You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to access software depots and distributions on the Internet for product updates. The depots and distributions are
accessible via third party CONs by their URLs. You want to explicitly deny any other outbound connections from your VPC instances to hosts on the Internet.
Which of the following options would you consider?
A. Configure a web proxy server in your VPC and enforce URL-based rules for outbound access Remove default routes.Does Amazon RDS support SSL encryption for SQL Server DB Instances?
A. Yes, for all supported SQL Server editionsA Lambda function must execute a query against an Amazon RDS database in a private subnet.
Which steps are required to allow the Lambda function to access the Amazon RDS database? (Select two.)
A. Create a VPC Endpoint for Amazon RDS.An Administrator is hosting an application on a single Amazon EC2 instance, which users can access by the public hostname. The administrator is adding a second instance, but does not want users to have to decide between many public hostnames.
Which AWS service will decouple the users from specific Amazon EC2 instances?
A. Amazon SQSAn insurance company stores all documents related to annual policies for the duration of the policies. The documents are created once and then stored until they are required, typically at the end of the policy. A document must be capable of being retrieved immediately. The company is now moving their document management to the AWS Cloud.
Which service should a Solutions Architect recommend as a cost-effective solution that meets the company's requirements?
A. Amazon RDS MySQLA company has gigabytes of web log files stored in an Amazon S3 bucket. A Solutions Architect wants to copy those files into Amazon Redshift for analysis. The company's security policy mandates that data is encrypted at rest both in the Amazon Redshift cluster and the Amazon S3 bucket.
Which process will fulfill the security requirements?
A. Enable server-side encryption on the Amazon S3 bucket. Launch an unencrypted Amazon Redshift cluster. Copy the data into the Amazon Redshift cluster.A Solutions Architect is working on a PCI-compliant architecture that needs to call an external service provider's API. The external provider requires IP whitelisting to verify the calling party. How should the Solutions Architect provide the external party with the IP addresses for whitelisting?
A. Use an API Gateway in proxy mode, and provide the API Gateway's IP address to the external service provider.Your company previously configured a heavily used, dynamically routed VPN connection between your on-premises data center and AWS. You recently provisioned a DirectConnect connection and would like to start using the new connection. After configuring DirectConnect settings in the AWS Console, which of the following options win provide the most seamless transition for your users?
A. Delete your existing VPN connection to avoid routing loops configure your DirectConnect router with the appropriate settings and verity network traffic is leveraging DirectConnect.A customer set up an Amazon VPC with one private subnet and one public subnet with a NAT gateway. The VPC will contain a group of Amazon EC2 instances. All instances will configure themselves at startup by downloading a bootstrap script from an Amazon S3 bucket with a policy that only allows access from the customer's Amazon EC2 instances and then deploys an application through GIT. A Solutions Architect has been asked to design a solution that provides the highest level of security regarding network connectivity to the Amazon EC2 instances.
How should the Architect design the infrastructure?
A. Place the Amazon EC2 instances in the public subnet, with no EIPs; route outgoing traffic through the internet gateway.A company is using an Amazon S3 bucket located in us-west-2 to serve videos to their customers. Their customers are located all around the world and the videos are requested a lot during peak hours. Customers in Europe complain about
experiencing slow downloaded speeds, and during peak hours, customers in all locations report experiencing HTTP 500 errors.
What can a Solutions Architect do to address these issues?
A. Place an elastic load balancer in front of the Amazon S3 bucket to distribute the load during peak hours.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.