A company is using Amazon Route 53 latency-based routing to route requests to its UDP- based application for users around the world. The application is hosted on redundant servers in the company's on-premises data centers in the United States. Asia, and Europe. The company's compliance requirements state that the application must be hosted on premises The company wants to improve the performance and availability of the application.
What should a solutions architect do to meet these requirements?
A. Configure throe Network Load Balancers (NLBs) in the three AWS Regions to address the on- premises endpoints Create an accelerator by using AWS Global Accelerator, and register the NLBs as its endpoints. Provide access to the application by using a CNAML that points to the accelerator DNS
B. Configure three Application Load Balancers (ALGs) in the three AWS Regions to wireless the on- premises endpoints. Create an accelerator by using AWS Global Accelerator, and register the ALBs as its endpoints Provide access to the application by using a CNAK1L that points to the accelerator UNS
C. Configure three Network Load Balancers (NLOs) in the three AWS Regions to address the on- prernises endpoints In Route 53. create ?latency-based record that points to the three NLBs. and use it as an origin for an Amazon CloudFront distribution Provide access to the application by using a CNAML that points to the CloudFront DNS
D. Configure three Application Load Balancers (ALBs) in the three AWS Regions to address the on premises endpoint. In Route 53. create a latency based record that points to the three ALUs and use it as an origin for an Amazon CloudFront distribution Provide access to the application by using a CNAMF that points to the CloudFront DNS.
A company has an application running as a service in Amazon Elastic Container Service (Amazon EC2) using the Amazon launch type. The application code makes AWS API calls to publish messages to Amazon Simple Queue Service
(Amazon SQS).
What is the MOST secure method of giving the application permission to publish messages to Amazon SQS?
A. Use AWS identity and Access Management (IAM) to grant SQS permissions to the role used by the launch configuration for the Auto Scaling group of the ECS cluster.
B. Create a new IAM user with SQS permissions. The update the task definition to declare the access key ID and secrect access key as environment variables.
C. Create a new IAM role with SQS permissions. The update the task definition to use this role for the task role setting.
D. Update the security group used by the ECS cluster to allow access to Amazon SQS
A company has a Windows-based application that must be migrated to AWS. The application requires the use of a shared Windows file system attached to multiple Amazon EC2 Windows instances that are deployed across Availability Zones.
What should a solution architect do to meet this requirement?
A. Configure AWS Storage gateway in volume gateway mode. Mount the volume to each Windows instance.
B. Configure Amazon FSx for Windows File Server. Mount the Amazon FSx file system to each Windows instance.
C. Configure a file system by using Amazon Elastic File System (Amazon EFS) Mounty the EFS file system to each Windows instance.
D. Configure an Amazon Elastic Block Store (Amazon EBS) volume with the required size. Attach each instance to the volume. Mount the file system within the volume to each Windows instance.
A company has an application running on Amazon EC2 On-Demand Instances. The application does not scale, and the Instances run In one AWS Region. The company wants the flexibility to change the operating system from Windows to AWS Linux in the future. The company needs to reduce the cost of the instances without creating additional operational overhead or changes to the application What should the company purchase lo meet these requirements MOST cost-effectively?
A. Dedicated Hosts for the Instance type being used
B. A Compute Savings Plan for the instance type being used
C. An EC2 Instance Savings Plan (or the instance type being used
D. Convertible Reserved Instances tor the instance type being used
A company wants to run a static website served through Amazon CloudFront. What is an advantage of storing the website content in an Amazon S3 bucket instead of an Amazon Elastic Block Store (Amazon EBS) volume?
A. S3 buckets are replicated globally, allowing for large scalability. EBS volumes are replicated only within an AWS Region.
B. S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin
C. S3 buckets can be encrypted, allowing for secure storage of the web files. EBS volumes cannot be encrypted.
D. S3 buckets support object-level read throttling, preventing abuse. EBS volumes do not provide object-level throttling.
A company expects its user base to increase five times over one year. Its application is hosted in one region and uses an Amazon RDS for MySQL database, an Application Load Balance Amazon Elastic Container Service (Amazon ECS) to host the website and its microservices. Which design changes should a solutions architect recommend to support the expected growth? (SelectTWO.)
A. Move static files from Amazon ECS to Amazon S3
B. Use an Amazon Route 53 geolocation routing policy.
C. Scale the environment based on real-time AWS CloudTrail logs.
D. Create a dedicated Elastic Load Balancer for each microservice.
E. Create RDS lead replicas and change the application to use these replicas.
A solutions architect is designing a new workload in which an AWS Lambda function will access an Amazon DynamoDB table. What is the MOST secure means of granting the Lambda function access tothe DynamoDB labia?
A. Create an IAM role with the necessary permissions to access the DynamoDB table Assign the role to the Lambda function.
B. Create a DynamoDB user name and password and give them to the developer to use in the Lambda function.
C. Create an IAM user, and create access and secret keys for the user. Give the user the necessary permissions to access the DynarnoOB table. Have the developer use these keys to access the resources.
D. Create an IAM role allowing access from AWS Lambda Assign the role to the DynamoDB table
A company is using Amazon RDS for MySQL. The company disaster recovery requirements state that a near real time replica of the database must be maintained on premises. The company wants the data to be encrypted in transit Which solution meets these requirements?
A. Use AWS Database Migration Service (AWS DMS) and AWS Direct Connect to migrate the data from AWS to on premises.
B. Use MySQL replication to replicate from AWS to on premises over an IPsec VPN on top of an AWS Direct Connect Connection.
C. Use AWS Data Pipeline to replicate from AWS to on premises over an IPsec VPN on top of an AWS Direct Connect Connection.
D. Use the Amazon RDS Multi-Az Feature. Choose on premises as the failover availability zone over an IPsec vpn on top of an AWS Direct Connect Connection
A company stops a cluster of Amazon EC2 instances over a weekend. The costs decrease, but they do not drop to zero Which resources could still be generating costs?
A. Elastic IP address
B. Data transfer out
C. Regional data transfers
D. Amazon Elastic Block Store (Amazon EBS) volumes
E. AWS Auto Scaling
A city has deployed a web application running on AmazonEC2 instances behind an Application Load Balancer (ALB) The Application's users have reported sporadic performance, which appears to be related to DDoS attacks originating from
random IP addresses. The City needs a solution that requires minimal configuration changes and provides an audit trail for the DDoS source.
Which solution meets these requirements..?
A. Enable an AWS WAF web ACL on the ALB and configure rules to block traffic from unknown sources.
B. Subscribe to Amazon inspector. Engage the AWS DDoS Resource Team (DRT) to integrate migrating controls into the service.
C. Subscribe to AWS shield advanced. Engage the AWS DDoS Response team (DRT) to integrate migrating controls into the service.
D. Create an Amazon CloudFront distribution for the application and set the ALB as the origin. Enable an AWS WAF web ACL on the distribution and configure rules to block traffic from unknown sources.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.