Amazon AWS Certified Solutions Architect - Associate SAA-C02
Prev

There are 450 results

Next
#291 (Accuracy: 100% / 4 votes)
A company has two AWS accounts: Production and Development. There are code changes ready in the Development account to push to the Production account.
In the alpha phase, only two senior developers on the development team need access to the Production account. In the beta phase, more developers might need access to perform testing as well.
What should a solutions architect recommend?
  • A. Create two policy documents using the AWS Management Console in each account. Assign the policy to developers who need access.
  • B. Create an IAM role in the Development account. Give one IAM role access to the Production account. Allow developers to assume the role.
  • C. Create an IAM role in the Production account with the trust policy that specifies the Development account. Allow developers to assume the role.
  • D. Create an IAM group in the Production account and add it as a principal in the trust policy that specifies the Production account. Add developers to the group.
#292 (Accuracy: 100% / 1 votes)
An ecommerce company has an order-processing application that uses Amazon API Gateway and an AWS Lambda function. The application stores data in an
Amazon Aurora PostgreSQL database. During a recent sales event, a sudden surge in customer orders occurred. Some customers experienced timeouts, and the application did not process the orders of those customers.
A solutions architect determined that the CPU utilization and memory utilization were high on the database because of a large number of open connections. The solutions architect needs to prevent the timeout errors while making the least possible changes to the application.
Which solution will meet these requirements?
  • A. Configure provisioned concurrency for the Lambda function. Modify the database to be a global database in multiple AWS Regions.
  • B. Use Amazon RDS Proxy to create a proxy for the database. Modify the Lambda function to use the RDS Proxy endpoint instead of the database endpoint.
  • C. Create a read replica for the database in a different AWS Region. Use query string parameters in API Gateway to route traffic to the read replica.
  • D. Migrate the data from Aurora PostgreSQL to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS). Modify the Lambda function to use the DynamoDB table.
#293 (Accuracy: 100% / 3 votes)
A company is testing an application that runs on an Amazon EC2 Linux instance. The instance contains a data volume of 500 GB that consists of a single Amazon
Elastic Block Store (Amazon EBS) General Purpose SSD (gp2) volume.
The application is now ready for production use and will be installed on multiple EC2 instances that run in an Auto Scaling group. All instances need access to the data that was stored on the 500 GB volume. The company needs a highly available and fault-tolerant solution that does not introduce any significant changes to the application's code.
Which solution meets these requirements?
  • A. Provision an EC2 instance with NFS server software that is configured with a single 500 GB gp2 volume.
  • B. Use an Amazon FSx for Windows File Server file system that is configured as an SMB file store within a single Availability Zone.
  • C. Migrate the data into an Amazon S3 bucket. Use an EC2 instance profile to access the contents of the bucket.
  • D. Use an Amazon Elastic File System (Amazon EFS) file system that is configured with the General Purpose performance mode.
#294 (Accuracy: 100% / 3 votes)
A company recently migrated to AWS and wants to implement a solution to protect the traffic that flows in and out of the production VPC. The company had an inspection server in its on-premises data center. The inspection server performed specific operations such as traffic flow inspection and traffic filtering. The company wants to have the same functionalities in the AWS Cloud.
Which solution will meet these requirements?
  • A. Use Amazon GuardDuty for traffic inspection and traffic filtering in the production VPC
  • B. Use Traffic Mirroring to mirror traffic from the production VPC for traffic inspection and filtering.
  • C. Use AWS Network Firewall to create the required rules for traffic inspection and traffic filtering for the production VPC.
  • D. Use AWS Firewall Manager to create the required rules for traffic inspection and traffic filtering for the production VPC.
#295 (Accuracy: 100% / 1 votes)
A solutions architect is tasked with transferring 750 TB of data from a network-attached file system located at a branch office to Amazon S3 Glacier. The solution must avoid saturating the branch office's low-bandwidth internet connection.
What is the MOST cost-effective solution?
  • A. Create a site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly. Create a bucket policy to enforce a VPC endpoint.
  • B. Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination. Create a bucket policy to enforce a VPC endpoint.
