A company is hosting a high-traffic static website on Amazon S3 with an Amazon CloudFront distribution that has a default TTL of 0 seconds The company wants to implement caching to improve performance for the website However the company also wants to ensure that stale content is not served for more than a few minutes after a deployment
Which combination of caching methods should a solutions architect implement to meet these requirements? (Select TWO )
A. Set the CloudFront default TTL to 2 minutes
B. Set a default TTL of 2 minutes on the S3 bucket
C. Add a Cache-Control private directive to the objects in Amazon S3
D. Create an AWS LambdaQEdge function to add an Expires header to HTTP responses Configure the function to run on viewer response
E. Add a Cache-Control max-age directive of 24 hours to the objects in Amazon S3. On deployment create a CloudFront invalidation to purge any changed files from edge caches
A company has a serverless website with millions of objects in an Amazon S3 bucket The company uses tie S3 bucket as the origin tor an Amazon CloudFront distribution The company did not set encryption on the S3 bucket before the objects were loaded A solutions architect needs to enable encryption for all existing objects and for all objects that are added to the S3 bucket in the future
Which solution will meet these requirements with the LEAST amount of effort?
A. Create a new S3 bucket Turn on the default encryption settings for the new S3 bucket Download all existing objects to temporary local storage Upload the objects to the new S3 bucket
B. Turn on the default encryption settings for the S3 bucket Use the S3 Inventory feature to create a csv file that lists the unencrypted objects Run an S3 Batch Operations job that uses the copy command to encrypt those objects
C. Create a new encryption key by using AWS Key Management Service (AWS KMS) Change the settings on the S3 bucket to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) Turn on versioning for the S3 bucket
D. Navigate to Amazon S3 in the AWS Management Console Browse the S3 bucket's objects Sort by the encryption field Select each unencrypted object Use the Modify button to apply default encryption settings to every unencrypted object in the S3 bucket
A company runs an infrastructure monitoring service. The company is building a new feature that will enable the service to monitor data in customer AWS accounts. The new feature will call AWS APIs m customer accounts to describe Amazon EC2 instances and read Amazon CloudWatch metrics
What should the company do to obtain access to customer accounts in the MOST secure way?
A. Ensure that the customers create an IAM role in their account with read-only EC2 and CloudWatch permissions and a trust policy to the company's account
B. Create a serverless API that implements a token vending machine to provide temporary AWS credentials for a role with read-only EC2 and CloudWatch permissions
C. Ensure that the customers create an IAM user m their account with read-only EC2 and CloudWatch permissions Encrypt and store customer access and secret keys in a secrets management system
D. Ensure that the customers create an Amazon Cognito user in their account to use an IAM role with read-only EC2 and CloudWatch permissions Encrypt and store the Amazon Cognito user and password in a secrets management system
A company is using a content management system that runs on a single Amazon EC2 instance. The EC2 instance contains both the web server and the database software. The company must make its website platform highly available and must enable the website to scale to meet user demand
What should a solutions architect recommend to meet these requirements?
A. Move the database to Amazon RDS, and enable automatic backups Manually launch another EC2 instance in the same Availability Zone Configure an Application Load Balancer in the Availability Zone and set the two instances as targets
B. Migrate the database to an Amazon Aurora instance with a read replica in the same Availability Zone as the existing EC2 instance Manually launch another EC2 instance in the same Availability Zone Configure an Application Load Balancer and set the two EC2 instances as targets
C. Move the database to Amazon Aurora with a read replica in another Availability Zone Create an Amazon Machine Image (AMI) from the EC2 instance Configure an Application Load Balancer in two Availability Zones Attach an Auto Scaling group that uses the AMI across two Availability Zones
D. Move the database to a separate EC2 instance and schedule backups to Amazon S3 Create an Amazon Machine Image (AMI > from the original EC2 instance Configure an Application Load Balancer in two Availability Zones Attach an Auto Scaling group that uses the AMI across two Availability Zones
A company serves its website by using an Auto Scaling group of Amazon EC2 instances in a single AWS Region. The website does not require a database.
The company is expanding, and the company's engineering team deploys the website to a second Region. The company wants to distribute traffic across both Regions to accommodate growth and for disaster recovery purposes. The solution should not serve traffic from a Region in which the website is unhealthy.
Which policy or resource should the company use to meet these requirements?
A. An Amazon Route 53 simple routing policy
B. An Amazon Route 53 multivalue answer routing policy
C. An Application Load Balancer in one Region with a target group that specifies the EC2 instance IDs from both Regions
D. An Application Load Balancer in one Region with a target group that specifies the IP addresses of the EC2 instances from both Regions
A solutions architect needs to design a solution that retrieves data every 2 minutes from a third-party web service that is accessible through the internet. A Python script runs the data retrieval in less than 100 milliseconds for each retrieval. The response is a JSON object that contains sensor data that is less than 1 KB in size. The solutions architect needs to store the JSON object along with the timestamp.
