Infosys Certified AWS Solutions Architect Professional
Practice with real exam-pattern questions for Infosys Certified AWS Solutions Architect Professional. Each question includes a detailed explanation to help you understand the concept, not just memorise the answer. Try 10 questions free — no login required.
Full question bank for this exam + 1,357+ others. Cancel anytime.
Join Premium10 Infosys Certified AWS Solutions Architect Professional practice questions with answers
Real Lex exam-pattern multiple-choice questions for the Infosys Certified AWS Solutions Architect Professional certification. Each question includes the correct answer. The full question bank is available to Premium members.
- Question 1
An enterprise wants to use a third-party SaaS application. The SaaS application needs to have access to issue several API commands to discover Amazon EC2 resources running within the enterprise's account The enterprise has internal security policies that require any outside access to their environment must conform to the principles of least privilege and there must be controls in place to ensure that the credentials used by the
SaaS vendor cannot be used by any other third party. Which of the following would meet all of these conditions?- ✓
From the AWS Management Console, navigate to the Security Credentials page and retrieve the access and secret key for your account.
Correct - B
Create an IAM user within the enterprise account assign a user policy to the IAM user that allows only the actions required by the SaaS application create a new access and secret key for the user and provide these credentials to the SaaS provider.
- C
Create an IAM role for cross-account access allows the SaaS provider's account to assume the role and assign it a policy that allows only the actions required by the SaaS application.
- D
Create an IAM role for EC2 instances, assign it a policy that allows only the actions required tor the SaaS application to work, provide the role ARN to the SaaS provider to use when launching their application
- ✓
- Question 2
You are a solution architect for an enterprise. The enterprise has multiple AWS accounts hosted for deploying applications and performing analytics. They wish to simplify the management of access to their users in the on-premise environment. Also, there is a requirement to enable cross account audits using AWS IAM. Which of the following solutions will address these requirements?
- ✓
Use AWS SSO for user management. Enable cross account access using IAM.
Correct - B
Use AWS Control tower to provide federated access to users and to manage AWS accounts under AWS Organizations. Leverage IAM and SSO for cross account audits.
- C
Use SAML based user authentication and AWS Organizations. Leverage IAM and SSO for cross account audits.
- D
Use Microsoft AD connector to grant access to AWS account for the users in the on-premise environment.
- ✓
- Question 3
John is an AWS Admin for an enterprise and has the IAM full permissions. The enterprise has moved all their AWS accounts under an AWS Organization. John is facing issues in creating IAM users. Identify the reason(s).
[Choose two answers]
- ✓
AWS Organizational Unit permissions can overrule account permissions.
Correct - B
AWS Organizational Unit permissions cannot overrule account permissions.
- C
Users can access AWS services as per the policies defined in AWS Organization unit or policies defined in IAM.
- D
AWS Organizational Unit has restricted the administrators of member accounts in the organization.
- E
AWS Organizational Unit cannot restrict the administrators of member accounts in the organization.
- ✓
- Question 4
A social photo-sharing web application is hosted on EC2 instances behind an ELB. Users can upload their photos and it also shows a leaderboard on the homepage of the app. The uploaded photos are stored in S3 and the leaderboard data is maintained in DynamoDB. The EC2 instances need to access both S3 and DynamoDB for these features. As a Solutions Architect, which of the following solutions would you recommend as the MOST secure option?
- ✓
Attach appropriate IAM role to EC2 instance profile so that instance can access S3 and DynamoDB
Correct - B
Configure AWS CLI on EC2 instance using a valid IAM user's credentials. Application code can then invoke shell script to access S3 and DynamoDB via AWS CLI
- C
Save AWS credentials access key ID and secret access in a configuration file withing the application code on EC2 instance which can use credentials to access S3 and Dynamo DB.
- D
Encrypt AWS credentials via a custom encryption library and save in secret directory on EC2 instance. Application code can later decrypt AWS credentials to make API calls to S3 and DynamoDB
- ✓
- Question 5
A web design company currently runs several FTP servers that their 250 customers use to upload and download large graphic files They wish to move this system to AWS to make it more scalable, but they wish to maintain customer privacy and Keep costs to a minimum. What AWS architecture would you recommend?
