2022 New Year Express Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 5763r953

Welcome To DumpsPedia

SAA-C02 Sample Questions Answers

Questions 4

A company hosts an application on AWS. The application interacts with an Amazon DynamoDB table that has 10 read capacity units (RCUs) Data from Amazon CloudWatch alarms shows that throttling is occurring on read requests to the DynamoDB table. The company needs to prevent this issue from happening in the future as the application continues to grow.

What should a solutions architect recommend to meet these requirements?

Options:

A.

Add an Elastic Load Balancer in front of the DynamoDB table.

B.

Change the RCUs for the DynamoDB table to 20.

C.

Provision 20 write capacity units (WCUs) for the DynamoDB table to offset the throttling on read requests.

D.

Enable auto scaling for the DynamoDB table

Buy Now
Questions 5

A company's database is hosted on an Amazon Aurora MySQL DB cluster in the us-east-1 Region The database is 4 TB in size. The company needs to expand its disaster recovery strategy to the us-west-2 Region The company must have the ability to fail over to us-west-2 with a recovery time objective (RTO) of 15 minutes.

What should a solutions architect recommend to meet these requirements?

Options:

A.

Create a Multi-Region Aurora MySQL DB cluster in us-east-1 and us-west-2 Use an Amazon Route 53 health check to monitor us-east-1 and fail over to us-west-2 upon failure

B.

Take a snapshot of the DB cluster in us-east-1. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource events Configure the Lambda function to copy the snapshot to us-west-2 and restore the snapshot in us-west-2 when failure is detected.

C.

Create an AWS CloudFormation script to create another Aurora MySQL DB cluster in us-west-2 in case of failure Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource events. Configure the Lambda function to deploy the AWS CloudFormation stack in us-west-2 when failure is detected.

D.

Recreate the database as an Aurora global database with the primary DB cluster in us-east-1 and a secondary DB cluster in us-west-2 Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource events Configure the Lambda function to promote the DB cluster in us-west-2 when failure is detected.

Buy Now
Questions 6

A solutions architect needs to design a managed storage solution for a company's application that includes high-performance machine learning This application runs on AWS Fargate, and the connected storage needs to have concurrent access to files and deliver high performance

Which storage option should the solutions architect recommend?

Options:

A.

Create an Amazon S3 bucket for the application and establish an IAM role for Fargate to communicate with Amazon S3

B.

Create an Amazon FSx for Lustre file share and establish an IAM role that allows Fargate to communicate with FSx for Lustre

C.

Create an Amazon Elastic File System (Amazon EFS) file share and establish an IAM role that allows Fargate to communicate with Amazon EFS.

D.

Create an Amazon Elastic Block Store (Amazon EBS) volume for the application and establish an IAM role that allows Fargate to communicate with Amazon EBS

Buy Now
Questions 7

A company is planning to migrate a TCP-based application into the company's VPC The application is publicly accessible on a nonstandard TCP port through a hardware appliance in the company's data centre. This public endpoint can process up to 3 million requests per second with low latency. The company requires the same level of performance for the new public endpoint in AWS.

What should a solutions architect recommend to meet this requirement?

Options:

A.

Deploy a Network Load Balancer (NLB). Configure the NLB to be publicly accessible over the TCP port that the application requires.

B.

Deploy an Application Load Balancer (ALB). Configure the ALB to be publicly accessible over the TCP port that the application requires

C.

Deploy an Amazon CloudFront distribution that listens on the TCP port that the application requires Use an Application Load Balancer as the origin.

D.

Deploy an Amazon API Gateway API that is configured with the TCP port that the application requires. Configure AWS Lambda functions with provisioned concurrency to process the requests.

Buy Now
Questions 8

A company has an application that calls AWS Lambda functions. A recent code review found database credentials stored in the source code. The database credentials needs to be removed from the Lambda source code. The credentials must then be securely stored and rotated on a on-going basis to meet security policy requirements.

What should a solutions architect recommend meet these requirements?

Options:

A.

Store the password in AWS CloudHSM. Associate the Lambda function with a role that can review the password from CloudHSM given key ID.

B.

Store the password in AWS Secrets Manager . A associate the Lambda function with a role that can retrieve the password from secrets Manager given its secret ID.

C.

Move the database password to an environment variable associate the Lambda function Retrieve the password from the environment variable upon execution.

D.

Store the password in AWS Key Management Service (AWS KMS). Associate the Lambda function with a role that can retrieve the password from AWS KMS given its key ID.

Buy Now
Questions 9

A company has applications that are deployed in multiple AWS Regions. The applications use an architecture that is based on Amazon EC2, Amazon Elastic Block Store (Amazon EBS), Amazon Elastic File System (Amazon EFS). and Amazon DynamoDB

The company lacks a mechanism for centralized data backup. A solutions architect must centralize data backup with the least possible operational effort.

What should the solutions architect do to meet these requirements?

Options:

A.

Tag all resources by project Use AWS Systems Manager to set up snapshots by project and set DynamoDB incremental backups.

B.

Tag all resources by project. Create backup plans in AWS Backup to back up the data by tag name according to each project's needs.

C.

Tag all resources by project Create an AWS Lambda function to run on schedule and take snapshots of each EC2 instance. EBS volume, and EFS file system by project Configure the function to invoke DynamoDB on-demand backup.

D.

Use AWS CloudFormation to create a template for every new project so that all resources can be recreated at any time. Set the template to take daily snapshots of each EC2 instance r EBS volume and EFS file system Set the template to use DynamoDB on-demand backup for daily backups

Buy Now
Questions 10

An application runs on Amazon EC2 instances across multiple Availability Zones The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer The application performs best when the CPU utilization of the EC2 instances is at or near 40%.

What should a solutions architect do to maintain the desired performance across all instances in the group?

Options:

A.

Use a simple scaling policy to dynamically scale the Auto Scaling group

B.

Use a target tracking policy to dynamically scale the Auto Scaling group

C.

Use an AWS Lambda function to update the desired Auto Scaling group capacity.

D.

Use scheduled scaling actions to scale up and scale down the Auto Scaling group

Buy Now
Questions 11

A solutions architect needs to design a network that will allow multiple Amazon EC2 instances to access a common data source used for mission-critical data that can be accessed by all the EC2 instances simultaneously. The solution must be highly scalable, easy to implement, and support the NFS protocol

Which solution meets these requirements?

Options:

A.

Create an Amazon EFS file system Configure a mount target in each Availability Zone. Attach each instance to the appropriate mount target

B.

Create an additional EC2 instance and configure it as a file server Create a security group that allows communication between the instances and apply that to the additional instance.

C.

Create an Amazon S3 bucket with the appropriate permissions Create a role in AWS IAM that grants the correct permissions to the S3 bucket. Attach the role to the EC2 instances that need access to the data

D.

Create an Amazon EBS volume with the appropriate permissions. Create a role in AWS IAM that grants the correct permissions to the EBS volume. Attach the role to the EC2 instances that need access to the data.

Buy Now
Questions 12

A company is automating an order management application. The company's development team has decided to use SFTP to transfer and store the business-critical information files The files must be encrypted and must be highly available. The files also must be automatically deleted a month after they are created.

