Amazon SAA-C02 Online Practice Questions and Exam Preparation

Amazon SAA-C02 Online Questions & Answers

• Question 741:

  A company has copied 1 PB of data from a colocation facility to an Amazon S3 bucket in the us-east-1 Region using an AWS Direct Connect link. The company now wants to copy the data to another S3 bucket in the us-west-2 Region. The colocation facility does not allow the use AWS Snowball. What should a solutions architect recommend to accomplish this?

  A. Order a Snowball Edge device to copy the data from one Region to another Region.
  B. Transfer contents from the source S3 bucket to a target S3 bucket using the S3 console.
  C. Use the aws S3 sync command to copy data from the source bucket to the destination bucket.
  D. Add a cross-Region replication configuration to copy objects across S3 buckets in different Reg.
  B. Transfer contents from the source S3 bucket to a target S3 bucket using the S3 console.

• Question 742:

  A company uses AWS Organizations to manage multiple AWS accounts for different departments. The management account has an Amazon S3 bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations.

  Which solution meets these requirements with the LEAST amount of operational overhead?

  A. Add the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy.
  B. Create an organizational unit (OU) for each department. Add the aws:PrincipalOrgPaths global condition key to the S3 bucket policy.
  C. Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization events. Update the S3 bucket policy accordingly.
  D. Tag each user that needs access to the S3 bucket. Add the aws:PrincipalTag global condition key to the S3 bucket policy.
  A. Add the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy.

  ---

  Explanation/Reference:

• Question 743:

  A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user- uploaded documents in an Amazon EBS volume For better scalability and availability the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone: placing both behind an Application Load Balancer After completing this change users reported that each time they refreshed the website they could see one subset of their documents or the other but never all of the documents at the same time

  What should a solutions architect propose to ensure users see all of their documents at once?

  A. Copy the data so both EBS volumes contain all the documents
  B. Configure the Application Load Balancer to direct a user to the server with the documents
  C. Copy the data from both EBS volumes to Amazon EFS Modify the application to save new documents to Amazon EFS
  D. Configure the Application Load Balancer to send the request to both servers Return each document from the correct server
  C. Copy the data from both EBS volumes to Amazon EFS Modify the application to save new documents to Amazon EFS

  ---

  Explanation/Reference:

  https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html#how-it-works-ec2

  Amazon EFS provides file storage in the AWS Cloud. With Amazon EFS, you can create a file system, mount the file system on an Amazon EC2 instance, and then read and write data to and from your file system. You can mount an Amazon EFS file system in your VPC, through the Network File System versions 4.0 and 4.1 (NFSv4) protocol. We recommend using a current generation Linux NFSv4.1 client, such as those found in the latest Amazon Linux, Redhat, and Ubuntu AMIs, in conjunction with the Amazon EFS Mount Helper. For instructions, see Using the amazon-efs-utils Tools. For a list of Amazon EC2 Linux Amazon Machine Images (AMIs) that support this protocol, see NFS Support. For some AMIs, you'll need to install an NFS client to mount your file system on your Amazon EC2 instance. For instructions, see Installing the NFS Client. You can access your Amazon EFS file system concurrently from multiple NFS clients, so applications that scale beyond a single connection can access a file system. Amazon EC2 instances running in multiple Availability Zones within the same AWS Region can access the file system, so that many users can access and share a common data source. How Amazon EFS Works with Amazon EC2

  

  https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html#how-it-works-ec2

• Question 744:

  A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options.

  The storage solution must be highly available and integrated with Active Directory for access control.

  Which solution will satisfy these requirements?

  A. Configure Amazon EFS storage and set the Active Directory domain for authentication.
  B. Create an SMB file share on an AWS Storage Gateway file gateway in two Availability Zones.
  C. Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume.
  D. Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.
  D. Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.

• Question 745:

  A company is creating a web application that will store a large number of images in Amazon S3 The images will be accessed by users over variable periods of time. The company wants to:

  1.

  Retain all the images

  2.

  Incur no cost for retrieval.

  3.

  Have minimal management overhead.

  4.

  Have the images available with no impact on retrieval time.

  Which solution meets these requirements?

