amazon AWS Certified Solutions Architect - Associate SAA-C01 practice test


Question 1

A company wants to create an application that will transmit protected health information (PHI) to thousands of service
consumers in different AWS accounts. The application servers will sit in private VPC subnets. The routing for the application
must be fault tolerant.
What should be done to meet these requirements?

  • A. Create a VPC endpoint service and grant permissions to specific service consumers to create a connection.
  • B. Create a virtual private gateway connection between each pair of service provider VPCs and service consumer VPCs.
  • C. Create an internal Application Load Balancer in the service provider VPC and put application servers behind it.
  • D. Create a proxy server in the service provider VPC to route requests from service consumers to the application servers.
Answer:

A

Discussions

Question 2

A Solutions Architect plans to migrate NAT instances to NAT gateway. The Architect has NAT instances with scripts to
manage high availability.
What is the MOST efficient method to achieve similar high availability with NAT gateway?

  • A. Remove source/destination check on NAT instances.
  • B. Launch a NAT gateway in each Availability Zone.
  • C. Use a mix of NAT instances and NAT gateway.
  • D. Add an ELB Application Load Balancer in front of NAT gateway.
Answer:

B

Discussions

Question 3

A Solutions Architect is designing an architecture for a mobile gaming application. The application is expected to be very
popular. The Architect needs to prevent the Amazon RDS MySQL database from becoming a bottleneck due to frequently
accessed queries. Which service or feature should the Architect add to prevent a bottleneck?

  • A. Multi-AZ feature on the RDS MySQL Database
  • B. ELB Classic Load Balancer in front of the web application tier
  • C. Amazon SQS in front of RDS MySQL Database
  • D. Amazon ElastiCache in front of the RDS MySQL Database
Answer:

D

Discussions

Question 4

A Solutions Architect is designing a multi-tier application consisting of an Application Load Balancer, an Amazon RDS
database instance, and an Auto Scaling group on Amazon EC2 instances. Each tier is in a separate subnet. There are some
EC2 instances in the subnet that belong to another application. The RDS database instance should accept traffic only from
the EC2 instances in the Auto Scaling group.
What should be done to meet these requirements?

  • A. Configure the inbound network ACLs on the database subnet to accept traffic from the IP addresses of the EC2 instances only.
  • B. Configure the inbound rules on the security group associated with the RDS database instance. Set the source to the security group associated with instances in the Auto Scaling group.
  • C. Configure the outbound rules on the security group associated with the Auto Scaling group. Set the destination to the security group associated with the RDS database instance.
  • D. Configure the inbound network ACLs on the database subnet to accept traffic only from the CIDR range of the subnet used by the Auto Scaling group.
Answer:

D

Discussions

Question 5

A company is designing a failover strategy in Amazon Route 53 for its resources between two AWS Regions. The company
must have the ability to route a users traffic to the region with least latency, and if both regions are healthy, Route 53 should
route traffic to resources in both regions.
Which strategy should the Solutions Architect recommend?

  • A. Configure active-active failover using Route 53 latency DNS records.
  • B. Configure active-passive failover using Route 53 latency DNS records.
  • C. Configure active-active failover using Route 53 failover DNS records.
  • D. Configure active-passive failover using Route 53 failover DNS records.
Answer:

A

Discussions

Question 6

A Solutions Architect is building a WordPress-based web application hosted on AWS using Amazon EC2. This application
serves as a blog for an international internet security company. The application must be geographically redundant and
scalable. It must separate the public Amazon EC2 web servers from the private Amazon RDS database, it must be highly
available, and it must support dynamic port routing.
Which combination of AWS services or capabilities will meet these requirements?

  • A. AWS Auto Scaling with a Classic Load Balancer, and AWS CloudTrail
  • B. Amazon Route 53, Auto Scaling with an Application Load Balancer, and Amazon CloudFront
  • C. A VPC, a NAT gateway and Auto Scaling with a Network Load Balancer
  • D. CloudFront, Route 53, and Auto Scaling with a Classic Load Balancer
Answer:

B

Discussions

Question 7

A company uses Amazon S3 for storing a variety of files. A Solutions Architect needs to design a feature that will allow users
to instantly restore any deleted files within 30 days of deletion.
Which is the MOST cost-efficient solution?

  • A. Create lifecycle policies that move the objects to Amazon Glacier and delete them after 30 days.
  • B. Enable cross-region replication. Empty the replica bucket every 30 days using an AWS Lambda function.
  • C. Enable versioning and create a lifecycle policy to remove expired versions after 30 days.
  • D. Enable versioning and MFA Delete. Using a Lambda function, remove MFA delete from objects more than 30 days old.
Answer:

D

Explanation:
Reference https://aws.amazon.com/premiumsupport/knowledge-center/s3-undelete-configuration/

Discussions

Question 8

A Solutions Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to
accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may
vary in quantity.
How should the Architect configure the database servers to meet the requirements?

  • A. Configure the database security group to allow database traffic from the application server IP addresses.
  • B. Configure the database security group to allow database traffic from the application server security group.
  • C. Configure the database subnet network ACL to deny all inbound non-database traffic from the application-tier subnet.
  • D. Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet.
Answer:

B

Discussions

Question 9

A Solutions Architect is designing a solution that will include a database in Amazon RDS. Corporate security policy
mandates that the database, its logs, and its backups are all encrypted.
Which is the MOST efficient option to fulfill the security policy using Amazon RDS?

  • A. Launch an Amazon RDS instance with encryption enabled. Enable encryption for logs and backups.
  • B. Launch an Amazon RDS instance. Enable encryption for database, logs and backups.
  • C. Launch an Amazon RDS instance with encryption enabled. Logs and backups are automatically encrypted.
  • D. Launch an Amazon RDS instance. Enable encryption for backups. Encrypt logs with a database-engine feature.
Answer:

C

Discussions

Question 10

An organization must process a stream of large-volume hashtag data in real time and needs to run custom SQL queries on
the data to get insights on certain tags. The organization needs this solution to be elastic and does not want to manage
clusters.
Which of the following AWS services meets these requirements?

  • A. Amazon Elasticsearch Service
  • B. Amazon Athena
  • C. Amazon Redshift
  • D. Amazon Kinesis Data Analytics
Answer:

D

Discussions
To page 2