Amazon Amazon Certifications SAA-C02 Questions & Answers

• Question 191:

  A company currently stores symmetric encryption keys in a hardware security module (HSM). A solution architect must design a solution to migrate key management to AWS. The solution should allow for key rotation and support the use of customer provided keys. Where should the key material be stored to meet these requirements?

  A. Amazon S3

  B. AWS Secrets Manager

  C. AWS Systems Manager Parameter store

  D. AWS Key Management Service (AWS KMS)

  Correct Answer: B

  https://aws.amazon.com/cloudhsm/

• Question 192:

  A company running an on-premises application is migrating the application to AWS to increase its elasticity and availability. The current architecture uses a Microsoft SQL Server database with heavy read activity. The company wants to explore alternate database options and migrate database engines, if needed. Every 4 hours, the development team does a full copy of the production database to populate a test database. During this period, users experience latency. What should a solution architect recommend as replacement database?

  A. Use Amazon Aurora with Multi-AZ Aurora Replicas and restore from mysqldump for the test database.

  B. Use Amazon Aurora with Multi-AZ Aurora Replicas and restore snapshots from Amazon RDS for the test database.

  C. Use Amazon RDS for MySQL with a Multi-AZ deployment and read replicas, and use the standby instance for the test database.

  D. Use Amazon RDS for SQL Server with a Multi-AZ deployment and read replicas, and restore snapshots from RDS for the test database.

  Correct Answer: D

• Question 193:

  A company decides to migrate its three-tier web application from on premises to the AWS Cloud. The new database must be capable of dynamically scaling storage capacity and performing table joins. Which AWS service meets these requirements?

  A. Amazon Aurora

  B. Amazon RDS for SqlServer

  C. Amazon DynamoDB Streams

  D. Amazon DynamoDB on-demand

  Correct Answer: A

• Question 194:

  A company needs to implement a relational database with a multi-Region disaster recovery Recovery Point Objective (RPO) of 1 second and an Recovery Time Objective (RTO) of 1 minute. Which AWS solution can achieve this?

  A. Amazon Aurora Global Database

  B. Amazon DynamoDB global tables.

  C. Amazon RDS for MySQL with Multi-AZ enabled.

  D. Amazon RDS for MySQL with a cross-Region snapshot copy.

  Correct Answer: A

• Question 195:

  A company wants to use an AWS Region as a disaster recovery location for its on-premises infrastructure. The company has 10 TB of existing data, and the on-premise data center has a 1 Gbps internet connection. A solutions architect must find a solution so the company can have its existing data on AWS in 72 hours without transmitting it using an unencrypted channel.

  Which solution should the solutions architect select?

  A. Send the initial 10 TB of data to AWS using FTP.

  B. Send the initial 10 TB of data to AWS using AWS Snowball.

  C. Establish a VPN connection between Amazon VPC and the company's data center.

  D. Establish an AWS Direct Connect connection between Amazon VPC and the company's data center.

  Correct Answer: C

  Q:

  How long does it take to transfer my data?

  Data transfer speed is affected by a number of factors including local network speed, file size, and the speed at which data can be read from your local servers. The end-to-end time to transfer up to 80 TB of data into AWS with Snowball Edge is approximately one week, including the usual shipping and handling time in AWS data centers.

  Q:

  How quickly can I access my exported data?

  We typically start exporting your data within 24 hours of receiving your request, and exporting data can take as long as a week. Once the job is complete and the device is ready, we ship it to you using the shipping options you selected when you created the job.

  (Source: https://aws.amazon.com/snowball/faqs/)

• Question 196:

  A company has a mobile chat application with a data store based in Amazon DynamoDB. Users would like new messages to be read with as little latency as possible. A solutions architect needs to design an optimal solution that requires

  minimal application changes.

  Which method should the solutions architect select?

  A. Configure Amazon DynamoDB Accelerator (DAX) for the new messages table. Update the code to use the DAX endpoint.

  B. Add DynamoDB read replicas to handle the increased read load. Update the application to point to the read endpoint for the read replicas.

  C. Double the number of read capacity units for the new messages table in DynamoDB. Continue to use the existing DynamoDB endpoint.

  D. Add an Amazon ElastiCache for Redis cache to the application stack. Update the application to point to the Redis cache endpoint instead of DynamoDB.

  Correct Answer: A

  https://aws.amazon.com/blogs/database/how-to-increase-performance-while-reducing-costs-by-using-amazon-dynamodb-accelerator-dax-and-aws-lambda/

• Question 197:

  A company wants to host a web application on AWS that will communicate to a database within a VPC. The application should be highly available. What should a solutions architect recommend?

  A. Create two Amazon EC2 instances to host the web servers behind a load balancer, and then deploy the database on a large instance.

  B. Deploy a load balancer in multiple Availability Zones with an Auto Scaling group for the web servers, and then deploy Amazon RDS in multiple Availability Zones.

  C. Deploy a load balancer in the public subnet with an Auto Scaling group for the web servers, and then deploy the database on an Amazon EC2 instance in the private subnet.

  D. Deploy two web servers with an Auto Scaling group, configure a domain that points to the two web servers, and then deploy a database architecture in multiple Availability Zones.

  Correct Answer: D

• Question 198:

  A company has 150 TB of archived image data stored on-premises that needs to be mowed to the AWS Cloud within the next month. The company's current network connection allows up to 100 Mbps uploads for this purpose during the night

  only.

  What is the MOST cost-effective mechanism to move this data and meet the migration deadline?

  A. Use AWS Snowmobile to ship the data to AWS.

  B. Order multiple AWS Snowball devices to ship the data to AWS.

  C. Enable Amazon S3 Transfer Acceleration and securely upload the data.

  D. Create an Amazon S3 VPC endpoint and establish a VPN to upload the data.

  Correct Answer: B

  eg.6 hrs night 6 hrs*60min/hr=360 min 360 min*60 sec/min=21600 sec

  100 Mbps*21600 s=2160000Mb or 2160 Gb or 2.1 TB can only be done

  So,for 150 TB, we can use 2 X Snowball Edge Storage Optimised devices. Size of Snowball Edge Storage Optimised device=80 TB Size of Snowball Edge Compute Optimised device= 40 TB Size of Snowcone =8 TB Size of Snowmobile =100 PB (1 PB=1000 TB)

  Q: How should I choose between Snowmobile and Snowball?

  To migrate large datasets of 10PB or more in a single location, you should use Snowmobile. For datasets less than 10PB or distributed in multiple locations, you should use Snowball. In addition, you should evaluate the amount of available bandwidth in your network backbone. If you have a high speed backbone with hundreds of Gb/s of spare throughput, then you can use Snowmobile to migrate the large datasets all at once. If you have limited bandwidth on your backbone, you should consider using multiple Snowballs to migrate the data incrementally.

• Question 199:

  A company has a website running on Amazon EC2 instances across two Availability Zones. The company is expecting spikes in traffic on specific holidays, and wants to provide a consistent user experience. How can a solutions architect meet this requirement?

  A. Use step scaling.

  B. Use simple scaling.

  C. Use lifecycle hooks.

  D. Use scheduled scaling.

  Correct Answer: D

• Question 200:

  A solution architect has configured the following IAM policy.

  

  Which action will be allowed by the policy?

  A. An AWS Lambda function can be deleted from any network.

  B. An AWS Lambda function can be created from any network.

  C. An AWS Lambda function can be deleted from the 100.220.0.0/20 network

  D. An AWS Lambda function can be deleted from the 220 100.16 0 20 network

  Correct Answer: C