[Dec 01, 2025] New 2025 Amazon AWS-Solutions-Architect-Associate Exam Dumps with PDF from PDFDumps (Updated 1095 Questions) [Q438-Q462]

New 2025 AWS-Solutions-Architect-Associate exam questions Welcome to download the newest PDFDumps AWS-Solutions-Architect-Associate PDF dumps (1095 Q&As)

P.S. Free 2025 AWS Certified Solutions Architect AWS-Solutions-Architect-Associate dumps are available on Google Drive shared by PDFDumps

NEW QUESTION # 438
A company is migrating an application from on-premises servers to Amazon EC2 instances. As part of the migration design requirements, a solutions architect must implement infrastructure metric alarms. The company does not need to take action if CPU utilization increases to more than 50% for a short burst of time.
However, if the CPU utilization increases to more than 50% and read IOPS on the disk are high at the same time, the company needs to act as soon as possible. The solutions architect also must reduce false alarms.
What should the solutions architect do to meet these requirements?

• A. Create Amazon CloudWatch composite alarms where possible.
• B. Create Amazon CloudWatch Synthetics canaries to monitor the application and raise an alarm.
• C. Create single Amazon CloudWatch metric alarms with multiple metric thresholds where possible.
• D. Create Amazon CloudWatch dashboards to visualize the metrics and react to issues quickly.

Answer: A

Explanation:
Explanation
Composite alarms determine their states by monitoring the states of other alarms. You can **use composite alarms to reduce alarm noise**. For example, you can create a composite alarm where the underlying metric alarms go into ALARM when they meet specific conditions. You then can set up your composite alarm to go into ALARM and send you notifications when the underlying metric alarms go into ALARM by configuring the underlying metric alarms never to take actions. Currently, composite alarms can take the following actions:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Create_Composite_Alarm.html

NEW QUESTION # 439
A solutions architect is designing a solution to access a catalog of images and provide users with the ability to submit requests to customize images Image customization parameters wilt be in every request that is sent to an Amazon API Gateway API. The solution will generate tie customized images on demand. Users will receive a link that they can use to view or download their customized images. The solution must be highly available for viewing and customizing images What should the solutions architect do to meet these requirements MOST cost effectively?

• A. Use AWS Lambda to manipulate the original images into the requested customizations Store the original images in Amazon S3 Store the manipulated images in Amazon DynamoDB. Provision an Application Load Balancer and Amazon EC2 instances to serve the content.
• B. Use AWS Lambda to manipulate the original images into the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.
• C. Use Amazon EC2 instances to manipulate the original images into the requested customizations Store the original and manipulated images in Amazon S3. Configure an Elastic Load Balancer in front. of the EC2 Instances.
• D. Use Amazon EC2 instances to manipulate the original Images Into the requested customizations. Store the original images in Amazon S3. Store the manipulated Images m Amazon DynamoDB Configure an Amazon CloudFront distribution with the S3 bucket as the origin

Answer: B

NEW QUESTION # 440
Which Amazon service can I use to define a virtual network that closely resembles a traditional data center?

• A. Amazon EMR
• B. Amazon RDS
• C. Amazon Service Bus
• D. Amazon VPC

Answer: D

NEW QUESTION # 441
A company collects a steady stream of 10 million data records from 100,000 sources each day. These records are written to an Amazon RDS MySQL DB. A query must produce the daily average of a data source over the past 30 days. There are twice as many reads as writes. Queries to the collected data are for one source ID at a time.
How can the Solutions Architect improve the reliability and cost effectiveness of this solution?

• A. Ingest data into Amazon Kinesis using a retention period of 30 days. Use AWS Lambda to write data records to Amazon ElastiCache for read access.
• B. Use Amazon DynamoDB with the source ID as the partition key. Use a different table each day.
• C. Use Amazon Aurora with MySQL in a Multi-AZ mode. Use four additional read replicas.
• D. Use Amazon DynamoDB with the source ID as the partition key and the timestamp as the sort key. Use a Time to Live (TTL) to delete data after 30 days.

Answer: C

NEW QUESTION # 442
You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks. Which of the below are viable mitigation techniques? (Choose 3 answers)

• A. Use an Elastic Load Balancer with auto scaling groups at the web. App and Amazon Relational Database Service (RDS) tiers
• B. Create processes and capabilities to quickly add and remove rules to the instance OS firewall.
• C. Add multiple elastic network interfaces (ENIs) to each EC2 instance to increase the network bandwidth.
• D. Use dedicated instances to ensure that each instance has the maximum performance possible.
• E. Use an Amazon CloudFront distribution for both static and dynamic content.
• F. Add alert Amazon CloudWatch to look for high Network in and CPU utilization.

