A solutions architect is optimizing a website for an upcoming musical event Videos of the performances will be streamed in real time and then will be available on demand The event is expected to attract a global online audience Which service will improve the performance of both the real-time and on-demand streaming?
A. Amazon CloudFrontA computer is reviewing a recent migration of a three-tier application to a VPC. The security team discover that the principle of lest privilege is not being applied to Amazon EC2 security group ingress and egress rules between the application tiers.
What should a solution architect do to connect issue?
A. Create security group rules using the instance ID as the source or destination.A company runs a website on Amazon EC2 instances behind an ELB Application Load Balancer. Amazon Route 53 is used for the DNS. The company wants to set up a backup website with a message including a phone number and email
address that users can reach if the primary website is down.
How should the company deploy this solution?
A. Use Amazon S3 website hosting for the backup website and Route 53 failover routing policy.A company experienced a breach from an attacker on its on-premises network. The attacker launched port scanning, waged on outbound Do5 attack, and performed cryptocurrency mining. The company is moving to AWS to build a more
resilient architecture that monitors and remediates this type the attack on the account level.
How should the company use AWS services to meet these requirements?
A. Enable Amazon GuardDuty to generate findings. Trigger AWS Lambda for automated remediation of identified threats.A company operates a two-tier application for image processing. The application uses two Availability Zones, each with one public subnet and one private subnet. An Application Load Balancer (ALB) for the web tier uses the public subnets. Amazon EC2 instances for the application tier use the private subnets.
Users report that the application is running more slowly than expected. A security audit of the web server log files shows that the application is receiving millions of illegitimate requests from a small number of IP addresses. A solutions architect needs to resolve the immediate performance problem while the company investigates a more permanent solution.
What should the solutions architect recommend to meet this requirement?
A. Modify the inbound security group for the web tier. Add a deny rule for the IP addresses that are consuming resources.A software vendor is deploying a new software-as-a-service (SaaS) solution that will be utilized by many AWS users. The service is hosted in a VPC behind a Network Load Balancer. The software vendor wants to provide access to this service to users with the least amount of administrative overhead and without exposing the service to the public internet What should a solutions architect do to accomplish this goal?
A. Create a peering VPC connection from each user's VPC to the software vendor s VPC.A company's security team requests that network traffic be captured in VPC Flow Logs The logs will be frequently accessed for 90 days and then accessed intermittently What should a solutions architect do to meet these requirements when configuring the logs?
A. Use Amazon CloudWatch as the target. Set the CloudWatch log group with an expiration of 90 days.A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining standard security controls. Because the individual developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified.
Which action meets these requirements?
A. Create an IAM policy that prohibits changes to CloudTrail, and attach it to the root user.A company is launching a new application that will be hosted on Amazon EC2 instances. A solutions architect needs to design a solution that does not allow public IPv4 access that originates from the internet. However, the solution must
allow the EC2 instances to make outbound IPv4 internet requests.
The initial design proposal shows that the EC2 instances would be located in two private subnets across two Availability Zones. The entire architecture must be highly available.
How should the solutions architect change the architecture to meet these requirements?
A. Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure one route table for each private subnet.A company runs an online ticketing application with backend services that run on Amazon EC2 instances. The EC2 instances belong to an Auto Scaling group and run behind an Application Load Balancer. The application experiences periods of high user traffic when a popular event is posted online. The company wants a solution that will be able to handle increases in user traffic without affecting the user experience.
What should a solutions architect do to meet these requirements?
A. Configure a scheduled scaling policy for peak hours with a recurrence schedule set to every day.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.