Podcast
Questions and Answers
What should a solutions architect do to prevent unauthorized configuration changes in Amazon S3 buckets?
What should a solutions architect do to prevent unauthorized configuration changes in Amazon S3 buckets?
- Turn on AWS Config with the appropriate rules. (correct)
- Turn on Amazon S3 server access logging.
- Turn on Amazon Inspector with the appropriate assessment template.
- Turn on AWS Trusted Advisor with the appropriate checks.
Which solution allows a product manager without an AWS account to access an Amazon CloudWatch dashboard while adhering to the principle of least privilege?
Which solution allows a product manager without an AWS account to access an Amazon CloudWatch dashboard while adhering to the principle of least privilege?
- Create an IAM user for the product manager and attach the CloudWatchReadOnlyAccess policy. (correct)
- Use an IAM user with a ViewOnlyAccess policy to grant access.
- Share the dashboard link via the CloudWatch console directly.
- Deploy a bastion server to provide temporary access to the dashboard.
In a company using AWS Organizations, what is a recommended solution for implementing single sign-on (SSO) across multiple AWS accounts?
In a company using AWS Organizations, what is a recommended solution for implementing single sign-on (SSO) across multiple AWS accounts?
- Leverage AWS Directory Service for centralized authentication.
- Use AWS Single Sign-On to manage access across all accounts. (correct)
- Implement Amazon Cognito for user management across accounts.
- Configure IAM roles in each account for SSO access.
Which of the following is NOT a function of AWS Config?
Which of the following is NOT a function of AWS Config?
What is a potential disadvantage of sharing an Amazon CloudWatch dashboard link directly with a product manager?
What is a potential disadvantage of sharing an Amazon CloudWatch dashboard link directly with a product manager?
Which AWS service can help ensure monitoring for unauthorized changes specifically in S3 bucket configurations?
Which AWS service can help ensure monitoring for unauthorized changes specifically in S3 bucket configurations?
What should be considered when creating an IAM user for accessing CloudWatch dashboard metrics?
What should be considered when creating an IAM user for accessing CloudWatch dashboard metrics?
What is a potential benefit of enabling Amazon S3 server access logging?
What is a potential benefit of enabling Amazon S3 server access logging?
What is the most cost-effective way to avoid Regional data transfer charges for EC2 instances accessing Amazon S3?
What is the most cost-effective way to avoid Regional data transfer charges for EC2 instances accessing Amazon S3?
Which combination of actions can ensure a Lambda function ingests all data in the future despite network connectivity issues?
Which combination of actions can ensure a Lambda function ingests all data in the future despite network connectivity issues?
What should be configured to send events about completed uploads to an S3 bucket using Amazon CloudWatch?
What should be configured to send events about completed uploads to an S3 bucket using Amazon CloudWatch?
How can a company improve the reliability of its data ingestion workflow using AWS components?
How can a company improve the reliability of its data ingestion workflow using AWS components?
Which architectural change would minimize downtime of a Lambda function caused by network issues?
Which architectural change would minimize downtime of a Lambda function caused by network issues?
What is the role of the NAT gateway in the context of EC2 instances accessing S3?
What is the role of the NAT gateway in the context of EC2 instances accessing S3?
Why might a company choose to replace a NAT gateway with a NAT instance?
Why might a company choose to replace a NAT gateway with a NAT instance?
In an application where stores upload transaction data via SFTP, which service would be vital for processing and analyzing the uploaded data?
In an application where stores upload transaction data via SFTP, which service would be vital for processing and analyzing the uploaded data?
What is the most appropriate AWS DynamoDB capacity mode to handle traffic spikes quickly?
What is the most appropriate AWS DynamoDB capacity mode to handle traffic spikes quickly?
How should a solutions architect securely share an AMI backed by EBS snapshots with an MSP Partner's AWS account?
How should a solutions architect securely share an AMI backed by EBS snapshots with an MSP Partner's AWS account?
What design should a solutions architect use to ensure a stateless processor application runs in parallel and can scale based on job demand?
What design should a solutions architect use to ensure a stateless processor application runs in parallel and can scale based on job demand?
Which option allows a solutions architect to use a customer managed key for encrypting EBS snapshots when sharing an AMI?
Which option allows a solutions architect to use a customer managed key for encrypting EBS snapshots when sharing an AMI?
In the context of an AWS application architecture, what does it mean for the application to be loosely coupled?
In the context of an AWS application architecture, what does it mean for the application to be loosely coupled?
What is one of the key benefits of using an Amazon SQS queue for job management in an AWS architecture?
What is one of the key benefits of using an Amazon SQS queue for job management in an AWS architecture?
Why might a solutions architect choose to implement Auto Scaling for a serverless architecture on AWS?
Why might a solutions architect choose to implement Auto Scaling for a serverless architecture on AWS?
What role does a global secondary index (GSI) play in a DynamoDB table?
What role does a global secondary index (GSI) play in a DynamoDB table?
What is the purpose of configuring an S3 Lifecycle policy for storing uploaded documents?
What is the purpose of configuring an S3 Lifecycle policy for storing uploaded documents?
How can the web servers securely connect to the Amazon RDS MySQL Multi-AZ DB instance while ensuring credentials are rotated frequently?
How can the web servers securely connect to the Amazon RDS MySQL Multi-AZ DB instance while ensuring credentials are rotated frequently?
