A company recently migrated a legacy application from an on-premises data center to AWS The application is running on an Amazon EC2 instance The EC2 instance is deployed in a private subnet in a VPC without inbound internet access The application support team requires SSH access to the operating system to perform periodic maintenance.
Which solution provides secure access with the LEAST operational effort?
A. Configure AWS Client VPN to access the VPC Update the EC2 instance security group inbound rules to allow access from Client VPN
B. Configure AWS Site-to-Site VPN to access the VPC Update the EC2 instance security group inbound rules to allow access from Site-to-Site VPN
C. Attach the AmazonSSMManagedlnstanceCore 1AM policy to the EC2 instance role Use AWS Systems Manager Session Manager to enable SSH connection.
D. Deploy a bastion host in a public subnet Allow SSH access to the bastion host from the internet Update the EC2 instance security group inbound rules to allow access from the bastion host
A company has a web application that includes an embedded NoSQL database The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone.
A recent increase in traffic requires the application to be highly available and for the database to be eventually consistent.
Which solution will meet these requirements with the LEAST operational overhead*?
A. Replace the ALB with a Network Load Balancer Maintain the embedded NoSQL database with its replication service on the EC2 instances
B. Replace the ALB with a Network Load Balancer Migrate the embedded NoSQL database to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS).
C. Modify the Auto Scaling group to use EC2 instances across three Availability Zones Maintain the embedded NoSQL database with its replication service on the EC2 instances.
D. Modify the Auto Scaling group to use EC2 instances across three Availability Zones. Migrate the embedded NoSQL database to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS)
A company hosts a marketing website in an on-premises data center. The website consists of static documents and runs on a single server. An administrator updates the website content infrequently and uses an SFTP client to upload new documents.
The company decides to host its website on AWS and to use Amazon CloudFront. The company's solutions architect creates a CloudFront distribution. The solutions architect must design the most cost-effective and resilient architecture for website hosting to serve as the CloudFront origin.
Which solution will meet these requirements?
A. Create a virtual server by using Amazon Lightsail Configure the web server in the Lightsail instance Upload website content by using an SFTP client
B. Create an AWS Auto Scaling group for Amazon EC2 instances Use an Application Load Balancer Upload website content by using an SFTP client
C. Create a private Amazon S3 bucket Use an S3 bucket policy to allow access from a CloudFront origin access identity (OAI) Upload website content by using the AWS CLI
D. Create a public Amazon S3 bucket Configure AWS Transfer for SFTP Configure the S3 bucket for website hosting Upload website content by using the SFTP client
An application development team is designing a microservice that will convert large images to smaller compressed images When a user uploads an image through the web interface the microservice should store the image in an Amazon S3
bucket process and compress the image with an AWS Lambda function, and store the image in its compressed form m a different S3 bucket.
A solutions architect needs to design a solution that uses durable stateless components to process the images automatically.
Which combination of actions will meet these requirements? (Select TWO )
A. Create an Amazon Simple Queue Service (Amazon SQS) queue Configure the S3 bucket to send a notification to the SQS queue when an image is uploaded to the S3 bucket
B. Configure the Lambda function to use the Amazon Simple Queue Service (Amazon SQS) queue as the invocation source When the SQS message is successfully processed, delete the message in the queue
C. Configure the Lambda function to monitor the S3 bucket for new uploads When an uploaded image is detected write the file name to a text file in memory and use the text file to keep track of the images that were processed
D. Launch an Amazon EC2 instance to monitor an Amazon Simple Queue Service (Amazon SQS) queue When items are added to the queue log the file name in a text file on the EC2 instance and invoke the Lambda function
E. Configure an Amazon EventBridge (Amazon CloudWatch Events) event to monitor the S3 bucket When an image is uploaded send an alert to an Amazon Simple Notification Service (Amazon SNS) topic with the application owner's email address for further processing
A company build an application that gives users the ability to check in to places they visit, rank the places, and add reviews about their experiences. The application is successful and is experiencing a rapid increase in the number of users
every month.
