A company has a service that reads and writes large amounts of data from an Amazon S3 bucket in the same AWS Region The service is deployed on Amazon EC2 instances within the private subnet of a VPC. The service communicates with Amazon S3 over a NAT gateway in the public subnet However, the company wants a solution that will reduce the data output costs.
Which solution will meet these requirements MOST cost-effectively?
A. Provision a dedicated EC2 NAT instance in the public subnet. Configure the route table for the private subnet to use the elastic network interface of this instance as the destination for all S3 traffic
B. Provision a dedicated EC2 NAT instance in the private subnet. Configure the route table for the public subnet to use the elastic network interface of this instance as the destination for all S3 traffic.
C. Provision a VPC gateway endpoint. Configure the route table for the private subnet to use the gateway endpoint as the route for all S3 traffic.
D. Provision a second NAT gateway. Configure the route table foe the private subnet to use this NAT gateway as the destination for all S3 traffic.
A company is hosting a web application from an Amazon S3 bucket. The application uses Amazon Cognito as an identity provider lo authenticate users and return a JSON Web Token (JWT) that provides access to protected resources that
am restored in another S3 bucket.
Upon deployment of the application, users report errors and are unable to access the protected content. A solutions architect must resolve this issue by providing proper permissions so that users can access the protected content.
Which solution meets these requirements?
A. Update the Amazon Cognito identity pool to assume the proper IAM role for access to the protected consent.
B. Update the S3 ACL to allow the application to access the protected content
C. Redeploy the application to Amazon 33 to prevent eventually consistent reads m the S3 bucket from affecting the ability of users to access the protected content.
D. Update the Amazon Cognito pool to use custom attribute mappings within tie Identity pool and grant users the proper permissions to access the protected content
An entertainment company is using Amazon DynamoDB to store media metadata. The application Is read intensive and experience delays The company does not have staff to handle additional operational overhead and needs to Improve the performance efficiency of DynamoDB without reconfiguring the application
What should a solutions architect recommend to meet this requirement?
A. Use Amazon ElastiCache for Redis
B. Use Amazon DynamoDB Accelerator (DAX).
C. Replicate data by using DynamoDB global tables
D. Use Amazon ElasoCache for Merncached with Auto Discovery enabled
A company develops web applications. As part of its development process, the company constantly launches and deletes Application Load Balancers (ALBs) in multiple AWS Regions.
The company wants to create an allow list on its firewall device. The allow list will contain the IP addresses of an the load balancers. A solutions architect needs a one-line, highly available solution that will accomplish that goal and will help
reduce the number of IP addresses that the firewall needs to allow.
Which solution will meet these requirements with the LEAST amount of operational overhead?
A. Create an AWS Lambda function to keep track of the IP addressee tor al the ALBs in different Regions. Keep refreshing this list.
B. Set up a Network Load Balancer (NLB) with Elastic IP addresses Register the private IP addresses of all the ALBs as targets for the NLB
C. Launch AWS Global Accelerator Create endpoints for each of the Regions that are m use. Register all the ALBs in the Regions to the corresponding endpoints.
D. Set up an Amazon EC2 Instance Assign an Elastic IP address to the EC2 instance.Configure the EC2 instance as a proxy to forward traffic to all the ALBs
A company used an AWS Direct Connect connection to copy 1 PB of data from a colocation facility to an Amazon S3 bucket in the us-east-1 Region. The company now wants to copy the data to another S3 bucket in the us-weet-2 Region. Which solution will meet this requirement?
A. Use an AWS Snowball Edge Storage Optimized device to copy the data from the colocation facility to ua-weet-2
B. Use the S3 console to copy the data horn the source S3 bucket to the target S3 bucket.
C. Use S3 Transfer Acceleration and the S3 copy-object command to copy the data from the source S3 bucket to the target S3 bucket
D. Add an S3 Cross-Region Replication configuration to copy the data from the source S3 bucket to the target S3 bucket.
A company runs an AWS Lambda function in private subnets in a VPC The subnets have a default route to the internet through an Amazon EC2 NAT instance The Lambda function processes input data and saves its output as an object to Amazon S3 intermittently the Lambda function times out while trying to upload the object because of saturated traffic on the NAT instance's network The company wants to access Amazon S3 without traversing the internet
Which solution will meet these requirements'
A. Replace the fcC2 NAT instance with an AWS managed NAT gateway
B. Increase the size of the EC2 NAT instance in the VPC to a network optimized instance type
C. Provision a gateway endpoint for Amazon S3 in the VPC Update the route tables of the subnets accordingly D. Provision a transit gateway Place transit gateway attachments in the private subnets where the Lambda function is running
A company recently announced the deployment of its retail website to a global audience. The website runs on multiple Amazon EC2 instances behind an Elastic Load Balancer. The instances run in an Auto Scaling group across multiple
Availability Zones.
The company wants to provide its customers with different versions of content based on the devices that the customers use to access the website.
Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.)
A. Configure Amazon CloudFront to cache multiple versions of the content.
B. Configure a host header in a Network Load Balancer to forward traffic to different instances.
C. Configure a Lambda@Edge function to send specific objects to users based on the User-Agent header.
D. Configure AWS Global Accelerator. Forward requests to a Network Load Balancer (NLB). Configure the NLB to set up host-based routing to different EC2 instances.
E. Configure AWS Global Accelerator. Forward requests to a Network Load Balancer (NLB). Configure the NLB to set up path-based routing to different EC2 instances.
A law firm needs to share information with the public. The information includes hundreds of files that must be publicly readable. Modifications or deletions of the files by anyone before a designated future date are prohibited.
Which solution will meet these requirements in the MOST secure way?
A. Upload all tiles to an Amazon S3 bucket that is configured for static website hosting.Grant read-only IAM permissions to any AWS principals that access the S3 bucket until the designated date.
B. Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period in accordance with the designated dale. Configure the S3 bucket for static website hosting Set an S3 bucket policy to allow read-only access to the objects.
C. Create a new Amazon S3 bucket with S3 Versioning enabled Configure an event trigger to run an AWS Lambda function in case of object modification or deletion Configure the Lambda function to replace the objects with the original versions from a private S3 bucket
D. Upload all files to an Amazon S3 bucket that is configured for static website hosing.Select the folder that contains the files. Use S3 Object Lock with a retention period m accordance with the designated date Grant read-only IAM permissions to any AWS principals that access the S3 bucket
A company needs to retain its AWS CloudTrail logs (or 3 years. The company is enforcing CloudTrail across a set of AWS accounts by using AWS Organizations from the parent account. The CloudTrail target S3 bucket is configured with S3 Versioning enabled An S3 Lifecycle policy is in place to delete current objects after 3 years.
After the fourth year of use of the S3 bucket, the S3 bucket metrics show that the number of objects has continued to rise. However, the number of new CloudTrail logs that are delivered to the S3 bucket has remained consistent.
Which solution will delete objects that are older than 3 years in the MOST cost-effective manner?
A. Configure the organization's centralized CloudTrail trail to expire objects after 3 years.
B. Configure the S3 Lifecycle policy to delete previous versions as well as current versions.
C. Create an AWS Lambda function to enumerate and delete objects from Amazon S3 that are older than 3 years.
D. Configure the parent account as the owner of all objects that are delivered to the S3 bucket.
A company is hosting its website by using Amazon EC2 instances behind an Elastic Load balancer across multiple Availability Zones. The instances run in an EC2 Scaling group. The website uses Amazon Elastic Block Store (Amazon EBS) volume to store product manuals for users to download. The company updates the product content often, so new instances launched by the Auto Scaling group often have data. It can take to 30 minutes for the new instances to receive all the updates. The updates also require the EBS volumes to be resized during business hours.
The company wants to ensure that the product manuals are always up to data on all instances and that the architecture adjusts quickly to increased user demand. A solutions architect needs to meet these requirements without causing the company lo update Its application code or adjust its website
What should the solutions architect do to accomplish this goal?
A. Store the product manuals in an EBS volume Mount that volume to the EC2 instances
B. Store the product manuals in an Amazon S3 bucket Redirect the downloads to this bucket
C. Store the product manuals in an Amazon Elastic File System (Amazon EFS) volume.Mount that volume to the EC2 instances
D. Store the product manuals in an Amazon S3 Standard-Infrequent Access (S3 Standard- IA) bucket. Redirect the downloads to this bucket
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.