SAA-C02 Part 1
Notes: Hi all, We’re sharing AWS Solutions Architect Associate (SAA-C02) Practice Exam Part 1 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take the AWS Solutions Architect Associate SAA-C02 Actual Exam Version because it include actual exam questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
1. A university is running an internal web application on AWS that students can access from the university network to check their exam results. The web application runs on Amazon EC2 instances and pulls results from an Amazon DynamoDB table. Auto Scaling is currently configured to add a new web server when CPU greater than 80% for 5 minutes. DynamoDB is configured to increase both read and write capacity units by five when utilization is greater than 80%. Exam are released at 9:00 a.m, each Monday, and 80% of students attempt to access their unique results within the first 30 minutes. Despite Auto Scaling enabled, students are complaining of slow response times and errors when they view the site. There are no performance complaints after 9:30 am. Which recommendation should a Solutions Architect make to improve performance in a cost-effective manner?
- Scale out the EC2 instances to ensure that the environment scales up and down based on the highest load
- Implement Amazon DynamoDB Accelerator to improve database performance and remove the need to scale the read/write units.
- Use a scheduled job to scale out EC2 before 9:00 am on Monday and to scale down after 9:30 am
- Use Amazon cloudfront to cache web request and reduce the load on EC2 and DynamoDB
2. A company wants to organize the contents of multiple websites in managed file storage. The company must be able to scale the storage based on demand without needing to provision storage. Multiple servers should be able to access this storage concurrently . Which services should the Solutions Architect recommend?
- Amazon S3
- Amazon EBS
- Amazon EFS
- AWS Storage Gateway-volume gateway
3. A company has an Amazon RDS database backing its production website. The sales team needs to run queries against the database to track training program effectiveness. Queries against the production database cannot impact performance, and the solution must be easy to maintain. How can these requirements be met?
- Use an Amazon Redshift database. Copy the production database into Redshift and allow the team to query it.
- Use an Amazon RDS read replica of the production database and allow the team to query against it.
- Use multiple Amazon EC2 instances running replicas of the production database, placed behind a load balancer.
- Use an Amazon DynamoDB table to store a copy of the data.
4. A media company has deployed a multi-tier architecture on AWS. Web servers are deployed in two Availability Zones using an Auto Scaling group with AutoScaling termination policy. The web servers Auto Scaling group currently has 15 instances running. Which instance will be terminated first during a scale-in operation?
- The instance with the oldest launch configuration
- The instance in the availability zone that has most instances
- The instance closest to the next billing hour
- The oldest instance in the group
5. A company has a legal requirement to store point-in-time copies of its Amazon RDS PostGreSQL database instance in facilities that are at least 200 miles apart. Use of which of the following provides the easiest way to comply with this requirement?
- Cross-region read replica
- Multiple Availability Zone snapshot copy
- Multiple Availability Zone read replica
- Cross-region snapshot copy
6. A company has asked a Solutions Architect to ensure that data is protected during data transfer to and from Amazon S3 Use of which service will protect the data in transit?
- AWS KMS
7. A Solutions Architect must design a storage solution for incoming billing reports in CSV format. The data does not need to be scanned frequently and Is discarded after 30 days. Which service will be MOST cost-effective in meeting these requirements?
- Import the logs into an RDS MySQL instance
- Use AWS Data pipeline to import the logs into a DynamoDB table
- Write the files to an S3 bucket and use Amazon Athena to query the data
- Import the logs to an Amazon Redshift cluster
8. A data-processing application runs on an i3.large EC2 instance with a single 100-GB EBS gp2 volume. The application stores temporary data in a small database( less than 30GB ) located on the EBS root volume. The application is struggling to process the data fast enough and a Solutions Architect has determined that the I/O speed of the temporary database is the bottleneck. What is the MOST cost-efficient way to improve the database response times?
- Enable EBS optimization on the instance and keep the temporary files on the temporary files on the existing volume.
- Put the temporary database on a new 50GB EBS gp2 volume
- Move the temporary database onto instance storage
- Put the temporary database on a new 50-GB EBS io1 volume with a 3-K IOPS provision
9. A large media site has multiple applications in Amazon ECS. A Solutions Architect needs to use content metadata and route traffic to specific services. What is the MOST efficient method to perform this task?
- Use and AWS Classic Load Balancer with a host-based routing option to route traffic to the correct service
- Use the AWS CLI to update Amazon Route 53 hosted zone to route traffic as services get updated.