Which solution meets these requirements MOST cost-effectively?
A. Deploy an Amazon EC2 instance with a Linux operating system. Configure a cron job to run the script every 2 minutes. Extend the script to store the JSON object along with the timestamp in a MySQL database that is hosted on an Amazon RDS DB instance.
B. Deploy an Amazon EC2 instance with a Linux operating system to extend the script to run in an infinite loop every 2 minutes. Store the JSON object along with the timestamp in an Amazon DynamoDB table that uses the timestamp as the primary key. Run the script on the EC2 instance.
C. Deploy an AWS Lambda function to extend the script to store the JSON object along with the timestamp in an Amazon DynamoDB table that uses the timestamp as the primary key. Use an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that is initiated every 2 minutes to invoke the Lambda function.
D. Deploy an AWS Lambda function to extend the script to run in an infinite loop every 2 minutes. Store the JSON object along with the timestamp in an Amazon DynamoDB table that uses the timestamp as the primary key. Ensure that the script is called by the handler function that is configured for the Lambda function.
A law firm needs to share information with the public. The information includes hundreds of files that must be publicly readable. Modifications or deletions of the files by anyone before a designated future date are prohibited.
Which solution will meet these requirements in the MOST secure way?
A. Upload all flies to an Amazon S3 bucket that is configured for static website hosting. Grant read-only IAM permissions to any AWS principals that access the S3 bucket until the designated date.
B. Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period in accordance with the designated date. Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objects.
C. Create a new Amazon S3 bucket with S3 Versioning enabled. Configure an event trigger to run an AWS Lambda function in case of object modification or deletion. Configure the Lambda function to replace the objects with the original versions from a private S3 bucket.
D. Upload all files to an Amazon S3 bucket that is configured for static website hosting. Select the folder that contains the files. Use S3 Object Lock with a retention period in accordance with the designated date. Grant read-only IAM permissions to any AWS principals that access the S3 bucket.
A company wants to enforce strict security guidelines on accessing AWS Cloud resources as the company migrates production workloads from its data centers. Company management wants all users to receive permissions according to their job roles and functions.
Which solution meets these requirements with the LEAST operational overhead?
A. Create an AWS Single Sign-On deployment. Connect to the on-premises Active Directory to centrally manage users and permissions across the company.
B. Create an IAM role for each job function. Require each employee to call the sts:AssumeRole action in the AWS Management Console to perform their job role.
C. Create individual IAM user accounts for each employee. Create an IAM policy for each job function, and attach the policy to all IAM users based on their job role.
D. Create individual IAM user accounts for each employee. Create IAM policies for each job function. Create IAM groups, and attach associated policies to each group. Assign the IAM users to a group based on their job role.
An image-hosting company stores its objects in Amazon S3 buckets. The company wants to avoid accidental exposure of the objects in the S3 buckets to the public. All S3 objects in the entire AWS account need to remain private.
Which solution will meet these requirements?
A. Use Amazon GuardDuty to monitor S3 bucket policies. Create an automatic remediation action rule that uses an AWS Lambda function to remediate any change that makes the objects public.
B. Use AWS Trusted Advisor to find publicly accessible S3 buckets. Configure email notifications in Trusted Advisor when a change is detected. Manually change the S3 bucket policy if it allows public access.
C. Use AWS Resource Access Manager to find publicly accessible S3 buckets. Use Amazon Simple Notification Service (Amazon SNS) to invoke an AWS Lambda function when a change is detected. Deploy a Lambda function that programmatically remediates the change.
D. Use the S3 Block Public Access feature on the account level. Use AWS Organizations to create a service control policy (SCP) that prevents IAM users from changing the setting. Apply the SCP to the account.
An ecommerce company needs to run a scheduled daily job to aggregate and filter sales records for analytics. The company stores the sales records in an Amazon S3 bucket. Each object can be up to 10 GB in size. Based on the number of sales events, the job can take up to an hour to complete. The CPU and memory usage of the job are constant and are known in advance.
A solutions architect needs to minimize the amount of operational effort that is needed for the job to run.
Which solution meets these requirements?
A. Create an AWS Lambda function that has an Amazon EventBridge (Amazon CloudWatch Events) notification. Schedule the EventBridge (CloudWatch Events) event to run once a day.
B. Create an AWS Lambda function. Create an Amazon API Gateway HTTP API. and integrate the API with the function. Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that calls the API and invokes the function.
C. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an AWS Fargate launch type. Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that launches an ECS task on the cluster to run the job.
D. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type and an Auto Scaling group with at least one EC2 instance. Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that launches an ECS task on the cluster to run the job.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.