A company hosts an application on an AWS Lambda function that runs a number of processing steps The Lambda function typically takes less than 5 minutes to run unless errors occur The company needs to decouple the application code because of past errors that caused the whole process to fail when a processing step took longer than expected The processing steps must be available to be replayed up to 12 months from when the onginal processing occurred
How should a solutions architect design the new solution1?
A. Configure Amazon EventBridge (Amazon CloudWatch Events), and create an archive Split the processes into separate Lambda functions Create rules for the different event patterns from the Lambda functions to perform processing
B. Keep the Lambda function in place, but increase the timeout to 15 minutes Configure the Lambda function to write each processing step into an Amazon DynamoDB table Replay the steps by using a separate Lambda function and by querying the table when necessary
C. Keep the Lambda function in place, but increase the timeout to 60 minutes. Configure the Lambda function to write each processing step into a daily file in an Amazon S3 bucket Replay the steps by using a separate Lambda function and by querying the file based on required date
D. Configure Amazon Simple Queue Service (Amazon SQS) queues, and create an archive Split the processes into separate Lambda functions Pass messages to different queues as each process is completed, and invoke the next Lambda function to poll the queue for new messages Replay the messages from the SQL queue archive when necessary
A company is designing a new multi-tier web application that consists of the following components:
Web and application servers that run on Amazon EC2 instances as part of Auto Scaling groups An Amazon RDS DB instance for data storage
A solutions architect needs to limit access to the application servers so that only the web servers can access them Which solution will meet these requirements?
A. Deploy AWS PrivateLink in front of the application servers Configure the network ACL to allow only the web servers to access the application servers
B. Deploy a VPC endpoint in front of the application servers Configure the security group to allow only the web servers to access the application servers
C. Deploy a Network Load Balancer with a target group that contains the application servers" Auto Scaling group. Configure the network ACL to allow only the web servers to access the application servers
D. Deploy an Application Load Balancer with a target group that contains the application servers' Auto Scaling group Configure the security group to allow only the web servers to access the application servers.
An application allows users at a company's headquarters to access product data. The product data is stored in an Amazon RDS MySQL DB instance The operations team has isolated an application performance slowdown and wants to separate read traffic from write traffic A solutions architect needs to optimize the application's performance quickly
What should the solutions architect recommend?
A. Change the existing database to a Multi-AZ deployment Serve the read requests from the primary Availability Zone
B. Change the existing database to a Multi-AZ deployment. Serve the read requests from the secondary Availability Zone
C. Create read replicas for the database Configure the read replicas with half of the compute and storage resources as the source database
D. Create read replicas for the database Configure the read replicas with the same compute and storage resources as the source database
A company has an application that processes customer of tiers. The company hosts the application on an Amazon EC2 instance that saves the orders to an Amazon Aurora database. Occasionally when traffic Is high, the workload does not process orders fast enough.
What should a solutions architect do to write the orders reliably to the database as quickly as possible?
A. Increase the instance size of the EC2 instance when baffle Is high. Write orders to Amazon Simple Notification Service (Amazon SNS) Subscribe the database endpoint to the SNS topic
B. Write orders to an Amazon Simple Queue Service (Amazon SQS) queue Use EC2 instances in an Auto Scaling group behind an Application Load Balancer to read born the SQS queue and process orders into the database
C. Write orders to Amazon Simple Notification Service (Amazon SNS). Subscribe the database endpoint to the SNS topic. Use EC2 ^stances in an Auto Scaling group behind an Application Load Balancer to read from the SNS topic.
D. Write orders to an Amazon Simple Queue Service (Amazon SQS) queue when the EC2 instance reaches CPU threshold limits. Use scheduled scaling of EC2 instances in an Auto Scaling group behind an Application Load Balancer to read from the SQS queue and process orders into the database
A solutions architect needs to connect a company's corporate network to its VPC to allow on-premises access to its AWS resources. The solution must provide encryption of all traffic between the corporate network and the VPC at the network layer and the session layer. The solution also must provide security controls to prevent unrestricted access between AWS and the on-premises systems.
Which solution meets these requirements?
A. Configure AWS Direct Connect to connect to the VPC. Configure the VPC route tables to allow and deny traffic between AWS and on premises as required
B. Create an IAM policy to allow access to the AWS Management Console only from a defined set of corporate IP addresses Restrict user access based on job responsibility by using an IAM policy and roles.
C. Configure AWS Site-to-Site VPN to connect to the VPC Configure route table entries to direct traffic from on premises to the VPC. Configure instance security groups and network ACLs to allow only required traffic from on premises.