  A. Implement S3 Intelligent-Tiering
  B. Implement S3 storage class analysis
  C. Implement an S3 Lifecycle policy to move data to S3 Standard-Infrequent Access (S3 Standard-IA).
  D. Implement an S3 Lifecycle policy to move data to S3 One Zone-Infrequent Access (S3 One Zone-IA).
  A. Implement S3 Intelligent-Tiering

• Question 746:

  A company recently started using Amazon Aurora as the data store for its global ecommerce application. When large reports are run, developers report that the ecommerce application is performing poorly. After reviewing metrics in Amazon

  CloudWatch, a solutions architect finds that the ReadlOPS and CPU Utilization metrics are spiking when monthly reports run.

  What is the MOST cost-effective solution?

  A. Migrate the monthly reporting to Amazon Redshift.
  B. Migrate the monthly reporting to an Aurora Replica.
  C. Migrate the Aurora database to a larger instance class.
  D. Increase the Provisioned IOPS on the Aurora instance.
  B. Migrate the monthly reporting to an Aurora Replica.

  ---

  Explanation/Reference:

  https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Replication.html https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.html

  #Aurora.Replication.Replicas Aurora Replicas have two main purposes. You can issue queries to them to scale the read operations for your application. You typically do so by connecting to the reader endpoint of the cluster. That way, Aurora can spread the load for read-only connections across as many Aurora Replicas as you have in the cluster. Aurora Replicas also help to increase availability. If the writer instance in a cluster becomes unavailable, Aurora automatically promotes one of the reader instances to take its place as the new writer.

• Question 747:

  A web application is deployed in the AWS Cloud It consists of a two-tier architecture that includes a web layer and a database layer The web server is vulnerable to cross-site scripting (XSS) attacks What should a solutions architect do to remediate the vulnerability?

  A. Create a Classic Load Balancer Put the web layer behind the load balancer and enable AWS WAF
  B. Create a Network Load Balancer Put the web layer behind the load balancer and enable AWS WAF
  C. Create an Application Load Balancer Put the web layer behind the load balancer and enable AWS WAF
  D. Create an Application Load Balancer Put the web layer behind the load balancer and use AWS Shield Standard
  C. Create an Application Load Balancer Put the web layer behind the load balancer and enable AWS WAF

  ---

  Explanation/Reference:

  Working with cross-site scripting match conditions Attackers sometimes insert scripts into web requests in an effort to exploit vulnerabilities in web applications. You can create one or more cross-site scripting match conditions to identify the parts of web requests, such as the URI or the query string, that you want AWS WAF Classic to inspect for possible malicious scripts. Later in the process, when you create a web ACL, you specify whether to allow or block requests that appear to contain malicious scripts. Web Application Firewall

  You can now use AWS WAF to protect your web applications on your Application Load Balancers. AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.

  https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-xss-conditions.html https://aws.amazon.com/elasticloadbalancing/features/

• Question 748:

  A company stores its data objects in Amazon S3 Standard storage. A solutions architect has found that 75% of the data is rarely accessed after 30 days. The company needs all the data to remain immediately accessible with the same high availability and resiliency, but the company wants to minimize storage costs.

  Which storage solution will meet these requirements?

  A. Move the data objects to S3 Glacier Deep Archive after 30 days.
  B. Move the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
  C. Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
  D. Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately.
  B. Move the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

• Question 749:

  A company has several business systems that require access to data stored in a file share. the business systems will access the file share using the Server Message Block (SMB) protocol. The file share solution should be accessible from both of the company's legacy on-premises environment and with AWS.

  Which services mod the business requirements? (Select TWO.)

  A. Amazon EBS
  B. Amazon EFS
  C. Amazon FSx for Windows
  D. Amazon S3
  E. AWS Storage Gateway file gateway
  C. Amazon FSx for Windows
  D. Amazon S3

  ---

  Explanation/Reference:

• Question 750:

  A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.

  What should a solutions architect do to mitigate any single point of failure in this architecture?

  A. Add a set of VPNs between the Management and Production VPCs.
  B. Add a second virtual private gateway and attach it to the Management VPC
  C. Add a second set of VPNs to the Management VPC from a second customer gateway device
  D. Add a second VPC peering connection between the Management VPC and the Production VPC.
  C. Add a second set of VPNs to the Management VPC from a second customer gateway device

  ---

  Explanation/Reference:

  https://docs.aws.amazon.com/vpn/latest/s2svpn/images/Multiple_Gateways_diagram.png

  "To protect against a loss of connectivity in case your customer gateway device becomes unavailable, you can set up a second Site-to-Site VPN connection to your VPC and virtual private gateway by using a second customer gateway device." https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-redundant-connection.html