Practice AWS Certified Solutions Architect AWS-Solutions-Architect-Associate exam. Online Exam Practice Tests with detailed explanations! Pass AWS-Solutions-Architect-Associate with confidence!

AWS-Solutions-Architect-Associate - AWS Certified Solutions Architect - Associate (SAA-C02) Practice Tests 2021 | ExamsTorrent

NEW QUESTION 22
A company is processing data on a daily basis. The results of the operations are stored in an Amazon S3 bucket analyzed daily for one week and then must remain immediately accessible for occasional analysis What is the MOST cost-effective storage solution alternative to the current configuration?

• A. Configure a lifecycle policy to transition the objects to Amazon S3 Glacier after 30 days
• B. Configure a lifecycle policy to transition the objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days
• C. Configure a lifecycle policy to transition the objects to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days
• D. Configure a lifecycle policy to delete the objects after 30 days.

Answer: B

 

NEW QUESTION 23
A Solutions Architect is defining a shared Amazon S3 bucket where corporate applications will save objects.
How can the Architect ensure that when an application uploads an object to the Amazon S3 bucket, the object is encrypted?

• A. Set permission for users.
• B. Enable default encryption on the bucket.
• C. Set a bucket policy to encrypt all Amazon S3 objects.
• D. Set a CORS configuration.

Answer: C

Explanation:
https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to- amazon-s3/

 

NEW QUESTION 24
An application generates audit logs of operational activities. Compliance requirements mandate that the application retain the logs for 5 years.
How can these requirements be met?

• A. Save the logs in an Amazon EFS volume and use Network File System version 4 (NFSv4) locking with the volume.
• B. Save the logs in an Amazon S3 bucket and enable Multi-Factor Authentication Delete (MFA Delete) on the bucket.
• C. Save the logs in an Amazon EBS volume and take monthly snapshots.
• D. Save the logs in an Amazon Glacier vault and use the Vault Lock feature.

Answer: D

Explanation:
Explanation
From https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock.html S3 Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy. You can specify controls such as "write once read many" (WORM) in a vault lock policy and lock the policy from future edits. Once locked, the policy can no longer be changed. S3 Glacier enforces the controls set in the vault lock policy to help achieve your compliance objectives, for example, for data retention. You can deploy a variety of compliance controls in a vault lock policy using the AWS Identity and Access Management (IAM) policy language.

 

NEW QUESTION 25
Which AWS instance address has the following characteristics? :"If you stop an instance, its Elastic IP address is unmapped, and you must remap it when you restart the instance."

• A. Both A and B
• B. VPC Addresses
• C. EC2 Addresses
• D. None of these

Answer: A

 

NEW QUESTION 26
A company is running an ecommerce application on Amazon EC2 The application consists of a stateless web tier that requires a minimum of 10 instances, and a peak of 250 instances to support the application's usage The application requires 50 instances 80% of the time Which solution should be used to minimize costs?

• A. Purchase Reserved Instances to cover 50 instances Use On-Demand and Spot Instances to cover the remaining instances
• B. Purchase Reserved Instances to cover 80 instances Use Spot Instances to cover the remaining instances
• C. Purchase Reserved Instances to cover 250 instances
• D. Purchase On-Demand Instances to cover 40 instances Use Spot Instances to cover the remaining instances