Which solution meets these requirements with the LEAST operational overhead?

Options:

A.

Configure an Amazon S3 bucket with encryption enabled. Use AWS transfer for SFTP to securely transfer the files to the S3 bucket Apply an AWS Transfer for SFTP file retention policy to delete the files after a month

B.

Install an SFTP service on an Amazon EC2 instance Mount an Amazon Elastic File System (Amazon EFS) file share on the EC2 instance. Enable cron to delete the files after a month

C.

Configure an Amazon Elastic File System (Amazon EFS) file system with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the EFS file system. Apply an EFS lifecycle policy to automatically delete the files after a month.

D.

Configure an Amazon S3 bucket with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the S3 bucket. Apply S3 Lifecycle rules to automatically delete the files after a month.

Buy Now
Questions 13

A computer is reviewing a recent migration of a three-tier application to a VPC. The security team discover that the principle of lest privilege is not being applied to Amazon EC2 security group ingress and egress rules between the application tiers.

What should a solution architect do to connect issue?

Options:

A.

Create security group rules using the instance ID as the source destination.

B.

Create security group rules using the security ID as the source or destination.

C.

Create security group rules using the VPC CDR blocks as the source or destination

D.

Create security group rules using the subnet CDR blocks as the source or destination

Buy Now
Questions 14

A company is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in Amazon RDS MySQL Multi-AZ DB instances The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web-based attacks.

What should a solutions architect recommend?

Options:

A.

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer Configure the EC2 instance iptables rules to drop suspicious web traffic. Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.

B.

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Move DB instances to the same subnets that EC2 instances are located in. Create a security group for the DB instances Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.

C.

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group

D.

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.

Buy Now
Questions 15

A company has a stateless web application that runs on AWS Lambda functions that are invoked by Amazon API Gateway. The company wants to deploy the application across multiple AWS Regions to provide Regional failover capabilities.

What should a solutions architect do to route traffic to multiple Regions?

Options:

A.

Configure Amazon Route 53 health checks for each Region. Use an active-active failover configuration.

B.

Create an Amazon CloudFront distribution with an origin for each Region. Use CloudFront health checks to route traffic.

C.

Create an AWS Transit Gateway Attach the transit gateway to the API Gateway endpoint in each Region Configure the transit gateway to route requests.

D.

Use AWS Global Accelerator to create an accelerator with endpoints in each Region. Allow Global Accelerator to automatically monitor the health of endpoints and route requests.

Buy Now
Questions 16

A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining standard security controls Because the individual developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified.

Which action meets these requirements?

Options:

A.

Create an IAM policy that prohibits changes to CloudTrail, and attach it to the root user

B.

Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled.

C.

Create a service control policy (SCP) the prohibits changes to CloudTrail, and attach it the developer accounts

D.

Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the master account

Buy Now
Questions 17

A solution architect at a company is designing the architecture for a two-tiered web application. The web application is composed of an internet facing application load balancer that forwards traffic to an auto scaling group of amazon EC2 instances. The EC2 instances must be able to access a database that runs on Amazon RDS.

The company has requested a defence-in-depth approach to the network layout. The company does not want to rely solely on security groups or network ACLs. Only the minimum resources that are necessary should be routable from the internet.

Which network design should the solutions architect recommend to meet these requirements?

Options:

A.

Place the ALB, EC2 instances and RDS database in private subnets.

B.

Place the ALB in public subnets. Place the EC2 instances and RDS database in private subnets

C.

Place the ALB and EC2 instances in public subnets. Place the RDS database in private subnets

D.

Place the ALB outside the VPC. Place the EC2 instances and RDS database in private subnets.

Buy Now
Questions 18

A solutions architect is creating a new VPC design There are two public subnets for the load balancer, two private subnets for web servers and two private subnets for MySQL The web servers use only HTTPS The solutions architect has already created a security group tor the load balancer allowing port 443 from 0 0 0 0/0 Company policy requires that each resource has the teas! access required to still be able to perform its tasks

Which additional configuration strategy should the solutions architect use to meet these requirements?

Options:

A.

Create a security group for the web servers and allow port 443 from 0 00 0/0 Create a security group for the MySQL servers and allow port 3306 from the web servers security group

B.

Create a network ACL for the web servers and allow port 443 from 0 0 0 0*0 Create a network ACL (or the MySQL servers and allow port 3306 from the web servers security group

C.

Create a security group for the web servers and allow port 443 from the load balancer Create a security group for the MySQL servers and allow port 3306 from the web servers security group

D.

Create a network ACL 'or the web servers and allow port 443 from the load balancer Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group

Buy Now
Questions 19

A company uses on-premises servers to host Its application. The company is running out of storage capacity. The applications use both block storage and NFS storage. The company needs a high-performing solution that supports local caching without re-architecting its existing applications

Which combination of actions should a solutions architect take to meet these requirements'? (Select TWO.)

Options:

A.

Mount Amazon S3 as a file system to the on-premises servers

B.

Deploy an AWS Storage Gateway Me gateway to replace NFS storage

C.

Deploy AWS Snowball Edge to provision NFS mounts to on-premises servers

D.

Deploy an AWS Storage Gateway volume gateway to replace the block storage

E.

Deploy Amazon Elastic File System (Amazon EFS) volumes and mount them to on-premises servers

Buy Now
Questions 20

A company has a Microsoft NET application that runs on an on-premises Windows Server. The application stores data by using an Oracle Database Standard Edition server. The company is planning a migration to AWS and wants to minimize development changes while moving the application. The AWS application environment should be highly available.

Which combination of actions should the company take to meet these requirements? (Select TWO.)

Options:

A.

Refactor the application as serverless with AWS Lambda functions running NET Core.

B.

Rehost the application in AWS Elastic Beanstalk with the .NET platform in a Multi-AZ deployment.

C.

Replatform the application to run on Amazon EC2 with the Amazon Linus Amazon Machine Image (AMI).

D.

Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Amazon DynamoDB in a Multi-AZ deployment.

E.

Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Oracle on Amazon RDS in a Multi-AZ deployment.

Buy Now
Questions 21

A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week.

What should the company do to guarantee the EC2 capacity?

Options:

A.

Purchase Reserved instances that specify the Region needed

B.

Create an On Demand Capacity Reservation that specifies the Region needed

C.

Purchase Reserved instances that specify the Region and three Availability Zones needed

D.

Create an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed

Buy Now
Questions 22

A company is planning to migrate a legacy application to AWS. The application currently uses NFS to communicate to an on-premises storage solution to store application data. The application cannot be modified to use any other communication protocols other than NFS for this purpose

Which storage solution should a solutions architect recommend for use after the migration?

Options:

A.

AWS DataSync

B.

Amazon Elastic Block Store (Amazon EBS)

C.

Amazon Elastic File System (Amazon EFS)

D.

Amazon EMR File System (Amazon EMRFS)

Buy Now
Questions 23

A company serves content to its subscribers across the world using an application running on AWS The application has several Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB) Due to a recent change in copyright restrictions, the chief information officer (CiO) wants to block access for certain countries.

Which action will meet these requirements?

Options:

A.

Modify the ALB security group to deny incoming traffic from blocked countries

B.

Modify the security group for EC2 instances to deny incoming traffic from blocked countries

C.

