Amazon Amazon Certifications SAA-C02 Questions & Answers

• Question 971:

  A company hosts historical weather records in Amazon S3. The records are downloaded from the company's website by way of a URL that resolves to a domain name. Users all over the world access this content through subscriptions A third-party provider hosts the company's root domain name, but the company recently migrated some of its services to Amazon Route 53 The company wants to consolidate contracts, reduce latency for users, and reduce costs related to serving the application to subscribers.

  Which solution meets these requirements?

  A. Create a web distribution on Amazon CloudFront to serve the S3 content for the application Create a CNAME record in a Route 53 hosted zone that points to the CloudFront distribution resolving to the application's URL domain name.

  B. Create a web distribution on Amazon CloudFront to serve the S3 content for the application Create an ALIAS record in the Amazon Route 53 hosted zone that points to the CloudFront distribution, resolving to the application's URL domain name

  C. Create an A record in a Route 53 hosted zone for the application Create a Route 53 traffic policy for the web application, and configure a geolocation rule. Configure health checks to check (he health of the endpoint and route DNS queries to other endpoints if an endpoint is unhealthy

  D. Create an A record in a Route 53 hosted zone tor the application. Create a Route 53 traffic policy for the web application, and configure a geoproximity rule. Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is unhealthy.

  Correct Answer: C

• Question 972:

  An application running on an Amazon EC2 instance in VPC-A needs to access files in another EC2 instance in VPC-B. Both are in separate. AWS accounts. The network administrator needs to design a solution to enable secure access to

  EC2 instance in VOC-B from VPC-A

  The connectivity should not have a single point of failure or bandwidth concerns.

  Which solution will meet these requirements?

  A. Set up a VPC peering connection between VPC-A and VPC-B.

  B. Set up VPC gateway endpoints for the EC2 instance running in VPC-B.

  C. Attach a virtual private gateway to VPC-B and enable routing from VPC-A.

  D. Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-B.

  Correct Answer: A

• Question 973:

  A company has NFS servers in an on-premises data center that need to periodically back up small amounts of data to Amazon S3. Which solution meets these requirements and is MOST cost-effective?

  A. Set up AWS Glue to copy the data from the on-premises servers to Amazon S3.

  B. Set up an AWS DataSync agent on the on premises servers, and sync the data to Amazon S3.

  C. Set up an SFTP sync using AWS Transfer for SFTP to sync data from on premises to Amazon S3.

  D. Set up an AWS Direct Connect connection between the on-premises data center and a VPC, and copy the data to Amazon S3

  Correct Answer: C

• Question 974:

  A company plans to store sensitive user data on Amazon S3. Internal security compliance requirement mandata encryption of data before sending it to Amazon S3. What should a solution architect recommend to satisfy these requirements?

  A. Server-side encryption with customer-provided encryption keys

  B. Client-side encryption with Amazon S3 managed encryption keys

  C. Server-side encryption with keys stored in AWS key Management Service (AWS KMS)

  D. Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS)

  Correct Answer: D

• Question 975:

  A company has a two-tier application architecture that runs in public and private subnets Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet The web application instances

  and the database are running in a single Availability Zone (AZ).

  Which combination of steps should a solutions architect take to provide high availability for this architecture? (Select TWO.)

  A. Create new public and private subnets in the same AZ for high availability

  B. Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs

  C. Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer

  D. Create new public and private subnets in a new AZ Create a database using Amazon EC2 in one AZ

  E. Create new public and private subnets in the same VPC each in a new AZ Migrate the database to an Amazon RDS multi-AZ deployment.

  Correct Answer: BE

• Question 976:

  A company has a multi-tier application that runs six front-end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer (ALB) A solutions architect needs to modify the infrastructure to be highly available without modifying the application Which architecture should the solutions architect choose that provides high availability?

  A. Create an Auto Scaling group that uses three instances across each of two Regions

  B. Modify the Auto Scaling group to use three instances across each of two Availability Zones

  C. Create an Auto Scaling template that can be used to quickly create more instances in another Region

  D. Change the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier

  Correct Answer: B

  https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-add-availability-zone.html

• Question 977:

  An online photo application lets users upload photos and perform image editing operations The application offers two classes of service free and paid Photos submitted by paid users are processed before those submitted by free users Photos are uploaded to Amazon S3 and the job information is sent to Amazon SQS.

  Which configuration should a solutions architect recommend?

  A. Use one SQS FIFO queue Assign a higher priority to the paid photos so they are processed first

  B. Use two SQS FIFO queues: one for paid and one for free Set the free queue to use short polling and the paid queue to use long polling

  C. Use two SQS standard queues one for paid and one for free Configure Amazon EC2 instances to prioritize polling for the paid queue over the free queue.

  D. Use one SQS standard queue. Set the visibility timeout of the paid photos to zero Configure Amazon EC2 instances to prioritize visibility settings so paid photos are processed first

  Correct Answer: C

  Priority: Use separate queues to provide prioritization of work.

  https://aws.amazon.com/sqs/features/

  https://aws.amazon.com/sqs/features/#:~:text=Priority%3A%20Use%20separate%20queue s%20to%20provide%20prioritization%20of%20work.

  https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs- short-and-long-polling.html

  https://acloud.guru/forums/guru-of-the-week/discussion/-L7Be8rOao3InQxdQcXj/

  https://aws.amazon.com/sqs/features/

• Question 978:

  A company is migrating from an on-premises infrastructure to the AWS Cloud One of the company's applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync A solutions architect needs to replace the file server farm Which service should the solutions architect use?

  A. Amazon EFS

  B. Amazon FSx

  C. Amazon S3

  D. AWS Storage Gateway

  Correct Answer: B

  Migrating Existing Files to Amazon FSx for Windows File Server Using AWS DataSync We recommend using AWS DataSync to transfer data between Amazon FSx for Windows File Server file systems. DataSync is a data transfer service that simplifies, automates, and accelerates moving and replicating data between on-premises storage systems and other AWS storage services over the internet or AWS Direct Connect. DataSync can transfer your file system data and metadata, such as ownership, time stamps, and access permissions. Reference: https://docs.aws.amazon.com/fsx/latest/WindowsGuide/migrate-files-to-fsx-datasync.html

• Question 979:

  A solution architect is performing a security review of a recently migrated workload. The workload is a web application that consists of amazon EC2 instances in an Auto Scaling group behind an Application Load balancer. The solution

  architect must improve the security posture and minimize the impact of a DDoS attack on resources.

  Which solution is MOST effective?

  A. Configure an AWS WAF ACL with rate-based rules. Create an Amazon CloudFront distribution that points to the Application Load Balancer. Enable the EAF ACL on the CloudFront distribution

  B. Create a custom AWS Lambda function that adds identified attacks into a common vulnerability pool to capture a potential DDoS attack. use the identified information to modify a network ACL to block access.

  C. Enable VPC Flow Logs and store then in Amazon S3. Create a custom AWS Lambda functions that parses the logs looking for a DDoS attack. Modify a network ACL to block identified source IP addresses.

  D. Enable Amazon GuardDuty and configure findings written 10 Amazon GloudWatch Create an event with Cloud Watch Events for DDoS alerts that triggers Amazon Simple Notification Service (Amazon SNS) Have Amazon SNS invoke a custom AWS lambda function that parses the logs looking for a DDoS attack Modify a network ACL to block identified source IP addresses

  Correct Answer: A

• Question 980:

  A company must generate sales reports at the beginning of every month. The reporting process launches 20 Amazon EC2 instances on the first of the month. The process runs for 7 days and cannot be interrupted. The company wants to minimize costs.

  Which pricing model should the company choose?

  A. Reserved Instances

  B. Spot Block Instances

  C. On-Demand Instances

  D. Scheduled Reserved Instances

  Correct Answer: D

  Scheduled Reserved Instances

  Scheduled Reserved Instances (Scheduled Instances) enable you to purchase capacity reservations that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one- year term. You reserve the capacity in advance, so that you know it is available when you need it. You pay for the time that the instances are scheduled, even if you do not use them. Scheduled Instances are a good choice for workloads that do not run continuously, but do run on a regular schedule. For example, you can use Scheduled Instances for an application that runs during business hours or for batch processing that runs at the end of the week. If you require a capacity reservation on a continuous basis, Reserved Instances might meet your needs and decrease costs. How Scheduled Instances Work

  Amazon EC2 sets aside pools of EC2 instances in each Availability Zone for use as Scheduled Instances. Each pool supports a specific combination of instance type, operating system, and network. To get started, you must search for an available schedule. You can search across multiple pools or a single pool. After you locate a suitable schedule, purchase it. You must launch your Scheduled Instances during their scheduled time periods, using a launch configuration that matches the following attributes of the schedule that you purchased: instance type, Availability Zone, network, and platform. When you do so, Amazon EC2 launches EC2 instances on your behalf, based on the specified launch specification. Amazon EC2 must ensure that the EC2 instances have terminated by the end of the current scheduled time period so that the capacity is available for any other Scheduled Instances it is reserved for. Therefore, Amazon EC2 terminates the EC2 instances three minutes before the end of the current scheduled time period. You can't stop or reboot Scheduled Instances, but you can terminate them manually as needed. If you terminate a Scheduled Instance before its current scheduled time period ends, you can launch it again after a few minutes. Otherwise, you must wait until the next scheduled time period. The following diagram illustrates the lifecycle of a Scheduled Instance.

  

  https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-scheduled-instances.html