SAA-C02 Exam - AWS Certified Solutions Architect - Associate (SAA-C02)

NEW QUESTION 1
A company has a two-tier application architecture that runs in public and private subnets Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet The web application instances and the database are running in a single Availability Zone (AZ).
Which combination of steps should a solutions architect take to provide high availability for this architecture? (Select TWO.)

• A. Create new public and private subnets in the same AZ for high availability
• B. Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs
• C. Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer
• D. Create new public and private subnets in a new AZ Create a database using Amazon EC2 in one AZ
• E. Create new public and private subnets in the same VPC each in a new AZ Migrate the database to an Amazon RDS multi-AZ deployment

Answer: BE

NEW QUESTION 2
A media streaming company collects real-time data and stores it in a disk-optimized database system The company is not getting the expected throughput and wants an in-memory database storage solution that performs faster and provides high availability using data replication.
Which database should a solutions architect recommend'?

• A. Amazon RDS for MySQL
• B. Amazon RDS for PostgreSQL
• C. Amazon ElastiCache for Redis
• D. Amazon ElastiCache for Memcached

Answer: C

NEW QUESTION 3
A start-up company has a web application based in the us-east-1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones. As the company’s user base grows in the us-west-1 Region, it needs a solution with low latency and high availability.
What should a solutions architect do to accomplish this?

• A. Provision EC2 instances in us-west-1. Switch the Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing.
• B. Provision EC2 instances and an Application Load Balancer in us-west-1. Make the load balancer distribute the traffic based on the location of the request.
• C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.
• D. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Configure Amazon Route 53 with a weighted routing polic
• E. Create alias records in Route 53 that point to the Application Load Balancer.

Answer: B

NEW QUESTION 4
A solutions architect is designing a high performance computing (HPC) workload on Amazon EC2 The EC2 instances need to communicate to each other frequently and require network performance with low latency and high throughput
Which EC2 configuration meets these requirements'?

• A. Launch the EC2 instances in a cluster placement group in one Availability Zone
• B. Launch the EC2 instances in a spread placement group in one Availability Zone
• C. Launch the EC2 instances in an Auto Scaling group in two Regions and peer the VPCs
• D. Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones

Answer: A

NEW QUESTION 5
A company built a food ordering application that captures user data and stores it for future analysis The application's static front end is deployed on an Amazon EC2 instance The front-end application sends the requests to the backend application running on separate EC2 instance The backend application then stores the data in Amazon RDS
What should a solutions architect do to decouple the architecture and make it scalable''

• A. Use Amazon S3 to serve the front-end application which sends requests to Amazon EC2 to execute the backend application The backend application will process and store the data in Amazon RDS
• B. Use Amazon S3 to serve the front-end application and write requests to an Amazon Simple Notification Service (Amazon SNS) topic Subscribe Amazon EC2 instances to the HTTP/HTTPS endpoint of the topic and process and store the data in Amazon RDS
• C. Use an EC2 instance to serve the front end and write requests to an Amazon SQS queue Place the backend instance in an Auto Scaling group and scale based on the queue depth to process and store the data in Amazon RDS
• D. Use Amazon S3 to serve the static front-end application and send requests to Amazon API Gateway which writes the requests to an Amazon SQS queue Place the backend instances in an Auto Scaling group and scale based on the queue depth to process and store the data in Amazon RDS

Answer: D

NEW QUESTION 6
A recently acquired company is required to buikl its own infrastructure on AWS and migrate multiple applications to the cloud within a month Each application has approximately 50 TB of data to be transferred After the migration is complete this company and its parent company will both require secure network connectivity with consistent throughput from their data centers to the applications A solutions architect must ensure one-time data migration and ongoing network connectivity
Which solution will meet these requirements''

• A. AWS Direct Connect for both the initial transfer and ongoing connectivity
• B. AWS Site-to-Site VPN for both the initial transfer and ongoing connectivity
• C. AWS Snowball for the initial transfer and AWS Direct Connect for ongoing connectivity
• D. AWS Snowball for the initial transfer and AWS Site-to-Site VPN for ongoing connectivity

Answer: C

NEW QUESTION 7
A company allows its developers to attach existing 1AM policies to existing 1AM roles to enable (aster experimentation and agility However the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies
How should a solutions architect address this issue?

