A company has implemented a self-managed DNS solution on three Amazon EC2 instances behind a Network Load Balancer (NLB) in the us-west-2 Region Most of the company's users are located in the United States and Europe The company wants to improve the performance and availability of the solution by using an AWS Region in Europe The company launches and configures three EC2 instances in the eu-west-1 Region and adds the EC2 instances as targets for a new NLB
Which solutions will allow traffic to be routed to all the EC2 instances? (Select TWO )
A. Create an Amazon Route 53 geoiocatton routing policy to route requests to one of the two NLBs Create an Amazon CloudFront distribution Use the Route 53 record as the distribution's origin
B. Create a standard accelerator by using AWS Global Accelerator Create endpomt groups in us-west-2 and eu-west-1 Add the two NLBs as endpoints for the endpomt groups
C. Attach Elastic IP addresses to the six EC2 instances Create an Amazon Route 53 geolocation routing policy to route requests to one of the six EC2 instances Create an Amazon CloudFront distribution Use the Route 53 record as the distribution's ongin.
D. Create a standard accelerator by using AWS Global Accelerator Create endpomt groups in us-west-2 and eu-west-1 Add the six EC2 instances directly as endpoints for the endpomt groups Delete the NLBs
E. Replace the two NLBs with two Application Load Balancers (ALBs) Create an Amazon Route 53 latency routing policy to route requests to one of the two ALBs Create an Amazon CloudFront distribution Use the Route 53 record as the distribution's origin
A company is running a media application in an on-premises data center and has accumulated 500 TB of data The company needs to migrate the data from the applications existing network-attached file system to AWS Users rarely access data that is older than 1 year
Which solution meets these requirements MOST cost-effectively'
A. Use AWS Snowmobile to move the data to Amazon S3 Create an S3 Lifecycle policy to transition data that is older than 1 year to S3 Glacier
B. Use multiple AWS Snowball Edge Storage Optimized devices to move the data to Amazon S3 Create an S3 Lifecycle policy to transition data that is older than 1 year to S3 Standard-Infrequent Access (S3 Standard-IA)
C. Set up an AWS Direct Connect connection between the on-premises data center and AWS Transfer the data directly to Amazon S3 by using the Direct Connect connection Create an S3 Lifecycle policy to transition data that is older than 1 year to S3 Glacier
D. Set up an AWS Site-to-Site VPN connection between the on-premises data center and AWS Transfer the data directly to Amazon S3 by using the Site-to-Site VPN connection Create an S3 Lifecycle policy to transition data that is older than 1 year to S3 Standard- infrequent Access (S3 Standard-IA)
A company hosts a multi-tier web application on Amazon Linux Amazon EC2 instances behind an Application Load Balancer The instances run in an Auto Scaling group across multiple Availability Zones The company observes that the Auto Scaling group launches more On-Demand Instances when the application's end users access high volumes of static web content The company wants to optimize cost
What should a solutions architect do to redesign the application MOST cost-effectively?
A. Update the Auto Scaling group to use Reserved Instances instead of On-Demand Instances
B. Update the Auto Scaling group to scale by launching Spot Instances instead of On- Demand Instances
C. Create an Amazon CloudFront distribution to host the static web contents from an Amazon S3 bucket
D. Create an AWS Lambda function behind an Amazon API Gateway API to host the static website contents
A company needs to send large amounts of data from its data center to an Amazon S3 bucket on a regular basis. The data must be encrypted and must be transferred over a network that provides consistent bandwidth and low latency.
What should a solutions architect do to meet these requirements?
A. Use an AWS Direct Connect connection
B. Use an AWS VPN CloudHub connection
C. Use HTTPS TLS tor encryption of data in transit
D. Use a gateway VPC endpoint to access Amazon S3
An application that is hosted on Amazon EC2 instances needs to access an Amazon S3 bucket Traffic must not traverse the internet.
How should a solutions architect configure access to meet these requirements?
