AWS SAA-C02 Exam (151-200)
#155 A companyג€™s website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the companyג€™s website demands globally. The solution should be cost-effective, limit the provisioning of infrastructure resources, and provide the fastest possible response time.Which combination should a solutions architect recommend to meet these requirements? A. Amazon CloudFront and Amazon S3 B. AWS Lambda and Amazon DynamoDB C. Application Load Balancer with Amazon EC2 Auto Scaling D. Amazon Route 53 with internal Application Load Balancers
(A)
#156 A company wants to deploy a shared file system for its .NET application servers and Microsoft SQL Server databases running on Amazon EC2 instances withWindows Server 2016. The solution must be able to be integrated into the corporate Active Directory domain, be highly durable, be managed by AWS, and provide high levels of throughput and IOPS.Which solution meets these requirements? A. Use Amazon FSx for Windows File Server. B. Use Amazon Elastic File System (Amazon EFS). C. Use AWS Storage Gateway in file gateway mode. D. Deploy a Windows file server on two On Demand instances across two Availability Zones
(A)
#161 A company is using a tape backup solution to store its key application data offsite. The daily data volume is around 50 TB. The company needs to retain the backups for 7 years for regulatory purposes. The backups are rarely accessed, and a week's notice is typically given if a backup needs to be restored.The company is now considering a cloud-based option to reduce the storage costs and operational burden of managing tapes. The company also wants to make sure that the transition from tape backups to the cloud minimizes disruptions.Which storage solution is MOST cost-effective? A. Use Amazon Storage Gateway to back up to Amazon Glacier Deep Archive. B. Use AWS Snowball Edge to directly integrate the backups with Amazon S3 Glacier. C. Copy the backup data to Amazon S3 and create a lifecycle policy to move the data to Amazon S3 Glacier. D. Use Amazon Storage Gateway to back up to Amazon S3 and create a lifecycle policy to move the backup to Amazon S3 Glacier
(A)
#162 A company requires a durable backup storage solution for its on-premises database servers while ensuring on-premises applications maintain access to these backups for quick recovery. The company will use AWS storage services as the destination for these backups. A solutions architect is designing a solution with minimal operational overhead.Which solution should the solutions architect implement? A. Deploy an AWS Storage Gateway file gateway on-premises and associate it with an Amazon S3 bucket. B. Back up the databases to an AWS Storage Gateway volume gateway and access it using the Amazon S3 API. C. Transfer the database backup files to an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 instance. D. Back up the database directly to an AWS Snowball device and use lifecycle rules to move the data to Amazon S3 Glacier Deep Archive
(A)
#163 A company decides to migrate its three-tier web application from on-premises to the AWS Cloud. The new database must be capable of dynamically scaling storage capacity and performing table joins.Which AWS service meets these requirements? A. Amazon Aurora B. Amazon RDS for SqlServer C. Amazon DynamoDB Streams D. Amazon DynamoDB on-demand
(A)
#168 A company needs to implement a relational database with a multi-Region disaster recovery Recovery Point Objective (RPO) of 1 second and a Recovery TimeObjective (RTO) of 1 minute.Which AWS solution can achieve this? A. Amazon Aurora Global Database B. Amazon DynamoDB global tables C. Amazon RDS for MySQL with Multi-AZ enabled D. Amazon RDS for MySQL with a cross-Region snapshot copy
(A)
#169 A company runs a web service on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across two Availability Zones. The company needs a minimum of four instances at all times to meet the required service level agreement (SLA) while keeping costs low.If an Availability Zone fails, how can the company remain compliant with the SLA? A. Add a target tracking scaling policy with a short cooldown period. B. Change the Auto Scaling group launch configuration to use a larger instance type. C. Change the Auto Scaling group to use six servers across three Availability Zones. D. Change the Auto Scaling group to use eight servers across two Availability Zones
(A)
#170 A company is reviewing its AWS Cloud deployment to ensure its data is not accessed by anyone without appropriate authorization. A solutions architect is tasked with identifying all open Amazon S3 buckets and recording any S3 bucket configuration changes.What should the solutions architect do to accomplish this? A. Enable AWS Config service with the appropriate rules B. Enable AWS Trusted Advisor with the appropriate checks. C. Write a script using an AWS SDK to generate a bucket report D. Enable Amazon S3 server access logging and configure Amazon CloudWatch Events