• A. Create an Amazon SNS topic to send an alert every time a developer creates a new policy
• B. Use service control policies to disable IAM activity across all accounts in the organizational unit
• C. Prevent the developers from attaching any policies and assign all 1AM duties to the security operations team
• D. Set an IAM permissions boundary on the developer 1AM role that explicitly denies attaching the administrator policy

Answer: D

Explanation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

NEW QUESTION 8
An application running on AWS uses an Amazon Aurora Multi-AZ deployment for its database When evaluating performance metrics, a solutions architect discovered that the database reads are causing high I/O and adding latency to the write requests against the database
What should the solutions architect do to separate the read requests from the write requests?

• A. Enable read-through caching on the Amazon Aurora database
• B. Update the application to read from the Multi-AZ standby instance
• C. Create a read replica and modify the application to use the appropriate endpoint
• D. Create a second Amazon Aurora database and link it to the primary database as a read replica.

Answer: C

NEW QUESTION 9
A company’s web application uses an Amazon RDS PostgreSQL DB instance to store its application data. During the financial closing period at the start of every month. Accountants run large queries that impact the database's performance due to high usage. The company wants to minimize the impact that the reporting activity has on the web application.
What should a solutions architect do to reduce the impact on the database with the LEAST amount of effort?

• A. Create a read replica and direct reporting traffic to the replica.
• B. Create a Multi-AZ database and direct reporting traffic to the standby.
• C. Create a cross-Region read replica and direct reporting traffic to the replica.
• D. Create an Amazon Redshift database and direct reporting traffic to the Amazon Redshift database.

Answer: B

NEW QUESTION 10
A company has on-premises servers running a relational database The current database serves high read traffic for users in different locations The company wants to migrate to AWS with the least amount of effort The database solution should support disaster recovery and not affect the company's current traffic flow.
Which solution meets these requirements?

• A. Use a database in Amazon RDS with Multi-AZ and at least one read replica
• B. Use a database in Amazon RDS with Multi-AZ and at least one standby replica
• C. Use databases hosted on multiple Amazon EC2 instances in different AWS Regions
• D. Use databases hosted on Amazon EC2 instances behind an Application Load Balancer in different Availability Zones

Answer: A

NEW QUESTION 11
A company's legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption Due to new compliance requirements, all existing and new data in this database must be encrypted
How should this be accomplished?

• A. Create an Amazon S3 bucket with server-side encryption enabled Move all the data to Amazon S3 Delete the RDS instance
• B. Enable RDS Multi-AZ mode with encryption at rest enabled Perform a failover to the standby instance to delete the original instance
• C. Take a snapshot of the RDS instance Create an encrypted copy of the snapshot Restore the RDS instance from the encrypted snapshot
• D. Create an RDS read replica with encryption at rest enabled Promote the read replica to master and switch the application over to the new master Delete the old RDS instance.

Answer: C

NEW QUESTION 12
A company's application is running on Amazon EC2 instances within an Auto Scaling group behind an Elastic Load Balancer Based on the application's history, the company anticipates a spike in traffic during a holiday each year A solutions architect must design a strategy to ensure that the Auto Scaling group proactively increases capacity to minimize any performance impact on application users
Which solution will meet these requirements?

• A. Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization exceeds 90%
• B. Create a recurring scheduled action to scale up the Auto Scaling group before the expected period of peak demand
• C. Increase the minimum and maximum number of EC2 instances in the Auto Scaling group during the peak demand period
• D. Configure an Amazon Simple Notification Service (Amazon SNS) notification to send alerts when there are auto scaling EC2_INSTANCE_LAUNCH events

Answer: B

NEW QUESTION 13
An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time.
What is the MOST secure way to do this?

