Amazon AWS Certified Solutions Architect - Associate SAA-C02
Prev

There are 450 results

Next
#401 (Accuracy: 100% / 5 votes)
A company is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in
Amazon RDS MySQL Multi-AZ DB instances. The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web-based attacks.
What should a solutions architect recommend?
  • A. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Configure the EC2 instance iptables rules to drop suspicious web traffic. Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
  • B. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Move DB instances to the same subnets that EC2 instances are located in. Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
  • C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group.
  • D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.
#402 (Accuracy: 100% / 2 votes)
A company hosts historical weather records in Amazon S3. The records are downloaded from the company's website by a way of a URL that resolves to a domain name. Users all over the world access this content through subscriptions. A third-party provider hosts the company's root domain name, but the company recently migrated some of its services to Amazon Route 53. The company wants to consolidate contracts, reduce latency for users, and reduce costs related to serving the application to subscribers.
Which solution meets these requirements?
  • A. Create a web distribution on Amazon CloudFront to serve the S3 content for the application. Create a CNAME record in a Route 53 hosted zone that points to the CloudFront distribution, resolving to the application's URL domain name.
  • B. Create a web distribution on Amazon CloudFront to serve the S3 content for the application. Create an ALIAS record in the Amazon Route 53 hosted zone that points to the CloudFront distribution, resolving to the application's URL domain name.
  • C. Create an A record in a Route 53 hosted zone for the application. Create a Route 53 traffic policy for the web application, and configure a geolocation rule. Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is unhealthy.
  • D. Create an A record in a Route 53 hosted zone for the application. Create a Route 53 traffic policy for the web application, and configure a geoproximity rule. Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is unhealthy.
#403 (Accuracy: 96% / 9 votes)
A company is running a database on Amazon Aurora. The database is idle every evening. An application that performs extensive reads on the database experiences performance issues during morning hours when user traffic spikes. During these peak periods, the application receives timeout errors when reading from the database. The company does not have a dedicated operations team and needs an automated solution to address the performance issues.
Which actions should a solutions architect take to automatically adjust to the increased read load on the database? (Choose two.)
  • A. Migrate the database to Aurora Serverless.
  • B. Increase the instance size of the Aurora database.
  • C. Configure Aurora Auto Scaling with Aurora Replicas.
  • D. Migrate the database to an Aurora multi-master cluster.
  • E. Migrate the database to an Amazon RDS for MySQL Multi-AZ deployment.
#404 (Accuracy: 100% / 1 votes)
A company operates an ecommerce website on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. The site is experiencing performance issues related to a high request rate from illegitimate external systems with changing IP addresses. The security team is worried about potential DDoS attacks against the website. The company must block the illegitimate incoming requests in a way that has a minimal impact on legitimate users.
What should a solutions architect recommend?
  • A. Deploy Amazon Inspector and associate it with the ALB.
  • B. Deploy AWS WAF, associate it with the ALB, and configure a rate-limiting rule.
  • C. Deploy rules to the network ACLs associated with the ALB to block the incoming traffic.
  • D. Deploy Amazon GuardDuty and enable rate-limiting protection when configuring GuardDuty.
#405 (Accuracy: 100% / 1 votes)
A company is running a media store across multiple Amazon EC2 instances distributed across multiple Availability Zones in a single VPC. The company wants a high-performing solution to share data between all the EC2 instances, and prefers to keep the data within the VPC only.
What should a solutions architect recommend?
  • A. Create an Amazon S3 bucket and call the service APIs from each instance's application.
  • B. Create an Amazon S3 bucket and configure all instances to access it as a mounted volume.
  • C. Configure an Amazon Elastic Block Store (Amazon EBS) volume and mount it across all instances.
  • D. Configure an Amazon Elastic File System (Amazon EFS) file system and mount it across all instances.
#406 (Accuracy: 100% / 1 votes)
A company is running a web-based game in two Availability Zones in the us-west-2 Region. The web servers use an Application Load Balancer (ALB) in public subnets. The ALB has an SSL certificate from AWS Certificate Manager (ACM) with a custom domain name. The game is written in JavaScript and runs entirely in a user's web browser.
The game is increasing in popularity in many countries around the world. The company wants to update the application architecture and optimize costs without compromising performance.
What should a solutions architect do to meet these requirements?
  • A. Use Amazon CloudFront and create a global distribution that points to the ALB. Reuse the existing certificate from ACM for the CloudFront distribution. Use Amazon Route 53 to update the application alias to point to the distribution.
  • B. Use AWS CloudFormation to deploy the application stack to AWS Regions near countries where the game is popular. Use ACM to create a new certificate for each application instance. Use Amazon Route 53 with a geolocation routing policy to direct traffic to the local application instance.
  • C. Use Amazon S3 and create an S3 bucket in AWS Regions near countries where the game is popular. Deploy the HTML and JavaScript files to each S3 bucket Use ACM to create a new certificate for each S3 bucket. Use Amazon Route 53 with a geolocation routing policy to direct traffic to the local S3 bucket.
  • D. Use Amazon S3 and create an S3 bucket in us-west-2. Deploy the HTML and JavaScript files to the S3 bucket. Use Amazon CloudFront and create a global distribution with the S3 bucket as the origin. Use ACM to create a new certificate for the distribution. Use Amazon Route 53 to update the application alias to point to the distribution.
#407 (Accuracy: 100% / 1 votes)
An application calls a service run by a vendor. The vendor charges based on the number of calls. The finance department needs to know the number of calls that are made to the service to validate the billing statements.
How can a solutions architect design a system to durably store the number of calls without requiring changes to the application?
  • A. Call the service through an internet gateway.
  • B. Decouple the application from the service with an Amazon Simple Queue Service (Amazon SQS) queue.
  • C. Publish a custom Amazon CloudWatch metric that counts calls to the service.
  • D. Call the service through a VPC peering connection.
#408 (Accuracy: 100% / 2 votes)
A company is migrating a Linux-based web server group to AWS. The web servers must access files in a shared file store for some content. To meet the migration date, minimal changes can be made.
What should a solutions architect do to meet these requirements?
  • A. Create an Amazon S3 Standard bucket with access to the web server.
  • B. Configure an Amazon CloudFront distribution with an Amazon S3 bucket as the origin.
  • C. Create an Amazon Elastic File System (Amazon EFS) volume and mount it on all web servers.
  • D. Configure Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS SSD (io1) volumes and mount them on all web servers.
#409 (Accuracy: 100% / 3 votes)
A solutions architect is designing the architecture of a new application being deployed to the AWS Cloud. The application will run on Amazon EC2 On-Demand
Instances and will automatically scale across multiple Availability Zones. The EC2 instances will scale up and down frequently throughout the day. An Application
Load Balancer (ALB) will handle the load distribution. The architecture needs to support distributed session data management. The company is willing to make changes to code if needed.
What should the solutions architect do to ensure that the architecture supports distributed session data management?
  • A. Use Amazon ElastiCache to manage and store session data.
  • B. Use session affinity (sticky sessions) of the ALB to manage session data.
  • C. Use Session Manager from AWS Systems Manager to manage the session.
  • D. Use the GetSessionToken API operation in AWS Security Token Service (AWS STS) to manage the session.
#410 (Accuracy: 100% / 13 votes)
An entertainment company is using Amazon DynamoDB to store media metadata. The application is read intensive and experiencing delays. The company does not have staff to handle additional operational overhead and needs to improve the performance efficiency of DynamoDB without reconfiguring the application.
What should a solutions architect recommend to meet this requirement?
  • A. Use Amazon ElastiCache for Redis.
  • B. Use Amazon DynamoDB Accelerator (DAX).
  • C. Replicate data by using DynamoDB global tables.
  • D. Use Amazon ElastiCache for Memcached with Auto Discovery enabled.