Amazon SAA-C01 Online Practice Questions and Exam Preparation

Amazon SAA-C01 Online Questions & Answers

• Question 81:

  A Solutions Architect is about to deploy an API on multiple EC2 instances in an Auto Scaling group behind an ELB. The support team has the following operational requirements: 1 They get an alert when the requests per second go over 50,000 2 They get an alert when latency goes over 5 seconds 3 They can validate how many times a day users call the API requesting highly-sensitive data

  Which combination of steps does the Architect need to take to satisfy these operational requirements? (Select two.)

  A. Ensure that CloudTrail is enabled.
  B. Create a custom CloudWatch metric to monitor the API for data access.
  C. Configure CloudWatch alarms for any metrics the support team requires.
  D. Ensure that detailed monitoring for the EC2 instances is enabled.
  E. Create an application to export and save CloudWatch metrics for longer term trending analysis.
  B. Create a custom CloudWatch metric to monitor the API for data access.
  D. Ensure that detailed monitoring for the EC2 instances is enabled.

• Question 82:

  The ______ IAM policy element describes the specific action or actions that will be allowed or denied.

  A. Principal
  B. Action
  C. Vendor
  D. Not Principal
  B. Action

• Question 83:

  A Solutions Architect is developing software on AWS that requires access to multiple AWS services, including an Amazon EC2 instance. This is a security sensitive application, and AWS credentials such as Access Key ID and Secret Access Key need to be protected and cannot be exposed anywhere in the system.

  What security measure would satisfy these requirements?

  A. Store the AWS Access Key ID/Secret Access Key combination in software comments.
  B. Assign an IAM user to the Amazon EC2 instance.
  C. Assign an IAM role to the Amazon EC2 instance.
  D. Enable multi-factor authentication for the AWS root account.
  C. Assign an IAM role to the Amazon EC2 instance.

• Question 84:

  A company uses Amazon S3 for storing a variety of files. A Solutions Architect needs to design a feature that will allow users to instantly restore any deleted files within 30 days of deletion. Which is the MOST cost-efficient solution?

  A. Create lifecycle policies that move the objects to Amazon Glacier and delete them after 30 days.
  B. Enable cross-region replication. Empty the replica bucket every 30 days using an AWS Lambda function.
  C. Enable versioning and create a lifecycle policy to remove expired versions after 30 days.
  D. Enable versioning and MFA Delete. Using a Lambda function, remove MFA delete from objects more than 30 days old.
  D. Enable versioning and MFA Delete. Using a Lambda function, remove MFA delete from objects more than 30 days old.

• Question 85:

  A user is testing a new service that receives location updates from 3,600 rental cars every hour. Which service will collect data and automatically scale to accommodate production workload?

  A. Amazon EC2
  B. Amazon Kinesis Firehose
  C. Amazon EBS
  D. Amazon API Gateway
  D. Amazon API Gateway

• Question 86:

  A Solutions Architect is designing a new application that will be hosted on EC2 instances. This application has the following traffic requirements:

  Accept HTTP(80)/HTTPS(443) traffic from the Internet.

  Accept FTP(21) traffic from the finance team servers at 10.10.2.0/24.

  Which of the following AWS CloudFormation snippets correctly declares inbound security group rules that meet the requirements and prevent unauthorized access to additional services on the instance?

  

  A. B. C.
  C

• Question 87:

  A Solutions Architect is designing an application that will encrypt all data in an Amazon Redshift cluster. Which action will encrypt the data at rest?

  A. Place the Redshift cluster in a private subnet.
  B. Use the AWS KMS Default Customer master key.
  C. Encrypt the Amazon EBS volumes.
  D. Encrypt the data using SSL/TLS.
  B. Use the AWS KMS Default Customer master key.

• Question 88:

  A company wants to create an application that will transmit protected health information (PHI) to thousands of service consumers in different AWS accounts. The application servers will sit in private VPC subnets. The routing for the application must be fault tolerant.

  What should be done to meet these requirements?

  A. Create a VPC endpoint service and grant permissions to specific service consumers to create a connection.
  B. Create a virtual private gateway connection between each pair of service provider VPCs and service consumer VPCs.
  C. Create an internal Application Load Balancer in the service provider VPC and put application servers behind it.
  D. Create a proxy server in the service provider VPC to route requests from service consumers to the application servers.
  A. Create a VPC endpoint service and grant permissions to specific service consumers to create a connection.

• Question 89:

  A Solutions Architect is designing an application that will run on Amazon ECS behind an Application Load Balancer (ALB). For security reasons, the Amazon EC2 host instances for the ECS cluster are in a private subnet. What should be done to ensure that the incoming traffic to the host instances is from the ALB only?

  A. Create network ACL rules for the private subnet to allow incoming traffic on ports 32768 through 61000 from the IP address of the ALB only.
  B. Update the EC2 cluster security group to allow incoming access from the IP address of the ALB only.
  C. Modify the security group used by the EC2 cluster to allow incoming traffic from the security group used by the ALB only.
  D. Enable AWS WAF on the ALB and enable the ECS rule.
  B. Update the EC2 cluster security group to allow incoming access from the IP address of the ALB only.

• Question 90:

  In Amazon IAM, what is the maximum length for a role name?

  A. 128 characters
  B. 512 characters
  C. 64 characters
  D. 256 characters
  C. 64 characters