D. Configure AWS Transit Gateway to connect to the VPC Configure route table entries to direct traffic from on premises to the VPC. Configure instance security groups and network ACLs to allow only required traffic from on premises.
A pharmaceutical company is developing a new drug. The volume of data that the company generates has grown exponentially over the past few months. The company's researchers regularly require a subset of the entire dataset to be immediately available with minimal lag. However, the entire dataset does not need to be accessed on a daily basis. All the data currently resides in on-premises storage arrays, and the company wants to reduce ongoing capital expenses.
Which storage solution should a solutions architect recommend to meet these requirements?
A. Run AWS DataSync as a scheduled cron job to migrate the data to an Amazon S3 bucket on an ongoing basis.
B. Deploy an AWS Storage Gateway file gateway with an Amazon S3 bucket as the target storage. Migrate the data to the Storage Gateway appliance.
C. Deploy an AWS Storage Gateway volume gateway with cached volumes with an Amazon S3 bucket as the target storage. Migrate the data to the Storage Gateway appliance.
D. Configure an AWS Site-to-Site VPN connection from the on-premises environment to AWS. Migrate data to an Amazon Elastic File System (Amazon EFS) file system.
A company wants to track its daily AWS resource usage to avoid reaching service quotas unexpectedly The company needs to receive notifications when any service quota is exceeded Which combination of actions should a solutions architect take to meet this requirement? (Select TWO.)
A. Configure Amazon Simple Notification Service (Amazon SNS) as Ihe target to send notifications
B. Use the DescribeTrustedAdvisorChecks API operation to get AWS Trusted Advisor Service Limits checks every 24 hours
C. Create an AWS Lambda function that runs every 24 hours and refreshes the AWS Trusted Advisor Service Limits checks
D. Use AWS Config to monitor the AWS resources service quotas and create a periodic invocation for an AWS Lambda function.
E. Use Amazon EventBridge (Amazon CloudWatch Events) to capture the events. Configure Amazon Simple Notification Service (Amazon SNS) as the target
A solutions architect is creating an application. The application will run on Amazon EC2 instances in private subnets across multiple Availability Zones in a VPC. The EC2 instances will frequently access large files that contain confidential information. These files are stored in Amazon S3 buckets for processing. The solutions architect must optimize the network architecture to minimize data transfer costs.
What should the solutions architect do to meet these requirements?
A. Create a gateway endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the gateway endpoint.
B. Create a single NAT gateway in a public subnet. In the route tables for the private subnets, add a default route that points to the NAT gateway.
C. Create an AWS PrivateLink interface endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the interface endpoint.
D. Create one NAT gateway for each Availability Zone in public subnets. In each of the route tables for the private subnets, add a default route that points to the NAT gateway in the same Availability Zone.
A company wants its public web application to run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The application must use a publicly trusted SSL certificate. Which solution will meet these requirements MOST cost-effectively?
A. Provision a public SSL/TLS certificate through AWS Certificate Manager (ACM). Configure the new certificate on the HTTPS listener for the ALB.
B. Use AWS Certificate Manager Private Certificate Authonty to issue an SSL/TLS certificate. Configure the new certificate on the HTTPS listener for the ALB.
C. Create a self-signed certificate on one of the EC2 instances in the Auto Scaling group. Export the certificate, and configure it on the HTTPS listener for the ALB.
D. Deploy an EC2-hosted certificate authority (CA). Import a trusted root certificate. Issue a new SSL/TLS certificate. Configure the new certificate on the HTTPS listener for the ALB.
A company is building a new data analysis application that will ingest large volumes of data into an Amazon S3 bucket. The company is concerned that sensitive information, such as personally identifiable information (Pll). might be included in some of the data that is ingested. The company needs a solution that will scan for sensitive data and log the findings.
What should a solutions architect recommend to meet these requirements?
A. Deploy Amazon Inspector to scan the ingested data Configure Amazon Inspector to log findings to Amazon CloudWatch if Amazon Inspector finds any sensitive data.
B. Deploy Amazon QuickSight to scan the ingested data. Configure QuickSight to log findings to Amazon CloudWatch if QuickSight finds any sensitive data.
C. Create a series of AWS Lambda functions to call Amazon GuardDuty to perform scans of the ingested data. If GuardDuty finds any sensitive data, invoke a Lambda function to write findings to Amazon CloudWatch.
D. Create a series of AWS Lambda functions to call Amazon Macie to perform scans of the ingested data. If Macie finds any sensitive data, invoke a Lambda function to write findings to Amazon CloudWatch.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.