During my preparation i encountered some questions not obvious or are confusing i will say. It is better to read the question many time.
Q1. A Solutions Architect is designing a solution for a dynamic website, “example.com,” that is deployed in two regions: Tokyo, Japan and Sydney, Australia. The Architect wants to ensure that users located in Australia are directed to the website deployed in the Sydney region and users located in Japan are redirected to the website in the Tokyo region when they browse to “example.com”.
Which service should the Architect use to achieve this goal with the LEAST administrative effort?
- Amazon CloudFront with geolocation routing
- Amazon Route 53
- Application Load Balancer
- Network Load Balancer deployed across multiple regions
Answer: B
Explanation:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-
Q2. A Solutions Architect is designing a three-tier web application that will allow customers to upload pictures from a mobile application. The application will then generate a thumbnail of the picture and return a message to the user confirming that the image was successfully uploaded. Generation of the thumbnail may take up to 5 seconds. To provide a subsecond response time to the customers uploading the images, the Solutions Architect wants to separate the web tier from the application tier Which service would allow the presentation tier to asynchronously dispatch the request to the application tier?
- AWS Step Functions
- AWS Lambda
- Amazon SNS
- Amazon SQS
Answer: D
Q3. A company has a website running on Amazon EC2. The application DNS name points to an Elastic IP address associated with the EC2 instance. In the event of an attack on the website coming from a specific IP address, the company wants a way to block the offending IP address.
Which tool or service should a Solutions Architect recommend to block the IP address?
- A. Security groups
- B. Network ACL
- C. AWS WAF
- D. AWS Shield
Answer: B
Here most people will chose C. Why not ? this is the reason You use AWS WAF to control how API Gateway, Amazon CloudFront or an Application Load Balancer responds to web requests.
https://docs.aws.amazon.com/waf/latest/developerguide/how-aws-waf-works.html
At EC2 level we cannot use WAF . Here is how we use ACL to block the IP
Blocking traffic from a single IP with AWS
- Open your VPC dashboard.
- Open the “Network ACLs” view.
- Open the ACL editor. Select the subnet to which your EC2 instances or load balancers are connected. Click “Inbound Rules” Click “Edit”
- Add a rule to block the traffic. You will now see the ACL editor. On the last row, you can add a new rule.
Q4. A Solution Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity.
How should the Architect configure the database servers to meet the requirements?
- A. Configure the database security group to allow database traffic from the application server IP addresses.
- B. Configure the database security group to allow database traffic from the application server security group.
- C. Configure the database subnet network ACL to deny all inbound non-database traffic from the application-tier subnet.
- D. Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet.
Answer: B
Q5. A Solutions Architect needs to build a resilient data warehouse using Amazon Redshift. The Architect needs to rebuild the Redshift cluster in anther region.
Which approach can the Architect take to address this requirement?
A. Modify the Redshift cluster and configure cross-region snapshots to the other region.
B. Modify the Redshift cluster to take snapshots of the Amazon EBS volumes each day, sharing those snapshots with the other region.
C. Modify the Redshift cluster and configure the backup and specify the Amazon S3 bucket in the other region.
D. Modify the Redshift cluster to use AWS Snowball in export mode with data delivered to the other region.
Answer: A
https://aws.amazon.com/blogs/aws/automated-cross-region-snapshot-copy-for-amazon-redshift/ https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html
Q6 – A Solutions Architect needs to build a resilient data warehouse using Amazon Redshift. The Architect needs to rebuild the Redshift cluster in another region. Which approach can the Architect take to address this requirement?
A. Modify the Redshift cluster and configure cross-region snapshots to the other region.
B. Modify the Redshift cluster to take snapshots of the Amazon EBS volumes each day, sharing those snapshots with the other region.
C. Modify the Redshift cluster and configure the backup and specify the Amazon S3 bucket in the other region.
D. Modify the Redshift cluster to use AWS Snowball in export mode with data delivered to the other region.
Correct Answer: B
As i was writing these questions i had to stop and go take my exam. tick tack….
I am back. I have passed my certification. WOw.
Guess what Question 6 came in the exam…
as well as Q5 and Q1. BUt i will tell you:
The best way to prepare for this exam is : even if you have 1000 questions and answer to practices, try to understand each of the answer. The why Answer is B and not A.
Here is how i did. For Q6, i will go make sure i understand redshift; So i will go back to aws website documentation and read what i can to know exactly what this service is about https://docs.aws.amazon.com/redshift/latest/mgmt/welcome.html
Then i look for cross-region snapshots in aws, google is your friend. It will bring you directly to https://aws.amazon.com/blogs/aws/automated-cross-region-snapshot-copy-for-amazon-redshift/
Conclusion : I have lean about this 2 important things. Now if you have more time go go to the console and play with it. This is the real hands on.
Good luck!