Amazon Amazon Certifications SAA-C02 Questions & Answers

• Question 31:

  A company serves content to its subscribers across the world using an application running on AWS The application has several Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB) Due to a recent change in copyright restrictions the chief information officer (CIO) wants to block access for certain countries Which action will meet these requirements?

  A. Modify the ALB security group to deny incoming traffic from blocked countries.

  B. Modify the security group for EC2 instances to deny incoming traffic from blocked countries.

  C. Use Amazon CloudFront to serve the application and deny access to blocked countries.

  D. Use ALB listener rules to return access denied responses to incoming traffic from blocked countries.

  Correct Answer: C

  https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html "block access for certain countries." You can use geo restriction, also known as geo blocking, to prevent users in specific geographic locations from accessing content that you're distributing through a CloudFront web distribution.

• Question 32:

  A company runs a multi-tier web application that hosts news content The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones and use an Amazon Aurora database. A solutions architect needs to make the application more resilient to periodic increases in request rates.

  Which architecture should the solutions architect implement? (Select TWO )

  A. Add AWS Shield.

  B. Add Aurora Replicas

  C. Add AWS Direct Connect

  D. Add AWS Global Accelerator.

  E. Add an Amazon CloudFront distribution in front of the Application Load Balancer

  Correct Answer: BE

  AWS Global Accelerator Acceleration for latency-sensitive applications Many applications, especially in areas such as gaming, media, mobile apps, and financials, require very low latency for a great user experience. To improve the user experience, Global Accelerator directs user traffic to the application endpoint that is nearest to the client, which reduces internet latency and jitter. Global Accelerator routes traffic to the closest edge location by using Anycast, and then routes it to the closest regional endpoint over the AWS global network. Global Accelerator quickly reacts to changes in network performance to improve your users' application performance. Amazon CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.

  https://docs.aws.amazon.com/global-accelerator/latest/dg/introduction-benefits-of-migrating.html

• Question 33:

  An application runs on Amazon EC2 instances across multiple Availability Zones The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer The application performs best when the CPU utilization of the EC2 instances is at or near 40%.

  What should a solutions architect do to maintain the desired performance across all instances m the group?

  A. Use a simple scaling policy to dynamically scale the Auto Scaling group

  B. Use a target tracking policy to dynamically scale the Auto Scaling group

  C. Use an AWS Lambda function to update the desired Auto Scaling group capacity

  D. Use scheduled scaling actions to scale up and scale down the Auto Scaling group

  Correct Answer: B

  Reference: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html

  "With target tracking scaling policies, you select a scaling metric and set a target value. Amazon EC2 Auto Scaling creates and manages the CloudWatch alarms that trigger the scaling policy and calculates the scaling adjustment based on the metric and the target value. The scaling policy adds or removes capacity as required to keep the metric at, or close to, the specified target value. In addition to keeping the metric close to the target value, a target tracking scaling policy also adjusts to changes in the metric due to a changing load pattern. For example, you can use target tracking scaling to: Configure a target tracking scaling policy to keep the average aggregate CPU utilization of your Auto Scaling group at 40 percent. Configure a target tracking scaling policy to keep the request count per target of your Application Load Balancer target group at 1000 for your Auto Scaling group."

• Question 34:

  An application running on AWS uses an Amazon Aurora Multi-AZ deployment for its database When evaluating performance metrics, a solutions architect discovered that the database reads are causing high I/O and adding latency to the write requests against the database What should the solutions architect do to separate the read requests from the write requests?

  A. Enable read-through caching on the Amazon Aurora database

  B. Update the application to read from the Multi-AZ standby instance

  C. Create a read replica and modify the application to use the appropriate endpoint

  D. Create a second Amazon Aurora database and link it to the primary database as a read replica.

  Correct Answer: C

  Amazon RDS Read Replicas provide enhanced performance and durability for RDS database (DB) instances. They make it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas can also be promoted when needed to become standalone DB instances. Read replicas are available in Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server as well as Amazon Aurora. For the MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server database engines, Amazon RDS creates a second DB instance using a snapshot of the source DB instance. It then uses the engines' native asynchronous replication to update the read replica whenever there is a change to the source DB instance. The read replica operates as a DB instance that allows only read-only connections; applications can connect to a read replica just as they would to any DB instance. Amazon RDS replicates all databases in the source DB instance.

  Amazon Aurora futher extends the benefits of read replicas by employing an SSD-backed virtualized storage layer purpose-built for database workloads. Amazon Aurora replicas share the same underlying storage as the source instance, lowering costs and avoiding the need to copy data to the replica nodes. For more information about replication with Amazon Aurora, see the online documentation.

  

  https://aws.amazon.com/rds/features/read-replicas/

• Question 35:

  A company is running an ecommerce application on Amazon EC2 The application consists of a stateless web tier that requires a minimum of 10 instances, and a peak of 250 instances to support the application's usage The application requires 50 instances 80% of the time Which solution should be used to minimize costs?

