A company has a web application that runs on Amazon EC2 instances. The company wants end users to authenticate themselves before they use the web application. The web application accesses AWS resources, such as Amazon S3 buckets, on behalf of users who are logged on.
Which combination of actions must a solutions architect take to meet these requirements? (Select TWO).
A. Configure AWS App Mesh to log on users.
B. Enable and configure AWS Single Sign-On in AWS Identity and Access Management (IAM).
C. Define a default (AM role for authenticated users.
D. Use AWS Identity and Access Management (IAM) for user authentication.
E. Use Amazon Cognito for user authentication.
A company has a web-based map application that provides status information about ongoing repairs. The application sometimes has millions of users. Repair teams have a mobile app that sends current location and status in a JSON message to a REST-based endpoint.
Few repairs occur on most days. The company wants the application to be highly available and to scale when large numbers of repairs occur after nature disasters. Customer use the application most often during these times. The company does not want to pay for idle capacity.
A. Create a webpage that is based on Amazon S3 to display information. Use Amazon API Gateway and AWS Lambda to receive the JSON status data Store the JSON data m Amazon S3.
B. Use Amazon EC2 instances as wad servers across multiple Availability Zones. Run the EC2 instances in an Auto Scaling group. Use Amazon API Gateway and AWS Lambda to receive the JSON status data Store the JSON data In Amazon S3.
C. Use Amazon EC2 instances as web servers across multiple Availability Zones. Run the EC2 instances in an Auto Scaling group. Use a REST endpoint on the EC2 instances to receive the JSON status data. Store the JSON data in an Amazon RDS Mufti-AZ DB instance.
D. Use Amazon EC? instances as web servers across multiple Availability zones Run the FC? instances in an Auto Scaling group Use a REST endpoint on the EC? instances to receive the JSON status data Store the JSON data in an Amazon DynamoDB table.
A company's web application consists of multiple Amazon EC2 instances that run behind an Application Load Balancer in a VPC. An Amazon ROS for MySQL DB instance contains the data. The company needs the ability to automatically detect and respond to suspicious or unexpected behaviour in its AWS environment the company already has added AWS WAF to its architecture.
What should a solutions architect do next lo protect against threats?
A. Use Amazon GuardDuty to perform threat detection. Configure Amazon EventBridge (Amazon CloudWatch Events) to filler for GuardDuty findings and to invoke pin AWS Lambda function to adjust the AWS WAF rules
B. Use AWS Firewall Manager to perform threat detection Configure Amazon EventBridge (Amazon CloudWatch Events) to filter for Firewall Manager findings and to invoke an AWS Lambda function to adjust the AWS WAF web ACL
C. Use Amazon Inspector to perform three! detection and to update the AWS WAT rules Create a VPC network ACL to limit access to the web application
D. Use Amazon Macie to perform throat detection and to update the AWS WAF rules Create a VPC network ACL to limit access to the web application
A company wants to reduce the cost of its existing three-tier web architect. The web, application, and database servers are running on Amazon EC2 instance EC2 instance for the development, test and production environments. The EC2 instances average 30% CPU utilization during peak hours and 10% CPU utilization during non-peak hours.
The production EC2 instance purchasing solution will meet the company's requirements MOST cost-effectively?
A. Use Spot Instances for the production EC2 instances. Use Reserved Instances for the development and test EC2 instances
B. Use Reserved Instances for the production EC2 instances. Use On-Demand Instances for the development and test EC2 instances
C. Use blocks for the production FC2 ins ranges Use Reserved instances for the development and lest EC2 instances
D. Use On-Demand Instances for the production EC2 instances. Use Spot blocks for the development and test EC2 instances
A company wants to run applications in container in the AWS Cloud. Those applications arc stateless and can tolerate disruptions. What should a solutions architect do to meet those requirements?
What should a solution architect do to meet these requirements?
