Unlock your Full SAA-C02 Amazon Web Services Stable Exam

AWS Certified Solutions Architect - Associate (SAA-C02) Questions and Answers

Question 1

A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that is located in the same AWS account. Which solution will meet these requirement in the MOST secure manner?

Options:

Apply an S3 bucket pokey that grants road access to the S3 bucket

Apply an IAM role to the Lambda function Apply an IAM policy to the role to grant read access to the S3 bucket

Embed an access key and a secret key In the Lambda function's coda to grant the required IAM permissions for read access to the S3 bucket

Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to all S3 buckets In the account

Question 2

A company runs an application on an Amazon EC2 instances backed by Amazon Elastic Block Store (Amazon EBS). The instances needs to be available for 12 hours daily. The company wants to save costs by making the instance outside the window required for the application. However, the contents of the memory must be preserved whenever the instance is unavailable.

What should a solutions architect do lo meet this requirement?

Options:

Stop the instance outside the application's availability window Start up the instance again when required

Hibernate the instance outside the application's availability window Start up the instance again when required

Use Auto Scaling to scale down the instance outside the application's availability window Scale up the instance when required.

Terminate the instance outside the application's availability window Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required

Question 3

A company is hosting a web application from an Amazon S3 bucket. The application uses Amazon Cognito as an identity provider lo authenticate users and return a JSON Web Token (JWT) that provides access to protected resources that am restored in another S3 bucket.

Upon deployment of the application, users report errors and are unable to access the protected content. A solutions architect must resolve this issue by providing proper permissions so that users can access the protected content.

Which solution meets these requirements?

Options:

Update the Amazon Cognito identity pool to assume the proper IAM role for access to the protected consent.

Update the S3 ACL to allow the application to access the protected content

Redeploy the application to Amazon 33 to prevent eventually consistent reads m the S3 bucket from affecting the ability of users to access the protected content.

Update the Amazon Cognito pool to use custom attribute mappings within tie Identity pool and grant users the proper permissions to access the protected content

Question 4

A company plant to host a survey website on AWS The company anticipates an unpredictable amount of traffic This traffic results m asynchronous updates to the database. The company wants to ensure mat writes to the database hosted on AWS do not gel dropped

How should the company write its application to hand to these database requests?

Options:

Configure the application to publish to an Amazon Simple Notification Service (Amazon SNS) topic Subscribe the database to the SNS topic.

Configure the application to subscribe to an Amazon Simple Notification Service (Amazon SNS) topic. Publish the database updates to the SNS topic

Use Amazon Simple Queue Service (Amazon SOS) FIFO queues to queue the database connection until the database has resources to wrist the data.

Use Amazon Simple Queue Service (Amazon SOS) FIFO queues tor capturing the writes and draining the queue as each write is made to the database.

Question 5

A company runs an application In a branch office within a small data closet with no vitalized compute resources. The application data is stored on an NFS volume Compliance standards require a daily offsite backup of the NFS volume.

Which solution meets these requirements?

Options:

Install an AWS Storage Gateway fie gateway on premises to replicate the data to Amazon S3

Install an AWS Storage Gateway fie gateway hardware appliance on premises to replicate the data to Amazon S3.

Install an AWS Storage Gateway volume gateway with stored volumes on premises to replicate the data to Amazon S3

Install an AWS Storage Gateway volume gateway with cached volumes on premises to replicate the data to Amazon S3.

Question 6

A company is hosting its website by using Amazon EC2 instances behind an Elastic Load balancer across multiple Availability Zones. The instances run in an EC2 Scaling group. The website uses Amazon Elastic Block Store (Amazon EBS) volume to store product manuals for users to download. The company updates the product content often, so new instances launched by the Auto Scaling group often have data. It can take to 30 minutes for the new instances to receive all the updates. The updates also require the EBS volumes to be resized during business hours.

The company wants to ensure that the product manuals are always up to data on all instances and that the architecture adjusts quickly to increased user demand. A solutions architect needs to meet these requirements without causing the company lo update Its application code or adjust its website

What should the solutions architect do to accomplish this goal?

Options:

Store the product manuals in an EBS volume Mount that volume to the EC2 instances

Store the product manuals in an Amazon S3 bucket Redirect the downloads to this bucket

Store the product manuals in an Amazon Elastic File System (Amazon EFS) volume. Mount that volume to the EC2 instances

Store the product manuals in an Amazon S3 Standard-Infrequent Access (S3 Standard-IA) bucket. Redirect the downloads to this bucket

Question 7

A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet.

Which capability should the solutions architect use to meet the compliance requirements?

Options:

AW3 Key Management Service (AWS KMS)

VPC endpoint

Private subnet

Virtual private gateway

Question 8

A company needs to save the results from a medical trial to an Amazon S3 repository. The repository must allow a few scientists to add new dies and must restrict all other users to read-only access No users can have the ability to modify or delete any files in the repository. The company must heap every lie in the repository for a minimum of 1 year after its creation date.

Which solution will meet these requirements?

Options:

Use S3 Object Lock In governance mode with a legal hold of 1 year

Use S3 Object Lock in compliance mode with a retention period of 365 days.

Use an IAM role to restrict all users from deleting or changing objects in the S3 bucket Use an S3 bucket policy to only allow the IAM role

Configure the S3 bucket to invoke an AWS Lambda function every tune an object is added Configure the function to track the hash of the saved object to that modified objects can be marked accordingly

Question 9

A company has an application that scans millions of connected devices for security threats and pushes the scan logs to an Amazon S3 bucket. A total of 70 GB of data is generated each week, and the company needs to store 3 years of data for historical reporting. The company must process aggregate, and enrich the data from Amazon S3 by performing complex analytical queries and joins in the least amount of time The aggregated dataset is visualized on an Amazon QuickSight dashboard.

What should a solutions architect recommend to meet these requirements?

Options:

Create and run an ETL job in AWS Glue to process the data from Amazon S3 and load it into Amazon Redshift Perform the aggregation queries on Amazon Redshift

Use AWS Lambda functions based on S3 PutObject event triggers to copy the incremental changes to Amazon DynamoDB Perform the aggregation queries on DynamoDB.

Use AWS Lambda functions based on S3 PutObject event triggers to copy the incremental changes to Amazon Aurora MySQL Perform the aggregation queries on Aurora MySQL.

Use AWS Glue to catalog the data in Amazon S3. Perform the aggregation queries on the cataloged tables by using Amazon Athena Query the data directly from Amazon S3

Question 10

A company has primary and secondary data canters that are 500 miles (804.7 km) apart and Interconnected with high-speed fiber.optic cable. The company needs a highly available and secure network connection between its data centers and a VPC on AWS for a mission-critical workload A solutions architect must choose a connection solution that provides maximum resiliency. Which solution meets these requirements?

Options:

Two AWS Direct Connect connections from the primary data center terminating at two Direct Connect locations on two separate devices

A single AWS Direct Connect connection from each of the primary and secondary data centers terminating at one Direct Connect location on the same device

Two AWS Direct Connect connections from each of the primary and secondary data centers terminating at two Direct Connect locations on two separate devices

A single AWS Direct Connect connection from each of the primary and secondary data centers terminating at one Direct Conned location on two separate devices

Question 11

A company has a mutt-tier application deployed on several Amazon EC2 instances m an Auto Scaling group. An Amazon RDS for Oracle instance is the application’s data layer that uses Oracle-specific

PL/'SQL functions. Traffic to the application has been steadily Increasing. This is causing the EC2 instances to become overloaded and the RDS instance to run out of storage. The Auto Scaling group does not have any scaling metrics and defines the minimum healthy instance count only. The company predicts that traffic will continue to increase at a steady but unpredictable rate before levelling off.

What should a solutions architect do to ensure the system can automatically scale for the increased traffic? (Select TWO.)

Options:

Configure storage Auto Scaling on the RDS for Oracle Instance.

Migrate the database to Amazon Aurora to use Auto Scaling storage.

Configure an alarm on the RDS for Oracle Instance for low free storage space

Configure the Auto Scaling group to use the average CPU as the scaling metric

Configure the Auto Scaling group to use the average free memory as the seeing metric

Question 12

A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.

