A company designs a mobile app for its customers to upload photos to a website. The app needs a secure login with multi-factor authentication (MFA). The company wants to limit the initial build time and the maintenance of the solution. Which solution should a solutions architect recommend to meet these requirements?
A. Use Amazon Cognito Identity with SMS-based MFA.
B. Edit IAM policies to require MFA for all users.
C. Federate IAM against the corporate Active Directory that requires MFA.
D. Use Amazon API Gateway and require server-side encryption (SSE) for photos.
A company is building a web-based application running on Amazon EC2 instances in multiple Availability Zones. The web application will provide access to a repository of text documents totaling about 900 TB in size. The company anticipates that the web application will experience periods of high demand. A solutions architect must ensure that the storage component for the text documents can scale to meet the demand of the application at all times. The company is concerned about the overall cost of the solution.
Which storage solution meets these requirements MOST cost-effectively?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elasticsearch Service (Amazon ES)
D. Amazon S3
A company is storing sensitive user information in an Amazon S3 bucket. The company wants to provide secure access to this bucket from the application tier running on Amazon EC2 instances inside a VPC. Which combination of steps should a solutions architect take to accomplish this? (Choose two.)
A. Configure a VPC gateway endpoint for Amazon S3 within the VPC.
B. Create a bucket policy to make the objects in the S3 bucket public.
C. Create a bucket policy that limits access to only the application tier running in the VPC.
D. Create an IAM user with an S3 access policy and copy the IAM credentials to the EC2 instance.
E. Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket.
A team has an application that detects new objects being uploaded into an Amazon S3 bucket. The uploads trigger AWS Lambda function to write object metadata into an Amazon DynamoDB table and an Amazon RDS for PostgreSQL database.
Which action should the team take to ensure high availability?
A. Enable Cross-Region Replication in the S3 bucket.
B. Create a Lambda function for each Availability Zone the application is deployed in.
C. Enable Multi-AZ on the RDS for PostgreSQL database.
D. Create a DynamoDB stream for the DynamoDB table.
A company has an Amazon S3 bucket that contains mission-critical data. The company wants to ensure this data is protected from accidental deletion. The data should still be accessible, and a user should be able to delete the data intentionally.
Which combination of steps should a solutions architect take to accomplish this? (Choose two.)
A. Enable versioning on the S3 bucket.
B. Enable MFA Delete on the S3 bucket.
C. Create a bucket policy on the S3 bucket.
D. Enable default encryption on the S3 bucket.
E. Create a lifecycle policy for the objects in the S3 bucket.
A solutions architect needs to design a centralized logging solution for a group of web applications running on Amazon EC2 instances. The solution requires minimal development effort due to budget containts.
What should the architect recommend?
A. Create a crontab job script in each instance to regularly push the logs to Amazon S3
B. Install and configure Amazon CloudWatch Logs agent in the Amazon EC2 instances
C. Enable Amazon EventBridge (Amazon CloudWatch Events) in the AWS Management Console.
D. Enable AWS Cloud Trail to map all API Calls invoked by the applications
A developer has a script to generate daily reports that users previous. The script consistently complete in under 10 minutes. The developer needs to automate the process in a cost effective manner. Which combination of services should the developer use? (Select two)
A. AWS Lambda
B. AWS CloudTrail
C. Cron on an Amazon EC2 instance
D. Amazon EC2 On-Demand instance with user data
E. Amazon EventBridge (Amazon CloudWatch Event)
A solutions architect is moving the static content from a public website hosted on Amazon EC2 instances to an Amazon S3 bucket. An Amazon CloudFront distribution will be used to deliver the static assets. The security group used by the
EC2 instances restricts access to a limited set of IP ranges. Access to the static content should be similarly restricted.
Which combination of steps will meet these requirements? (Select TWO.)
A. Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket policy so that only the OAI can read the objects.
B. Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group. Associate this new web ACL with the CloudFront distribution.
C. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the CloudFront distribution.
D. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the S3 bucket hosting the static content.
E. Create a new IAM role and associate the role with the distribution. Change the permissions either on the S3 bucket or on the files within the S3 bucket so that only the newly created IAM role has read and download permissions.
A developer has an application that uses an AWS Lambda function to upload files to Amazon S3 and needs the required permissions to perform the task. The developer already has an IAM user with valid IAM credentials required for Amazon S3. What should a solutions architect do to grant the permissions?
A. Add required IAM permissions in the resource policy of the Lambda function.
B. Create a signed request using the existing IAM credential in the Lambda function.
C. Create a new IAM user and use the existing IAM credentials in the Lambda function
D. Create an IAM execution role with the required permissions and attach the IAM role to the Lambda function
A solution architect is designing an application that will allow business users to upload objects to Amazon S3. The solution needs to maximize object durability. Objects also must be readily available at any time and for any length of time.
Users will access objects frequently within the first 30 days after the objects are uploaded, but users are much less likely to access objects that are older than 30 days.
Which solution meets these requirements Most cost-effectively?
A. Store all the objects in S3 Standard with an S3 Lifecycle rule to transition the object to S3 Giacier after 30 days.
B. Store all the objects in S3 Standard with an S3 Lifecycle rule to transition the object to S3 Standard- infrequent Access (S3 Standard-IA) after 30 days.
C. Store all the objects in S3 Standard with an S3 Lifecycle rule to transition the object to S3 Zone- infrequent Access (S3 Zone-IA) after 30 days.
D. Store all the objects in S3 intelligent-Tiering with an S3 Lifecycle rule to transition the object to S3 Standard-infrequent Access (S3 Standard-IA) after 30 days.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.