FREE AWS Certified Solutions Architect – Associate Question and Answers
As a Solutions Architect for TPT Ltd., Adam is in charge of creating a shared service for hosting containers from various customers on Amazon ECS. There are many AWS services that these containers will use. The data from one customer's container must not be accessible by that of another customer, as required. To satisfy the above requirements, Adam has been asked to propose a suitable solution. In this circumstance, what should he do?
IAM roles for tasks is a feature provided by Amazon ECS (Elastic Container Service) that allows you to assign specific IAM roles to individual containers or tasks running within ECS. This enables fine-grained access control and isolation of resources between different containers.
By using IAM roles for tasks, Adam can create and manage IAM roles that have specific permissions and access policies tailored for each customer's container. Each customer's container can be assigned a dedicated IAM role, ensuring that the containers are isolated from each other and have access only to the resources and data they require.
Your IT Director gave you the order to immediately set up an automated backup of each EBS Volume for your EC2 instances as part of the business continuity plan for your organization.
What is the quickest and least expensive method for backing up all of your EBS Volumes automatically?
Using Amazon Data Lifecycle Manager (Amazon DLM) to automate the creation of EBS snapshots is the quickest and least expensive method for backing up all of your EBS volumes automatically.
Amazon DLM is a service provided by Amazon Web Services (AWS) that simplifies the management of automated backups for Amazon EBS volumes. It allows you to create backup policies that define the frequency and retention period for EBS snapshots.
The configurations in an organization's AWS account need to be evaluated and audited. It must monitor each configuration change made to any of its Amazon S3 buckets in order to strictly enforce compliance. To prevent data breaches, automatically identifying S3 buckets with public access is also a good idea.
Which choices from the list below will satisfy this demand?
Using AWS Config to set up a rule in your AWS account will satisfy the demand of evaluating and auditing configurations and monitoring changes made to Amazon S3 buckets.
AWS Config is a service provided by Amazon Web Services (AWS) that enables you to assess, audit, and evaluate the configurations of your AWS resources. It continuously monitors the configuration changes and records the configuration details of your resources over time.
Using stateless web servers, TPT Ltd. has created a highly available web application.
Which of the following services should be used to store session state data?
(1) Cloud Watch to store data
(2) DynamoDB
(3) Elastic Load Balancing to be used
(4) ElastiCache
(5) Storage Gateway
DynamoDB is a NoSQL database service and can be used to store session state data. However, ElastiCache is typically a more suitable choice for caching session data due to its in-memory capabilities and optimized performance for caching use cases.
ElastiCache provides fast, in-memory data storage, which allows for quick retrieval and updates of session state data. This helps improve the overall performance and responsiveness of the web application.
Miguel has created an application that needs a highly available relational database and has an initial storage capacity of 8 TB. Every day, this database will expand by 8 GB. Now, a minimum of 8 read replicas will be needed to handle database reads and support anticipated traffic.
Which one of the following should Miguel employ to fulfill these conditions?
Miguel should employ Amazon Aurora to fulfill the conditions of a highly available relational database with increasing storage capacity and the need for multiple read replicas.
Amazon Aurora is a fully managed relational database service provided by AWS. It is compatible with MySQL and PostgreSQL and offers high performance, durability, and scalability. It is designed to handle demanding workloads and provides automatic replication and failover capabilities.
Recently, your business adopted a hybrid architecture that links its on-premises data center to its AWS cloud. You have been given the responsibility for configuring the VPC and putting the necessary IAM groups, roles, users, and policies into place.
What is the best method for writing IAM policies in this circumstance?
The principle of least privilege is a security best practice that involves granting users, groups, or roles only the minimum permissions necessary to perform their intended tasks or functions. By adhering to this principle, you minimize the risk of unauthorized access or unintended actions in your environment.
By implementing the principle of least privilege, you can enhance the security posture of your hybrid architecture by reducing the potential attack surface and minimizing the impact of security incidents or mistakes.
Jacob is an employee of TPT Ltd. It has been requested of his team that they host the data on AWS Cloud, and the primary requirements are as follows:
(1) Capability to store JSON documents.
(2) High levels of both accessibility and longevity
Which of the following options represents the ideal mechanism for storage that Jacob and his team ought to make use of in order to fulfill this requirement?
DynamoDB is a fully managed NoSQL database service provided by Amazon Web Services (AWS). It is designed to provide fast and flexible storage for any type of data, including JSON documents. DynamoDB can store, retrieve, and manage structured data, making it suitable for storing JSON documents.