do not perform much read activity.
These are Architecting Solutions on AWS Final Assessment Answers
Question 5
True or False: AWS Lambda is a compute service that runs code without the need to provision or manage servers. Lambda runs code on a high-availability compute infrastructure. It also performs all the administration of compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, and logging. Lambda can run code for virtually any type of application or backend service.
True
False
Answer: True
These are Architecting Solutions on AWS Final Assessment Answers
Question 6
True or False: Amazon Simple Storage Service (Amazon S3) is better than Amazon Elastic Block Store (Amazon EBS) because it is designed to provide a higher level of data durability.
True
False
Answer: False
These are Architecting Solutions on AWS Final Assessment Answers
Question 7
Which set of AWS services is the BEST fit for the “Object, file, and block storage” category (which means that the services are dedicated to storing data in a durable way)?
AWS DataSync, AWS Snow Family
Amazon Simple Storage Service (Amazon S3), Amazon Elastic File System (Amazon EFS), Amazon Elastic Block Store (Amazon EBS), Amazon FSx
AWS Storage Gateway, AWS Snow Family
AWS Elastic Disaster Recovery, AWS Backup
Answer: Amazon Simple Storage Service (Amazon S3), Amazon Elastic File System (Amazon EFS), Amazon Elastic Block Store (Amazon EBS), Amazon FSx
These are Architecting Solutions on AWS Final Assessment Answers
Question 8
True or False: When architecting a solution that can handle high demand and usage spikes, Amazon CloudFront should be used in front of an Amazon Simple Storage Service (Amazon S3) bucket. CloudFront can cache data that gets delivered to customers, and it lets customers use custom domain names. In addition, CloudFront can serve custom SSL certificates that are issued by Amazon Certificate Manager (at no additional cost) and it can provide distributed denial of service (DDoS) protection that is powered by AWS WAF and AWS Shield.
True
False
Answer: True
These are Architecting Solutions on AWS Final Assessment Answers
Question 9
Which statements about AWS Storage Gateway are correct? (Choose THREE.)
AWS Storage Gateway is a set of hybrid cloud storage services that provide on-premises access to virtually unlimited cloud storage.
AWS Storage Gateway offers virtually unlimited cloud storage to users and applications, at the cost of new storage hardware.
AWS Storage Gateway delivers data access to on-premises applications while taking advantage of the agility, economics, and security capabilities of the AWS Cloud.
AWS Storage Gateway is limited to only on-premises applications, which means that it cannot be used from cloud to cloud.
AWS Storage Gateway helps support compliance requirements through integration with AWS Backup to manage the backup and recovery of Volume Gateway volumes, which simplifies backup management.
AWS Storage Gateway can only work as an Amazon S3 File Gateway.
Answer:
AWS Storage Gateway is a set of hybrid cloud storage services that provide on-premises access to virtually unlimited cloud storage.
AWS Storage Gateway delivers data access to on-premises applications while taking advantage of the agility, economics, and security capabilities of the AWS Cloud.
AWS Storage Gateway helps support compliance requirements through integration with AWS Backup to manage the backup and recovery of Volume Gateway volumes, which simplifies backup management.
These are Architecting Solutions on AWS Final Assessment Answers
Question 10
What are some benefits of using multiple AWS accounts with AWS Organizations? (Choose THREE.)
Grouping workloads based on business purpose and ownership
Using different payment methods per account
Limiting the scope of impact from adverse events
Distributing AWS service quotas and API request rate limits
Having multiple account root users with unrestricted access on each account
Answer:
Grouping workloads based on business purpose and ownership
Limiting the scope of impact from adverse events
Distributing AWS service quotas and API request rate limits
These are Architecting Solutions on AWS Final Assessment Answers
Question 11
True or False: A service control policy (SCP) statement with an explicit deny prevents even the account root user from performing API calls.