Options:

Attach a resource-based policy lo the S3 bucket

Create an IAM user for the application with specific permissions to the S3 bucket

Associate an IAM role with least privilege permissions lo the EC2 instance profile

D Store AWS a credential directly on the EC2 instance for applications on the instance to use for API calls

Question 13

A company wants to move a multi-tiered application from on premises to the AWS Cloud to improve the application’s performance. The application consists of application tiers that communicate with each other by way of

Which solution moots these and is the MOST operationally efficient?

Options:

Use Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer Use Amazon Simple Queue Service (Amazon SOS) as the communication layer between application services.

Use Amazon CloudWatch metrics to analyze the application performance history to determine the servers' peak utilization during the performance failures Increase the size or the application servers Amazon EC2 instance to meet the peak requirements

Use Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 m an Auto Scaling group Use Amazon CloudWatch to monitor the SNS queue length and scale up and down as required.

Use Amazon Simple Queue Service (Amazon SOS) to handle the messaging between application servers running on Amazon EC2 In an Auto Seeing group Use Amazon CloudWatch to monitor the SOS queue length and scale up when communication failures are detected.

Question 14

A company has several Amazon EC2 instances set up m a private subnet for security reasons. These instances host applications that read and write large amounts of data to end from Amazon S3 regularly. Currently subnet routing directs all the traffic destined for the internet through a NAT gateway. The company wants to optimize the overall coat without impacting the ability of the application to communication Amazon S3 or the outside internet.

What should a solutions architect do to optimize costs?

Options:

Create an additional NAT gateway. Update the route table to route to the NAT gateway Update the network ACL lo allow S3 traffic

Create an internet gateway Update the route table to route traffic to the internet gateway Update the network ACL to allow S3 traffic

Create a VPC endpoint for Amazon S3 Attach an endpoint policy to the endpoint Update the route table lo direct traffic to the VPC endpoint.

Create an AWS Lambda function outside of the VPC to handle S3 requests Attach an IAM policy to the EC2 instances, allowing them to invoke the Lambda function.

Question 15

A company has a popular gaming platform running on AWS. The application is sensitive to latency because latency can impact the user experience and Introduce unfair advantages to some prayers. The application la deployed In a very AWS Region. It runs on Amazon FC2 Instances Vial are part of Auto Scaling groups configured behind Application Load Balancers (ALBs) A solutions architect needs to implement a mechanism to monitor the hearth of the application and redirect traffic to healthy endpoints.

Which solution meets these requirements?

Options:

Configure an accelerator In AWS Global Accelerator Add a listens for the port that the application listens on. and attach it to a Regional endpoint m each Region Add the ALB as the endpoint

Create an Amazon CloudFron4t distribution and specify the ALB as the origin server Configure the cache behaviour to use origin cache headers Use AWS Lambda functions to optimize the traffic

Create an Amazon CloudFront distribution and specify Amazon S3 as the origin server. Configure tie cache behaviour to use origin cache headers Use AWS Lambda functions to optimize the traffic

Configure an Amazon DynamoDB database to serve as the data store tor the application Create a DynamoDB Accelerator (DAX) cluster to act as the m-memory cache for DynamoDB hosting the

application data

Question 16

A company is running an application on AWS to process weather sensor data that is stored in an Amazon S3 bucket. Three batch jobs run hourly to process the data in the S3 bucket for different purposes. The company wants to reduce the overall processing time by running. The three applications in parallel using an event-based approach.

What should a solutions architect do to meet these requirements?

Options:

Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SOS) FIFO queue Subscribe al applications to the queue for processing.

Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SOS) standard queue Create an additional SOS queue for all applications, and subscribe all applications to the meal queue for processing.

Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SOS) FIFO queues Create an additional SOS queue (or each application and subscribe each queue to the initial topic for processing

Enable S3 Event Notifications tor new objects to an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon Simple Queue Service (Amazon SOS) queue for each application, and subscribe each queue to the topic for processing

Question 17

A company hosts a popular website in the AWS Cloud, A solutions architect needs to provide reports about user click behaviour in near-real time as users navigate the website.

Which solution will meet this requirement

Options:

Store the clickstream data in Amazon DynamoDB. Deploy an application that runs on AWS Elastic Beanstalk to process and analyze the data.

Push the clickstream data from each session to an Amazon Kinesis data stream Analyze the dab by using Amazon Kinesis Data Analytics.

Store the clickstream data in an Amazon S3 bucket. Order the data by timestamp Process the data with an AWS Lambda function that is subscribed to object creation events on the S3 bucket.

Forward the clickstream data to Amazon Simple Queue Service (Amazon SOS) Store the data In an Amazon ROS for MySQL DB instance. Deploy Amazon FC2 Instances to process and analyze the data

Question 18

A company has an on-premises MySQL database used by the global tales team with infrequent access patterns. The sales team requires the database to have minimal downtime. A database administrate wants to migrate this database to AWS without selecting a particular instance type in anticipation of more users In the future.

Which service should a solutions architect recommend?

Options:

Amazon Aurora MySQL

Amazon Aurora Serverless tor MySQL

Amazon Redshift Spectrum

Amazon RDS for MySQL

Question 19

A solutions architect is implementing a document review application using an Amazon S3 bucket for storage. The solution must prevent accidental deletion of the documents and ensure that all versions of the documents are available Users must be able to download, modify, and upload documents.

Which combination of actions should be taken to meet these requirements? (Select TWO.)

Options:

Enable a read-only bucket ACL

Enable versioning on the bucket.

Attach an IAM policy to the bucket

Enable MFA Delete on the bucket.

Encrypt the bucket using AWS KMS.

Question 20

A customer is running an application on Amazon EC2 instances hosted in a private subnet of a VPC. The EC2 instances are configured in an Auto Scaling group behind an Elastic Load Balancer (ELB). The EC2 instances use a NAT gateway outbound internet access However, the EC2 instances are not able to connect to the public internet to download software updates.

Options:

The ELB is not configured with a proper health check.

The route tables in the VPC are configured incorrectly.

The EC2 instances are not associated with an Elastic IP address.

The security group attached to the NAT gateway is configured incorrectly.

The outbound rules on the security group attachment to the EC2 instances are configured incorrectly.

Question 21

A company has applications hosted on Amazon EC2 instances with IPv6 addresses. The applications must initiate communications with other external applications using the internet However the company's security policy states that any external service cannot initiate a connection to the EC2 instances

What should a solutions architect recommend to resolve this issue?

Options:

Create a NAT gateway and make it the destination of the subnet's route table

Create an internet gateway and make it the destination of the subnet's route table

Create a virtual private gateway and make it the destination of the subnet's route table

Create an egress-only internet gateway and make it the destination of the subnet's route table

Question 22

A company is hosting a three-tier ecommerce application in the AWS Cloud. The company hosts the website on Amazon S3 and integrates the website with an API that handles sales requests. The company hosts the API on three Amazon EC2 instances behind an Application Load Balancer (ALB). The API consists of static and dynamic front-end content along with backend workers that process sales requests asynchronously.

The company is expecting a significant and sudden increase in the number of sales requests during events for the launch of new products

What should a solutions architect recommend to ensure that all the requests are processed successfully?

Options:

Add an Amazon CloudFront distribution for the dynamic content. Increase the number of EC2 instances to handle the increase in traffic.

Add an Amazon CloudFront distribution for the static content. Place the EC2 instances in an Auto Scaling group to launch new instances based on network traffic.

Add an Amazon CloudFront distribution for the dynamic content. Add an Amazon ElastiCache instance in front of the ALB to reduce traffic for the API to handle.

Add an Amazon CloudFront distribution for the static content. Add an Amazon Simple Queue Service (Amazon SOS) queue to receive requests from the website for later processing by the EC2 instances.

