Aws Certified Solutions Architect Professional Questions
10 community-sourced questions and answers. Free — no login.
AWS Certified Solutions Architect - Professional Certification Exam
The AWS Certified Solutions Architect - Professional exam is intended for individuals who perform a solutions architect role with two or more years of hands-on experience managing and operating systems on AWS. We recommend that individuals have two or more years of hands-on experience designing and deploying cloud architecture on AWS before taking this exam.
Abilities Validated by the Certification
Design and deploy dynamically scalable, highly available, fault-tolerant, and reliable applications on AWSSelect appropriate AWS services to design and deploy an application based on given requirementsMigrate complex, multi-tier applications on AWSDesign and deploy enterprise-wide scalable operations on AWSImplement cost-control strategies
Exam Details
Format: Multiple choice, multiple answerType: ProfessionalDelivery Method: Testing center or online proctored examTime: 180 minutes to complete the examCost: 300 USD (Practice Exam: 40 USD)Language: Available in English, Japanese, Korean, and Simplified Chinese
AWS Certified Solutions Architect - Professional Exam Content
Domain 1: Design for Organizational Complexity 12.5% Domain 2: Design for New Solutions 31% Domain 3: Migration Planning 15% Domain 4: Cost Control 12.5% Domain 5: Continuous Improvement for Existing Solutions 29%
Your company policies require encryption of sensitive data at rest. You are considering the possible options for protecting data while storing it at rest on an EBS data volume, attached to an EC2 instance.Which of these options would allow you to encrypt your data at rest? (Choose 3)A. Implement third party volume encryption toolsB. Implement SSL/TLS for all services running on the serverC. Encrypt data inside your applications before storing it on EBSD. Encrypt data using native data encryption drivers at the file system levelE. Do nothing as EBS volumes are encrypted by default
Answer: ACD
A customer is deploying an SSL enabled web application to AWS and would like to implement a separation of roles between the EC2 service administrators that are entitled to login to instances as well as making API calls and the security officers who will maintain and have exclusive access to the application's X.509 certificate that contains the private key.A. Upload the certificate on an S3 bucket owned by the security officers and accessible only by EC2 Role of the web servers.B. Configure the web servers to retrieve the certificate upon boot from an CloudHSM is managed by the security officers.C. Configure system permissions on the web servers to restrict access to the certificate only to the authority security officersD. Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.
Answer: D
You have recently joined a startup company building sensors to measure street noise and air quality in urban areas. The company has been running a pilot deployment of around 100 sensors for 3 months each sensor uploads 1KB of sensor data every minute to a backend hosted on AWS. During the pilot, you measured a peak or 10 IOPS on the database, and you stored an average of 3GB of sensor data per month in the database. The current deployment consists of a load-balanced auto scaled Ingestion layer using EC2 instances and a PostgreSQL RDS database with 500GB standard storage. The pilot is considered a success and your CEO has managed to get the attention or some potential investors. The business plan requires a deployment of at least 100K sensors which needs to be supported by the backend. You also need to store sensor data for at least two years to be able to compare year over year Improvements. To secure funding, you have to make sure that the platform meets these requirements and leaves room for further scaling.Which setup win meet the requirements?A. Add an SQS queue to the ingestion layer to buffer writes to the RDS instanceB. Ingest data into a DynamoDB table and move old data to a Redshift clusterC. Replace the RDS instance with a 6 node Redshift cluster with 96TB of storageD. Keep the current architecture but upgrade RDS storage to 3TB and 10K provisioned IOPS
Answer: C
A web company is looking to implement an intrusion detection and prevention system into their deployed VPC. This platform should have the ability to scale to thousands of instances running inside of the VPC.How should they architect their solution to achieve these goals?A. Configure an instance with monitoring software and the elastic network interface (ENI) set to promiscuous mode packet sniffing to see an traffic across the VPC.B. Create a second VPC and route all traffic from the primary application VPC through the second VPC where the scalable virtualized IDS/IPS platform resides.C. Configure servers running in the VPC using the host-based 'route' commands to send all traffic through the platform to a scalable virtualized IDS/IPS.D. Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform for inspection.
Answer: D
A company is storing data on Amazon Simple Storage Service (S3). The company's security policy mandates that data is encrypted at rest.Which of the following methods can achieve this? (Choose 3)A. Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.B. Use Amazon S3 server-side encryption with customer-provided keys.C. Use Amazon S3 server-side encryption with EC2 key pair.D. Use Amazon S3 bucket policies to restrict access to the data at rest.E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.F. Use SSL to encrypt the data while in transit to Amazon S3.
Answer: ABE
Download AWS Certified Solutions Architect - Professional exam questions
https://www.passquestion.com/aws-certified-solutions-architect-professional.html
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials