A solutions architect is designing a high performance computing (HPC) workload on Amazon EC2 The EC2 instances need to communicate to each other frequently and require network performance with low latency and high throughput Which EC2 configuration meets these requirements'?
A. Launch the EC2 instances in a cluster placement group in one Availability Zone B. Launch the EC2 instances in a spread placement group in one Availability Zone C. Launch the EC2 instances in an Auto Scaling group in two Regions and peer the VPCs D. Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones
A. Launch the EC2 instances in a cluster placement group in one Availability Zone
Explanation/Reference:
Placement groups When you launch a new EC2 instance, the EC2 service attempts to place the instance in such a way that all of your instances are spread out across underlying hardware to minimize correlated failures. You can use placement groups to influence the placement of a group of interdependent instances to meet the needs of your workload. Depending on the type of workload. Cluster ?packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
Question 32:
A company has a corporate network on premises and has three VPCs in the AWS Cloud. The company has one VPC each for development, test, and, production. The company wants its system administrators to security gain remote command-line access from the corporate network to Amazon EC2 instances in the VPCs.
Which solution meets these requirements MOST cost-effectively?
A. Set up a VPN connection between the corporate network and each of the three VPCs by using AWS VPN Use Remote Desktop Protocol (RDP) or SSH over the VPN connection to access the EC2 instances remotely. B. Configure the EC2 instances to use an instance profile that trusts AWS Systems Manager Use Systems Manager Session Manager to gain console access to the EC2 instances C. Create a new VPC Purchase and install a virtual router from AWS Marketplace Establish a VPN connection from the corporate network to this router. Establish another VPN connection from the 'outer to the other three VPCs Use Remote Desktop Protocol (RDP) or SSH over the VPN connection to access the EC2 instances remotely. D. Create a new VPC Establish a VPN connection to the new VPC. Configure peering connections between the new VPC and the existing VPCs In the new VPC create an EC2 bastion host to serve as a jump box lo EC2 instances in the other VPCs Use Remote Desktop Protocol (RDP) or SSH over the VPN connection to the bastion host
A. Set up a VPN connection between the corporate network and each of the three VPCs by using AWS VPN Use Remote Desktop Protocol (RDP) or SSH over the VPN connection to access the EC2 instances remotely.
Question 33:
A company provides a three-tier web application to its customers Each customer has an AWS account in which the application is deployed, and these accounts are members of the company's organization in AWS Organizations To protect its customers' AWS accounts and applications the company wants to monitor them for unusual and unexpected behavior The company needs to analyze and monitor customer VPC Flow Logs. AWS CloudTrail logs, and DNS logs What should a solutions architect do to meet these requirements?
A. Designate an account in the organization as the AWS Shield master account Enable Shield and Shield logs in every account, and invite the accounts to join the Shield master account Analyze Shield findings m the Shield master account B. Designate an account in the organization as the Amazon GuardDuty master account Enable GuardDuty in every account and invite the accounts to join the GuardDuty master account Analyze GuardDuty findings in the GuardDuty master account C. Designate an account in the organization as the AWS WAF master account Enable AWS WAF and AWS WAF logs in every account and invite the accounts to join the AWS WAF master account Analyze AWS WAF logs in the AWS WAF master account D. Designate an account in the organization as the AWS Resource Access Manager (AWS RAM) master account Enable AWS RAM in every account, and invite the accounts to join the AWS RAM master account Analyze AWS RAM logs in the AWS RAM master account
B. Designate an account in the organization as the Amazon GuardDuty master account Enable GuardDuty in every account and invite the accounts to join the GuardDuty master account Analyze GuardDuty findings in the GuardDuty master account
Question 34:
An online retailer has a series of flash sales occurring every Friday Sales Traffic will increase during the sales only and the platform will handle the increased load. The platform is a three-tier application. The web tier runs on Amazon EC2
instances behind an Application Load Balancer. Amazon CloudFront is used to reduce web server load, but many requests for dynamic content must go to the web servers.
What should be done to the web tier to reduce costs without impacting performance or reliability?
A. Use T-series instances B. Purchase scheduled Reserved instances. C. Implement Amazon ElasticCache D. Use Spot instances.
A. Use T-series instances
Question 35:
A solutions architect is creating an application. The application will run on Amazon EC2 instances in private subnets across multiple Availability Zones in a VPC. The EC2 instances will frequently access large files that contain confidential information. These files are stored in Amazon S3 buckets for processing. The solutions architect must optimize the network architecture to minimize data transfer costs.
What should the solutions architect do to meet these requirements?
