Amazon AWS Certified Solutions Architect - Associate SAA-C02
Prev

There are 450 results

Next
#311 (Accuracy: 100% / 1 votes)
A company has an application that serves clients that are deployed in more than 20,000 retail storefront locations around the world. The application consists of backend web services that are exposed over HTTPS on port 443. The application is hosted on Amazon EC2 instances behind an Application Load Balancer
(ALB). The retail locations communicate with the web application over the public internet. The company allows each retail location to register the IP address that the retail location has been allocated by its local ISP.
The company's security team recommends to increase the security of the application endpoint by restricting access to only the IP addresses registered by the retail locations.
What should a solutions architect do to meet these requirements?
  • A. Associate an AWS WAF web ACL with the ALB. Use IP rule sets on the ALB to filter traffic. Update the IP addresses in the rule to include the registered IP addresses.
  • B. Deploy AWS Firewall Manager to manage the ALB. Configure firewall rules to restrict traffic to the ALB. Modify the firewall rules to include the registered IP addresses.
  • C. Store the IP addresses in an Amazon DynamoDB table. Configure an AWS Lambda authorization function on the ALB to validate that incoming requests are from the registered IP addresses.
  • D. Configure the network ACL on the subnet that contains the public interface of the ALB. Update the ingress rules on the network ACL with entries for each of the registered IP addresses.
#312 (Accuracy: 100% / 1 votes)
A company is concerned about the security of its public web application due to recent web attacks. The application uses an Application Load Balancer (ALB). A solutions architect must reduce the risk of DDoS attacks against the application.
What should the solutions architect do to meet this requirement?
  • A. Add an Amazon Inspector agent to the ALB
  • B. Configure Amazon Macie to prevent attacks
  • C. Enable AWS Shield Advanced to prevent attacks
  • D. Configure Amazon GuardDuty to monitor the ALB
#313 (Accuracy: 100% / 3 votes)
A company runs several websites on AWS for its different brands. Each website generates tens of gigabytes of web traffic logs each day. A solutions architect needs to design a scalable solution to give the company's developers the ability to analyze traffic patterns across all the company's websites. This analysis by the developers will occur on demand once a week over the course of several months. The solution must support queries with standard SQL.
Which solution will meet these requirements MOST cost-effectively?
  • A. Store the logs in Amazon S3. Use Amazon Athena for analysis.
  • B. Store the logs in Amazon RDS. Use a database client for analysis.
  • C. Store the logs in Amazon OpenSearch Service (Amazon Elasticsearch Service). Use Amazon OpenSearch Service (Amazon Elasticsearch Service) for analysis.
  • D. Store the logs in an Amazon EMR cluster. Use a supported open-source framework for SQL-based analysis.
#314 (Accuracy: 100% / 1 votes)
A company has a document management application that contains PDF documents. The company hosts the application on Amazon EC2 instances. According to regulations, the instances must not have access to the internet. The application must be able to read and write to a persistent storage system that provides native versioning capabilities.
A solutions architect needs to design secure storage that maximizes resiliency and facilitates data sharing across instances.
Which solution meets these requirements?
  • A. Place the instances in a public subnet. Use Amazon S3 for storage. Access S3 objects by using URLs.
  • B. Place the instances in a private subnet. Use Amazon S3 for storage. Use a VPC endpoint to access S3 objects.
  • C. Use the instances with a Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume.
  • D. Use Amazon Elastic File System (Amazon EFS) Standard-Infrequent Access (Standard-IA) to store data and provide shared access to the instances.
#315 (Accuracy: 100% / 1 votes)
The DNS provider that hosts a company's domain name records is experiencing outages that cause service disruption for a website running on AWS. The company needs to migrate to a more resilient managed DNS service and wants the service to run on AWS.
What should a solutions architect do to rapidly migrate the DNS hosting service?
  • A. Create an Amazon Route 53 public hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider.
  • B. Create an Amazon Route 53 private hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider.
  • C. Create a Simple AD directory in AWS. Enable zone transfer between the DNS provider and AWS Directory Service for Microsoft Active Directory for the domain records.
  • D. Create an Amazon Route 53 Resolver inbound endpoint in the VPC. Specify the IP addresses that the provider's DNS will forward DNS queries to. Configure the provider's DNS to forward DNS queries for the domain to the IP addresses that are specified in the inbound endpoint.