Answer: B,E,F

NEW QUESTION # 443
A company's website hosted on Amazon EC2 instances processes classified data stored in Amazon S3 Due to security concerns, the company requires a private and secure connection between its EC2 resources and Amazon S3 Which solution meets these requirements?

• A. Set up an access key ID and a secret access key to access the S3 bucket
• B. Set up a NAT gateway to access resources outside the private subnet.
• C. Set up S3 bucket policies to allow access from a VPC endpoint.
• D. Set up an IAM policy to grant read-write access to the S3 bucket.

Answer: C

NEW QUESTION # 444
A solutions architect is designing a new API using Amazon API Gateway that will receive requests from users.
The volume of requests is highly variable; several hours can pass without receiving a single request. The data processing will take place asynchronously, but should be completed within a few seconds after a request is made.
Which compute service should the solutions architect have the API invoke to deliver the requirements at the lowest cost?

• A. An AWS Lambda function
• B. A containerized service hosted in Amazon Elastic Kubernetes Service (Amazon EKS)
• C. A containerized service hosted in Amazon ECS with Amazon EC2
• D. An AWS Glue job

Answer: A

NEW QUESTION # 445
You have recently joined a startup company building sensors to measure street noise and air quality in urban areas.
The company has been running a pilot deployment of around 100 sensors for 3 months Each sensor uploads 1KB of sensor data every minute to a backend hosted on AWS.
During the pilot, you measured a peak or 10 IOPS on the database, and you stored an average of 3GB of sensor data per month in the database
The current deployment consists of a load-balanced auto scaled Ingestion layer using EC2 instances and a PostgreSQL RDS database with 500GB standard storage.
The pilot is considered a success and your CEO has managed to get the attention or some potential investors
The business plan requires a deployment of at least 1O0K sensors which needs to be supported by the backend
You also need to store sensor data for at least two years to be able to compare year over year Improvements.
To secure funding, you have to make sure that the platform meets these requirements and leaves room for further scaling
Which setup win meet the requirements?

• A. Keep the current architecture but upgrade RDS storage to 3TB and 10K provisioned IOPS
• B. Replace the RDS instance with a 6 node Redshift cluster with 96TB of storage
• C. Add an SOS queue to the ingestion layer to buffer writes to the RDS instance
• D. Ingest data into a DynamoDB table and move old data to a Redshift cluster

Answer: B

NEW QUESTION # 446
Fill in the blanks: _________ let you categorize your EC2 resources in different ways, for example, by purpose, owner, or environment.

• A. special filters
• B. pointers
• C. Tags
• D. wildcards

Answer: C

NEW QUESTION # 447
A company sends AWS CloudTrail logs from multiple AWS accounts to an Amazon S3 bucket in a centralized account. The company must keep the CloudTrail logs. The company must also be able to query the CloudTrail logs at any time Which solution will meet these requirements?

• A. Configure an Amazon Neptune instance to manage the CloudTrail logs. Query the CloudTraiI logs from Neptune.
• B. Configure CloudTrail to send the logs to an Amazon DynamoDB table. Create a dashboard in Amazon QulCkSight to query the logs in the table.
• C. Use the CloudTraiI event history in the centralized account to create an Amazon Athena table. Query the CloudTrail logs from Athena.
• D. use Amazon Athena to create an Athena notebook. Configure CloudTrail to send the logs to the notebook. Run queries from Athena.

Answer: C

Explanation:
it allows the company to keep the CloudTrail logs and query them at any time. By using the CloudTrail event history in the centralized account, the company can view, filter, and download recent API activity across multiple AWS accounts. By creating an Amazon Athena table from the CloudTrail event history, the company can use a serverless interactive query service that makes it easy to analyze data in S3 using standard SQL. By querying the CloudTrail logs from Athena, the company can gain insights into user activity and resource changes. References:
Viewing Events with CloudTrail Event History
Querying AWS CloudTrail Logs
Amazon Athena

NEW QUESTION # 448
A company's near-real-time streaming application is running on AWS. As the data is ingested, a Job runs on the data and takes 30 minutes to complete. The workload frequently experiences high latency due to large amounts of incoming data. A solutions architect needs to design a scalable and serverless solution to enhance performance.
Which combination of steps should the solutions architect take? (Select TWO.)