- Use an AWS Application Load Balancer with host-based routing option to route traffic to the correct service.
- Use Amazon Cloudfront to manage and route traffic to the correct service.
10. A workload in an Amazon VPC consists of a single web server launched from a custom AMI. Session state is stored in a database. How should the Solutions Architect modify this workload to be both highly available and scalable?
- Create a launch configuration with a desired capacity of two web servers across multiple Availability Zones. Create an Auto Scaling group with the AMI ID of the web server image. Use Amazon Route 53 latency-based routing to balance traffic across the Auto Scaling group
- Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration , and a desired capacity of two web servers across multiple regions. Use an Application Load Balancer (ALB) to balance traffic across the Auto Scaling group.
- Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use an ALB to balance traffic across the Auto Scaling group
- Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration and a desired capacity of two web servers across multiple AZ. Use Route 53 weighted routing to balance traffic across the Auto Scaling group.
11. An application runs in a VPC on Amazon EC2 instances behind an Application Load Balancer. Traffic to the EC2 instances must be limited from the Application Load Balancer. Based on these requirements, the security group configuration should only allow traffic from
- The public IPs of the ALB nodes
- The Ip range of the ALB subnets
- The security group attached to the ALB
- The VPC CIDR
12. A solutions architect is defining a shared Amazon S3 bucket where corporate applications will save objects. How can the Architect ensure that when an application uploads an object to the Amazon S3 bucket, the object is encrypted?
- Set a CORS configuration
- Set a bucket policy to encrypt all Amazon S3 objects
- Enable default encryption on the bucket
- Set permissions for users
13. A company has an application that uses Amazon Cloudfront for content that is hosted on an Amazon S3 bucket. After an unexpected refresh , the users seeing old content. Which steps should the Solution Architect take to ensure that new content is displayed?
- Perform a cache refresh on the Cloudfront distribution that is serving the content
- Perform an invalidation on the Cloudfront distribution that is serving the content
- Create a new cache behavior path with the updated content
- Change the TTL value for removing the old objects.
14. An application that runs on an Amazon EC2 instance must make secure calls to Amazon S3 buckets. Which steps can a Solutions Architect take to ensure that the calls are made without exposing credentials?
- Generate an access key ID and a secret key, and assign an IAM role with least privilege
- Create an IAM policy granting access to all services and assign it to the Amazon EC2 instance profile
- Create an IAM role granting least privilege and assign it to the Amazon EC2 instance profile
- Generate temporary access keys to grant users temporary access to the Amazon EC2 instance
15. A workload in an Amazon VPC consists of an Elastic Load Balancer that distributes incoming requests across a fleet of six Amazon EC2 instances. Each instances stores and retrieves data from an Amazon DynamoDB table. Which of the following provisions will ensure that this workload is highly available?
- Provision DynamoDB tables across a minimum of two Availability Zones
- Provision the EC2 instances evenly across a minimum of two AZ in two regions
- Provision the EC2 instances evenly across a minimum of two AZ in a single region
- Provision the ELB to distribute connections across multiple AZ
16. A Solution Architect is designing a three-tier web application that will allow customers to upload pictures from a mobile application. The application will then generate a thumbnail of the picture and return a message to the user confirming that the image was successfully uploaded. Generation of the thumbnail may take up to 5 seconds. To provide a sub second response time to the customers uploading the images, the solutions architect wants to separate the web tier from the application tier. Which service would allow the presentation tier to asynchronously dispatch the request to the application tier?
- AWS Steps Functions
- AWS Lambda
- Amazon SNS
- Amazon SQS
17. A Solutions Architect is designing a ride-sharing application. The application need consistent and single-digit millisecond latency. In addition, the application must integrate with a highly scalable and fully managed database service to track GPS coordinate and user data for all rides. Which database service should the Solutions Architect use to meet these performance requirements?
- Amazon RDS
- Amazon Redshift
- Amazon DynamoDB
- Amazon Aurora
18. A company has a Node.js application running on Amazon EC2 that currently retrieves data for customers from a DynamoDB table. The company is seeing many repeat queries for the same items, and the number of queries is continuing to increase as the application gains popularity. What solution will reduce the number of read capacity units (RCUs) required while minimizing the amount of refactoring that must be done to the application?