Use Amazon CloudFront to serve the application and deny access to blocked countries

D.

Use ALB listener rules to return access dented responses to incoming traffic from blocked countries

Buy Now
Questions 24

A developer has a script lo generate daily reports that users previously ran manually The script consistently completes in under 10 minutes The developer needs to automate this process in a cost-effective manner.

Which combination of services should the developer use? (Select TWO.)

Options:

A.

AWS Lambda

B.

AWS CloudTrail

C.

Cron on an Amazon EC2 instance

D.

Amazon EC2 On-Demand Instance with user data

E.

Amazon EventBridge {Amazon CloudWatch Events)

Buy Now
Questions 25

A company needs the ability to analyze the log files of its proprietary application The logs are stored in JSON format in an Amazon S3 bucket Queries will be simple and will run on-demand A solutions architect needs to perform the analysis with minimal changes to the existing architecture

What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?

Options:

A.

Use Amazon Redshift to load all the content into one place and run the SQL queries as needed

B.

Use Amazon CloudWatch Logs to store the logs Run SQL queries as needed from the Amazon CloudWatch console

C.

Use Amazon Athena directly with Amazon S3 to run the queries as needed

D.

Use AWS Glue to catalog the logs Use a transient Apache Spark cluster on Amazon EMR to run the SQL queries as needed

Buy Now
Questions 26

A company is performing an AWS Well-Architected Framework review of an existing workload deployed on AWS The review Identified a public-facing website running on the same Amazon EC2 instance as a Microsoft Active Directory domain controller that was installed recently to support other AWS services A solutions architect needs to recommend a new design that would improve the security of the architecture and minimize the administrative demand on IT staff

What should the solutions architect recommend?

Options:

A.

Use AWS Directory Service to create a managed Active Directory Uninstall Active Directory on the current EC2 instance

B.

Create another EC2 instance in the same subnet and reinstall Active Directory on it Uninstall Active Directory on the current EC2 instance

C.

Use AWS Directory Service to create an Active Directory connector Proxy Active Directory requests to the Active Directory domain controller running on the current EC2 instance

D.

Enable AWS Single Sign-On (AWS SSO) with Security Assertion Markup Language (SAML) 2 0 federation with the current Active Directory controller Modify the EC2 instance's security group to deny public access to Active Directory

Buy Now
Questions 27

A security learn needs to enforce the rotation of all IAM users' access keys every 90 days If an access key Is found to be older, the key must be made inactive and removed A solutions architect must create a solution that will check for and remediate any keys older than 90 days

Which solution meets these requirements with the LEAST operational effort?

Options:

A.

Create an AWS Config rule to check for the key age Configure the AWS Config rule to run an AWS Batch job to remove the key

B.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age Configure the rule to run an AWS Batch job to remove the key

C.

Create an AWS Config rule to check for the key age Define an Amazon EventBridge (Amazon CloudWatch Events) rule to schedule an AWS Lambda function to remove the key

D.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age Define an EventBridge (CloudWatch Events) rule to run an AWS Batch job to remove the key

Buy Now
Questions 28

A company hosts its website on AWS To address the highly variable demand the company has implemented Amazon EC2 Auto Scaling Management is concerned that the company Is over-prows toning its infrastructure, especially at the front end of the three-tier application. A solutions architect needs to ensure costs are optimized without impacting performance.

What should the solutions architect do to accomplish this?

Options:

A.

Use Auto Scaling with Reserved Instances

B.

Use Auto Scaling with a scheduled scaling policy

C.

Use Auto Scaling with the suspend-resume feature.

D.

Use Auto Scaling with a target tracking scaling policy

Buy Now
Questions 29

A media company is evaluating the possibility ot moving rts systems to the AWS Cloud The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing. 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore

Which set of services should a solutions architect recommend to meet these requirements?

Options:

A.

Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

B.

Amazon EBS for maximum performance, Amazon EFS for durable data storage and Amazon S3 Glacier for archival storage

C.

Amazon EC2 instance store for maximum performance. Amazon EFS for durable data storage and Amazon S3 for archival storage

D.

Amazon EC2 Instance store for maximum performance. Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

Buy Now
Questions 30

A company has an application that ingests incoming messages Dozens of other applications and microservices then quickly consume these messages The number of messages vanes drastically and sometimes increases suddenly to 100 000 each second. The company wants to decouple the solution and increase scalability.

Which solution meets these requirements?

Options:

A.

Persist the messages to Amazon Kinesis Data Analytics Configure the consumer applications to read and process the messages

B.

Deploy the ingestion application on Amazon EC2 instances m an Auto Scaling group to scale the number of EC2 instances based on CPU metrics

C.

Write the messages to Amazon Kinesis Data Streams with a single shard Use an AWS Lambda function to preprocess messages and store them in Amazon DynamoDB Configure the consumer applications to read from DynamoDB to process the messages

D.

Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with multiple Amazon Simple Queue Service (Amazon SQS) subscriptions Configure the consumer applications to process the messages from the queues

Buy Now
Questions 31

A company has a Windows-based application that must be migrated to AWS. The application requires the use of a shared Windows Me system attached to multiple Amazon EC2 Windows instances that are deployed across multiple Availability Zones

What should a solutions architect do to meet this requirement?

Options:

A.

Configure AWS Storage Gateway in volume gateway mode Mount the volume to each Windows instance

B.

Configure Amazon FSx for Windows File Server Mount the Amazon FSx file system to each Windows instance

C.

Configure a file system by using Amazon Elastic File System (Amazon EFS) Mount the EPS file system to each Windows instance

D.

Configure an Amazon Elastic Block Store (Amazon EBS) volume with the required size Attach each EC2 instance to the volume Mount the file system within the volume to each Windows instance

Buy Now
Questions 32

A solutions architect is designing the cloud architecture for a company that needs to host hundreds of machine learning models for its users Dunng startup, the models need to load up to 10 GB of data from Amazon S3 into memory, out they do not need disk access Most of the models are used sporadically but the users expect all of them to be highly available and accessible with low latency.

Which solution meets the requirements and is MOST cost-effective1?

Options:

A.

Deploy models as AWS Lambda functions behind an Amazon API Gateway for each model

B.

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind an Application Load Balancer for each model

C.

Deploy models as AWS Lambda functions behind a single Amazon API Gateway with path-based routing where one path corresponds to each model

D.

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind a single Application Load Balancer with path-based routing where one path corresponds to each model

Buy Now
Questions 33

A recent analysis of a company's IT expenses highlights the need to reduce backup costs The company s chief information officer wants to simplify the on-premises backup infrastructure and reduce costs by eliminating the use ol physical backup tapes The company must preserve the existing investment in the on-premises backup applications and workflows

What should a solutions architect recommend''

Options:

A.

Set up AWS Storage Gateway to conned with the backup applications using the NFS interface

B.

Set up an Amazon EFS file system that connects wtth the backup applications using the NFS interface

C.

Set up an Amazon EFS file system that connects with the backup applications using the iSCSl interface

D.

