Amazon Amazon Certifications SAA-C02 Questions & Answers

• Question 611:

  A company is migrating its applications to AWS. Currently, applications that run on premises generate hundreds of terabytes of data that is stored on a shared file system. The company is running an analytics application in the cloud that runs

  hourly to generate insights from this data.

  The company needs a solution to handle the ongoing data transfer between the on-premises shared file system and Amazon S3. The solution also must be able to handle occasional interruptions in internet connectivity.

  Which solutions should the company use for the data transfer to meet these requirements?

  A. AWS DataSync

  B. AWS Migration Hub

  C. AWS Snowball Edge Storage Optimized

  D. AWS Transfer for SFTP

  Correct Answer: A

  Reference: https://aws.amazon.com/cloud-data-migration/

• Question 612:

  A solutions architect must provide a fully managed replacement for an on-premises solution that allows employees and partners to exchange files. The solution must be easily accessible to employees connecting from on-premises systems, remote employees, and external partners.

  Which solution meets these requirements?

  A. Use AWS Transfer for SFTP to transfer files into and out of Amazon S3.

  B. Use AWS Snowball Edge for local storage and large-scale data transfers.

  C. Use Amazon FSx to store and transfer files to make them available remotely.

  D. Use AWS Storage Gateway to create a volume gateway to store and transfer files to Amazon S3.

  Correct Answer: A

  Reference: https://aws.amazon.com/aws-transfer-family/?whats-new-cards.sort- by=item.additionalFields.postDateTimeandwhats-new-cards.sort-order=desc

• Question 613:

  A company is using Amazon Redshift for analytics and to generate customer reports. The company recently acquired 50 TB of additional customer demographic data. The data is stored in .csv files in Amazon S3. The company needs a solution that joins the data and visualizes the results with the least possible cost and effort.

  What should a solutions architect recommend to meet these requirements?

  A. Use Amazon Redshift Spectrum to query the data in Amazon S3 directly and join that data with the existing data in Amazon Redshift. Use Amazon QuickSight to build the visualizations.

  B. Use Amazon Athena to query the data in Amazon S3. Use Amazon QuickSight to join the data from Athena with the existing data in Amazon Redshift and to build the visualizations.

  C. Increase the size of the Amazon Redshift cluster, and load the data from Amazon S3. Use Amazon EMR Notebooks to query the data and build the visualizations in Amazon Redshift.

  D. Export the data from the Amazon Redshift cluster into Apache Parquet files in Amazon S3. Use Amazon Elasticsearch Service (Amazon ES) to query the data. Use Kibana to visualize the results.

  Correct Answer: A

• Question 614:

  The following IAM policy is attached to an IAM group. This is the only policy applied to the group.

  

  What are the effective IAM permissions of this policy for group members?

  A. Group members are permitted any Amazon EC2 action within the us-east-1 Region. Statements after the Allow permission are not applied.

  B. Group members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA).

  C. Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action.

  D. Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action within the us-east-1 Region.

  Correct Answer: D

• Question 615:

  A company is using AWS Organizations with two AWS accounts: Logistics and Sales. The Logistics account operates an Amazon Redshift cluster. The Sales account includes Amazon EC2 instances. The Sales account needs to access the Logistics account's Amazon Redshift cluster.

  What should a solutions architect recommend to meet this requirement MOST cost-effectively?

  A. Set up VPC sharing with the Logistics account as the owner and the Sales account as the participant to transfer the data.

  B. Create an AWS Lambda function in the Logistics account to transfer data to the Amazon EC2 instances in the Sales account.

  C. Create a snapshot of the Amazon Redshift cluster, and share the snapshot with the Sales account. In the Sales account, restore the cluster by using the snapshot ID that is shared by the Logistics account.

  D. Run COPY commands to load data from Amazon Redshift into Amazon S3 buckets in the Logistics account. Grant permissions to the Sales account to access the S3 buckets of the Logistics account.

  Correct Answer: A

  Reference: https://docs.aws.amazon.com/redshift/latest/mgmt/managing-snapshots-console.html

• Question 616:

  A company is running a global application. The application's users submit multiple videos that are then merged into a single video file. The application uses a single Amazon S3 bucket in the us-east-1 Region to receive uploads from users.