- Use Amazon ElasticCache to provide a caching layer
- Use a Lambda function to make concurrent request for caching
- Use Amazon DynamoDB Accelerator (DAX) to provide a caching layer
- Obtain reserved Capacity for Amazon DynamoDB to manage the increased number of queries
19. An application is used to process customer orders using an Amazon EC2 instance which saves the orders to an Amazon Aurora database. Occasionally when traffic is high the workload does not process orders fast enough. What will ensure that the orders are written to the database as quickly as possible?
- Use an ALB and an auto scaling group to distribute the load across multiple instances. Write orders to an Amazon SQS queue. Use EC2 instances in an AutoScaling group to read from the SQS queue and process orders into the database.
- Increase the instance size of the web server when traffic is high. Write orders as messages to Amazon SNS, ensuring the database is subscribed to the SNS topic.
- Use an ALB and an Auto Scaling group to distribute the load across multiple instances. Write orders to an SQS queue. When instances save spare CPU available, read from the SQS and process orders into the database.
- Use an ALB and an Auto Scaling group to distribute the load across multiple instances. Write orders as messages to SNS, ensuring that the database is subscribed to the SNS topic.
20. A retail company has sensors placed in its physical retail stores. The sensors send messages over HTTP when customers interact with in-store product. A Solutions Architect needs to implement a system for processing those sensor messages, the results must be available for the Data Analysis team. Which architecture should be used to meet these requirements?
- Implement an Amazon API Gateway to serve as the HTTP endpoint , Have the API Gateway trigger an AWS Lambda function to process the messages, and save the results to an Amazon DynamoDB table.
- Create an Amazon EC2 instance to serve as the HTTP endpoint and to process the messages. Save the results to Amazon S3 for the Data Analysis team to download.
- Use Amazon Route 53 to direct incoming sensor messages to a Lambda function to process the message and save the results to a Amazon DynamoDB table.
- Use AWS Direct Connect to connect sensors to DynamoDB so that data can be written directly to a DynamoDB table where it can be accessed by the Data Analysis team.
21. A company has an Amazon RDS-managed online transaction processing system that has very heavy read and write. The solutions architect notices throughput issues with the system. How can the responsiveness of the primary database be improved?
- Use asynchronous replication for standby to maximize throughput during peak demand
- Offload SELECT queries that can tolerate stale data to READ replica
- Offload SELECT and UPDATE queries to READ replica
- Offload SELECT query that needs the most current data to READ replica
22. A company is using Amazon S3 as its local repository for weekly analysis reports. One of the company-wide requirements is to secure data at rest using encryption. The company chose Amazon S3 server-side encryption. The company wants to know how the object is decrypted when a GET request is issued. Which of the following answers this question?
- The user needs to place a PUT request to decrypt the object
- The user needs to decrypt the object using a private key
- Amazon S3 manage encryption and decryption automatically
- Amazon S3 provides a server-side key for decrypting the object
23. A company has an application that stores sensitive data. The company is required by government regulations to store multiple copies of its data. What would be the MOST resilient and cost-effective option to meet this requirement?
- Amazon EFS
- Amazon RDS
- AWS Storage Gateway
- Amazon S3
24. A Solutions Architect is building an application that will run for eight hours, Monday through Friday. This application will also run a weekly batch process every Saturday night that consistently takes four hours to complete. Which the MOST cost-effective compute solution?
- Spot instances
- Standard Reserved instances
- On-Demand Instances
- Scheduled Reserved Instances
25. An organization has a 3-tier architecture. It uses an Apache web server and an application is running on the Docker platform with Amazon RDS on the backend. The organization wants to migrate the application to AWS and does not want to be responsible for deployment, scalability or capacity provisioning of its resources. Which service should be used to meet these requirements?
- AWS OpWorks
- Amazon EC2 Elastic Container Service
- AWS Elastic Beanstalk
- AWS CloudFormation
26. An application is used by thousands of concurrent users. Eighty percent of users access the same content inside the Amazon RDS multi-AZ database. How can the overall performance of the database queries be improved?
- Use an Amazon Redshift cluster
- Use Amazon Cloudfront in front of RDS
- Use Amazon ElastiCache in front of RDS
- Use Amazon DynamoDB to store the most queried information
27. A Solutions Architect must create a solution where by user access to multiple Amazon Aurora MySQL databases is securely managed with short-lived connect credentials. How can the Solutions Architect meet these requirements?
- Create a database user to run the GRANT statement with a short-lived token
- Create the user account to use the AWS-provided AWS AuthenticationPlugin with IAM
- Use AWS System Manager to securely save the connection secrets, and use the secrets while connecting
- Use AWS KMS to securely save the connection secrets and use the secrets while connecting
28. A customer has service based out of Oregon US and Paris, France. The application is storing data in an S3 bucket located in Oregon and that database updated frequently. The Paris office is experiencing slow response times when retrieving objects. What should a Solutions Architect do to resolve the slow response times for the Paris office?
- Set up an S3 bucket based in Paris and enable cross-region replication from the Oregon bucket to the Paris bucket
- Create an Application Load Balancer that load balances data retrieval between the Oregon S3 bucket and a new Paris S3 bucket
- Create an Amazon Cloudfront distribution with the bucket located in Oregon as the origin and set the Maximum Time to Live (TTL) for cache behavior to 0
- Set up an S3 bucket based in Paris and enable a lifecycle management rule to transition data from the Oregon bucket to the Paris bucket.
29. An online company wants to conduct real-time sentiment analysis about its products from its social media channels using SQL. Which of the following solutions has the LOWEST cost and operational burden?
- Set up a streaming data ingestion application on Amazon EC2 and connect it to a Hadoop cluster for data processing. Send the output to Amazon S3 and use Amazon Athena to analyze the data
- Configure the input stream using Amazon Kinesis Data streams. Use Amazon Kinesis Data Analytics to write SQL queries against the stream.
- Configure the input stream using Amazon Kinesis Data Streams. Use Amazon Kinesis Data Firehose to send data to an Amazon Redshift cluster and then query directly against Amazon Redshift.
- Set up a streaming data ingestion application on Amazon EC2 and send the output to Amazon S3 using Kinesis Data Firehose. Use Athena to analyze the data.
30. A customer has a legacy application with a large amount of data. The files accessed by the application are approximately 10GB each, but are rarely accessed. However,When files are accessed, they are retrieved sequentially. The customer is migrating the application to AWS and would like to use Amazon EC2 and Amazon EBS. What is the LEAST expensive EBS volume type for this use case?
- Cold HDD (sc1)
- Provisioned IOPS SSD (io1)
- General Purpose SSD (gp2)
- Throughput Optimized HDD (st1)
31. A Solutions Architect create an Amazon VPC with two public subnets and two private subnets. A corporate security mandate requires all Amazon EC2 instances be launched in a private subnet. However, when an EC2 instance running Apache on ports 80 and 443 is launched in the private subnet, no external internet traffic can connect with the server. What actions should be taken address this situation?
- Ensure the security group attached to the EC2 instance allows HTTP traffic on port 80 and HTTPS traffic on port 443. Ensure external DNS resolution directs to the IP address of the EC2 instance.
- Launch a NAT Gateway in the private subnet, change the default route to the NAT Gateway and attach a public EIP to the NAT Gateway Ensure external DNS resolution directs to the EIP address
- Launch an internet-facing ALB with the EC2 instance as its endpoint. Ensure external DNS resolution directs to the ALB
- Attach the EC2 instance to an Auto Scaling group in the private subnet. Ensure external DNS resolution directs to the Auto Scaling group.
32. A company has a web application with an Apache front end, a Memcached cache and a PostgreSQL database. The company also has a data warehouse that is accessed with standard SQL tools. The company would like to migrate the architecture to AWS with as little work as possible. Which of the following AWS services should a Solutions Architect recommend?
- Amazon ElastiCache and Amazon Redshift
- AWS Identity and Access Management (IAM) with AWS Lambda
- Amazon ElastiCache with Redis
- Amazon DynamoDB and Amazon ElastiCache
33. A credit card processing application, hosted on an on-premises server needs to communicate directly with a database hosted on an Amazon EC2 instance running in a private subnet of a VPC. Compliance requirements state that end-to-end communication should be encrypted. Which solution will ensure that this requirement is met?
- Use HTTPS for traffic over VPC peering between the VPC and the on-premise data center
- Use HTTPS for traffic over the internet between the on-premises server and the Amazon EC2 instance
- Use HTTPS for traffic over a VPN connection between the VPC and the on-premises datacenter
- Use HTTPS for traffic over gateway VPC endpoints that have been configured for the Amazon EC2 instance.