(A)
#178 A company has recently updated its internal security standards. The company must now ensure all Amazon S3 buckets and Amazon Elastic Block Store (AmazonEBS) volumes are encrypted with keys created and periodically rotated by internal security specialists. The company is looking for a native, software-based AWS service to accomplish this goal.What should a solutions architect recommend as a solution? A. Use AWS Secrets Manager with customer master keys (CMKs) to store master key material and apply a routine to create a new CMK periodically and replace it in AWS Secrets Manager. B. Use AWS Key Management Service (AWS KMS) with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in AWS KMS. C. Use an AWS CloudHSM cluster with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the CloudHSM cluster nodes. D. Use AWS Systems Manager Parameter Store with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the Parameter Store
(A)
#191 A company collects temperature, humidity, and atmospheric pressure data in cities across multiple continents. The average volume of data collected per site each day is 500 GB. Each site has a high-speed internet connection. The company's weather forecasting applications are based in a single Region and analyze the data daily.What is the FASTEST way to aggregate data from all of these global sites? A. Enable Amazon S3 Transfer Acceleration on the destination bucket. Use multipart uploads to directly upload site data to the destination bucket. B. Upload site data to an Amazon S3 bucket in the closest AWS Region. Use S3 cross-Region replication to copy objects to the destination bucket. C. Schedule AWS Snowball jobs daily to transfer data to the closest AWS Region. Use S3 cross-Region replication to copy objects to the destination bucket. D. Upload the data to an Amazon EC2 instance in the closest Region. Store the data in an Amazon EBS volume. Once a day take an EBS snapshot and copy it to the centralized Region. Restore the EBS volume in the centralized Region and run an analysis on the data daily
(A)
#192 A company has a custom application running on an Amazon EC instance that:ג€¢ Reads a large amount of data from Amazon S3ג€¢ Performs a multi-stage analysisג€¢ Writes the results to Amazon DynamoDBThe application writes a significant number of large, temporary files during the multi-stage analysis. The process performance depends on the temporary storage performance.What would be the fastest storage option for holding the temporary files? A. Multiple Amazon S3 buckets with Transfer Acceleration for storage. B. Multiple Amazon EBS drives with Provisioned IOPS and EBS optimization. C. Multiple Amazon EFS volumes using the Network File System version 4.1 (NFSv4.1) protocol. D. Multiple instance store volumes with software RAID 0.
(A)
#159 A company is planning to migrate its virtual server-based workloads to AWS. The company has internet-facing load balancers backed by application servers. The application servers rely on patches from an internet-hosted repository.Which services should a solutions architect recommend be hosted on the public subnet? (Choose two.) A. NAT gateway B. Amazon RDS DB instances C. Application Load Balancers D. Amazon EC2 application servers E. Amazon Elastic File System (Amazon EFS) volumes
(A,C)
#177 A solutions architect is designing the cloud architecture for a new application being deployed to AWS. The application allows users to interactively download and upload files. Files older than 2 years will be accessed less frequently. The solutions architect needs to ensure that the application can scale to any number of files while maintaining high availability and durability.Which scalable solutions should the solutions architect recommend? (Choose two.) A. Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Glacier. B. Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Standard-Infrequent Access (S3 Standard-IA) C. Store the files on Amazon Elastic File System (Amazon EFS) with a lifecycle policy that moves objects older than 2 years to EFS Infrequent Access (EFS IA). D. Store the files in Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years. E. Store the files in RAID-striped Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years
(A,C)
#182 A company uses an Amazon S3 bucket to store static images for its website. The company configured permissions to allow access to Amazon S3 objects by privileged users only.What should a solutions architect do to protect against data loss? (Choose two.) A. Enable versioning on the S3 bucket. B. Enable access logging on the S3 bucket. C. Enable server-side encryption on the S3 bucket. D. Configure an S3 lifecycle rule to transition objects to Amazon S3 Glacier. E. Use MFA Delete to require multi-factor authentication to delete an object.
