You control access to S3 buckets and objects with:
A. Identity and Access Management (IAM) Policies. B. Access Control Lists (ACLs). C. Bucket Policies. D. All of the above
D. All of the above
Question 812:
A development team is collaborating with another company to create an integrated product. The other company needs to access an Amazon Simple Queue Service (Amazon SQS) queue that is contained in the development team's account.
The other company wants to poll the queue without giving up its own account permissions to do so.
How should a solutions architect provide access to the SQS queue?
A. Create an instance profile that provides the other company access to the SQS queue. B. Create an IAM policy that provides the other company access to the SQS queue. C. Create an SQS access policy that provides the other company access to the SQS queue. D. Create an Amazon Simple Notification Service (Amazon SNS) access policy that provides the other company access to the SQS queue.
C. Create an SQS access policy that provides the other company access to the SQS queue.
Question 813:
A company has a legacy data processing application that runs on Amazon EC2 instances. Data is processed sequentially, but the order of results does not matter. The application uses a monolithic architecture. The only way that the company
can scale the application to meet increased demand is to increase the size of the instances.
The company's developers have decided to rewrite the application to use a microservices architecture on Amazon Elastic Container Service (Amazon ECS).
What should a solutions architect recommend for communication between the microservices?
A. Create an Amazon Simple Queue Service (Amazon SQS) queue. Add code to the data producers, and send data to the queue. Add code to the data consumers to process data from the queue. B. Create an Amazon Simple Notification Service (Amazon SNS) topic. Add code to the data producers, and publish notifications to the topic. Add code to the data consumers to subscribe to the topic. C. Create an AWS Lambda function to pass messages. Add code to the data producers to call the Lambda function with a data object. Add code to the data consumers to receive a data object that is passed from the Lambda function. D. Create an Amazon DynamoDB table. Enable DynamoDB Streams. Add code to the data producers to insert data into the table. Add code to the data consumers to use the DynamoDB Streams API to detect new table entries and retrieve the data.
A. Create an Amazon Simple Queue Service (Amazon SQS) queue. Add code to the data producers, and send data to the queue. Add code to the data consumers to process data from the queue.
A company uses on-premises servers to host its applications. The company is running out of storage capacity. The applications use both block storage and NFS storage. The company needs a high- performing solution that supports local caching without re-architecting its existing applications.
Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.)
A. Mount Amazon S3 as a file system to the on-premises servers. B. Deploy an AWS Storage Gateway file gateway to replace NFS storage C. Deploy AWS Snowball Edge to provision NFS mounts to on-premises servers. D. Deploy an AWS Storage Gateway volume gateway to replace the block storage. E. Deploy Amazon Elastic Fife System (Amazon EFS) volumes and mount them to on-premises servers.
B. Deploy an AWS Storage Gateway file gateway to replace NFS storage D. Deploy an AWS Storage Gateway volume gateway to replace the block storage.
Explanation/Reference:
Question 815:
A company is building a new furniture inventory application The company has deployed the application on a fleet of Amazon EC2 instances across multiple Availability Zones The EC2 instances run behind an Application Load Balancer (ALB)
in their VPC
A solutions architect has observed that incoming traffic seems to favor one EC2 instance resulting in latency for some requests
What should the solutions architect do to resolve this issue?
A. Disable session affinity (sticky sessions) on the ALB B. Replace the ALB with a Network Load Balancer C. increase the number of EC2 instances in each Availability Zone D. Adjust the frequency of the health checks on the ALB's target group
B. Replace the ALB with a Network Load Balancer
Question 816:
A company's website is used to sell products to the public The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB) There is also an Amazon CloudFront distribution and AWS WAF is being used to protect against SQL injection attacks The ALB is the origin for the CloudFront distribution A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website What should a solutions architect do to protect the application?
A. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address B. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address C. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address D. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address
B. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address
If you want to allow or block web requests based on the IP addresses that the requests originate from, create one or more IP match conditions. An IP match condition lists up to 10,000 IP addresses or IP address ranges that your requests originate from. Later in the process, when you create a web ACL, you specify whether to allow or block requests from those IP addresses. AWS Web Application Firewall (WAF) ?Helps to protect your web applications from common application-layer exploits that can affect availability or consume excessive resources. As you can see in my post (New ?AWS WAF), WAF allows you to use access control lists (ACLs), rules, and conditions that define acceptable or unacceptable requests or IP addresses. You can selectively allow or deny access to specific parts of your web application and you can also guard against various SQL injection attacks. We launched WAF with support for Amazon CloudFront
Question 817:
A solutions architect is designing the architecture for a company website that is composed of static content. The company's target customers are located in the United States and Europe. Which architecture should the solutions architect recommend to MINIMIZE cost?