34. A company wants to migrate a three-tier web application to AWS. The company wants to control the placement of the instances and have visibility into underlying sockets and cores for licensing purposes. Which compute model should a Solutions Architect choose to accomplish this task?
- EC2 Reserved instances
- EC2 Spot instances
- EC2 Dedicated hosts
- EC2 Placement Groups
35. A company has a long-running image processing application that runs on Spot instances that will be terminated when interrupted. A highly available workload must be designed to respond to Spot instance interruption notices. The solution must include atwo-minute warning when there is not enough capacity. How can these requirements be met?
- Use Amazon Cloudwatch Events to invoke an AWS Lambda function that can launch On-Demand Instances.
- Regularly store data from the application on Amazon DynamoDB. Increase the maximum number of instances in the AWS Auto Scaling group.
- Manually place a bid for additional Spot Instances at a higher price in the same AWS Region and AZ
- Ensure that the Amazon Machine image associated with the application has the latest configurations for the launch configuration.
36. A Solutions Architect designed a system based on Amazon Kinesis Data Streams. After the workflow was put into production, the company noticed it performed slowly and identified Kinesis Data Streams as the problem. One of the streams has a total of 10 Mb/s throughput. What should the Solutions Architect recommend to improve performance?
- Use AWS Lambda to preprocess the data and transform the records into a simpler format, such as CSV
- Run the MergeShard command to reduce the number of shards that the consumer can more easily process
- Change the workflow to use Amazon Kinesis Data Firehose to gain a higher throughput
- Run the UpdateShardCount command to increase the number of shards in the stream
37. An application uses an Amazon SQS queue as a transport mechanism to deliver data to a group of EC2 instances for processing. The application owner wants to add a mechanism to archive the incoming data without modifying application code on the EC2 instances. How can this application be re-architecture to archive the data without modifying the processing instances?
- Trigger a Lambda function by using Amazon Cloudwatch Events to retrieve messages from the SQS queue and archive to Amazon S3
- Use an Amazon SNS topic to fan out the data to the SQS queue in addition to a Lambda function that records the data to an S3 bucket
- Set up an Amazon Kinesis Data Stream so that multiple instances can receive data. Add a separate EC2 instance that it configured to archive all data it receives
- Write the data to an S3 bucket and use an SQS queue for S3 event notifications to tell the instances where to retrieve the data
38. A solutions architect is designing a web application for document sharing .The users will upload documents that are then made available to other users. There will be tens of thousands of these documents. What is the MOST cost-effective storage solution?
- Amazon EFS
- Amazon S3
- Amazon Glacier
- Amazon EBS
39. A company is looking for a fully-managed solution to store its players state information for a rapidly growing game. The application runs on multiple Amazon EC2 nodes. Which can scale according to the incoming traffic. The request can be routed to any of the nodes, therefore the state information must be stored in a centralized database. The players state information needs to be read with strong consistency and needs conditional updates for any changes. Which service would be MOST cost-effective and scale seamlessly?
- Amazon S3
- Amazon DynamoDB
- Amazon RDS
- Amazon Redshift
40. An application stores data in an Amazon RDS PostgreSQL Multi-AZ database instance. The ratio of read requests to write requests is about 2 to 1. Recent increases in traffic are causing very high latency. How can this problem be corrected?
- Create a similar RDS PostgreSQL instance and direct all traffic to it
- Use the secondary instance of the Multiple Availability Zone for read traffic only
- Create a read replica and send half of all traffic to it
- Create a read replica and send all read traffic to it
41. A Solutions Architect needs to design a centralized logging solution for a group of web applications running on Amazon EC2 instances. The solution requires minimal development effort due to budget constraints. Which of the following should the Architect recommend?
- Create a crontab job script in each instance to push the logs regularly to Amazon S3
- Install and configure Amazon Cloudwatch Logs agent in the Amazon EC2
- Enable Amazon Cloudwatch Events in the AWS Management Console.
- Enable AWS Cloudtrail to map all API calls invoked by the application
42. A company has two different types of reporting needs on their 200-GB data warehouse;
– Data scientists run a small number of concurrent ad-hoc SQL queries that can take several minutes each to run.
– Display screens throughout the company run many fast SQL queries to populate dashboards,
Which design would meet these requirements with the LEAST cost?
- A. Replicate relevant data between Amazon Redshift and Amazon DynamoDB. Data scientists use Redshift. Dashboards use DynamoDB
- B. Configure auto-replication between Amazon Redshift and Amazon RDS, Data scientists use Redshift. Dashboards use RDS
- C. Use Amazon Redshift for both requirements, with separate query queues configured in workload management.