True
False
Answer: True
These are Architecting Solutions on AWS Final Assessment Answers
Question 12
A solutions architect is designing a solution that provides single sign-on (SSO) to authenticate into AWS accounts that are in AWS Organizations. Which AWS service can the solutions architect use to implement identity federation with existing identity providers, such as Microsoft Active Directory?
AWS Identity and Access Management (IAM) users
Amazon CloudWatch
AWS IAM Identity Center (successor to AWS Single Sign-On)
AWS CloudTrail
Answer: AWS IAM Identity Center (successor to AWS Single Sign-On)
These are Architecting Solutions on AWS Final Assessment Answers
Question 13
Which statements are best practices for multi-account environments? (Choose THREE.)
Enable Amazon CloudWatch billing alarms per account and configure tagging policies in AWS Organizations.
Give AdministratorAccess policies to developers in their development AWS accounts.
Prevent CloudTrail configuration from being disabled in the shared services account.
Use multi-factor authentication (MFA) for users in centralized credentialing, such as using AWS IAM Identity Center (successor to AWS Single Sign-On).
Reuse passwords for simplicity and ease of access.
Provide powerful users and broad roles for Cloud Center of Excellence (CCoE) members, such as granting AdministratorAccess permissions to them.
Answer:
Enable Amazon CloudWatch billing alarms per account and configure tagging policies in AWS Organizations.
Prevent CloudTrail configuration from being disabled in the shared services account.
Use multi-factor authentication (MFA) for users in centralized credentialing, such as using AWS IAM Identity Center (successor to AWS Single Sign-On).
These are Architecting Solutions on AWS Final Assessment Answers
Question 14
A solutions architect must create well-defined governance standards for a company that has multiple AWS accounts. The company needs centralized infrastructure logging for all AWS accounts. In addition, the company’s chief information security officer (CISO) would like to have a measurement that applies a circuit breaker to stop Amazon Elastic Compute Cloud (Amazon EC2) API activities if the billing alarms indicate suspicious activity. The company intends to use AWS Organizations. Which architectural scenario should the solutions architect propose to meet the company’s needs in the MOST effective way?
Enable AWS CloudTrail for all accounts in AWS Organizations. Use Organizations to centralize all logs into one Amazon Simple Storage Service (Amazon S3) bucket. As the circuit breaker, use service control policies (SCPs) that have an explicit deny for Amazon EC2 API activity. These SCPs can then be applied to the root organizational unit (OU) as needed.
Enable AWS CloudTrail for all accounts in AWS Organizations. Use Organizations to centralize all logs into one Amazon Simple Storage Service (Amazon S3) bucket. Use multi-factor authentication (MFA) devices for every user in AWS IAM Identity Center (successor to AWS Single Sign-On).
Enable AWS CloudTrail for only the production accounts in AWS Organizations. Use Organizations to centralize logs into one Amazon Simple Storage Service (Amazon S3 bucket). For single sign-on, use AWS IAM Identity Center (successor to AWS Single Sign-ON).
Enable AWS CloudTrail for all accounts in AWS Organizations. Use Organizations to centralize logs in one Amazon Simple Storage Service (Amazon S3) bucket. As the circuit breaker, use AWS Identity and Access Management (IAM) policies on each account that have an explicit deny for Amazon EC2 API activity. The IAM policies can then be applied to the root organizational unit (OU) as needed.
Answer: Enable AWS CloudTrail for all accounts in AWS Organizations. Use Organizations to centralize all logs into one Amazon Simple Storage Service (Amazon S3) bucket. As the circuit breaker, use service control policies (SCPs) that have an explicit deny for Amazon EC2 API activity. These SCPs can then be applied to the root organizational unit (OU) as needed.
These are Architecting Solutions on AWS Final Assessment Answers
Question 15
A solutions architect is designing an architecture that can provide HTML pages to customers. They want a serverless solution that can host content over the internet and serve a static website with minimal effort. Which AWS service should the solutions architect choose to meet these requirements?