Set up AWS Storage Gateway to connect with the backup applications using the iSCSi-virtual tape library (VTL) interface

Buy Now
Questions 34

A company has hired an external vendor to perform work in the company's AWS account The vendor uses an automated tool that is hosted in an AWS account that the vendor owns The vendor does not have IAM access to the company's AWS account

How should a solutions architect grant this access to the vendor?

Options:

A.

Create an lAM rote in the company's account to delegate access to the vendor's IAM role Attach the appropriate IAM policies to the role for the permissions that the vendor requires

B.

Create an lAM user in the company's account with a password that meets the password complexity requirements Attach the appropriate lAM policies to the user (or the permissions that the vendor requires

C.

Create an IAM group in the company's account Add the tool's lAM user from the vendor account lo the group Attach the appropriate lAM policies to the group for the permissions that the vendor requires

D.

Create a new identity provider by choosing "AWS account" as the provider type in the IAM console Supply the vendor's AWS account ID and user name Attach the appropriate IAM policies to the new provider for the permissions that the vendor requires

Buy Now
Questions 35

A company is migrating Us applications to AWS Currently applications that run on premises generate hundreds of terabytes of data that is stored on a shared file system The company Is running an analytics application in the cloud that runs hourly to generate Insights from this data

The company needs a solution to handle the ongoing data transfer between the on-premises shared file system and Amazon S3 The solution also must be able to handle occasional interruptions m internet connectivity

Which solution should the company use for the data transfer to meet these requirements?

Options:

A.

AWS DataSync

B.

AWS Migration Hub

C.

AWS Snowball Edge Storage Optimized

D.

AWS Transfer for SFTP

Buy Now
Questions 36

A company hosts an application on multiple Amazon EC2 instances The application processes messages from an Amazon SQS queue writes to an Amazon RDS table and deletes the message from the queue Occasional duplicate records are found in the RDS table. The SQS queue does not contain any duplicate messages.

What should a solutions architect do to ensure messages are being processed once only?

Options:

A.

Use the CreateQueue API call to create a new queue

B.

Use the Add Permission API call to add appropriate permissions

C.

Use the ReceiveMessage API call to set an appropriate wail time

D.

Use the ChangeMessageVisibility APi call to increase the visibility timeout

Buy Now
Questions 37

A solutions architect plans to convert a company's monolithic web application into a multi-tier application The company wants to avoid managing its own Infrastructure The minimum requirements for the web application are high availability, scalability, and regional low latency during peak hours The solution should also store and retrieve data with millisecond latency using the application's API.

Which solution meets these requirements?

Options:

A.

Use AWS Fargate to host the web application with backend Amazon RDS Multi-AZ DB instances

B.

Use Amazon API Gateway with an edge-optimized API endpoint. AWS Lambda for compute, and Amazon DynamoDB as the data store

C.

Use an Amazon Route 53 routing policy with geolocation that points to an Amazon S3 bucket with static website hosting and Amazon DynamoDB as the data store

D.

Use an Amazon CloudFront distribution that points to an Elastic Load Balancer with an Amazon EC2 Auto Scaling group, along with Amazon RDS Multi-AZ DB instances

Buy Now
Questions 38

A company wants to perform an online migration of active datasets from an on-premises NFS server to an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET Data integrity verification is required during the transfer and at the end of the transfer. The data also must he encrypted

A solutions architect is using an AWS solution to migrate the data.

Which solution meets these requirements?

Options:

A.

AWS Storage Gateway file gateway

B.

S3 Transfer Acceleration

C.

AWS DataSync

D.

AWS Snowhall Edge Storage Optimized

Buy Now
Questions 39

A company has a web application that includes an embedded NoSQL database The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone.

A recent increase in traffic requires the application to be highly available and for the database to be eventually consistent

Which solution will meet these requirements with the LEAST operational overhead*?

Options:

A.

Replace the ALB with a Network Load Balancer Maintain the embedded NoSQL database with its replication service on the EC2 instances

B.

Replace the ALB with a Network Load Balancer Migrate the embedded NoSQL database to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS).

C.

Modify the Auto Scaling group to use EC2 instances across three Availability Zones Maintain the embedded NoSQL database with its replication service on the EC2 instances.

D.

Modify the Auto Scaling group to use EC2 instances across three Availability Zones. Migrate the embedded NoSQL database to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS)

Buy Now
Questions 40

A company has an application that runs on Amazon EC2 instances within a private subnet in a VPC The instances access data in an Amazon S3 bucket in the same AWS Region The VPC contains a NAT gateway in a public subnet to access the S3 bucket The company wants to reduce costs by replacing the NAT gateway without compromising security or redundancy

Which solution meets these requirements?

Options:

A.

Replace the NAT gateway with a NAT instance

B.

Replace the NAT gateway with an internet gateway

C.

Replace the NAT gateway with a gateway VPC endpoint

D.

Replace the NAT gateway with an AWS Direct Connect connection

Buy Now
Questions 41

A company serves a multilingual website from a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) This architecture is currently running in the us-west-1 Region but is exhibiting high request latency for users located in other parts of the world

The website needs to serve requests quickly and efficiently regardless of a user's location However the company does not want to recreate the existing architecture across multiple Regions.

How should a solutions architect accomplish this?

Options:

A.

Replace the existing architecture with a website served from an Amazon S3 bucket Configure an Amazon CloudFront distribution with the S3 bucket as the origin

B.

Configure an Amazon CloudFront distribution with the ALB as the origin Set the cache behavior settings to only cache based on the Accept-Language request header

C.

Set up Amazon API Gateway with the ALB as an integration Configure API Gateway to use an HTTP integration type Set up an API Gateway stage to enable the API cache

D.

Launch an EC2 instance in each additional Region and configure NGINX to act as a cache server for that Region Put all the instances plus the ALB behind an Amazon Route 53 record set with a geolocation routing policy

Buy Now
Questions 42

A solutions architect is designing a new hybrid architecture to extend a company s on-premises infrastructure to AWS The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails

What should the solutions architect do to meet these requirements?

Options:

A.

Provision an AWS Direct Connect connection to a Region Provision a VPN connection as a backup if the primary Direct Connect connection fails.

B.

Provision a VPN tunnel connection to a Region for private connectivity. Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails

C.

Provision an AWS Direct Connect connection to a Region Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails.

D.

Provision an AWS Direct Connect connection to a Region Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.

Buy Now
Questions 43

A company recently launched a new service that involves medical images The company scans the images and sends them from its on-premises data center through an AWS Direct Connect connection to Amazon EC2 instances After processing is complete, the images are stored in an Amazon S3 bucket

A company requirement states that the EC2 instances cannot be accessible through the internet The EC2 instances run in a private subnet, which has a default route back to the on-premises data center for outbound internet access

Usage of the new service is increasing rapidly A solutions architect must recommend a solution that meets the company's requirements and reduces the Direct Connect charges.

Which solution accomplishes these goals MOST cost-effectively?

Options:

A.

Configure a VPC endpoint for Amazon S3 Add an entry to the private subnet's route table for the S3 endpoint

B.

Configure a NAT gateway in a public subnet Configure the private subnet's route table to use the NAT gateway

C.

Configure Amazon S3 as a file system mount point on the EC2 instances Access Amazon S3 through the mount

D.

