• Home
  • Articles
  • Get Latest Oct-2025 Conduct effective penetration tests using PassReview AWS-Solutions-Architect-Associate exam [Q250-Q266]

Get Latest Oct-2025 Conduct effective penetration tests using PassReview AWS-Solutions-Architect-Associate exam [Q250-Q266]

Share

Get Latest [Oct-2025] Conduct effective penetration tests using PassReview AWS-Solutions-Architect-Associate

Penetration testers simulate AWS-Solutions-Architect-Associate exam PDF


The AWS-Solutions-Architect-Associate exam is a valuable certification for IT professionals who want to demonstrate their skills and knowledge in AWS. AWS-Solutions-Architect-Associate exam covers a wide range of topics and requires candidates to have at least one year of experience designing and deploying scalable and highly available systems on AWS. With the right preparation and study resources, candidates can pass the exam and earn the AWS Certified Solutions Architect - Associate certification, which can help them advance their careers in cloud computing.

 

NEW QUESTION # 250
A scope has been handed to you to set up a super fast gaming server and you decide that you will use
Amazon DynamoDB as your database. For efficient access to data in a table, Amazon DynamoDB creates and maintains indexes for the primary key attributes. A secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support Query operations. How many types of secondary indexes does DynamoDB support?

  • A. As many as you need.
  • B. 0
  • C. 1
  • D. 2

Answer: B

Explanation:
DynamoDB supports two types of secondary indexes:
Local secondary index - an index that has the same hash key as the table, but a different range key. A local secondary index is "local" in the sense that every partition of a local secondary index is scoped to a table partition that has the same hash key.
Global secondary index - an index with a hash and range key that can be different from those on the table.
A global secondary index is considered "global" because queries on the index can span all of the data in a table, across all partitions.
Reference:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/SecondaryIndexes.html


NEW QUESTION # 251
Does Amazon DynamoDB support both increment and decrement atomic operations?

  • A. Yes, both increment and decrement operations.
  • B. Only decrement, since increment are inherently impossible with DynamoDB's data model.
  • C. No, neither increment nor decrement operations.
  • D. Only increment, since decrement are inherently impossible with DynamoDB's data model.

Answer: A

Explanation:
Amazon DynamoDB supports increment and decrement atomic operations.
Reference:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/APISummary.html


NEW QUESTION # 252
Your company's IT policies mandate that all critical data must be duplicated in two physical locations at least
100 miles apart.
What storage option meets this requirement?

  • A. Two Amazon S3 buckets in different regions
  • B. One Amazon Glacier archive
  • C. One Amazon S3 bucket
  • D. Two Amazon S3 buckets in the same region

Answer: C


NEW QUESTION # 253
A company uses NFS to store large video files in on-premises network attached storage. Each video file ranges in size from 1MB to 500 GB. The total storage is 70 TB and is no longer growing. The company decides to migrate the video files to Amazon S3. The company must migrate the video files as soon as possible while using the least possible network bandwidth.
Which solution will meet these requirements?

  • A. Set up an AWS Direct Connect connection between the on-premises network and AWS. Deploy an S3 File Gateway on premises. Create a public virtual interlace (VIF) to connect to the S3 File Gateway.
    Create an S3 bucket. Create a new NFS file share on the S3 File Gateway. Point the new file share to the S3 bucket. Transfer the data from the existing NFS file share to the S3 File Gateway.
  • B. Deploy an S3 File Gateway on premises. Create a public service endpoint to connect to the S3 File Gateway Create an S3 bucket Create a new NFS file share on the S3 File Gateway Point the new file share to the S3 bucket. Transfer the data from the existing NFS file share to the S3 File Gateway.
  • C. Create an S3 bucket Create an 1AM role that has permissions to write to the S3 bucket. Use the AWS CLI to copy all files locally to the S3 bucket.
  • D. Create an AWS Snowball Edge job. Receive a Snowball Edge device on premises. Use the Snowball Edge client to transfer data to the device. Return the device so that AWS can import the data into Amazon S3.

Answer: B


NEW QUESTION # 254
A solutions architect needs to copy files from an Amazon S3 bucket to an Amazon Elastic File System (Amazon EFS) file system and another S3 bucket. The files must be copied continuously.New files are added to the original S3 bucket consistently. The copied files should be overwritten only if the source file changes.
Which solution will meet these requirements with the LEAST operational overhead?

  • A. Launch an Amazon EC2 instance in the same VPC as the file system. Mount the file system. Create a script to routinely synchronize all objects that changed in the origin S3 bucket to the destination S3 bucket and the mounted file system.
  • B. Create an AWS DataSync location for both the destination S3 bucket and the EFS file system. Create a task for the destination S3 bucket and the EFS file system. Set the transfer mode to transfer only data that has changed.
  • C. Create an AWS Lambda function. Mount the file system to the function. Set up an S3 event notification to invoke the function when files are created and changed in Amazon S3. Configure the function to copy files to the file system and the destination S3 bucket.
  • D. Create an AWS DataSync location for both the destination S3 bucket and the EFS file system. Create a task for the destination S3 bucket and the EFS file system. Set the transfer mode to transfer all data.

