A company is running a batch application on Amazon EC2 instances The application consists of a backend with multiple Amazon RDS databases The application is causing a high number of reads on the databases A solutions architect must
reduce the number of database reads while ensuring high availability.
What should the solutions architect do to meet this requirement?
A. Add Amazon RDS read replicas. B. Use Amazon ElastiCache for Redis C. Use Amazon Route 53 DNS caching D. Use Amazon ElastiCache for Memcached
A. Add Amazon RDS read replicas.
Question 182:
A company has NFS servers in an on-premises data center that need to periodically back up small amounts of data to Amazon S3. Which solution meets these requirements and is MOST cost-effective?
A. Set up AWS Glue to copy the data from the on-premises servers to Amazon S3. B. Set up an AWS DataSync agent on the on premises servers, and sync the data to Amazon S3. C. Set up an SFTP sync using AWS Transfer for SFTP to sync data from on premises to Amazon S3. D. Set up an AWS Direct Connect connection between the on-premises data center and a VPC, and copy the data to Amazon S3
C. Set up an SFTP sync using AWS Transfer for SFTP to sync data from on premises to Amazon S3.
Question 183:
A company is running a highly sensitive application on Amazon EC2 backed by an Amazon RDS database Compliance regulations mandate that all personally identifiable information (Pll) be encrypted at rest. Which solution should a solutions architect recommend to meet this requirement with the LEAST amount of changes to the infrastructure?
A. Deploy AWS Certificate Manager to generate certificates Use the certificates to encrypt the database volume B. Deploy AWS CloudHSM, generate encryption keys, and use the customer master key (CMK) to encrypt database volumes C. Configure SSL encryption using AWS Key Management Service customer master keys (AWS KMS CMKs) to encrypt database volumes. D. Configure Amazon Elastic Block Store (Amazon EBS) encryption and Amazon RDS encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance and database volumes
D. Configure Amazon Elastic Block Store (Amazon EBS) encryption and Amazon RDS encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance and database volumes
Question 184:
A company needs to store data in Amazon S3 A compliance requirement states that when any changes are made to objects the previous state of the object with any changes must be preserved Additionally files older than 5 years should not be accessed but need to be archived for auditing What should a solutions architect recommend that is MOST cost-effective?
A. Enable object-level versioning and S3 Object Lock in governance mode B. Enable object-level versioning and S3 Object Lock in compliance mode C. Enable object-level versioning Enable a lifecycle policy to move data older than 5 years to S3 Glacier Deep Archive D. Enable object-level versioning Enable a lifecycle policy to move data older than 5 years to S3 Standard-Infrequent Access (S3 Standard-IA)
C. Enable object-level versioning Enable a lifecycle policy to move data older than 5 years to S3 Glacier Deep Archive
Question 185:
What does elasticity mean to AWS?
A. The ability to scale computing resources up easily, with minimal friction and down with latency. B. The ability to scale computing resources up and down easily, with minimal friction. C. The ability to provision cloud computing resources in expectation of future demand. D. The ability to recover from business continuity events with minimal friction.
B. The ability to scale computing resources up and down easily, with minimal friction.
Question 186:
A company hosts its product information webpages on AWS. The existing solution uses multiple Amazon C2 instances behind an Application Load Balancer in an Auto Scaling group. The website also uses a custom DNS name and communicates with HTTPS only using a dedicated SSL certificate. The company is planning a new product launch and wants to be sure that users from around the world have the best possible experience on the new website.
What should a solutions architect do to meet these requirements?
A. Redesign the application to use Amazon CloudFront. B. Redesign the application to use AWS Elastic Beanstalk. C. Redesign the application to use a Network Load Balancer. D. Redesign the application to use Amazon S3 static website hosting.
