Amazon SAA-C02 Online Practice Questions and Exam Preparation

Amazon SAA-C02 Online Questions & Answers

• Question 261:

  To meet security requirements, a company needs to encrypt all of its application data in transit while communicating with an Amazon RDS MySQL DB instance A recent security audit revealed that encryption al rest is enabled using AWS Key Management Service (AWS KMS). but data in transit Is not enabled

  What should a solutions architect do to satisfy the security requirements?

  A. Enable IAM database authentication on the database.
  B. Provide self-signed certificates, Use the certificates in all connections to the RDS instance
  C. Take a snapshot of the RDS instance Restore the snapshot to a new instance with encryption enabled
  D. Download AWS-provided root certificates Provide the certificates in all connections to the RDS instance
  C. Take a snapshot of the RDS instance Restore the snapshot to a new instance with encryption enabled

  ---

  Explanation/Reference:

  https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html#Ov erview.Encryption.Enabling

• Question 262:

  A company runs its two-tier ecommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2 instances require internet access to complete payment processing of orders through a third-party web service. The application must be highly available.

  Which combination of configuration options will meet these requirements? (Choose two.)

  A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.
  B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.
  C. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones. Deploy an RDS Multi-AZ DB instance in private subnets.
  D. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnet.
  E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets.
  A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.
  E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets.

  ---

  Explanation/Reference:

• Question 263:

  An image-hosting company stores its objects in Amazon S3 buckets. The company wants to avoid accidental exposure of the objects in the S3 buckets to the public. All S3 objects in the entire AWS account need to remain private.

  Which solution will meet these requirements?

  A. Use Amazon GuardDuty to monitor S3 bucket policies. Create an automatic remediation action rule that uses an AWS Lambda function to remediate any change that makes the objects public.
  B. Use AWS Trusted Advisor to find publicly accessible S3 buckets. Configure email notifications in Trusted Advisor when a change is detected. Manually change the S3 bucket policy if it allows public access.
  C. Use AWS Resource Access Manager to find publicly accessible S3 buckets. Use Amazon Simple Notification Service (Amazon SNS) to invoke an AWS Lambda function when a change is detected. Deploy a Lambda function that programmatically remediates the change.
  D. Use the S3 Block Public Access feature on the account level. Use AWS Organizations to create a service control policy (SCP) that prevents IAM users from changing the setting. Apply the SCP to the account.
  A. Use Amazon GuardDuty to monitor S3 bucket policies. Create an automatic remediation action rule that uses an AWS Lambda function to remediate any change that makes the objects public.

  ---

  Explanation/Reference:

  Reference: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-ug.pdf

• Question 264:

  The following IAM policy is attached to an IAM group. This is the only policy applied to the group.

  

  What are the effective IAM permissions of this policy for group members?

  A. Group members are permitted any Amazon EC2 action within the uss-east-1 Region. Statements after The Allow permission are not applied
  B. Group member are denied any Amazon EC2 permissions in the us-east-1 Region unless they are tagged in with multi-factor authentication (MFA).
  C. Group members are allowed the ec2:StopInstances and ec2:Terminatelnstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members authorized any other Amazon EC2 action.
  D. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Groups are permitted any other Amazon EC2 action within the us-east-1 Region
  D. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Groups are permitted any other Amazon EC2 action within the us-east-1 Region

  ---

  Explanation/Reference:

  By default, AWS Identity and Access Management (IAM) users don't have permission to create or modify Amazon EC2 resources, or perform tasks using the Amazon EC2 API. To allow IAM users to create or modify resources and perform tasks, you must create IAM policies that grant IAM users permissions for the specific resources and API actions they'll need to use, and then attach those policies to the IAM users or groups that require those permissions.

  https://docs.aws.amazon.com/AWSEC2/latest/APIReference/ec2-api-permissions.html

• Question 265:

  A company needs to implement a relational database with a multi-Region disaster recovery Recovery Point Objective (RPO) of 1 second and an Recovery Time Objective (RTO) of 1 minute. Which AWS solution can achieve this?

  A. Amazon Aurora Global Database
  B. Amazon DynamoDB global tables.
  C. Amazon RDS for MySQL with Multi-AZ enabled.
  D. Amazon RDS for MySQL with a cross-Region snapshot copy.
  A. Amazon Aurora Global Database

  ---

  Explanation/Reference:

• Question 266:

  A company hosts its multi-tier applications on AWS. For compliance, governance, auditing, and security, the company must track configuration changes on its AWS resources and record a history of API calls made to these resources What should a solutions architect do to meet these requirements?