- D. Use Amazon Redshift for Data Scientists, Run automated dashboard queries against Redshift and store the results in Amazon ElastiCache, Dashboards query Elastic Cache.
43. A Solutions Architect needs to deploy an HTTP/HTTPS service on Amazon EC2 instances with support for WebSockets using load balancers. How can the Architect meet these requirements?
- A. Configure a Network Load balancer.
- B. Configure an Application Load Balancer.
- C. Configure a Classic Load Balancer.
- D. Configure a Layer-4 Load Balancer.
44. A Solutions Architect is planning a new web application in an Amazon VPC. The customer has specified that the architecture for the new web application must include the Capability of sharing session state among a highly available group of web servers. To fulfill this requirement, the Solutions Architect should.
- A. Deliver session state as messages in the Amazon SQS queue.
- B. Enable session state on Amazon CloudFront.
- C. Store session state in Amazon ElastiCache
- D. Provide session state through ElastiC Load Balancing sticky sessions
45. A web application runs on 10 EC2 instances launched from single customer Amazon Machine Image (AMI). The EC2 instances are behind an internet Application Load Balancer. Amazon Route 53 provides DNS for the application. How should a Solutions Architect automate recovery Men a web server instance stops replying to requests?
- A. Launch the instances in an Auto Scaling group with an Elastic Load Balancing health check.
- B. Launch instances in multiple Availability Zones and set the load balancer to Multi-AZ
- C. Add CloudWatch alarm actions for each instance to restart if the Status Check (Any) fails
- D. Add Route 53 records for each instances With vary instance health check
46. A Solutions Architect is concerned that the current security group rules for a database tier are too permissive and may permit requests that should be restricted. Below are the current Security group permissions for the database tier:
– Protocol: TCP
– Port Range: 1433 (MS SQL)
– Source: ALL
Currently, the only identified resource that needs to connect to the databases the application tier consisting of an Auto Scaling group of EC2 instances. What changes can be made to this security group that would offer the users LEAST privilege?
- A. Change the source to -1 to remove source lP addresses Previously unseen
- B. Change the source to the VPC CIDR block
- C. Change the source to the application instances IDs.
- D. Change the source to the security group ID attached to the application instances.
47. Which requirements must be met in order for a Solutions Architect to specify that an Amazon EC2 instance should stop rather than terminate its Spot Instance is interrupted? (Select TWO.)
- A. The Spot Instance request type must be one-time.
- B. The Spot Instance request type must be persistent.
- C. The root volume must be an Amazon EBS volume
- D. The root volume must be an instance store volume.
- E. The launch configuration is changed.
48. A Solutions Architect needs to deploy a node.js-based web application that is highly available and scales automatically. The Marketing team needs to roll back on application releases quickly, and they need to have an operational dashboard. The Marketing team does not want to manage deployment of OS patches to the Linux servers. Use Of which service will satisfied these requirements?
- A. Amazon EC2
- B. Amazon API Gateway
- C. AWS Elastic Beanstalk
- D. Amazon EC2 Container Service
49. A company is creating an application that allows users to share uploaded files with other users. They have configured an S3 bucket, Vtere the files are uploaded and stored to grant access to only an Amazon CloudFront distribution. The company is now asking the Solutions Architect to determine a strategy to secure the static files so that they are shared only with the users that the file owner has allowed. What should the Solutions Architect recommend to secure the static files and prevent unauthorized access?
- A. Use the application to create temporary access and secret keys by using AWS STS Assume Role with the policy parameter,
- B. Use the application instances to create a CloudFront signed URL,
- C. Use the application instances to create an S3 pre-signed URL
- D. Create a CloudFront origin access identity (OAI) for each user, and set the bucket policy for each OAI based on user request
50. A Solutions Architect has been asked to deliver video content stored on Amazon S3 to specific users from Amazon CloudFront while restricting access by unauthorized users. How can the Architect implement a solution to meet these requirements?
- A. Configure CloudFront to use signed-URLs to access Amazon S3
- B. Store the videos as private objects in Amazon S3 and let CloudFront serve the objects by using only Origin Access Identity (OAI)
- C. Use Amazon S3 static website as the origin of CloudFront, and configure CloudFront to deliver the videos by generating a signed URL for users
- D. Use OAI for CloudFront to access private S3 objects and select the Restrict Viewer Access option in CloudFront cache behavior to use signed URLs.
