Ultimate AWS Certified Solutions Architect Exam Mastery Guide: Complete Study Plan for Every Topic 2025/2026 *Q&A*
5 views 0 purchase
Course
AWS
Institution
AWS
Ultimate AWS Certified Solutions Architect
Exam Mastery Guide: Complete Study Plan
for Every Topic 2025/2026 *Q&A*
A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in
a VPC do not traverse the internet. What should the solutions architect do ...
Ultimate AWS Certified Solutions Architect
Exam Mastery Guide: Complete Study Plan
for Every Topic 2025/2026 *Q&A*
A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in
a VPC do not traverse the internet. What should the solutions architect do to accomplish this? (Choose
two.)
A. Create a route table entry for the endpoint.
B. Create a gateway endpoint for DynamoDB.
C. Create a new DynamoDB table that uses the endpoint.
D. Create an ENI for the endpoint in each of the subnets of the VPC.
E. Create a security group entry in the default security group to provide access. A. Create a route
table entry for the endpoint.
B. Create a gateway endpoint for DynamoDB.
A company’s legacy application is currently relying on a single-instance Amazon RDS MySQL database
without encryption. Due to new compliance requirements, all existing and new data in this database
must be encrypted. How should this be accomplished?
A. Create an Amazon S3 bucket with server-side encryption enabled. Move all the data to Amazon S3.
Delete the RDS instance.
B. Enable RDS Multi-AZ mode with encryption at rest enabled. Perform a failover to the standby instance
to delete the original instance.
C. Take a Snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS
instance from the encrypted snapshot.
D. Create an RDS read replica with encryption at rest enabled. Promote the read replica to master and
switch the over to the new master. Delete the old RDS instance. C. Take a Snapshot of the RDS
instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted
snapshot.
A manufacturing company wants to implement predictive maintenance on its machinery equipment. The
company will install thousands of IoT sensors that will send data to AWS in real time. A solutions
architect is tasked with implementing a solution that will receive events in an ordered manner for each
1
,machinery asset and ensure that data is saved for further processing at a later time. Which solution
would be MOST efficient?
A. Use Amazon Kinesis Data Streams for real-time events with a partition for each equipment asset. Use
Amazon Kinesis Data Firehose to save data to Amazon S3.
B. Use Amazon Kinesis Data Streams for real-time events with a shard for each equipment asset. Use
Amazon Kinesis Data Firehose to save data to Amazon EBS.
C. Use an Amazon SQS FIFO queue for real-time events with one queue for each equipment asset.
Trigger an AWS Lambda function for the SQS queue to save data to Amazon EFS.
D. Use an Amazon SQS standard queue for real-time events with one queue for each equipment asset.
Trigger an AWS Lambda function for the SQS queue to save data to Amazon S3. A. Use Amazon
Kinesis Data Streams for real-time events with a partition for each equipment asset. Use Amazon Kinesis
Data Firehose to save data to Amazon S3.
A company’s website runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The
website has a mix of dynamic and static content. Users around the globe are reporting that the website
is slow. Which set of actions will improve website performance for users worldwide?
A. Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the
Amazon Route 53 record to point to the CloudFront distribution.
B. Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with
larger instance sizes and register the instances with the ALB.
C. Launch new EC2 instances hosting the same web application in different Regions closer to the users.
Then register instances with the same ALB using cross-Region VPC peering.
D. Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and
EC2 instances. Then update an Amazon Route 53 record to point to the S3 bucket. A. Create an
Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53
record to point to the CloudFront distribution.
A company has been storing analytics data in an Amazon RDS instance for the past few years. The
company asked a solutions architect to find a solution that allows users to access this data using an API.
The expectation is that the application will experience periods of inactivity but could receive bursts of
traffic within seconds. Which solution should the solutions architect suggest?
A. Set up an Amazon API Gateway and use Amazon ECS.
B. Set up an Amazon API Gateway and use AWS Elastic Beanstalk.
C. Set up an Amazon API Gateway and use AWS Lambda functions.
2
,D. Set up an Amazon API Gateway and use Amazon EC2 with Auto Scaling. C. Set up an Amazon
API Gateway and use AWS Lambda functions.
A company must generate sales reports at the beginning of every month. The reporting process launches
20 Amazon EC2 instances on the first of the month. The process runs for 7 days and cannot be
interrupted. The company wants to minimize costs. Which pricing model should the company choose?
A. Reserved Instances
B. Spot Block Instances
C. On-Demand Instances
D. Scheduled Reserved Instances D. Scheduled Reserved Instances
A gaming company has multiple Amazon EC2 instances in a single Availability Zone for its multiplayer
game that communicates with users on Layer 4. The chief technology officer (CTO) wants to make the
architecture highly available and cost-effective. What should a solutions architect do to meet these
requirements? (Choose two.)
A. Increase the number of EC2 instances.
B. Decrease the number of EC2 instances.
C. Configure a Network Load Balancer in front of the EC2 instances.
D. Configure an Application Load Balancer in front of the EC2 instances.
E. Configure an Auto Scaling group to add or remove instances in multiple Availability Zones
automatically. C. Configure a Network Load Balancer in front of the EC2 instances.
E. Configure an Auto Scaling group to add or remove instances in multiple Availability Zones
automatically.
A company currently operates a web application backed by an Amazon RDS MySQL database. It has
automated backups that are run daily and are not encrypted. A security audit requires future backups to
be encrypted and the unencrypted backups to be destroyed. The company will make at least one
encrypted backup before destroying the old backups. What should be done to enable encryption for
future backups?
A. Enable default encryption for the Amazon S3 bucket where backups are stored.
B. Modify the backup section of the database configuration to toggle the Enable encryption check box.
C. Create a snapshot of the database. Copy it to an encrypted snapshot. Restore the database from the
encrypted snapshot.
3
, D. Enable an encrypted read replica on RDS for MySQL. Promote the encrypted read replica to primary.
Remove the original database instance. C. Create a snapshot of the database. Copy it to an
encrypted snapshot. Restore the database from the encrypted snapshot.
A company is hosting a website behind multiple Application Load Balancers. The company has different
distribution rights for its content around the world. A solutions architect needs to ensure that users are
served the correct content without violating distribution rights. Which configuration should the solutions
architect choose to meet these requirements?
A. Configure Amazon CloudFront with AWS WAF.
B. Configure Application Load Balancers with AWS WAF.
C. Configure Amazon Route 53 with a geolocation policy.
D. Configure Amazon Route 53 with a geoproximity routing policy. C. Configure Amazon Route 53
with a geolocation policy.
A solutions architect has created a new AWS account and must secure AWS account root user access.
Which combination of actions will accomplish this? (Choose two.)
A. Ensure the root user uses a strong password.
B. Enable multi-factor authentication to the root user.
C. Store root user access keys in an encrypted Amazon S3 bucket.
D. Add the root user to a group containing administrative permissions.
E. Apply the required permissions to the root user with an inline policy document. A. Ensure the
root user uses a strong password.
B. Enable multi-factor authentication to the root user.
A solutions architect at an ecommerce company wants to back up application log data to Amazon S3.
The solutions architect is unsure how frequently the logs will be accessed or which logs will be accessed
the most. The company wants to keep costs as low as possible by using the appropriate S3 storage class.
Which S3 storage class should be implemented to meet these requirements?
A. S3 Glacier
B. S3 Intelligent-Tiering
C. S3 Standard-Infrequent Access (S3 Standard-IA)
D. S3 One Zone-Infrequent Access (S3 One Zone-IA) B. S3 Intelligent-Tiering
4
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller StellarGrades. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.45. You're not tied to anything after your purchase.