• A. Enable public read on the S3 object and provide the link to the vendor.
• B. Upload the file to Amazon WorkDocs and share the public link with the vendor.
• C. Generate a presigned URL and have the vendor download the log file before it expires.
• D. Create an IAM user for the vendor to provide access to the S3 bucket and the applicatio
• E. Enforce multifactor authentication.

Answer: C

NEW QUESTION 14
A solutions architect at an ecommerce company wants to back up application log data to Amazon S3 The solutions architect is unsure how frequently the logs will be accessed or which logs will be accessed the most The company wants to keep costs as low as possible by using the appropriate S3 storage class.
Which S3 storage class should be implemented to meet these requirements?

• A. S3 Glacier
• B. S3 Intelligent-Tiering
• C. S3 Standard-Infrequent Access (S3 Standard-IA)
• D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: D

Explanation:
S3 One Zone-IA is for data that is accessed less frequently, but requires rapid access when needed. Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA. S3 One Zone-IA is ideal for customers who want a lower-cost option for infrequently accessed data but do not require the availability and resilience of S3 Standard or S3 Standard-IA. It’s a good choice for storing secondary backup copies of on-premises data or easily re-creatable data. You can also use it as cost-effective storage for data that is replicated from another AWS Region using S3 Cross-Region Replication.

NEW QUESTION 15
A company is hosting a web application on AWS using a single Amazon EC2 instance that stores
user-uploaded documents in an Amazon EBS volume For better scalability and availability the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone: placing both behind an Application Load Balancer After completing this change users reported that each time they refreshed the website they could see one subset of their documents or the other but never all of the documents at the same time
What should a solutions architect propose to ensure users see all of their documents at once''

• A. Copy the data so both EBS volumes contain all the documents
• B. Configure the Application Load Balancer to direct a user to the server with the documents
• C. Copy the data from both EBS volumes to Amazon EFS Modify the application to save new documents to Amazon EPS
• D. Configure the Application Load Balancer to send the request to both servers Return each document from the correct server

Answer: C

NEW QUESTION 16
Organizers for a global event want to put daily reports online as static HTML pages The pages are expected to generate millions of views from users around the world The files are stored in an Amazon S3 bucket A solutions architect has been asked to design an efficient and effective solution
Which action should the solutions architect take to accomplish this?

• A. Generate presigned URLs for the files
• B. Use cross-Region replication to all Regions
• C. Use the geoproximity feature of Amazon Route 53
• D. Use Amazon CloudFront with the S3 bucket as its origin

Answer: D

NEW QUESTION 17
A solutions architect is implementing a document review application using an Amazon S3 bucket for storage
The solution must prevent accidental deletion of the documents and ensure that all versions of the documents are available Users must be able to download, modify, and upload documents
Which combination of actions should be taken to meet these requirements'? (Select TWO )

• A. Enable a read-only bucket ACL
• B. Enable versioning on the bucket
• C. Attach an 1AM policy to the bucket
• D. Enable MFA Delete on the bucket
• E. Encrypt the bucket using AWS KMS

Answer: BD

NEW QUESTION 18
A solutions architect is tasked with transferring 750 TB of data from a network-attached file system located at a branch office to Amazon S3 Glacier The solution must avoid saturating the branch office's low-bandwidth internet connection
What is the MOST cost-effective solution1?

• A. Create a site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly Create a bucket policy to enforce a VPC endpoint
• B. Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination Create a bucket policy to enforce a VPC endpoint
• C. Mount the network-attached file system to Amazon S3 and copy the files directl
• D. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier
• E. Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier

Answer: D

NEW QUESTION 19
A company runs an application on a group of Amazon Linux EC2 instances The application writes log files using standard API calls For compliance reasons, all log files must be retained indefinitely and will be analyzed by a reporting tool that must access all files concurrently
Which storage service should a solutions architect use to provide the MOST cost-effective solution?