• A. Use Amazon Kinesis Data Firehose to Ingest the data.
• B. Use AWS Lambda with AWS Step Functions to process the data.
• C. Use Amazon EC2 instances in an Auto Seating group to process the data.
• D. Use AWS Database Migration Service (AWS DMS) to ingest the data
• E. Use AWS Fargate with Amazon Elastic Container Service (Amazon ECS) to process the data.

Answer: A

Explanation:
Understanding the Requirement: The company needs to design a scalable and serverless solution for a near- real-time streaming application that experiences high latency due to large amounts of incoming data. The job processing takes about 30 minutes.
Analysis of Options:
Amazon Kinesis Data Firehose: Provides a fully managed service for real-time data streaming and ingestion, allowing for seamless data delivery to destinations such as Amazon S3, Redshift, and Elasticsearch.
AWS Lambda with AWS Step Functions: While suitable for orchestration and lightweight processing, Lambda might not handle long-running jobs (max 15 minutes execution limit) efficiently.
AWS DMS: Primarily used for database migration, not for real-time data ingestion in this context.
Amazon EC2 in Auto Scaling Group: Provides scalability but involves managing servers, which is not serverless and adds operational overhead.
AWS Fargate with ECS: Offers a serverless compute engine for containers, allowing easy scaling and management without managing the underlying infrastructure.
Best Solution:
Amazon Kinesis Data Firehose: For ingesting the streaming data efficiently.
AWS Fargate with ECS: For processing the data in a scalable and serverless manner.
References:
Amazon Kinesis Data Firehose
AWS Fargate

NEW QUESTION # 449
A company stores millions of objects in Amazon S3. The data is in JSON format and Apache Parquet format.
The data is partitioned and new objects are added daily. A solutions architect needs to create a solution so that employees can use SQL to perform one-time queries against all the data. The solution must avoid code changes and must minimize operational overhead.
Which solution will meet these requirements?

• A. Create an Amazon Redshift cluster Schedule an AWS Lambda function to perform the COPY command on the Redshift cluster to load the S3 data Perform queries on the Redshift cluster.
• B. Use S3 Select to perform queries against all the S3 objects
• C. Create an AWS Glue table and an AWS Glue crawler Schedule the crawler to run daily Perform queries with Amazon Athena
• D. Create an Amazon EMR cluster Set up EMR File System (EMRFS) to access the S3 bucket Perform queries with Apache Spark

Answer: A

NEW QUESTION # 450
You are using an m1.small EC2 instance with one 300GB EBS volume to host a relational database. You determined that write throughput to the database needs to be increased.
Which of the following approaches can help achieve this? Choose 2 answers

• A. Increase the size of the EC2 instance
• B. Use an array of EBS volumes
• C. Put the database behind an Elastic Load Balancer
• D. Enable multi-AZ mode
• E. Place the instance in an Auto Scaling Group
• F. Add an EBS volume and place into RAID 5

Answer: A,B

NEW QUESTION # 451
What are the initial settings of an user created security group?

• A. Allow all inbound traffic and Allow all outbound traffic
• B. Allow no inbound traffic and Allow no outbound traffic
• C. Allow all inbound traffic and Allow no outbound traffic
• D. Allow no inbound traffic and Allow all outbound traffic

Answer: D

NEW QUESTION # 452
A solution architect is designing a hybrid application using the AWS cloud. The network between the on-premises data center and AWS will use an AWS Direct Connect (DX) connection. The application connectivity between AWS and the on-premises data center must be highly resilient.
Which DX configuration should be implemented to meet these requirements?

• A. Configure a DX connection with a VPN on top of it.
• B. Configure a DX connection using the most reliable DX partner.
• C. Configure DX connections at multiple DX locations.
• D. Configure multiple virtual interfaces on top of a DX connection.

Answer: C

NEW QUESTION # 453
A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.
• B. Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.
• C. Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.
• D. Attach the appropriate 1AM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.

