Hello friends if you are looking for AWS Foundation School Exam | AWS Foundation School Accenture Practice Test | AWS Foundation School Multiple Choice Questions with answers the you are at correct blog. Here I will share you the Required Info Regarding to that Exam
1.A company hosts a static website within an Amazon S3 bucket. A solutions architect needs to ensure that data can be recovered in case of accidental deletion. Which action will accomplish this?
A. Enable Amazon S3 versioning.
B. Enable Amazon S3 cross-Region replication.
C. Enable an Amazon S3 lifecycle policy.
D. Enable Amazon S3 Intelligent-Tiering.
2. A company has on-premises servers running a relational database. The current database serves high read traffic for users in different locations. The company wants to migrate to AWS with the least amount of effort. The database solution should support disaster recovery and not affect the company2€™s current traffic flow.Which solution meets these requirements?
A. Use a database in Amazon RDS with Multi-AZ and at least one read replica.
B.Use hosted on multiple Amazon EC2 instances in different AWS Regions.
C. Use databases hosted on Amazon EC2 instances behind an Application Load Balancer in different Availability Zones
D. Use a database in Amazon RDS with Multi-AZ and at least one standby replica.
3.An IT automation architecture uses many AWS Lambda functions invoking one another as a large state machine. The coordination of this state machine is legacy custom code that breaks casily.Which AWS Service can help refactor and manage the state machine?
A. AWS CloudFormation
B. AWS Step Functions
C. AWS CodeBuild
D. AWS CodePipeline
4.An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?
A.Use a VPC endpoint for DynamoDB.
B. Use the internet gateway attached to the VPC.
C .Use a NAT instance in a private subnet.
D.Use a NAT gateway in a public subnet.
5. A company runs a multi-tier web application that hosts news content. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones and use an Amazon Aurora database. A solutions architect needs to make the application more resilient to periodic increases in request rates. Which architecture should the solutions architect implement? (Choose two.)
A. Add an Amazon CloudFront distribution in front of the Application Load Balancer.
B.Add AWS Global Accelerator.
C.Add AWS Direct Connect.
D.Add Aurora Replica.
E. Add AWS Shield.
Ans: a d
6. A company’s production application runs online transaction processing (OLTP) transactions on an Amazon RDS MySQL DB instance. The company is launching a new reporting tool that will access the same data. The reporting tool must be highly available and not impact the performance of the production application How can this be achieved?
A. Create hourly snapshots of the production RDS DB Instance.
B. Create a Multi-AZ RDS Read Replica of the production RDS DB instance.
C.Create a second Single-AZ RDS Read Replica from the replica. Read Replicas of
7. A company has an Amazon EC2 instance running on a private subnet that needs to access a public website to download patches and updates. The company does not want external websites to see the EC2 instance IP address or initiate connections to it. How can a solutions architect achieve this objective?
A.Create a site-to-site VPN connection between the private subnet and the network in which the public site is deployed.
B. Create a security group that only allows connections from the IP address range of the public website Attach the security group to the EC2 instance
C.Create a network ACL for the private subnet where the EC2 instance access from the IP address range of the public website. ployed only allows
D. Create a NAT gateway in a public subnet. Route outbound traffic from the private subnet through the NAT gateway.
8. A company is planning to use Amazon S3 to store images uploaded by its users. The images must be encrypted at rest in Amazon S3. The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys. What should a solutions architect use to to accomplish this?
A. Server-Side Encryption with keys stored in an S3 bucket
B. Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
C. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
D. Server-Side Encryption with Customer-Provided Keys (SSE-C)
9. A healthcare company stores highly sensitive patient records. Compliance requires that multiple copies be stored in different locations. Each record must be stored for 7 years. The company has a service level agreement (SLA) to provide records to government agencies immediately for the first 30 days and then within 4 hours of a request thereafter. What should a solutions architect recommend?
A. Use Amazon S3 with cross-Region replication enabled. After 30 days, transition the data to Amazon S3 Glacier using lifecycle policy.