Answer: A

Explanation:
Explanation
Reserved Instances
Having 50 EC2 RIs provide a discounted hourly rate and an optional capacity reservation for EC2 instances.
AWS Billing automatically applies your RI's discounted rate when attributes of EC2 instance usage match attributes of an active RI.
If an Availability Zone is specified, EC2 reserves capacity matching the attributes of the RI. The capacity reservation of an RI is automatically utilized by running instances matching these attributes.
You can also choose to forego the capacity reservation and purchase an RI that is scoped to a region. RIs that are scoped to a region automatically apply the RI's discount to instance usage across AZs and instance sizes in a region, making it easier for you to take advantage of the RI's discounted rate.
On-Demand Instance
On-Demand instances let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. This frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs.
The pricing below includes the cost to run private and public AMIs on the specified operating system ("Windows Usage" prices apply to Windows Server 2003 R2, 2008, 2008 R2, 2012, 2012 R2, 2016, and
2019). Amazon also provides you with additional instances for Amazon EC2 running Microsoft Windows with SQL Server, Amazon EC2 running SUSE Linux Enterprise Server, Amazon EC2 running Red Hat Enterprise Linux and Amazon EC2 running IBM that are priced differently.
Spot Instances
A Spot Instance is an unused EC2 instance that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs significantly. The hourly price for a Spot Instance is called a Spot price. The Spot price of each instance type in each Availability Zone is set by Amazon EC2, and adjusted gradually based on the long-term supply of and demand for Spot Instances. Your Spot Instance runs whenever capacity is available and the maximum price per hour for your request exceeds the Spot price.
https://aws.amazon.com/ec2/pricing/reserved-instances/
https://aws.amazon.com/ec2/pricing/on-demand/
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html

 

NEW QUESTION 27
A _____ for a VPC is a collection of subnets (typically private) that you may want to designate for your backend RDS DB Instances.

• A. DB Subnet Group
• B. RDS Subnet Group
• C. DB Subnet Collection
• D. DB Subnet Set

Answer: A

Explanation:
DB Subnet Groups are a set of subnets (one per Availability Zone of a particular region) designed for your
DB instances that reside in a VPC. They make easy to manage Multi-AZ deployments as well as the conversion from a Single-AZ to a Mutli-AZ one.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSVPC.html

 

NEW QUESTION 28
A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3. How can a solutions architect ensure that the application has permission to access Amazon S3?

• A. Update the S3 role in AWS 1AM to allow read/write access from Amazon ECS, and then relaunch the container.
• B. Create a security group that allows access from Amazon ECS to Amazon S3, and update the launch configuration used by the ECS cluster.
• C. Create an 1AM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition.
• D. Create an 1AM user with S3 permissions, and then relaunch the Amazon EC2 instances for the ECS cluster while logged in as this account.

Answer: C

 

NEW QUESTION 29
Users submit requests to a service that takes several minutes to process. A Solutions Architect needs to ensure that these requests are processed at least once, and that the service has the ability to handle large increases in the number of requests.
How should these requirements be met?

• A. Publish the message to an Amazon SNS topic that an Amazon EC2 subscriber can receive and process.
• B. Put the requests into an Amazon SOS queue and configure Amazon EC2 instances to poll the queue
• C. Save the request to an Amazon DynamoDB tablewith a DynamoDB stream that triggers an Amazon EC2 Spot Instance.
• D. Use Amazon S3 to store the requests and configure an event notification to have Amazon EC2 instances process the new object

Answer: B

 

NEW QUESTION 30
A customer has an application that is used by enterprise customers outside of AWS.
Some of these customers use legacy firewalls that cannot whitelist by DNS name, but whitelist based only on IP address. The application is currently deployed in two Availability Zones, with one EC2 instance in each that has Elastic IP addresses. The customer wants to whitelist only two IP addresses, but the two existing EC2 instances cannot sustain the amount of traffic.
What can a Solutions Architect do to support the customer and allow for more capacity?
(Choose two.)

• A. Create a Network Load Balancer with an interface in each subnet, and assign a static IP address to each subnet.
• B. Add additional EC2 instances with Elastic IP addresses, and register them with Amazon Route 53
• C. Create additional EC2 instances and put them on standby. Remap an Elastic IP address to a standby instance in the event of a failure.
• D. Switch the two existing EC2 instances for an Auto Scaling group, and register them with the Network Load Balancer.
• E. Use Amazon Route 53 with a weighted, round-robin routing policy across the Elastic IP addresses to resolve one at a time.

Answer: A,D

Explanation:
Explanation
https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-application-load-ba NLB enables static IP addresses for each Availability Zone. These static addresses don't change, so they are good for our firewalls' whitelisting.

 

NEW QUESTION 31
Will my standby RDS instance be in the same Availability Zone as my primary?

• A. No
• B. Only if configured at launch
• C. Yes
• D. Only for Oracle RDS types

Answer: A

 

NEW QUESTION 32
A company with multiple accounts is currently using a configuration that does not meet the following security governance policies:
* Prevent ingress from port 22 to any Amazon EC2 instance.
* Require billing and application tags for resources.
* Encrypt all Amazon EBS volumes.
A solutions architect wants to provide preventive and detective controls, including notifications about a specific resource, if there are policy deviations.
Which solution should the solutions architect implement?

• A. Restrict users and enforce least privilege access using AWS IAM. Consolidate all AWS CloudTrail logs into a single account. Send the CloudTrail logs to Amazon Elasticsearch Service (Amazon ES).
  Implement monitoring, alerting, and reporting using the Kibana dashboard in Amazon ES and with Amazon SNS.
• B. Implement policy-compliant AWS CloudFormation templates for each account, and ensure that all provisioning is completed by CloudFormation. Configure Amazon Inspector to perform regular checks against resources. Perform policy validation and write the assessment output to Amazon CloudWatch Logs. Create a CloudWatch Logs metric filter to increment a metric when a deviation occurs. Configure a CloudWatch alarm to send notifications when the configured metric is greater than zero.
• C. Create an AWS CodeCommit repository containing policy-compliant AWS CloudFormation templates.
  Create an AWS Service Catalog portfolio. Import the CloudFormation templates by attaching the CodeCommit repository to the portfolio. Restrict users across all accounts to items from the AWS Service Catalog portfolio. Use AWS Config managed rules to detect deviations from the policies.
  Configure an Amazon CloudWatch Events rule for deviations, and associate a CloudWatch alarm to send notifications when the TriggeredRules metric is greater than zero.
• D. Use AWS Service Catalog to build a portfolio with products that are in compliance with the governance policies in a central account. Restrict users across all accounts to AWS Service Catalog products.
  Share a compliant portfolio to other accounts. Use AWS Config managed rules to detect deviations from the policies. Configure an Amazon CloudWatch Events rule to send a notification when a deviation occurs.

Answer: B

 

NEW QUESTION 33
A user has launched one EC2 instance in the US West region. The user wants to access the RDS instance launched in the US East region from that EC2 instance. How can the user configure the access for that EC2 instance?

• A. It is not possible to access RDS of the US East region from the US West region
• B. Open the security group of the US West region in the RDS security group's ingress rule
• C. Configure the IP range of the US West region instance as the ingress security rule of RDS
• D. Create an IAM role which has access to RDS and launch an instance in the US West region with it

Answer: C

Explanation:
The user cannot authorize an Amazon EC2 security group if it is in a different AWS Region than the RDS DB instance. The user can authorize an IP range or specify an Amazon EC2 security group in the same region that refers to an IP address in another region.
Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html

 

NEW QUESTION 34
Company B is launching a new game app for mobile devices. Users will log into the game using their existing social media account to streamline data capture. Company B would like to directly save player data and scoring information from the mobile app to a DynamoDS table named Score Data When a user saves their game the progress data will be stored to the Game state S3 bucket. what is the best approach for storing data to DynamoDB and S3?

• A. Use an EC2 Instance that is launched with an EC2 role providing access to the Score Data DynamoDB table and the GameState S3 bucket that communicates with the mobile app via web services.
• B. Use temporary security credentials that assume a role providing access to the Score Data DynamoDB table and the Game State S3 bucket using web identity federation.
• C. Use Login with Amazon allowing users to sign in with an Amazon account providing the mobile app with access to the Score Data DynamoDB table and the Game State S3 bucket.
• D. Use an IAM user with access credentials assigned a role providing access to the Score Data DynamoDB table and the Game State S3 bucket for distribution with the mobile app.

Answer: B

 

NEW QUESTION 35
How can I change the security group membership for interfaces owned by other AWS, such as Elastic Load Balancing?

• A. By using the service specific console or API\CLI commands
• B. None of these
• C. using all these methods

Answer: A

 

NEW QUESTION 36
Is there any way to own a direct connection to Amazon Web Services?

