A company has a legacy data processing application that runs on Amazon EC2 instances. Data is processed sequentially, but the order of results does not matter. The application uses a monolithic architecture. The only way that the company
can scale the application to meet increased demand is to increase the size of the instances.
The company's developers have decided to rewrite the application to use a microservices architecture on Amazon Elastic Container Service (Amazon ECS).
What should a solutions architect recommend for communication between the microservices?
A. Create an Amazon Simple Queue Service (Amazon SQS) queue. Add code to the data producers, and send data to the queue. Add code to the data consumers to process data from the queue.
B. Create an Amazon Simple Notification Service (Amazon SNS) topic. Add code to the data producers, and publish notifications to the topic. Add code to the data consumers to subscribe to the topic.
C. Create an AWS Lambda function to pass messages. Add code to the data producers to call the Lambda function with a data object. Add code to the data consumers to receive a data object that is passed from the Lambda function.
D. Create an Amazon DynamoDB table. Enable DynamoDB Streams. Add code to the data producers to insert data into the table. Add code to the data consumers to use the DynamoDB Streams API to detect new table entries and retrieve the data.
A company wants to use AWS Systems Manager to manage a fleet ol Amazon EC2 instances. According to the company's security requirements, no EC2 instances can have internet access. A solutions architect needs to design network connectivity from the EC2 instances to Systems Manager while fulfilling this security obligation.
Which solution will meet these requirements?
A. Deploy the EC2 instances into a private subnet with no route to the internet.
B. Configure an interface VPC endpoint for Systems Manager. Update routes to use the endpoint.
C. Deploy a NAT gateway into a public subnet. Configure private subnets with a default route to the NAT gateway.
D. Deploy an internet gateway. Configure a network ACL to deny traffic to all destinations except Systems Manager.
A company is deploying an application that processes large quantities of data in parallel. The company plans to use Amazon EC2 instances for the workload. The network architecture must be configurable to prevent groups of nodes from sharing the same underlying hardware.
Which networking solution meets these requirements?
A. Run the EC2 instances in a spread placement group.
B. Group the EC2 instances in separate accounts.
C. Configure the EC2 instances with dedicated tenancy.
D. Configure the EC2 instances with shared tenancy.
A company wants to move from many standalone AWS accounts to a consolidated, multi- account architecture. The company plans to create many new AWS accounts for different business units The company needs to authenticate access to these AWS accounts by using a centralized corporate directory service
Which combination of actions should a solutions architect recommend to meet these requirements? (Select TWO )
A. Create a new organization in AWS Organizations with all features turned on Create the new AWS accounts in the organization
B. Set up an Amazon Cognito identity pool Configure AWS Single Sign-On to accept Amazon Cognito authentication
C. Configure a service control policy (SCP) to manage the AWS accounts Add AWS Single Sign-On to AWS Directory Service
D. Create a new organization in AWS Organizations Configure the organization's authentication mechanism to use AWS Directory Service directly
E. Set up AWS Single Sign-On (AWS SSO) in the organization Configure AWS SSO and integrate it with the company's corporate directory service
A company is migrating its application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster behind an Application Load Balancer (ALB). The disaster recovery (DR) requirements for the application include the ability to fail over to another AWS Region with minimal downtime.
Which combination of actions should a solutions architect take to meet this requirement? (Select TWO.)
A. Create a scaled-down clone environment in the DR Region. Use auto scaling policies with the EKS nodes.
B. Create an Amazon Route 53 record that points to the ALB. Configure an active-passive failover routing policy on the record.
C. Create an AWS Resource Access Manager policy that grants the application users access to the DR environment when the DR environment is needed.
D. Create an AWS Lambda function that monitors the availability of the main environment and deploys the DR environment when the DR environment is needed.
E. Create an AWS CIoudFormation template that deploys the stack. Deploy the same template in the DR Region when the main environment is unavailable.