A. Redesign the application to use Amazon CloudFront.
Explanation/Reference:
What Is Amazon CloudFront? Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined--such as an Amazon S3 bucket, a MediaPackage channel, or an HTTP server (for example, a web server) that you have identified as the source for the definitive version of your content. As an example, suppose that you're serving an image from a traditional web server, not from CloudFront. For example, you might serve an image, sunsetphoto.png, using the URL http:// example.com/sunsetphoto.png. Your users can easily navigate to this URL and see the image. But they probably don't know that their request was routed from one network to another--through the complex collection of interconnected networks that comprise the internet-until the image was found. CloudFront speeds up the distribution of your content by routing each user request through the AWS backbone network to the edge location that can best serve your content. Typically, this is a CloudFront edge server that provides the fastest delivery to the viewer. Using the AWS network dramatically reduces the number of networks that your users' requests must pass through, which improves performance. Users get lower latency--the time it takes to load the first byte of the file-- and higher data transfer rates. You also get increased reliability and availability because copies of your files (also known as objects) are now held (or cached) in multiple edge locations around the world. https://docs.aws.amazon.com/AmazonCloudFront/latest/ DeveloperGuide/Introduction.html
Question 187:
A company has application running on Amazon EC2 instances in a VPC. One of the applications needs to call an Amazon S3 API to store and read objects. The company's security policies restrict any internet-bound traffic from the
applications.
Which action will fulfill these requirements and maintain security?
A. Configure an S3 interface endpoint. B. Configure an S3 gateway endpoint. C. Create an S3 bucket in a private subnet. D. Create an S3 bucket in the same Region as the EC2 instance.
B. Configure an S3 gateway endpoint.
Question 188:
A company is using Amazon Route 53 latency-based routing to route requests to its UDP- based application for users around the world. The application is hosted on redundant servers in the company's on-premises data centers in the United States. Asia, and Europe. The company's compliance requirements state that the application must be hosted on premises The company wants to improve the performance and availability of the application.
What should a solutions architect do to meet these requirements?
A. Configure throe Network Load Balancers (NLBs) in the three AWS Regions to address the on- premises endpoints Create an accelerator by using AWS Global Accelerator, and register the NLBs as its endpoints. Provide access to the application by using a CNAML that points to the accelerator DNS B. Configure three Application Load Balancers (ALGs) in the three AWS Regions to wireless the on- premises endpoints. Create an accelerator by using AWS Global Accelerator, and register the ALBs as its endpoints Provide access to the application by using a CNAK1L that points to the accelerator UNS C. Configure three Network Load Balancers (NLOs) in the three AWS Regions to address the on- prernises endpoints In Route 53. create ?latency-based record that points to the three NLBs. and use it as an origin for an Amazon CloudFront distribution Provide access to the application by using a CNAML that points to the CloudFront DNS D. Configure three Application Load Balancers (ALBs) in the three AWS Regions to address the on premises endpoint. In Route 53. create a latency based record that points to the three ALUs and use it as an origin for an Amazon CloudFront distribution Provide access to the application by using a CNAMF that points to the CloudFront DNS.
A. Configure throe Network Load Balancers (NLBs) in the three AWS Regions to address the on- premises endpoints Create an accelerator by using AWS Global Accelerator, and register the NLBs as its endpoints. Provide access to the application by using a CNAML that points to the accelerator DNS
Explanation/Reference:
Question 189:
A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3. How can a solutions architect ensure that the application has permission to access Amazon S3?
A. Update the S3 role in AWS IAM to allow read/write access from Amazon ECS, and then relaunch the container. B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition. C. Create a security group that allows access from Amazon ECS to Amazon S3, and update the launch configuration used by the ECS cluster. D. Create an IAM user with S3 permissions, and then relaunch the Amazon EC2 instances for the ECS cluster while logged in as this account.
B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition.
Question 190:
A company is planning to store sensitive documents in an Amazon S3 bucket. The documents must be encrypted al rest. The company wants to manage the underlying keys that are used lor encryption However, the company does not want to manage the encryption and decryption process.
Which solutions will meet these requirements? (Select TWO.)
A. Use server-side encryption with customer-provided encryption keys (SSE-C). B. Use client-side encryption with AWS managed keys. C. Use server-side encryption with S3 managed encryption keys (SSE-S3). D. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) with a key policy document that is 40 KB in size E. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) that the company uploads to AWS KMS.
C. Use server-side encryption with S3 managed encryption keys (SSE-S3). E. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) that the company uploads to AWS KMS.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.