A. Store the website files on Amazon S3 in the us-east-2 Region. Use an Amazon CloudFront distribution with the price class configured to limit the edge locations in use. B. Store the website files on Amazon S3 in the us-east-2 Region. Use an Amazon CloudFront distribution with the price class configured to maximize the use of edge locations. C. Store the website files on Amazon S3 in the us-east-2 Region and the eu-west-1 Region. Use an Amazon CloudFront geolocation routing policy to route requests to the closest Region to the user. D. Store the website files on Amazon S3 in the us-east-2 Region and the eu-west-1 Region. Use an Amazon CloudFront distribution with an Amazon Route 53 latency routing policy to route requests to the closest Region to the user.
D. Store the website files on Amazon S3 in the us-east-2 Region and the eu-west-1 Region. Use an Amazon CloudFront distribution with an Amazon Route 53 latency routing policy to route requests to the closest Region to the user.
Question 818:
A company is running an application on AWS to process weather sensor data that is stored in an Amazon S3 bucket. Three batch jobs run hourly to process the data in the S3 bucket for different purposes The company wants to reduce the overall processing time by running the three applications in parallel using an event-based approach.
What should a solutions architect do to meet these requirements?
A. Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SQS) FIFO queue Subscribe all applications to the queue for processing B. Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SQS) standard queue Create an additional SQS queue for all applications and subscribe all applications to the initial queue for processing C. Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SQS) FIFO queues Create an additional SQS queue for each application and subscribe each queue to the initial topic for processing D. Enable S3 Event Notifications for new objects to an Amazon Simple Notification Service (Amazon SNS) topic Create an Amazon Simple Queue Service (Amazon SQS) queue for each application and subscribe each queue to the topic for processing
D. Enable S3 Event Notifications for new objects to an Amazon Simple Notification Service (Amazon SNS) topic Create an Amazon Simple Queue Service (Amazon SQS) queue for each application and subscribe each queue to the topic for processing
Explanation/Reference:
Question 819:
A company is running an ecommerce application on Amazon EC2 The application consists of a stateless web tier that requires a minimum of 10 instances, and a peak of 250 instances to support the application's usage The application requires 50 instances 80% of the time Which solution should be used to minimize costs?
A. Purchase Reserved Instances to cover 250 instances B. Purchase Reserved Instances to cover 80 instances Use Spot Instances to cover the remaining instances C. Purchase On-Demand Instances to cover 40 instances Use Spot Instances to cover the remaining instances D. Purchase Reserved Instances to cover 50 instances Use On-Demand and Spot Instances to cover the remaining instances
D. Purchase Reserved Instances to cover 50 instances Use On-Demand and Spot Instances to cover the remaining instances
Explanation/Reference:
Reserved Instances Having 50 EC2 RIs provide a discounted hourly rate and an optional capacity reservation for EC2 instances. AWS Billing automatically applies your RI's discounted rate when attributes of EC2 instance usage match attributes of an active RI. If an Availability Zone is specified, EC2 reserves capacity matching the attributes of the RI. The capacity reservation of an RI is automatically utilized by running instances matching these attributes. You can also choose to forego the capacity reservation and purchase an RI that is scoped to a region. RIs that are scoped to a region automatically apply the RI's discount to instance usage across AZs and instance sizes in a region, making it easier for you to take advantage of the RI's discounted rate. On-Demand Instance On-Demand instances let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. This frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. The pricing below includes the cost to run private and public AMIs on the specified operating system ("Windows Usage" prices apply to Windows Server 2003 R2, 2008, 2008 R2, 2012, 2012 R2, 2016, and 2019). Amazon also provides you with additional instances for Amazon EC2 running Microsoft Windows with SQL Server, Amazon EC2 running SUSE Linux Enterprise Server, Amazon EC2 running Red Hat Enterprise Linux and Amazon EC2 running IBM that are priced differently. Spot Instances A Spot Instance is an unused EC2 instance that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs significantly. The hourly price for a Spot Instance is called a Spot price. The Spot price of each instance type in each Availability Zone is set by Amazon EC2, and adjusted gradually based on the long-term supply of and demand for Spot Instances. Your Spot Instance runs whenever capacity is available and the maximum price per hour for your request exceeds the Spot price.
A company's website hosted on Amazon EC2 instances processes classified data stored in Amazon S3 Due to security concerns, the company requires a private and secure connection between its EC2 resources and Amazon S3 Which solution meets these requirements?
A. Set up S3 bucket policies to allow access from a VPC endpoint. B. Set up an IAM policy to grant read-write access to the S3 bucket. C. Set up a NAT gateway to access resources outside the private subnet. D. Set up an access key ID and a secret access key to access the S3 bucket
A. Set up S3 bucket policies to allow access from a VPC endpoint.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.