A. Create a private hosted zone by using Amazon Route 53
B. Set up a gateway VPC endpoint for Amazon S3 in the VPC
C. Configure the EC2 instances to use a NAT gateway to access the S3 bucket
D. Establish an AWS Site-to-Site VPN connection between the VPC and the S3 bucket
A company has deployed an internal API in a VPC behind an internet-facing Application Load Balancer (ALB). An application that consumes the API as a client is deployed in a VPC in a second account The application is deployed in private subnets behind a NAT gateway. When requests to the client application increase, the NAT gateway costs are higher than expected.
Which combination of architectural changes will reduce the NAT gateway costs? (Select TWO.)
A. Configure a VPC peering connection between the two VPCs.
B. Configure an AWS Direct Connect connection between the two VPCs.
C. Replace the internet-facing ALB with an internal ALB. Access the API by using the ALB's private DNS address.
D. Configure a ClassicLink connection for the API to the client VPC. Access the API by using the ClassicLink address.
E. Configure an AWS Resource Access Manager connection between the two accounts.Access the API by using the ALB's private DNS address.
A company manages and runs a critical data management application in containers that are hosted on Amazon Elastic Container Service (Amazon ECS). The application has endpoints that are exposed through Application Load Balancers (ALBs). The application uses an Amazon Elastic File System (Amazon EFS) file system mount for persistent data storage. The company has configured Amazon ECS to use a minimal IAM instance role.
Which combination of actions should a solutions architect take to improve the overall security posture of the application? (Select TWO.)
A. Decompose the Amazon ECS IAM instance role. Use only ECS task roles.
B. Enable EFS encryption in transit to protect data that is being written to Amazon EFS.
C. Use AWS Config to define patch management policies on the container instances.
D. Use Amazon Macie integration with Amazon EFS to monitor and protect sensitive information in the file system.
E. Use Amazon GuardDuty to authenticate data access between the ALBs and the container instances.
A company experienced a breach that affected several applications in its on-premises data center The attacker took advantage of vulnerabilities in the custom applications that were running on the servers The company is now migrating its applications to run on Amazon EC2 instances The company wants to implement a solution that actively scans for vulnerabilities on the EC2 instances and sends a report that details the findings
Which solution will meet these requirements?
A. Deploy AWS Shield to scan the EC2 instances for vulnerabilities Create an AWS Lambda function to log any findings to AWS CloudTrail.
B. Deploy Amazon Macie and AWS Lambda functions to scan the EC2 instances for vulnerabilities Log any findings to AWS CloudTrail
C. Turn on Amazon GuardDuty Deploy the GuardDuty agents to the EC2 instances Configure an AWS Lambda function to automate the generation and distribution of reports that detail the findings
D. Turn on Amazon Inspector Deploy the Amazon Inspector agent to the EC2 instances Configure an AWS Lambda function to automate the generation and distribution of reports that detail the findings
A company is building a disaster recovery (DR) solution The company wants to rotate its primary systems between AWS Regions on a regular basis. The company's application is geographically distributed and includes a serverless web tier The application's database tier runs on Amazon Aurora
A solutions architect needs to build an architecture tor the database layer to implement managed, planned failover
Which combination of actions will meet these requirements with the LEAST downtime*? (Select TWO )
A. Create an Aurora DB cluster Configure Aurora Replicas
B. Fail over to one of the secondary DB clusters from another Region
C. Create an Aurora DB cluster snapshot Restore from the snapshot
D. Configure an Aurora global database Set up a secondary DB cluster
E. Promote one of the read replicas as a writer from the Amazon RDS console
A doctor's office is moving all of its patient data to the AWS Cloud The office needs to retain all the data indefinitely, but the data is rarely accessed after a year. The data must be immediately available during the first year However, to minimize cost, the office is willing to wait a day for data that is more than 1 year old to become available.
Which combination of actions should a solutions architect take to meet these requirements MOST cost-effectively? (Select TWO )
A. Create an Amazon S3 Lifecycle transition rule to move the data to S3 Glacier after a year
B. Create an Amazon S3 Lifecycle transition rule to move the data to S3 Glacier Deep Archive after a year
C. Create an Amazon S3 bucket for the data. Store data in the S3 bucket by using the S3 Glacier storage class
D. Create an Amazon S3 bucket for the data. Store data in the bucket by using the S3 Standard storage class.
E. Create an Amazon S3 bucket for the data. Store data in the bucket by using the S3 Intelligent-Tiering storage class
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.