Amazon SAA-C02 Online Practice Questions and Exam Preparation

Amazon SAA-C02 Online Questions & Answers

• Question 351:

  A solutions architect is deploying a distributed database on multiple Amazon EC2 instances The database stores all data on multiple instances so it can withstand the loss of an instance The database requires block storage with latency and throughput to support several million transactions per second per server.

  Which storage solution should the solutions architect use?

  A. Amazon EBS
  B. Amazon EC2 instance store
  C. Amazon EFS
  D. Amazon S3
  B. Amazon EC2 instance store

  ---

  Explanation/Reference:

  https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html https://aws.amazon.com/ebs/?ebs-whats-new.sort-by=item.additionalFields.postDateTimeandebs- whats-new.sort-order=desc

  Amazon Elastic Block Store (EBS) is an easy to use, high performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at any scale. A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS. You can choose from five different volume types to balance optimal price and performance. You can achieve single digit-millisecond latency for high performance database workloads such as SAP HANA or gigabyte per second throughput for large, sequential workloads such as Hadoop. You can change volume types, tune performance, or increase volume size without disrupting your critical applications, so you have cost-effective storage when you need it.

• Question 352:

  A company has an application that servers clients that are deployed in more than 20,000 retail storefront locations around the world. The application consists of backend web services that are exposed over HTTPS on port 443. The application

  is hosted on Amazon EC2 instance behind an Application Load balancer (ALB). The retail locations communicate with the web applications over the public internet. The company allows each retail location to register the IP address that the

  retail location has been allocated by its local ISP.

  The company's security team recommends to increase the security of the application endpoint by restricting access to only the IP addresses registered by the retail locations. What should a solutions architect do to meet these requirements?

  A. Associate an AWS WAF web ACL with the ALB. Use IP rule sets on the ALB to filter traffic. Update the IP addresses in the rule to include the registered IP addresses.
  B. Deploy AWS Firewall Manager to manage the ALB. Configure firewall rules to restrict traffic to the ALB. Modify the firewall rules to include the registered IP addresses.
  C. Store the IP addresses in an Amazon DynamicDB table. Configure an AWS Lambda authorization function on the ALB to validate that incoming requests are from the registered IP addresses.
  D. Configure the network ACL on the subnet that contains the public interface of the ALB. Update the ingress rules on the network ACL with entries for each of the registered IP addresses.
  C. Store the IP addresses in an Amazon DynamicDB table. Configure an AWS Lambda authorization function on the ALB to validate that incoming requests are from the registered IP addresses.

• Question 353:

  A company uses Amazon S3 as its object storage solution. The company has thousands of S3 it uses to store data

  Some of the S3 bucket have data that is accessed less frequently than others. A solutions architect found that lifecycle policies are not consistently implemented or are implemented partially. resulting in data being stored in high-cost storage.

  Which solution will lower costs without compromising the availability of objects?

  A. Use S3 ACLs
  B. Use Amazon Elastic Block Store EBS) automated snapshots
  C. Use S3 intelligent-Tiering storage
  D. Use S3 One Zone-infrequent Access (S3 One Zone-IA).
  C. Use S3 intelligent-Tiering storage

  ---

  Explanation/Reference:

• Question 354:

  A company is performing an AWS Well-Architected Framework review of an existing workload deployed on AWS. The review identified a public-facing website running on the same Amazon EC2 instance as a Microsoft Active Directory domain controller that was install recently to support other AWS services. A solutions architect needs to recommend a new design that would improve the security of the architecture and minimize the administrative demand on IT staff. What should the solutions architect recommend?

