Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

AWS Certified Solutions Architect - ProfessionalFree trialFree trial

By amazon
Aug, 2025

Verified

25Q per page

Question 151

In Amazon RDS for PostgreSQL, you can provision up to 3TB storage and 30,000 IOPS per database instance. For a workload with 50% writes and 50% reads running on a cr1.8xlarge instance, you can realize over 25,000 IOPS for PostgreSQL. However, by provisioning more than this limit, you may be able to achieve:

  • A: higher latency and lower throughput.
  • B: lower latency and higher throughput.
  • C: higher throughput only.
  • D: higher latency only.

Question 152

Which of the following cannot be done using AWS Data Pipeline?

  • A: Create complex data processing workloads that are fault tolerant, repeatable, and highly available.
  • B: Regularly access your data where it's stored, transform and process it at scale, and efficiently transfer the results to another AWS service.
  • C: Generate reports over data that has been stored.
  • D: Move data between different AWS compute and storage services as well as on premise data sources at specified intervals.

Question 153

AWS Direct Connect itself has NO specific resources for you to control access to. Therefore, there are no AWS Direct Connect Amazon Resource Names (ARNs) for you to use in an Identity and Access Management (IAM) policy.
With that in mind, how is it possible to write a policy to control access to AWS Direct Connect actions?

  • A: You can leave the resource name field blank.
  • B: You can choose the name of the AWS Direct Connection as the resource.
  • C: You can use an asterisk (*) as the resource.
  • D: You can create a name for the resource.

Question 154

Identify an application that polls AWS Data Pipeline for tasks and then performs those tasks.

  • A: A task executor
  • B: A task deployer
  • C: A task runner
  • D: A task optimizer

Question 155

How is AWS readily distinguished from other vendors in the traditional IT computing landscape?

  • A: Experienced. Scalable and elastic. Secure. Cost-effective. Reliable
  • B: Secure. Flexible. Cost-effective. Scalable and elastic. Global
  • C: Secure. Flexible. Cost-effective. Scalable and elastic. Experienced
  • D: Flexible. Cost-effective. Dynamic. Secure. Experienced.

Question 156

With respect to AWS Lambda permissions model, at the time you create a Lambda function, you specify an IAM role that AWS Lambda can assume to execute your Lambda function on your behalf. This role is also referred to as the________role.

  • A: configuration
  • B: execution
  • C: delegation
  • D: dependency

Question 157

Within an IAM policy, can you add an IfExists condition at the end of a Null condition?

  • A: Yes, you can add an IfExists condition at the end of a Null condition but not in all Regions.
  • B: Yes, you can add an IfExists condition at the end of a Null condition depending on the condition.
  • C: No, you cannot add an IfExists condition at the end of a Null condition.
  • D: Yes, you can add an IfExists condition at the end of a Null condition.

Question 158

Regarding Identity and Access Management (IAM), Which type of special account belonging to your application allows your code to access Google services programmatically?

  • A: Service account
  • B: Simple Key
  • C: OAuth
  • D: Code account

Question 159

IAM users do not have permission to create Temporary Security Credentials for federated users and roles by default. In contrast, IAM users can call __________ without the need of any special permissions

  • A: GetSessionName
  • B: GetFederationToken
  • C: GetSessionToken
  • D: GetFederationName

Question 160

An organization is planning to use NoSQL DB for its scalable data needs. The organization wants to host an application securely in AWS VPC.
What action can be recommended to the organization?

  • A: The organization should setup their own NoSQL cluster on the AWS instance and configure route tables and subnets.
  • B: The organization should only use a DynamoDB because by default it is always a part of the default subnet provided by AWS.
  • C: The organization should use a DynamoDB while creating a table within the public subnet.
  • D: The organization should use a DynamoDB while creating a table within a private subnet.

Question 161

What happens when Dedicated instances are launched into a VPC?

  • A: If you launch an instance into a VPC that has an instance tenancy of dedicated, you must manually create a Dedicated instance.
  • B: If you launch an instance into a VPC that has an instance tenancy of dedicated, your instance is created as a Dedicated instance, only based on the tenancy of the instance.
  • C: If you launch an instance into a VPC that has an instance tenancy of dedicated, your instance is automatically a Dedicated instance, regardless of the tenancy of the instance.
  • D: None of these are true.

Question 162

An organization is setting up RDS for their applications. The organization wants to secure RDS access with VPC.
Which of the following options is not required while designing the RDS with VPC?

  • A: The organization must create a subnet group with public and private subnets. Both the subnets can be in the same or separate AZ.
  • B: The organization should keep minimum of one IP address in each subnet reserved for RDS failover.
  • C: If the organization is connecting RDS from the internet it must enable the VPC attributes DNS hostnames and DNS resolution.
  • D: The organization must create a subnet group with VPC using more than one subnet which are a part of separate AZs.

Question 163

You create a VPN connection, and your VPN device supports Border Gateway Protocol (BGP).
Which of the following should be specified to configure the VPN connection?

  • A: Classless routing
  • B: Classfull routing
  • C: Dynamic routing
  • D: Static routing

Question 164

An organization has developed an application which provides a smarter shopping experience. They need to show a demonstration to various stakeholders who may not be able to access the in premise application so they decide to host a demo version of the application on AWS.
Consequently, they will need a fixed elastic IP attached automatically to the instance when it is launched.
In this scenario which of the below mentioned options will not help assign the elastic IP automatically?

  • A: Write a script which will fetch the instance metadata on system boot and assign the public IP using that metadata.
  • B: Provide an elastic IP in the user data and setup a bootstrapping script which will fetch that elastic IP and assign it to the instance.
  • C: Create a controlling application which launches the instance and assigns the elastic IP based on the parameter provided when that instance is booted.
  • D: Launch instance with VPC and assign an elastic IP to the primary network interface.

