AWS Certified Solutions Architect – Professional

What is an immutable way to set policies on a Glacier vault?

  • Glacier Vault Lock.S3 Glacier Vault Lock allows you to deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy.
  • You can specify controls such as “write once read many” in a vault lock policy and lock the policy from future edits. Once is locked, the policy can no longer be changed.
  • To delete the vault lock policy, you can send an HTTP DELETE request to the URI of the vault’s lock-policy sub-resource.
  • Example of a Vault Lock policy, you are required to retain archives for one year before you can delete them.

AWS CLI is an important service in AWS. Via CLI, you can try to fetch some metadata from a file from an S3 bucket but got 404 Not Found error. You then realize the mistake and upload the file again. After the upload, you tried again to fetch the metadata and got. What was the reason for 404 issue?

Correct Answer: Because the upload is not propagated fully, we will receive a 404 Not Found. We will receive back the requested metadata.

Which database would be best for storing and analyzing the complex interpersonal relationships of people involved in organized crime?

  • Amazon Neptune is a purpose-built, high-performance graph database. It is optimized for processing graph queries.
  • After creating an instance in Amazon Elastic Compute Cloud (Amazon EC2), you can log into that instance using SSH and connect to a Amazon Neptune DB cluster

Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. You have decided to use EFS for sharing files across many EC2 instances and you want to be able to tolerate an AZ failure. What should you do?

Correct Answer: We can Create EFS mount targets in each AZ and configure each EC2 instance to mount the common mount target.

Which AWS services allow native encryption of data at rest?

  • EBS, S3 and EFS are AWS Services which allow native encryption of data, while at rest.
  • All allow the user to configure encryption at rest.
  • They can use either the AWS Key Management Service (KMS) or customer provided keys.
  • The exception is ElastiCache for Memcached which does not offer a native encryption service whereas ElastiCache for Redis allows.
  • AWS Snowball encrypts data at rest by default as well.

The Amazon DynamoDB Query action lets you retrieve data in a similar fashion. You can use Query with any table that has a composite primary key (partition key and sort key). You must specify an equality condition for the partition key, and you can optionally provide another condition for the sort key. You need to improve performance of queries to your DynamoDB table. The most common queries do not use the partition key. What should you do?

Correct Answer: Create a Global Secondary Index with the most common queried attribute as the hash key

Which data formats does Amazon Athena support?

Correct Answer: Apache Parquet.Apache ORC.JSON

Build data-intensive apps or boost the performance of your existing databases by retrieving data from high throughput and low latency in-memory data stores. Amazon ElastiCache is a popular choice for real-time use cases like Caching, Session Stores, Gaming, Geospatial Services, Real-Time Analytics, and Queuing.You are trying to decide product, you should select for your in-memory cache needs. You require support for encryption. Which service should you choose?

Correct Answer: ElastiCache Redis

John is using Glacier to store historical data(for retention period-10 years) with vault lock policy to prevent the data. Now his Boss suggested to reduce the retention policy for these historical files to only 5 years. How will he do in 1 week?

We know that S3 Glacier enforces the controls set in the vault lock policy. For data retention. Once it is locked, the policy can no longer be changed. That’s why It is not possible to reduce the retention period from 10 years to 5 years. You cannot change the vault lock once it is activated.

As part of your disaster recovery preparation, you have decided to maintain a replica of your on-site data on AWS S3 using Storage Gateway. AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. Which mode should you use?

Correct Answer: Gateway Stored Volume Mode

Amazon DynamoDB is a NoSQL database that supports key-value and document data models. Developers can use DynamoDB to build modern, serverless applications that can start small and scale globally to support petabytes of data and tens of millions of read and write requests per second. What DynamoDB features can be utilised to increase the speed of read operations?

Correct Answer: DynamoDB Accelerator (DAX) and Secondary Indexes

You are architecting a complex application landscape that values fast disk I/O for EC2 instances above everything else. Which storage option would you choose?

Correct Answer: Instance Store

You want to allow your VPC instances to resolve using on-prem DNS. Can you do this and how/why?

Correct Answer: Yes, by configuring a DHCP Option Set to issue your on-prem DNS IP to VPC clients.

What networking components will allow IPv6 data to communicate between a VPC and the Internet?

Correct Answer: Egress-Only Internet Gateway. Internet Gateway

You notice that you cannot ping an EC2 instance that you recently started in a public subnet. What could be the problem?

Correct Answer: The security group does not allow inbound ICMP traffic.

What is Server-Side Encryption ?

Server-side encryption is the encryption of data at its destination by the application or service that receives it. Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it.

you are creating a mobile app for client that needs secure access to AWS resources. What is the best way to do this?

Correct Answer: Use the Cognito SDK to provide temporary credentials.

What is the most efficient way of logging all external interaction with AWS services for your accounts globally?

Correct Answer: Setup CloudTrail in your main region and configure it to log all regions and store logs in a single S3 bucket in your main region.

The AWS Cloud Adoption Framework (AWS CAF) provides guidance that supports each unit in your organization so that each area understands how to update skills, adapt existing processes, and introduce new processes to take maximum advantage of the services provided by cloud computing.Which is not part of a component of the Cloud Adoption Framework?

Correct Answer: Reinvent business processes to take advantage of new capabilities.

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.Which of the following native AWS services does not support a VPC endpoint connection?

Correct Answer: Amazon MQ

A cloud migration strategy is the plan an organization makes to move its data and applications from an on-premises architecture to the cloud.Which migration strategy generally has the least cost for an enterprise?

Correct Answer: Retire

Consider You just completed setup of your Direct Connect connection to AWS and want to transition over from your VPN but leave the VPN as a backup. What will you do?

Correct Answer: Update BGP weighting on your customer-side router to a higher weight than the VPN connection..Configure both the VPN and Direct Connect with the same BGP prefix.

You want to gradually migrate data directly from an on-prem RAID10 file server to S3 without moving it to other storage first. Which aws service will you use?

Correct Answer: AWS CLI

Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.
In project,You have decided to migrate your on-prem legacy Informix database to Amazon Aurora. How might this be facilitated most efficiently?

Correct Answer: You can manually create the target schema on Aurora then use Data Pipeline with JDBC to move the data.


You are migrating from an Oracle on-prem database to an Oracle RDS database. Which of these describes this migration properly?

Correct Answer: Homogenous migration