- ✓
Ask their customers to use an S3 client instead of an FTP client. Create a single S3 bucket Create an IAM user for each customer Put the IAM Users in a Group that has an IAM policy that permits access to sub- directories within the bucket via use of the 'username' Policy variable.
Correct - B
Create a single S3 bucket with Reduced Redundancy Storage turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket for each customer with a Bucket Policy that permits access only to that one customer
- C
Create an auto-scaling group of FTP servers with a scaling policy to automatically scale-in when minimum network traffic on the auto-scaling group is below a given threshold. Load a central list of ftp users from S3 as part of the user Data startup script on each Instance.
- D
Create a single S3 bucket with Requester Pays turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket tor each customer with a Bucket Policy that permits access only to that one customer.
- ✓
- Question 6
A university has made a lot of self-learning content for consumption by the student community and alumni. The response to the self-learning courses has been very encouraging as a result of which the traffic hitting the servers is expected grow up consistently. The university wants to ensure that only the students or alumni access the content and some sensitive fields of the data rendered must be kept confidential so that they are not accessed by any client application except the designated destination. What should you do to address these requirements?
- ✓
Make the content accessible through CloudFront with EC2 as the origin. Make changes to the security group to allow access from IP addresses used by CloudFront. Create a CloudFront behavior with the AWS account as a trusted signer.
Correct - B
Make the content accessible through CloudFront with OAI for Amazon S3 as the origin. Remove public read actions from S3 bucket policy. Configure Amazon S3 as the trusted signer for CloudFront. Have the webservers return CloudFront Signed-URL. Use SSE-S3 to encrypt the fields that contain sensitive information.
- C
Make the content accessible through CloudFront with OAI for Amazon S3 as the origin. Remove public read actions from S3 bucket policy. Create a CloudFront behavior with the AWS account as a trusted signer. Have the webservers return CloudFront Signed-URL. Use Field-Level Encryption to protect sensitive information in the requests
- D
Make the content accessible through CloudFront with OAI for Amazon S3 as the origin. Remove public read actions from S3 bucket policy. Configure Amazon S3 as the trusted signer for CloudFront. Have the webservers return CloudFront Signed-URL. Use SSL to encrypt the fields that contain sensitive information.
- ✓
- Question 7
BuyAGame is an online game seller. They build games for desktop and mobile users. They have migrated to AWS platform for reducing IT infra management. The feedback from the very recently released game is that the latency is high and game response is slow. The architecture of the infrastructure includes Amazon EC2 instance in a multi-AZ AutoScaling group along with an application load balancer. The backend is supported by Amazon RDS. The data from the game is moved to applications for streaming data analysis. Which of the following solutions addresses these requirements?
- ✓
Use Amazon ElastiCache with Redis in front of Amazon RDS to greatly reduce the latency. Put the application data into Amazon Kinesis firehose to make it available for analytic applications to process the data.
Correct - B
Replace Amazon RDS with DynamoDB and use DAX to speed up the game. Put the application data into Amazon SQS to make it available for analytic applications to process the data.
- C
Use Amazon ElastiCache with Memcached infront of Amazon RDS to greatly reduce the latency. Put the application data into Amazon Kinesis streams to make it available for analytic applications to process the data
- D
Use Amazon ElastiCache with Redis in front of Amazon RDS to greatly reduce the latency. Put the application data into Amazon DynamoDB streams to make it available for analytic applications to process the data.
- E
Replace Amazon RDS with DynamoDB and use DAX to speed up the game. Put the application data into Amazon DynamoDB streams to make it available for analytic applications to process the data.
- ✓
- Question 8
Your application is using an ELB in front of an Auto Scaling group of web/application servers deployed across two AZs and a Multi-AZ RDS Instance for data persistence. The database CPU is often above 80% usage and 90% of I/O operations on the database are reads. To improve performance you recently added a single-node Memcached ElastiCache Cluster to cache frequent DB query results. In the next weeks the overall workload is expected to grow by 30%. Do you need to change anything in the architecture to maintain the high availability or the application with the anticipated additional load? Why?