Question 23

A company wants to build an immutable infrastructure for its software applications The company wants to test the software applications before sending traffic to them The company seeks an efficient solution that limits the effects of application bugs

Which combination of steps should a solutions architect recommend? {Select TWO)

Options:

Use AWS Cloud Formation to update the production infrastructure and roll back the stack if the update fails

Apply Amazon Route 53 weighted routing to test the staging environment and gradually increase the traffic as the tests pass

Apply Amazon Route 53 failover routing to test the staging environment and fail over to the production environment if the tests pass

Use AWS Cloud Formation with a parameter set to the staging value in a separate environment other than the production environment

Use AWS Cloud Formation to deploy the staging environment with a snapshot deletion policy and reuse the resources in the production environment if the tests pass

Question 24

A security learn needs to enforce the rotation of all IAM users' access keys every 90 days If an access key Is found to be older, the key must be made inactive and removed A solutions architect must create a solution that will check for and remediate any keys older than 90 days

Which solution meets these requirements with the LEAST operational effort?

Options:

Create an AWS Config rule to check for the key age Configure the AWS Config rule to run an AWS Batch job to remove the key

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age Configure the rule to run an AWS Batch job to remove the key

Create an AWS Config rule to check for the key age Define an Amazon EventBridge (Amazon CloudWatch Events) rule to schedule an AWS Lambda function to remove the key

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age Define an EventBridge (CloudWatch Events) rule to run an AWS Batch job to remove the key

Question 25

A recent analysis of a company's IT expenses highlights the need to reduce backup costs The company s chief information officer wants to simplify the on-premises backup infrastructure and reduce costs by eliminating the use ol physical backup tapes The company must preserve the existing investment in the on-premises backup applications and workflows

What should a solutions architect recommend''

Options:

Set up AWS Storage Gateway to conned with the backup applications using the NFS interface

Set up an Amazon EFS file system that connects wtth the backup applications using the NFS interface

Set up an Amazon EFS file system that connects with the backup applications using the iSCSl interface

Set up AWS Storage Gateway to connect with the backup applications using the iSCSi-virtual tape library (VTL) interface

Question 26

An ecommerce company has noticed performance degradation of its Amazon RDS based web application The performance degradation is attributed to an increase in the number of read-only SQL queries triggered by business analysts A solutions architect needs to solve the problem with minimal changes to the existing web application

What should the solutions architect recommend''

Options:

Export the data to Amazon DynamoDB and have the business analysts run their queries

Load the data into Amazon ElastiCache and have the business analysts run their queries

Create a read replica of the primary database and have the business analysts run their queries

Copy the data into an Amazon Redshift cluster and have the business analysts run their queries

Question 27

A media streaming company collects real-time data and stores it in a disk-optimized database system. The company is not getting the expected throughput and wants an m-memory database storage solution that performs faster and provides high availability using data replication.

Which database should a solutions architect recommend?

Options:

Amazon RDS for MySQL

Amazon RDS for PostgreSQL

Amazon ElastiCache for Redis

Amazon ElastiCache for Memcached

Question 28

A company is performing an AWS Well-Architected Framework review of an existing workload deployed on AWS The review Identified a public-facing website running on the same Amazon EC2 instance as a Microsoft Active Directory domain controller that was installed recently to support other AWS services A solutions architect needs to recommend a new design that would improve the security of the architecture and minimize the administrative demand on IT staff

What should the solutions architect recommend?

Options:

Use AWS Directory Service to create a managed Active Directory Uninstall Active Directory on the current EC2 instance

Create another EC2 instance in the same subnet and reinstall Active Directory on it Uninstall Active Directory on the current EC2 instance

Use AWS Directory Service to create an Active Directory connector Proxy Active Directory requests to the Active Directory domain controller running on the current EC2 instance

Enable AWS Single Sign-On (AWS SSO) with Security Assertion Markup Language (SAML) 2 0 federation with the current Active Directory controller Modify the EC2 instance's security group to deny public access to Active Directory

Question 29

A company is hosting 60 TB of production-level data in an Amazon S3 bucket A solutions architect needs to bring that data on premises for quarterly audit requirements This export of data must be encrypted while in transit The company has low network bandwidth in place between AWS and its on-premises data center.

What should the solutions architect do to meet these requirements?

Options:

Deploy AWS Migration Hub with 90-day replication windows for data transfer

Deploy an AWS Storage Gateway volume gateway on AWS Enable a 90-day replication window to transfer the data

Deploy Amazon Elastic File System (Amazon EFS). with Iifecycle policies enabled, on AWS Use it to transfer the data

Deploy an AWS Snowball device in the on-premises data center after completing an export Job request In the AWS Snowball console

Question 30

A startup company is using me AWS Cloud to develop a traffic control monitoring system for a large city The system must be highly available and must provide near-real-time results for residents and city officials even during peak events

Gigabytes of data will come in daily from loT devices that run at intersections and freeway ramps across the city The system must process the data sequentially to provide the correct timeline However results need to show only what has happened in the last 24 hours.

Which solution will meet these requirements MOST cost-effectively?

Options:

Deploy Amazon Kinesis Data Firehose to accept incoming data from the loT devices and write the data to Amazon S3 Build a web dashboard to display the data from the last 24 hours

Deploy an Amazon API Gateway API endpoint and an AWS Lambda function to process incoming data from the loT devices and store the data in Amazon DynamoDB Build a web dashboard to display the data from the last 24 hours

Deploy an Amazon API Gateway API endpoint and an Amazon Simple Notification Service (Amazon SNS) tope to process incoming data from the loT devices Write the data to Amazon Redshift Build a web dashboard to display the data from the last 24 hours

Deploy an Amazon Simple Queue Service (Amazon SOS) FIFO queue and an AWS Lambda function to process incoming data from the loT devices and store the data in an Amazon RDS DB instance Build a web dashboard to display the data from the last 24 hours

Question 31

A company is planning to store sensitive documents in an Amazon S3 bucket. The documents must be encrypted al rest. The company wants to manage the underlying keys that are used lor encryption However, the company does not want to manage the encryption and decryption process.

Which solutions will meet these requirements? (Select TWO.)

Options:

Use server-side encryption with customer-provided encryption keys (SSE-C).

Use client-side encryption with AWS managed keys.

Use server-side encryption with S3 managed encryption keys (SSE-S3).

Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) with a key policy document that is 40 KB in size

Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) that the company uploads to AWS KMS.

Question 32

A company is building a new furniture inventory application The company has deployed the application on a fleet of Amazon EC2 instances across multiple Availability Zones The EC2 instances run behind an Application Load Balancer (ALB) in their VPC

A solutions architect has observed that incoming traffic seems to favor one EC2 instance resulting in latency for some requests

What should the solutions architect do to resolve this issue?

Options:

Disable session affinity (sticky sessions) on the ALB

Replace the ALB with a Network Load Balancer

increase the number of EC2 instances in each Availability Zone

Adjust the frequency of the health checks on the ALB's target group

Question 33

A company is using AWS to design a web application that will process insurance quotes Users will request quotes from the application Quotes must be separated by quote type, must be responded to within 24 hours, and must not get lost The solution must maximize operational efficiency and must minimize maintenance. Which solution meets these requirements?

Options:

Create multiple Amazon Kinesis data streams based on the quote type Configure the web application to send messages to the proper data stream Configure each backend group of application servers to use the Kinesis Client Library (KCL) to pool messages from its own data stream

Create an AWS Lambda function and an Amazon Simple Notification Service (Amazon SNS) topic for each quote type Subscribe the Lambda function to its associated SNS topic Configure the application to publish requests tot quotes to the appropriate SNS topic

Create a single Amazon Simple Notification Service (Amazon SNS) topic Subscribe Amazon Simple Queue Service (Amazon SQS) queues to the SNS topic Configure SNS message filtering to publish messages to the proper SQS queue based on the quote type Configure each backend application server to use its own SQS queue

Create multiple Amazon Kinesis Data Firehose delivery streams based on the quote type to deliver data streams to an Amazon Elasucsearch Service (Amazon ES) cluster Configure the application to send messages to the proper delivery stream Configure each backend group of application servers to search for the messages from Amazon ES and process them accordingly

Question 34

A developer is creating an AWS Lambda function to perform dynamic updates to a database when an item is added to an Amazon Simple Queue Service (Amazon SOS) queue A solutions architect must recommend a solution that tracks any usage of database credentials in AWS CloudTrail. The solution also must provide auditing capabilities.

Which solution will meet these requirements?