  A. Use AWS Directory Service to create a managed Active Directory. Uninstall Active Directory on the current EC2 instance.
  B. Create another EC2 instance in the same subnet and reinstall Active Directory on it. Uninstall Active Directory.
  C. Use AWS Directory Service to create an Active Directory connector. Proxy Active Directory requests to the Active domain controller running on the current EC2 instance.
  D. Enable AWS Single Sign-On (AWS SSO) with Security Assertion Markup Language (SAML) 2.0 federation with the current Active Directory controller. Modify the EC2 instance's security group to deny public access to Active Directory.
  A. Use AWS Directory Service to create a managed Active Directory. Uninstall Active Directory on the current EC2 instance.

  ---

  Explanation/Reference:

  AWS Managed Microsoft AD AWS Directory Service lets you run Microsoft Active Directory (AD) as a managed service. AWS Directory Service for Microsoft Active Directory, also referred to as AWS Managed Microsoft AD, is powered by Windows Server 2012 R2. When you select and launch this directory type, it is created as a highly available pair of domain controllers connected to your virtual private cloud (VPC). The domain controllers run in different Availability Zones in a region of your choice. Host monitoring and recovery, data replication, snapshots, and software updates are automatically configured and managed for you. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html

• Question 355:

  A company receives 10 TB of instrumentation data each day from several machines located at a single factory. The data consists of JSON files stored on a storage area network (SAN) in an on- premises data center located within the factory. The company wants to send this data to Amazon S3 where it can be accessed by several additional systems that provide critical near-real-lime analytics. A secure transfer is important because the data is considered sensitive.

  Which solution offers the MOST reliable data transfer?

  A. AWS DataSync over public internet
  B. AWS DataSync over AWS Direct Connect
  C. AWS Database Migration Service (AWS DMS) over public internet
  D. AWS Database Migration Service (AWS DMS) over AWS Direct Connect
  B. AWS DataSync over AWS Direct Connect

  ---

  Explanation/Reference:

  These are some of the main use cases for AWS DataSync: ?Data migration ?Move active datasets rapidly over the network into Amazon S3, Amazon EFS, or FSx for Windows File Server. DataSync includes automatic encryption and data integrity validation to help make sure that your data arrives securely, intact, and ready to use. "DataSync includes encryption and integrity validation to help make sure your data arrives securely, intact, and ready to use." https://aws.amazon.com/datasync/faqs/

• Question 356:

  A company is designing a new application that runs in a VPC on Amazon EC2 instances The application stores data in Amazon S3 and uses Amazon DynamoDB as its database For compliance reasons, the company prohibits all traffic between the EC2 instances and other AWS services from passing over the public internet

  What can a solutions architect do to meet this requirement?

  A. Configure gateway VPC endpoints to Amazon S3 and DynamoDB
  B. Configure interface VPC endpoints to Amazon S3 and DynamoDB
  C. Configure a gateway VPC endpoint to Amazon S3 Configure an interface VPC endpoint to DynamoDB
  D. Configure a gateway VPC endpoint to DynamoDB Configure an interface VPC endpoint to Amazon S3
  A. Configure gateway VPC endpoints to Amazon S3 and DynamoDB

• Question 357:

  A company is testing an application that runs on an Amazon EC2 Linux instance. The instance contains a data volume of 500 GB that consists of a single Amazon Elastic Block Store {Amazon EBS) General Purpose SSD (gp2) volume

  The application is now ready for production use and will be installed on multiple EC2 instances that run m an Auto Scaling group All instances need access to the data that was stored on the 500 GB volume. The company needs a highly available and fault-tolerant solution that does not introduce any significant changes to the applications code

  Which solution meets these requirements''

  A. Provision an EC2 instance with NFS server software that is configured with a single 500 GB gp2 volume
  B. Use an Amazon FSx for Windows File Server file system that is configured as an SMB file store within a single Availability Zone
  C. Migrate the data into an Amazon S3 bucket Use an EC2 instance profile to access the contents of the bucket
  D. Use an Amazon Elastic File System {Amazon EFS) file system that is configured with the General Purpose performance mode
  A. Provision an EC2 instance with NFS server software that is configured with a single 500 GB gp2 volume

• Question 358:

  A law firm needs to share information with the public. The information includes hundreds of files that must be publicly readable. Modifications or deletions of the files by anyone before a designated future date are prohibited.