51. What conditions could cause a Multi-AZ Amazon RDS failover to occur? (Select TWO)
- A. The RDS instance is stopped manually.
- B. A replica of the RDS instance is created in a different region.
- C. An Availability Zone becomes unavailable.
- D. Another master user is created.
- E. A failure of the primary database instance.
52. A company has an application that accesses a MySQL database installed on a single EC2 instance. The instance recently experienced a fault and brought down the entire application for several hours. The company wants to address the issue but is concerned about spending too much time modifying application code or managing the legacy application. What should the Solutions Architect recommend to remove this single point of failure with the FEWEST changes to the application code and the LEAST amount of administrative effort?
- A. Implement a caching layer by using Amazon ElastiCache to store query results of frequently accessed information.
- B. Deploy a second EC2 instance with kilsea installed, and configure replication between this instance and the existing MySQL instance.
- C. Migrate the database to an RDS MySQL Multi-AZ DB instance, and point the application servers to the new RDS instance.
- D. Create a DynamoDB table to use as a cache layer, and update the application to query data from Amazon DynamoDB before querying MySQL.
53. A Solutions Architect needs to design an Amazon RDS for MySQL solution whereby users must be authenticated using only SSL connections. How should the Solutions Architect design the solution?
- A. Only allow SSL connections through a VPC security group.
- B. Use GRANT and ALTER commands with the REQUIRE SSL option for the user.
- C. Connect with a MySQL client that references the public key.
- D. Ensure that the SSL parameters are set in the parameter group at launch.
54. A company’s policy requires that all date stored in Amazon S3 is encrypted. The company wants to use the option with the least overhead and does not want to manage any encryption keys. Which of the following options will meet the company’s requirements?
- A. AWS CloudHSM
- B. AWS Trusted Advisor
- C. Server Side Encryption (SSE-S3)
- D. Server Side Encryption (SSE-KMS)
55. A team is launching a marketing campaign and the peak database read activity in Amazon Aurora for MySQL is expected to increase. A Solutions Architect decides to add two Read Replicas to the cluster. How should the Solutions Architect ensure that the connections for read activities are load balanced?
- A. Reader endpoint for Amazon Aurora
- B. Cluster endpoint for Amazon Aurora
- C. Primary DB instance endpoint for Amazon Aurora
- D. Replica DB instances endpoint for Aurora.
56. A team is building an application that must persist and index JSON files in a highly-available data store. Latency of data access must remain consistent despite very high application traffic. Which service should the team choose?
- Amazon EFS
- Amazon Redshift
- AWS Cloudformation
57. A company is migrating an on-premise 10TB MySQL database to AWS. The company expects the database to quadruple in size and the business requirement is that replica lag must be kept under 100 milliseconds. Which Amazon RDS engine meet these requirements?
- Microsoft SQL server
- Amazon Aurora
58. A Solutions Architect is designing a highly-scalable system to track records. Record must remain available for immediate download for three months and then the records must be deleted. What is the most appropriate decision for this use case?
- Store the files on Amazon EBS, and create a life cycle policy to remove the files after three months
- Store the files in Amazon S3 and create a lifecycle policy to remove the files after three months.
- Store the files in Amazon Glacier and create a lifecycle policy to remove the files after three months.
- Store the files on Amazon EFS and create a lifecycle policy to remove the files after three months.
59. A company is implementing a data lake solution on Amazon S3. Its security policy mandates that the data stored in Amazon S3 should be encrypted at rest. Which options can achieve this? (Select TWO.)
- Use S3 server-side encryption with an Amazon EC2 key pair.
- Use S3 server-side encryption with customer-provided keys (SSE-C).
- Use S3 bucket policies to restrict access to the data at rest.
- Use client-side encryption before ingesting the data to Amazon S3 using encryption keys.
- Use SSL to encrypt the data while in transit to Amazon S3.
60. A photo-sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An Amazon DynamoDB table maintains the locations of photos, and thumbnails are easily recreated from the originals if they are accidentally deleted. How should the thumbnail images be stored to ensure the LOWEST cost?
- Amazon S3 Standard-Infrequent Access (S3 Standard-IA) with cross-region replication
- Amazon S3
- Amazon Glacier
- Amazon S3 with cross-region replication