(A,E)
#198 A company has a web server running on an Amazon EC2 instance in a public subnet with an Elastic IP address. The default security group is assigned to the EC2 instance. The default network ACL has been modified to block all traffic. A solutions architect needs to make the web server accessible from everywhere on port443.Which combination of steps will accomplish this task? (Choose two.) A. Create a security group with a rule to allow TCP port 443 from source 0.0.0.0/0. B. Create a security group with a rule to allow TCP port 443 to destination 0.0.0.0/0. C. Update the network ACL to allow TCP port 443 from source 0.0.0.0/0. D. Update the network ACL to allow inbound/outbound TCP port 443 from source 0.0.0.0/0 and to destination 0.0.0.0/0. E. Update the network ACL to allow inbound TCP port 443 from source 0.0.0.0/0 and outbound TCP port 32768-65535 to destination 0.0.0.0/0.
(A,E)
#151 A solutions architect is designing a hybrid application using the AWS cloud. The network between the on-premises data center and AWS will use an AWS DirectConnect (DX) connection. The application connectivity between AWS and the on-premises data center must be highly resilient.Which DX configuration should be implemented to meet these requirements? A. Configure a DX connection with a VPN on top of it. B. Configure DX connections at multiple DX locations. C. Configure a DX connection using the most reliable DX partner. D. Configure multiple virtual interfaces on top of a DX connection
(B)
#152 A company runs an application on Amazon EC2 instances. The application is deployed in private subnets in three Availability Zones of the us-east-1 Region. The instances must be able to connect to the internet to download files. The company wants a design that is highly available across the Region.Which solution should be implemented to ensure that there are no disruptions to internet connectivity? A. Deploy a NAT instance in a private subnet of each Availability Zone. B. Deploy a NAT gateway in a public subnet of each Availability Zone. C. Deploy a transit gateway in a private subnet of each Availability Zone. D. Deploy an internet gateway in a public subnet of each Availability Zone.
(B)
#154 A company is running a two-tier ecommerce website using services. The current architect uses a publish-facing Elastic Load Balancer that sends traffic to AmazonEC2 instances in a private subnet. The static content is hosted on EC2 instances, and the dynamic content is retrieved from a MYSQL database. The application is running in the United States. The company recently started selling to users in Europe and Australia. A solutions architect needs to design solution so their international users have an improved browsing experience.Which solution is MOST cost-effective? A. Host the entire website on Amazon S3. B. Use Amazon CloudFront and Amazon S3 to host static images. C. Increase the number of public load balancers and EC2 instances. D. Deploy the two-tier website in AWS Regions in Europe and Australia
(B)
#158 A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3. How can a solutions architect ensure that the application has permission to access Amazon S3? A. Update the S3 role in AWS IAM to allow read/write access from Amazon ECS, and then relaunch the container. B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition. C. Create a security group that allows access from Amazon ECS to Amazon S3, and update the launch configuration used by the ECS cluster. D. Create an IAM user with S3 permissions, and then relaunch the Amazon EC2 instances for the ECS cluster while logged in as this account.
