Amazon Amazon Certifications SAA-C02 Questions & Answers

• Question 211:

  A company has global users accessing an application deployed in different AWS Regions, exposing public static IP addresses. The users are experiencing poor performance when accessing the application over the internet. What should a solutions architect recommend to reduce internet latency?

  A. Set up AWS Global Accelerator and add endpoints.

  B. Set up AWS Direct Connect locations in multiple Regions.

  C. Set up an Amazon CloudFront distribution to access an application.

  D. Set up an Amazon Route 53 geoproximity routing policy to route traffic.

  Correct Answer: A

• Question 212:

  An ecommerce company is running a multi-tier application on AWS. The front-end and backend tiers both run on Amazon EC2. and the database runs on Amazon RDS for MySQL. The backend tier communicates with the RDS instance.

  There are frequent calls to return identical datasets from the database that are causing performance slowdowns.

  Which action should be taken to improve the performance of the backend?

  A. Implement Amazon SNS to store the database calls.

  B. Implement Amazon ElastiCache to cache the large datasets.

  C. Implement an RDS for MySQL read replica to cache database calls.

  D. Implement Amazon Kinesis Data Firehose to stream the calls to the database.

  Correct Answer: B

• Question 213:

  A company's application hosted on Amazon EC2 instances needs to access an Amazon S3 bucket. Due to data sensitivity, traffic cannot traverse the internet How should a solutions architect configure access?

  A. Create a private hosted zone using Amazon Route 53.

  B. Configure a VPC gateway endpoint for Amazon S3 in the VPC.

  C. Configure AWS PrivateLink between the EC2 instance and the S3 bucket.

  D. Set up a site-to-site VPN connection between the VPC and the S3 bucket.

  Correct Answer: B

• Question 214:

  An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

  A. Use a VPC endpoint for DynamoDB.

  B. Use a NAT gateway in a public subnet.

  C. Use a NAT instance in a private subnet.

  D. Use the internet gateway attached to the VPC.

  Correct Answer: A

• Question 215:

  A company hosts its product information webpages on AWS. The existing solution uses multiple Amazon C2 instances behind an Application Load Balancer in an Auto Scaling group. The website also uses a custom DNS name and communicates with HTTPS only using a dedicated SSL certificate. The company is planning a new product launch and wants to be sure that users from around the world have the best possible experience on the new website.

  What should a solutions architect do to meet these requirements?

  A. Redesign the application to use Amazon CloudFront.

  B. Redesign the application to use AWS Elastic Beanstalk.

  C. Redesign the application to use a Network Load Balancer.

  D. Redesign the application to use Amazon S3 static website hosting.

  Correct Answer: A

  What Is Amazon CloudFront? Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined--such as an Amazon S3 bucket, a MediaPackage channel, or an HTTP server (for example, a web server) that you have identified as the source for the definitive version of your content. As an example, suppose that you're serving an image from a traditional web server, not from CloudFront. For example, you might serve an image, sunsetphoto.png, using the URL http:// example.com/sunsetphoto.png. Your users can easily navigate to this URL and see the image. But they probably don't know that their request was routed from one network to another--through the complex collection of interconnected networks that comprise the internet-until the image was found. CloudFront speeds up the distribution of your content by routing each user request through the AWS backbone network to the edge location that can best serve your content. Typically, this is a CloudFront edge server that provides the fastest delivery to the viewer. Using the AWS network dramatically reduces the number of networks that your users' requests must pass through, which improves performance. Users get lower latency--the time it takes to load the first byte of the file-- and higher data transfer rates. You also get increased reliability and availability because copies of your files (also known as objects) are now held (or cached) in multiple edge locations around the world. https://docs.aws.amazon.com/AmazonCloudFront/latest/ DeveloperGuide/Introduction.html

• Question 216:

  A company is performing an AWS Well-Architected Framework review of an existing workload deployed on AWS. The review identified a public-facing website running on the same Amazon EC2 instance as a Microsoft Active Directory domain controller that was install recently to support other AWS services. A solutions architect needs to recommend a new design that would improve the security of the architecture and minimize the administrative demand on IT staff. What should the solutions architect recommend?

  A. Use AWS Directory Service to create a managed Active Directory. Uninstall Active Directory on the current EC2 instance.

  B. Create another EC2 instance in the same subnet and reinstall Active Directory on it. Uninstall Active Directory.

  C. Use AWS Directory Service to create an Active Directory connector. Proxy Active Directory requests to the Active domain controller running on the current EC2 instance.

  D. Enable AWS Single Sign-On (AWS SSO) with Security Assertion Markup Language (SAML) 2.0 federation with the current Active Directory controller. Modify the EC2 instance's security group to deny public access to Active Directory.

  Correct Answer: A

  AWS Managed Microsoft AD AWS Directory Service lets you run Microsoft Active Directory (AD) as a managed service. AWS Directory Service for Microsoft Active Directory, also referred to as AWS Managed Microsoft AD, is powered by Windows Server 2012 R2. When you select and launch this directory type, it is created as a highly available pair of domain controllers connected to your virtual private cloud (VPC). The domain controllers run in different Availability Zones in a region of your choice. Host monitoring and recovery, data replication, snapshots, and software updates are automatically configured and managed for you. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html

• Question 217:

  A user wants to list the IAM role that is attached to their Amazon EC2 instance The user has login access to the EC2 instance but does not have IAM permissions What should a solutions architect do to retrieve this information?

  A. Run the following EC2 command curl http://169.254.169.254/latest/meta-data/iam/info

  B. Run the following EC2 command curl http://169.254.169.254/latest-/user-data/iam/info

  C. Run the following EC2 command http://169.254.169.254/latest/dynamic/instance-idencity/

  D. Run the following AWS CLI command aws iam get-instance-prof lie --instance-profile-name ExamplelnstanceProfile

  Correct Answer: A

• Question 218:

  A solutions architect plans to convert a company's monolithic web application into a multi-tier application. The company wants to avoid managing its own infrastructure. The minimum requirements for the web application are high availability, scalability, and regional low latency during peak hours. The solution should also store and retrieve data with millisecond latency using the application's API.

  Which solution meets these requirements?

  A. Use AWS Fargate to host the web application with backend Amazon RDS Multi-AZ DB instances

  B. Use Amazon API Gateway with an edge-optimized API endpoint, AWS Lambda for compute and Amazon DynamoDB as the data store

  C. Use an Amazon Route 53 routing policy with geolocation that points to an Amazon S3 bucket with static website hosting and Amazon DynamoDB as the data store

  D. Use an Amazon CloudFront distribution that points to an Elastic Load Balancer with an Amazon EC2 Auto Scaling group, along with Amazon RDS Multi-AZ DB instances

  Correct Answer: B

• Question 219:

  A solutions architect must provide a fully managed replacement for an on-premises solution that allows employees and partners to exchange files The solution must be easily accessible to employees connecting from on-premises systems, remote employees, and external partners.

  Which solution meets these requirements?

  A. Use AWS Transfer for SFTP to transfer files into and out of Amazon S3

  B. Use AWS Snowball Edge for local storage and large-scale data transfers

  C. Use Amazon FSx to store and transfer files to make them available remotely

  D. Use AWS Storage Gateway to create a volume gateway to store and transfer files to Amazon S3.

  Correct Answer: A

• Question 220:

  An administrator of a large company wants to monitor for and prevent any cryptocurrency-related attacks on the company"s AWS accounts Which AWS service can the administrator use to protect the company against attacks?

  A. Amazon Cognito

  B. Amazon GuardDuty

  C. Amazon Inspector

  D. Amazon Macie

  Correct Answer: B