Answer: D

Explanation:
Explanation
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-launch-managed-instance.html

NEW QUESTION # 454
A manufacturing company runs its report generation application on AWS. The application generates each report in about 20 minutes. The application is built as a monolith that runs on a single Amazon EC2 instance.
The application requires frequent updates to its tightly coupled modules. The application becomes complex to maintain as the company adds new features.
Each time the company patches a software module, the application experiences downtime. Report generation must restart from the beginning after any interruptions. The company wants to redesign the application so that the application can be flexible, scalable, and gradually improved. The company wants to minimize application downtime.
Which solution will meet these requirements?

• A. Run the application on Amazon EC2 Spot Instances as microservices with a Spot Fleet default allocation strategy.
• B. Run the application on AWS Elastic Beanstalk as a single application environment with an all-at-once deployment strategy.
• C. Run the application on AWS Lambda as a single function with maximum provisioned concurrency.
• D. Run the application on Amazon Elastic Container Service (Amazon ECS) as microservices with service auto scaling.

Answer: D

Explanation:
The solution that will meet the requirements is to run the application on Amazon Elastic Container Service (Amazon ECS) as microservices with service auto scaling. This solution will allow the application to be flexible, scalable, and gradually improved, as well as minimize application downtime. By breaking down the monolithic application into microservices, the company can decouple the modules and update them independently, without affecting the whole application. By running the microservices on Amazon ECS, the company can leverage the benefits of containerization, such as portability, efficiency, and isolation. By enabling service auto scaling, the company can adjust the number of containers running for each microservice based on demand, ensuring optimal performance and cost. Amazon ECS also supports various deployment strategies, such as rolling update or blue/green deployment, that can reduce or eliminate downtime during updates.
The other solutions are not as effective as the first one because they either do not meet the requirements or introduce new challenges. Running the application on AWS Lambda as a single function with maximum provisioned concurrency will not meet the requirements, as it will not break down the monolith into microservices, nor will it reduce the complexity of maintenance. Lambda functions are also limited by execution time (15 minutes), memory size (10 GB), and concurrency quotas, which may not be sufficient for the report generation application. Running the application on Amazon EC2 Spot Instances as microservices with a Spot Fleet default allocation strategy will not meet the requirements, as it will introduce the risk of interruptions due to spot price fluctuations. Spot Instances are not guaranteed to be available or stable, and may be reclaimed by AWS at any time with a two-minute warning. This may cause report generation to fail or restart from scratch. Running the application on AWS Elastic Beanstalk as a single application environment with an all-at-once deployment strategy will not meet the requirements, as it will not break down the monolith into microservices, nor will it minimize application downtime. The all-at-once deployment strategy will deploy updates to all instances simultaneously, causing a brief outage for the application.
References:
Amazon Elastic Container Service
Microservices on AWS
Service Auto Scaling - Amazon Elastic Container Service
AWS Lambda
Amazon EC2 Spot Instances
[AWS Elastic Beanstalk]

NEW QUESTION # 455
A company has a mobile chat application with a data store based in Amazon DynamoDB. Users would like new messages to be read with as little latency as possible. A solutions architect needs to design an optimal solution that requires minimal application changes.
Which method should the solutions architect select?

• A. Configure Amazon DynamoDB Accelerator (DAX) for the new messages table. Update the code to use the DAX endpoint.
• B. Double the number of read capacity units for the new messages table in DynamoDB. Continue to use the existing DynamoDB endpoint.
• C. Add an Amazon ElastiCache for Redis cache to the application stack. Update the application to point to the Redis cache endpoint instead of DynamoDB.
• D. Add DynamoDB read replicas to handle the increased read load. Update the application to point to the read endpoint for the read replicas.

Answer: A

Explanation:
Explanation/Reference: https://aws.amazon.com/blogs/aws/amazon-dynamodb-accelerator-dax-in-memory-caching-for- read-intensive-workloads/

NEW QUESTION # 456
A company website hosted on Amazon EC2 instances processes classified data stored in The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.
Which solution will meet this requirement?