(B)
#160 A company has established a new AWS account. The account is newly provisioned and no changed have been made to the default settings. The company is concerned about the security of the AWS account root user.What should be done to secure the root user? A. Create IAM users for daily administrative tasks. Disable the root user. B. Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user. C. Generate an access key for the root user. Use the access key for daily administration tasks instead of the AWS Management Console. D. Provide the root user credentials to the most senior solutions architect. Have the solutions architect use the root user for daily administration tasks
(B)
#166 A solutions architect is helping a developer design a new ecommerce shopping cart application using AWS services. The developer is unsure of the current database schema and expects to make changes as the ecommerce site grows. The solution needs to be highly resilient and capable of automatically scaling read and write capacity.Which database solution meets these requirements? A. Amazon Aurora PostgreSQL B. Amazon DynamoDB with on-demand enabled C. Amazon DynamoDB with DynamoDB Streams enabled D. Amazon SQS and Amazon Aurora PostgreSQL
(B)
#171 A company is planning to build a new web application on AWS. The company expects predictable traffic most of the year and very high traffic on occasion. The web application needs to be highly available and fault tolerant with minimal latency.What should a solutions architect recommend to meet these requirements? A. Use an Amazon Route 53 routing policy to distribute requests to two AWS Regions, each with one Amazon EC2 instance. B. Use Amazon EC2 instances in an Auto Scaling group with an Application Load Balancer across multiple Availability Zones. C. Use Amazon EC2 instances in a cluster placement group with an Application Load Balancer across multiple Availability Zones. D. Use Amazon EC2 instances in a cluster placement group and include the cluster placement group within a new Auto Scaling group
(B)
#174 A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application. The media files must be resilient to the loss of anAvailability Zone. Some files are accessed frequently while other files are rarely accessed in an unpredictable pattern. The solutions architect must minimize the costs of storing and retrieving the media files.Which storage option meets these requirements? A. S3 Standard B. S3 Intelligent-Tiering C. S3 Standard-Infrequent Access (S3 Standard-IA) D. S3 One Zone-Infrequent Access (S3 One Zone-IA)
(B)
#175 A company is running a three-tier web application to process credit card payments. The front-end user interface consists of static webpages. The application tier can have long-running processes. The database tier uses MySQL.The application is currently running on a single, general purpose large Amazon EC2 instance. A solutions architect needs to decouple the services to make the web application highly available.Which solution would provide the HIGHEST availability? A. Move static assets to Amazon CloudFront. Leave the application in EC2 in an Auto Scaling group. Move the database to Amazon RDS to deploy Multi-AZ. B. Move static assets and the application into a medium EC2 instance. Leave the database on the large instance. Place both instances in an Auto Scaling group. C. Move static assets to Amazon S3. Move the application to AWS Lambda with the concurrency limit set. Move the database to Amazon DynamoDB with on- demand enabled. D. Move static assets to Amazon S3. Move the application to Amazon Elastic Container Service (Amazon ECS) containers with Auto Scaling enabled. Move the database to Amazon RDS to deploy Multi-AZ
(B)
#176 A media company stores video content in an Amazon Elastic Block Store (Amazon EBS) volume. A certain video file has become popular and a large number of users across the world are accessing this content. This has resulted in a cost increase.Which action will DECREASE cost without compromising user accessibility? A. Change the EBS volume to Provisioned IOPS (PIOPS). B. Store the video in an Amazon S3 bucket and create an Amazon CloudFront distribution. C. Split the video into multiple, smaller segments so users are routed to the requested video segments only. D. Clear an Amazon S3 bucket in each Region and upload the videos so users are routed to the nearest S3 bucket
(B)
#180 A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML, CSS, client-side JavaScript, and images.Which method is the MOST cost-effective for hosting the website? A. Containerize the website and host it in AWS Fargate. B. Create an Amazon S3 bucket and host the website there. C. Deploy a web server on an Amazon EC2 instance to host the website. D. Configure an Application Load Balancer with an AWS Lambda target that uses the Express is framework