Answer: B

Explanation:
AWS DataSync is a service that makes it easy to move large amounts of data between AWS storage services and on-premises storage systems. AWS DataSync can copy files from an S3 bucket to an EFS file system and another S3 bucket continuously, as well as overwrite only the files that have changed in the source. This solution will meet the requirements with the least operational overhead, as it does not require any code development or manual intervention.
References:
4 explains how to create AWS DataSync locations for different storage services.
5 describes how to create and configure AWS DataSync tasks for data transfer.
6 discusses the different transfer modes that AWS DataSync supports.


NEW QUESTION # 255
A solutions architect observes that a nightly batch processing job is automatically scaled up for 1 hour before the desired Amazon EC2 capacity is reached. The peak capacity is the same every night and the batch jobs always start at 1 AM. The solutions architect needs to find a cost-effective solution that will allow for the desired EC2 capacity to be reached quickly and allow the Auto Scaling group to scale down after the batch jobs are complete.
What should the solutions architect do to meet these requirements?

  • A. Increase the minimum capacity for the Auto Scaling group.
  • B. Configure scheduled scaling to scale up to the desired compute level.
  • C. Increase the maximum capacity for the Auto Scaling group.
  • D. Change the scaling policy to add more EC2 instances during each scaling operation.

Answer: B


NEW QUESTION # 256
A Solution Architect is developing as AWS Lambda-based service for a social networking game to retrieve information on tourist landmarks stored in an Amazon DynamoDB table. The solutions Architect wants to minimize costs as the service scales to many millions of users through a mobile app.
How can the Solution Architect optimize performance while minimizing costs? (Select TWO)

  • A. Expose the Lambda function through the Amazon API Gateway, configure the endpoint with caching, and configure Auto Scaling of read throughput on the DynamoDB table
  • B. Configure AppSync to cache responses on the mobile client, and the configure Auto Scaling of reads on the DynamoDB table
  • C. Authorize mobile clients to communicate directly with DynamoDB through AWS STS token, and configure DynamoDB for global replication and Auto Scaling
  • D. Use DynamoDB Accelerator (DAX), and configure Auto Scaling of read throughput on the DynamoDB table
  • E. Configure Amazon CloudFront, specify an appropriate TTL for response caching, and configure the DynamoDB table as the origin

Answer: A,D


NEW QUESTION # 257
A company is building an application on Amazon EC2 instances that generates temporary transactional data.
The application requires access to data storage that can provide configurable and consistent IOPS.
What should a solutions architect recommend?

  • A. Provision an EC2 instance with a General Purpose SSD (gp2) root volume and Provisioned IOPS SSD (io1) data volume.
  • B. Provision an EC2 instance with a General Purpose SSD (gp2) root volume. Configure the application to store its data in an Amazon S3 bucket.
  • C. Provision an EC2 instance with a Throughput Optimized HDD (st1) volume that will serve as the root and data volume.
  • D. Provision an EC2 instance with a Throughput Optimized HDD (st1) root volume and a Cold HDD (sc1) data volume.

Answer: A


NEW QUESTION # 258
You are tasked with setting up a Linux bastion host for access to Amazon EC2 instances running in your VPC. Only clients connecting from the corporate external public IP address
72.34.51.100 should have SSH access to the host. Which option will meet the customer requirement?

  • A. Network ACL Inbound Rule: Protocol - TCP, Port Range-22, Source 72.34.51.100/0
  • B. Network ACL Inbound Rule: Protocol - UDP, Port Range - 22, Source 72.34.51.100/32
  • C. Security Group Inbound Rule: Protocol - TCP. Port Range - 22, Source 72.34.51.100/32
  • D. Security Group Inbound Rule: Protocol - UDP, Port Range - 22, Source 72.34.51.100/32

Answer: C


NEW QUESTION # 259
Which features can be used to restrict access to data in S3? Choose 2 answers

  • A. Create a CloudFront distribution for the bucket.
  • B. Set an S3 ACL on the bucket or the object.
  • C. Set an S3 bucket policy.
  • D. Use S3 Virtual Hosting
  • E. Enable IAM Identity Federation

Answer: C,E

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.


NEW QUESTION # 260
Which aspects of Amazon EC2 security are the responsibility of AWS? Choose 2 answers

  • A. physical security of hardware
  • B. Virtualization infrastructure
  • C. VPC and security group configuration
  • D. Application authentication
  • E. Guest operating systems

Answer: A,B


NEW QUESTION # 261
A company is setting up a development environment on AWS for a team of developers. The team needs to access multiple Amazon S3 buckets to store project data. The team also needs to use Amazon EC2 to run development instances.
The company needs to ensure that the developers have access only to specific Amazon S3 buckets and EC2 instances. Access permissions must be assigned according to each developer's role on the team. The company wants to minimize the use of permanent credentials and to ensure access is securely managed according to the principle of least privilege.
Which solution will meet these requirements?