  The same S3 bucket provides the download location of the single video file that is produced. The final video file output has an average size of 250 GB.

  The company needs to develop a solution that delivers faster uploads and downloads of the video files that are stored in Amazon S2. The company will offer the solution as a subscription to users who want to pay for the increased speed.

  What should a solutions architect do to meet these requirements?

  A. Enable AWS Global Accelerator for the S3 endpoint. Adjust the application's upload and download links to use the Global Accelerator S3 endpoint for users who have a subscription.

  B. Enable S3 Cross-Region Replication to S3 buckets in all other AWS Regions. Use an Amazon Route 53 geolocation routing policy to route S3 requests based on the location of users who have a subscription.

  C. Create an Amazon CloudFront distribution and use the S3 bucket in us-east-1 as an origin. Adjust the application to use the CloudFront URL as the upload and download links for users who have a subscription.

  D. Enable S3 Transfer Acceleration for the S3 bucket in us-east-1. Configure the application to use the bucket's S3-accelerate endpoint domain name for the upload and download links for users who have a subscription.

  Correct Answer: C

• Question 617:

  A company's HTTP application is behind a Network Load Balancer (NLB). The NLB's target group is configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web service.

  The company notices that the NLB is not detecting HTTP errors for the application. These errors require a manual restart of the EC2 instances that run the web service. The company needs to improve the application's availability without

  writing custom scripts or code.

  What should a solutions architect do to meet these requirements?

  A. Enable HTTP health checks on the NLB, supplying the URL of the company's application.

  B. Add a cron job to the EC2 instances to check the local application's logs once each minute. If HTTP errors are detected, the application will restart.

  C. Replace the NLB with an Application Load Balancer. Enable HTTP health checks by supplying the URL of the company's application. Configure an Auto Scaling action to replace unhealthy instances.

  D. Create an Amazon CloudWatch alarm that monitors the UnhealthyHostCount metric for the NLB. Configure an Auto Scaling action to replace unhealthy instances when the alarm is in the ALARM state.

  Correct Answer: C

• Question 618:

  A company has two VPCs that are located in the us-west-2 Region within the same AWS account. The company needs to allow network traffic between these VPCs. Approximately 500 GB of data transfer will occur between the VPCs each month.

  What is the MOST cost-effective solution to connect these VPCs?

  A. Implement AWS Transit Gateway to connect the VPCs. Update the route tables of each VPC to use the transit gateway for inter-VPC communication.

  B. Implement an AWS Site-to-Site VPN tunnel between the VPCs. Update the route tables of each VPC to use the VPN tunnel for inter-VPC communication.

  C. Set up a VPC peering connection between the VPCs. Update the route tables of each VPC to use the VPC peering connection for inter-VPC communication.

  D. Set up a 1 GB AWS Direct Connect connection between the VPCs. Update the route tables of each VPC to use the Direct Connect connection for inter-VPC communication.

  Correct Answer: C

• Question 619:

  A company is deploying an application that processes streaming data in near-real time. The company plans to use Amazon EC2 instances for the workload. The network architecture must be configurable to provide the lowest possible latency between nodes.

  Which combination of network solutions will meet these requirements? (Choose two.)

  A. Enable and configure enhanced networking on each EC2 instance.

  B. Group the EC2 instances in separate accounts.

  C. Run the EC2 instances in a cluster placement group.

  D. Attach multiple elastic network interfaces to each EC2 instance.

  E. Use Amazon Elastic Block Store (Amazon EBS) optimized instance types.

  Correct Answer: CD

• Question 620:

  A company's security team requests that network traffic be captured in VPC Flow Logs The logs will be frequently accessed for 90 days and then accessed intermittently. What should a solutions architect do to meet these requirements when configuring the logs'?

  A. Use Amazon CloudWatch as the target Set the CloudWatch log group with an expiration of 90 days

  B. Use Amazon Kinesis as the target Configure the Kinesis stream to always retain the logs for 90 days 1C.

  C. Use AWS CloudTrail as the target Configure CloudTrail to save to an Amazon S3 bucket, and enable S3 Intelligent-Tiering

  D. Use Amazon S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard- IA) after 90 days

  Correct Answer: D