To meet security requirements, a company needs to encrypt all of its application data in transit while communicating with an Amazon RDS MySQL DB instance A recent security audit revealed that encryption al rest is enabled using AWS Key Management Service (AWS KMS). but data in transit Is not enabled What should a solutions architect do to satisfy the security requirements?
A. Enable IAM database authentication on the database.
B. Provide self-signed certificates, Use the certificates in all connections to the RDS instance
C. Take a snapshot of the RDS instance Restore the snapshot to a new instance with encryption enabled
D. Download AWS-provided root certificates Provide the certificates in all connections to the RDS instance
A company wants an AWS Lambda function to call a third-party API and save the response to a private Amazon ROS DB instance in the same private subnet
What should a solutions architect do to meet these requirements?
A. Create a NAT gateway. In the route table for the private subnet, add a route to the NAT gateway. Attach the Lambda function to the private subnet. Create an IAM role that includes the AWSLambdaBasicExecutionRole permissions policy Attach the role to the Lambda function
B. Create an internet gateway In the route table for the private subnet, add a route to the internet gateway Attach the Lambda function to the private subnet Create an IAM role that includes me AWSLambdaBasicExecutionRole permissions policy Attach the role to the Lambda function
C. Create a NAT gateway In the route table for the private subnet add a route to the NAT gateway Attach the Lambda function to the private subnet. Create an IAM role that includes the AWS LambdaVPCAccessExecutionRole permissions policy Attach the role to the Lambda function
D. Create an internet gateway in the route table for the private subnet, add a route to the internet gateway Attach the Lambda function to the private subnet Create an IAM role that includes the AWSLambdaVPCAccessExecutionRole permissions policy Attach the role to the Lambda function
A company uses Amazon API Gateway to manage its REST APIs that third-party service providers access. The company must protect the REST APIs from SQL injection and cross site scripting attacks What is the MOST operationally efficient solution that meets these requirements?
A. Configure AWS Shield
B. Configure AWS WAF
C. Set up API Gateway with an Amazon CloudFront distribution Configure AWS Shield in CloudFront
D. Set up API Gateway with an Amazon CloudFront distribution Configure AWS WAF in CloudFront.
A company runs a critical customer -lacing application on Amazon Elastic Kubernetes Service (Amazon EKS) The application has a microservices architecture The company needs to implement a solution that collects, aggregates and summarizes metrics and logs from the application in a centralized location
Which solution meets these requirements?
A. Run the Amazon CloudWatch agent In the existing EKS cluster View the metrics and logs in the CloudWatch console.
B. Run AWS App Mesh in the existing EKS duster View the metrics and logs m the App Mesh console
C. Configure AWS CloudTrail to capture data events Query CloudTrail by using Amazon OpenSearch Service (Amazon Elasticsearch Service)
D. Configure Amazon CloudWatch Container Insights in the existing EKS cluster View the metrics and logs in the CloudWatch console.
A company runs an on-premises application that is powered by a MySQL database The company is migrating the application to AWS to Increase the application's elasticity and availability
The current architecture shows heavy read activity on the database during times of normal operation Every 4 hours the company's development team pulls a full export of the production database to populate a database in the staging environment During this period, users experience unacceptable application latency The development team is unable to use the staging environment until the procedure completes A solutions architect must recommend replacement architecture that alleviates the application latency issue The replacement architecture also must give the development team the ability to continue using the staging environment without
delay
Which solution meets these requirements?
A. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.
B. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production Use database cloning to create the staging database on-demand
C. Use Amazon RDS for MySQL with a Mufti AZ deployment and read replicas for production Use the standby instance tor the staging database.
D. Use Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for production. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.
A company is designing an application to run in a VPC on AWS The application consists of Amazon EC2 instances that tun in private subnets as part of an Auto Scaling group The application also includes a Network Load Balancer that
extends across public subnets The application stores data in an Amazon RDS OB instance
The company has attached a security group that is named "web-servers' to the EC2 instances. The company has attached a security group that is named "database" to the DB Instance.
How should a solutions architect configure the communication between the EC2 instances and the DB instance?
A. Configure the "web-servers* security group (o allow access lo the OB instance's current IP addresses Configure the "database" security group to allow access from the current set of IP addresses in use by the EC instances
B. Configure the "web-servers" security group to allow access to the "database" security group Configure the "database" security group to allow access from the "web-servers" security group
C. Configure the "web-servers" security group to allow access to the DB instance's current IP addresses Configure the "database" security group to allow access from the Auto Scaling group
D. Configure the "web servers" security group to allow access to the "database" security group Configure the "database" security group to allow access from the Auto Scaling group
A company wants to run its critical applications in containers to meet requirements tor scalability and availability The company prefers to focus on maintenance of the critical applications The company does not want to be responsible for provisioning and managing the underlying infrastructure that runs the containerized workload
What should a solutions architect do to meet those requirements?
A. Use Amazon EC2 Instances, and Install Docker on the Instances
B. Use Amazon Elastic Container Service (Amazon ECS) on Amazon EC2 worker nodes
C. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate
D. Use Amazon EC2 instances from an Amazon Elastic Container Service (Amazon ECS)- op6mized Amazon Machine Image (AMI).
A company hosts a three-tier web application that includes a PostgreSQL database The database stores the metadata from documents The company searches the metadata for key terms to retrieve documents that the company reviews in a report each month The documents are stored in Amazon S3 The documents are usually written only once, but they are updated frequency The reporting process takes a few hours with the use of relational queries The reporting process must not affect any document modifications or the addition of new documents.
What are the MOST operationally efficient solutions that meet these requirements? (Select TWO )
A. Set up a new Amazon DocumentDB (with MongoDB compatibility) cluster that includes a read replica Scale the read replica to generate the reports.
B. Set up a new Amazon RDS for PostgreSQL Reserved Instance and an On-Demand read replica Scale the read replica to generate the reports
C. Set up a new Amazon Aurora PostgreSQL DB cluster that includes a Reserved Instance and an Aurora Replica issue queries to the Aurora Replica to generate the reports.
D. Set up a new Amazon RDS for PostgreSQL Multi-AZ Reserved Instance Configure the reporting module to query the secondary RDS node so that the reporting module does not affect the primary node
E. Set up a new Amazon DynamoDB table to store the documents Use a fixed write capacity to support new document entries Automatically scale the read capacity to support the reports
A company is building a website that relies on reading and writing to an Amazon DynamoDB database The website experiences high traffic during normal business hours, but the traffic declines drastically overnight and during weekends The company is concerned about operating costs
Which solution will meet the website's traffic demands MOST cost-effectively?
A. Enable DynamoDB Accelerator (DAX) to cache the data
B. Enable DynamoDB auto scaling when creating the tables.
C. Enable Multi-AZ replication for the DynamoDB database
D. Enable DynamoDB on-demand capacity allocation when creating the tables
A company runs multiple Amazon EC2 Linux instances in a VPC across two Availability Zones The instances host applications that use a hierarchical directory structure The applications need to read and write rapidly and concurrently to shared storage
What should a solutions architect do to meet these requirements?
A. Create an Amazon S3 bucket Allow access from all the EC2 instances in the VPC
B. Create an Amazon Elastic File System (Amazon EFS) file system Mount the EFS file system from each EC2 instance
C. Create a file system on a Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume Attach the EBS volume to all the EC2 instances
D. Create file systems on Amazon Elastic Block Store (Amazon EBS) volumes that are attached to each EC2 instance Synchronize the EBS volumes across the different EC2 instances
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.