Exams > Amazon > AWS Certified Solutions Architect - Associate SAA-C02
AWS Certified Solutions Architect - Associate SAA-C02
Page 8 out of 83 pages Questions 71-80 out of 822 questions
Question#71

A solutions architect is designing a hybrid application using the AWS cloud. The network between the on-premises data center and AWS will use an AWS Direct
Connect (DX) connection. The application connectivity between AWS and the on-premises data center must be highly resilient.
Which DX configuration should be implemented to meet these requirements?

  • A. Configure a DX connection with a VPN on top of it.
  • B. Configure DX connections at multiple DX locations.
  • C. Configure a DX connection using the most reliable DX partner.
  • D. Configure multiple virtual interfaces on top of a DX connection.
Discover Answer Hide Answer

B

Question#72

A company runs an application on Amazon EC2 instances. The application is deployed in private subnets in three Availability Zones of the us-east-1 Region. The instances must be able to connect to the internet to download files. The company wants a design that is highly available across the Region.
Which solution should be implemented to ensure that there are no disruptions to internet connectivity?

  • A. Deploy a NAT instance in a private subnet of each Availability Zone.
  • B. Deploy a NAT gateway in a public subnet of each Availability Zone.
  • C. Deploy a transit gateway in a private subnet of each Availability Zone.
  • D. Deploy an internet gateway in a public subnet of each Availability Zone.
Discover Answer Hide Answer

B

Question#73

Application developers have noticed that a production application is very slow when business reporting users run large production reports against the Amazon
RDS instance backing the application. The CPU and memory utilization metrics for the RDS instance do not exceed 60% while the reporting queries are running.
The business reporting users must be able to generate reports without affecting the application's performance.
Which action will accomplish this?

  • A. Increase the size of the RDS instance.
  • B. Create a read replica and connect the application to it.
  • C. Enable multiple Availability Zones on the RDS instance.
  • D. Create a read replica and connect the business reports to it.
Discover Answer Hide Answer

D

Question#74

A company is running a two-tier ecommerce website using AWS services. The current architect uses a publish-facing Elastic Load Balancer that sends traffic to
Amazon EC2 instances in a private subnet. The static content is hosted on EC2 instances, and the dynamic content is retrieved from a MySQL database. The application is running in the United States. The company recently started selling to users in Europe and Australia. A solutions architect needs to design solution so their international users have an improved browsing experience.
Which solution is MOST cost-effective?

  • A. Host the entire website on Amazon S3.
  • B. Use Amazon CloudFront and Amazon S3 to host static images.
  • C. Increase the number of public load balancers and EC2 instances.
  • D. Deploy the two-tier website in AWS Regions in Europe and Australia.
Discover Answer Hide Answer

B

Question#75

A company's website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company's website demands globally. The solution should be cost-effective, limit the provisioning of infrastructure resources, and provide the fastest possible response time.
Which combination should a solutions architect recommend to meet these requirements?

  • A. Amazon CloudFront and Amazon S3
  • B. AWS Lambda and Amazon DynamoDB
  • C. Application Load Balancer with Amazon EC2 Auto Scaling
  • D. Amazon Route 53 with internal Application Load Balancers
Discover Answer Hide Answer

A

Question#76

A company wants to deploy a shared file system for its .NET application servers and Microsoft SQL Server databases running on Amazon EC2 instances with
Windows Server 2016. The solution must be able to be integrated into the corporate Active Directory domain, be highly durable, be managed by AWS, and provide high levels of throughput and IOPS.
Which solution meets these requirements?

  • A. Use Amazon FSx for Windows File Server.
  • B. Use Amazon Elastic File System (Amazon EFS).
  • C. Use AWS Storage Gateway in file gateway mode.
  • D. Deploy a Windows file server on two On Demand instances across two Availability Zones.
Discover Answer Hide Answer

A

Question#77

A company that develops web applications has launched hundreds of Application Load Balancers (ALBs) in multiple Regions. The company wants to create an allow list for the IPs of all the load balancers on its firewall device. A solutions architect is looking for a one-time, highly available solution to address this request, which will also help reduce the number of IPs that need to be allowed by the firewall.
What should the solutions architect recommend to meet these requirements?

  • A. Create a AWS Lambda function to keep track of the IPs for all the ALBs in different Regions. Keep refreshing this list.
  • B. Set up a Network Load Balancer (NLB) with Elastic IPs. Register the private IPs of all the ALBs as targets to this NLB.
  • C. Launch AWS Global Accelerator and create endpoints for all the Regions. Register all the ALBs in different Regions to the corresponding endpoints.
  • D. Set up an Amazon EC2 instance, assign an Elastic IP to this EC2 instance, and configure the instance as a proxy to forward traffic to all the ALBs.
Discover Answer Hide Answer

C

Question#78

A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3. How can a solutions architect ensure that the application has permission to access Amazon S3?

  • A. Update the S3 role in AWS IAM to allow read/write access from Amazon ECS, and then relaunch the container.
  • B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition.
  • C. Create a security group that allows access from Amazon ECS to Amazon S3, and update the launch configuration used by the ECS cluster.
  • D. Create an IAM user with S3 permissions, and then relaunch the Amazon EC2 instances for the ECS cluster while logged in as this account.
Discover Answer Hide Answer

B

Question#79

A company is planning to migrate its virtual server-based workloads to AWS. The company has internet-facing load balancers backed by application servers. The application servers rely on patches from an internet-hosted repository.
Which services should a solutions architect recommend be hosted on the public subnet? (Choose two.)

  • A. NAT gateway
  • B. Amazon RDS DB instances
  • C. Application Load Balancers
  • D. Amazon EC2 application servers
  • E. Amazon Elastic File System (Amazon EFS) volumes
Discover Answer Hide Answer

AC

Question#80

A company has established a new AWS account. The account is newly provisioned and no changed have been made to the default settings. The company is concerned about the security of the AWS account root user.
What should be done to secure the root user?

  • A. Create IAM users for daily administrative tasks. Disable the root user.
  • B. Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user.
  • C. Generate an access key for the root user. Use the access key for daily administration tasks instead of the AWS Management Console.
  • D. Provide the root user credentials to the most senior solutions architect. Have the solutions architect use the root user for daily administration tasks.
Discover Answer Hide Answer

B

chevron rightPrevious Nextchevron right