Amazon Amazon Certifications SAA-C02 Questions & Answers

• Question 311:

  A group requires permissions to list an Amazon S3 bucket and delete objects from that bucket. An administrator has created the following IAM policy to provide access to the bucket and applied that policy to the group. The group is not able to delete objects in the bucket. The company follows least-privilege access rules.

  

  Which statement should a solutions architect add to the policy to correct bucket access?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: C

• Question 312:

  A company previously migrated its data warehouse solution to AWS. The company also has an AWS Direct Connect connection. Corporate office users query the data warehouse using a visualization tool. The average size of a query returned by the data warehouse is 50 MB and each webpage sent by the visualization tool is approximately 500 KB. Result sets returned by the data warehouse are not cached.

  Which solution provides the LOWEST data transfer egress cost for the company?

  A. Host the visualization tool on premises and query the data warehouse directly over the internet.

  B. Host the visualization tool in the same AWS Region as the data warehouse. Access it over the internet.

  C. Host the visualization tool on premises and query the data warehouse directly over a Direct Connect connection at a location in the same AWS Region.

  D. Host the visualization tool in the same AWS Region as the data warehouse and access it over a Direct Connect connection at a location in the same Region.

  Correct Answer: D

• Question 313:

  A company is hosting multiple websites for several lines of business under its registered parent domain. Users accessing these websites will be routed to appropriate backend Amazon EC2 instances based on the subdomain. The websites host static webpages, images, and server-side scripts like PHP and JavaScript.

  Some of the websites experience peak access during the first two hours of business with constant usage throughout the rest of the day. A solutions architect needs to design a solution that will automatically adjust capacity to these traffic patterns while keeping costs low.

  Which combination of AWS services or features will meet these requirements? (Select TWO.)

  A. AWS Batch

  B. Network Load Balancer

  C. Application Load Balancer

  D. Amazon EC2 Auto Scaling

  E. Amazon S3 website hosting

  Correct Answer: DE

• Question 314:

  A company uses Amazon Redshift for its data warehouse. The company wants to ensure high durability for its data in case of any component failure.

  What should a solutions architect recommend?

  A. Enable concurrency seating.

  B. Enable cross-Region snapshots.

  C. Increase the data retention period.

  D. Deploy Amazon Redshift in Multi-AZ.

  Correct Answer: D

• Question 315:

  A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining standard security controls. Because the individual developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified.

  Which action meets these requirements?

  A. Create an IAM policy that prohibits changes to CloudTrail, and attach it to the root user.

  B. Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled.

  C. Create a service control policy (SCP) the prohibits changes to CloudTrail, and attach it the developer accounts.

  D. Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the master account.

  Correct Answer: C

• Question 316:

  A company is running an online transaction processing (OLTP) workload on AWS. This workload uses an unencrypted Amazon RDS DB instance in a Multi-AZ deployment. Daily database snapshots are taken from this instance.

  What should a solutions architect do to ensure the database and snapshots are always encrypted moving forward?

  A. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot.

  B. Create a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the snapshots lo it. Enable encryption on the DB instance.

  C. Copy the snapshots and enable encryption using AWS Key Management Service (AWS KMS).Restore encrypted snapshot to an existing DB instance.

  D. Copy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS).

  Correct Answer: A

• Question 317:

  A company has a dynamic web application hosted on two Amazon EC2 instances. The company has its own SSL certificate, which is on each instance to perform SSL termination. There has been an increase in traffic recently, and the

  operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit.

  What should a solutions architect do to increase the application's performance?

  A. Create a new SSL certificate using AWS Certificate Manager (ACM). Install the ACM certificate on each instance.

  B. Create an Amazon S3 bucket. Migrate the SSL certificate to the S3 bucket. Configure the EC2 instances to reference the bucket for SSL termination.

  C. Create another EC2 instance as a proxy server. Migrate the SSL certificate to the new instance and configure it to direct connections to the existing EC2 instances.

  D. Import the SSL certificate into AWS Certificate Manager (ACM). Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM.

  Correct Answer: D

• Question 318:

  A company runs a static website through its on-premises data center. The company has multiple servers mat handle all of its traffic, but on busy days, services are interrupted and the website becomes unavailable. The company wants to expand its presence globally and plans to triple its website traffic.

  What should a solutions architect recommend to meet these requirements?

  A. Migrate the website content to Amazon S3 and host the website on Amazon CloudFront.

  B. Migrate the website content to Amazon EC2 instances with public Elastic IP addresses in multiple AWS Regions.

  C. Migrate the website content to Amazon EC2 instances and vertically scale as the load increases.

  D. Use Amazon Route 53 to distribute the loads across multiple Amazon CloudFront distributions for each AWS Region that exists globally.

  Correct Answer: D

  Amazon CloudFront is a global Content Delivery Network (CDN), which will host your website on a global network of edge servers, helping users load your website more quickly. When requests for your website content come through, they are automatically routed to the nearest edge location, closest to where the request originated from, so your content is delivered to your end user with the best possible performance.

• Question 319:

  A company is developing a mobile game that streams score updates to a backend processor and then posts results on a leaderboard. A solutions architect needs to design a solution that can handle large traffic spikes, process the mobile game updates in order of receipt, and store the processed updates in a highly available database. The company also wants to minimize the management overhead required to maintain the solution.

  What should the solutions architect do to meet these requirements?

  A. Push score updates to Amazon Kinesis Data Streams. Process the updates in Kinesis Data Streams with AWS Lambda. Store the processed updates in Amazon DynamoDB.

  B. Push score updates to Amazon Kinesis Data Streams. Process the updates with a fleet of Amazon EC2 instances set up for Auto Scaling. Store the processed updates in Amazon Redshifl.

  C. Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe an AWS Lambda function to the SNS topic to process the updates. Store the processed updates in a SOL database running on Amazon EC2.

  D. Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue. Use a fleet of Amazon EC2 instances with Auto Scaling to process the updates in the SQS queue. Store the processed updates in an Amazon RDS Multi-AZ DB instance.

  Correct Answer: A

  https://docs.aws.amazon.com/streams/latest/dev/introduction.html

  You can use Amazon Kinesis Data Streams to collect and process large streams of data records in real time. You can use Kinesis Data Streams for rapid and continuous data intake and aggregation. The type of data used can include IT infrastructure log data, application logs, social media, market data feeds, and web clickstream data. Because the response time for the data intake and processing is in real time, the processing is typically lightweight.

• Question 320:

  A solutions architect is moving the static content from a public website hosted on Amazon EC2 instances to an Amazon S3 bucket. An Amazon CloudFront distribution will be used to deliver the static assets. The security group used by the EC2 instances restricts access to a limited set of IP ranges. Access to the static content should be similarly restricted. Which combination of steps will meet these requirements? (Select TWO.)

  A. Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket policy so that only the OAI can read the objects.

  B. Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group. Associate this new web ACL with the CloudFront distribution.

  C. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the CloudFront distribution.

  D. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the S3 bucket hosting the static content.

  E. Create a new IAM role and associate the role with the distribution. Change the permissions either on the S3 bucket or on the files within the S3 bucket so that only the newly created IAM role has read and download permissions.

  Correct Answer: AB