Amazon SAA-C01 Online Practice Questions and Exam Preparation

Amazon SAA-C01 Online Questions & Answers

• Question 211:

  A Solutions Architect needs to allow developers to have SSH connectivity to web servers. The requirements are as follows:

  Limit access to users origination from the corporate network.

  Web servers cannot have SSH access directly from the Internet.

  Web servers reside in a private subnet.

  Which combination of steps must the Architect complete to meet these requirements? (Choose two.)

  A. Create a bastion host that authenticates users against the corporate directory.
  B. Create a bastion host with security group rules that only allow traffic from the corporate network.
  C. Attach an IAM role to the bastion host with relevant permissions.
  D. Configure the web servers' security group to allow SSH traffic from a bastion host.
  E. Deny all SSH traffic from the corporate network in the inbound network ACL.
  A. Create a bastion host that authenticates users against the corporate directory.
  C. Attach an IAM role to the bastion host with relevant permissions.

• Question 212:

  Your system recently experienced down time during the troubleshooting process. You found that a new administrator mistakenly terminated several production EC2 instances. Which of the following strategies will help prevent a similar situation in the future? The administrator still must be able to:

  -launch, start stop, and terminate development resources.

  -

  launch and start production instances.

  A. Create an IAM user, which is not allowed to terminate instances by leveraging production EC2 termination protection.
  B. Leverage resource based tagging along with an IAM user, which can prevent specific users from terminating production EC2 resources.
  C. Leverage EC2 termination protection and multi-factor authentication, which together require users to authenticate before terminating EC2 instances
  D. Create an IAM user and apply an IAM role which prevents users from terminating production EC2 instances.
  B. Leverage resource based tagging along with an IAM user, which can prevent specific users from terminating production EC2 resources.

• Question 213:

  During a review of business applications, a Solutions Architect identifies a critical application with a relational database that was built by a business user and is running on the user's desktop. To reduce the risk of a business interruption, the Solutions Architect wants to migrate the application to a highly available, multi-tiered solution in AWS.

  What should the Solutions Architect do to accomplish this with the LEAST amount of disruption to the business?

  A. Create an import package of the application code for upload to AWS Lambda, and include a function to create another Lambda function to migrate data into an Amazon RDS database
  B. Create an image of the user's desktop, migrate it to Amazon EC2 using VM Import, and place the EC2 instance in an Auto Scaling group
  C. Pre-stage new Amazon EC2 instances running the application code on AWS behind an Application Load Balancer and an Amazon RDS Multi-AZ DB instance
  D. Use AWS DMS to migrate the backend database to an Amazon RDS Multi-AZ DB instance. Migrate the application code to AWS Elastic Beanstalk
  B. Create an image of the user's desktop, migrate it to Amazon EC2 using VM Import, and place the EC2 instance in an Auto Scaling group

• Question 214:

  An organization is currently hosting a large amount of frequently accessed data consisting of key-value pairs and semi-structured documents in their data center. They are planning to move this data to AWS.

  Which of one of the following services MOST effectively meets their needs?

  A. Amazon Redshift
  B. Amazon RDS
  C. Amazon DynamoDB
  D. Amazon Aurora
  C. Amazon DynamoDB

• Question 215:

  An administrator is using Amazon CloudFormation to deploy a three tier web application that consists of a web tier and application tier that will utilize Amazon DynamoDB for storage when creating the CloudFormation template which of the following would allow the application instance access to the DynamoDB tables without exposing API credentials?

  A. Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and associate the Role to the application instances by referencing an instance profile.
  B. Use the Parameter section in the Cloud Formation template to nave the user input Access and Secret Keys from an already created IAM user that has me permissions required to read and write from the required DynamoDB table.
  C. Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and reference the Role in the instance profile property of the application instance.
  D. Create an identity and Access Management user in the CloudFormation template that has permissions to read and write from the required DynamoDB table, use the GetAtt function to retrieve the Access and secret keys and pass them to the application instance through user-data.
  C. Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and reference the Role in the instance profile property of the application instance.

