Amazon Amazon Certifications SAA-C02 Questions & Answers

• Question 201:

  A company runs multiple Amazon EC2 Linux instances in a VPC with applications that use a hierarchical directory structure. The applications need to rapidly and concurrently read and write to shared storage How can this be achieved?

  A. Create an Amazon EFS file system and mount it from each EC2 instance.

  B. Create an Amazon S3 bucket and permit access from all the EC2 instances in the VPC.

  C. Create a file system on an Amazon EBS Provisioned IOPS SSD (io1) volume. Attach the volume to all the EC2 instances.

  D. Create file systems on Amazon EBS volumes attached to each EC2 instance. Synchronize the Amazon EBS volumes across the different EC2 instances.

  Correct Answer: A

• Question 202:

  A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3. How can a solutions architect ensure that the application has permission to access Amazon S3?

  A. Update the S3 role in AWS IAM to allow read/write access from Amazon ECS, and then relaunch the container.

  B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition.

  C. Create a security group that allows access from Amazon ECS to Amazon S3, and update the launch configuration used by the ECS cluster.

  D. Create an IAM user with S3 permissions, and then relaunch the Amazon EC2 instances for the ECS cluster while logged in as this account.

  Correct Answer: B

• Question 203:

  A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options.

  The storage solution must be highly available and integrated with Active Directory for access control.

  Which solution will satisfy these requirements?

  A. Configure Amazon EFS storage and set the Active Directory domain for authentication.

  B. Create an SMB file share on an AWS Storage Gateway file gateway in two Availability Zones.

  C. Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume.

  D. Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.

  Correct Answer: D

• Question 204:

  A solution architect has created two IAM policies. Policy1 and Policy2 . Both policies are attached to an IAM group.

  

  A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?

  A. Deleting IAM users

  B. Deleting directories

  C. Deleting Amazon EC2 instances

  D. Deleting logs from Amazon CloudWatch Logs

  Correct Answer: C

• Question 205:

  A solutions architect is designing an architecture for a new application that requires low network latency and high network throughput between Amazon EC2 instances. Which component should be included in the architectural design?

  A. An Auto Scaling group with Spot Instance types.

  B. A placement group using a cluster placement strategy.

  C. A placement group using a partition placement strategy.

  D. An Auto Scaling group with On-Demand instance types.

  Correct Answer: B

• Question 206:

  A solutions architect is designing a mission-critical web application. It will consist of Amazon EC2 instances behind an Application Load Balancer and a relational database. The database should be highly available and fault tolerant. Which database implementations will meet these requirements? (Select TWO.)

  A. Amazon Redshift

  B. Amazon DynamoDB

  C. Amazon RDS for MySQL

  D. MySQL-compatible Amazon Aurora Multi-AZ

  E. Amazon RDS for SQL Server Standard Edition Mufti-AZ

  Correct Answer: DE

• Question 207:

  A company delivers files in Amazon S3 to certain users who do not have AWS credentials. These users must be given access for a limited lime. What should a solutions architect do to securely meet these requirements?

  A. Enable public access on an Amazon S3 bucket.

  B. Generate a presigned URL to share with the users.

  C. Encrypt files using AWS KMS and provide keys to the users.

  D. Create and assign IAM roles that will grant GetObject permissions to the users.

  Correct Answer: B

• Question 208:

  An application requires a development environment (DEV) and production environment (PROD) for several years. The DEV instances will run for 10 hours each day during normal business hours, while the PROD instances will run 24 hours each day. A solutions architect needs to determine a compute instance purchase strategy to minimize costs.

  Which solution is the MOST cost-effective?

  A. DEV with Spot Instances and PROD with On-Demand Instances

  B. DEV with On-Demand Instances and PROD with Spot Instances

  C. DEV with Scheduled Reserved Instances and PROD with Reserved Instances

  D. DEV with On-Demand Instances and PROD with Scheduled Reserved Instances

  Correct Answer: C

• Question 209:

  a website on Amazon S3. The website serves petabytes of outbound traffic monthly, which accounts for most of the company's AWS costs. What should a solutions architect do to reduce costs?

  A. Configure Amazon CloudFront with the existing website as the origin.

  B. Move the website to Amazon EC2 with Amazon EBS volumes for storage.

  C. Use AWS Global Accelerator and specify the existing website as the endpoint.

  D. Rearchitect the website to run on a combination of Amazon API Gateway and AWS Lambda.

  Correct Answer: A

• Question 210:

  A solutions architect needs to design a low-latency solution for a static single-page application accessed by users utilizing a custom domain name. The solution must be serverless, encrypted in transit, and cost-effective. Which combination of AWS services and features should the solutions architect use? (Select TWO.)

  A. Amazon S3

  B. Amazon EC2

  C. AWS Fargate

  D. Amazon CloudFront

  E. Elastic Load Balancer

  Correct Answer: AD