Exams > Amazon > AWS Certified Solutions Architect - Associate SAA-C02
AWS Certified Solutions Architect - Associate SAA-C02
Page 33 out of 83 pages Questions 321-330 out of 822 questions
Question#321

A company is planning to transfer multiple terabytes of data to AWS. The data is collected offline from ships. The company want to run complex transformation before transferring the data.
Which AWS service should a solutions architect recommend for this migration?

  • A. AWS Snowball
  • B. AWS Snowmobile
  • C. AWS Snowball Edge Storage Optimize
  • D. AWS Snowball Edge Compute Optimize
Discover Answer Hide Answer

D

Question#322

A company is running an online transaction processing (OLTP) workload on AWS. This workload uses an unencrypted Amazon RDS DB instance in a Multi-AZ deployment. Daily database snapshots are taken from this instance.
What should a solutions architect do to ensure the database and snapshots are always encrypted moving forward?

  • A. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot.
  • B. Create a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the snapshots to it. Enable encryption on the DB instance.
  • C. Copy the snapshots and enable encryption using AWS Key Management Service (AWS KMS). Restore encrypted snapshot to an existing DB instance.
  • D. Copy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS).
Discover Answer Hide Answer

A

Question#323

A company is selling up an application to use an Amazon RDS MySQL DB instance. The database must be architected for high availability across Availability
Zones and AWS Regions with minimal downtime.
How should a solutions architect meet this requirement?

  • A. Set up an RDS MySQL Multi-AZ DB instance. Configure an appropriate backup window.
  • B. Set up an RDS MySQL Multi-AZ DB instance. Configure a read replica in a different Region.
  • C. Set up an RDS MySQL Single-AZ DB instance. Configure a read replica in a different Region.
  • D. Set up an RDS MySQL Single-AZ DB instance. Copy automated snapshots to at least one other Region.
Discover Answer Hide Answer

B

Question#324

A company hosts its web application on AWS using seven Amazon EC2 instances. The company requires that the IP addresses of all healthy EC2 instances be returned in response to DNS queries.
Which policy should be used to meet this requirement?

  • A. Simple routing policy
  • B. Latency routing policy
  • C. Multi-value routing policy
  • D. Geolocation routing policy
Discover Answer Hide Answer

C

Question#325

A company has 700 TB of backup data stored in network attached storage (NAS) in its data center This backup data need to be accessible for infrequent regulatory requests and must be retained 7 years. The company has decided to migrate this backup data from its data center to AWS. The migration must be complete within 1 month. The company has 500 Mbps of dedicated bandwidth on its public internet connection available for data transfer.
What should a solutions architect do to migrate and store the data at the LOWEST cost?

  • A. Order AWS Snowball devices to transfer the data. Use a lifecycle policy to transition the files to Amazon S3 Glacier Deep Archive.
  • B. Deploy a VPN connection between the data center and Amazon VPC. Use the AWS CLI to copy the data from on premises to Amazon S3 Glacier.
  • C. Provision a 500 Mbps AWS Direct Connect connection and transfer the data to Amazon S3. Use a lifecycle policy to transition the files to Amazon S3 Glacier Deep Archive.
  • D. Use AWS DataSync to transfer the data and deploy a DataSync agent on premises. Use the DataSync task to copy files from the on-premises NAS storage to Amazon S3 Glacier.
Discover Answer Hide Answer

A

Question#326

A company is preparing to deploy a data lake on AWS. A solutions architect must define the encryption strategy tor data at rest m Amazon S3/ The company's security policy states:
✑ Keys must be rotated every 90 days.
✑ Strict separation of duties between key users and key administrators must be implemented.
✑ Auditing key usage must be possible.
What should the solutions architect recommend?

  • A. Server-side encryption with AWS KMS managed keys (SSE-KMS) with customer managed customer master keys (CMKs)
  • B. Server-side encryption with AWS KMS managed keys (SSE-KMS) with AWS managed customer master keys (CMKs)
  • C. Server-side encryption with Amazon S3 managed keys (SSE-S3) with customer managed customer master keys (CMKs)
  • D. Server-side encryption with Amazon S3 managed keys (SSE-S3) with AWS managed customer master keys (CMKs)
Discover Answer Hide Answer

A

Question#327

A company has an application that generates a large number of files, each approximately 5 MB in size. The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be deleted. Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days.
Which storage solution is MOST cost-effective?

  • A. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Glacier 30 days from object creation. Delete the files 4 years after object creation.
  • B. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) 30 days from object creation. Delete the files 4 years after object creation.
  • C. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation. Delete the files 4 years after object creation.
  • D. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation. Move the files to S3 Glacier 4 years after object creation.
Discover Answer Hide Answer

C

Question#328

A company previously migrated its data warehouse solution to AWS. The company also has an AWS Direct Connect connection. Corporate office users query the data warehouse using a visualization tool. The average size of a query returned by the data warehouse is 50 MB and each webpage sent by the visualization tool is approximately 500 KB. Result sets returned by the data warehouse are not cached.
Which solution provides the LOWEST data transfer egress cost for the company?

  • A. Host the visualization tool on premises and query the data warehouse directly over the internet.
  • B. Host the visualization tool in the same AWS Region as the data warehouse. Access it over the internet.
  • C. Host the visualization tool on premises and query the data warehouse directly over a Direct Connect connection at a location in the same AWS Region.
  • D. Host the visualization tool in the same AWS Region as the data warehouse and access it over a DirectConnect connection at a location in the same Region.
Discover Answer Hide Answer

A

Question#329

A mobile gaming company runs application servers on Amazon EC2 instances. The servers receive updates from players every 15 minutes. The mobile game creates a JSON object of the progress made in the game since the last update, and sends the JSON object to an Application Load Balancer. As the mobile game is played, game updates are being lost. The company wants to create a durable way to get the updates in older.
What should a solutions architect recommend to decouple the system?

  • A. Use Amazon Kinesis Data Streams to capture the data and store the JSON object in Amazon S3.
  • B. Use Amazon Kinesis Data Firehose to capture the data and store the JSON object in Amazon S3.
  • C. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues to capture the data and EC2 instances to process the messages in the queue.
  • D. Use Amazon Simple Notification Service (Amazon SNS) to capture the data and EC2 instances to process the messages sent to the Application Load Balancer.
Discover Answer Hide Answer

C

Question#330

A company has an application that runs on Amazon EC2 instances within a private subnet in a VPC. The instances access data in an Amazon S3 bucket in the same AWS Region. The VPC contains a NAT gateway in a public subnet to access the S3 bucket. The company wants to reduce costs by replacing the NAT gateway without compromising security or redundancy.
Which solution meets these requirements?

  • A. Replace the NAT gateway with a NAT instance.
  • B. Replace the NAT gateway with an internet gateway.
  • C. Replace the NAT gateway with a gateway VPC endpoint.
  • D. Replace the NAT gateway with an AWS Direct Connect connection.
Discover Answer Hide Answer

C

chevron rightPrevious Nextchevron right