A company is concerned about the security of its public web application due to recent web attacks The application uses an Application Load Balancer (ALB) A solutions architect must reduce the risk of DDoS attacks against the application. What should the solutions architect do to meet this requirement?
A. Add an Amazon Inspector agent to the ALB
B. Configure Amazon Macie to prevent attacks
C. Enable AWS Shield Advanced to prevent attacks
D. Configure Amazon GuardDuty to monitor the ALB
A manufacturing company has machine sensors that upload csv files to an Amazon S3 bucket These csv files must be converted into images and must be made available as soon as possible for the automatic generation of graphical reports
The images become irrelevant after 1 month, but the csv files must be kept to tram machine learning (ML) models twice a year. The ML trainings and audits are planned weeks in advance. Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO )
A. Launch an Amazon EC2 Spot Instance that downloads the csv files every hour generates the image files, and uploads the images to the S3 bucket
B. Design an AWS Lambda function that converts the csv files into images and stores the images in the S3 bucket Invoke the Lambda function when a csv file is uploaded
C. Create S3 Lifecycle rules for csv files and image files in the S3 bucket Transition the csv files from S3 Standard to S3 Glacier 1 day after they are uploaded Expire the image files after 30 days
D. Create S3 Lifecycle rules for csv files and image files in the S3 bucket Transition the csv files from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) 1 day after they are uploaded Expire the image files after 30 days
E. Create S3 Lifecycle rules for csv files and image files in the S3 bucket Transition the csv files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 1 day after they are uploaded Keep the image files in Reduced Redundancy Storage (RRS)
A company is using a centralized AWS account to store log data in various Amazon S3 buckets. A solutions architect needs to ensure that the data is encrypted at rest before the data is uploaded to the S3 buckets. The data also must be encrypted in transit.
Which solution meets these requirements?
A. Use client-side encryption to encrypt the data that is being uploaded to the S3 buckets.
B. Use server-side encryption to encrypt the data that is being uploaded to the S3 buckets.
C. Create bucket policies that require the use of server-side encryption with S3 managed encryption keys (SSE-S3) for S3 uploads.
D. Enable the security option to encrypt the S3 buckets through the use of a default AWS Key Management Service (AWS KMS) key.
A company is hosting an application in its own data center The application uses Amazon S3 for data storage The application transfers several hundred terabytes of data every month to and from Amazon S3 The company needs to minimize the cost of this data transfer.
Which solution meets this requirement?
A. Establish an AWS Direct Connect connection between the AWS Region in use and the company's data center Route traffic to Amazon S3 over the Direct Connect connection
B. Establish an AWS Site-to-Site VPN connection between the company's data center and a VPC in the AWS Region in use Create a VPC endpoint for Amazon S3 in the VPC Route traffic to Amazon S3 over the VPN connection to the S3 endpoint.
C. Create an AWS Storage Gateway file gateway Deploy the software appliance in the company's data center Configure the application to use the file gateway to store and retrieve files
D. Create an FTPS server by using AWS Transfer Family Configure the application to use the FTPS server to store and retrieve files
A company is using Amazon Redshift for analytics and to generate customer reports. The company recently acquired 50 TB of additional customer demographic data. The .........S3. The company needs a solution that joins the data and visualizes the results with the least possible cost and effort.
What should a solutions architect recommend to meet these requirements?
A. Use Amazon Redshift Spectrum to query the data in Amazon S3 directly and join that data with the existing data in Amazon Redshift. Use Amazon QuickSight to....
B. Use Amazon Athena to query the data in Amazon S3. Use Amazon QuickSight to join the data from Athena with the existing data in Amazon Redshift and to build...
C. Increase the size of the Amazon Redshift cluster, and load the data from Amazon S3. Use Amazon EMR Notebooks to query the data and build the visualizations,,,
D. Export the data from the Amazon Redshift cluster into Apache Parquet files in Amazon S3. Use Amazon Elasticsearch Service (Amazon ES) to query the data. Use..
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs to share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses a customer managed customer master key (CMK) to encrypt EBS volume snapshots.
What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?
A. Make the encrypted AMI and snapshots publicly available. Modify the CMK's key policy to allow the MSP Partner's AWS account to use the key
B. Modify the launchPermission property of the AMI. Share the AMI with the MSP Partner's AWS account only. Modify the CMK's key policy to allow the MSP Partner's AWS account to use the key.
C. Modify the launchPermission property of the AMI Share the AMI with the MSP Partner's AWS account only. Modify the CMK's key policy to trust a new CMK that is owned by the MSP Partner for encryption.
D. Export the AMI from the source account to an Amazon S3 bucket in the MSP Partner's AWS account. Encrypt the S3 bucket with a CMK that is owned by the MSP Partner Copy and launch the AMI in the MSP Partner's AWS account.
A company is designing a new application that runs in a VPC on Amazon EC2 instances The application stores data in Amazon S3 and uses Amazon DynamoDB as its database For compliance reasons, the company prohibits all traffic between the EC2 instances and other AWS services from passing over the public internet
What can a solutions architect do to meet this requirement?
A. Configure gateway VPC endpoints to Amazon S3 and DynamoDB
B. Configure interface VPC endpoints to Amazon S3 and DynamoDB
C. Configure a gateway VPC endpoint to Amazon S3 Configure an interface VPC endpoint to DynamoDB
D. Configure a gateway VPC endpoint to DynamoDB Configure an interface VPC endpoint to Amazon S3
A company is running a global application. The application's users submit multiple videos that are then merged into a single video file. The application uses a single Amazon..... to receive uploads from users. The same S3 bucket provides the
download location of the single video file that is produced. The final video file output has an average size of......
The company needs to develop a solution that delivers faster uploads and downloads of the video files that are stored in Amazon S3. The company will offer the solution as a pay for the increased speed.
What should a solutions architect do to meet these requirements?
A. Enable AWS Global Accelerator for the S3 endpoint. Adjust the application's upload and download links to use the Global Accelerator S3 endpoint for users who
B. Enable S3 Cross-Region Replication to S3 buckets in all other AWS Regions. Use an Amazon Route 53 geolocation routing policy to route S3 requests based on th.........subscription.
C. Create an Amazon CloudFront distribution, and use the S3 bucket in us-east-1 as an origin. Adjust the application to use the CloudFront URL as the upload and do...........subscription.
D. Enable S3 Transfer Acceleration for the S3 bucket in us-east-1. Configure the application to use the bucket's S3-accelerate endpoint domain name for the upload at.......... have a subscription.
A company is building an application that consists of several microservices. The company has decided to use container technologies to deploy its software on AWS. The company needs a solution that minimizes the amount of ongoing effort for maintenance and scaling. The company cannot manage additional infrastructure
Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.)
A. Deploy an Amazon Elastic Container Service (Amazon ECS) cluster.
B. Deploy the Kubernetes control plane on Amazon EC2 instances that span multiple Availability Zones
C. Deploy an Amazon Elastic Container Service (Amazon ECS) service with an Amazon EC2 launch type Specify a desired task number level of greater than or equal to 2
D. Deploy an Amazon Elastic Container Service (Amazon ECS) service with a Fargate launch type Specify a desired task number level of greater than or equal to 2
E. Deploy Kubernetes worker nodes on Amazon EC2 instances that span multiple Availability Zones Create a deployment that specifies two or more replicas for each microservice
Which solution should the company use for the data transfer to meet these requirements?
A. AWSDataSync
B. AWS Migration Hub
C. AWS Snowball Edge Storage Optimized
D. AWS Transfer for SFTP
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.