A company is planning on deploying a newly built application on AWS in a default VPC. The application will consist of a web layer and database layer. The web server was created in public subnets, and the MySQL database was created in private subnet. All subnets are created with the default network ACL settings, and the default security group in the VPC will be replaced with new custom security groups.
A. Create a database server security group with inbound and outbound rules for MySQL port 3306 traffic to and from anywhere (0.0.0.0/0).An application running on an Amazon EC2 instance needs to access an Amazon DynamoDB table Both the EC2 instance and the DynamoDB table are in the same AWS account A solutions architect must configure the necessary
permissions.
Which solution will allow least privilege access to the DynamoDB table from the EC2 instance?
A. Create an IAM role with the appropriate policy to allow access to the DynamoDB table Create an instance profile to assign this IAM role to the EC2 instanceA company runs a website on Amazon EC2 instances behind an ELB Application Load Balancer Amazon Route 53 Is used for the DNS The company wants to set up a backup website with a message including a phone number and email address that users can reach if the primary website is down.
How should the company deploy this solution?
A. Use Amazon S3 website hosting for the backup website and a Route 53 failover routing policyA company recently launched Linux-based application instances on Amazon EC2 in a private subnet and launched a Linux-based bastion host on an Amazon EC2 instance in a public subnet of a VPC A solutions architect needs to connect from the on-premises network, through the company's internet connection to the bastion host and to the application servers The solutions architect must make sure that the security groups of all the EC2 instances will allow that access
Which combination of steps should the solutions architect take to meet these requirements? (Select TWO)
A. Replace the current security group of the bastion host with one that only allows inbound access from the application instances.A company has created a multi-tier application for its ecommerce website. The website uses an Application Load Balancer that resides in the public subnets, a web tier in me public subnets, and a MySQL cluster hosted on Amazon EC2 instances in the private subnets. The MySQL database needs to retrieve product catalog and pricing information that is hosted on the internet by a third-party provider. A solutions architect must devise a strategy that maximizes security without increasing operational overhead.
What should the solutions architect do to meet these requirements?
A. Deploy a NAT instance in the VPC. Route all the internet-based traffic through the NAT instance.A solutions architect must provide a fully managed replacement for an on-premises solution that allows employees and partners to exchange files. The solution must be easily accessible to employees connecting from on-premises systems, remote employees, and external partners.
Which solution meets these requirements?
A. Use AWS Transfer for SFTP to transfer files into and out of Amazon S3.A company wants to host a scalable web application on AWS. The application will be accessed by users from different geographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost-effective solution to minimize upload and download latency and maximize performance.
What should a solutions architect do to accomplish this?
A. Use Amazon S3 with Transfer Acceleration to host the application.A company is planning to migrate its virtual server-based workloads to AWS The company has internet-facing load balancers backed by application servers. The application servers rely on patches from an internet-hosted repository
Which services should a solutions architect recommend be hosted on the public subnet*? (Select TWO.)
A. NAT gatewayA solutions architect must design a solution for a persistent database that is being migrated from on- premises to AWS. The database requires 64,000 IOPS according to the database administrator. If possible, the database administrator
wants to use a single Amazon Elastic Block Store (Amazon EBS) volume to host the database instance.
Which solution effectively meets the database administrator's criteria?
A. Use an instance from the 13 I/O optimized family and leverage local ephemeral storage to achieve the IOPS requirement.A company uses Amazon RDS for PostgreSQL databases for its data tier. The company must implement password rotation for the databases. Which solution meets this requirement with the LEAST operational overhead?
A. Store the password in AWS Secrets Manager. Enable automatic rotation on the secret.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.