Amazon AWS Certified Solutions Architect - Associate SAA-C02
Prev

There are 450 results

Next
#271 (Accuracy: 100% / 3 votes)
A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon ECS) cluster and is using the Fargate launch type for ECS tasks. The company is monitoring CPU and memory usage because it is expecting high traffic to the application upon its launch. However, the company wants to reduce costs when utilization decreases.
What should a solutions architect recommend?
  • A. Use Amazon EC2 Auto Scaling to scale at certain periods based on previous traffic patterns.
  • B. Use an AWS Lambda function to scale Amazon ECS based on metric breaches that trigger an Amazon CloudWatch alarm.
  • C. Use Amazon EC2 Auto Scaling with simple scaling policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm.
  • D. Use AWS Application Auto Scaling with target tracking policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm.
#272 (Accuracy: 100% / 2 votes)
A solutions architect is designing the architecture for a new web application. The application will run on AWS Fargate containers with an Application Load
Balancer (ALB) and an Amazon Aurora PostgreSQL database. The web application will perform primarily read queries against the database.
What should the solutions architect do to ensure that the website can scale with increasing traffic? (Choose two.)
  • A. Enable auto scaling on the ALB to scale the load balancer horizontally.
  • B. Configure Aurora Auto Scaling to adjust the number of Aurora Replicas in the Aurora cluster dynamically.
  • C. Enable cross-zone load balancing on the ALB to distribute the load evenly across containers in all Availability Zones.
  • D. Configure an Amazon Elastic Container Service (Amazon ECS) cluster in each Availability Zone to distribute the load across multiple Availability Zones.
  • E. Configure Amazon Elastic Container Service (Amazon ECS) Service Auto Scaling with a target tracking scaling policy that is based on CPU utilization.
#273 (Accuracy: 100% / 2 votes)
A software vendor is deploying a new software-as-a-service (SaaS) solution that will be utilized by many AWS users. The service is hosted in a VPC behind a
Network Load Balancer. The software vendor wants to provide access to this service to users with the least amount of administrative overhead and without exposing the service to the public internet.
What should a solutions architect do to accomplish this goal?
  • A. Create a peering VPC connection from each user's VPC to the software vendor's VPC.
  • B. Deploy a transit VPC in the software vendor's AWS account. Create a VPN connection with each user account.
  • C. Connect the service in the VPC with an AWS Private Link endpoint. Have users subscribe to the endpoint.
  • D. Deploy a transit VPC in the software vendor's AWS account. Create an AWS Direct Connect connection with each user account.
#274 (Accuracy: 100% / 1 votes)
A company is hosting its website on Amazon S3 and is using Amazon CloudFront to cache content. The company has an upcoming product launch. An employee accidentally published marketing content to the website before the official release of the product. The company needs to remove the marketing content from the website as quickly as possible.
Which solution will meet these requirements?
  • A. Deploy the updated version of the website to another S3 bucket. Update the origin for CloudFront.
  • B. Delete the marketing content in the existing S3 bucket. Invalidate the file path in CloudFront.
  • C. Create a new CloudFront cache policy with a low TTL. Associate the new policy with the existing CloudFront distribution.
  • D. Delete the marketing content in the existing S3 bucket. Update the S3 bucket policy to block requests to the file path.
#275 (Accuracy: 100% / 2 votes)
A company is running a multi-tier ecommerce web application in the AWS Cloud. The web application is running on Amazon EC2 instances. The database tier is on a provisioned Amazon Aurora MySQL DB cluster with a writer and a reader in a Multi-AZ environment. The new requirement for the database tier is to serve the application to achieve continuous write availability through an instance failover.
What should a solutions architect do to meet this new requirement?
  • A. Add a new AWS Region to the DB cluster for multiple writes.
  • B. Add a new reader in the same Availability Zone as the writer.
  • C. Migrate the database tier to an Aurora multi-master cluster.
  • D. Migrate the database tier to an Aurora DB cluster with parallel query enabled.
#276 (Accuracy: 100% / 4 votes)
A company is running an application in a private subnet in a VPC with an attached internet gateway. The company needs to provide the application access to the internet while restricting public access to the application. The company does not want to manage additional infrastructure and wants a solution that is highly available and scalable.