- ✓
Yes, you should deploy two Memcached ElastiCache Clusters in different AZs because the RDS instance will not be able to handle the load if the cache node fails
Correct - B
No, if the cache node fails you can always get the same data from the DB without having any availability impact.
- C
No, if the cache node fails the automated ElastiCache node recovery feature will prevent any availability impact.
- D
Yes, you should deploy the Memcached ElastiCache Cluster with two nodes in the same AZ as the RDS
- ✓
- Question 9
Your organization is planning to migrate its on-premise data to AWS S3 within next two weeks. Currently, on-premise storage holds 50 PB of data and is connected to internet over a 100 Mbps link. Upto 20% of link’s throughput is regularly used in real time by existing systems. Which of the following service is ideal in this scenario to perform data migration in the given time frame?
- ✓
Use Snowmobile to transfer data from on-premises storage devices
Correct - B
Order multiple AWS Snowball devices to ship data
- C
Use multi-part upload to transfer data over existing link
- D
Set up an AWS Direct Connect link to upload data
- ✓
- Question 10
Metnix.in is a popular media-service provider having up-to 350 TB of data. It has hosted its application in on premises and deals with huge user volume. As business grew the organization wants to ensure the reliability and performance of the application at a lower cost. Hence it is planning to migrate its application to AWS with the maximum downtime of 10 days.
The organization has decided to leverage Amazon S3 service to store the content and Amazon Cloudfront to distribute the content to end users without any latency. It is having 40 percent of free internet capacity.
Which of the below feature will help the organization to successfully migrate to AWS by satisfying the requirement if the current internet connectivity of the organization is 2Gpbs?
- ✓
Use Amazon S3 multi part upload and transfer the data to S3 via internet. Ensure that the internet capacity is not exceeding 40 percent.
Correct - B
Request AWS for snowball device which can hold upto 1PB of data. Transfer the data to snowball and migrate it to S3. Sync the recent data while the migration is in process.
- C
Use Amazon S3 client and transfer the data to S3 via internet. Ensure that the client is not utilizing internet capacity above 40 percent.
- D
Request AWS for snowmobile device which can hold upto 1PB of data. Transfer the data to snowball and migrate it to S3. Sync the recent data while the migration is in process.
- E
Request multiple AWS snowball device and transfer the simultaneously to all the devices and send it back to store it in S3 bucket. Sync the recent data while the migration is in process.
- ✓
More in Cloud
Infosys Certified Google Professional Cloud Security Engineer
Infosys Certified AWS Cloud Beginner
Infosys Certified Google Cloud Digital Leader
Pay once. Clear every cert this year.
One subscription, full Telegram channel access, every PDF posted during your membership.
- Full access to all 1,357+ certifications
- Monthly updated question banks
- Telegram private channel access
- Cancel anytime
- Everything in Monthly
- Save ₹2,100 vs monthly billing
- Priority answer key requests
- Best for increasing DQ score fast
- Everything in Quarterly
- Lifetime channel access — no renewals
- All future certifications included
- Priority response from admin team
Common questions, straight answers.
A monthly-updated Telegram channel where we post real exam-pattern question banks and detailed answer keys for 1,357+ Infosys Lex certifications. You join once, you get every PDF posted during your membership.
Right after payment on our Graphy page, you'll receive a private invite link to the Telegram channel. Access is instant — usually under 30 seconds.
We compile question banks from the actual Lex test pattern, sourced and verified by 180K+ community members who've recently cleared these exams. Match rate is consistently 85–95%.
Every single month. When Infosys rolls out new versions of certifications, we post updated dumps within 7–10 days. You'll see channel activity weekly.
Clearing certifications is one of the highest-weighted DQ factors. Members typically clear 3–5 certifications in their first 3 months, which moves DQ scores up by a full band.