Options:

Store the encrypted credentials in a Lambda environment variable

Create an Amazon DynamoDB table to store the credentials Encrypt the table

Store the credentials as a secure string in AWS Systems Manager Parameter Store

Use an AWS Key Management Service (AWS KMS) key store to store the credentials

Question 35

A disaster relief company is designing a new solution to analyze real-time csv data. The data is collected by a network of thousands of research stations met are distributed across the world. The data volume is consistent and constant, and the size of each data We is 512 KB. The company needs to stream the data and analyze the data in real time.

Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.)

Options:

Provision an appropriately sized Amazon Simple Queue Service (Amazon SOS) queue. Use the AWS SDK at the research stations to write the data into the SOS queue

Provision an appropriately sized Amazon Kinesis Data Firehose delivery stream. Use the AWS SDK at the research stations to write the data into the delivery stream and then into an Amazon S3 bucket.

Provision an appropriately sized Amazon Kinesis Data Analytics application. Use the AWS CLI to configure Kinesis Data Analytics with SOL queries

Provision an AWS Lambda function to process the data. Set up the BatchSize property on the Lambda event source.

Provision an AWS Lambda function to process the data. Set up an Amazon EventBridge (Amazon CloudWatch Events) cron expression rule to invoke the Lambda function

Question 36

A company hosts its static website content from an Amazon S3 bucket in the us-east-1 Region Content is made available through an Amazon CloudFront origin pointing to that bucket Cross-Region replication is set up to create a second copy of the bucket in the ap-southeast-1 Region Management wants a solution that provides greater availability for the website

Which combination of actions should a solutions architect take to increase availability'? (Select TWO.

Options:

Add both buckets to the CloudFront origin

Configure failover routing in Amazon Route 53

Create a record in Amazon Route 53 pointing to the replica bucket

Create an additional CloudFront origin pointing to the ap-southeast-1 bucket

Set up a CloudFront origin group with the us-east-1 bucket as the primary and the ap-southeast-1 bucket as the secondary

Question 37

A solutions architect is creating a new VPC design There are two public subnets for the load balancer, two private subnets for web servers and two private subnets for MySQL The web servers use only HTTPS The solutions architect has already created a security group tor the load balancer allowing port 443 from 0 0 0 0/0 Company policy requires that each resource has the teas! access required to still be able to perform its tasks

Which additional configuration strategy should the solutions architect use to meet these requirements?

Options:

Create a security group for the web servers and allow port 443 from 0 00 0/0 Create a security group for the MySQL servers and allow port 3306 from the web servers security group

Create a network ACL for the web servers and allow port 443 from 0 0 0 0*0 Create a network ACL (or the MySQL servers and allow port 3306 from the web servers security group

Create a security group for the web servers and allow port 443 from the load balancer Create a security group for the MySQL servers and allow port 3306 from the web servers security group

Create a network ACL 'or the web servers and allow port 443 from the load balancer Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group

Question 38

A company is designing a shared storage solution for a gaming application that is hosted in the AWS Cloud The company needs the ability to use SMB clients to access data solution must be fully managed.

Which AWS solution meets these requirements?

Options:

Create an AWS DataSync task that shares the data as a mountable file system Mount the file system to the application server

Create an Amazon EC2 Windows instance Install and configure a Windows file share role on the instance Connect the application server to the file share

Create an Amazon FSx for Windows File Server file system Attach the file system to the origin server Connect the application server to the file system

Create an Amazon S3 bucket Assign an IAM role to the application to grant access to the S3 bucket Mount the S3 bucket to the application server

Question 39

A solutions architect is designing the cloud architecture for a company that needs to host hundreds of machine learning models for its users Dunng startup, the models need to load up to 10 GB of data from Amazon S3 into memory, out they do not need disk access Most of the models are used sporadically but the users expect all of them to be highly available and accessible with low latency.

Which solution meets the requirements and is MOST cost-effective1?

Options:

Deploy models as AWS Lambda functions behind an Amazon API Gateway for each model

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind an Application Load Balancer for each model

Deploy models as AWS Lambda functions behind a single Amazon API Gateway with path-based routing where one path corresponds to each model

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind a single Application Load Balancer with path-based routing where one path corresponds to each model

Question 40

A company has a three-tier environment on AWS that ingests sensor data from its users' devices The traffic flows through a Network Load Balancer (NIB) then to Amazon EC2 instances for the web tier and finally to EC2 instances for the application tier that makes database calls

What should a solutions architect do to improve the security of data in transit to the web tier?

Options:

Configure a TLS listener and add the server certificate on the NLB

Configure AWS Shield Advanced and enable AWS WAF on the NLB

Change the load balancer to an Application Load Balancer and attach AWS WAF to it

Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances using AWS Key Management Service (AWS KMS)

Question 41

A company is automating an order management application. The company's development team has decided to use SFTP to transfer and store the business-critical information files The files must be encrypted and must be highly available. The files also must be automatically deleted a month after they are created.

Which solution meets these requirements with the LEAST operational overhead?

Options:

Configure an Amazon S3 bucket with encryption enabled. Use AWS transfer for SFTP to securely transfer the files to the S3 bucket Apply an AWS Transfer for SFTP file retention policy to delete the files after a month

Install an SFTP service on an Amazon EC2 instance Mount an Amazon Elastic File System (Amazon EFS) file share on the EC2 instance. Enable cron to delete the files after a month

Configure an Amazon Elastic File System (Amazon EFS) file system with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the EFS file system. Apply an EFS lifecycle policy to automatically delete the files after a month.

Configure an Amazon S3 bucket with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the S3 bucket. Apply S3 Lifecycle rules to automatically delete the files after a month.

Question 42

A company uses a payment processing system that requires messages for a particular payment ID to be received in the same order that they were sent Otherwise, the payments might be processed incorrectly.

Which actions should a solutions architect take to meet this requirement? (Select TWO.)

Options:

Write the messages to an Amazon DynamoDB table with the payment ID as the partition key

Write the messages to an Amazon Kinesis data stream with the payment ID as the partition key.

Write the messages to an Amazon ElastiCache for Memcached cluster with the payment ID as the key

Write the messages to an Amazon Simple Queue Service (Amazon SQS) queue Set the message attribute to use the payment ID

Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID.

Question 43

A company is designing a new web service that will run on Amazon EC2 instances behind an Elastic Load Balancer. However, many of the web service clients can only reach IP addresses whitelisted on their firewalls.

What should a solutions architect recommend to meet the clients' needs?

Options:

A Network Load Balancer with an associated Elastic IP address

An Application Load Balancer with an associated Elastic IP address

An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address

An EC2 instance with a public IP address running as a proxy in front of the load balancer

Question 44

A company is developing a serverless web application that gives users the ability to interact with real-time analytics from online games. The data from the games must be streamed in real time. The company needs a durable, low-latency database option for user data. The company does not know how many users will use the application Any design considerations must provide response times of single-digit milliseconds as the application scales.

Which combination of AWS services will meet these requirements? (Select TWO.)

Options:

Amazon CloudFront

Amazon DynamoDB

Amazon Kinesis

Amazon RDS

AWS Global Accelerator

Question 45

A company runs an application on a group of Amazon Linux EC2 instances. For compliance reasons, the company must retain all application log files for 7 years. The log files will be analyzed by a reporting tool that must be able to access all the files concurrently.

Which storage solution meets these requirements MOST cost-effectively?

Options:

Amazon Elastic Block Store (Amazon EBS)

Amazon Elastic File System (Amazon EFS)

Amazon EC2 instance store

Amazon S3

Question 46

A healthcare computer stores highly sensitive records. Compliance requires that multiple copies be stored in different locations. Each record must be stored for 7 years. The company has a service level agreement (SLA) to provide records to government agencies immediately for the first 30 days and thin within 4 hours of a request thereafter.

What should a solutions architect recommend?

Options:

Use Amazon S3 with cross-Region Region replication enabled. After 30 days. Transition the data to Amazon S3 Glacier using lifecycle policy.

Use Amazon S3 with cross-origin resource sharing (CCRS) enabled. After 30 days. Transition on the data to Amazon S3 Glacier using a lifecycle policy.

Use Amazon S3 with cross-origin replication enabled. After 30 days, transition the data to Amazon S3 Glacier Deep Archive a lifecycle policy.