• Question 216:

  A company is launching a dynamic website, and the Operations team expects up to 10 times the traffic on the launch date. This website is hosted on Amazon EC2 instances and traffic is distributed by Amazon Route 53. A Solutions Architect must ensure that there is enough backend capacity to meet user demands. The Operations team wants to scale down as quickly as possible after the launch.

  What is the MOST cost-effective and fault-tolerant solution that will meet the company's customer demands? (Choose two.)

  A. Set up an Application Load Balancer to distribute traffic to multiple EC2 instances
  B. Set up an Auto Scaling group across multiple Availability Zones for the website, and create scale-out and scale-in policies
  C. Create an Amazon CloudWatch alarm to send an email through Amazon SNS when EC2 instances experience higher loads
  D. Create an AWS Lambda function to monitor website load time, run it every 5 minutes, and use the AWS SDK to create a new instance if website load time is longer than 2 seconds
  E. Use Amazon CloudFront to cache the website content during launch and set a TTL for cache content to expire after the launch date
  A. Set up an Application Load Balancer to distribute traffic to multiple EC2 instances
  E. Use Amazon CloudFront to cache the website content during launch and set a TTL for cache content to expire after the launch date

• Question 217:

  A company is developing a new stateless web service with low memory requirements. The service needs to scale based on demand. What is the MOST cost-effective solution?

  A. Deploy the application onto AWS Elastic Beanstalk
  B. Deploy the application onto AWS Lambda with access through Amazon API Gateway
  C. Deploy the application onto an Amazon EC2 Spot Fleet
  D. Deploy the application onto a container with an Amazon ECS EC2 launch type
  C. Deploy the application onto an Amazon EC2 Spot Fleet

• Question 218:

  A company has an application that stores sensitive data. The company is required by government regulations to store multiple copies of its data. What would be the MOST resilient and cost-effective option to meet this requirement?

  A. Amazon EFS
  B. Amazon RDS
  C. AWS Storage Gateway
  D. Amazon S3
  D. Amazon S3

• Question 219:

  A Solutions Architect is designing a web application that is running on an Amazon EC2 instance. The application stores data in DynamoDB. The Architect needs to secure access to the DynamoDB table. What combination of steps does AWS recommend to achieve secure authorization? (Select two.)

  A. Store an access key on the Amazon EC2 instance with rights to the Dynamo DB table.
  B. Attach an IAM user to the Amazon EC2 instance.
  C. Create an IAM role with permissions to write to the DynamoDB table.
  D. Attach an IAM role to the Amazon EC2 instance.
  E. Attach an IAM policy to the Amazon EC2 instance.
  A. Store an access key on the Amazon EC2 instance with rights to the Dynamo DB table.
  C. Create an IAM role with permissions to write to the DynamoDB table.

• Question 220:

  A website keeps a record of user actions using a globally unique identifier (GIUD) retrieved from Amazon Aurora in place of the user name within the audit record. Security protocols state that the GUID content must not leave the company's

  Amazon VPC.

  As the web traffic has increased, the number of web servers and Aurora read replicas has also increased to keep up with the user record reads for the GUID.

  What should be done to reduce the number of read replicas required while improving performance?

  A. Keep the user name and GUID in memory on the web server instance so that the association can be remade on demand. Remove the record after 30 minutes.
  B. Deploy a Amazon ElastiCache for Redis server into the infrastructure and store the user name and GUID there. Retrieve GUID from ElastiCache when required.
  C. Encrypt the GUID using Base64 and store it in the user's session cookie. Decrypt the GUID when an audit record is needed.
  D. Change the GUID to an MD5 hash of the user name, so that the value can be calculated on demand without referring to the database.
  B. Deploy a Amazon ElastiCache for Redis server into the infrastructure and store the user name and GUID there. Retrieve GUID from ElastiCache when required.