• A. You can create an encrypted tunnel to VPC, but you don't own the connection.
• B. No, AWS only allows access from the public Internet.
• C. Yes, it's called Amazon Dedicated Connection.
• D. Yes, it's called Direct Connect.

Answer: D

 

NEW QUESTION 37
After reviewing the cost optimization checks in AWS Trusted Advisor, a team finds that it has 10,000 Amazon Elastic Block Store (Amazon EBS) snapshots in its account that are more than 30 days old. When the team determines that it needs to implement better governance for the lifecycle of its resources.
Which actions should the team take to automate the lifecycle management of the EBS snapshots with the LEAST effort? (Select TWO )

• A. Copy the EBS snapshots to Amazon S3 and then create lifecycle configurations in the S3 bucket
• B. Use Amazon Data Lifecycle Manager (Amazon DLM)
• C. Schedule and run backups in AWS Systems Manager.
• D. Create and schedule a backup plan with AWS Backup
• E. Use a scheduled event in Amazon EventBridge (Amazon CloudWatch Events) and invoke AWS Step Functions to manage the snapshots

Answer: C,E

 

NEW QUESTION 38
A company is storing data on premises on a Windows file server. The company produces 5 GB of new data daily.
The company migrated part of its Windows-based workload to AWS and needs the data to be available on a file system in the cloud. The company already has established an AWS Direct Connect connection between the on-premises network and AWS.
Which data migration strategy should the company use?

• A. Use the file gateway option in AWS Storage Gateway to replace the existing Windows file server, and point the existing file share to the new file gateway
• B. Use AWS DataSync to schedule a daily task to replicate data between the on-premises Windows file server and Amazon FSx
• C. Use AWS Data Pipeline to schedule a daily task to replicate data between the on-premises Windows file server and Amazon Elastic File System (Amazon EFS)
• D. Use AWS DataSync to schedule a daily task to replicate data between the on-premises Windows file server and Amazon Elastic File System (Amazon EFS)

Answer: B

 

NEW QUESTION 39
A recently created startup built a three-tier web application. The front end has static content. The application layer is based on microservices. User data is stored as JSON documents that need to be accessed with low latency. The company expects regular traffic to be low during the first year, with peaks in traffic when it publicizes new features every month. The startup team needs to minimize operational overhead costs.
What should a solutions architect recommend to accomplish this?

• A. Use Amazon S3 static website hosting to store and serve the front end. Use Amazon Elastic Kubernetes Service (Amazon EKS) for the application layer. Use Amazon DynamoDB to store user data.
• B. Use Amazon S3 static website hosting to store and serve the front end. Use Amazon API Gateway and AWS Lambda functions for the application layer Use Amazon DynamoDB to store user data.
• C. Use Amazon S3 static website hosting to store and serve the front end Use AWS Elastic Beanstalk for the application layer. Use Amazon DynamoDB to store user data.
• D. Use Amazon S3 static website hosting to store and serve the front end. Use Amazon API Gateway and AWS Lambda functions for the application layer. Use Amazon RDS with read replicas to store user data.

Answer: A

 

NEW QUESTION 40
A Solutions Architect is designing the architecture for a new three-tier web-based ecommerce site that must be available 24/7. Requests are expected to range from 100 to
10,000 each minute. Usage can vary depending on time of day, holidays, and promotions.
The design should be able to handle these volumes, with the ability to handle higher volumes if necessary. How should the Architect design the architecture to ensure the web tier is cost-optimized and can handle the expected traffic? (Select two.)

• A. Use Amazon S3 multi-part uploads to improve upload times
• B. Launch Amazon EC2 instances in an Auto Scaling group behind an ELB.
• C. Use Amazon Route 53 to route traffic to the correct region.
• D. Create an CloudFront distribution pointing to static content in Amazon S3.
• E. Store all static files in a multi-AZ Amazon Aurora database.

Answer: B,D

 

NEW QUESTION 41
You try to connect via SSH to a newly created Amazon EC2 instance and get one of the following error messages:
"Network error: Connection timed out" or "Error connecting to [instance], reason: -> Connection timed out: connect,"
You have confirmed that the network and security group rules are configured correctly and the instance is passing status checks. What steps should you take to identify the source of the behavior? Choose 2 answers

• A. Verify that your federation trust to AWS has been established.
• B. Verify that your IAM user policy has permission to launch Amazon EC2 instances.
• C. Verify that the private key file corresponds to the Amazon EC2 key pair assigned at launch.
• D. Verify that you are connecting with the appropriate user name for your AMI.
• E. Verify that the Amazon EC2 Instance was launched with the proper IAM role.

Answer: C,D

Explanation:
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnect ing.html

 

NEW QUESTION 42
What is the charge for the data transfer incurred in replicating data between your primary and standby?

• A. Half of the standard data transfer charge
• B. Double the standard data transfer charge
• C. Same as the standard data transfer charge
• D. No charge. It is free

Answer: D

 

NEW QUESTION 43
A web company is looking to implement an intrusion detection and prevention system into their deployed VPC. This platform should have the ability to scale to thousands of instances running inside of the VPC, How should they architect t heir solution to achieve these goals?

• A. Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform for inspection.
• B. Create a second VPC and route all traffic from the primary application VPC through the second VPC where the scalable virtualized IDS/IPS platform resides.
• C. Configure servers running in the VPC using the host-based 'route' commands to send all traffic through the platform to a scalable virtualized IDS/IPS.
• D. Configure an instance with monitoring software and the elastic network interface (ENI) set to promiscuous mode packet sniffing to see an traffic across the VPC,

Answer: C

 

NEW QUESTION 44
A company runs a video processing platform. Files are uploaded by users who connect to a web server, which stores them on an Amazon EFS share. This web server is running on a single Amazon EC2 instance. A different group of instances, running in an Auto Scaling group, scans the EFS share directory structure for new files to process and generates new videos (thumbnails, different resolution, compression, etc.) according to the instructions file, which is uploaded along with the video files. A different application running on a group of instances managed by an Auto Scaling group processes the video files and then deletes them from the EFS share. The results are stored in an S3 bucket. Links to the processed video files are emailed to the customer.
The company has recently discovered that as they add more instances to the Auto Scaling Group, many files are processed twice, so image processing speed is not improved. The maximum size of these video files is 2GB.
What should the Solutions Architect do to improve reliability and reduce the redundant processing of video files?

• A. Set up a cron job on the web server instance to synchronize the contents of the EFS share into Amazon S3. Trigger an AWS Lambda function every time a file is uploaded to process the video file and store the results in Amazon S3. Using Amazon CloudWatch Events, trigger an Amazon SES job to send an email to the customer containing the link to the processed file.
• B. Rewrite the web application to run from Amazon S3 and upload the video files to an S3 bucket. Each time a new file is uploaded, trigger an AWS Lambda function to put a message in an SQS queue containing the link and the instructions. Modify the video processing application to read from the SQS queue and the S3 bucket. Use the queue depth metric to adjust the size of the Auto Scaling group for video processing instances.
• C. Modify the web application to upload the video files directly to Amazon S3. Use Amazon CloudWatch Events to trigger an AWS Lambda function every time a file is uploaded, and have this Lambda function put a message into an Amazon SQS queue. Modify the video processing application to read from SQS queue for new files and use the queue depth metric to scale instances in the video processing Auto Scaling group.
• D. Rewrite the web application to run directly from Amazon S3 and use Amazon API Gateway to upload the video files to an S3 bucket. Use an S3 trigger to run an AWS Lambda function each time a file is uploaded to process and store new video files in a different bucket. Using CloudWatch Events, trigger an SES job to send an email to the customer containing the link to the processed file.

Answer: A

Explanation:
Explanation/Reference:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html

 

NEW QUESTION 45
......

Get instant access to AWS-Solutions-Architect-Associate practice exam questions: https://drive.google.com/open?id=1124un2JaZ_MnT0u8TENU7dF29y9S4V68

The best AWS-Solutions-Architect-Associate exam study material and preparation tool is here: https://www.examstorrent.com/AWS-Solutions-Architect-Associate-exam-dumps-torrent.html