Amazon SAA-C02 Online Practice Questions and Exam Preparation

Amazon SAA-C02 Online Questions & Answers

• Question 491:

  A company uses a payment processing system that requires messages for a particular payment ID to be received in the same order that they were sent Otherwise, the payments might be processed incorrectly. Which actions should a solutions architect take to meet this requirement? (Select TWO.)

  A. Write the messages to an Amazon DynamoDB table with the payment ID as the partition key
  B. Write the messages to an Amazon Kinesis data stream with the payment ID as the partition key.
  C. Write the messages to an Amazon ElastiCache for Memcached cluster with the payment ID as the key
  D. Write the messages to an Amazon Simple Queue Service (Amazon SQS) queue Set the message attribute to use the payment ID
  E. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID.
  A. Write the messages to an Amazon DynamoDB table with the payment ID as the partition key
  E. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID.

• Question 492:

  A company runs an application that receives data from thousands of geographically dispersed remote devices that use UDP The application processes the data immediately and sends a message back to the device if necessary No data is stored.

  The company needs a solution that minimizes latency for the data transmission from the devices. The solution also must provide rapid failover to another AWS Region.

  Which solution will meet these requirements?

  A. Configure an Amazon Route 53 failover routing policy Create a Network Load Balancer (NLB) in each of the two Regions Configure the NLB to invoke an AWS Lambda function to process the data
  B. Use AWS Global Accelerator Create a Network Load Balancer (NLB) in each of the two Regions as an endpoint. Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster Set the ECS service as the target for the NLB Process the data in Amazon ECS.
  C. Use AWS Global Accelerator Create an Application Load Balancer (ALB) in each of the two Regions as an endpoint Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster. Set the ECS service as the target for the ALB Process the data in Amazon ECS
  D. Configure an Amazon Route 53 failover routing policy Create an Application Load Balancer (ALB) in each of the two Regions Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster Set the ECS service as the target for the ALB Process the data in Amazon ECS.
  C. Use AWS Global Accelerator Create an Application Load Balancer (ALB) in each of the two Regions as an endpoint Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster. Set the ECS service as the target for the ALB Process the data in Amazon ECS

• Question 493:

  A disaster response team is using drones to collect images ot recent storm damage. The response team's laptops lack the storage and compute capacity to transfer the images and process the data While the team has Amazon EC2

  instances for processing and Amazon S3 buckets for storage, network connectivity is intermittent and unreliable. The images need to be processed to evaluate the damage.

  What should a solutions architect recommend?

  A. Use AWS Snowball Edge devices to process and store the images.
  B. Upload the images to Amazon Simple Queue Service (Amazon SQS) during intermittent connectivity to EC2 instances.
  C. Configure Amazon Kinesis Data Firehose to create multiple delivery streams aimed separately at the S3 buckets for storage and the EC2 instances for processing the images.
  D. Use AWS Storage Gateway pre-installed on a hardware appliance to cache the images locally for Amazon S3 to process the images when connectivity becomes available.
  A. Use AWS Snowball Edge devices to process and store the images.

  ---

  Explanation/Reference:

• Question 494:

  A company has an Amazon S3 data lake that is governed by AWS Lake Formation The company wants to create a visualization in Amazon QuickSight by joining the data in the data lake with operational data that is stored in an Amazon Aurora MySQL database The company wants to enforce column-level authorization so that the company's marketing team can access only a subset of columns in the database

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Use Amazon EMR to ingest the data directly from the database to the QuickSight SPICE engine Include only the required columns
  B. Use AWS Glue Studio to ingest the data from the database to the S3 data lake Attach an 1AM policy to the QuickSight users to enforce column-level access control. Use Amazon S3 as the data source in QuickSight
  C. Use AWS Glue Elastic Views to create a materialized view for the database in Amazon S3 Create an S3 bucket policy to enforce column-level access control for the QuickSight users Use Amazon S3 as the data source in QuickSight.
  D. Use a Lake Formation blueprint to ingest the data from the database to the S3 data lake Use Lake Formation to enforce column-level access control for the QuickSight users Use Amazon Athena as the data source in QuickSight
  C. Use AWS Glue Elastic Views to create a materialized view for the database in Amazon S3 Create an S3 bucket policy to enforce column-level access control for the QuickSight users Use Amazon S3 as the data source in QuickSight.

• Question 495:

  A company has a web application that users access from around the world The company has web servers in multiple AWS Regions to support the traffic A solutions architect must configure an Amazon Route 53 routing policy to send traffic to only the active web servers

  Which configuration meets this requirement?

  A. Create a simple routing policy that uses health checks for each Region
  B. Create a multivalue answer routing policy that uses health checks for each Region
  C. Create a geoproximity routing policy with a health check bias of 99 for each Region
  D. Create a weighted routing policy with a health check weight of 100 for each Region
  B. Create a multivalue answer routing policy that uses health checks for each Region

• Question 496:

  A company previously migrated its data warehouse solution to AWS. The company also has an AWS Direct Connect connection. Corporate office users query the data warehouse using a visualization tool. The average size of a query returned by the data warehouse is 50 MB and each webpage sent by the visualization tool is approximately 500 KB. Result sets returned by the data warehouse are not cached.