Move the EC2 instances into a public subnet Configure the public subnet route table to point to an internet gateway

Buy Now
Questions 44

A company runs its production workload on an Amazon Aurora MySQL DB cluster that includes six Aurora Replicas The company wants near-real-time reporting queries from one of its departments to be automatically distributed across three of the Aurora Replicas Those three replicas have a different compute and memory specification from the rest of the DB cluster

Which solution meets these requirements?

Options:

A.

Create and use a custom endpoint for the workload

B.

Create a three-node cluster clone and use the reader endpoint

C.

Use any of the instance endpoints for the selected three nodes

D.

Use the reader endpoint to automatically distribute the read-only workload

Buy Now
Questions 45

A company has multiple AWS accounts with applications deployed in the us-west-2 Region Application logs are stored within Amazon S3 buckets in each account The company wants to build a centralized log analysis solution that uses a single S3 bucket Logs must not leave us-west-2. and the company wants to incur minimal operational overhead.

Which solution meets these requirements and is MOST cost-effective?

Options:

A.

Create an S3 Lifecycle policy that copies the objects from one of the application S3 buckets to the centralized S3 bucket

B.

Use S3 Same-Region Replication to replicate logs from the S3 buckets to another S3 bucket in us-west-2 Use this S3 bucket for log analysis.

C.

Write a script that uses the PutObject API operation every day to copy the entire contents of the buckets to another S3 bucket in us-west-2 Use this S3 bucket for log analysis.

D.

Write AWS Lambda functions in these accounts that are triggered every time logs are delivered to the S3 buckets (s3:ObjectCreated " event) Copy the logs to another S3 bucket in us-west-2 Use this S3 bucket for log analysis

Buy Now
Questions 46

A company manages and runs a critical data management application in containers that are hosted on Amazon Elastic Container Service (Amazon ECS). The application has endpoints that are exposed through Application Load Balancers (ALBs). The application uses an Amazon Elastic File System (Amazon EFS) file system mount for persistent data storage. The company has configured Amazon ECS to use a minimal IAM instance role.

Which combination of actions should a solutions architect take to improve the overall security posture of the application? (Select TWO.)

Options:

A.

Decompose the Amazon ECS IAM instance role. Use only ECS task roles.

B.

Enable EFS encryption in transit to protect data that is being written to Amazon EFS.

C.

Use AWS Config to define patch management policies on the container instances.

D.

Use Amazon Macie integration with Amazon EFS to monitor and protect sensitive information in the file system.

E.

Use Amazon GuardDuty to authenticate data access between the ALBs and the container instances.

Buy Now
Questions 47

A company wants to deploy a new public web application on AWS The application includes a web server tier that uses Amazon EC2 instances The application also includes a database tier that uses an Amazon RDS for MySQL DB instance

The application must be secure and accessible for global customers that have dynamic IP addresses

How should a solutions architect configure the security groups to meet these requirements'?

Options:

A.

Configure the security group tor the web servers lo allow inbound traffic on port 443 from 0.0.0. 0/0) Configure the security group for the DB instance to allow inbound traffic on port 3306 from the security group of the web servers

B.

Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers Configure the security group for the DB instance lo allow inbound traffic on port 3306 from the security group of the web servers

C.

Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers Configure the security group for the DB instance to allow inbound traffic on port 3306 from the IP addresses of the customers

D.

Configure the security group for the web servers to allow inbound traffic on port 443 from 0.0.0.0.0 Configure the security group for the DB instance to allow inbound traffic on port 3306 from 0.0.0.0/0)

Buy Now
Questions 48

A company uses Application Load Balancers (ALBs) in different AWS Regions The ALBs receive inconsistent traffic that can spike and drop throughout the year The company's networking team needs to allow the IP addresses of the ALBs in the on-premises firewall to enable connectivity

Which solution is the MOST scalable with minimal configuration changes?

Options:

A.

Write an AWS Lambda script to get the IP addresses of the ALBs in different Regions. Update the on-premises firewall's rule to allow the IP addresses of the ALBs

B.

Migrate all ALBs in different Regions to the Network Load Balancers (NLBs) Update the on-premises firewall's rule to allow the Elastic IP addresses of all the NLBs

C.

Launch AWS Global Accelerator Register the ALBs in different Regions to the accelerator Update the on-premises firewall's rule to allow static IP addresses associated with the accelerator

D.

Launch a Network Load Balancer (NLB) in one Region Register the private IP addresses of the ALBs in different Regions with the NLB. Update the on-premises firewall's rule to allow the Elastic IP address attached to the NLB.

Buy Now
Questions 49

A company has several business systems that require access to data stored in a file share. The business systems will access the die share using the Server Message Block (SMB) protocol. The file share solution should be accessible from both of the company's legacy on-premises environments and with AWS

Which services meet the business requirements? (Select TWO )

Options:

A.

Amazon EBS

B.

Amazon EFS

C.

Amazon FSx for Windows

D.

Amazon S3

E.

AWS Storage Gateway file gateway

Buy Now
Questions 50

A company wants to relocate its on-premises MySQL database to AWS The database accepts regular imports from a client-facing application when causes a high volume of write operations. The company is concerned that the amount of traffic might be causing performance issues within the application.

How should a solutions architect design the architecture on AWS?

Options:

A.

Provision an Amazon RDS for MySQL DB instance with Provisioned IOPS SSD storage Monitor write operation metrics by using Amazon CloudWatch Adjust the provisioned IOPS if necessary

B.

Provision an Amazon RDS tor MySQL 06 instance with General Purpose SSD storage Place an Amazon ElastiCache duster in front of the DB instance Configure the application to query ElastiCache instead

C.

Provision an Amazon DocumentDB (with MongoDB compatibility) instance with a memory optimized instance type. Monitor Amazon CloudWatch tor performance-related issues Change the instance class it necessary

D.

Provision an Amazon Elastic File System (Amazon EFS) He system in General Purpose performance mode Monitor Amazon CloudWatch tor IOPS bottlenecks Change to Provisioned Throughput performance mode if necessary.

Buy Now
Questions 51

A company wants to replicate its data to AWS to recover in the event of a disaster Today a system administrator has scripts that copy data to a NFS share Individual backup files need to be accessed with low latency by application administrators to deal with errors in processing

What should a solutions architect recommend to meet these requirements?

Options:

A.

Modify the script to copy data to an Amazon S3 bucket instead of the on-premises NFS share

B.

Modify the script to copy data to an Amazon S3 Glacier Archive instead of the on-premises NFS share

C.

Modify the script to copy data to an Amazon Elastic File System (Amazon EFS) volume instead of the on-premises NFS share

D.

Modify the script to copy data to an AWS Storage Gateway for File Gateway virtual appliance instead of the on-premises NFS share

Buy Now
Questions 52

A solution architect has configured the following IAM policy.

Which action will be allowed by the policy?

Which action will be allowed by the policy?

Options:

A.

An AWS Lambda function can be deleted from any network.

B.

An AWS Lambda function can be created from any network.

C.

An AWS Lambda function can be deleted from the 100.220.0.0/20 network.

D.

An AWS Lambda function can be deleted from the 220.100.16.0/20 network

Buy Now
Questions 53

A company hosts its application in the AWS Cloud. The application runs on Amazon EC2 instances behind an Elastic Load Balancer in an Auto Scaling group and with an Amazon DynamoDB table. The company wants to ensure the application can be made available in another AWS Region with minimal downtime.