• A. Amazon EBS
• B. Amazon EFS
• C. Amazon EC2 instance store
• D. Amazon S3

Answer: D

NEW QUESTION 20
An application runs on Amazon EC2 instances across multiple Availability Zones The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer The application performs best when the CPU utilization of the EC2 instances is at or near 40%
What should a solutions architect do to maintain the desired performance across all instances m the group?

• A. Use a simple scaling policy to dynamically scale the Auto Scaling group
• B. Use a target tracking policy to dynamically scale the Auto Scaling group
• C. Use an AWS Lambda function to update the desired Auto Scaling group capacity
• D. Use scheduled scaling actions to scale up and scale down the Auto Scaling group

Answer: D

NEW QUESTION 21
A solutions architect is optimizing a website for an upcoming musical event Videos of the performances will be streamed in real time and then will be available on demand The event is expected to attract a global online audience
Which service will improve the performance of both the real-time and on-demand streaming?

• A. Amazon CloudFront
• B. AWS Global Accelerator
• C. Amazon Route 53
• D. Amazon S3 Transfer Acceleration

Answer: A

NEW QUESTION 22
A manufacturing company wants to implement predictive maintenance on its machinery equipment The company will install thousands of loT sensors that will send data to AWS in real time A solutions architect is tasked with implementing a solution that will receive events in an ordered manner for each machinery asset and ensure that data is saved for further processing at a later time
Which solution would be MOST efficient?

• A. Use Amazon Kinesis Data Streams for real-time events with a partition for each equipment asset Use Amazon Kinesis Data Firehose to save data to Amazon S3
• B. Use Amazon Kinesis Data Streams for real-time events with a shard for each equipment asset Use Amazon Kinesis Data Firehose to save data to Amazon EBS
• C. Use an Amazon SQS FIFO queue for real-time events with one queue for each equipment asset Trigger an AWS Lambda function for the SQS queue to save data to Amazon EFS
• D. Use an Amazon SQS standard queue for real-time events with one queue for each equipment asset Trigger an AWS Lambda function from the SQS queue to save data to Amazon S3

Answer: A

NEW QUESTION 23
A company is planning to use Amazon S3 lo store images uploaded by its users The images must be encrypted at rest in Amazon S3 The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys
What should a solutions architect use to accomplish this?

• A. Server-Side Encryption with keys stored in an S3 bucket
• B. Server-Side Encryption with Customer-Provided Keys (SSE-C)
• C. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
• D. Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)

Answer: C

NEW QUESTION 24
A company's application is running on Amazon EC2 instances m a single Region in the event of a disaster a solutions architect needs to ensure that the resources can also be deployed to a second Region
Which combination of actions should the solutions architect take to accomplish this-? (Select TWO)

• A. Detach a volume on an EC2 instance and copy it to Amazon S3
• B. Launch a new EC2 instance from an Amazon Machine image (AMI) in a new Region
• C. Launch a new EC2 instance in a new Region and copy a volume from Amazon S3 to the new instance
• D. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination
• E. Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the destination Region using that EBS volume

Answer: BD

NEW QUESTION 25
A company's production application runs online transaction processing (OLTP) transactions on an Amazon RDS MySQL DB instance The company is launching a new reporting tool that will access the same data The reporting tool must be highly available and not impact the performance of the production application
How can this be achieved'?

• A. Create hourly snapshots of the production RDS DB instance
• B. Create a Multi-AZ RDS Read Replica of the production RDS DB instance
• C. Create multiple RDS Read Replicas of the production RDS DB instance Place the Read Replicas in an Auto Scaling group
• D. Create a Single-AZ RDS Read Replica of the production RDS DB instance Create a second Single-AZ RDS Read Replica from the replica

Answer: B

NEW QUESTION 26
......