Use Amazon S3 with cross-origin resource sharing (CCRS) enabled. After 30 days, transition on the data to Amazon S3 Glacier Deep Archive using a lifecycle policy.

Question 47

A company is launching a new application that will be hosted on Amazon EC2 instances. A solutions architect needs to design a solution that does not allow public IPv4 access that originates from the internet. However, the solution must allow the EC2 instances to make outbound IPv4 internet requests.

The initial design proposal shows that the EC2 instances would be located in two private subnets across two Availability Zones. The entire architecture must be highly available.

How should the solutions architect change the architecture to meet these requirements?

Options:

Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure one route table for each private subnet.

Deploy an internet gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.

Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.

Deploy an egress-only internet gateway in public subnets in both Availability Zones. Create and configure one route table for each private subnet.

Question 48

A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML. CSS, client-side JavaScript, and images Which method is the MOST cost-effective for hosting the website?

Options:

Containerize the website and host it in AWS Fargate.

Create an Amazon S3 bucket and host the website there

Deploy a web server on an Amazon EC2 instance to host the website.

Configure an Application Loa d Balancer with an AWS Lambda target that uses the Express js framework.

Question 49

A company operates a website on Amazon EC2 Linux instances Some of the instances are failing. Troubleshooting points to insufficient swap space on the failed instances. The operations team lead needs a solution to monitor this.

What should a solutions architect recommend?

Options:

Configure an Amazon CloudWatch SwapUsage metric dimension Monitor the SwapUsage dimension in the EC2 metrics in CloudWatch.

Use EC2 metadata to collect information, then publish it to Amazon CloudWatch custom metrics Monitor SwapUsage metrics in CloudWatch

Install an Amazon CloudWatch agent on the instances. Run an appropriate script on a set schedule. Monitor SwapUtilization metrics in CloudWatch

Enable detailed monitoring in the EC2 console Create an Amazon CloudWatch SwapUtilization custom metric Monitor SwapUtilization metrics in CloudWatch

Question 50

A manufacturing company has machine sensors that upload csv files to an Amazon S3 bucket These csv files must be converted into images and must be made available as soon as possible for the automatic generation of graphical reports.

The images become irrelevant after 1 month, but the csv files must be kept to train machine learning (ML) models twice a year. The ML trainings and audits are planned weeks in advance.

Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO )

Options:

Launch an Amazon EC2 Spot Instance that downloads the .csv files every hour, generates the image files, and uploads the images to the S3 bucket.

Design an AWS Lambda function that converts the .csv files into images and stores the images in the S3 bucket Invoke the Lambda function when a csv file is uploaded.

Create S3 Lifecycle rules for .csv files and image files in the S3 bucket Transition the csv files from S3 Standard to S3 Glacier 1 day after they are uploaded. Expire the image files after 30 days.

Create S3 Lifecycle rules for csv files and image files in the S3 bucket Transition the csv files from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) 1 day after they are uploaded Expire the image files after 30 days

Create S3 Lifecycle rules for .csv files and image files in the S3 bucket. Transition the csv files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 1 day after they are uploaded. Keep the image files in Reduced Redundancy Storage (RRS).

Question 51

A company has an application that collects data from loT sensors on automobiles. The data is streamed and stored in Amazon S3 through Amazon Kinesis Date Firehose The data produces trillions of S3 objects each year. Each morning, the company uses the data from the previous 30 days to retrain a suite of machine learning (ML) models.

Four times each year, the company uses the data from the previous 12 months to perform analysis and train other ML models The data must be available with minimal delay for up to 1 year. After 1 year, the data must be retained for archival purposes.

Which storage solution meets these requirements MOST cost-effectively?

Options:

Use the S3 Intelligent-Tiering storage class. Create an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 1 year

Use the S3 Intelligent-Tiering storage class. Configure S3 Intelligent-Tiering to automatically move objects to S3 Glacier Deep Archive after 1 year.

Use the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 1 year.

Use the S3 Standard storage class. Create an S3 Lifecycle policy to transition objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days, and then to S3 Glacier Deep Archive after 1 year.

Question 52

The following IAM policy is attached to an IAM group. This is the only policy applied to the group.

What are the effective IAM permissions of this policy for group members?

Options:

Group members are permitted any Amazon EC2 action within the us-east-1 Region. Statements after the Allow permission are not applied.

Group members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA).

Group members are allowed the ec2 Stoplnstances and ec2. TerminateInstances permissions for all Regions when logged in with multi-factor authentication (MFA) Group members are permitted any other Amazon EC2 action.

Group members are allowed the ec2 Stoplnstances and ec2. Terminateinstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA) Group members are permitted any other Amazon EC2 action within the us-east-1 Region.

Question 53

An administrator of a large company wants to monitor for and prevent any cryptocurrency-related attacks on the company's AWS accounts Which AWS service can the administrator use to protect the company against attacks?

Options:

Amazon Cognito

Amazon GuardDuty

Amazon Inspector

Amazon Macie

Question 54

An application runs on Amazon EC2 instances across multiple Availability Zones. The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer The application performs best when the CPU utilization of the EC2 instances is at or near 40%.

What should a solutions architect do to maintain the desired performance across all instances in the group?

Options:

Use a simple scaling policy to dynam

Amazon DynamoDB global tables

Amazon RDS for MySQL with Multi-AZ enabled

Amazon RDS for MySQL with a cross-Region snapshot copy

Question 55

A computer is reviewing a recent migration of a three-tier application to a VPC. The security team discover that the principle of lest privilege is not being applied to Amazon EC2 security group ingress and egress rules between the application tiers.

What should a solution architect do to connect issue?

Options:

Create security group rules using the instance ID as the source destination.

Create security group rules using the security ID as the source or destination.

Create security group rules using the VPC CDR blocks as the source or destination

Create security group rules using the subnet CDR blocks as the source or destination

Question 56

A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company's security policy requires that all website traffic be inspected by AWS WAF.

How should the solutions architect comply with these requirements?

Options:

Configure an S3 bucket policy to accept requests coming from the AWS WAF Amazon Resource Name (ARN) only.

Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin.

Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only. Associate AWS WAF to CloudFront.

Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket Enable AWS WAF on the distribution

Question 57

A website runs a web application that receives a burst of traffic each day at noon. The users upload new pictures and context daily, but have complaining of timeout. The architect uses Amazon EC2 Auto Scaling groups, and the custom application consistently takes 1 minutes to initiate upon boot up before responding to user requests.

How should a solutions architect redesign the architect to better respond to changing traffic?

Options:

Configure a Network Load Balancer with a slow start configuration.

Configure AWS ElastiCache for Redis to offload direct requests to the servers.

Configure an Auto Scaling step scaling policy with an instance warmup condition.

Configure Amazon CloudFront to use an Application Load Balancer as the origin.

Question 58

A leasing company generates and emails PDF statements every month for all its customers. Each statement is about 400 KB in size Customers can download their statements from the website for up to 30 days from when the statements were generated At the end of their 3-year lease, the customers are emailed a ZIP file that contains all the statements

What is the MOST cost-effective storage solution for this situation?

Options:

Store the statements using the Amazon S3 Standard storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 1 day.

Store the statements using the Amazon S3 Glacier storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier Deep Archive storage after 30 days.

Store the statements using the Amazon S3 Standard storage class Create a lifecycle policy to move the statements to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) storage after 30 days.

Store the statements using the Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 30 days.

Question 59

A company's database is hosted on an Amazon Aurora MySQL DB cluster in the us-east-1 Region The database is 4 TB in size. The company needs to expand its disaster recovery strategy to the us-west-2 Region The company must have the ability to fail over to us-west-2 with a recovery time objective (RTO) of 15 minutes.

What should a solutions architect recommend to meet these requirements?

Options:

Create a Multi-Region Aurora MySQL DB cluster in us-east-1 and us-west-2 Use an Amazon Route 53 health check to monitor us-east-1 and fail over to us-west-2 upon failure

Take a snapshot of the DB cluster in us-east-1. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource events Configure the Lambda function to copy the snapshot to us-west-2 and restore the snapshot in us-west-2 when failure is detected.

Create an AWS CloudFormation script to create another Aurora MySQL DB cluster in us-west-2 in case of failure Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource events. Configure the Lambda function to deploy the AWS CloudFormation stack in us-west-2 when failure is detected.