What should a solutions architect do to meet these requirements with the LEAST amount of downtime?

Options:

A.

Create an Auto Scaling group and a load balancer in the disaster recovery Region. Configure the DynamoDB table as a global table. Configure DNS failover to point to the new disaster recovery Region's load balancer.

B.

Create an AWS CloudFormation template to create EC2 instances, load balancers, and DynamoDB tables to be launched when needed. Configure DNS failover to point to the new disaster recovery Region's load balancer.

C.

Create an AWS CloudFormation template to create EC2 instances and a load balancer to be launched when needed. Configure the DynamoDB table as a global table. Configure DNS failover to point to the new disaster recovery Region's load balancer.

D.

Create an Auto Scaling group and load balancer in the disaster recovery Region. Configure the DynamoDB table as a global table. Create an Amazon CloudWatch alarm to trigger an AWS Lambda function that updates Amazon Route 53 pointing to the disaster recovery load balancer.

Buy Now
Questions 54

A company has hundreds of Amazon EC2 Linux-based instances in the AWS Cloud. Systems administrators have used shared SSH keys to manage the instances After a recent audit, the company's security team is mandating the removal of all shared keys. A solutions architect must design a solution that provides secure access to the EC2 instances.

Which solution will meet this requirement with the LEAST amount of administrative overhead?

Options:

A.

Use AWS Systems Manager Session Manager to connect to the EC2 instances.

B.

Use AWS Security Token Service (AWS STS) to generate one-time SSH keys on demand.

C.

Allow shared SSH access to a set of bastion instances. Configure all other instances to allow only SSH access from the bastion instances

D.

Use an Amazon Cognito custom authorizer to authenticate users. Invoke an AWS Lambda function to generate a temporary SSH key.

Buy Now
Questions 55

A social media company wants to allow its users to upload images in an application that is hosted in the AWS Cloud. The company needs a solution that automatically resizes the images so that the images can be displayed on multiple device types. The application experiences unpredictable traffic patterns throughout the day The company is seeking a highly available solution that maximizes scalability.

What should a solutions architect do to meet these requirements?

Options:

A.

Create a static website hosted in Amazon S3 that invokes AWS Lambda functions to resize the images and store the images in an Amazon S3 bucket

B.

Create a static website hosted in Amazon CloudFront that invokes AWS Step Functions to resize the images and store the images in an Amazon RDS database

C.

Create a dynamic website hosted on a web server that runs on an Amazon EC2 instance Configure a process that runs on the EC2 instance to resize the images and store the images in an Amazon S3 bucket.

D.

Create a dynamic website hosted on an automatically scaling Amazon Elastic Container Service (Amazon ECS) cluster that

creates a resize job in Amazon Simple Queue Service (Amazon SQS) Set up an image-resizing program that runs on an Amazon EC2 instance to process the resize jobs.

Buy Now
Questions 56

A solutions architect is implementing a document review application using an Amazon S3 bucket for storage. The solution must prevent accidental deletion of the documents and ensure that all versions of the documents are available Users must be able to download, modify, and upload documents.

Which combination of actions should be taken to meet these requirements? (Select TWO.)

Options:

A.

Enable a read-only bucket ACL

B.

Enable versioning on the bucket.

C.

Attach an IAM policy to the bucket

D.

Enable MFA Delete on the bucket.

E.

Encrypt the bucket using AWS KMS.

Buy Now
Questions 57

A company runs an online marketplace web application on AWS. The application serves hundreds of thousands of users during peak hours. The company needs a scalable, near-real-time solution to share the details of millions of financial transactions with several other internal applications Transactions also need to be processed to remove sensitive data before being stored in a document database for low-latency retrieval

What should a solutions architect recommend to meet these requirements?

Options:

A.

Store the transactions data into Amazon DynamoDB Set up a rule in DynamoDB to remove sensitive data from every transaction upon write Use DynamoDB Streams to share the transactions data with other applications

B.

Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3 Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive data. Other applications can consume the data stored in Amazon S3

C.

Stream the transactions data into Amazon Kinesis Data Streams Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in Amazon DynamoDB Other applications can consume the transactions data off the Kinesis data stream.

D.

Store the batched transactions data in Amazon S3 as files. Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon S3 The Lambda function then stores the data in Amazon DynamoDB Other applications can consume transaction files stored in Amazon S3.

Buy Now
Questions 58

A company hosts a popular website in the AWS Cloud, A solutions architect needs to provide reports about user click behaviour in near-real time as users navigate the website.

Which solution will meet this requirement

Options:

A.

Store the clickstream data in Amazon DynamoDB. Deploy an application that runs on AWS Elastic Beanstalk to process and analyze the data.

B.

Push the clickstream data from each session to an Amazon Kinesis data stream Analyze the dab by using Amazon Kinesis Data Analytics.

C.

Store the clickstream data in an Amazon S3 bucket. Order the data by timestamp Process the data with an AWS Lambda function that is subscribed to object creation events on the S3 bucket.

D.

Forward the clickstream data to Amazon Simple Queue Service (Amazon SOS) Store the data In an Amazon ROS for MySQL DB instance. Deploy Amazon FC2 Instances to process and analyze the data

Buy Now
Questions 59

A company hosts a three-tier ecommerce application on a fleet of Amazon EC2 instances. The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) All ecommerce data is stored in an Amazon RDS for ManaDB Multi-AZ DB instance

The company wants to optimize customer session management during transactions The application must store session data durably

Which solutions will meet these requirements? (Select TWO )

Options:

A.

Turn on the sticky sessions feature (session affinity) on the ALB

B.

Use an Amazon DynamoOB table to store customer session information

C.

Deploy an Amazon Cognito user pool to manage user session information

D.

Deploy an Amazon ElastiCache for Redis cluster to store customer session information

E.

Use AWS Systems Manager Application Manager in the application to manage user session information

Buy Now
Questions 60

A company has a dynamic web application hosted on two Amazon EC2 instances The company has its own SSL certificate which is on each instance to perform SSL termination.

There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit.

What should a solutions architect do to increase the application's performance^

Options:

A.

Create a new SSL certificate using AWS Certificate Manager (ACM) install the ACM certificate on each instance

B.

Create an Amazon S3 bucket Migrate the SSL certificate to the S3 bucket Configure the EC2 instances to reference the bucket for SSL termination

C.

Create another EC2 instance as a proxy server Migrate the SSL certificate to the new instance and configure it to direct connections to the existing EC2 instances

D.

Import the SSL certificate into AWS Certificate Manager (ACM) Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM

Buy Now
Questions 61

A company develops web applications. As part of its development process, the company constantly launches and deletes Application Load Balancers (ALBs) in multiple AWS Regions.

The company wants to create an allow list on its firewall device. The allow list will contain the IP addresses of an the load balancers. A solutions architect needs a one-line, highly available solution that will accomplish that goal and will help reduce the number of IP addresses that the firewall needs to allow.

Which solution will meet these requirements with the LEAST amount of operational overhead?

Options:

A.