  Which solution provides the LOWEST data transfer egress cost for the company?

  A. Host the visualization tool on premises and query the data warehouse directly over the internet.
  B. Host the visualization tool in the same AWS Region as the data warehouse. Access it over the internet.
  C. Host the visualization tool on premises and query the data warehouse directly over a Direct Connect connection at a location in the same AWS Region.
  D. Host the visualization tool in the same AWS Region as the data warehouse and access it over a Direct Connect connection at a location in the same Region.
  D. Host the visualization tool in the same AWS Region as the data warehouse and access it over a Direct Connect connection at a location in the same Region.

  ---

  Explanation/Reference:

• Question 497:

  A business's backup data totals 700 terabytes (TB) and is kept in network attached storage (NAS) at its data center. This backup data must be available in the event of occasional regulatory inquiries and preserved for a period of seven years. The organization has chosen to relocate its backup data from its on- premises data center to Amazon Web Services (AWS). Within one month, the migration must be completed. The company's public internet connection provides 500 Mbps of dedicated capacity for data transport.

  What should a solutions architect do to ensure that data is migrated and stored at the LOWEST possible cost?

  A. Order AWS Snowball devices to transfer the data. Use a lifecycle policy to transition the files to Amazon S3 Glacier Deep Archive.
  B. Deploy a VPN connection between the data center and Amazon VPC. Use the AWS CLI to copy the data from on premises to Amazon S3 Glacier.
  C. Provision a 500 Mbps AWS Direct Connect connection and transfer the data to Amazon S3. Use a lifecycle policy to transition the files to Amazon S3 Glacier Deep Archive.
  D. Use AWS DataSync to transfer the data and deploy a DataSync agent on premises. Use the DataSync task to copy files from the on-premises NAS storage to Amazon S3 Glacier.
  A. Order AWS Snowball devices to transfer the data. Use a lifecycle policy to transition the files to Amazon S3 Glacier Deep Archive.

• Question 498:

  An application that is hosted on Amazon EC2 instances needs to access an Amazon S3 bucket Traffic must not traverse the internet.

  How should a solutions architect configure access to meet these requirements?

  A. Create a private hosted zone by using Amazon Route 53
  B. Set up a gateway VPC endpoint for Amazon S3 in the VPC
  C. Configure the EC2 instances to use a NAT gateway to access the S3 bucket
  D. Establish an AWS Site-to-Site VPN connection between the VPC and the S3 bucket
  B. Set up a gateway VPC endpoint for Amazon S3 in the VPC

• Question 499:

  A company has enabled AWS CloudTrail logs to deliver log files to an Amazon S3 bucket for each of its developer accounts. The company has created a central AWS account for streamlining management and audit reviews. An internal auditor needs to access the CloudTrail logs, yet access needs to be restricted for all developer account users. The solution must be secure and optimized. How should a solutions architect meet these requirements?

  A. Configure an AWS Lambda function in each developer account to copy the log files to the central account. Create an IAM role in the central account for the auditor. Attach an IAM policy providing read-only permissions to the bucket.
  B. Configure CloudTrail from each developer account to deliver the log files to an S3 bucket in the central account. Create an IAM user in the central account for the auditor. Attach an IAM policy providing full permissions to the bucket.
  C. Configure CloudTrail from each developer account to deliver the log files to an S3 bucket in the central account. Create an IAM role in the central account for the auditor. Attach an IAM policy providing read-only permissions to the bucket.
  D. Configure an AWS Lambda function in the central account to copy the log files from the S3 bucket in each developer account. Create an IAM user in the central account for the auditor. Attach an IAM policy providing full permissions to the bucket.
  A. Configure an AWS Lambda function in each developer account to copy the log files to the central account. Create an IAM role in the central account for the auditor. Attach an IAM policy providing read-only permissions to the bucket.

• Question 500:

  A company is planning to migrate a mission-critical three-tor web application from on premises to the AWS Cloud. The backend database is snared with other on-premises systems and will remain in the on- premises data center.

  The application tier requires quick and predictable response times between the presentation tier and the database Encryption is required for data in transit between client web browsers and the VPC. and between the on-promises data center

  and the VPC.

  Which solution meets these requirements?

  A. Use VPN tunnels over an AWS Direct Connect connection for the data transfers between the VPC and the on-premises data center
  B. Use SSL/TLS for the web traffic encryption Use VPN tunnels for the data transfer between the VPC and the on-premises data center
  C. Use SSL/TLS for the web traffic encryption Use an AWS Direct Connect connection for the data transfers between the VPC and the on premises data center
  D. Use SSL/TLS for the web traffic encryption. Use VPN tunnels over an AWS Direct Connect connection for the data transfer between the VPC and the on-premises data center.
  D. Use SSL/TLS for the web traffic encryption. Use VPN tunnels over an AWS Direct Connect connection for the data transfer between the VPC and the on-premises data center.