What solution can be implemented to prevent data loss during database upgrades for Lambda functions?
What solution can be implemented to prevent data loss during database upgrades for Lambda functions?
What is a primary benefit of using S3 Versioning for document storage?
What is a primary benefit of using S3 Versioning for document storage?
What is a potential risk of storing database user credentials on the web server file system?
What is a potential risk of storing database user credentials on the web server file system?
Which option is not a valid method for facilitating secure database access from web servers?
Which option is not a valid method for facilitating secure database access from web servers?
What strategy can be adopted to enhance the reliability of data storage during database maintenance periods?
What strategy can be adopted to enhance the reliability of data storage during database maintenance periods?
Why should AWS IAM permissions be configured for accessing secure credentials?
Why should AWS IAM permissions be configured for accessing secure credentials?
What is the primary function of the Lambda function created in the customer data scenario?
What is the primary function of the Lambda function created in the customer data scenario?
Which configuration would help minimize data transfer costs when sharing S3 bucket data with a European marketing firm?
Which configuration would help minimize data transfer costs when sharing S3 bucket data with a European marketing firm?
What is the best way to prevent accidental deletion of confidential audit documents in an S3 bucket?
What is the best way to prevent accidental deletion of confidential audit documents in an S3 bucket?
If the SQL database performance is inadequate during script execution, what could be a potential solution?
If the SQL database performance is inadequate during script execution, what could be a potential solution?
What feature should be enabled on the S3 bucket to ensure that previous versions of deleted files can be recovered?
What feature should be enabled on the S3 bucket to ensure that previous versions of deleted files can be recovered?
When configuring access to the S3 bucket, which principle should be followed to enhance security?
When configuring access to the S3 bucket, which principle should be followed to enhance security?
Which method pairs well with S3 Intelligent-Tiering for efficient storage management?
Which method pairs well with S3 Intelligent-Tiering for efficient storage management?
What is a major benefit of using the Amazon Simple Queue Service (SQS) FIFO queue for customer data?
What is a major benefit of using the Amazon Simple Queue Service (SQS) FIFO queue for customer data?
Study Notes
AWS Solutions Architect Practice Exams - Questions
- A company using AWS S3 buckets wants to ensure unauthorized configuration changes don't occur. To achieve this, they should enable AWS Config with appropriate rules.
- A company needs to allow a product manager without an AWS account to access an Amazon CloudWatch dashboard. Creating an IAM user specifically for the product manager, attaching the CloudWatchReadOnlyAccess managed policy, and sharing the dashboard URL with the product manager is the best solution adhering to least privilege.
- For an application deployed across different AWS accounts managed by AWS Organizations, the recommended SSO solution is to use AWS Organizations to manage user credentials and policies for all accounts.
- A company running an image-processing application in a single VPC across multiple Availability Zones, using a single NAT gateway for S3 communication faces data transfer costs. The most cost-effective way to avoid regional data transfer charges is to deploy a gateway VPC endpoint for Amazon S3.
- To ensure an ingestion workflow that includes an SNS topic and Lambda function can handle occasional network connectivity issues, implement the following:
- Create an Amazon SQS queue and subscribe it to the SNS topic.
- Modify the Lambda function to read from the SQS queue.
- A company's marketing application using SFTP for data upload needs to handle traffic spikes efficiently. Using a DynamoDB table in on-demand capacity mode provides flexibility and adapts to quick traffic changes.
- To securely share an encrypted AMI with an MSP Partner's AWS account, the solutions architect should modify the launchPermission property of the AMI to share it with the MSP Partner's account. Additionally, they should modify the KMS key policy to grant access to the MSP Partner's account for using the key.
- For a stateless processor application that needs to handle jobs in parallel, a loosely coupled design with durable job storage is required. The best solution is to create an Amazon SNS topic to send jobs, use an Auto Scaling group with an AMI for the processor application, and store the uploaded documents in an Amazon S3 bucket with a Lifecycle policy for periodic archiving.
- A company wants to securely connect multiple web servers to an Amazon RDS MySQL Multi-AZ DB instance while frequently rotating user credentials. The recommended solution is to store the database user credentials in AWS Secrets Manager and grant the web servers necessary IAM permissions to access Secrets Manager.
- To handle database upgrade events where Lambda functions fail to connect to an Aurora MySQL database, the recommended solution is to provision an Amazon RDS proxy between the Lambda functions and the database. This allows the Lambda functions to continue connecting through the proxy, ensuring database connectivity during upgrades.
- A company wants to minimize data transfer costs when sharing 3TB of data with a European marketing firm using S3 buckets. Using S3 Cross-Region Replication from the company's S3 bucket to one of the marketing firm's S3 buckets is the most cost-effective solution for data transfer between regions.
- To secure confidential audit documents in an S3 bucket, where accidental deletion is a concern, enabling versioning and MFA Delete features on the S3 bucket is the recommended solution.
- A company's SQL database used for storing movie data suffers from performance issues during script execution. The recommended solution is to configure the script to execute outside business hours, avoiding impact on development tasks during peak times.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers essential concepts for AWS Solutions Architect certification, focusing on best practices for S3, IAM, and AWS Organizations. Test your knowledge on how to manage configurations, user access, and effective resource usage in AWS environments.