B.Use Amazon S3 with cross-origin resource sharing (CORS) enabled. After 30 days. transition the data to Amazon S3 Glacier Deep Archive using a life
C.Use Amazon S3 with cross-origin resource sharing (CORS) enabled. After 30 days, transition the data to Amazon S3 Glacier using a lifecycle policy.
D. Use Amazon S3 with cross-Region replication enabled. After 30 days, Amazon S3 Glacier Deep Achieve using a lifecycle policy. Transition the data to
10. A company serves content to its subscribers across the world using an application running on AWS. The application has several Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB). Due to a recent change in copyright restrictions, the chief information officer (CIO) wants to block access for certain countries. Which action will meet these requirements?
A. Modify the ALB security group to deny incoming traffic from blocked countries.
B. Modify the security group for EC2 instances to deny incoming traffic from blocked countries.
C.Use Amazon CloudFront to serve the application and deny access to blocked countries.
D.Use ALB listener rules to return access denied responses to incoming traffic from blocked
11.A company has an application that calls AWS Lambda functions. A recent code review found database credentials stored in the source code. The database credentials need to be removed from the Lambda source code. The credentials must then be securely stored and rotated on an ongoing basis to meet security policy requirements.What should a solutions architect recommend to meet these requirements?
A. Store the password in AWS CloudHSM. Associate the Lambda function with a role that can retrieve the password from CloudHSM given its key ID.
B. Store the password in AWS Key Management Service (AWS KMS). Associate the Lambda function with a role that can retrieve the password from AWS KMS given its key ID.
C. Move the database password to an environment variable associated with the Lambda function. Retrieve the password from the environment variable upon execution.
D. Store the password in AWS Secrets Manager. Associate the Lambda function with a role that can retrieve the password from Secrets Manager given its secret ID.
12. A company currently operates a web application backed by an Amazon RDS MySQL database. It has automated backups that are run daily and are not encrypted. A security audit requires future backups to be encrypted and the unencrypted backups to be destroyed. The company will make at least one encrypted backup before destroying the old backups. What should be done to enable encryption for future backups?
A. Enable default encryption for the Amazon S3 bucket where backups are stored.
B. Create a snapshot of the database. Copy it to an encrypted snapshot. Restore the database from the encrypted snapshot.
C.Enable an encrypted read replica on RDS for MySQL Promote the encrypted read replica to primary. Remove the original database instance.
D.Modify the backup section of the database configuration to toggle the Enable encryption check box jag
13. A mobile app uploads usage information to a database. Amazon Cognito is being used for authentication, authorization and user management and users sign-in with Facebook IDs. In order to securely store data in DynamoDB, the design should use temporary AWS credentials. What feature of Amazon Cognito is used to obtain temporary credentials to access AWS services?
A. Key pairs
B. SAML identity Providers
C. Identity pools
D. User pools
14. A Solutions Architect must design a storage solution for incoming billing reports in CSV format. The data will be analyzed infrequently and discarded after 30 days. Which combination of services will be MOST cost-effective in meeting these requirements?
A. Import the logs to an Amazon Redshift cluster
B. Use AWS Data Pipeline to import the logs into a DynamoDB table
C.write the files to an S3 bucket and use Amazon Athena to query the data
d. Import the logs into an RDS MySql instance
15. A Solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned Load on this platform will be constant, using a number of 14.8xlarge instances. Key drivers for this system include high availability, but elasticity is not required.What is the MOST cost-effective way to purchase compute for this platform?
A. Scheduled Reserved instances
B. Convertible Reserved Instances
C. Standard Reserved Instances
D. Spot Instances
16. A company hosts a static website on-premises and wants to migrate the website to AWS. The website should load as quickly as possible for users around the world. The company also wants the most cost-effective solution. What should a solutions architect do to complish this?
A. Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Replicate the S3 bucket to multiple AWS Regions.
B. Copy the website content to multiple Amazon EBS-backed Amazon EC2 instances running Apache bitte Server in mullible Awer Regions. Configure Amazog CloudFront geolocation routing policies to select the closest origin.
C. Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Configure Amazon CloudFront with the S3 bucket as the origin.
D. Copy the website content to an Amazon EBS-backed Amazon EC2 instance running Apache HTTP Server Configure Amazon Route 53 geolocation routing policies to select the closest ongin