• A. Create an 1AM role that specifies EBS encryption Attach the role to the EC2 instances
• B. Create an EC2 instance tag that has a key of Encrypt and a value of True Tag all instances that require encryption at the EBS level
• C. Create the EBS volumes as encrypted volumes Attach the EBS volumes to the EC2 instances
• D. Create an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account Ensure that the key policy is active

Answer: C

Explanation:
The simplest and most effective way to ensure that all data that is written to the EBS volumes is encrypted at rest is to create the EBS volumes as encrypted volumes. You can do this by selecting the encryption option when you create a new EBS volume, or by copying an existing unencrypted volume to a new encrypted volume. You can also specify the AWS KMS key that you want to use for encryption, or use the default AWS-managed key. When you attach the encrypted EBS volumes to the EC2 instances, the data will be automatically encrypted and decrypted by the EC2 host. This solution does not require any additional IAM roles, tags, or policies.
References:
Amazon EBS encryption
Creating an encrypted EBS volume
Encrypting an unencrypted EBS volume

NEW QUESTION # 457
You are implementing a URL whitelisting system for a company that wants to restrict outbound HTTP'S connections to specific domains from their EC2-hosted applications. You deploy a single EC2 instance running proxy software and configure It to accept traffic from all subnets and EC2 instances in the VPC. You configure the proxy to only pass through traffic to domains that you define in its whitelist configuration. You have a nightly maintenance window or 10 minutes where all instances fetch new software updates. Each update Is about
200MB In size and there are 500 instances In the VPC that routinely fetch updates. After a few days you notice that some machines are failing to successfully download some, but not all of their updates within the maintenance window. The download URLs used for these updates are correctly listed in the proxy's whitelist configuration and you are able to access them manually using a web browser on the instances.
What might be happening? (Choose 2)

• A. You are running the proxy on an undersized EC2 instance type so network throughput is not sufficient for all instances to download their updates in time.
• B. You have not allocated enough storage to the EC2 instance running the proxy so the network buffer is filling up, causing some requests to fail.
• C. You are running the proxy on a sufficiently-sized EC2 instance in a private subnet and its network throughput is being throttled by a NAT running on an undersized EC2 instance.
• D. The route table for the subnets containing the affected EC2 instances is not configured to direct network traffic for the software update locations to the proxy.
• E. You are running the proxy in a public subnet but have not allocated enough EIPs to support the needed network throughput through the Internet Gateway (IGW).

Answer: A,C

NEW QUESTION # 458
Can the string value of 'Key' be prefixed with laws?

• A. Only for S3 not EC
• B. Only for EC2 not S3
• C. Yes
• D. No

Answer: D

NEW QUESTION # 459
A company requires a durable backup storage solution for its on-premises database servers while ensuring on-premises applications maintain access to these backups for quick recovery. The company will use AWS storage services as the destination for these backups A solutions architect is designing a solution with minimal operational overhead Which solution should the solutions architect implement?

• A. Back up the databases to an AWS Storage Gateway volume gateway and access it using the Amazon S3 API.
• B. Transfer the database backup files to an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 instance.
• C. Back up the database directly to an AWS Snowball device and uss lifecycle rules to move the data to Amazon S3 Glacier Deep Archive.
• D. Deploy an AWS Storage Gateway file gateway on-premises and associate it with an Amazon S3 bucket

Answer: D

NEW QUESTION # 460
An AWS workload in a VPC is running a legacy database on an Amazon EC2 instance. Data is stored on a 200GB Amazon EBS (gp2) volume. At peak load times, logs show excessive wait time.
What solution should be implemented to improve database performance using persistent storage?

• A. Change the EC2 instance type to one with burstable performance.
• B. Change the EC2 instance type to one with EC2 instance store volumes.
• C. Migrate the data on the EBS volume to provisioned IOPS SSD (io1).
• D. Migrate the data on the Amazon EBS volume to an SSD-backed volume.

Answer: C

Explanation:
Burstable performance instances can burst CPU to a higher level. But the question asks for a solution to improve database performance using persistent storage.

NEW QUESTION # 461
A company runs multiple Amazon EC2 Linux instances in a VPC with applications that use a hierarchical directory structure. The applications need to rapidly and concurrently read and write to shared storage.
How can this be achieved?

• A. Create an Amazon EFS file system and mount it from each EC2 instance.
• B. Create an Amazon S3 bucket and permit access from all the EC2 instances in the VPC.
• C. Create a file system on an Amazon EBS Provisioned IOPS SSD (io1) volume. Attach the volume to all the EC2 instances.
• D. Create file systems on Amazon EBS volumes attached to each EC2 instance. Synchronize the Amazon EBS volumes across the different EC2 instances.

Answer: A

NEW QUESTION # 462
......

AWS-Solutions-Architect-Associate exam questions from PDFDumps dumps: https://actualtorrent.pdfdumps.com/AWS-Solutions-Architect-Associate-valid-exam.html (1095 Q&As)