Recreate the database as an Aurora global database with the primary DB cluster in us-east-1 and a secondary DB cluster in us-west-2 Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource events Configure the Lambda function to promote the DB cluster in us-west-2 when failure is detected.

Question 60

A company is deploying a two-tier web application in a VPC. The web tier is using an Amazon EC2 Auto Scaling group with public subnets that span multiple Availability Zones. The database tier consists of an Amazon RDS for MySQL DB instance in separate private subnets. The web tier requires access to the database to retrieve product information.

The web application is not working as intended. The web application reports that it cannot connect to the database. The database is confirmed to be up and running. All configurations for the network ACLs. security groups, and route tables are still in their default states.

What should a solutions architect recommend to fix the application?

Options:

Add an explicit rule to the private subnet's network ACL to allow traffic from the web tier's EC2 instances.

Add a route in the VPC route table to allow traffic between the web tier's EC2 instances and Ihe database tier.

Deploy the web tier's EC2 instances and the database tier's RDS instance into two separate VPCs. and configure VPC peering.

Add an inbound rule to the security group of the database tier's RDS instance to allow traffic from the web tier's security group.

Question 61

A company is building a document storage application on AWS. The application runs on Amazon EC2 instances in multiple Availability Zones. The company requires the document store to be highly available The documents need to be returned immediately when requested. The lead engineer has configured the application to use Amazon Elastic Block Store (Amazon EBS) to store the documents, but is willing to consider other options to meet the availability requirement.

What should a solutions architect recommend?

Options:

Snapshot the EBS volumes regularly and build new volumes using those snapshots in additional Availability Zones.

Use Amazon EBS for the EC2 instance root volumes. Configure the application to build the document store on Amazon S3.

Use Amazon EBS for the EC2 instance root volumes. Configure the application to build the document store on Amazon S3 Glacier.

Use at least three Provisioned IOPS EBS volumes for EC2 instances Mount the volumes to the EC2 instances in a RAID 5 configuration.

Question 62

A company is concerned that two NAT instances in use will no longer be able to support the traffic needed for the company's application A solutions architect wants to implement a solution that is highly available fault tolerant and automatically scalable

What should the solutions architect recommend?

Options:

Remove the two NAT instances and replace them with two NAT gateways in the same Availability Zone

Use Auto Scaling groups with Network Load Balancers for the NAT instances in different Availability Zones

Remove the two NAT instances and replace them with two NAT gateways in different Availability Zones

Replace the two NAT instances with Spot Instances in different Availability Zones and deploy a Network Load Balancer

Question 63

A company created and hosts a legacy software application for its customers. The application runs on a dedicated Linux server for each customer. The application stores no persistent data except for MySQL data.

The company experienced some data corruption issues in the past and wants to move the application to AWS. The company needs to implement a solution to optimize the stability of the application. The solution also must give the company the ability to restore a customer's database to a specific point in time. The company will migrate customer data by using AWS Database Migration Service (AWS DMS).

Which architecture should a solutions architect recommend to meet these requirements?

Options:

Set up a shared Amazon Aurora database. Configure an Amazon EC2 launch template for each customer.

Set up a shared Amazon Aurora database. Create an Amazon EC2 Amazon Machine Image (AMI) for each customer. Use the AMI to launch the application.

Set up an Amazon RDS database and an Amazon EC2 instance for each customer. Download the installation script. Run the script to install and configure the application.

Set up an Amazon RDS database for each customer Deploy the application by using an Amazon EC2 launch template. Use user data to configure the customer-specific data.

Question 64

A development team stores its Amazon RDS MySQL DB instance user name and password credentials in a configuration file The configuration file is stored as plaintext on the root device volume of the team's Amazon EC2 instance When the team's application needs to reach the database it reads the file and loads the credentials into the code The team has modified the permissions of the configuration file so that only the application can read its content A solutions architect must design a more secure solution.

What should the solutions architect do to meet this requirement?

Options:

Store the configuration file in Amazon S3 Grant the application access to read the configuration file

Create an IAM role with permission to access the database Attach this IAM role to the EC2 instance

Enable SSL connections on the database instance Alter the database user to require SSL when logging in.

Move the configuration file to an EC2 instance store, and create an Amazon Machine Image (AMI) of the instance. Launch new instances from this AMI

Question 65

A company provides an online service for posting video content and transcoding it for use by any mobile platform. The application architecture uses Amazon Elastic File System (Amazon EFS) Standard to collect and store the videos so that multiple Amazon EC2 Linux instances can access the video content for processing As the popularity of the service has grown over time, the storage costs have become too expensive.

Which storage solution is MOST cost-effective?

Options:

Use AWS Storage Gateway for files to store and process the video content

Use AWS Storage Gateway for volumes to store and process the video content

Use Amazon EFS for storing the video content Once processing is complete transfer the files to Amazon Elastic Block Store (Amazon EBS)

Use Amazon S3 for storing the video content Move the files temporarily over to an Amazon Elastic Block Store (Amazon EBS) volume attached to the server for processing

Question 66

A company is adopting serverless architecture The company's solutions architect wants to modernize an application that has source data in csv format A large team of developers needs to use the application to run SQL queries and reports on demand by joining data across multiple tables

Which combination of actions will meet these requirements MOST cost-effectively? (Select TWO )

Options:

Store the source data in Amazon S3

Load the source data into Amazon RDS

Run on-demand reports and queries by using Amazon Athena

Run on-demand reports and queries by using Amazon QuickSight

Run on-demand reports and queries by using Amazon DynamoDB

Question 67

A company uses AWS to run all components of its three-tier web application. The company wants to automatically detect any potential security breaches within the environment The company wants to track any findings and notify administrators if a potential breach occurs

Which solution meets these requirements?

Options:

Set up AWS WAF to evaluate suspicious web traffic Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.

Set up AWS Shield to evaluate suspicious web traffic Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.

Deploy Amazon Inspector to monitor the environment and generate findings in Amazon CloudWatch Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email

Deploy Amazon GuardDuty to monitor the environment and generate findings in Amazon CloudWatch Configure an

Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email

Question 68

A company currently operates a web application backed by an Amazon RDS MySQL database It has automated backups that are run daily and are not encrypted A security audit requires future backups to be encrypted and the unencrypted backups to be destroyed The company will make at least one encrypted backup before destroying the old backups.

What should be done to enable encryption for future backups?

Options:

Enable default encryption for the Amazon S3 bucket where backups are stored

Modify the backup section of the database configuration to toggle the Enable encryption check box

Create a snapshot of the database Copy it to an encrypted snapshot Restore the database from the encrypted snapshot

Enable an encrypted read replica on RDS for MySQL Promote the encrypted read replica to primary Remove the original database instance

Question 69

A company needs to build a reporting solution on AWS. The solution must support SQL queries that data analysts run on the data. The data analysts will run lower than 10 total queries each day. The company generates 3 GB of new data daily in an on-premises relational database. This data needs to be transferred to AWS to perform reporting tasks.

What should a solutions architect recommend to meet these requirements at the LOWEST cost?

Options:

Use AWS Database Migration Service (AWS DMS) to replicate the data from the on-premises database into Amazon S3. Use Amazon Athena to query the data.

Use an Amazon Kinesis Data Firehose delivery stream to deliver the data into an Amazon Elasticsearch Service (Amazon ES) cluster Run the queries in Amazon ES.

Export a daily copy of the data from the on-premises database. Use an AWS Storage Gateway file gateway to store and copy the export into Amazon S3. Use an Amazon EMR cluster to query the data.

Use AWS Database Migration Service (AWS DMS) to replicate the data from the on-premises database and load it into an Amazon Redshift cluster. Use the Amazon Redshift cluster to query the data.

Question 70

A company is building applications in containers The company wants to migrate its on-premises development and operations services from its on-premises data center to AWS Management states that production systems must be cloud agnostic and use the same configuration and administrative tools across all production systems A solutions architect needs to design a managed solution that will align with open-source software

Which solution meets these requirements?