The company uses a single Amazon RDS for MySQL DB instance for its database. The company fears that the database might not be able to handle the load for the upcoming month because the DB instance has activated alarms that are
related to resource exhaustion.
A solutions architect must design a solution that prevents service interruptions at the database layer. The solutions architect also must minimize any changes to code. Which solution meets these requirements?
A. Create RDS read replicas. Redirect read-only traffic to the read replica endpoints
B. Create an Amazon EMR cluster. Migrate the data to a Hadoop Distributed File System (HDFS) with a replication factor of 3.
C. Create an Amazon ElastiCache cluster. Redirect all read-only traffic to the cluster. Set up the cluster to be deployed in three Availability Zones
D. Turn on the Multi-AZ feature for the DB instance. Redirect read-only traffic to the standby replica endpoint.
A company is planning to store sensitive documents in an Amazon S3 bucket. The documents must be encrypted al rest. The company wants to manage the underlying keys that are used lor encryption However, the company does not want to manage the encryption and decryption process.
Which solutions will meet these requirements? (Select TWO.)
A. Use server-side encryption with customer-provided encryption keys (SSE-C).
B. Use client-side encryption with AWS managed keys.
C. Use server-side encryption with S3 managed encryption keys (SSE-S3).
D. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) with a key policy document that is 40 KB in size
E. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) that the company uploads to AWS KMS.
A company has a website hosted on AWS The website is behind an Application Load Balancer (ALB) that is configured to handle HTTP and HTTPS separately. The company wants to forward all requests to the website so that the requests will use HTTPS.
What should a solutions architect do to meet this requirement?
A. Update the ALB's network ACL to accept only HTTPS traffic
B. Create a rule that replaces the HTTP in the URL with HTTPS.
C. Create a listener rule on the ALB to redirect HTTP traffic to HTTPS.
D. Replace the ALB with a Network Load Balancer configured to use Server Name Indication (SNI).
A company wants lo share data that is collected from sell-driving cars with the automobile community. The data will be made available (rom within an Amazon S3 bucket. The company wants to minimize its cost of making this data available to other AWS accounts.
What should a solutions architect do to accomplish this goal?
A. Create an S3 VPC endpoint for the bucket.
B. Configure the S3 bucket to be a Requester Pays bucket.
C. Create an Amazon CloudFront distribution in front of the S3 bucket.
D. Require that the fries be accessible only with the use of the BitTorrent protocol.
A company provides machine learning solutions The company's users need to download large dalasets from the company's Amazon S3 bucket. These downloads often take a long lime, especially when the users are running many simulations on a subset of those datasets. Users download the datasets to Amazon EC2 instances in the same AWS Region as the S3 bucket. Multiple users typically use the same datasets at the same time.
Which solution will reduce the lime that is required to access the datasets?
A. Configure the S3 bucket lo use the S3 Standard storage class with S3 Transfer Acceleration activated.
B. Configure the S3 bucket to use the S3 Intelligent-Tiering storage class with S3 Transfer Acceleration activated.
C. Create an Amazon Elastic File System (Amazon EFS) network Tile system. Migrate the datasets by using AWS DataSync.
D. Move the datasets onto a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume. Attach the volume to all the EC2 instances.
A company hosts a popular website in the AWS Cloud, A solutions architect needs to provide reports about user click behaviour in near-real time as users navigate the website. Which solution will meet this requirement
A. Store the clickstream data in Amazon DynamoDB. Deploy an application that runs on AWS Elastic Beanstalk to process and analyze the data.
B. Push the clickstream data from each session to an Amazon Kinesis data stream Analyze the dab by using Amazon Kinesis Data Analytics.
C. Store the clickstream data in an Amazon S3 bucket. Order the data by timestamp Process the data with an AWS Lambda function that is subscribed to object creation events on the S3 bucket.
D. Forward the clickstream data to Amazon Simple Queue Service (Amazon SQS) Store the data In an Amazon ROS for MySQL DB instance. Deploy Amazon FC2 Instances to process and analyze the data
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.