Amazon Simple Storage Service (Amazon S3)
Amazon Elastic Compute Cloud (Amazon EC2)
Amazon DynamoDB
Amazon Kinesis
Answer: Amazon Simple Storage Service (Amazon S3)
These are Architecting Solutions on AWS Final Assessment Answers
Question 16
An application needs to process events that are received through an API. Multiple consumers must be able to process the data concurrently. Which AWS managed service would best meet this requirement in the most cost-effective way?
Amazon Simple Notification Service (Amazon SNS) with a fan-out strategy
Amazon Simple Queue Service (Amazon SQS) with FIFO queues
Amazon EventBridge with rules
Amazon Elastic Compute Cloud (Amazon EC2) with Spot Instances
Answer: Amazon Simple Notification Service (Amazon SNS) with a fan-out strategy
These are Architecting Solutions on AWS Final Assessment Answers
Question 17
A solutions architect is designing a solution that needs real-time data ingestion. They are considering either Amazon Kinesis Data Firehose or Amazon Kinesis Data Streams for this solution. Which service should the solutions architect choose to meet the requirement for real-time data ingestion, and why? (Remember that lower data latency means a lower roundtrip time from when data is ingested and available.)
Amazon Kinesis Data Firehose, because it has lower latency when compared to Amazon Kinesis Data Streams
Amazon Kinesis Data Firehose, because it has higher latency when compared to Amazon Kinesis Data Streams
Amazon Kinesis Data Streams, because it has lower latency when compared to Amazon Kinesis Data Firehose
Amazon Kinesis Data Streams, because it has higher latency when compared to Amazon Kinesis Data Firehose
Answer: Amazon Kinesis Data Streams, because it has lower latency when compared to Amazon Kinesis Data Firehose
These are Architecting Solutions on AWS Final Assessment Answers
Question 18
A solutions architect is designing a serverless solution that can do Structured Query Language (SQL) queries over multiple objects that are stored in Amazon Simple Storage Service (Amazon S3). All the objects share the same data structure (schema) and are in JSON. Which service would make it easier to query the data, in addition to providing serverless capabilities?
Amazon Athena
AWS Database Migration Service (AWS DMS)
Amazon S3 Select
AWS Data Exchange
Answer: Amazon Athena
Question 19*
A solutions architect is designing a hybrid solution. The solution uses Amazon Virtual Private Cloud (Amazon VPC) resources, such Amazon Relational Database Service (Amazon RDS) and Amazon Elastic Compute Cloud (Amazon EC2). It also uses services that are not in a VPC, such as Amazon Simple Storage Service (Amazon S3) and AWS Systems Manager. Which statements about Amazon VPC and the scope of AWS services are correct? (Choose THREE.)
Amazon VPC gives the user full control over their virtual networking environment. Therefore, the solutions architect can define firewall rules on the networking level for VPC-based resources.
Because S3 buckets do not reside inside a VPC, the customer can rely on AWS to configure security mechanisms, such as permissions and bucket policies. Thus, security is automatically applied on the data level because this level of security is the responsibility of AWS.
VPC-based services that reside in a private subnet require specific configurations to enable internet access, such as a NAT gateway and route tables.
When possible, customers should avoid having services reside in VPCs because a networking misconfiguration can accidentally leave the infrastructure in an unsafe state.
Using AWS resources like Amazon S3 is less secure because they are public resources by default.
AWS VPN solutions can be configured to establish secure connections between on-premises networks, remote offices, client devices, and the AWS global network.
These are Architecting Solutions on AWS Final Assessment Answers
Answer:
Amazon VPC gives the user full control over their virtual networking environment. Therefore, the solutions architect can define firewall rules on the networking level for VPC-based resources.
VPC-based services that reside in a private subnet require specific configurations to enable internet access, such as a NAT gateway and route tables.
AWS VPN solutions can be configured to establish secure connections between on-premises networks, remote offices, client devices, and the AWS global network.
These are Architecting Solutions on AWS Final Assessment Answers
More Weeks of the course: Click Here
More Coursera courses: https://progiez.com/coursera