Question 165

An organization is having a VPC for the HR department, and another VPC for the Admin department. The HR department requires access to all the instances running in the Admin VPC while the Admin department requires access to all the resources in the HR department.
How can the organization setup this scenario?

  • A: Setup VPC peering between the VPCs of Admin and HR.
  • B: Setup ACL with both VPCs which will allow traffic from the CIDR of the other VPC.
  • C: Setup the security group with each VPC which allows traffic from the CIDR of another VPC.
  • D: It is not possible to connect resources of one VPC from another VPC.

Question 166

You have launched an EC2 instance with four (4) 500 GB EBS Provisioned IOPS volumes attached. The EC2 instance is EBS-Optimized and supports 500 Mbps throughput between EC2 and EBS. The four EBS volumes are configured as a single RAID 0 device, and each Provisioned IOPS volume is provisioned with 4,000
IOPS (4,000 16KB reads or writes), for a total of 16,000 random IOPS on the instance. The EC2 instance initially delivers the expected 16,000 IOPS random read and write performance. Sometime later, in order to increase the total random I/O performance of the instance, you add an additional two 500 GB EBS Provisioned
IOPS volumes to the RAID. Each volume is provisioned to 4,000 IOPs like the original four, for a total of 24,000 IOPS on the EC2 instance. Monitoring shows that the EC2 instance CPU utilization increased from 50% to 70%, but the total random IOPS measured at the instance level does not increase at all.
What is the problem and a valid solution?

  • A: The EBS-Optimized throughput limits the total IOPS that can be utilized; use an EBSOptimized instance that provides larger throughput.
  • B: Small block sizes cause performance degradation, limiting the I/O throughput; configure the instance device driver and filesystem to use 64KB blocks to increase throughput.
  • C: The standard EBS Instance root volume limits the total IOPS rate; change the instance root volume to also be a 500GB 4,000 Provisioned IOPS volume.
  • D: Larger storage volumes support higher Provisioned IOPS rates; increase the provisioned volume storage of each of the 6 EBS volumes to 1TB.
  • E: RAID 0 only scales linearly to about 4 devices; use RAID 0 with 4 EBS Provisioned IOPS volumes, but increase each Provisioned IOPS EBS volume to 6,000 IOPS.

Question 167

Can a Direct Connect link be connected directly to the Internet?

  • A: Yes, this can be done if you pay for it.
  • B: Yes, this can be done only for certain regions.
  • C: Yes
  • D: No

Question 168

ABC has created a multi-tenant Learning Management System (LMS). The application is hosted for five different tenants (clients) in the VPCs of the respective
AWS accounts of the tenant. ABC wants to setup a centralized server which can connect with the LMS of each tenant upgrade if required. ABC also wants to ensure that one tenant VPC should not be able to connect to the other tenant VPC for security reasons.
How can ABC setup this scenario?

  • A: ABC has to setup one centralized VPC which will peer in to all the other VPCs of the tenants.
  • B: ABC should setup VPC peering with all the VPCs peering each other but block the IPs from CIDR of the tenant VPCs to deny them.
  • C: ABC should setup all the VPCs with the same CIDR but have a centralized VPC. This way only the centralized VPC can talk to the other VPCs using VPC peering.
  • D: ABC should setup all the VPCs meshed together with VPC peering for all VPCs.

Question 169

A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 in this VPC. The user is trying to create another subnet with the same VPC for CIDR 20.0.0.1/24.
What will happen in this scenario?

  • A: The VPC will modify the first subnet CIDR automatically to allow the second subnet IP range
  • B: The second subnet will be created
  • C: It will throw a CIDR overlaps error
  • D: It is not possible to create a subnet with the same CIDR as VPC

Question 170

True or False: The Amazon ElastiCache clusters are not available for use in VPC at this time.

  • A: TRUE
  • B: True, but they are available only in the GovCloud.
  • C: True, but they are available only on request
  • D: FALSE

Question 171

In Amazon Redshift, how many slices does a dw2.8xlarge node have?

  • A: 16
  • B: 8
  • C: 32
  • D: 2

Question 172

Identify a true statement about using an IAM role to grant permissions to applications running on Amazon EC2 instances.

  • A: When AWS credentials are rotated; developers have to update only the root Amazon EC2 instance that uses their credentials.
  • B: When AWS credentials are rotated, developers have to update only the Amazon EC2 instance on which the password policy was applied and which uses their credentials.
  • C: When AWS credentials are rotated, you don't have to manage credentials and you don't have to worry about long-term security risks.
  • D: When AWS credentials are rotated, you must manage credentials and you should consider precautions for long-term security risks.

Question 173

Out of the striping options available for the EBS volumes, which one has the following disadvantage:
'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.'?

  • A: Raid 1
  • B: Raid 0
  • C: RAID 1+0 (RAID 10)
  • D: Raid 2

Question 174

In the context of IAM roles for Amazon EC2, which of the following NOT true about delegating permission to make API requests?

  • A: You cannot create an IAM role.
  • B: You can have the application retrieve a set of temporary credentials and use them.
  • C: You can specify the role when you launch your instances.
  • D: You can define which accounts or AWS services can assume the role.

Question 175

In the context of Amazon ElastiCache CLI, which of the following commands can you use to view all ElastiCache instance events for the past 24 hours?

  • A: elasticache-events --duration 24
  • B: elasticache-events --duration 1440
  • C: elasticache-describe-events --duration 24
  • D: elasticache describe-events --source-type cache-cluster --duration 1440
Page 7 of 41 • Questions 151-175 of 1019
56789

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!