Amazon SAA-C02 Online Practice Questions and Exam Preparation

Amazon SAA-C02 Online Questions & Answers

• Question 561:

  A development team is collaborating with another company to create an integrate product. The other company needs to access an Amazon Simple Queue Service (Amazon SQS) queue that is contained in the development team's account. The other company wants to poll the queue without giving up its own account permissions to do so.

  How should a solutions architect provide access to the 303 queue7

  A. Create an Instance profile that provides the other company access to the SQS queue
  B. Create an IAM policy that provides the other company access to the SQS queue.
  C. Create an SQS access policy that provides the other company access to the SQS queue
  D. Create an Amazon Simple Notification Service (Amazon SNS) aeons policy that provides the other company access to the SQS queue
  C. Create an SQS access policy that provides the other company access to the SQS queue

  ---

  Explanation/Reference:

• Question 562:

  A company runs its production workload on an Amazon Aurora MySQL DB cluster that includes six Aurora Replicas. The company wants near-real-lime reporting queries from one of its departments to be automatically distributed across three of the Aurora Replicas. Those three replicas have a different compute and memory specification from the rest of the DB cluster.

  Which solution meets these requirements?

  A. Create and use a custom endpoint for the workload
  B. Create a three-node cluster clone and use the reader endpoint
  C. Use any of the instance endpoints for the selected three nodes.
  D. Use the reader endpoint to automatically distribute the read-only workload.
  A. Create and use a custom endpoint for the workload

  ---

  Explanation/Reference:

• Question 563:

  A company wants to measure the effectiveness of its recent marketing campaigns. The company performs batch processing on csv files of sales data and stores the results an Amazon S3 bucket once every hour. The S3 bi petabytes of objects. The company runs one-time queries in Amazon Athena to determine which products are most popular on a particular date for a particular region Queries sometimes fail or take longer than expected to finish.

  Which actions should a solutions architect take to improve the query performance and reliability? (Select TWO.)

  A. Reduce the S3 object sizes to less than 126 MB
  B. Partition the data by date and region n Amazon S3
  C. Store the files as large, single objects in Amazon S3.
  D. Use Amazon Kinosis Data Analytics to run the Queries as pan of the batch processing operation
  E. Use an AWS duo extract, transform, and load (ETL) process to convert the csv files into Apache Parquet format.
  C. Store the files as large, single objects in Amazon S3.
  E. Use an AWS duo extract, transform, and load (ETL) process to convert the csv files into Apache Parquet format.

• Question 564:

  A corporation has recruited a new cloud engineer who should not have access to the CompanyConfidential Amazon S3 bucket. The cloud engineer must have read and write permissions on an S3 bucket named AdminTools.

  Which IAM policy will satisfy these criteria?

  

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

  ---

  Explanation/Reference:

  https://docs.amazonaws.cn/en_us/IAM/latest/UserGuide/reference_policies_examples_s3_ rw-bucket.html

• Question 565:

  A developer has an application that uses an AWS Lambda function to upload files to Amazon S3 and needs the required permissions to perform the task. The developer already has an IAM user with valid IAM credentials required for Amazon S3. What should a solutions architect do to grant the permissions?

  A. Add required IAM permissions in the resource policy of the Lambda function.
  B. Create a signed request using the existing IAM credential in the Lambda function.
  C. Create a new IAM user and use the existing IAM credentials in the Lambda function
  D. Create an IAM execution role with the required permissions and attach the IAM role to the Lambda function
  C. Create a new IAM user and use the existing IAM credentials in the Lambda function

• Question 566:

  A company fails an AWS security review conducted by a third party. The review finds that some of the company's methods to access the Amazon EMR API are not secure Developers are using AWS Cloud9, and access keys are connecting to the Amazon EMR API through the public internet Which combination of steps should the company take to MOST improve its security'' (Select TWO)

  A. Set up a VPC peering connection to the Amazon EMR API
  B. Set up VPC endpoints to connect to the Amazon EMR API
  C. Set up a NAT gateway to connect to the Amazon EMR API.
  D. Set up 1AM roles to be used to connect to the Amazon EMR API
  E. Set up each developer with AWS Secrets Manager to store access keys
  B. Set up VPC endpoints to connect to the Amazon EMR API
  D. Set up 1AM roles to be used to connect to the Amazon EMR API

• Question 567:

  A company receives data from different sources and implements multiple applications to consume this data There are many short-running jobs that run only on the weekend. The data arrives in batches rather than throughout the entire

  weekend. The company needs an environment on AWS to ingest and process this data while maintaining the order of the transactions.

  Which combination of AWS services meets these requirements in the MOST cost-effective manner?

  A. Amazon Kinesis Data Streams with AWS Lambda
  B. Amazon Kinesis Data Streams with Amazon EC2 Auto Scaling
  C. Amazon Simple Queue Service (Amazon SQS) with AWS Lambda
  D. Amazon Simple Queue Service (Amazon SQS) with Amazon EC2 Auto Scaling
  C. Amazon Simple Queue Service (Amazon SQS) with AWS Lambda

  ---

  Explanation/Reference:

• Question 568:

  A company is using a centralized AWS account to store log data in various Amazon S3 buckets. A solutions architect needs to ensure that the data is encrypted at rest before the data is uploaded to the S3 buckets. The data also must be encrypted in transit.

  Which solution meets these requirements?

  A. Use client-side encryption to encrypt the data that is being uploaded to the S3 buckets.
  B. Use server-side encryption to encrypt the data that is being uploaded to the S3 buckets.
  C. Create bucket policies that require the use of server-side encryption with S3 managed encryption keys (SSE-S3) for S3 uploads.
  D. Enable the security option to encrypt the S3 buckets through the use of a default AWS Key Management Service (AWS KMS) key.
  B. Use server-side encryption to encrypt the data that is being uploaded to the S3 buckets.

  ---

  Explanation/Reference:

  Reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingEncryption.html

• Question 569:

  A company has an AWS Direct Connect connection from its corporate data center to its VPC in the useast-1 Region The company recently acquired a corporation that has several VPCs and a Direct Connect connection between its on-premises data center and the eu-west-2 Region The CIDR blocks for the VPCs of the company and the corporation do not overlap The company requires connectivity between two Regions and the data centers The company needs a solution that is scalable while reducing operational overhead

  What should a solutions architect do to meet these requirements?

  A. Set up inter-Region VPC peering between the VPC m us-east-1 and the VPCs in eu-west-2
  B. Create private virtual interfaces from the Direct Connect connection in us-east-1 to the VPCs in eu-west-2
  C. Establish VPN appliances in a fully meshed VPN network hosted by Amazon EC2 Use AWS VPN CloudHub to send and receive data between the data centers and each VPC
  D. Connect the existing Direct Connect connection to a Direct Connect gateway Route traffic from the virtual private gateways of the VPCs in each Region to the Direct Connect gateway
  D. Connect the existing Direct Connect connection to a Direct Connect gateway Route traffic from the virtual private gateways of the VPCs in each Region to the Direct Connect gateway

• Question 570:

  A solution architect needs to design a highly available application consisting of web, application, and database tiers, HTTPS content delivery should be as close to the edge as possible, with the least delivery time. Which solution meets these requirements and is MOST secure?

  A. Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances m public subnets Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin
  B. Amazon EC2 instances in private subnets Configure Configure a public Application Load Balancer with multiple redundant Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.
  C. Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin
  D. Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin
  B. Amazon EC2 instances in private subnets Configure Configure a public Application Load Balancer with multiple redundant Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.