A. Create a gateway endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the gateway endpoint. B. Create a single NAT gateway in a public subnet. In the route tables for the private subnets, add a default route that points to the NAT gateway. C. Create an AWS PrivateLink interface endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the interface endpoint. D. Create one NAT gateway for each Availability Zone in public subnets. In each of the route tables for the private subnets, add a default route that points to the NAT gateway in the same Availability Zone.
D. Create one NAT gateway for each Availability Zone in public subnets. In each of the route tables for the private subnets, add a default route that points to the NAT gateway in the same Availability Zone.
A company is designing a distributed application to optimize its global supply chain and manufacturing process. The company has facilities near the us east-1 Region, the eu-west- 1 Region and the ap-south 1 Region. According to the application requirements, orders that are booked in one Region must be visible in the other two Regions in 1 second or less. The database must be able to support failover with a recovery time objective (RTO) of less than 5 minutes. The application must avoid downtime so that the manufacturing process is not negatively affected
Which solution meets these requirements?
A. Use Amazon DynamoDB to invoke an AWS Lambda function B. Use an Amazon Aurora global database C. Use Amazon RDS for MySQL with a cross-Region read replica D. Use Amazon RDS for PostgreSQL with a cross-Region read replica.
A. Use Amazon DynamoDB to invoke an AWS Lambda function
Question 37:
A company has an automobile sales website that stores its listings in an database on Amazon RDS When an automobile is sold, the listing needs to be removed from the website and the data must be sent to multiple target systems.
Which design should a solutions architect recommend?
A. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) queue for the targets to consume. B. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume C. Subscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics Use AWS Lambda functions to update the targets D. Subscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues Use AWS Lambda functions to update the targets
D. Subscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues Use AWS Lambda functions to update the targets
Explanation/Reference:
Question 38:
A medical records company is hosting an application on Amazon EC2 instances. The application processes customer data files that are stored on Amazon S3. The EC2 instc The EC2 instances access Amazon S3 over the internet, but they
do not require any other network access.
A new requirement mandates that the network traffic for file transfers take a private route and not be sent over the internet.
Which change to the network architecture should a solutions architect recommend to meet this requirement?
A. Create a NAT gateway. Configure the route table for the public subnets to send traffic to Amazon S3 through the NAT gateway. B. Configure the security group for the EC2 instances to restrict outbound traffic so that only traffic to the S3 prefix list is permitted. C. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets. D. Remove the internet gateway from the VPC. Set up an AWS Direct Connect connection, and route traffic to Amazon S3 over the Direct Connect connection.
C. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets.
Question 39:
An operations team has a standard that states IAM policies should not be applied directly to users. Some new members have not been following this standard. The operation manager needs a way to easily identify the users with attached
policies.
What should a solutions architect do to accomplish this?
A. Monitor using AWS CloudTrail B. Create an AWS Config rule to run daily C. Publish IAM user changes lo Amazon SNS D. Run AWS Lambda when a user is modified
C. Publish IAM user changes lo Amazon SNS
Question 40:
A company hosts a static website on-premises and wants to migrate the website to AWS The website should load as quickly as possible for users around the world The company also wants the most cost- effective solution What should a solutions architect do to accomplish this?
A. Copy the website content to an Amazon S3 bucket Configure the bucket to serve static webpage content Replicate the S3 bucket to multiple AWS Regions B. Copy the website content to an Amazon S3 bucket Configure the bucket to serve static webpage content Configure Amazon CloudFront with the S3 bucket as the origin C. Copy the website content to an Amazon EBS-backed Amazon EC2 instance running Apache HTTP Server Configure Amazon Route 53 geolocation routing policies to select the closest origin D. Copy the website content to multiple Amazon EBS-backed Amazon EC2 instances running Apache HTTP Server in multiple AWS Regions Configure Amazon CloudFront geolocation routing policies to select the closest origin
B. Copy the website content to an Amazon S3 bucket Configure the bucket to serve static webpage content Configure Amazon CloudFront with the S3 bucket as the origin
Explanation/Reference:
What Is Amazon CloudFront?
Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers
called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.
Using Amazon S3 Buckets for Your Origin
When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront to deliver in an Amazon S3 bucket. You can use any method that is supported by Amazon S3 to get your objects into Amazon S3, for example, the Amazon S3 console or API, or a third-party tool. You can create a hierarchy in your bucket to store the objects, just as you would with any other Amazon S3 bucket. Using an existing Amazon S3 bucket as your CloudFront origin server doesn't change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects at the standard Amazon S3 price. You incur regular Amazon S3 charges for storing the objects in the bucket.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.