Create an AWS Lambda function to keep track of the IP addressee tor al the ALBs in different Regions. Keep refreshing this list.

B.

Set up a Network Load Balancer (NLB) with Elastic IP addresses Register the private IP addresses of all the ALBs as targets for the NLB

C.

Launch AWS Global Accelerator Create endpoints for each of the Regions that are m use. Register all the ALBs in the Regions to the corresponding endpoints.

D.

Set up an Amazon EC2 Instance Assign an Elastic IP address to the EC2 instance. Configure the EC2 instance as a proxy to forward traffic to all the ALBs

Buy Now
Questions 62

A company wants to use an AWS Region as a disaster recovery location for its on-premises infrastructure. The company has 10 TB of existing data and the on-premises data center has a 1Gbps internet connection A solution architect must find a solution so the company can have its existing data on AWS in 72 hours without transmitting it using an unencrypted channel.

Which solution should the solutions architect

select

Options:

A.

Send the initial 10 TB of data to AWS using FTP.

B.

Send the initial 10 TB of data lo AWS using AWS Snowball.

C.

Establish a VPN connection between Amazon VPC and the company's data center

D.

Establish an AWS Direct Connect connection between Amazon VPC and the company's data canter

Buy Now
Questions 63

A company wants to move a multi-tiered application from on premises to the AWS Cloud to improve the application’s performance. The application consists of application tiers that communicate with each other by way of

Which solution moots these and is the MOST operationally efficient?

Options:

A.

Use Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer Use Amazon Simple Queue Service (Amazon SOS) as the communication layer between application services.

B.

Use Amazon CloudWatch metrics to analyze the application performance history to determine the servers' peak utilization during the performance failures Increase the size or the application servers Amazon EC2 instance to meet the peak requirements

C.

Use Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 m an Auto Scaling group Use Amazon CloudWatch to monitor the SNS queue length and scale up and down as required.

D.

Use Amazon Simple Queue Service (Amazon SOS) to handle the messaging between application servers running on Amazon EC2 In an Auto Seeing group Use Amazon CloudWatch to monitor the SOS queue length and scale up when communication failures are detected.

Buy Now
Questions 64

A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege Company managers are wonted about accidental deletion of documents in the S3 bucket and want a more secure solution

What should a solutions architect do to secure the audit documents?

Options:

A.

Enable the versioning and MFA Delete features on the S3 bucket.

B.

Enable multi-factor authentication (UFA) on the IAM user credentials for each audit team IAM user account.

C.

Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3 DekaeObject action during audit dates

D.

Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit learn IAM user accounts from accessing the KMS key.

Buy Now
Questions 65

A company needs to save the results from a medical trial to an Amazon S3 repository. The repository must allow a few scientists to add new dies and must restrict all other users to read-only access No users can have the ability to modify or delete any files in the repository. The company must heap every lie in the repository for a minimum of 1 year after its creation date.

Which solution will meet these requirements?

Options:

A.

Use S3 Object Lock In governance mode with a legal hold of 1 year

B.

Use S3 Object Lock in compliance mode with a retention period of 365 days.

C.

Use an IAM role to restrict all users from deleting or changing objects in the S3 bucket Use an S3 bucket policy to only allow the IAM role

D.

Configure the S3 bucket to invoke an AWS Lambda function every tune an object is added Configure the function to track the hash of the saved object to that modified objects can be marked accordingly

Buy Now
Questions 66

A development team is collaborating with another company to create an integrate product. The other company needs to access an Amazon Simple Queue Service (Amazon SOS) queue that is contained in the development team's account. The other company wants to poll the queue without giving up its own account permissions to do so.

How should a solutions architect provide access to the 303 queue?

Options:

A.

Create an Instance profile that provides the other company access to the SOS queue

B.

Create an IAM policy that provides the other company access to the SOS queue.

C.

Create an SOS access policy that provides the other company access to the SOS queue

D.

Create an Amazon Simple Notification Service (Amazon SNS) aeons policy that provides the other company access to the SOS queue

Buy Now
Questions 67

A company runs an application in the AWS Cloud and uses Amazon DynamoDB as the database. The company deploys Amazon EC2 instances to a private network to process data horn the database. The company uses two NAT instances to provide connectivity lo DynamoDB

The company wants to retire the NAT instances. A solutions architect must implement a solution that provides connectivity to DynamoDB and that does not require ongoing management

What Is the MOST cost-effective solution that meets these requirements?

Options:

A.

Create a gateway VPC endpoint to provide connectivity to DynamoDB.

B.

Configure a managed NAT gateway to provide connectivity to DynamoDB.

C.

Establish an AWS Direct Connect connection behaviour to private network and DynamoDB.

D.

Deploy an AWS PrivateLink endpoint service between the private network and DynamoDB.

Buy Now
Questions 68

A company is using a fleet of Amazon EC2 instances to ingest data from on-premises data sources. The data is in JSON format and Ingestion rates can be as high as 1 MB/s. When an EC2 instance is rebooted, the data in-flight is lost. The company's data science team wants to query Ingested data In near-real time.

Which solution provides near-real -time data querying that is scalable with minimal data loss?

Options:

A.

Publish data to Amazon Kinesis Data Streams Use Kinesis data Analytics to query the data.

B.

Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination Use Amazon Redshift to query the data

C.

Store ingested data m an EC2 Instance store Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destination. Use Amazon Athena to query the data.

D.

Store ingested data m an Amazon Elastic Block Store (Amazon EBS) volume Publish data to Amazon ElastiCache tor Red Subscribe to the Redis channel to query the data

Buy Now
Questions 69

A company wants to host a scalable web application on AWS The application will be accessed by users from different geographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost-effective solution to minimize upload and download latency and maximize performance

What should a solutions architect do to accomplish this?

Options:

A.

Use Amazon S3 with Transfer Acceleration to host the application.

B.

Use Amazon S3 with CacheControl headers to host the application.

C.

Use Amazon EC2 with Auto Scaling and Amazon CloudFront to host the application

D.

Use Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the application

Buy Now
Questions 70

A company has several Amazon EC2 instances set up m a private subnet for security reasons. These instances host applications that read and write large amounts of data to end from Amazon S3 regularly. Currently subnet routing directs all the traffic destined for the internet through a NAT gateway. The company wants to optimize the overall coat without impacting the ability of the application to communication Amazon S3 or the outside internet.

What should a solutions architect do to optimize costs?

Options:

A.

Create an additional NAT gateway. Update the route table to route to the NAT gateway Update the network ACL lo allow S3 traffic

B.

Create an internet gateway Update the route table to route traffic to the internet gateway Update the network ACL to allow S3 traffic

C.

Create a VPC endpoint for Amazon S3 Attach an endpoint policy to the endpoint Update the route table lo direct traffic to the VPC endpoint.

D.

Create an AWS Lambda function outside of the VPC to handle S3 requests Attach an IAM policy to the EC2 instances, allowing them to invoke the Lambda function.

Buy Now
Questions 71

A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that is located in the same AWS account. Which solution will meet these requirement in the MOST secure manner?

Options:

A.

Apply an S3 bucket pokey that grants road access to the S3 bucket

B.

Apply an IAM role to the Lambda function Apply an IAM policy to the role to grant read access to the S3 bucket

C.

