Amazon AWS Certified Solutions Architect - Associate SAA-C02
Prev

There are 450 results

Next
#171 (Accuracy: 100% / 3 votes)
A company is running a web application on Amazon EC2 instances in an Auto Scaling group. The application uses a database that runs on an Amazon RDS for
PostgreSQL DB instance. The application performs slowly as traffic increases, and the database experiences a heavy read load during periods of high traffic.
Which actions should a solutions architect take to resolve these performance issues? (Choose two.)
  • A. Enable auto scaling for the DB instance.
  • B. Create a read replica for the DB instance. Configure the application to send read traffic to the read replica.
  • C. Enable Multi-AZ for the DB instance. Configure the application to send read traffic to the standby DB instance.
  • D. Create an Amazon ElastiCache cluster. Configure the application to cache query results in the ElastiCache cluster.
  • E. Configure the Auto Scaling group subnets to ensure that the EC2 instances are provisioned in the same Availability Zone as the DB instance.
#172 (Accuracy: 100% / 2 votes)
A solutions architect must design a highly available infrastructure for a website. The website is powered by Windows web servers that run on Amazon EC2 instances. The solutions architect must implement a solution that can mitigate a large-scale DDoS attack that originates from thousands of IP addresses.
Downtime is not acceptable for the website. Which actions should the solutions architect take to protect the website from such an attack? (Choose two.)
  • A. Use AWS Shield Advanced to stop the DDoS attack.
  • B. Configure Amazon GuardDuty to automatically block the attackers.
  • C. Configure the website to use Amazon CloudFront for both static and dynamic content.
  • D. Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.
  • E. Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization.
#173 (Accuracy: 100% / 2 votes)
A solutions architect is investigating AWS file storage solutions that can be used with a company's on-premises Linux servers and applications. The company has an existing VPN connection set up between the company's VPC and its on-premises network.
Which AWS services should the solutions architect use? (Choose two.)
  • A. AWS Backup
  • B. AWS DataSync
  • C. AWS Snowball Edge
  • D. AWS Storage Gateway
  • E. Amazon Elastic File System (Amazon EFS)
#174 (Accuracy: 100% / 1 votes)
A developer has an application that uses an AWS Lambda function to upload files to Amazon S3 and needs the required permissions to perform the task. The developer already has an IAM user with valid IAM credentials required for Amazon S3.
What should a solutions architect do to grant the permissions?
  • A. Add required IAM permissions in the resource policy of the Lambda function.
  • B. Create a signed request using the existing IAM credentials in the Lambda function.
  • C. Create a new IAM user and use the existing IAM credentials in the Lambda function.
  • D. Create an IAM execution role with the required permissions and attach the IAM role to the Lambda function.
#175 (Accuracy: 100% / 2 votes)
A company is making a prototype of the infrastructure for its new website by manually provisioning the necessary infrastructure. This infrastructure includes an
Auto Scaling group, an Application Load Balancer, and an Amazon RDS database. After the configuration has been thoroughly validated, the company wants the capability to immediately deploy the infrastructure for development and production use in two Availability Zones in an automated fashion.
What should a solutions architect recommend to meet these requirements?
  • A. Use AWS Systems Manager to replicate and provision the prototype infrastructure in two Availability Zones.
  • B. Define the infrastructure as a template by using the prototype infrastructure as a guide. Deploy the infrastructure with AWS CloudFormation.
  • C. Use AWS Config to record the inventory of resources that are used in the prototype infrastructure. Use AWS Config to deploy the prototype infrastructure into two Availability Zones.
  • D. Use AWS Elastic Beanstalk and configure it to use an automated reference to the prototype infrastructure to automatically deploy new environments in two Availability Zones.
#176 (Accuracy: 100% / 1 votes)
A hospital is designing a new application that gathers symptoms from patients. The hospital has decided to use Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS) in the architecture.
A solutions architect is reviewing the infrastructure design. Data must be encrypted at rest and in transit. Only authorized personnel of the hospital should be able to access the data.
Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)
  • A. Turn on server-side encryption on the SQS components. Update the default key policy to restrict key usage to a set of authorized principals.
  • B. Turn on server-side encryption on the SNS components by using an AWS Key Management Service (AWS KMS) customer managed key. Apply a key policy to restrict key usage to a set of authorized principals.
