Exams > Amazon > AWS Certified Solutions Architect - Associate SAA-C02
AWS Certified Solutions Architect - Associate SAA-C02
Page 7 out of 83 pages Questions 61-70 out of 822 questions
Question#61

A company has global users accessing an application deployed in different AWS Regions, exposing public static IP addresses. The users are experiencing poor performance when accessing the application over the internet.
What should a solutions architect recommend to reduce internet latency?

  • A. Set up AWS Global Accelerator and add endpoints.
  • B. Set up AWS Direct Connect locations in multiple Regions.
  • C. Set up an Amazon CloudFront distribution to access an application.
  • D. Set up an Amazon Route 53 geoproximity routing policy to route traffic.
Discover Answer Hide Answer

A

Question#62

A company wants to migrate a workload to AWS. The chief information security officer requires that all data be encrypted at rest when stored in the cloud. The company wants complete control of encryption key lifecycle management.
The company must be able to immediately remove the key material and audit key usage independently of AWS CloudTrail. The chosen services should integrate with other storage services that will be used on AWS.
Which services satisfies these security requirements?

  • A. AWS CloudHSM with the CloudHSM client
  • B. AWS Key Management Service (AWS KMS) with AWS CloudHSM
  • C. AWS Key Management Service (AWS KMS) with an external key material origin
  • D. AWS Key Management Service (AWS KMS) with AWS managed customer master keys (CMKs)
Discover Answer Hide Answer

A

Question#63

A company recently deployed a two-tier application in two Availability Zones in the us-east-1 Region. The databases are deployed in a private subnet while the web servers are deployed in a public subnet. An internet gateway is attached to the VPC. The application and database run on Amazon EC2 instances. The database servers are unable to access patches on the internet. A solutions architect needs to design a solution that maintains database security with the least operational overhead.
Which solution meets these requirements?

  • A. Deploy a NAT gateway inside the public subnet for each Availability Zone and associate it with an Elastic IP address. Update the routing table of the private subnet to use it as the default route.
  • B. Deploy a NAT gateway inside the private subnet for each Availability Zone and associate it with an Elastic IP address. Update the routing table of the private subnet to use it as the default route.
  • C. Deploy two NAT instances inside the public subnet for each Availability Zone and associate them with Elastic IP addresses. Update the routing table of the private subnet to use it as the default route.
  • D. Deploy two NAT instances inside the private subnet for each Availability Zone and associate them with Elastic IP addresses. Update the routing table of the private subnet to use it as the default route.
Discover Answer Hide Answer

A

Question#64

A company has an application with a REST-based interface that allows data to be received in near-real time from a third-party vendor. Once received, the application processes and stores the data for further analysis. The application is running on Amazon EC2 instances.
The third-party vendor has received many 503 Service Unavailable Errors when sending data to the application. When the data volume spikes, the compute capacity reaches its maximum limit and the application is unable to process all requests.
Which design should a solutions architect recommend to provide a more scalable solution?

  • A. Use Amazon Kinesis Data Streams to ingest the data. Process the data using AWS Lambda functions.
  • B. Use Amazon API Gateway on top of the existing application. Create a usage plan with a quota limit for the third-party vendor.
  • C. Use Amazon Simple Notification Service (Amazon SNS) to ingest the data. Put the EC2 instances in an Auto Scaling group behind an Application Load Balancer.
  • D. Repackage the application as a container. Deploy the application using Amazon Elastic Container Service (Amazon ECS) using the EC2 launch type with an Auto Scaling group.
Discover Answer Hide Answer

A

Question#65

A solutions architect needs to design a low-latency solution for a static single-page application accessed by users utilizing a custom domain name. The solution must be serverless, encrypted in transit, and cost-effective.
Which combination of AWS services and features should the solutions architect use? (Choose two.)

  • A. Amazon S3
  • B. Amazon EC2
  • C. AWS Fargate
  • D. Amazon CloudFront
  • E. Elastic Load Balancer
Discover Answer Hide Answer

AD

Question#66

A company is migrating to the AWS Cloud. A file server is the first workload to migrate. Users must be able to access the file share using the Server Message
Block (SMB) protocol. Which AWS managed service meets these requirements?