  A. Purchase Reserved Instances to cover 250 instances

  B. Purchase Reserved Instances to cover 80 instances Use Spot Instances to cover the remaining instances

  C. Purchase On-Demand Instances to cover 40 instances Use Spot Instances to cover the remaining instances

  D. Purchase Reserved Instances to cover 50 instances Use On-Demand and Spot Instances to cover the remaining instances

  Correct Answer: D

  Reserved Instances Having 50 EC2 RIs provide a discounted hourly rate and an optional capacity reservation for EC2 instances. AWS Billing automatically applies your RI's discounted rate when attributes of EC2 instance usage match attributes of an active RI. If an Availability Zone is specified, EC2 reserves capacity matching the attributes of the RI. The capacity reservation of an RI is automatically utilized by running instances matching these attributes. You can also choose to forego the capacity reservation and purchase an RI that is scoped to a region. RIs that are scoped to a region automatically apply the RI's discount to instance usage across AZs and instance sizes in a region, making it easier for you to take advantage of the RI's discounted rate. On-Demand Instance On-Demand instances let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. This frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. The pricing below includes the cost to run private and public AMIs on the specified operating system ("Windows Usage" prices apply to Windows Server 2003 R2, 2008, 2008 R2, 2012, 2012 R2, 2016, and 2019). Amazon also provides you with additional instances for Amazon EC2 running Microsoft Windows with SQL Server, Amazon EC2 running SUSE Linux Enterprise Server, Amazon EC2 running Red Hat Enterprise Linux and Amazon EC2 running IBM that are priced differently. Spot Instances A Spot Instance is an unused EC2 instance that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs significantly. The hourly price for a Spot Instance is called a Spot price. The Spot price of each instance type in each Availability Zone is set by Amazon EC2, and adjusted gradually based on the long-term supply of and demand for Spot Instances. Your Spot Instance runs whenever capacity is available and the maximum price per hour for your request exceeds the Spot price.

  https://aws.amazon.com/ec2/pricing/reserved-instances/ https://aws.amazon.com/ec2/pricing/on-demand/ https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html

• Question 36:

  An Amazon EC2 administrator created the following policy associated with an IAM group containing several users

  

  What is the effect of this policy?

  A. Users can terminate an EC2 instance in any AWS Region except us-east-1.

  B. Users can terminate an EC2 instance with the IP address 10.100. 1001 in the us-east-1 Region

  C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254

  D. Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100. 100. 254

  Correct Answer: C

• Question 37:

  A solutions architect is designing a high performance computing (HPC) workload on Amazon EC2 The EC2 instances need to communicate to each other frequently and require network performance with low latency and high throughput Which EC2 configuration meets these requirements'?

  A. Launch the EC2 instances in a cluster placement group in one Availability Zone

  B. Launch the EC2 instances in a spread placement group in one Availability Zone

  C. Launch the EC2 instances in an Auto Scaling group in two Regions and peer the VPCs

  D. Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones

  Correct Answer: A

  Placement groups When you launch a new EC2 instance, the EC2 service attempts to place the instance in such a way that all of your instances are spread out across underlying hardware to minimize correlated failures. You can use placement groups to influence the placement of a group of interdependent instances to meet the needs of your workload. Depending on the type of workload. Cluster ?packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

• Question 38:

  A solutions architect is designing an application for a two-step order process The first step is synchronous and must return to the user with little latency The second step takes longer, so it will be implemented in a separate component Orders must be processed exactly once and in the order in which they are received

  How should the solutions architect integrate these components?

  A. Use an Amazon SQS FIFO queues

  B. Use an AWS Lambda function along with Amazon SQS standard queues

  C. Create an SNS topic and subscribe an Amazon SQS FIFO queue to that topic

  D. Create an SNS topic and subscribe an Amazon SQS Standard queue to that topic.

  Correct Answer: C

  https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html

• Question 39:

  A company hosts an application on multiple Amazon EC2 instances The application processes messages from an Amazon SQS queue writes to an Amazon RDS table and deletes the message from the queue Occasional duplicate records are found in the RDS table The SQS queue does not contain any duplicate messages What should a solutions archived do to ensure messages are being processed once only?

  A. Use the CreateQueue API call to create a new queue

  B. Use the AddPermission API call to add appropriate permissions

  C. Use the ReceiveMessage API call to set an appropriate wait time.

  D. Use the ChangeMessageVisibility API call to increase the visibility timeout

  Correct Answer: D

• Question 40:

  A company allows its developers to attach existing IAM policies to existing IAM roles to enable (aster experimentation and agility However the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies How should a solutions architect address this issue?

  A. Create an Amazon SNS topic to send an alert every time a developer creates a new policy

  B. Use service control policies to disable IAM activity across all accounts in the organizational unit

  C. Prevent the developers from attaching any policies and assign all IAM duties to the security operations team

  D. Set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy

  Correct Answer: D