Which solution meets these requirements?
  • A. Create a NAT gateway in the private subnet. Create a route table entry from the private subnet to the internet gateway.
  • B. Create a NAT gateway in a public subnet. Create a route table entry from the private subnet to the NAT gateway.
  • C. Launch a NAT instance in the private subnet. Create a route table entry from the private subnet to the internet gateway.
  • D. Launch a NAT instance in a public subnet. Create a route table entry from the private subnet to the NAT instance.
#277 (Accuracy: 100% / 3 votes)
A company has an application that provides marketing services to stores. The services based on previous purchases by store customers. The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers. Some of the files can exceed 200 GB in size.
Recently, the company discovered that some of the stores have uploaded files that contain personally identifiable information (PII) that should not have been included. The company wants administrators to be alerted if PII is shared again. The company also wants to automate remediation.
What should a solutions architect do to meet these requirements with the LEAST development effort?
  • A. Use an Amazon S3 bucket as a secure transfer point. Use Amazon Inspector to scan the objects in the bucket. If objects contain PII, trigger an S3 Lifecycle policy to remove the objects that contain PII.
  • B. Use an Amazon S3 bucket as a secure transfer point. Use Amazon Macie to scan the objects in the bucket. If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.
  • C. Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.
  • D. Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain PII, use Amazon Simple Email Service (Amazon SES) to trigger a notification to the administrators and trigger an S3 Lifecycle policy to remove the objects that contain PII.
#278 (Accuracy: 100% / 7 votes)
A company provides an API to its users that automates inquiries for tax computations based on item prices. The company experiences a larger number of inquiries during the holiday season only that cause slower response times. A solutions architect needs to design a solution that is scalable and elastic.
What should the solutions architect do to accomplish this?
  • A. Provide an API hosted on an Amazon EC2 instance. The EC2 instance performs the required computations when the API request is made.
  • B. Design a REST API using Amazon API Gateway that accepts the item names. API Gateway passes item names to AWS Lambda for tax computations.
  • C. Create an Application Load Balancer that has two Amazon EC2 instances behind it. The EC2 instances will compute the tax on the received item names.
  • D. Design a REST API using Amazon API Gateway that connects with an API hosted on an Amazon EC2 instance. API Gateway accepts and passes the item names to the EC2 instance for tax computations.
#279 (Accuracy: 100% / 4 votes)
A company runs its two-tier ecommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2 instances require internet access to complete payment processing of orders through a third-party web service. The application must be highly available.
Which combination of configuration options will meet these requirements? (Choose two.)
  • A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.
  • B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.
  • C. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones. Deploy an RDS Multi-AZ DB instance in private subnets.
  • D. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnet.
  • E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets.
#280 (Accuracy: 100% / 4 votes)
A company hosts a multi-tier web application that uses an Amazon Aurora MySQL DB cluster for storage. The application tier is hosted on Amazon EC2 instances. The company's IT security guidelines mandate that the database credentials be encrypted and rotated every 14 days.
What should a solutions architect do to meet this requirement with the LEAST operational effort?
  • A. Create a new AWS Key Management Service (AWS KMS) encryption key. Use AWS Secrets Manager to create a new secret that uses the KMS key with the appropriate credentials. Associate the secret with the Aurora DB cluster. Configure a custom rotation period of 14 days.
  • B. Create two parameters in AWS Systems Manager Parameter Store: one for the user name as a string parameter and one that uses the SecureString type for the password. Select AWS Key Management Service (AWS KMS) encryption for the password parameter, and load these parameters in the application tier. Implement an AWS Lambda function that rotates the password every 14 days.
  • C. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system in all EC2 instances of the application tier. Restrict the access to the file on the file system so that the application can read the file and that only super users can modify the file. Implement an AWS Lambda function that rotates the key in Aurora every 14 days and writes new credentials into the file.
  • D. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon S3 bucket that the application uses to load the credentials. Download the file to the application regularly to ensure that the correct credentials are used. Implement an AWS Lambda function that rotates the Aurora credentials every 14 days and uploads these credentials to the file in the S3 bucket.