Embed an access key and a secret key In the Lambda function's coda to grant the required IAM permissions for read access to the S3 bucket

D.

Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to all S3 buckets In the account

Buy Now
Questions 72

A company is running a multi-tier recommence web application in the AWS Cloud. The application runs on Amazon EC2 instances with an Amazon RDS for MySQL Multi-AZ OB instance. Amazon ROS is configured with the latest generation DB instance with 2.000 GB of storage In a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBSl volume. The database performance affects the application during periods high demand.

A database administrator analyzes the logs in Amazon CloudWatch Logs and discovers that the application performance always degrades when the number of read and write IOPS is higher than 20.000.

What should a solutions architect do to improve the application performance?

Options:

A.

Replace the volume with a magnetic volume.

B.

Increase the number of IOPS on the gp3 volume.

C.

Replace the volume with a Provisioned IOPS SSD (Io2) volume.

D.

Replace the 2.000 GB gp3 volume with two 1.000 GB gp3 volumes

Buy Now
Questions 73

A company is running several business applications in three separate VPCs within the us-east-1 Region. The applications must be able to communicate between VPCs. The applications also must be able to consistently send hundreds of gigabytes of data each day to a latency-sensitive application that runs in a single on-premises data center.

A solutions architect needs to design a network connectivity solution that maximizes cost-effectiveness.

Which solution meets these requirements?

Options:

A.

Configure three AWS Site-to-Site VPN connections from the data center to AWS. Establish connectivity by configuring one VPN connection for each VPC.

B.

Launch a third-party virtual network appliance in each VPC. Establish an IPsec VPN tunnel between the data center and each virtual appliance.

C.

Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway In us-easl-1. Establish connectivity by configuring each VPC to use one of the Direct Connect connections.

D.

Set up one AWS Direct Connect connection from the data center lo AWS Create a transit gateway, and attach each VPC to the transit gateway. Establish connectivity between the Direct Connect connection and the transit gateway.

Buy Now
Questions 74

A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda. The application’s traffic recently spiked due to fraudulent requests from botnets.

Which steps should a solutions architect take to block requests from unauthorized users? (Select TWO.)

Options:

A.

Create a usage plan with an API key that it shared with genuine users only.

B.

Integrate logic within the Lambda function to ignore the requests lion- fraudulent IP addresses

C.

Implement an AWS WAF rule to target malicious requests and trigger actions to filler them out

D.

Convert the existing public API to a private API Update the DNS records to redirect users to the new API endpoint

E.

Create an IAM role tor each user attempting to access the API A user will assume the role when making the API call

Buy Now
Questions 75

A solutions architect Is designing a new API using Amazon API Gateway that will receive requests from users. The volume of requests is highly variable: several hours can pass without receiving a single request. The data processing will take place asynchronously, but should be completed within a few seconds after a request la made.

Which compute service should the solutions architect have the API invoke to deliver the requirements at the lowest cost?

Options:

A.

An AWS Glue job

B.

An AWS Lambda function

C.

A containerized service hosted in Amazon Elastic Kubemetes Service {Amazon EKS)

D.

A containerized service hosted in Amazon ECS with Amazon EC2

Buy Now
Questions 76

A company is running a mission-critical application on Amazon EC2 instances henna an Application Load Balancer The instances run in an Auto Scaling group in a single AWS Region The application is using a database in Ama2on Aurora as the data tier. A recent audit revealed that the current deployment of Aurora is not highly available.

What should a solutions architect do to improve the availability of the database

Options:

A.

Configure an Aurora Replica

B.

Configure storage replication.

C.

Configure storage auto scaling.

D.

Configure cross-Region replication

Buy Now
Questions 77

A company collects 10 GB of telemetry data dairy from various machines. The company stores the data in an Amazon S3 bucket in a source data account.

The company has hired several consuming agencies to use this data for analysis. Each agency needs read access to the data for its analysis. The company must share the data from tie source data account by choosing a solution that maximizes security and operational efficiency. Which solution will meet these requirements?

Options:

A.

Configure S3 global tables to replicate data tor each agency

B.

Make the S3 bucket public for a limited time Inform only the agencies

C.

Configure cross-account access for the S3 bucket to the accounts that the agencies own.

D.

Set up an IAM user for each analyst In the source data account Grant each user access to the S3 bucket

Buy Now
Questions 78

A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database funning on Amazon EC2. The company wants this application to be highly available with tow operational complexity

Which architecture otters the HGHEST availability?

Options:

A.

Add a second ActiveMQ server to another Availably Zone Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone.

B.

Use Amazon MO with active/standby brokers configured across two Availability Zones Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone.

C.

Use Amazon MO with active/standby blotters configured across two Availability Zones. Add an additional consumer EC2 instance in another Availability Zone. Use Amazon ROS tor MySQL with Multi-AZ enabled.

D.

Use Amazon MQ with active/standby brokers configured across two Availability Zones Add an Auto Scaling group for the consumer EC2 instances across two Availability Zones. Use Amazon RDS (or MySQL with Multi-AZ enabled.

Buy Now
Questions 79

A company allows its developers to attach existing IAM policies to existing IAM roles to enable faster experimentation and agility. However, the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies.

How should a solution architect address this issue?

Options:

A.

Create an Amazon SNS topic to send an alert every time a developer create a new policy.

B.

Use service control policies to disable IAM across all account in the organizational unit.

C.

Prevent the developers from attaching any policies and duties to the security option team.

D.

Set an IAM permission boundary on the developer IAM role that explicitly denies of attaching the administrator policy

Buy Now
Questions 80

The application's traffic is often low. but it occasionally grows significantly. During these sudden increases in traffic, DynamoDB returns throttling errors. The result is that error pages are displayed to end users.

What should a solutions architect do to reduce these errors?

Options:

A.

Change the DynamoDB table to use on-demand capacity mode.

B.

Create a DynamoDB read replica to scale the read traffic horizontally.

C.

Purchase DynamoDB reserved capacity of 1,000 RCUs and 500 WCUs.

D.

Configure the application to use strongly consistent reads for DynamoDB queries.

Buy Now
Questions 81

A company has two VPCs that are located in the us-west-2 Region within the same AWS account. The company needs to allow network traffic between these VPCs. Approximately 500 GB of data transfer will occur between the VPCs each month.

What is the MOST cost-effective solution to connect these VPCs'?'

Options:

A.

Implement AWS Transit Gateway to connect the VPCs Update the route tables of each VPC to use the transit gateway for inter-VPC communication

B.

Implement an AWS Site-to-Stte VPN tunnel between the VPCs. Update the route tables of each VPC to use the VPN tunnel for inter-VPC communication

C.

Set up a VPC peering connection between the VPCs. Update the route tables of each VPC to use the VPC peering connection for inter-VPC communication.

D.

Set up a 1 GB AWS Direct Connect connection between the VPCs. Update the route tables of each VPC to use the Direct Connect connection for inter-VPC communication.

Buy Now
Exam Code: SAA-C02
Exam Name: AWS Certified Solutions Architect - Associate (SAA-C02)
Last Update: Jan 20, 2022
Questions: 550
$72  $159.99
$54  $119.99
$45  $99.99
buy now SAA-C02