  • A. Amazon Elastic Block Store (Amazon EBS)
  • B. Amazon EC2
  • C. Amazon FSx
  • D. Amazon S3
Discover Answer Hide Answer

C

Question#67

A solutions architect is designing a customer-facing application. The application is expected to have a variable amount of reads and writes depending on the time of year and clearly defined access patterns throughout the year. Management requires that database auditing and scaling be managed in the AWS Cloud. The
Recovery Point Objective (RPO) must be less than 5 hours.
Which solutions can accomplish this? (Choose two.)

  • A. Use Amazon DynamoDB with auto scaling. Use on-demand backups and AWS CloudTrail.
  • B. Use Amazon DynamoDB with auto scaling. Use on-demand backups and Amazon DynamoDB Streams.
  • C. Use Amazon Redshift Configure concurrency scaling. Enable audit logging. Perform database snapshots every 4 hours.
  • D. Use Amazon RDS with Provisioned IOPS. Enable the database auditing parameter. Perform database snapshots every 5 hours.
  • E. Use Amazon RDS with auto scaling. Enable the database auditing parameter. Configure the backup retention period to at least 1 day.
Discover Answer Hide Answer

AB

Question#68

A company has migrated an on-premises Oracle database to an Amazon RDS for Oracle Multi-AZ DB instance in the us-east-l Region. A solutions architect is designing a disaster recovery strategy to have the database provisioned in the us-west-2 Region in case the database becomes unavailable in the us-east-1
Region. The design must ensure the database is provisioned in the us-west-2 Region in a maximum of 2 hours, with a data loss window of no more than 3 hours.
How can these requirements be met?

  • A. Edit the DB instance and create a read replica in us-west-2. Promote the read replica to master in us-west-2 in case the disaster recovery environment needs to be activated.
  • B. Select the multi-Region option to provision a standby instance in us-west-2. The standby instance will be automatically promoted to master in us-west-2 in case the disaster recovery environment needs to be created.
  • C. Take automated snapshots of the database instance and copy them to us-west-2 every 3 hours. Restore the latest snapshot to provision another database instance in us-west-2 in case the disaster recovery environment needs to be activated.
  • D. Create a multimaster read/write instances across multiple AWS Regions. Select VPCs in us-east-1 and us-west-2 to make that deployment. Keep the master read/write instance in us-west-2 available to avoid having to activate a disaster recovery environment.
Discover Answer Hide Answer

B

Question#69

A monolithic application was recently migrated to AWS and is now running on a single Amazon EC2 instance. Due to application limitations, it is not possible to use automatic scaling to scale out the application. The chief technology officer (CTO) wants an automated solution to restore the EC2 instance in the unlikely event the underlying hardware fails.
What would allow for automatic recovery of the EC2 instance as quickly as possible?

  • A. Configure an Amazon CloudWatch alarm that triggers the recovery of the EC2 instance if it becomes impaired.
  • B. Configure an Amazon CloudWatch alarm to trigger an SNS message that alerts the CTO when the EC2 instance is impaired.
  • C. Configure AWS CloudTrail to monitor the health of the EC2 instance, and if it becomes impaired, trigger instance recovery.
  • D. Configure an Amazon EventBridge event to trigger an AWS Lambda function once an hour that checks the health of the EC2 instance and triggers instance recovery if the EC2 instance is unhealthy.
Discover Answer Hide Answer

A

Question#70

A solutions architect is working on optimizing a legacy document management application running on Microsoft Windows Server in an on-premises data center.
The application stores a large number of files on a network file share. The chief information officer wants to reduce the on-premises data center footprint and minimize storage costs by moving on-premises storage to AWS.
What should the solutions architect do to meet these requirements?

  • A. Set up an AWS Storage Gateway file gateway.
  • B. Set up Amazon Elastic File System (Amazon EFS)
  • C. Set up AWS Storage Gateway as a volume gateway
  • D. Set up an Amazon Elastic Block Store (Amazon EBS) volume.
Discover Answer Hide Answer

A

chevron rightPrevious Nextchevron right