  • A. Create IAM roles that have fine-grained permissions for Amazon S3 and Amazon EC2. Configure AWS IAM Identity Center to manage credentials for the developers.
  • B. Create IAM users that have programmatic access to Amazon S3 and Amazon EC2. Generate individual access keys for each developer to access Amazon S3 and Amazon EC2.
  • C. Create a VPC endpoint for Amazon S3. Require developers to access Amazon EC2 instances and Amazon S3 buckets through a bastion host.
  • D. Create IAM roles that have administrative-level permissions for Amazon S3 and Amazon EC2. Require developers to sign in by using Amazon Cognito to access Amazon S3 and Amazon EC2.

Answer: A

Explanation:
The most secure and manageable way to provide developers with temporary, least-privilege access is by using AWS IAM Identity Center (formerly AWS SSO). IAM Identity Center allows assigning IAM roles with scoped permissions based on the developer's team role. This ensures no permanent credentials are required and minimizes risk.
Option B enables role-based access with centralized identity and access management, making it the most secure and scalable solution for managing developer permissions.


NEW QUESTION # 262
A favored client needs you to quickly deploy a database that is a relational database service with minimal administration as he wants to spend the least amount of time administering it. Which database would be the best option?

  • A. Amazon Redshift
  • B. Amazon RDS
  • C. Amazon SimpleDB
  • D. Your choice of relational AMIs on Amazon EC2 and EBS.

Answer: B

Explanation:
Amazon Relational Database Service (Amazon RDS) is a web service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you up to focus on your applications and business.
Amazon RDS gives you access to the capabilities of a familiar MySQL, Oracle, SQL Server, or PostgreSQL database engine. This means that the code, applications, and tools you already use today with your existing databases can be used with Amazon RDS. Amazon RDS automatically patches the database software and backs up your database, storing the backups for a user-defined retention period and enabling point-in-time recovery.
Reference: https://aws.amazon.com/running_databases/#rds_anchor


NEW QUESTION # 263
A company's website is using an Amazon RDS MySQL Multi-AZ DB instance for its transactional data storage.
There are other internal systems that query this DB instance to fetch data for internal batch processing. The RDS DB instance slows down significantly when the internal systems fetch data. This impacts the website's read and write performance, and the users experience slow response times.
Which solution will improve the website's performance?

  • A. Add a read replica to the RDS DB instance and configure the internal systems to query the read replica.
  • B. Use an RDS PostgreSQL DB instance instead of a MySQL database.
  • C. Use Amazon ElastiCache to cache the query responses for the website.
  • D. Add an additional Availability Zone to the current RDS MySQL Multi-AZ DB instance.

Answer: A

Explanation:
Amazon RDS Read Replicas
Enhanced performance
You can reduce the load on your source DB instance by routing read queries from your applications to the read replica. Read replicas allow you to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. Because read replicas can be promoted to master status, they are useful as part of a sharding implementation.
To further maximize read performance, Amazon RDS for MySQL allows you to add table indexes directly to Read Replicas, without those indexes being present on the master.
Reference: https://aws.amazon.com/rds/features/read-replicas


NEW QUESTION # 264
A solutions architect needs to design the architecture for an application that a vendor provides as a Docker container image The container needs 50 GB of storage available for temporary files The infrastructure must be serverless.
Which solution meets these requirements with the LEAST operational overhead?

  • A. Create an AWS Lambda function that uses the Docker container image with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of space
  • B. Create an AWS Lambda function that uses the Docker container image with an Amazon S3 mounted volume that has more than 50 GB of space
  • C. Create an Amazon Elastic Container Service (Amazon ECS) cluster that uses the Amazon EC2 launch type with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of space Create a task definition for the container image. Create a service with that task definition.
  • D. Create an Amazon Elastic Container Service (Amazon ECS) cluster that uses the AWS Fargate launch type Create a task definition for the container image with an Amazon Elastic File System (Amazon EFS) volume. Create a service with that task definition.

Answer: D

Explanation:
The AWS Fargate launch type is a serverless way to run containers on Amazon ECS, without having to manage any underlying infrastructure. You only pay for the resources required to run your containers, and AWS handles the provisioning, scaling, and security of the cluster. Amazon EFS is a fully managed, elastic, and scalable file system that can be mounted to multiple containers, and provides high availability and durability. By using AWS Fargate and Amazon EFS, you can run your Docker container image with 50 GB of storage available for temporary files, with the least operational overhead. This solution meets the requirements of the question.
References:
AWS Fargate
Amazon Elastic File System
Using Amazon EFS file systems with Amazon ECS


NEW QUESTION # 265
The SQL Server __ feature is an efficient means of copying data from a source database to your DB Instance. It writes the data that you specify to a data file, such as an ASCII file.

  • A. mass copy
  • B. bulk copy
  • C. group copy
  • D. dual copy

Answer: B


NEW QUESTION # 266
......

Tested Material Used To AWS-Solutions-Architect-Associate Test Engine: https://www.passreview.com/AWS-Solutions-Architect-Associate_exam-braindumps.html

Steps Necessary To Pass The AWS-Solutions-Architect-Associate Exam: https://drive.google.com/open?id=1aMiamC6lo8OxLnOvm1jsmN_CmVokRj6Q

Related Articles

more
Amazon AWS-Solutions-Architect-Associate Certification Practice Exam

Copyright © 2026 PassReview NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy