Amazon AWS Certified Solutions Architect - Associate SAA-C02
Prev

There are 450 results

Next
#61 (Accuracy: 100% / 3 votes)
An ecommerce company is running a multi-tier application on AWS. The front-end and backend tiers both run on Amazon EC2, and the database runs on Amazon
RDS for MySQL. The backend tier communicates with the RDS instance. There are frequent calls to return identical datasets from the database that are causing performance slowdowns.
Which action should be taken to improve the performance of the backend?
  • A. Implement Amazon SNS to store the database calls.
  • B. Implement Amazon ElastiCache to cache the large datasets.
  • C. Implement an RDS for MySQL read replica to cache database calls.
  • D. Implement Amazon Kinesis Data Firehose to stream the calls to the database.
#62 (Accuracy: 100% / 2 votes)
A company delivers files in Amazon S3 to certain users who do not have AWS credentials. These users must be given access for a limited time. What should a solutions architect do to securely meet these requirements?
  • A. Enable public access on an Amazon S3 bucket.
  • B. Generate a presigned URL to share with the users.
  • C. Encrypt files using AWS KMS and provide keys to the users.
  • D. Create and assign IAM roles that will grant GetObject permissions to the users.
#63 (Accuracy: 100% / 1 votes)
A company wants to run a hybrid workload for data processing. The data needs to be accessed by on-premises applications for local data processing using an
NFS protocol, and must also be accessible from the AWS Cloud for further analytics and batch processing.
Which solution will meet these requirements?
  • A. Use an AWS Storage Gateway file gateway to provide file storage to AWS, then perform analytics on this data in the AWS Cloud.
  • B. Use an AWS Storage Gateway tape gateway to copy the backup of the local data to AWS, then perform analytics on this data in the AWS cloud.
  • C. Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AWS.
  • D. Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS cloud, then perform analytics on this data in the cloud.
#64 (Accuracy: 100% / 2 votes)
A company plans to store sensitive user data on Amazon S3. Internal security compliance requirement mandate encryption of data before sending it to Amazon
S3.
What should a solutions architect recommend to satisfy these requirements?
  • A. Server-side encryption with customer-provided encryption keys
  • B. Client-side encryption with Amazon S3 managed encryption keys
  • C. Server-side encryption with keys stored in AWS key Management Service (AWS KMS)
  • D. Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS)
#65 (Accuracy: 100% / 2 votes)
A solutions architect is moving the static content from a public website hosted on Amazon EC2 instances to an Amazon S3 bucket. An Amazon CloudFront distribution will be used to deliver the static assets. The security group used by the EC2 instances restricts access to a limited set of IP ranges. Access to the static content should be similarly restricted.
Which combination of steps will meet these requirements? (Choose two.)
  • A. Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket policy so that only the OAI can read the objects.
  • B. Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group. Associate this new web ACL with the CloudFront distribution.
  • C. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the CloudFront distribution.
  • D. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the S3 bucket hosting the static content.
  • E. Create a new IAM role and associate the role with the distribution. Change the permissions either on the S3 bucket or on the files within the S3 bucket so that only the newly created IAM role has read and download permissions.
#66 (Accuracy: 92% / 6 votes)
A company recently launched its website to serve content to its global user base. The company wants to store and accelerate the delivery of static content to its users by leveraging Amazon CloudFront with an Amazon EC2 instance attached as its origin.
How should a solutions architect optimize high availability for the application?
  • A. Use Lambda@Edge for CloudFront.
  • B. Use Amazon S3 Transfer Acceleration for CloudFront.
  • C. Configure another EC2 instance in a different Availability Zone as part of the origin group.
  • D. Configure another EC2 instance as part of the origin server cluster in the same Availability Zone.
#67 (Accuracy: 100% / 1 votes)
A company currently stores symmetric encryption keys in a hardware security module (HSM). A solutions architect must design a solution to migrate key management to AWS. The solution should allow for key rotation and support the use of customer provided keys.
Where should the key material be stored to meet these requirements?
  • A. Amazon S3
  • B. AWS Secrets Manager
  • C. AWS Systems Manager Parameter store
  • D. AWS Key Management Service (AWS KMS)
#68 (Accuracy: 100% / 1 votes)
A recent analysis of a company's IT expenses highlights the need to reduce backup costs. The company's chief information officer wants to simplify the on- premises backup infrastructure and reduce costs by eliminating the use of physical backup tapes. The company must preserve the existing investment in the on- premises backup applications and workflows.
What should a solutions architect recommend?
  • A. Set up AWS Storage Gateway to connect with the backup applications using the NFS interface.
  • B. Set up an Amazon EFS file system that connects with the backup applications using the NFS interface.
  • C. Set up an Amazon EFS file system that connects with the backup applications using the iSCSI interface.
  • D. Set up AWS Storage Gateway to connect with the backup applications using the iSCSI-virtual tape library (VTL) interface.
#69 (Accuracy: 90% / 4 votes)
A company's application hosted on Amazon EC2 instances needs to access an Amazon S3 bucket. Due to data sensitivity, traffic cannot traverse the internet.
How should a solutions architect configure access?
  • A. Create a private hosted zone using Amazon Route 53.
  • B. Configure a VPC gateway endpoint for Amazon S3 in the VPC.
  • C. Configure AWS PrivateLink between the EC2 instance and the S3 bucket.
  • D. Set up a site-to-site VPN connection between the VPC and the S3 bucket.
#70 (Accuracy: 100% / 2 votes)
An ecommerce company has noticed performance degradation of its Amazon RDS based web application. The performance degradation is attributed to an increase in the number of read-only SQL queries triggered by business analysts. A solutions architect needs to solve the problem with minimal changes to the existing web application.
What should the solutions architect recommend?
  • A. Export the data to Amazon DynamoDB and have the business analysts run their queries.
  • B. Load the data into Amazon ElastiCache and have the business analysts run their queries.
  • C. Create a read replica of the primary database and have the business analysts run their queries.
  • D. Copy the data into an Amazon Redshift cluster and have the business analysts run their queries.