(B)
#185 A company is building applications in containers. The company wants to migrate its on-premises development and operations services from its on-premises data center to AWS. Management states that production system must be cloud agnostic and use the same configuration and administrator tools across production systems. A solutions architect needs to design a managed solution that will align open-source software.Which solution meets these requirements? A. Launch the containers on Amazon EC2 with EC2 instance worker nodes. B. Launch the containers on Amazon Elastic Kubernetes Service (Amazon EKS) and EKS workers nodes. C. Launch the containers on Amazon Elastic Containers service (Amazon ECS) with AWS Fargate instances. D. Launch the containers on Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 instance worker nodes
(B)
#187 A solutions architect is performing a security review of a recently migrated workload. The workload is a web application that consists of Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The solutions architect must improve the security posture and minimize the impact of a DDoS attack on resources.Which solution is MOST effective? A. Configure an AWS WAF ACL with rate-based rules. Create an Amazon CloudFront distribution that points to the Application Load Balancer. Enable the WAF ACL on the CloudFront distribution. B. Create a custom AWS Lambda function that adds identified attacks into a common vulnerability pool to capture a potential DDoS attack. Use the identified information to modify a network ACL to block access. C. Enable VPC Flow Logs and store then in Amazon S3. Create a custom AWS Lambda functions that parses the logs looking for a DDoS attack. Modify a network ACL to block identified source IP addresses. D. Enable Amazon GuardDuty and configure findings written to Amazon CloudWatch. Create an event with CloudWatch Events for DDoS alerts that triggers Amazon Simple Notification Service (Amazon SNS). Have Amazon SNS invoke a custom AWS Lambda function that parses the logs, looking for a DDoS attack. Modify a network ACL to block identified source IP addresses
(B)
#190 A company is developing a real-time multiplier game that uses UDP for communications between client and servers in an Auto Scaling group. Spikes in demand are anticipated during the day, so the game server platform must adapt accordingly. Developers want to store gamer scores and other non-relational data in a database solution that will scale without intervention.Which solution should a solutions architect recommend? A. Use Amazon Route 53 for traffic distribution and Amazon Aurora Serverless for data storage. B. Use a Network Load Balancer for traffic distribution and Amazon DynamoDB on-demand for data storage. C. Use a Network Load Balancer for traffic distribution and Amazon Aurora Global Database for data storage. D. Use an Application Load Balancer for traffic distribution and Amazon DynamoDB global tables for data storage.
(B)
#193 A leasing company generates and emails PDF statements every month for all its customers. Each statement is about 400 KB in size. Customers can download their statements from the website for up to 30 days from when the statements were generated. At the end of their 3-year lease, the customers are emailed a ZIP file that contains all the statements.What is the MOST cost-effective storage solution for this situation? A. Store the statements using the Amazon S3 Standard storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 1 day. B. Store the statements using the Amazon S3 Glacier storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier Deep Archive storage after 30 days. C. Store the statements using the Amazon S3 Standard storage class. Create a lifecycle policy to move the statements to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) storage after 30 days. D. Store the statements using the Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 30 days.
(B)
#197 A company operates a website on Amazon EC2 Linux instances. Some of the instances are failing. Troubleshooting points to insufficient swap space on the failed instances. The operations team lead needs a solution to monitor this.What should a solutions architect recommend? A. Configure an Amazon CloudWatch SwapUsage metric dimension. Monitor the SwapUsage dimension in the EC2 metrics in CloudWatch. B. Use EC2 metadata to collect information, then publish it to Amazon CloudWatch custom metrics. Monitor SwapUsage metrics in CloudWatch. C. Install an Amazon CloudWatch agent on the instances. Run an appropriate script on a set schedule. Monitor SwapUtilization metrics in CloudWatch. D. Enable detailed monitoring in the EC2 console. Create an Amazon CloudWatch SwapUtilization custom metric. Monitor SwapUtilization metrics in CloudWatch.
