Amazon AWS Certified Solutions Architect - Associate SAA-C02
Prev

There are 450 results

Next
#131 (Accuracy: 100% / 4 votes)
A company runs multiple Windows workloads on AWS. The company's employees use Windows file shares that are hosted on two Amazon EC2 instances. The file shares synchronize data between themselves and maintain duplicate copies. The company wants a highly available and durable storage solution that preserves how users currently access the files.
What should a solutions architect do to meet these requirements?
  • A. Migrate all the data to Amazon S3. Set up IAM authentication for users to access files.
  • B. Set up an Amazon S3 File Gateway. Mount the S3 File Gateway on the existing EC2 instances.
  • C. Extend the file share environment to Amazon FSx for Windows File Server with a Multi-AZ configuration. Migrate all the data to FSx for Windows File Server.
  • D. Extend the file share environment to Amazon Elastic File System (Amazon EFS) with a Multi-AZ configuration. Migrate all the data to Amazon EFS.
#132 (Accuracy: 100% / 1 votes)
A company serves a multilingual website from a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). This architecture is currently running in the us-west-1 Region but is exhibiting high request latency for users located in other parts of the world.
The website needs to serve requests quickly and efficiently regardless of a user's location. However, the company does not want to recreate the existing architecture across multiple Regions.
How should a solutions architect accomplish this?
  • A. Replace the existing architecture with a website served from an Amazon S3 bucket. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.
  • B. Configure an Amazon CloudFront distribution with the ALB as the origin. Set the cache behavior settings to only cache based on the Accept-Language request header.
  • C. Set up Amazon API Gateway with the ALB as an integration. Configure API Gateway to use an HTTP integration type. Set up an API Gateway stage to enable the API cache.
  • D. Launch an EC2 instance in each additional Region and configure NGINX to act as a cache server for that Region. Put all the instances plus the ALB behind an Amazon Route 53 record set with a geolocation routing policy.
#133 (Accuracy: 100% / 2 votes)
A doctor's office is moving all of its patient data to the AWS Cloud. The office needs to retain all the data indefinitely, but the data is rarely accessed after a year.
The data must be immediately available during the first year. However, to minimize cost, the office is willing to wait a day for data that is more than 1 year old to become available.
Which combination of actions should a solutions architect take to meet these requirements MOST cost-effectively? (Choose two.)
  • A. Create an Amazon S3 Lifecycle transition rule to move the data to S3 Glacier after a year.
  • B. Create an Amazon S3 Lifecycle transition rule to move the data to S3 Glacier Deep Archive after a year.
  • C. Create an Amazon S3 bucket for the data. Store data in the S3 bucket by using the S3 Glacier storage class.
  • D. Create an Amazon S3 bucket for the data. Store data in the bucket by using the S3 Standard storage class.
  • E. Create an Amazon S3 bucket for the data. Store data in the bucket by using the S3 Intelligent-Tiering storage class.
#134 (Accuracy: 100% / 2 votes)
A solutions architect is creating a new Amazon CloudFront distribution for an application. Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should be protected throughout the entire application stack, and access to the information should be restricted to certain applications.
Which action should the solutions architect take?
  • A. Configure a CloudFront signed URL
  • B. Configure a CloudFront signed cookie.
  • C. Configure a CloudFront field-level encryption profile.
  • D. Configure a CloudFront and set the Origin Protocol Policy setting to HTTPS. Only for the Viewer Protocol Pokey.
#135 (Accuracy: 100% / 5 votes)
A company stores user data in AWS. The data is used continuously with peak usage during business hours. Access patterns vary, with some data not being used for months at a time. A solutions architect must choose a cost-effective solution that maintains the highest level of durability while maintaining high availability.
Which storage solution meets these requirements?
  • A. Amazon S3 Standard
  • B. Amazon S3 Intelligent-Tiering
  • C. Amazon S3 Glacier Deep Archive
  • D. Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
#136 (Accuracy: 100% / 9 votes)
As part of budget planning, management wants a report of AWS billed items listed by user. The data will be used to create department budgets. A solutions architect needs to determine the most efficient way to obtain this report information.
Which solution meets these requirements?
  • A. Run a query with Amazon Athena to generate the report.
  • B. Create a report in Cost Explorer and download the report.
  • C. Access the bill details from the billing dashboard and download the bill.
  • D. Modify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES).
#137 (Accuracy: 100% / 3 votes)
A company is using a third-party vendor to manage its marketplace analytics. The vendor needs limited programmatic access to resources in the company's account. All the needed policies have been created to grant appropriate access.
Which additional component will provide the vendor with the MOST secure access to the account?
  • A. Create an IAM user.
  • B. Implement a service control policy (SCP)
  • C. Use a cross-account role with an external ID.
  • D. Configure a single sign-on (SSO) identity provider.
#138 (Accuracy: 92% / 6 votes)
A company's security policy requires that all AWS API activity in its AWS accounts be recorded for periodic auditing. The company needs to ensure that AWS
CloudTrail is enabled on all of its current and future AWS accounts using AWS Organizations.
Which solution is MOST secure?
  • A. At the organization's root, define and attach a service control policy (SCP) that permits enabling CloudTrail only.
  • B. Create IAM groups in the organization's management account as needed. Define and attach an IAM policy to the groups that prevents users from disabling CloudTrail.
  • C. Organize accounts into organizational units (OUs). At the organization's root, define and attach a service control policy (SCP) that prevents users from disabling CloudTrail.
  • D. Add all existing accounts under the organization's root. Define and attach a service control policy (SCP) to every account that prevents users from disabling CloudTrail.
#139 (Accuracy: 100% / 4 votes)
A company has thousands of edge devices that collectively generate 1 TB of status alerts each day. Each alert is approximately 2 KB in size. A solutions architect needs to implement a solution to ingest and store the alerts for future analysis.
The company wants a highly available solution. However, the company needs to minimize costs and does not want to manage additional infrastructure.
Additionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than 14 days.
What is the MOST operationally efficient solution that meets these requirements?
  • A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts. Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3 bucket. Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days.
  • B. Launch Amazon EC2 instances across two Availability Zones and place them behind an Elastic Load Balancer to ingest the alerts. Create a script on the EC2 instances that will store the alerts in an Amazon S3 bucket. Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days.
  • C. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts. Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon Elasticsearch Service (Amazon ES) cluster. Set up the Amazon ES cluster to take manual snapshots every day and delete data from the cluster that is older than 14 days.
  • D. Create an Amazon Simple Queue Service (Amazon SQS) standard queue to ingest the alerts, and set the message retention period to 14 days. Configure consumers to poll the SQS queue, check the age of the message, and analyze the message data as needed. If the message is 14 days old, the consumer should copy the message to an Amazon S3 bucket and delete the message from the SQS queue.
#140 (Accuracy: 100% / 1 votes)
A company designs a mobile app for its customers to upload photos to a website. The app needs a secure login with multi-factor authentication (MFA). The company wants to limit the initial build time and the maintenance of the solution.
Which solution should a solutions architect recommend to meet these requirements?
  • A. Use Amazon Cognito Identity with SMS-based MFA.
  • B. Edit IAM policies to require MFA for all users.
  • C. Federate IAM against the corporate Active Directory that requires MFA.
  • D. Use Amazon API Gateway and require server-side encryption (SSE) for photos.