  Which solution will meet these requirements in the MOST secure way?

  A. Upload all tiles to an Amazon S3 bucket that is configured for static website hosting.Grant read-only IAM permissions to any AWS principals that access the S3 bucket until the designated date.
  B. Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period in accordance with the designated dale. Configure the S3 bucket for static website hosting Set an S3 bucket policy to allow read-only access to the objects.
  C. Create a new Amazon S3 bucket with S3 Versioning enabled Configure an event trigger to run an AWS Lambda function in case of object modification or deletion Configure the Lambda function to replace the objects with the original versions from a private S3 bucket
  D. Upload all files to an Amazon S3 bucket that is configured for static website hosing.Select the folder that contains the files. Use S3 Object Lock with a retention period m accordance with the designated date Grant read-only IAM permissions to any AWS principals that access the S3 bucket
  B. Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period in accordance with the designated dale. Configure the S3 bucket for static website hosting Set an S3 bucket policy to allow read-only access to the objects.

• Question 359:

  A solutions architect is tasked with transferring 750 TB of data from a network-attached file system located at a branch office to Amazon S3 Glacier The solution must avoid saturating the branch office's low-bandwidth internet connection. What is the MOST cost-effective solution?

  A. Create a site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly Create a bucket policy to enforce a VPC endpoint
  B. Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination Create a bucket policy to enforce a VPC endpoint
  C. Mount the network-attached file system to Amazon S3 and copy the files directly. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier
  D. Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier
  D. Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier

  ---

  Explanation/Reference:

  Regional Limitations for AWS Snowball

  The AWS Snowball service has two device types, the standard Snowball and the Snowball Edge. The following table highlights which of these devices are available in which regions.

  

  Limitations on Jobs in AWS Snowball

  The following limitations exist for creating jobs in AWS Snowball:

  For security purposes, data transfers must be completed within 90 days of the Snowball being prepared.

  Currently, AWS Snowball Edge device doesn't support server-side encryption with customer- provided keys (SSE-C). AWS Snowball Edge device does support server-side encryption with Amazon S3anaged encryption keys (SSE-S3) and

  server-side encryption with AWS Key Management Serviceanaged keys (SSE-KMS). For more information, see Protecting Data Using Server-Side Encryption in the Amazon Simple Storage Service Developer Guide. In the US regions,

  Snowballs come in two sizes: 50 TB and 80 TB. All other regions have the 80 TB Snowballs only. If you're using Snowball to import data, and you need to transfer more data than will fit on a single Snowball, create additional jobs. Each export

  job can use multiple Snowballs. The default service limit for the number of Snowballs you can have at one time is 1. If you want to increase your service limit, contact AWS Support. All objects transferred to the Snowball have their metadata

  changed. The only metadata that remains the same is filename and filesize. All other metadata is set as in the following example: -rw- rw-r-- 1 root root [filesize] Dec 31 1969 [path/ filename] Object lifecycle management

  To manage your objects so that they are stored cost effectively throughout their lifecycle, configure

  their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions:

  Transition actions--Define when objects transition to another storage class. For example, you might choose to transition objects to the S3 Standard-IA storage class 30 days after you created them, or archive objects to the S3 Glacier storage

  class one year after creating them. Expiration actions--Define when objects expire. Amazon S3 deletes expired objects on your behalf. The lifecycle expiration costs depend on when you choose to expire objects.

  https://docs.aws.amazon.com/snowball/latest/ug/limits.html

  https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

• Question 360:

  A company wants to design its cloud architecture so that its workloads are resilient, can consistently perform their intended functions correctly, and can recover from failure quickly Which pillar of the AWS Well-Architected Framework does this architecture represent?

  A. Security
  B. Performance efficiency
  C. Operational excellence
  D. Reliability
  C. Operational excellence