(B)
#157 A company that develops web applications has launched hundreds of Application Load Balancers (ALBs) in multiple Regions. The company wants to create an allow list for the IPs of all the load balancers on its firewall device. A solutions architect is looking for a one-time, highly available solution to address this request, which will also help reduce the number of IPs that need to be allowed by the firewall.What should the solutions architect recommend to meet these requirements? A. Create a AWS Lambda function to keep track of the IPs for all the ALBs in different Regions. Keep refreshing this list. B. Set up a Network Load Balancer (NLB) with Elastic IPs. Register the private IPs of all the ALBs as targets to this NLB. C. Launch AWS Global Accelerator and create endpoints for all the Regions. Register all the ALBs in different Regions to the corresponding endpoints. D. Set up an Amazon EC2 instance, assign an Elastic IP to this EC2 instance, and configure the instance as a proxy to forward traffic to all the ALBs
(C)
#167 A solutions architect must migrate a Windows internet information Services (IIS) web application to AWS. The application currently relies on a file share hosted in the userג€™s on-premises network-attached storage (NAS). The solutions architected has proposed migrating the IIS web servers to Amazon EC2 instances in multiple Availability Zones that are connected to the storage solution, and configuring an Elastic Load Balancer attached to the instances.Which replacement to the on-premises file share is MOST resilient and durable? A. Migrate the file Share to Amazon RDS. B. Migrate the file Share to AWS Storage Gateway C. Migrate the file Share to Amazon FSx for Windows File Server. D. Migrate the file share to Amazon Elastic File System (Amazon EFS)
(C)
#173 (Ko hinh) A solutions architect has configured the following IAM policy.Which action will be allowed by the policy? A. An AWS Lambda function can be deleted from any network. B. An AWS Lambda function can be created from any network. C. An AWS Lambda function can be deleted from the 100.220.0.0/20 network. D. An AWS Lambda function can be deleted from the 220.100.16.0/20 network.
(C)
#179 A company's dynamic website is hosted using on-premises servers in the United States. The company is launching its product in Europe, and it wants to optimize site loading times for new European users. The site's backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed.What should the solutions architect recommend? A. Launch an Amazon EC2 instance in us-east-1 and migrate the site to it. B. Move the website to Amazon S3. Use cross-Region replication between Regions. C. Use Amazon CloudFront with a custom origin pointing to the on-premises servers. D. Use an Amazon Route 53 geo-proximity routing policy pointing to on-premises servers.
(C)
#183 An operations team has a standard that states IAM policies should not be applied directly to users. Some new team members have not been following this standard. The operations manager needs a way to easily identify the users with attached policies.What should a solutions architect do to accomplish this? A. Monitor using AWS CloudTrail. B. Create an AWS Config rule to run daily. C. Publish IAM user changes to Amazon SNS. D. Run AWS Lambda when a user is modified.
(C)
#184 A company wants to use an AWS Region as a disaster recovery location for its on-premises infrastructure. The company has 10 TB of existing data, and the on- premise data center has a 1 Gbps internet connection. A solutions architect must find a solution so the company can have its existing data on AWS in 72 hours without transmitting it using an unencrypted channel.Which solution should the solutions architect select? A. Send the initial 10 TB of data to AWS using FTP. B. Send the initial 10 TB of data to AWS using AWS Snowball. C. Establish a VPN connection between Amazon VPC and the company's data center. D. Establish an AWS Direct Connect connection between Amazon VPC and the company's data center
(C)
#186 A company hosts its website on AWS. To address the highly variable demand, the company has implemented Amazon EC2 Auto Scaling. Management is concerned that the company is over-provisioning its infrastructure, especially at the front end of the three-tier application. A solutions architect needs to ensure costs are optimized without impacting performance.What should the solutions architect do to accomplish this? A. Use Auto Scaling with Reserved Instances. B. Use Auto Scaling with a scheduled scaling policy. C. Use Auto Scaling with the suspend-resume feature. D. Use Auto Scaling with a target tracking scaling policy
(C)
#188 A company has multiple AWS accounts for various departments. One of the departments wants to share an Amazon S3 bucket with all other department.Which solution will require the LEAST amount of effort? A. Enable cross-account S3 replication for the bucket. B. Create a pre-signed URL for the bucket and share it with other departments. C. Set the S3 bucket policy to allow cross-account access to other departments. D. Create IAM users for each of the departments and configure a read-only IAM policy.