  A. Use AWS CloudTrail to track configuration changes and AWS Config to record API calls
  B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls
  C. Use AWS Config to track configuration changes and Amazon CloudWatch to record API calls
  D. Use AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls
  B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls

• Question 267:

  A company stores can wordings on a monthly basis Users access lie recorded files randomly within 1year of recording, but users rarely access the files after 1year. The company wants to optimize its solution by allowing only files that ant newer than 1year old to be queried and retrieved as quickly as possible. A delay in retrieving older fees is acceptable

  Which solution meets these requirements MOST cost-effectively?

  A. Store individual files in Amazon S3 Glacier Store search metadata in object tags that are created in S3 Glacier Query the S3 Glacier tags to retrieve the files from S3 Glacier.
  B. Store individual files in Amazon S3. Use S3 Lifecycle polices to move the ties to S3 Glacier after 1year. Query and retrieve the files that are in Amazon S3 by using Amazon Athena. Query and retrieve the files that are in S3 Glacier by using S3 Glacier Select.
  C. Store Individual files In Amazon S3 Store search metadata for each archive In Amazon S3 Use S3 Lifecycle policies to move the ties to S3 Glacier after 1 year Query and retrieve tie flies by searching for metadata from Amazon S3.
  D. Store individual files in Amazon S3 Use S3 Lifecycle policies to move the files to S3 Glacier after 1year. Store search metadata in Amazon RDS Query the Sea from Amazon RDS Retrieve the files from Amazon S3 or S3 Glacier
  D. Store individual files in Amazon S3 Use S3 Lifecycle policies to move the files to S3 Glacier after 1year. Store search metadata in Amazon RDS Query the Sea from Amazon RDS Retrieve the files from Amazon S3 or S3 Glacier

• Question 268:

  A company is using Amazon Redshift for analytics and to generate customer reports. The company recently acquired 50 TB of additional customer demographic data. The data is stored in .csv files in Amazon S3. The company needs a solution that joins the data and visualizes the results with the least possible cost and effort.

  What should a solutions architect recommend to meet these requirements?

  A. Use Amazon Redshift Spectrum to query the data in Amazon S3 directly and join that data with the existing data in Amazon Redshift. Use Amazon QuickSight to build the visualizations.
  B. Use Amazon Athena to query the data in Amazon S3. Use Amazon QuickSight to join the data from Athena with the existing data in Amazon Redshift and to build the visualizations.
  C. Increase the size of the Amazon Redshift cluster, and load the data from Amazon S3. Use Amazon EMR Notebooks to query the data and build the visualizations in Amazon Redshift.
  D. Export the data from the Amazon Redshift cluster into Apache Parquet files in Amazon S3. Use Amazon Elasticsearch Service (Amazon ES) to query the data. Use Kibana to visualize the results.
  A. Use Amazon Redshift Spectrum to query the data in Amazon S3 directly and join that data with the existing data in Amazon Redshift. Use Amazon QuickSight to build the visualizations.

• Question 269:

  An online gaming company is designing a game that is expected to be popular all over the world. A solutions architect needs to define an AWS Cloud architecture that supports near-real-time recording and displaying of current game statistics for each player, along with the names of the top 25 players in the world, at any given time.

  Which AWS database solution and configuration should the solutions architect use to meet these requirements?

  A. Use Amazon RDS for MySQL as the data store for player activity. Configure the RDS DB instance for Multi-AZ support.
  B. Use Amazon DynamoDB as the data store for player activity. Configure DynamoDB Accelerator (DAX) for the player data.
  C. Use Amazon DynamoDB as the data store for player activity. Configure global tables in each required AWS Region for the player data.
  D. Use Amazon RDS for MySQL as the data store for player activity. Configure cross-Region read replicas in each required AWS Region based on player proximity.
  B. Use Amazon DynamoDB as the data store for player activity. Configure DynamoDB Accelerator (DAX) for the player data.

  ---

  Explanation/Reference:

• Question 270:

  A company is designing an application that will run on an AWS Lambda function within a VPC Gateway API will invoke the Lambda function. A solution architect needs to recommend an Amazon CloudWatch solution that developers can use to identify the users who are generating the most network traffic.

  Which solution will meet these requirements?

  A. Configure CloudWatch Lambds insights Examine the network usage graph by using the multi -function view In the performance dashboard.
  B. Create a canary in CloudWatch Synthetics. Turn on active tracing Review the network usage graph in the Monitoring tab of the canary.
  C. Configure VPC How logs to stream to CloudWatch Logs. Create a CloudWatch Contributor Insights rule from the sample blueprint.
  D. Add The application to CloudWatch Application instants View the graph for top network users in the dashboard that Application Insights creates automatically
  C. Configure VPC How logs to stream to CloudWatch Logs. Create a CloudWatch Contributor Insights rule from the sample blueprint.