A company has an internet-facing application that runs on premises. The application contains mostly user- generated content. The data is stored in an on-premises network- attached storage system. The company wants to archive this data annually and has chosen to move the archival data to Amazon S3. The company needs a solution to migrate the archival data into an S3 bucket.
Which solution will meet these requirements?
A. Use AWS Storage Gateway Volume Gateway. Cache the data, and then replicate the data from the on- premises environment to Amazon S3.
B. Use AWS DataSync. Create a configuration to replicate the data from the on-premises environment to Amazon S3.
C. Use AWS Transfer Family. Use an SFTP client to serially transfer the data from the on- premises environment to Amazon S3.
D. Use Amazon S3 Transfer Acceleration. Use a third-party backup utility to replicate the data from the on-premises environment to Amazon S3.
A company hosts its enterprise content management platform in one AWS Region but needs to operate the platform across multiple Regions The company has an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that runs its microservices The EKS cluster stores and retrieves objects from Amazon S3 The EKS cluster also stores and retrieves metadata from Amazon DynamoDB
Which combination of steps should a solutions architect take to deploy the platform across multiple Regions? (Select TWO.)
A. Replicate the EKS cluster with cross-Region replication.
B. Use Amazon API Gateway to create a global endpoint to the EKS cluster
C. Use AWS Global Accelerator endpoints to distribute the traffic to multiple Regions
D. Use Amazon S3 access points to give access to the objects across multiple Regions Configure DynamoDB Accelerator (DAX) Connect DAX to the relevant tables.
E. Deploy an EKS cluster and an S3 bucket in another Region Configure cross-Region replication on both S3 buckets Turn on global tables for DynamoDB
A company created and hosts a legacy software application for its customers. The application runs on a dedicated Linux server for each customer. The application stores no persistent data except for MySQL data.
The company experienced some data corruption issues in the past and wants to move the application to AWS. The company needs to implement a solution to optimize the stability of the application. The solution also must give the company
the ability to restore a customer's database to a specific point in time. The company will migrate customer data by using AWS Database Migration Service (AWS DMS).
Which architecture should a solutions architect recommend to meet these requirements?
A. Set up a shared Amazon Aurora database. Configure an Amazon EC2 launch template for each customer.
B. Set up a shared Amazon Aurora database. Create an Amazon EC2 Amazon Machine Image (AMI) for each customer. Use the AMI to launch the application.
C. Set up an Amazon RDS database and an Amazon EC2 instance for each customer. Download the installation script. Run the script to install and configure the application.
D. Set up an Amazon RDS database for each customer Deploy the application by using an Amazon EC2 launch template. Use user data to configure the customer-specific data.
A solutions architect must secure a VPC network that hosts Amazon EC2 instances. The EC2 ^stances contain highly sensitive data and tun n a private subnet According to company policy the EC2 instances mat run m the VPC can access only approved third- party software repositories on the internet for software product updates that use the third party's URL Other internet traffic must be blocked.
Which solution meets these requirements?
A. Update the route table for the private subnet to route the outbound traffic to an AWS Network Firewall. Configure domain list rule groups
B. Set up an AWS WAF web ACL. Create a custom set of rules that filter traffic requests based on source and destination IP address range sets.
C. Implement strict inbound security group roles Configure an outbound rule that allows traffic only to the authorized software repositories on the internet by specifying the URLs
D. Configure an Application Load Balancer (ALB) in front of the EC2 instances. Direct an outbound traffic to the ALB Use a URL-based rule listener in the ALB's target group for outbound access to the internet
A company uses AWS to run all components of its three-tier web application. The company wants to automatically detect any potential security breaches within the environment The company wants to track any findings and notify administrators if a potential breach occurs.
Which solution meets these requirements?
A. Set up AWS WAF to evaluate suspicious web traffic Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.
B. Set up AWS Shield to evaluate suspicious web traffic Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.
C. Deploy Amazon Inspector to monitor the environment and generate findings in Amazon CloudWatch. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email.
D. Deploy Amazon GuardDuty to monitor the environment and generate findings in Amazon CloudWatch. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.