(C)
#189 A company needs to share an Amazon S3 bucket with an external vendor. The bucket owner must be able to access all objects.Which action should be taken to share the S3 bucket? A. Update the bucket to be a Requester Pays bucket. B. Update the bucket to enable cross-origin resource sharing (CORS). C. Create a bucket policy to require users to grant bucket-owner-full-control when uploading objects. D. Create an IAM policy to require users to grant bucket-owner-full-control when uploading objects.
(C)
#196 A company is concerned that two NAT instances in use will no longer be able to support the traffic needed for the company's application. A solutions architect wants to implement a solution that is highly available fault tolerant, and automatically scalable.What should the solutions architect recommend? A. Remove the two NAT instances and replace them with two NAT gateways in the same Availability Zone. B. Use Auto Scaling groups with Network Load Balancers for the NAT instances in different Availability Zones. C. Remove the two NAT instances and replace them with two NAT gateways in different Availability Zones. D. Replace the two NAT instances with Spot Instances in different Availability Zones and deploy a Network Load Balancer.
(C)
#153 Application developers have noticed that a production application is very slow when business reporting users run large production reports against the AmazonRDS instance backing the application. The CPU and memory utilization metrics for the RDS instance do not exceed 60% while the reporting queries are running.The business reporting users must be able to generate reports without affecting the applicationג€™s performance.Which action will accomplish this? A. Increase the size of the RDS instance. B. Create a read replica and connect the application to it. C. Enable multiple Availability Zones on the RDS instance. D. Create a read replica and connect the business reports to it.
(D)
#164 A company mandates that an Amazon S3 gateway endpoint must allow traffic to trusted buckets only.Which method should a solutions architect implement to meet this requirement? A. Create a bucket policy for each of the company's trusted S3 buckets that allows traffic only from the company's trusted VPCs. B. Create a bucket policy for each of the company's trusted S3 buckets that allows traffic only from the company's S3 gateway endpoint IDs. C. Create an S3 endpoint policy for each of the company's S3 gateway endpoints that blocks access from any VPC other than the company's trusted VPCs. D. Create an S3 endpoint policy for each of the company's S3 gateway endpoints that provides access to the Amazon Resource Name (ARN) of the trusted S3 buckets
(D)
#165 A company is using a VPC peering strategy to connect its VPCs in a single Region to allow for cross-communication. A recent increase in account creations andVPCs has made it difficult to maintain the VPC peering strategy, and the company expects to grow to hundreds of VPCs. There are also new requests to create site-to-site VPNs with some of the VPCs. A solutions architect has been tasked with creating a centrally managed networking setup for multiple accounts, VPCs, and VPNs.Which networking solution meets these requirements? A. Configure shared VPCs and VPNs and share to each other. B. Configure a hub-and-spoke VPC and route all traffic through VPC peering. C. Configure an AWS Direct Connect connection between all VPCs and VPNs. D. Configure a transit gateway with AWS Transit Gateway and connect all VPCs and VPNs
(D)
#172 A company is designing a web application using AWS that processes insurance quotes. Users will request quotes from the application. Quotes must be separated by quote type must be responded to within 24 hours, and must not be lost. The solution should be simple to set up and maintain.Which solution meets these requirements? A. Create multiple Amazon Kinesis data streams based on the quote type. Configure the web application to send messages to the proper data stream. Configure each backend group of application servers to pool messages from its own data stream using the Kinesis Client Library (KCL). B. Create multiple Amazon Simple Notification Service (Amazon SNS) topics and register Amazon SQS queues to their own SNS topic based on the quote type. Configure the web application to publish messages to the SNS topic queue. Configure each backend application server to work its own SQS queue. C. Create a single Amazon Simple Notification Service (Amazon SNS) topic and subscribe the Amazon SQS queues to the SNS topic. Configure SNS message filtering to publish messages to the proper SQS queue based on the quote type. Configure each backend application server to work its own SQS queue. D. Create multiple Amazon Kinesis Data Firehose delivery streams based on the quote type to deliver data streams to an Amazon Elasticsearch Service (Amazon ES) cluster. Configure the web application to send messages to the proper delivery stream. Configure each backend group of application servers to search for the messages from Amazon ES and process them accordingly.