Options:

Launch the containers on Amazon EC2 with EC2 instance worker nodes

Launch the containers on Amazon Elastic Kubernetes Service (Amazon EKS) and EKS worker nodes

Launch the containers on Amazon Elastic Container Service (Amazon ECS) with AWS Fargate instances

Launch the containers on Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 instance worker nodes.

Question 71

A solutions architect needs to connect a company's corporate network to its VPC to allow on-premises access to its AWS resources. The solution must provide encryption of all traffic between the corporate network and the VPC at the network layer and the session layer. The solution also must provide security controls to prevent unrestricted access between AWS and the on-premises systems.

Which solution meets these requirements?

Options:

Configure AWS Direct Connect to connect to the VPC. Configure the VPC route tables to allow and deny traffic between AWS and on premises as required

Create an IAM policy to allow access to the AWS Management Console only from a defined set of corporate IP addresses Restrict user access based on job responsibility by using an IAM policy and roles.

Configure AWS Site-to-Site VPN to connect to the VPC Configure route table entries to direct traffic from on premises to the VPC. Configure instance security groups and network ACLs to allow only required traffic from on premises.

Configure AWS Transit Gateway to connect to the VPC Configure route table entries to direct traffic from on premises to the VPC. Configure instance security groups and network ACLs to allow only required traffic from on premises.

Question 72

A company runs its production workload on an Amazon Aurora MySQL DB cluster that includes six Aurora Replicas The company wants near-real-time reporting queries from one of its departments to be automatically distributed across three of the Aurora Replicas Those three replicas have a different compute and memory specification from the rest of the DB cluster

Which solution meets these requirements?

Options:

Create and use a custom endpoint for the workload

Create a three-node cluster clone and use the reader endpoint

Use any of the instance endpoints for the selected three nodes

Use the reader endpoint to automatically distribute the read-only workload

Question 73

A medical company is designing a new application that gathers symptoms from patients The company has decided to use Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS) in the architecture

A solutions architect is reviewing the infrastructure design Data must be encrypted while at rest and in transit Only authorized personnel of the company can access the data

Which combination of steps should the solutions architect take to meet these requirements'? (Select TWO )

Options:

Turn on server-side encryption on the SQS components Update the default key policy to restrict key usage to a set of authorized principals

Turn on server-side encryption on the SNS components by using a custom CMK Apply a key policy to restrict key usage to a set of authorized principals

Turn on encryption on the SNS components Update the default key policy to restrict key usage to a set of authorized principals Set a condition in the topic policy to allow only encrypted connections over TLS.

Turn on server-side encryption on the SQS components by using a custom CMK. Apply a key policy to restrict key usage to a set of authonzed pnncipals Set a condition in the queue policy to allow only encrypted connections over TLS.

Turn on server-side encryption on the SQS components by using a custom CMK. Apply an IAM policy to restrict key usage to a set of authorized principals Set a condition in the queue policy to allow only encrypted connections over TLS.

Question 74

A company is migrating to the AWS Cloud. A file server is the first workload to migrate Users must be able to access the file share using the Server Message Block (SMB) protocol.

Which AWS managed service meets these requirements?

Options:

Amazon EBS

Amazon EC2

Amazon FSx

Amazon S3

Question 75

A solutions architect finds that an Amazon Aurora cluster with On-Demand Instance pricing is being underutilized for a blog application The application is used only for a few minutes several times each day for reads

What should a solutions architect do to optimize utilization MOST cost-effectively?

Options:

Enable Auto Scaling on the original Aurora database

Convert the original Aurora database to Aurora parallel query

Convert the original Aurora database to an Aurora global database

Convert the original Aurora database to Amazon Aurora Serverless

Question 76

A company recently migrated its entire IT environment to the AWS Cloud. The company discovers that users are provisioning oversized Amazon EC2 instances and modifying security group rules without using the appropriate change control process A solutions architect must devise a strategy to track and audit these inventory and configuration changes.

Which actions should the solutions architect take to meet these requirements? (Select TWO )

Options:

Enable AWS CloudTrail and use it for auditing

Use data lifecycie policies for the Amazon EC2 instances

Enable AWS Trusted Advisor and reference the security dashboard

Enable AWS Config and create rules for auditing and compliance purposes

Restore previous resource configurations with an AWS CloudFormation template

Question 77

A company has a dynamic web application hosted on two Amazon EC2 instances The company has its own SSL certificate which is on each instance to perform SSL termination.

There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit.

What should a solutions architect do to increase the application's performance^

Options:

Create a new SSL certificate using AWS Certificate Manager (ACM) install the ACM certificate on each instance

Create an Amazon S3 bucket Migrate the SSL certificate to the S3 bucket Configure the EC2 instances to reference the bucket for SSL termination

Create another EC2 instance as a proxy server Migrate the SSL certificate to the new instance and configure it to direct connections to the existing EC2 instances

Import the SSL certificate into AWS Certificate Manager (ACM) Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM

Question 78

A company hosts an application used to upload files to an Amazon S3 bucket Once uploaded, the files are processed to extract metadata which takes less than 5 seconds The volume and frequency of the uploads vanes from a few files each hour to hundreds of concurrent uploads The company has asked a solutions architect to design a cost-effective architecture that will meet these requirements.

What should the solutions architect recommend?

Options:

Configure AWS CloudTrail trails to log S3 API calls Use AWS AppSync to process the files

Configure an object-created event notification within the S3 bucket to invoke an AWS Lambda function to process the files

Configure Amazon Kinesis Data Streams to process and send data to Amazon S3 Invoke an AWS Lambda function to process the files

Configure an Amazon Simple Notification Service (Amazon SNS) topic to process the files uploaded to Amazon S3. Invoke an AWS Lambda function to process the files

Question 79

A company is running a multi-tier ecommerce web application in the AWS Cloud. The web application is running on Amazon EC2 instances. The database tier is on a provisioned Amazon Aurora MySQL DB cluster with a writer and a reader in a Multi-AZ environment. The new requirement for the database tier is to serve the application to achieve continuous write availability through an instance failover.

What should a solutions architect do to meet this new requirement?

Options:

Add a new AWS Region to the DB cluster for multiple writes.

Add a new reader in the same Availability Zone as the writer.

Migrate the database tier to an Aurora multi-master cluster.

Migrate the database tier to an Aurora DB cluster with parallel query enabled.

Question 80

A company wants to move from many standalone AWS accounts to a consolidated, multi-account architecture. The company plans to create many new AWS accounts for different business units The company needs to authenticate access to these AWS accounts by using a centralized corporate directory service

Which combination of actions should a solutions architect recommend to meet these requirements? (Select TWO )

Options:

Create a new organization in AWS Organizations with all features turned on Create the new AWS accounts in the organization

Set up an Amazon Cognito identity pool Configure AWS Single Sign-On to accept Amazon Cognito authentication

Configure a service control policy (SCP) to manage the AWS accounts Add AWS Single Sign-On to AWS Directory Service

Create a new organization in AWS Organizations Configure the organization's authentication mechanism to use AWS Directory Service directly

Set up AWS Single Sign-On (AWS SSO) in the organization Configure AWS SSO and integrate it with the company's corporate directory service

Question 81

A company hosts an application on AWS Lambda functions mat are invoked by an Amazon API Gateway API The Lambda functions save customer data to an Amazon Aurora MySQL database Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete The result is that customer data Is not recorded for some of the event

A solutions architect needs to design a solution that stores customer data that is created during database upgrades

Which solution will meet these requirements?

Options:

Provision an Amazon RDS proxy to sit between the Lambda functions and the database Configure the Lambda functions to connect to the RDS proxy

Increase the run time of me Lambda functions to the maximum Create a retry mechanism in the code that stores the customer data in the database

Persist the customer data to Lambda local storage. Configure new Lambda functions to scan the local storage to save the customer data to the database.

Store the customer data m an Amazon Simple Queue Service (Amazon SOS) FIFO queue Create a new Lambda function that polls the queue and stores the customer data in the database

Question 82

A company is preparing to store confidential data in Amazon S3 For compliance reasons the data must be encrypted at rest Encryption key usage must be logged tor auditing purposes. Keys must be rotated every year.

Which solution meets these requirements and «the MOST operationally efferent?