#316 (Accuracy: 100% / 1 votes)
A company has deployed a serverless application that invokes an AWS Lambda function when new documents are uploaded to an Amazon S3 bucket. The application uses the Lambda function to process the documents. After a recent marketing campaign, the company noticed that the application did not process many of the documents.
What should a solutions architect do to improve the architecture of this application?
  • A. Set the Lambda function's runtime timeout value to 15 minutes.
  • B. Configure an S3 bucket replication policy. Stage the documents in the S3 bucket for later processing.
  • C. Deploy an additional Lambda function. Load balance the processing of the documents across the two Lambda functions.
  • D. Create an Amazon Simple Queue Service (Amazon SQS) queue. Send the requests to the queue. Configure the queue as an event source for Lambda.
#317 (Accuracy: 100% / 2 votes)
A company is deploying a new application on Amazon EC2 instances. The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes. The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.
Which solution will meet this requirement?
  • A. Create an IAM role that specifies EBS encryption. Attach the role to the EC2 instances.
  • B. Create the EBS volumes as encrypted volumes. Attach the EBS volumes to the EC2 instances.
  • C. Create an EC2 instance tag that has a key of Encrypt and a value of True. Tag all instances that require encryption at the EBS level.
  • D. Create an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account. Ensure that the key policy is active.
#318 (Accuracy: 100% / 3 votes)
A company has two AWS accounts in the same AWS Region. One account is a publisher account, and the other account is a subscriber account. Each account has its own Amazon S3 bucket.
An application puts media objects into the publisher account's S3 bucket. The objects are encrypted with server-side encryption with customer-provided encryption keys (SSE-C). The company needs a solution that will automatically copy the objects to the subscriber's account's S3 bucket.
Which solution will meet these requirements with the LEAST operational overhead?
  • A. Enable S3 Versioning on the publisher account's S3 bucket. Configure S3 Same-Region Replication of the objects to the subscriber account's S3 bucket.
  • B. Create an AWS Lambda function that is invoked when objects are published in the publisher account's S3 bucket. Configure the Lambda function to copy the objects to the subscriber account's S3 bucket.
  • C. Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function when objects are published in the publisher account's S3 bucket. Configure the Lambda function to copy the objects to the subscriber account's S3 bucket.
  • D. Configure Amazon EventBridge (Amazon CloudWatch Events) to publish Amazon Simple Notification Service (Amazon SNS) notifications when objects are published in the publisher account's S3 bucket. When notifications are received, use the S3 console to copy the objects to the subscriber account's S3 bucket.
#319 (Accuracy: 100% / 2 votes)
A company is designing an application to run in a VPC on AWS. The application consists of Amazon EC2 instances that run in private subnets as part of an Auto
Scaling group. The application also includes a Network Load Balancer that extends across public subnets. The application stores data in an Amazon RDS DB instance.
The company has attached a security group that is named `web-servers` to the EC2 instances. The company has attached a security group that is named
`database` to the DB instance.
How should a solutions architect configure the communication between the EC2 instances and the DB instance?
  • A. Configure the ג€web-serversג€ security group to allow access to the DB instance's current IP addresses. Configure the ג€databaseג€ security group to allow access from the current set of IP addresses in use by the EC2 instances.
  • B. Configure the ג€web-serversג€ security group to allow access to the ג€databaseג€ security group. Configure the ג€databaseג€ security group to allow access from the ג€web-serversג€ security group.
  • C. Configure the ג€web-serversג€ security group to allow access to the DB instance's current IP addresses. Configure the ג€databaseג€ security group to allow access from the Auto Scaling group.
  • D. Configure the ג€web-serversג€ security group to allow access to the ג€databaseג€ security group. Configure the ג€databaseג€ security group to allow access from the Auto Scaling group.
#320 (Accuracy: 100% / 2 votes)
A startup company is hosting a website for its customers on an Amazon EC2 instance. The website consists of a stateless Python application and a MySQL database. The website servers only a small amount of traffic. The company is concerned about the reliability of the instance and needs to migrate to a highly available architecture. The company cannot modify the application code.
Which combination of actions should a solutions architect take to achieve high availability for the website?
  • A. Provision an internet gateway in each Availability Zone in use.
  • B. Migrate the database to an Amazon RDS for MySQL Multi-AZ DB instance.
  • C. Migrate the database to Amazon DynamoDB, and enable DynamoDB auto scaling.
  • D. Use AWS DataSync to synchronize the database data across multiple EC2 instances.
  • E. Create an Application Load Balancer to distribute traffic to an Auto Scaling group of EC2 instances that are distributed across two Availability Zones.