  • C. Turn on encryption on the SNS components. Update the default key policy to restrict key usage to a set of authorized principals. Set a condition in the topic policy to allow only encrypted connections over TLS.
  • D. Turn on server-side encryption on the SQS components by using an AWS Key Management Service (AWS KMS) customer managed key. Apply a key policy to restrict key usage to a set of authorized principals. Set a condition in the queue policy to allow only encrypted connections over TLS.
  • E. Turn on server-side encryption on the SQS components by using an AWS Key Management Service (AWS KMS) customer managed key. Apply an IAM policy to restrict key usage to a set of authorized principals. Set a condition in the queue policy to allow only encrypted connections over TLS.
#177 (Accuracy: 100% / 1 votes)
A solutions architect must secure a VPC network that hosts Amazon EC2 instances. The EC2 instances contain highly sensitive data and run in a private subnet.
According to company policy, the EC2 instances that run in the VPC can access only approved third-party software repositories on the internet for software product updates that use the third party's URL. Other internet traffic must be blocked.
Which solution meets these requirements?
  • A. Update the route table for the private subnet to route the outbound traffic to an AWS Network Firewall firewall. Configure domain list rule groups.
  • B. Set up an AWS WAF web ACL. Create a custom set of rules that filter traffic requests based on source and destination IP address range sets.
  • C. Implement strict inbound security group rules. Configure an outbound rule that allows traffic only to the authorized software repositories on the internet by specifying the URLs.
  • D. Configure an Application Load Balancer (ALB) in front of the EC2 instances. Direct all outbound traffic to the ALB. Use a URL-based rule listener in the ALB's target group for outbound access to the internet.
#178 (Accuracy: 100% / 1 votes)
A company is migrating a Linux-based web server group to AWS. The web servers must access files in a shared file store for some content. The company must not make any changes to the application.
What should a solutions architect do to meet these requirements?
  • A. Create an Amazon S3 Standard bucket with access to the web servers.
  • B. Configure an Amazon CloudFront distribution with an Amazon S3 bucket as the origin.
  • C. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system on all web servers.
  • D. Configure a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume to all web servers.
#179 (Accuracy: 100% / 4 votes)
A company is architecting a shared storage solution for a gaming application that is hosted in the AWS Cloud. The company needs the ability to use Lustre clients to access data. The solution must be fully managed.
Which solution meets these requirements?
  • A. Create an AWS DataSync task that shares the data as a mountable file system. Mount the file system to the application server.
  • B. Create an AWS Storage Gateway file gateway. Create a file share that uses the required client protocol. Connect the application server to the file share.
  • C. Create an Amazon Elastic File System (Amazon EFS) file system, and configure it to support Lustre. Attach the file system to the origin server. Connect the application server to the file system.
  • D. Create an Amazon FSx for Lustre file system. Attach the file system to the origin server. Connect the application server to the file system.
#180 (Accuracy: 100% / 3 votes)
A company has more than 5 TB of file data on Windows file servers that run on premises. Users and applications interact with the data each day.
The company is moving its Windows workloads to AWS. As the company continues this process, the company requires access to AWS and on-premises file storage with minimum latency. The company needs a solution that minimizes operational overhead and requires no significant changes to the existing file access patterns. The company uses an AWS Site-to-Site VPN connection for connectivity to AWS.
What should a solutions architect do to meet these requirements?
  • A. Deploy and configure Amazon FSx for Windows File Server on AWS. Move the on-premises file data to FSx for Windows File Server. Reconfigure the workloads to use FSx for Windows File Server on AWS.
  • B. Deploy and configure an Amazon S3 File Gateway on premises. Move the on-premises file data to the S3 File Gateway. Reconfigure the on-premises workloads and the cloud workloads to use the S3 File Gateway.
  • C. Deploy and configure an Amazon S3 File Gateway on premises. Move the on-premises file data to Amazon S3. Reconfigure the workloads to use either Amazon S3 directly or the S3 File Gateway, depending on each workload's location.
  • D. Deploy and configure Amazon FSx for Windows File Server on AWS. Deploy and configure an Amazon FSx File Gateway on premises. Move the on-premises file data to the FSx File Gateway. Configure the cloud workloads to use FSx for Windows File Server on AWS. Configure the on-premises workloads to use the FSx File Gateway.