(D)
#194 A company recently released a new type of internet-connected sensor. The company is expecting to sell thousands of sensors, which are designed to stream high volumes of data each second to a central location. A solutions architect must design a solution that ingests and stores data so that engineering teams can analyze it in near-real time with millisecond responsiveness.Which solution should the solutions architect recommend? A. Use an Amazon SQS queue to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon Redshift. B. Use an Amazon SQS queue to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon DynamoDB. C. Use Amazon Kinesis Data Streams to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon Redshift. D. Use Amazon Kinesis Data Streams to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon DynamoDB
(D)
#195 A website runs a web application that receives a burst of traffic each day at noon. The users upload new pictures and content daily, but have been complaining of timeouts. The architecture uses Amazon EC2 Auto Scaling groups, and the custom application consistently takes 1 minute to initiate upon boot up before responding to user requests.How should a solutions architect redesign the architecture to better respond to changing traffic? A. Configure a Network Load Balancer with a slow start configuration. B. Configure AWS ElastiCache for Redis to offload direct requests to the servers. C. Configure an Auto Scaling step scaling policy with an instance warmup condition. D. Configure Amazon CloudFront to use an Application Load Balancer as the origin.
(D)
#199 A company must re-evaluate its need for the Amazon EC2 instances it currently has provisioned in an Auto Scaling group. At present, the Auto Scaling group is configured for a minimum of two instances and a maximum of four instances across two Availability Zones. A Solutions architect reviewed Amazon CloudWatch metrics and found that CPU utilization is consistently low for all the EC2 instances.What should the solutions architect recommend to maximize utilization while ensuring the application remains fault tolerant? A. Remove some EC2 instances to increase the utilization of remaining instances. B. Increase the Amazon Elastic Block Store (Amazon EBS) capacity of instances with less CPU utilization. C. Modify the Auto Scaling group scaling policy to scale in and out based on a higher CPU utilization metric. D. Create a new launch configuration that uses smaller instance types. Update the existing Auto Scaling group
(D)
#200 A company has an application that posts messages to Amazon SQS. Another application polls the queue and processes the messages in an I/O-intensive operation. The company has a service level agreement (SLA) that specifies the maximum amount of time that can elapse between receiving the messages and responding to the users. Due to an increase in the number of messages, the company has difficulty meeting its SLA consistently.What should a solutions architect do to help improve the application's processing time and ensure it can handle the load at any level? A. Create an Amazon Machine Image (AMI) from the instance used for processing. Terminate the instance and replace it with a larger size. B. Create an Amazon Machine Image (AMI) from the instance used for processing. Terminate the instance and replace it with an Amazon EC2 Dedicated Instance. C. Create an Amazon Machine image (AMI) from the instance used for processing. Create an Auto Scaling group using this image in its launch configuration. Configure the group with a target tracking policy to keep its aggregate CPU utilization below 70%. D. Create an Amazon Machine Image (AMI) from the instance used for processing. Create an Auto Scaling group using this image in its launch configuration. Configure the group with a target tracking policy based on the age of the oldest message in the SQS queue
(D)
#181 A company is hosting multiple websites for several lines of business under its registered parent domain. Users accessing these websites will be routed to appropriate backend Amazon EC2 instances based on the subdomain. The websites host static webpages, images, and server-side scripts like PHP andJavaScript.Some of the websites experience peak access during the first two hours of business with constant usage throughout the rest of the day. A solutions architect needs to design a solution that will automatically adjust capacity to these traffic patterns while keeping costs low.Which combination of AWS services or features will meet these requirements? (Choose two.) A. AWS Batch B. Network Load Balancer C. Application Load Balancer D. Amazon EC2 Auto Scaling E. Amazon S3 website hosting
(D,E)