A company needs to share an Amazon S3 bucket with an external vendor. The bucket owner must be able to access all objects. Which action should be taken to share the S3 bucket?
A. Update the bucket to be a Requester Pays bucket B. Update the bucket to enable cross-origin resource sharing (CPORS) C. Create a bucket policy to require users to grant bucket-owner-full when uploading objects D. Create an IAM policy to require users to grant bucket-owner-full control when uploading objects.
A. Update the bucket to be a Requester Pays bucket
By default, an S3 object is owned by the AWS account that uploaded it. This is true even when the bucket is owned by another account. To get access to the object, the object owner must explicitly grant you (the bucket owner) access. The
object owner can grant the bucket owner full control of the object by updating the access control list (ACL) of the object. The object owner can update the ACL either during a put or copy operation, or after the object is added to the bucket.
Resolution Add a bucket policy that grants users access to put objects in your bucket only when they grant you (the bucket owner) full control of the object.
Question 572:
A company uses AWS to run all components of its three-tier web application. The company wants to automatically detect any potential security breaches within the environment The company wants to track any findings and notify administrators if a potential breach occurs.
Which solution meets these requirements?
A. Set up AWS WAF to evaluate suspicious web traffic Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators. B. Set up AWS Shield to evaluate suspicious web traffic Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators. C. Deploy Amazon Inspector to monitor the environment and generate findings in Amazon CloudWatch. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email. D. Deploy Amazon GuardDuty to monitor the environment and generate findings in Amazon CloudWatch. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email.
D. Deploy Amazon GuardDuty to monitor the environment and generate findings in Amazon CloudWatch. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email.
A company has a remote factory that has unreliable connectivity. The factory needs to gather and process machine data and sensor data so that it can sense products on its conveyor belts and initiate a robotic movement to direct the products to the right location. Predictable low-latency compute processing is essential for the on-premises control systems.
Which solution should the factory use to process the data?
A. Amazon CloudFront Lambda@Edge functions B. An Amazon EC2 instance that has enhanced networking enabled C. An Amazon EC2 instance that uses an AWS Global Accelerator D. An Amazon Elastic Block Store (Amazon EBS) volume on an AWS Snowball Edge cluster
A. Amazon CloudFront Lambda@Edge functions
Explanation/Reference:
Question 574:
A company is using Amazon CloudFront with its website. The company has enabled logging on the CloudFront distribution, and logs are saved in one of the company's Amazon S3 buckets. The company needs to perform advanced analysis on the logs and build visualizations. What should a solutions architect do to meet these requirements?
A. Use standard SQL queries in Amazon Athena to analyze CloudFront logs in the S3 bucket. Visualize the results with AWS Glue. B. Use standard SQL queries in Amazon Athena to analyze the CloudFront logs in the S3 bucket.Visual the results with Amazon QuickSight. C. Use standard queries in Amazon DynamoDB to analyze the Cloudfront logs in the S3 bucket.Visualize the results with the AWS Glue. D. Use standard SQL queries in Amazon DynamoDB to analyze the CloudFront logs in the S3 bucket. Visualize the results with Amazon QuickSight.
D. Use standard SQL queries in Amazon DynamoDB to analyze the CloudFront logs in the S3 bucket. Visualize the results with Amazon QuickSight.
Question 575:
A company delivers files in Amazon S3 to certain users who do not have AWS credentials. These users must be given access for a limited lime. What should a solutions architect do to securely meet these requirements?
A. Enable public access on an Amazon S3 bucket. B. Generate a presigned URL to share with the users. C. Encrypt files using AWS KMS and provide keys to the users. D. Create and assign IAM roles that will grant GetObject permissions to the users.
B. Generate a presigned URL to share with the users.
Question 576:
A solutions architect is designing a new hybrid architecture to extend a company s on- premises infrastructure to AWS The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails.
What should the solutions architect do to meet these requirements?
A. Provision an AWS Direct Connect connection to a Region Provision a VPN connection as a backup if the primary Direct Connect connection fails. B. Provision a VPN tunnel connection to a Region for private connectivity. Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails C. Provision an AWS Direct Connect connection to a Region Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails. D. Provision an AWS Direct Connect connection to a Region Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.
A. Provision an AWS Direct Connect connection to a Region Provision a VPN connection as a backup if the primary Direct Connect connection fails.