  • C. Mount the network-attached file system to Amazon S3 and copy the files directly. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier.
  • D. Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier.
#296 (Accuracy: 100% / 3 votes)
A company wants its public web application to run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The application must use a publicly trusted SSL certificate.
Which solution will meet these requirements MOST cost-effectively?
  • A. Provision a public SSL/TLS certificate through AWS Certificate Manager (ACM). Configure the new certificate on the HTTPS listener for the ALB.
  • B. Use AWS Certificate Manager Private Certificate Authority to issue an SSL/TLS certificate. Configure the new certificate on the HTTPS listener for the ALB.
  • C. Create a self-signed certificate on one of the EC2 instances in the Auto Scaling group. Export the certificate, and configure it on the HTTPS listener for the ALB.
  • D. Deploy an EC2-hosted certificate authority (CA). Import a trusted root certificate. Issue a new SSL/TLS certificate. Configure the new certificate on the HTTPS listener for the ALB.
#297 (Accuracy: 100% / 2 votes)
A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management.
What should a solutions architect do to accomplish this goal?
  • A. Use AWS Secrets Manager. Turn on automatic rotation.
  • B. Use AWS Systems Manager Parameter Store. Turn on automatic rotation.
  • C. Create an Amazon S3 bucket to store objects that are encrypted with an AWS Key Management Service (AWS KMS) encryption key. Migrate the credential file to the S3 bucket. Point the application to the S3 bucket.
  • D. Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance. Attach the new EBS volume to each EC2 instance. Migrate the credential file to the new EBS volume. Point the application to the new EBS volume.
#298 (Accuracy: 100% / 2 votes)
A company wants to deploy a new public web application on AWS. The application includes a web server tier that uses Amazon EC2 instances. The application also includes a database tier that uses an Amazon RDS for MySQL DB instance.
The application must be secure and accessible for global customers that have dynamic IP addresses.
How should a solutions architect configure the security groups to meet these requirements?
  • A. Configure the security group for the web servers to allow inbound traffic on port 443 from 0.0.0.0/0. Configure the security group for the DB instance to allow inbound traffic on port 3306 from the security group of the web servers.
  • B. Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers. Configure the security group for the DB instance to allow inbound traffic on port 3306 from the security group of the web servers.
  • C. Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers. Configure the security group for the DB instance to allow inbound traffic on port 3306 from the IP addresses of the customers.
  • D. Configure the security group for the web servers to allow inbound traffic on port 443 from 0.0.0.0/0. Configure the security group for the DB instance to allow inbound traffic on port 3306 from 0.0.0 0/0.
#299 (Accuracy: 100% / 2 votes)
A company wants to run an in-memory database for a latency-sensitive application that runs on Amazon EC2 instances. The application processes more than
100,000 transactions each minute and requires high network throughput. A solutions architect needs to provide a cost-effective network design that minimizes data transfer charges.
Which solution meets these requirements?
  • A. Launch all EC2 instances in the same Availability Zone within the same AWS Region. Specify a placement group with cluster strategy when launching EC2 instances.
  • B. Launch all EC2 instances in different Availability Zones within the same AWS Region. Specify a placement group with partition strategy when launching EC2 instances.
  • C. Deploy an Auto Scaling group to launch EC2 instances in different Availability Zones based on a network utilization target.
  • D. Deploy an Auto Scaling group with a step scaling policy to launch EC2 instances in different Availability Zones.
#300 (Accuracy: 100% / 5 votes)
A company is preparing to migrate its on-premises application to AWS. The application consists of application servers and a Microsoft SQL Server database The database cannot be migrated to a different engine because SQL Server features are used in the application's NET code. The company wants to attain the greatest availability possible while minimizing operational and management overhead.
What should a solutions architect do to accomplish this?
  • A. Install SQL Server on Amazon EC2 in a Multi-AZ deployment.
  • B. Migrate the data to Amazon RDS for SQL Server in a Multi-AZ deployment.
  • C. Deploy the database on Amazon RDS for SQL Server with Multi-AZ Replicas.
  • D. Migrate the data to Amazon RDS for SQL Server in a cross-Region Multi-AZ deployment.