A. Use Spot Instances in an Amazon EC2 Auto Scaling group to run the application containers
B. Use Spot Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group
C. Use On-Demand Instances in an Amazon EC2 Auto Scaling group to run the application containers
D. Use On-Demand Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.
A company is building an ecommerce application and needs to store sensitive customer information. The company needs to give customers the ability to complete purchase transactions on the website. The company also needs to ensure that sensitive customer data is protected, even from database administrators.
Which solution meets these requirements?
A. Store sensitive data in an Amazon Elastic Block Store (Amazon EBS) volume. Use EBS encryption to encrypt the data. Use an IAM instance role to restrict access.
B. Store sensitive data in Amazon RDS for MySQL. Use AWS Key Management Service (AWS KMS) client-side encryption to encrypt the data.
C. Store sensitive data in Amazon S3. Use AWS Key Management Service (AWS KMS) service-side encryption the data. Use S3 bucket policies to restrict access.
D. Store sensitive data in Amazon FSx for Windows Server. Mount the file share on application servers. Use Windows file permissions to restrict access.
A company runs an application on Amazon EC2 instances. that are part of an Auto Scaling group Traffic to the application increases substantially during business hours. A solutions architect needs to implement an Auto Scaling policy that addresses user latency concerns during periods of high traffic. The company does not want to provision more compute man is necessary
What should me solutions architect do to meet these requirements?
A. Configure a predictive scaling policy with the appropriate scaling metric.
B. Configure a dynamic target tracking scaling policy with the appropriate scaling metric
C. Configure a scheduled scaling policy that launches additional EC2 instances during business hours
D. Configure dynamic step or simple scaling policies with Ama7on CloudWatch alarms to add and remove EC2 instances based on alarm status
A company is launching a new application and will display application metrics on an Amazon CloudWatch dashboard. The company's product manager needs to access this dashboard periodically. The product manager does not have an AWS account. A solution architect must provide access to the product manager by following the principle of least privilege.
Which solution will meet these requirements?
A. Share the dashboard from the CloudWatch console. Enter the product manager's email address, and complete the sharing steps. Provide a shareable link for the dashboard to the product manager.
B. Create an IAM user specifically for the product manager. Attach the CloudWatch Read Only Access managed policy to the user. Share the new login credential with the product manager. Share the browser URL of the correct dashboard with the product manager.
C. Create an IAM user for the company's employees, Attach the View Only Access AWS managed policy to the IAM user. Share the new login credentials with the product manager. Ask the product manager to navigate to the CloudWatch console and locate the dashboard by name in the Dashboards section.
D. Deploy a bastion server in a public subnet. When the product manager requires access to the dashboard, start the server and share the RDP credentials. On the bastion server, ensure that the browser is configured to open the dashboard URL with cached AWS credentials that have appropriate permissions to view the dashboard.
A company has five organizational units (OUS) as part of its organization in AWS Organization. Each OU correlate to the five business that the company owns. The company research and development RandD business is separating from the company and will need its own organization. A solutions architect creates a separate new management account for this purpose.
A. Have the RandD AWS account be part of both organizations during the transition.
B. Invite the RandD AWS account to be part of the new organization after the RandD AWS account has left the prior organization.
C. Create a new RandD AWS account in the new organization. Migrate resources from the period RandD AWS account to thee new RandD AWS account
D. Have the RandD AWS account into the now organisation. Make the now management account a member of the prior organisation
A company is hosting a website from an Amazon S3 bucket that is configured for public hosting. The company's security team mandates the usage of secure connections for access to the website. However; HTTP-based URLS and HTTPS-based URLS mist be functional.
What should a solution architect recommend to meet these requirements?
A. Create an S3 bucket policy to explicitly deny non-HTTPS traffic.
B. Enable S3 Transfer Acceleration. Select the HTTPS Only bucket property.
C. Place thee website behind an Elastic Load Balancer that is configured to redirect HTTP traffic to HTTTPS.
D. Serve the website through an Amazon CloudFront distribution that is configured to redirect HTTP traffic to HTTPS.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.