Question 577:
A solutions architect needs to implement a solution to reduce a company's storage costs. All the company's data is in the Amazon S3 Standard storage class. The company must keep all data for at least 25 years Data from the most recent 2 year must be highly available and immediately retrievable. Which solution will meet these requirements?
A. Set up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive immediately B. Set up an S3 Lifecycle policy to transition objects to S3 Glader Deep Archive after 2 years C. Use S3 Intelligent-Tiering Activate the archiving option to ensure that data is archived in S3 Glader Deep Archive D. Set up an S3 Lifecycle policy to transition objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately and to S3 Glacier Deep Archive after 2 years
B. Set up an S3 Lifecycle policy to transition objects to S3 Glader Deep Archive after 2 years
Explanation/Reference:
Question 578:
A company runs an on-premises application The company is planning to move the application to containers by using Kubernetes The company wants to migrate the application to AWS to reduce the overhead of container infrastructure management A solutions architect must configure the environment to allow deployment of the company's own custom Amazon Machine Image (AMI) to nodes.
Which solution will meet these requirements with the LEAST operational overhead?
A. Provision a Kubernetes cluster on Amazon EC2 Store container images in Docker Hub B. Use AWS Fargate on Amazon Elastic Kubernetes Service (Amazon EKS) Store container images in Amazon Elastic Container Registry (Amazon ECR). C. Use Amazon Elastic Kubernetes Service (Amazon EKS) with managed worker nodes Store container images in Amazon Elastic Container Registry (Amazon ECR) D. Use Amazon Elastic Kubernetes Service (Amazon EKS) with self-managed worker nodes Store container images in an image repository that runs on Amazon EC2
B. Use AWS Fargate on Amazon Elastic Kubernetes Service (Amazon EKS) Store container images in Amazon Elastic Container Registry (Amazon ECR).
Explanation/Reference:
Question 579:
A recently acquired company is required to build its own infrastructure on AWS and migrate multiple applications to the cloud within a month. Each application has approximately 50 TB of data to be transferred After the migration ts complete
this company and its parent company will Doth require secure network connectivity with consistent throughput from their data centers to the applications. A solutions architect must ensure one-time data migration and ongoing network
connectivity.
Which solution will meet these requirements?
A. AWS Direct Connect for both the initial transfer and ongoing connectivity. B. AWS Site-to-Site VPN for both the initial transfer and ongoing connectivity. C. AWS Snowball for the initial transfer and AWS Direct Connect for ongoing connectivity. D. AWS Snowball for the initial transfer and AWS Site-to-Site VPN for ongoing connectivity.
C. AWS Snowball for the initial transfer and AWS Direct Connect for ongoing connectivity.
Question 580:
A solutions architect needs to design a solution that retrieves data every 2 minutes from a third-party web service that is accessible through the internet. A Python script runs the data retrieval in less than 100 milliseconds for each retrieval. The response is a JSON object that contains sensor data that is less than 1 KB in size. The solutions architect needs to store the JSON object along with the timestamp.
Which solution meets these requirements MOST cost-effectively?
A. Deploy an Amazon EC2 instance with a Linux operating system. Configure a cron job to run the script every 2 minutes. Extend the script to store the JSON object along with the timestamp in a MySQL database that is hosted on an Amazon RDS DB instance. B. Deploy an Amazon EC2 instance with a Linux operating system to extend the script to run in an infinite loop every 2 minutes. Store the JSON object along with the timestamp in an Amazon DynamoDB table that uses the timestamp as the primary key. Run the script on the EC2 instance. C. Deploy an AWS Lambda function to extend the script to store the JSON object along with the timestamp in an Amazon DynamoDB table that uses the timestamp as the primary key. Use an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that is initiated every 2 minutes to invoke the Lambda function. D. Deploy an AWS Lambda function to extend the script to run in an infinite loop every 2 minutes. Store the JSON object along with the timestamp in an Amazon DynamoDB table that uses the timestamp as the primary key. Ensure that the script is called by the handler function that is configured for the Lambda function.
C. Deploy an AWS Lambda function to extend the script to store the JSON object along with the timestamp in an Amazon DynamoDB table that uses the timestamp as the primary key. Use an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that is initiated every 2 minutes to invoke the Lambda function.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.