Options:

Server-side encryption with customer-provided keys (SSE-C)

Server-side encryption with Amazon S3 managed keys (SSE-S3)

Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation

Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automate rotation

Question 83

A company has 150 TB of archived image data stored on-premises that needs to be moved to the AWS Cloud within the next month. The company's current network connection allows up to 100 Mbps uploads for this purpose during the night only.

What is the MOST cost-effective mechanism to move this data and meet the migration deadline?

Options:

Use AWS Snowmobile to ship the data to AWS.

Order multiple AWS Snowball devices to ship the data to AWS.

Enable Amazon S3 Transfer Acceleration and securely upload the data.

Create an Amazon S3 VPC endpoint and establish a VPN to upload the data

Question 84

A company has a web application that runs on Amazon EC2 instances. The company wants end users to authenticate themselves before they use the web application. The web application accesses AWS resources, such as Amazon S3 buckets, on behalf of users who are logged on.

Which combination of actions must a solutions architect take to meet these requirements? (Select TWO).

Options:

Configure AWS App Mesh to log on users.

Enable and configure AWS Single Sign-On in AWS Identity and Access Management (IAM).

Define a default (AM role for authenticated users.

Use AWS Identity and Access Management (IAM) for user authentication.

Use Amazon Cognito for user authentication.

Question 85

A solutions architect is designing a two-tier web application The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet Security is a high priority for the company

How should security groups be configured in this situation? (Select TWO )

Options:

Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.

Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0.

Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.

Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier.

Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier.

Question 86

A company has a stateless asynchronous application that runs in an Apache Hadoop cluster The application is invoked on demand to run extract, transform and load (ETL) jobs several limes a day

A solutions architect needs to migrate this application to the AWS Cloud by designing an Amazon EMR cluster for the workload. The cluster must be available immediately to process jobs.

Which implementation meets these requirements MOST cost-effectively?

Options:

Use zonal Reserved Instances for the master nodes and the ewe nodes Use a Spot Fleet lor tire task nodes

Use zonal Reserved Instances for the master nodes Use Spot instances for the core nodes and the task nodes

Use regional Reserved Instances for the master nodes Use a Spot Fleer for the core nodes and the task nodes

Use regional Reserved Instances for the master nodes. Use On-Demand Capacity Reservations for the core nodes and the task nodes.

Question 87

A company is running an application in a private subnet in a VPC win an attached internet gateway The company needs to provide the application access to the internet while restricting public access to the application The company does not want to manage additional infrastructure and wants a solution that is highly available and scalable

Which solution meets these requirements?

A Create a NAT gateway in the private subnet. Create a route table entry from the private subnet to the internet gateway

B Create a NAT gateway m a public subnet Create a route table entry from the private subnet to the NAT gateway

C. Launch a NAT instance m the private subnet Create a route table entry from the private subnet lo the internet gateway

D. Launch a NAT Instance in a public subnet Create a route table entry from the private subnet to the NAT instance.

Options:

Question 88

A company runs us two-tier ecommerce website on AWS The web tier consists of a load balancer that sends traffic to Amazon EC2 instances The database tier uses an Amazon RDS D8 instance The EC2 instances and the ROS DB instance should not be exposed to the public internet The EC2 instances require internet access to complete payment processing of orders through a third-party web service The application must be highly available

Which combination of configuration options will meet these requirements? (Select TWO.)

Options:

Use an Auto Scaling group to launch the EC2 Instances in private subnets Deploy an RDS Mulli-AZ DB instance in private subnets

Configure a VPC with two private subnets and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the private subnets

Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones Deploy an RDS Multi-AZ DB instance in private subnets

Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the public subnet

Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the public subnets

Question 89

A company is designing a cloud communications platform trial is driven by APIs. The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB). The company uses Amazon API Gateway to provide external users with access to the application through APIs. The company wants to protect the platform against web exploits like SQL Injection and also wants to detect and mitigate large, sophisticated DDoS attacks

Which combination of solutions provides the MOST protection? (Select TWO.)

Options:

Use AWS WAF to protect the NLB

Use AWS Shield Advanced with the NLB

Use AWS WAF to protect Amazon API Gateway

Use Amazon GuardDuty with AWS Shield Standard

Use AWS Shield Standard with Amazon API Gateway

Question 90

A company hosts its product information webpages on AWS The existing solution uses multiple Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. The website also uses a custom DNS name and communicates with HTTPS only using a dedicated SSL certificate The company is planning a new product launch and wants to be sure that users from around the world have the best possible experience on the new website

What should a solutions architect do to meet these requirements?

Options:

Redesign the application to use Amazon CloudFront

Redesign the application to use AWS Elastic Beanstalk

Redesign the application to use a Network Load Balancer.

Redesign the application to use Amazon S3 static website hosting

Question 91

A company is developing an Internal application that uses a PostgreSQL database. The company has decided to host the database on Amazon Aurora The application does not need to be highly available but data must be stored in multiple Availability Zones to maximize durability.

Which database configuration meets these requirements MOST cost-effectively?

Options:

An Aurora PostgreSQL DB cluster with a single DB Instance

An Aurora PostgreSQL DB cluster with a primary DB instance and a read replica

An Aurora PostgreSQL DB cluster with Multi-AZ deployment enabled

An Aurora PostgreSQL global database cluster

Question 92

A company has an on-premises MySQL database that handles transactional data The company is migrating the database to the AWS Cloud The migrated database must maintain compatibility with the company's applications that use the database The migrated database also must scale automatically during periods of increased demand.

Which migration solution will meet these requirements?

Options:

Use native MySQL tools to migrate the database to Amazon RDS for MySQL Configure elastic storage scaling

Migrate the database to Amazon Redshift by using the mysqldump utility Turn on Auto Scaling for the Amazon Redshift cluster

Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon Aurora Turn on Aurora Auto Scaling.

Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon DynamoDB Configure an Auto Scaling policy.

Question 93

A company has deployed a server less application that invokes an AWS Lambda function when new documents are uploaded to an Amazon S3 bucket The application uses the Lambda function to process the documents After a recent marketing campaign the company noticed that the application did not process many of The documents

What should a solutions architect do to improve the architecture of this application?

Options:

Set the Lambda function's runtime timeout value to 15 minutes

Configure an S3 bucket replication policy Stage the documents m the S3 bucket for later processing

Deploy an additional Lambda function Load balance the processing of the documents across the two Lambda functions

Create an Amazon Simple Queue Service (Amazon SOS) queue Send the requests to the queue Configure the queue as an event source for Lambda.

Question 94

A company runs a latency-sensitive gaming service in the AWS Cloud. The gaming service runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). An Amazon DynamoDB table stores the gaming data. All he infrastructure is in a single AWS Region. The main user base is in that same Region.

A solutions architect needs to update the architect to support a global expansion of the gaming service must operate with the least possible latency.

Which solution will meet these requirements?

Options:

Create an Amazon CloudFront distribution in front of the ALB.

Deploy an Amazon API Gateway regional API endpoint. Integrate the API endpoint with the ALB.

Create an accelerator in AWS Global Accelerator. Add a listener. Configure the endpoint to point to the ALB.

Deploy the ALB and the fleet of EC2 instances to another Region. Use Amazon Route 53 geolocation routing.

Question 95

An online photo application lets users upload photos and perform image editing operations The application offers two classes of service free and paid Photos submitted by paid users are processed before those submitted by free users Photos are uploaded to Amazon S3 and the job information is sent to Amazon SQS.

Which configuration should a solutions architect recommend?

Options:

Use one SQS FIFO queue Assign a higher priority to the paid photos so they are processed first

Use two SQS FIFO queues: one for paid and one for free Set the free queue to use short polling and the paid queue to use long polling

Use two SQS standard queues one for paid and one for free Configure Amazon EC2 instances to prioritize polling for the paid queue over the free queue.

Use one SQS standard queue. Set the visibility timeout of the paid photos to zero Configure Amazon EC2 instances to prioritize visibility settings so paid photos are processed first

Load More SAA-C02 Questions

Special Summer Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Activedumpsnet Logo

Activedumpsnet Navigation

Activedumpsnet Slider

Amazon Web Services SAA-C02 AWS Certified Solutions Architect - Associate (SAA-C02) Exam Practice Test

AWS Certified Solutions Architect - Associate (SAA-C02) Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer: