pupu_5_1_merged

1/14/23, 4:03 AM AWS Certified Solutions Architect - Associate SAA-C02 Exam Questions and Answers - Page 5
P U P UWE B
AWS Certified Solutions Architect –

Associate SAA-C02 Exam Questions and
Answers – Page 5
The latest AWS Certified Solutions Architect – Associate SAA-C02 certification actual
real practice exam question and answer (Q&A) dumps are available free, which are
helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C02
exam and earn AWS Certified Solutions Architect – Associate SAA-C02 certification.
Exam Question 401

A company is running an online transaction processing (OLTP) workload on AWS. This
workload uses an unencrypted Amazon RDS DB instance in a Multi-AZ deployment.
Daily database snapshots are taken from this instance.
https://pupuweb.com/aws-saa-c02-actual-exam-question-answer-dumps-5/ 1/9
What should a solutions architect do to ensure the database and snapshots are always
encrypted moving forward?
A. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring

the encrypted snapshot.
B. Create a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy
the snapshots to it. Enable encryption on the DB instance.
C. Copy the snapshots and enable encryption using AWS Key Management Service
(AWS KMS). Restore encrypted snapshot to an existing DB instance.
D. Copy the snapshots to an Amazon S3 bucket that is encrypted using server-side
encryption with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS).
Correct Answer:
A. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring
the encrypted snapshot.
Exam Question 402

A company previously migrated its data warehouse solution to AWS. The company also
has an AWS Direct Connect connection. Corporate office users query the data
warehouse using a visualization tool. The average size of a query returned by the data
warehouse is 50 MB and each webpage sent by the visualization tool is approximately
500 KB. Result sets returned by the data warehouse are not cached.
Which solution provides the LOWEST data transfer egress cost for the company?
A. Host the visualization tool on-premises and query the data warehouse directly over
the internet.
B. Host the visualization tool in the same AWS Region as the data warehouse. Access it
over the internet.
C. Host the visualization tool on-premises and query the data warehouse directly over a
Direct Connect connection at a location in the same AWS Region.
D. Host the visualization tool in the same AWS Region as the data warehouse and
access it over a DirectConnect connection at a location in the same Region.
Correct Answer:
A. Host the visualization tool on premises and query the data warehouse directly over
the internet.
Exam Question 403

A mobile gaming company runs application servers on Amazon EC2 instances. The
servers receive updates from players every 15 minutes. The mobile game creates a
JSON object of the progress made in the game since the last update, and sends the
JSON object to an Application Load Balancer. As the mobile game is played, game
updates are being lost. The company wants to create a durable way to get the updates
in older.
What should a solutions architect recommend to decouple the system?
A. Use Amazon Kinesis Data Streams to capture the data and store the JSON object in
Amazon S3.
B. Use Amazon Kinesis Data Firehose to capture the data and store the JSON object in
Amazon S3.
C. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues to capture the data
and EC2 instances to process the messages in the queue.
D. Use Amazon Simple Notification Service (Amazon SNS) to capture the data and EC2
instances to process the messages sent to the Application Load Balancer.
Correct Answer:
C. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues to capture the data
and EC2 instances to process the messages in the queue.
Exam Question 404

A company has an application that runs on Amazon EC2 instances within a private
subnet in a VPC. The instances access data in an Amazon S3 bucket in the same AWS
Region. The VPC contains a NAT gateway in a public subnet to access the S3 bucket.
The company wants to reduce costs by replacing the NAT gateway without
compromising security or redundancy.
Which solution meets these requirements?
A. Replace the NAT gateway with a NAT instance.

B. Replace the NAT gateway with an internet gateway.
C. Replace the NAT gateway with a gateway VPC endpoint.
D. Replace the NAT gateway with an AWS Direct Connect connection.
Correct Answer:
C. Replace the NAT gateway with a gateway VPC endpoint.
Exam Question 405

A company has a dynamic web application hosted on two Amazon EC2 instances. The
company has its own SSL certificate, which is on each instance to perform SSL
termination.
There has been an increase in traffic recently, and the operations team determined that
SSL encryption and decryption is causing the compute capacity of the web servers to
reach their maximum limit.
What should a solutions architect do to increase the application’s performance?
A. Create a new SSL certificate using AWS Certificate Manager (ACM). Install the ACM
certificate on each instance.
B. Create an Amazon S3 bucket. Migrate the SSL certificate to the S3 bucket. Configure
the EC2 instances to reference the bucket for SSL termination.
C. Create another EC2 instance as a proxy server. Migrate the SSL certificate to the new
instance and configure it to direct connections to the existing EC2 instances.
D. Import the SSL certificate into AWS Certificate Manager (ACM). Create an Application
Load Balancer with an HTTPS listener that uses the SSL certificate from ACM.
Correct Answer:
D. Import the SSL certificate into AWS Certificate Manager (ACM). Create an Application
Load Balancer with an HTTPS listener that uses the SSL certificate from ACM.
Exam Question 406

A company has an application hosted on Amazon EC2 instances in two VPCs across
different AWS Regions. To communicate with each other, the instances use the internet
for connectivity. The security team wants to ensure that no communication between the
instances happens over the internet.
What should a solutions architect do to accomplish this?
A. Create a NAT gateway and update the route table of the EC2 instances’ subnet.
B. Create a VPC endpoint and update the route table of the EC2 instances’ subnet.
C. Create a VPN connection and update the route table of the EC2 instances’ subnet.
D. Create a VPC peering connection and update the route table of the EC2 instances’
subnet.
Correct Answer:
D. Create a VPC peering connection and update the route table of the EC2 instances’
subnet.
Exam Question 407

A company is preparing to store confidential data in Amazon S3. For compliance
reasons, the data must be encrypted at rest. Encryption key usage must be logged for
auditing purposes. Keys must be rotated every year.
Which solution meets these requirements and is the MOST operationally efficient?
A. Server-side encryption with customer-provided keys (SSE-C)

B. Server-side encryption with Amazon S3 managed keys (SSE-S3)
C. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with
manual rotation
D. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with
automatic rotation
Correct Answer:
D. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with
automatic rotation
Exam Question 408

A media company has an application that tracks user clicks on its websites and
performs analytics to provide near-real-time recommendations. The application has a
Heel of Amazon EC2 instances that receive data from the websites and send the data
to an Amazon RDS DB instance. Another fleet of EC2 instances hosts the portion of the
application that is continuously checking changes in the database and executing SQL
queries to provide recommendations. Management has requested a redesign to
decouple the infrastructure. The solution must ensure that data analysts are writing
SQL to analyze the data only No data can the lost during the deployment.
What should a solutions architect recommend?
A. Use Amazon Kinesis Data Streams to capture the data from the websites Kinesis
Data Firehose to persist the data on Amazon S3, and Amazon Athena to query the data.
B. Use Amazon Kinesis Data Streams to capture the data from the websites. Kinesis
Data Analytics to query the data, and Kinesis Data Firehose to persist the data on
Amazon S3.
C. Use Amazon Simple Queue Service (Amazon SQS) to capture the data from the
websites, keep the fleet of EC2 instances, and change to a bigger instance type in the
Auto Scaling group configuration.
D. Use Amazon Simple Notification Service (Amazon SNS) to receive data from the
websites and proxy the messages to AWS Lambda functions that execute the queries
and persist the data. Change Amazon RDS to Amazon Aurora Serverless to persist the
data.
Correct Answer:
B. Use Amazon Kinesis Data Streams to capture the data from the websites. Kinesis
Data Analytics to query the data, and Kinesis Data Firehose to persist the data on
Amazon S3.
Exam Question 409

A company has a mobile game that reads most of its metadata from an Amazon RDS
DB instance. As the game increased in popularity developers noticed slowdowns
related to the game’s metadata load times.
Performance metrics indicate that simply scaling the database will not help. A solutions
architect must explore all options that include capabilities for snapshots replication and
sub-millisecond response times.
What should the solutions architect recommend to solve these issues?
A. Migrate the database to Amazon Aurora with Aurora Replicas.

B. Migrate the database to Amazon DyramoDB with global tables.
C. Add an Amazon ElastiCache for Redis layer in front of the database.
D. Add an Amazon ElastiCache for Memcached layer in front of the database.
Correct Answer:
B. Migrate the database to Amazon DyramoDB with global tables.
Exam Question 410

A company is deploying an application in three AWS Regions using an Application Load
Balancer Amazon Route 53 will be used to distribute traffic between these Regions.
Which Route 53 configuration should a solutions architect use to provide the MOST
high-performing experience?
A. Create an A record with a latency policy.

B. Create an A record with a geolocation policy.
C. Create a CNAME record with a failover policy.
D. Create a CNAME record with a geoproximity policy.
Correct Answer:
A. Create an A record with a latency policy.
Published: June 11, 2021 - Last updated: December 4, 2021
Amazon, Exam
Home > AWS Certified Solutions Architect – Associate SAA-C02 Exam Questions and Answers – Page 5
Pages: 1 2 3 4 5 6 7 8 9 10
Tags
AWS
← AWS Certified Solutions Architect – Associate SAA-C02 Exam

Questions and Answers – Page 4
The Best Way to Keep Your Bitcoins Protected from Digital

Thievery →
Copyright © 2023 PUPUWEB
1/14/23, 4:04 AM AWS Certified Solutions Architect - Associate SAA-C02 Exam Questions and Answers - Page 5 - Page 2 of 10
P U P UWE B

Answers – Page 5
Exam Question 411

A company has a multi-tier application deployed on several Amazon EC2 instances in
an Auto Scaling group. An Amazon RDS for Oracle instance is the application, data layer
that uses Oracle-specific PSQL functions. Traffic to the application has been steadily
https://pupuweb.com/aws-saa-c02-actual-exam-question-answer-dumps-5/2/ 1/10
increasing. This is causing the EC2 instances to become overloaded and RDS instance
to run out of storage. The Auto Scaling group does not have any scaling metrics and
defines the minimum healthy instance count only. The company predicts that traffic will
continue to increase at a steady but unpredictable rate before leveling off.
What should a solutions architect do to ensure the system can automatically scale for
the increased traffic? (Choose two.)
A. Configure storage Auto Scaling on the RDS for Oracle instance.

B. Migrate the database to Amazon Aurora to use Auto Scaling storage.
C. Configure an alarm on the RDS for Oracle instance for low free storage space.
D. Configure the Auto Scaling group to use the average CPU as the scaling metric.
E. Configure the Auto Scaling group to use the average free memory as the scaling
metric.
Correct Answer:
A. Configure storage Auto Scaling on the RDS for Oracle instance.
C. Configure an alarm on the RDS for Oracle instance for low free storage space.
Exam Question 412

A company’s application runs on Amazon EC2 instances behind an Application Load
Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group across
multiple Availability Zones. On the first day of every month at midnight, the application
becomes much slower when the month-end financial calculation batch executes. This
causes the CPU utilization of the EC2 instances to immediately peak to 100%, which
disrupts the application.
What should a solutions architect recommend to ensure the application is able to

handle the workload and avoid downtime?
A. Configure an Amazon CloudFront distribution in front of the ALB.

B. Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization.
C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly
schedule.
D. Configure Amazon ElastiGache to remove some of the workload from the EC2
instances.
Correct Answer:
C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly
schedule.
Exam Question 413

A company wants to run its critical applications in containers to meet requirements for
scalability and availability. The company prefers to focus on maintenance of the critical
applications. The company does not want to be responsible for provisioning and
managing the underlying infrastructure that runs the containerized workload.
What should a solutions architect do to meet these requirements?
A. Use Amazon EC2 instances, and install Docker on the instances.

B. Use Amazon Elastic Container Service (Amazon ECS) on Amazon EC2 worker nodes.
C. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate.
D. Use Amazon EC2 instances from an Amazon Elastic Container Service (Amazon
ECS)-optimized Amazon Machine Image (AMI).
Correct Answer:
C. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate.
Exam Question 414

A company is designing a new application that runs in a VPC on Amazon EC2
instances. The application stores data in Amazon S3 and uses Amazon DynamoDB as
its database. For compliance reasons, the company prohibits all traffic between the EC2
instances and other AWS services from passing over the public internet.
What can a solutions architect do to meet this requirement?
A. Configure gateway VPC endpoints to Amazon S3 and DynamoDB.

B. Configure interface VPC endpoints to Amazon S3 and DynamoDB.
C. Configure a gateway VPC endpoint to Amazon S3. Configure an interface VPC
endpoint to DynamoDB.
D. Configure a gateway VPC endpoint to DynamoDB. Configure an interface VPC
endpoint to Amazon S3.
Correct Answer:
C. Configure a gateway VPC endpoint to Amazon S3. Configure an interface VPC
endpoint to DynamoDB.
Exam Question 415

A company’s security team requests that network traffic be captured in VPC Flow Logs.
The logs will be frequently accessed for 90 days and then accessed intermittently.
What should a solutions architect do to meet these requirements when configuring the
logs?
A. Use Amazon CloudWatch as the target. Set the CloudWatch log group with an
expiration of 90 days.
B. Use Amazon Kinesis as the target. Configure the Kinesis stream to always retain the
logs for 90 days.
C. Use AWS CloudTrail as the target. Configure CloudTrail to save to an Amazon S3
bucket, and enable S3 Intelligent-Tiering.
D. Use Amazon S3 as the target. Enable an S3 Lifecycle policy to transition the logs to
S3 StandardInfrequent Access (S3 Standard-IA) after 90 days.
Correct Answer:
D. Use Amazon S3 as the target. Enable an S3 Lifecycle policy to transition the logs to
S3 StandardInfrequent Access (S3 Standard-IA) after 90 days.
Exam Question 416
A company needs to provide its employees with secure access to confidential and
sensitive files. The company wants to ensure that the files can be accessed only by
authorized users. The files must be downloaded securely to the employees’ devices.
The files are stored in an on-premises Windows file server. However, due to an increase
in remote usage, the file server is running out of capacity.
Which solution will meet these requirements?
A. Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the
security group to limit inbound traffic to the employees’ IP addresses.
B. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the
Amazon FSx file system with the on-premises Active Directory. Configure AWS Client
VPN.
C. Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed
URL to allow download.
D. Migrate the files to Amazon S3, and create a public VPC endpoint. Allow employees
to sign on with AWS Single Sign-On.
Correct Answer:
C. Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed
Exam Question 417

A company hosts a multi-tier web application that uses an Amazon Aurora MySQL DB
cluster for storage. The application tier is hosted on Amazon EC2 instances. The
company’s IT security guidelines mandate that the database credentials be encrypted
and rotated every 14 days.
What should a solutions architect do to meet this requirement with the LEAST
operational effort?
A. Create a new AWS Key Management Service (AWS KMS) encryption key. Use AWS
Secrets Manager to create a new secret that uses the KMS key with the appropriate
credentials. Associate the secret with the Aurora DB cluster. Configure a custom
rotation period of 14 days.
B. Create two parameters in AWS Systems Manager Parameter Store: one for the user
name as a string parameter and one that uses the SecureString type for the password.
Select AWS Key Management Service (AWS KMS) encryption for the password
parameter, and load these parameters in the application tier. Implement an AWS
Lambda function that rotates the password every 14 days.
C. Store a file that contains the credentials in an AWS Key Management Service (AWS
KMS) encrypted Amazon Elastic File System (Amazon EFS) file system. Mount the EFS
file system in all EC2 instances of the application tier. Restrict the access to the file on
the file system so that the application can read the file and that only super users can
modify the file. Implement an AWS Lambda function that rotates the key in Aurora every
14 days and writes new credentials into the file.
D. Store a file that contains the credentials in an AWS Key Management Service (AWS
KMS) encrypted Amazon S3 bucket that the application uses to load the credentials.
Download the file to the application regularly to ensure that the correct credentials are
used. Implement an AWS Lambda function that rotates the Aurora credentials every 14
days and uploads these credentials to the file in the S3 bucket.
Correct Answer:
B. Create two parameters in AWS Systems Manager Parameter Store: one for the user
name as a string parameter and one that uses the SecureString type for the password.
Select AWS Key Management Service (AWS KMS) encryption for the password
parameter, and load these parameters in the application tier. Implement an AWS
Lambda function that rotates the password every 14 days.
Exam Question 418

A company is building an application that consists of several microservices. The
company has decided to use container technologies to deploy its software on AWS. The
company needs a solution that minimizes the amount of ongoing effort for
maintenance and scaling. The company cannot manage additional infrastructure.
Which combination of actions should a solutions architect take to meet these

requirements? (Choose two.)
A. Deploy an Amazon Elastic Container Service (Amazon ECS) cluster.

B. Deploy the Kubernetes control plane on Amazon EC2 instances that span multiple
Availability Zones.
C. Deploy an Amazon Elastic Container Service (Amazon ECS) service with an Amazon
EC2 launch type. Specify a desired task number level of greater than or equal to 2.
D. Deploy an Amazon Elastic Container Service (Amazon ECS) service with a Fargate
launch type. Specify a desired task number level of greater than or equal to 2.
E. Deploy Kubernetes worker nodes on Amazon EC2 instances that span multiple
Availability Zones. Create a deployment that specifies two or more replicas for each
microservice.
Correct Answer:
A. Deploy an Amazon Elastic Container Service (Amazon ECS) cluster.
B. Deploy the Kubernetes control plane on Amazon EC2 instances that span multiple
Availability Zones.
Exam Question 419

A company recently launched a new service that involves medical images. The
company scans the images and sends them from its on-premises data center through
an AWS Direct Connect connection to Amazon EC2 instances. After processing is
complete, the images are stored in an Amazon S3 bucket.
A company requirement states that the EC2 instances cannot be accessible through the
internet. The EC2 instances run in a private subnet, which has a default route back to
the on-premises data center for outbound internet access.
Usage of the new service is increasing rapidly. A solutions architect must recommend a
solution that meets the company’s requirements and reduces the Direct Connect
charges.
Which solution accomplishes these goals MOST cost-effectively?
A. Configure a VPC endpoint for Amazon S3. Add an entry to the private subnet’s route
table for the S3 endpoint.
B. Configure a NAT gateway in a public subnet. Configure the private subnet’s route
table to use the NAT gateway.
C. Configure Amazon S3 as a file system mount point on the EC2 instances. Access
Amazon S3 through the mount.
D. Move the EC2 instances into a public subnet. Configure the public subnet route table
to point to an internet gateway.
Correct Answer:
B. Configure a NAT gateway in a public subnet. Configure the private subnet’s route
table to use the NAT gateway.
Exam Question 420

A company is building an online multiplayer game. The game communicates by using
UDP, and low latency between the client and the backend is important. The backend is
hosted on Amazon EC2 instances that can be deployed to multiple AWS Regions to
meet demand. The company needs the game to be highly available so that users
around the world can access the game at all times.
A. Deploy Amazon CloudFront to support the global traffic. Configure CloudFront with
an origin group to allow access to EC2 instances in multiple Regions.
B. Deploy an Application Load Balancer in one Region to distribute traffic to EC2
instances in each Region that hosts the game’s backend instances.
C. Deploy Amazon CloudFront to support an origin access identity (OAI). Associate the
OAI with EC2 instances in each Region to support global traffic.

D. Deploy a Network Load Balancer in each Region to distribute the traffic. Use AWS
Global Accelerator to route traffic to the correct Regional endpoint.
Correct Answer:
C. Deploy Amazon CloudFront to support an origin access identity (OAI). Associate the
OAI with EC2 instances in each Region to support global traffic.
Amazon, Exam
Home > AWS Certified Solutions Architect – Associate SAA-C02 Exam Questions and Answers – Page 5 > Page 2
Pages: 1 2 3 4 5 6 7 8 9 10
Tags
AWS


Thievery →
P U P UWE B

Answers – Page 5
Exam Question 421

A company runs its two-tier eCommerce website on AWS. The web tier consists of a
load balancer that sends traffic to Amazon EC2 instances. The database tier uses an
Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be
exposed to the public internet. The EC2 instances require internet access to complete
payment processing of orders through a third-party web service. The application must
be highly available.
Which combination of configuration options will meet these requirements? (Choose

two.)
A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an
RDS Multi-AZ DB instance in private subnets.
B. Configure a VPC with two private subnets and two NAT gateways across two
Availability Zones. Deploy an Application Load Balancer in the private subnets.
C. Use an Auto Scaling group to launch the EC2 instances in public subnets across two
Availability Zones. Deploy an RDS Multi-AZ DB instance in private subnets.
D. Configure a VPC with one public subnet, one private subnet, and two NAT gateways
across two Availability Zones. Deploy an Application Load Balancer in the public subnet.
E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways
across two Availability Zones. Deploy an Application Load Balancer in the public
subnets.
Correct Answer:
A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an
RDS Multi-AZ DB instance in private subnets.
B. Configure a VPC with two private subnets and two NAT gateways across two
Availability Zones. Deploy an Application Load Balancer in the private subnets.
Exam Question 422

A security team needs to enforce the rotation of all IAM users’ access keys every 90
days. If an access key is found to be older, the key must be made inactive and removed.
A solutions architect must create a solution that will check for and remediate any keys
older than 90 days.
Which solution meets these requirements with the LEAST operational effort?
A. Create an AWS Config rule to check for the key age. Configure the AWS Config rule to
run an AWS Batch job to remove the key.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the
key age. Configure the rule to run an AWS Batch job to remove the key.
C. Create an AWS Config rule to check for the key age. Define an Amazon EventBridge
(Amazon CloudWatch Events) rule to schedule an AWS Lambda function to remove the
key.
D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the
key age. Define an EventBridge (CloudWatch Events) rule to run an AWS Batch job to
remove the key.
Correct Answer:
A. Create an AWS Config rule to check for the key age. Configure the AWS Config rule to
run an AWS Batch job to remove the key.
Exam Question 423

A solutions architect must provide an automated solution for a company’s compliance
policy that states security groups cannot include a rule that allows SSH from 0.0.0.0/0.
The company needs to be notified if there is any breach in the policy. A solution is
needed as soon as possible.
What should the solutions architect do to meet these requirements with the LEAST
operational overhead?
A. Write an AWS Lambda script that monitors security groups for SSH being open to
0.0.0.0/0 addresses and creates a notification every time it finds one.
B. Enable the restricted-ssh AWS Config managed rule and generate an Amazon Simple
Notification Service (Amazon SNS) notification when a noncompliant rule is created.
C. Create an IAM role with permissions to globally open security groups and network
ACLs. Create an Amazon Simple Notification Service (Amazon SNS) topic to generate a
notification every time the role is assumed by a user.
D. Configure a service control policy (SCP) that prevents non-administrative users from
creating or editing security groups. Create a notification in the ticketing system when a
user requests a rule that needs administrator permissions.
Correct Answer:
B. Enable the restricted-ssh AWS Config managed rule and generate an Amazon Simple
Notification Service (Amazon SNS) notification when a noncompliant rule is created.
Exam Question 424

A media company is using two video conversion tools that run on Amazon EC2
instances. One tool runs on Windows instances, and the other tool runs on Linux
instances. Each video file is large in size and must be processed by both tools.
The company needs a storage solution that can provide a centralized file system that
can be mounted on all the EC2 instances that are used in this process.
A. Use Amazon FSx for Windows File Server for the Windows instances. Use Amazon
Elastic File System (Amazon EFS) with Max I/O performance mode for the Linux
instances.
B. Use Amazon FSx for Windows File Server for the Windows instances. Use Amazon
FSx for Lustre for the Linux instances. Link both Amazon FSx file systems to the same
Amazon S3 bucket.
C. Use Amazon Elastic File System (Amazon EFS) with General Purpose performance
mode for the Windows instances and the Linux instances
D. Use Amazon FSx for Windows File Server for the Windows instances and the Linux
instances.
Correct Answer:
C. Use Amazon Elastic File System (Amazon EFS) with General Purpose performance
mode for the Windows instances and the Linux instances
Exam Question 425

A company operates a two-tier application for image processing. The application uses
two Availability Zones, each with one public subnet and one private subnet. An
Application Load Balancer (ALB) for the web tier uses the public subnets.
Amazon EC2 instances for the application tier use the private subnets.
Users report that the application is running more slowly than expected. A security audit
of the web server log files shows that the application is receiving millions of illegitimate
requests from a small number of IP addresses. A solutions architect needs to resolve
the immediate performance problem while the company investigates a more permanent
solution.
What should the solutions architect recommend to meet this requirement?
A. Modify the inbound security group for the web tier. Add a deny rule for the IP
addresses that are consuming resources.
B. Modify the network ACL for the web tier subnets. Add an inbound deny rule for the IP
C. Modify the inbound security group for the application tier. Add a deny rule for the IP
D. Modify the network ACL for the application tier subnets. Add an inbound deny rule for
the IP addresses that are consuming resources.
Correct Answer:
A. Modify the inbound security group for the web tier. Add a deny rule for the IP
Exam Question 426

A company is planning to migrate a TCP-based application into the company’s VPC. The
application is publicly accessible on a nonstandard TCP port through a hardware
appliance in the company’s data center. This public endpoint can process up to 3 million
requests per second with low latency. The company requires the same level of
performance for the new public endpoint in AWS.
What should a solutions architect recommend to meet this requirement?
A. Deploy a Network Load Balancer (NLB). Configure the NLB to be publicly accessible
over the TCP port that the application requires.
B. Deploy an Application Load Balancer (ALB). Configure the ALB to be publicly
accessible over the TCP port that the application requires.
C. Deploy an Amazon CloudFront distribution that listens on the TCP port that the
application requires. Use an Application Load Balancer as the origin.
D. Deploy an Amazon API Gateway API that is configured with the TCP port that the
application requires. Configure AWS Lambda functions with provisioned concurrency to
process the requests.
Correct Answer:
C. Deploy an Amazon CloudFront distribution that listens on the TCP port that the
application requires. Use an Application Load Balancer as the origin.
Exam Question 427

An eCommerce company is creating an application that requires a connection to a third-
party payment service to process payments. The payment service needs to explicitly
allow the public IP address of the server that is making the payment request. However,
the company’s security policies do not allow any server to be exposed directly to the
public internet.
A. Provision an Elastic IP address. Host the application servers on Amazon EC2

instances in a private subnet. Assign the public IP address to the application servers.
B. Create a NAT gateway in a public subnet. Host the application servers on Amazon
EC2 instances in a private subnet. Route payment requests through the NAT gateway.
C. Deploy an Application Load Balancer (ALB). Host the application servers on Amazon
EC2 instances in a private subnet. Route the payment requests through the ALB.
D. Set up an AWS Client VPN connection to the payment service. Host the application
servers on Amazon EC2 instances in a private subnet. Route the payment requests
through the VPN.
Correct Answer:
B. Create a NAT gateway in a public subnet. Host the application servers on Amazon
EC2 instances in a private subnet. Route payment requests through the NAT gateway.
Exam Question 428

A company is running an ASP.NET MVC application on a single Amazon EC2 instance. A
recent increase in application traffic is causing slow response times for users during
lunch hours. The company needs to resolve this concern with the least amount of
configuration.
What should a solutions architect recommend to meet these requirements?
A. Move the application to AWS Elastic Beanstalk. Configure load-based auto scaling
and time-based scaling to handle scaling during lunch hours.
B. Move the application to Amazon Elastic Container Service (Amazon ECS). Create an
AWS Lambda function to handle scaling during lunch hours.
C. Move the application to Amazon Elastic Container Service (Amazon ECS). Configure
scheduled scaling for AWS Application Auto Scaling during lunch hours.
D. Move the application to AWS Elastic Beanstalk. Configure load-based auto scaling,
and create an AWS Lambda function to handle scaling during lunch hours.
Correct Answer:
A. Move the application to AWS Elastic Beanstalk. Configure load-based auto scaling
and time-based scaling to handle scaling during lunch hours.
Exam Question 429
An online gaming company is designing a game that is expected to be popular all over
the world. A solutions architect needs to define an AWS Cloud architecture that
supports near-real-time recording and displaying of current game statistics for each
player, along with the names of the top 25 players in the world, at any given time.
Which AWS database solution and configuration should the solutions architect use to
meet these requirements?
A. Use Amazon RDS for MySQL as the data store for player activity. Configure the RDS
DB instance for Multi-AZ support.
B. Use Amazon DynamoDB as the data store for player activity. Configure DynamoDB
Accelerator (DAX) for the player data.
C. Use Amazon DynamoDB as the data store for player activity. Configure global tables
in each required AWS Region for the player data.
D. Use Amazon RDS for MySQL as the data store for player activity. Configure cross-
region read replicas in each required AWS Region based on player proximity.
Correct Answer:
D. Use Amazon RDS for MySQL as the data store for player activity. Configure cross-
region read replicas in each required AWS Region based on player proximity.
Exam Question 430

A company uses Amazon RDS for PostgreSQL databases for its data tier. The company
must implement password rotation for the databases.
Which solution meets this requirement with the LEAST operational overhead?
A. Store the password in AWS Secrets Manager. Enable automatic rotation on the
secret.
B. Store the password in AWS Systems Manager Parameter Store. Enable automatic
rotation on the parameter.
C. Store the password in AWS Systems Manager Parameter Store. Write an AWS
Lambda function that rotates the password.
D. Store the password in AWS Key Management Service (AWS KMS). Enable automatic
rotation on the customer master key (CMK).
Correct Answer:
A. Store the password in AWS Secrets Manager. Enable automatic rotation on the
secret.
Amazon, Exam
Pages: 1 2 3 4 5 6 7 8 9 10
Tags
AWS


Thievery →
P U P UWE B

Answers – Page 5
Exam Question 431

A company’s facility has badge readers at every entrance throughout the building. When
badges are scanned, the readers send a message over HTTPS to indicate who
attempted to access that particular entrance.
A solutions architect must design a system to process these messages from the
sensors. The solution must be highly available, and the results must be made available
for the company’s security team to analyze.
Which system architecture should the solutions architect recommend?
A. Launch an Amazon EC2 instance to serve as the HTTPS endpoint and to process the
messages. Configure the EC2 instance to save the results to an Amazon S3 bucket.
B. Create an HTTPS endpoint in Amazon API Gateway. Configure the API Gateway
endpoint to invoke an AWS Lambda function to process the messages and save the
results to an Amazon DynamoDB table.
C. Use Amazon Route 53 to direct incoming sensor messages to an AWS Lambda
function. Configure the Lambda function to process the messages and save the results
to an Amazon DynamoDB table.
D. Create a gateway VPC endpoint for Amazon S3. Configure a Site-to-Site VPN
connection from the facility network to the VPC so that sensor data can be written
directly to an S3 bucket by way of the VPC endpoint.
Correct Answer:
B. Create an HTTPS endpoint in Amazon API Gateway. Configure the API Gateway
endpoint to invoke an AWS Lambda function to process the messages and save the
results to an Amazon DynamoDB table.
Exam Question 432

An Amazon EC2 instance is located in a private subnet in a new VPC. This subnet does
not have outbound internet access, but the EC2 instance needs the ability to download
monthly security updates from an outside vendor.
A. Create an internet gateway, and attach it to the VPC. Configure the private subnet
route table to use the internet gateway as the default route.
B. Create a NAT gateway, and place it in a public subnet. Configure the private subnet
route table to use the NAT gateway as the default route.
C. Create a NAT instance, and place it in the same subnet where the EC2 instance is
located. Configure the private subnet route table to use the NAT instance as the default
route.
D. Create an internet gateway, and attach it to the VPC. Create a NAT instance, and
place it in the same subnet where the EC2 instance is located. Configure the private
subnet route table to use the internet gateway as the default route.
Correct Answer:
A. Create an internet gateway, and attach it to the VPC. Configure the private subnet
route table to use the internet gateway as the default route.
Exam Question 433

A company has been running a web application with an Oracle relational database in an
on-premises data center for the past 15 years. The company must migrate the database
to AWS. The company needs to reduce operational overhead without having to modify
the application’s code.
A. Use AWS Database Migration Service (AWS DMS) to migrate the database servers to
Amazon RDS.
B. Use Amazon EC2 instances to migrate and operate the database servers.
C. Use AWS Database Migration Service (AWS DMS) to migrate the database servers to
Amazon DynamoDB.
D. Use an AWS Snowball Edge Storage Optimized device to migrate the data from
Oracle to Amazon Aurora.
Correct Answer:
A. Use AWS Database Migration Service (AWS DMS) to migrate the database servers to
Amazon RDS.
Exam Question 434

A company is running an application on Amazon EC2 instances. Traffic to the workload
increases substantially during business hours and decreases afterward. The CPU
utilization of an EC2 instance is a strong indicator of end-user demand on the
application.
The company has configured an Auto Scaling group to have a minimum group size of 2
EC2 instances and a maximum group size of 10 EC2 instances.
The company is concerned that the current scaling policy that is associated with the
Auto Scaling group might not be correct. The company must avoid over-provisioning
EC2 instances and incurring unnecessary costs.
What should a solutions architect recommend to meet these requirements?
A. Configure Amazon EC2 Auto Scaling to use a scheduled scaling plan and launch an
additional 8 EC2 instances during business hours.
B. Configure AWS Auto Scaling to use a scaling plan that enables predictive scaling.
Configure predictive scaling with a scaling mode of forecast and scale, and to enforce
the maximum capacity setting during scaling.
C. Configure a step scaling policy to add 4 EC2 instances at 50% CPU utilization and
add another 4 EC2 instances at 90% CPU utilization. Configure scale-in policies to
perform the reverse and remove EC2 instances based on the two values.
D. Configure AWS Auto Scaling to have a desired capacity of 5 EC2 instances, and
disable any existing scaling policies. Monitor the CPU utilization metric for 1 week.
Then create dynamic scaling policies that are based on the observed values.
Correct Answer:
D. Configure AWS Auto Scaling to have a desired capacity of 5 EC2 instances, and
disable any existing scaling policies. Monitor the CPU utilization metric for 1 week.
Then create dynamic scaling policies that are based on the observed values.
Exam Question 435

A company runs a web application that is backed by Amazon RDS. A new database
administrator caused data loss by accidentally editing information in a database table.
To help recover from this type of incident, the company wants the ability to restore the
database to its state from 5 minutes before any change within the last 30 days.
Which feature should the solutions architect include in the design to meet this
requirement?
A. Read replicas
B. Manual snapshots
C. Automated backups
D. Multi-AZ deployments
Correct Answer:
C. Automated backups
Exam Question 436

A company wants to use a custom distributed application that calculates various profit
and loss scenarios. To achieve this goal, the company needs to provide a network
connection between its Amazon EC2 instances. The connection must minimize latency
and must maximize throughput
A. Provision the application to use EC2 Dedicated Hosts of the same instance type.
B. Configure a placement group for EC2 instances that have the same instance type.
C. Use multiple AWS elastic network interfaces and link aggregation.
D. Configure AWS PrivateLink for the EC2 instances.
Correct Answer:
B. Configure a placement group for EC2 instances that have the same instance type.
Exam Question 437

A company designed a stateless two-tier application that uses Amazon EC2 in a single
Availability Zone and an Amazon RDS Multi-AZ DB instance. New company
management wants to ensure the application is highly available.
What should a solutions architect do to meet this requirement?
A. Configure the application to use Multi-AZ EC2 Auto Scaling and create an Application
Load Balancer.
B. Configure the application to take snapshots of the EC2 instances and send them to a
different AWS Region.
C. Configure the application to use Amazon Route 53 latency-based routing to feed
requests to the application.
D. Configure Amazon Route 53 rules to handle incoming requests and create a Multi-AZ
Application Load Balancer.
Correct Answer:
A. Configure the application to use Multi-AZ EC2 Auto Scaling and create an Application
Load Balancer.
Exam Question 438

A company is developing a mobile game that streams score updates to a backend
processor and then posts results on a leaderboard A solutions architect needs to
design a solution that can handle large traffic spikes process the mobile game updates
in order of receipt and store the processed updates in a highly available database. The
company also wants to minimize the management overhead required to maintain the
solution
What should the solutions architect do to meet these requirements?
A. Push score updates to Amazon Kinesis Data Streams Process the updates in Kinesis
Data Streams with AWS Lambda Store the processed updates in Amazon DynamoDB
B. Push score updates to Amazon Kinesis Data Streams Process the updates with a
fleet of Amazon EC2 instances set up for Auto Scaling Store the processed updates in
Amazon Redshift
C. Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic
Subscribe an AWS Lambda function to the SNS topic to process the updates Store the
processed updates in a SQL database running on Amazon EC2
D. Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue Use a
fleet of Amazon EC2 instances with Auto Scaling to process the updates in the SQS
queue Store the processed updates in an Amazon RDS Multi-AZ DB instance
Correct Answer:
Exam Question 439

A company maintains about 300 TB in Amazon S3 Standard storage month after
month. The S3 objects are each typically around 50 GB in size and are frequently
replaced with multipart uploads by their global application. The number and size of S3
objects remain constant but the company’s S3 storage costs are increasing each
month.
How should a solutions architect reduce costs in this situation?
A. Switch from multipart uploads to Amazon S3 Transfer Acceleration

B. Enable an S3 Lifecycle policy that deletes incomplete multipart uploads
C. Configure S3 inventory to prevent objects from being archived too quickly
D. Configure Amazon CloudFront to reduce the number of objects stored in Amazon S3
Correct Answer:
B. Enable an S3 Lifecycle policy that deletes incomplete multipart uploads
Exam Question 440

A computer is reviewing a recent migration of a three-tier application to a VPC. The
security team discover that the principle of least privilege is not being applied to
Amazon EC2 security group ingress and egress rules between the application tiers.
What should a solution architect do to connect issue?
A. Create security group rules using the instance ID as the source destination.
B. Create security group rules using the security ID as the source or destination.
C. Create security group rules using the VPC CDR blocks as the source or destination
D. Create security group rules using the subnet CDR blocks as the source or destination
Correct Answer:
A. Create security group rules using the instance ID as the source destination.
Amazon, Exam
Pages: 1 2 3 4 5 6 7 8 9 10
Tags
AWS


Thievery →
P U P UWE B

Answers – Page 5
Exam Question 441

A company processes large amounts of data. The output data is stored in Amazon S3
Standard storage in an S3 bucket, where it is analyzed for 1 month. The data must
remain immediately accessible after the 1-month analysis period.
Which storage solution meets these requirements MOST cost-effectively?
A. Configure an S3 Lifecycle policy to transition the objects to S3 Glacier after 30 days.

B. Configure S3 Intelligent-Tiering to transition the objects to S3 Glacier after 30 days.
C. Configure an S3 Lifecycle policy to transition the objects to S3 One Zone-Infrequent
Access (S3 One Zone-IA) after 30 days.
D. Configure an S3 Lifecycle policy to delete the objects after 30 days. Enable versioning
on the S3 bucket so that deleted objects can still be immediately restored as needed.
Correct Answer:
B. Configure S3 Intelligent-Tiering to transition the objects to S3 Glacier after 30 days.
Exam Question 442

A social media company is building a feature for its website. The feature will give users
the ability to upload photos. The company expects significant increases in demand
during large events and must ensure that the website can handle the upload traffic from
users.
Which solution meets these requirements with the MOST scalability?
A. Upload files from the user’s browser to the application servers Transfer the files to an
Amazon S3 bucket.
B. Provision an AWS Storage Gateway file gateway. Upload files directly from the user’s
browser to the file gateway.
C. Generate Amazon S3 presigned URLs in the application. Upload files directly from the
user’s browser into an S3 bucket
D. Provision an Amazon Elastic File System (Amazon EFS) file system. Upload files
directly from the user’s browser to the file system.
Correct Answer:
C. Generate Amazon S3 presigned URLs in the application. Upload files directly from the
user’s browser into an S3 bucket
Exam Question 443

A development team needs to host a website that will be accessed by other teams. The
website contents consist of HTML. CSS, client-side JavaScript, and images.
Which method is the MOST cost-effective for hosting the website?
A. Containerize the website and host it in AWS Fargate.

B. Create an Amazon S3 bucket and host the website there
C. Deploy a web server on an Amazon EC2 instance to host the website.
D. Configure an Application Load Balancer with an AWS Lambda target that uses the
Express js framework.
Correct Answer:
B. Create an Amazon S3 bucket and host the website there
Exam Question 444

A company hosts an application on multiple Amazon EC2 instances. The application
processes messages from an Amazon SQS queue writes to an Amazon RDS table and
deletes the message from the queue Occasional duplicate records are found in the RDS
table. The SQS queue does not contain any duplicate messages.
What should a solutions architect do to ensure messages are being processed once
only?
A. Use the CreateQueue API call to create a new queue

B. Use the Add Permission API call to add appropriate permissions
C. Use the ReceiveMessage API call to set an appropriate wail time
D. Use the ChangeMessageVisibility API call to increase the visibility timeout
Correct Answer:
D. Use the ChangeMessageVisibility APi call to increase the visibility timeout
Exam Question 445

An application runs on Amazon EC2 instances in private subnets. The application needs
to access an Amazon DynamoDB table.
What is me MOST secure way to access the table while ensuring that the traffic does
not leave the AWS network?
A. Use a VPC endpoint for DynamoDB

B. Use a NAT gateway in a public subnet
C. Use a NAT instance in a private subnet
D. Use the internet gateway attached to the VPC
Correct Answer:
A. Use a VPC endpoint for DynamoDB
Exam Question 446

A social media company allows users to upload images to its website. The website runs
on Amazon EC2 instances. During upload requests, the website resizes the images to a
standard size and stores the resized images in Amazon S3. Users are experiencing slow
upload requests to the website.
The company needs to reduce coupling within the application and improve website
performance A solutions architect must design the most operationally efficient process
for image uploads.
Which combination of actions should the solutions architect take to meet these
requirements? (Select TWO.)
A. Configure the application to upload images to S3 Glacier.

B. Configure the web server to upload the original images to Amazon S3.
C. Configure the application to upload images directly from each user’s browser to
Amazon S3 through the use of a presigned UR
D. Configure S3 Event Notifications to invoke an AWS Lambda function when an image

is uploaded. Use the function to resize the image
E. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an
AWS Lambda function on a schedule to resize uploaded images.
Correct Answer:
D. Configure S3 Event Notifications to invoke an AWS Lambda function when an image
is uploaded. Use the function to resize the image
Exam Question 447

A company’s security team requests that network traffic be captured in VPC Flow Logs.
The logs will be frequently accessed for 90 days and then accessed intermittently.
What should a solutions architect do to meet these requirements when configuring the
logs?
A. Use Amazon CloudWatch as the target. Set the CloudWatch log group with an
expiration of 90 days.
B. Use Amazon Kinesis as the target Configure the Kinesis stream to always retain the
logs for 90 days
C. Use AWS CloudTrail as the target. Configure CloudTrail to save to an Amazon S3
bucket, and enable S3 Intelligent-Tiering
D. Use Amazon S3 as the target Enable an S3 Lifecycle policy to transition the logs to
S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days
Correct Answer:
D. Use Amazon S3 as the target Enable an S3 Lifecycle policy to transition the logs to
S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days
Exam Question 448

A company needs to provide its employees with secure access to confidential and
sensitive files. The company wants to ensure that the tiles can be accessed only by
authorized users. The files must be downloaded securely to the employees’ devices.
The tiles are stored in an on-premises Windows file server. However, due to an increase
in remote usage, the file server is running out of capacity.
A. Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the
security group to limit inbound traffic to the employees’ IP addresses.
B. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the
Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VP
C. Migrate the tiles to Amazon S3, and create a private VPC endpoint. Create a signed
D. Migrate the tiles to Amazon S3, and create a public VPC endpoint. Allow employees
Correct Answer:
D. Migrate the tiles to Amazon S3, and create a public VPC endpoint. Allow employees
Exam Question 449

A company uses a payment processing system that requires messages for a particular
payment ID to be received in the same order that they were sent Otherwise, the
payments might be processed incorrectly.
Which actions should a solutions architect take to meet this requirement? (Select TWO.)
A. Write the messages to an Amazon DynamoDB table with the payment ID as the
partition key
B. Write the messages to an Amazon Kinesis data stream with the payment ID as the
partition key.
C. Write the messages to an Amazon ElastiCache for Memcached cluster with the
payment ID as the key
D. Write the messages to an Amazon Simple Queue Service (Amazon SQS) queue Set
the message attribute to use the payment ID
E. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue.
Set the message group to use the payment ID
Correct Answer:
A. Write the messages to an Amazon DynamoDB table with the payment ID as the
partition key
E. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue.
Set the message group to use the payment ID
Exam Question 450

A company is concerned about the security of its public web application due to recent
web attacks. The application uses an Application Load Balancer (ALB). A solutions
architect must reduce the risk of DDoS attacks against the application
What should the solutions architect do to meet this requirement?
A. Add an Amazon Inspector agent to the ALB

B. Configure Amazon Made to prevent attacks.
C. Enable AWS Shield Advanced to prevent attacks.
D. Configure Amazon GuardDuty to monitor the ALB
Correct Answer:
C. Enable AWS Shield Advanced to prevent attacks.
Amazon, Exam
Pages: 1 2 3 4 5 6 7 8 9 10
Tags
AWS


Thievery →
P U P UWE B

Answers – Page 5
Exam Question 451

A company is launching a new application that will be hosted on Amazon EC2
instances. A solutions architect needs to design a solution that does not allow public
IPv4 access that originates from the internet. However, the solution must allow the EC2
instances to make outbound IPv4 internet requests.
The initial design proposal shows that the EC2 instances would be located in two
private subnets across two Availability Zones.
The entire architecture must be highly available.
How should the solutions architect change the architecture to meet these
requirements?
A. Deploy a NAT gateway in public subnets in both Availability Zones. Create and
configure one route table for each private subnet.
B. Deploy an internet gateway in public subnets in both Availability Zones. Create and
configure a shared route table for the private subnets.
C. Deploy a NAT gateway in public subnets in both Availability Zones. Create and
D. Deploy an egress-only internet gateway in public subnets in both Availability Zones.
Create and configure one route table for each private subnet.
Correct Answer:
C. Deploy a NAT gateway in public subnets in both Availability Zones. Create and
Exam Question 452

A company has deployed a multiplayer game for mobile devices. The game requires live
location tracking of players based on latitude and longitude. The data store for the
game must support rapid updates and retrieval of locations.
The game uses an Amazon RDS for PostgreSQL DB instance with read replicas to store
the location data. During peak usage periods, the database is unable to maintain the
performance that is needed for reading and writing updates. The game’s user base is
increasing rapidly.
What should a solutions architect do to improve the performance of the data tier?
A. Take a snapshot of the existing DB instance. Restore the snapshot with Multi-AZ
enabled.
B. Migrate from Amazon RDS to Amazon Elasticsearch Service (Amazon ES) with
Kibana.
C. Deploy Amazon DynamoDB Accelerator (DAX) in front of the existing DB instance.
Modify the game to use DA
D. Deploy an Amazon ElastiCache for Redis cluster in front of the existing DB instance.
Modify the game to use Redis.
Correct Answer:
D. Deploy an Amazon ElastiCache for Redis cluster in front of the existing DB instance.
Modify the game to use Redis.
Exam Question 453

A company is automating an order management application. The company’s
development team has decided to use SFTP to transfer and store the business-critical
information files. The files must be encrypted and must be highly available. The files
also must be automatically deleted a month after they are created.
Which solution meets these requirements with the LEAST operational overhead?
A. Configure an Amazon S3 bucket with encryption enabled. Use AWS transfer for SFTP
to securely transfer the files to the S3 bucket Apply an AWS Transfer for SFTP file
retention policy to delete the files after a month
B. Install an SFTP service on an Amazon EC2 instance Mount an Amazon Elastic File
System (Amazon EFS) file share on the EC2 instance. Enable cron to delete the files
after a month
C. Configure an Amazon Elastic File System (Amazon EFS) file system with encryption
enabled. Use AWS Transfer for SFTP to securely transfer the files to the EFS file system.
Apply an EFS lifecycle policy to automatically delete the files after a month.
D. Configure an Amazon S3 bucket with encryption enabled. Use AWS Transfer for SFTP
to securely transfer the files to the S3 bucket. Apply S3 Lifecycle rules to automatically
delete the files after a month.
Correct Answer:
D. Configure an Amazon S3 bucket with encryption enabled. Use AWS Transfer for SFTP
to securely transfer the files to the S3 bucket. Apply S3 Lifecycle rules to automatically
delete the files after a month.
Exam Question 454

Organizers for a global event want to put daily reports online as static HTML pages. The
pages are expected to generate millions of views from users around the work. The files
are stored in an Amazon S3 Bucket A solutions architect has been asked to design an
efficient and effective solution
Which action should the solutions architect take to accomplish this?
A. Generate presigned URLs for the files

B. Use cross-Region replication to all Regions
C. Use the geoproximity feature of Amazon Route 53
D. Use Amazon CloudFront with the S3 bucket as its origin
Correct Answer:
D. Use Amazon CloudFront with the S3 bucket as its ongin
Exam Question 455

A company needs a storage solution for an application that runs on a high performance
computing (HPC) cluster. The cluster is hosted on AWS Fargate for Amazon Elastic
Container Service (Amazon ECS). The company needs a mountable file system that
provides concurrent access to files while delivering hundreds of Gbps of throughput at
sub-millisecond latencies
A. Create an Amazon FSx for Lustre file share for the application data Create an IAM
role that allows Fargate to access the FSx for Lustre file share
B. Create an Amazon Elastic File System (Amazon EFS) file share for the application
data. Create an IAM role that allows Fargate to access the EFS file share.
C. Create an Amazon S3 bucket for the application data. Create an S3 bucket policy that
allows Fargate to access the S3 bucket
D. Create an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS SSD (io2)
volume for the application data Create an IAM role that allows Fargate to access the
volume.
Correct Answer:
A. Create an Amazon FSx for Lustre file share for the application data Create an IAM
role that allows Fargate to access the FSx for Lustre file share
Exam Question 456

A company hosts historical weather records in Amazon S3. The records are
downloaded from the company’s website by way of a URL that resolves to a domain
name Users all over the world access this content through subscriptions A third-party
provider hosts the company’s root domain name, but the company recently migrated
some of its services to Amazon Route 53. The company wants to consolidate contracts,
reduce latency for users, and reduce costs related to serving the application to
subscribers
A. Create a web distribution on Amazon CloudFront to serve the S3 content for the
application Create a CNAME record in a Route 53 hosted zone that points to the
CloudFront distribution, resolving to the application’s URL domain name.
B. Create a web distribution on Amazon CloudFront to serve the S3 content for the
application. Create an ALIAS record in the Amazon Route 53 hosted zone that points to
the CloudFront distribution, resolving to the application’s URL domain name.
C. Create an A record in a Route 53 hosted zone for the application. Create a Route 53
traffic policy for the web application, and configure a geolocation rule Configure health
checks to check the health of the endpoint and route DNS queries to other endpoints if
an endpoint is unhealthy.
D. Create an A record in a Route 53 hosted zone for the application Create a Route 53
traffic policy for the web application, and configure a geoproximity rule. Configure health
Correct Answer:
C. Create an A record in a Route 53 hosted zone for the application. Create a Route 53
traffic policy for the web application, and configure a geolocation rule Configure health
Exam Question 457

A solutions architect is optimizing a website for an upcoming musical event Videos of
the performances will be streamed in real-time and then will be available on demand.
The event is expected to attract a global online audience
Which service will improve the performance of both real-time and on-demand
streaming?
A. Amazon CloudFront
B. AWS Global Accelerator
C. Amazon Route 53
D. Amazon S3 Transfer Acceleration
Correct Answer:
Answer Description:
Amazon CloudFront can be used to stream video to users across the globe using a wide
variety of protocols that are layered on top of HTTP. This can include both on-demand
video as well as real-time streaming video.
CORRECT: “Amazon CloudFront” is the correct answer.
INCORRECT: “AWS Global Accelerator” is incorrect as this would be an expensive way of

getting the content closer to users compared to using CloudFront. As this is a use case
for CloudFront and there are so many edge locations it is the better option.
INCORRECT: “Amazon Route 53” is incorrect as you still need a solution for getting the
content closer to users.
INCORRECT: “Amazon S3 Transfer Acceleration” is incorrect as this is used to

accelerate uploads of data to Amazon S3 buckets.
References:
Amazon CloudFront media streaming tutorials
Amazon CloudFront > Developer Guide > Video on Demand and Live Streaming
Video with CloudFront
Exam Question 458

A company wants to build an online marketplace application on AWS as a set of loosely
coupled microservices For this application, when a customer submits a new order two
microservices should handle the event simultaneously. The Email microservice will
send a confirmation email and the order processing microservice will start the order
delivery process If a customer cancels an order, the order cancellation and Email
microservices should handle the event simultaneously.
A solutions architect wants to use Amazon Simple Queue Service (Amazon SQS) and
Amazon Simple Notification Service (Amazon SNS) to design the messaging between
the microservices.
How should the solutions architect design the solution?
A. Create a single SOS queue and publish order events to it. The Email, OrderProcessing
and OrderCancellation microservices can then consume messages off the queue
B. Create three SNS topics for each microservice Publish order events to the three
topics Subscribe each of the Email OrderProcessmg, and OrderCancellation
microservices to its own topic
C. Create an SNS topic and publish order events to it Create three SQS queues for the
Email OrderProcessing and OrderCancellation microservices Subscribe all SQS queues
to the SNS topic with message filtering
D. Create two SQS queues and publish order events to both queues simultaneously One
queue is for the Email and OrderProcessmg microservices. The second queue is for the
Email and Order Cancellation microservices
Correct Answer:
C. Create an SNS topic and publish order events to it Create three SQS queues for the
Email OrderProcessing and OrderCancellation microservices Subscribe all SQS queues
to the SNS topic with message filtering
Exam Question 459

A company is developing a mobile game that streams score updates to a backend
processor and then posts results on a leaderboard A solutions architect needs to
design a solution that can handle large traffic spikes process the mobile game updates
in order of receipt and store the processed updates in a highly available database. The
company also wants to minimize the management overhead required to maintain the
solution
What should the solutions architect do to meet these requirements?
B. Push score updates to Amazon Kinesis Data Streams Process the updates with a
fleet of Amazon EC2 instances set up for Auto Scaling Store the processed updates in
Amazon Redshift
C. Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic
Subscribe an AWS Lambda function to the SNS topic to process the updates Store the
processed updates in a SQL database running on Amazon EC2
D. Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue Use a
fleet of Amazon EC2 instances with Auto Scaling to process the updates in the SQS
queue Store the processed updates in an Amazon RDS Multi-AZ DB instance
Correct Answer:
Answer Description:
You can use Amazon Kinesis Data Streams to collect and process large streams of data
records in real-time. You can use Kinesis Data Streams for rapid and continuous data
intake and aggregation. The type of data used can include IT infrastructure log data,
application logs, social media, market data feeds, and web clickstream data. Because
the response time for the data intake and processing is in real-time, the processing is
typically lightweight.
Exam Question 460

A company has two VPCs that are located in the us-west-2 Region within the same AWS
account. The company needs to allow network traffic between these VPCs.
Approximately 500 GB of data transfer will occur between the VPCs each month.
What is the MOST cost-effective solution to connect these VPCs?
A. Implement AWS Transit Gateway to connect the VPCs Update the route tables of
each VPC to use the transit gateway for inter-VPC communication
B. Implement an AWS Site-to-Site VPN tunnel between the VPCs. Update the route
tables of each VPC to use the VPN tunnel for inter-VPC communication
C. Set up a VPC peering connection between the VPCs. Update the route tables of each
VPC to use the VPC peering connection for inter-VPC communication.
D. Set up a 1 GB AWS Direct Connect connection between the VPCs. Update the route
tables of each VPC to use the Direct Connect connection for inter-VPC communication.
Correct Answer:
C. Set up a VPC peering connection between the VPCs. Update the route tables of each
VPC to use the VPC peering connection for inter-VPC communication.
Amazon, Exam
Pages: 1 2 3 4 5 6 7 8 9 10
Tags
AWS


Thievery →
P U P UWE B

Answers – Page 5
Exam Question 461

A company has three AWS accounts Management Development and Production. These
accounts use AWS services only in the us-east-1 Region All accounts have a VPC with
VPC Flow Logs configured to publish data to an Amazon S3 bucket in each separate
account For compliance reasons the company needs an ongoing method to aggregate
all the VPC flow logs across all accounts into one destination S3 bucket in the
Management account.
What should a solutions architect do to meet these requirements with the LEAST
operational overhead?
A. Add S3 Same-Region Replication rules in each S3 bucket that stores VPC flow logs to
replicate objects to the destination S3 bucket Configure the destination S3 bucket to
allow objects to be received from the S3 buckets in other accounts
B. Set up an 1AM user in the Management account Grant permissions to the 1AM user
to access the S3 buckets that contain the VPC flow logs Run the aws s3 sync command
in the AWS CLI to copy the objects to the destination S3 bucket
C. Use an S3 inventory report to specify which objects in the S3 buckets to copy
Perform an S3 batch operation to copy the objects into the destination S3 bucket in the
Management account with a single request.
D. Create an AWS Lambda function in the Management account Grant S3 GET
permissions on the source S3 buckets Grant S3 PUT permissions on the destination S3
bucket Configure the function to invoke when objects are loaded in the source S3
buckets
Correct Answer:
A. Add S3 Same-Region Replication rules in each S3 bucket that stores VPC flow logs to
replicate objects to the destination S3 bucket Configure the destination S3 bucket to
allow objects to be received from the S3 buckets in other accounts
Exam Question 462

A company is building a web application that serves a content management system.
The content management system runs on Amazon EC2 instances behind an Application
Load Balancer (ALB). The EC2 instances run in an Auto Scaling group across multiple
Availability Zones Users are constantly adding and updating files blogs and other
website assets in the content management system.
A solutions architect must implement a solution in which all the EC2 instances share
up-to-date website content with the least possible lag time.
A. Update the EC2 user data in the Auto Scaling group lifecycle policy to copy the
website assets from the EC2 instance that was launched most recently Configure the
ALB to make changes to the website assets only m the newest EC2 instance
B. Copy the website assets to an Amazon Elastic File System (Amazon EFS) file system
Configure each EC2 instance to mount the EPS file system locally Configure the website
hosting application to reference the website assets that are stored in the EFS file
system
C. Copy the website assets to an Amazon S3 bucket Ensure that each EC2 instance
downloads the website assets from the S3 bucket to the attached Amazon Elastic
Block Store (Amazon EBS) volume Run the S3 sync command once each hour to keep
files up to date
D. Restore an Amazon Elastic Block Store (Amazon EBS) snapshot with the website
assets Attach the EBS snapshot as a secondary EBS volume when a new EC2 instance
is launched Configure the website hosting application to reference the website assets
that are stored in the secondary EBS volume
Correct Answer:
A. Update the EC2 user data in the Auto Scaling group lifecycle policy to copy the
website assets from the EC2 instance that was launched most recently Configure the
ALB to make changes to the website assets only m the newest EC2 instance
Exam Question 463

A solutions architect is designing the architecture for a new web application. The
application will run on AWS Fargate containers with an Application Load Balancer (ALB)
and an Amazon Aurora PostgreSQL database. The web application will perform
primarily read queries against the database.
What should the solutions architect do to ensure that the website can scale with
increasing traffic? (Select TWO.)
A. Enable auto scaling on the ALB to scale the load balancer horizontally.
B. Configure Aurora Auto Scaling to adjust the number of Aurora Replicas in the Aurora
cluster dynamically.
C. Enable cross-zone load balancing on the ALB to distribute the load evenly across
containers in all Availability Zones.
D. Configure an Amazon Elastic Container Service (Amazon ECS) cluster in each
Availability Zone to distribute the load across multiple Availability Zones.
E. Configure Amazon Elastic Container Service (Amazon ECS) Service Auto Scaling with
a target tracking scaling policy that is based on CPU utilization.
Correct Answer:
A. Enable auto scaling on the ALB to scale the load balancer horizontally.
B. Configure Aurora Auto Scaling to adjust the number of Aurora Replicas in the Aurora
cluster dynamically.
Exam Question 464

The application’s traffic is often low. but it occasionally grows significantly. During these
sudden increases in traffic, DynamoDB returns throttling errors. The result is that error
pages are displayed to end users.
What should a solutions architect do to reduce these errors?
A. Change the DynamoDB table to use on-demand capacity mode.

B. Create a DynamoDB read replica to scale the read traffic horizontally.
C. Purchase DynamoDB reserved capacity of 1,000 RCUs and 500 WCUs.
D. Configure the application to use strongly consistent reads for DynamoDB queries.
Correct Answer:
D. Configure the application to use strongly consistent reads for DynamoDB queries.
Exam Question 465

A company wants to build an immutable infrastructure for its software applications.
The company wants to test the software applications before sending traffic to them.
The company seeks an efficient solution that limits the effects of application bugs
Which combination of steps should a solutions architect recommend? {Select TWO)
A. Use AWS Cloud Formation to update the production infrastructure and roll back the
stack if the update fails
B. Apply Amazon Route 53 weighted routing to test the staging environment and
gradually increase the traffic as the tests pass
C. Apply Amazon Route 53 failover routing to test the staging environment and fail over
to the production environment if the tests pass
D. Use AWS Cloud Formation with a parameter set to the staging value in a separate
environment other than the production environment
E. Use AWS Cloud Formation to deploy the staging environment with a snapshot
deletion policy and reuse the resources in the production environment if the tests pass
Correct Answer:
A. Use AWS Cloud Formation to update the production infrastructure and roll back the
stack if the update fails
B. Apply Amazon Route 53 weighted routing to test the staging environment and
gradually increase the traffic as the tests pass
Exam Question 466

A company stores project information in a shared spreadsheet. The company wants to
create a web application to replace the spreadsheet. The company has chosen Amazon
DynamoDB to store the spreadsheet’s data and is designing the web application to
display the project information that is obtained from DynamoDB.
A solutions architect must design the web application’s backend by using managed
services that require minimal operational maintenance.
Which architectures meet these requirements? (Select TWO.)
A. An Amazon API Gateway REST API accesses the project information that is in
DynamoD
B. An Elastic Load Balancer forwards requests to a target group with DynamoDB set up
as the target.
C. An Amazon API Gateway REST API invokes an AWS Lambda function. The Lambda
function accesses DynamoD
D. An Amazon Route 53 hosted zone routes requests to an AWS Lambda endpoint to
invoke a Lambda function that accesses DynamoD
E. An Elastic Load Balancer forwards requests to a target group of Amazon EC2
instances. The EC2 instances run an application that accesses DynamoD
Correct Answer:
A. An Amazon API Gateway REST API accesses the project information that is in
DynamoD
E. An Elastic Load Balancer forwards requests to a target group of Amazon EC2
instances. The EC2 instances run an application that accesses DynamoD
Exam Question 467

A solution architect at a company is designing the architecture for a two-tiered web
application. The web application is composed of an internet facing application load
balancer that forwards traffic to an auto scaling group of Amazon EC2 instances. The
EC2 instances must be able to access a database that runs on Amazon RDS.
The company has requested a defense-in-depth approach to the network layout. The
company does not want to rely solely on security groups or network ACLs. Only the
minimum resources that are necessary should be routable from the internet.
Which network design should the solutions architect recommend to meet these
requirements?
A. Place the ALB, EC2 instances and RDS database in private subnets.
B. Place the ALB in public subnets. Place the EC2 instances and RDS database in
private subnets
C. Place the ALB and EC2 instances in public subnets. Place the RDS database in
private subnets
D. Place the ALB outside the VP
E. Place the EC2 instances and RDS database in private subnets.
Correct Answer:
B. Place the ALB in public subnets. Place the EC2 instances and RDS database in
private subnets
Exam Question 468

A company has thousands of edge devices that collectively generate 1 TB of status
averts each day Each alert s approximately 2 KB in size. A solutions architect needs to
implement a solution to ingest and store the alerts for future analysis.
The company wants a highly available solution However the company needs to
minimize costs and does not want to manage additional infrastructure Additionally, the
company wants to keep 14 days of data available for immediate analysis and archive
any data older than 14 days.
What is the MOST operationally efficient solution that meets these requirements?
A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts
Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3
bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier
after 14 days
B. Launch Amazon EC2 instances across two Availability Zones and place them behind
an Elastic Load Balancer to ingest the alerts Create a script on the EC2 instances that
will store the alerts m an Amazon S3 bucket Set up an S3 Lifecycle configuration to
transition data to Amazon S3 Glacier after 14 days
C. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts
Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon
Elasticsearch Service (Amazon ES) duster Set up the Amazon ES cluster to take manual
snapshots every day and delete data from the duster that is older than 14 days
D. Create an Amazon Simple Queue Service (Amazon SQS I standard queue to ingest
the alerts and set the message retention period to 14 days Configure consumers to poll
the SQS queue check the age of the message and analyze the message data as needed
If the message is 14 days old the consumer should copy the message to an Amazon S3
bucket and delete the message from the SQS queue
Correct Answer:
A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts
Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3
bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier
after 14 days
Exam Question 469

A company has a customer relationship management (CRM) application that stores
data in an Amazon RDS DB instance that runs Microsoft SQL Server. The company’s IT
staff has administrative access to the database. The database contains sensitive data.
The company wants to ensure that the data is not accessible to the IT staff and that
only authorized personnel can view the data.
What should a solutions architect do to secure the data?
A. Use client-side encryption with an Amazon RDS managed key.

B. Use client-side encryption with an AWS Key Management Service (AWS KMS)
customer managed key.
C. Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS)
default encryption key.
D. Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS)
Correct Answer:
D. Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS)
Exam Question 470

A company is developing a serverless web application that gives users the ability to
interact with real-time analytics from online games. The data from the games must be
streamed in real time. The company needs a durable, low-latency database option for
user data. The company does not know how many users will use the application Any
design considerations must provide response times of single-digit milliseconds as the
application scales.
Which combination of AWS services will meet these requirements? (Select TWO.)
B. Amazon DynamoDB
C. Amazon Kinesis
D. Amazon RDS
E. AWS Global Accelerator
Correct Answer:
B. Amazon DynamoDB
Amazon, Exam
Pages: 1 2 3 4 5 6 7 8 9 10
Tags
AWS


Thievery →
P U P UWE B

Answers – Page 5
Exam Question 471

A medical records company is hosting an application on Amazon EC2 instances. The
application processes customer data files that are stored on Amazon S3. The EC2
instances are hosted in public subnets. The EC2 instances access Amazon S3 over the
internet, but they do not require any other network access.
A new requirement mandates that the network traffic for file transfers take a private
route and not be sent over the internet.
Which change to the network architecture should a solutions architect recommend to

meet this requirement?
A. Create a NAT gateway. Configure the route table for the public subnets to send traffic
to Amazon S3 through the NAT gateway.
B. Configure the security group for the EC2 instances to restrict outbound traffic so that
only traffic to the S3 prefix list is permitted.
C. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3,
and link the endpoint to the route table for the private subnets
D. Remove the internet gateway from the VP
E. Set up an AWS Direct Connect connection, and route traffic to Amazon S3 over the
Direct Connect connection.
Correct Answer:
C. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3,
and link the endpoint to the route table for the private subnets
Exam Question 472

A company is implementing new data retention policies for all databases that run on
Amazon RDS DB instances. The company must retain daily backups for a minimum
period of 2 years. The backups must be consistent and restorable.
Which solution should a solutions architect recommend to meet these requirements?
A. Create a backup vault in AWS Backup to retain RDS backups. Create a new backup
plan with a daily schedule and an expiration period of 2 years after creation. Assign the
RDS DB instances to the backup plan. Configure a backup window for the RDS DB
Instances for daily snapshots. Assign a snapshot retention policy of 2 years to each
RDS DB instance. Use Amazon Data Lifecycle Manager (Amazon DLM)
B. to schedule snapshot deletions.
C. Configure database transaction logs to be automatically backed up to Amazon
CloudWatch Logs with an expiration period of 2 years
D. Configure an AWS Database Migration Service (AWS DMS) replication task. Deploy a
replication instance, and configure a change data capture (CDC) task to stream
database changes to Amazon S3 as the target Configure S3 Lifecycle policies to delete
the snapshots after 2 years.
Correct Answer:
A. Create a backup vault in AWS Backup to retain RDS backups. Create a new backup
plan with a daily schedule and an expiration period of 2 years after creation. Assign the
RDS DB instances to the backup plan. Configure a backup window for the RDS DB
Instances for daily snapshots. Assign a snapshot retention policy of 2 years to each
RDS DB instance. Use Amazon Data Lifecycle Manager (Amazon DLM)
Exam Question 473

The following IAM policy is attached to an IAM group.
This is the only policy applied to the group.
What are the effective IAM permissions of this policy for group members?
A. Group members are permitted any Amazon EC2 action within the us-east-1 Region.
Statements after the Allow permission are not applied.
B. Group members are denied any Amazon EC2 permissions in the us-east-1 Region
unless they are logged in with multi-factor authentication (MFA).
C. Group members are allowed the ec2 Stoplnstances and ec2. TerminateInstances
permissions for all Regions when logged in with multi-factor authentication (MFA)
Group members are permitted any other Amazon EC2 action.
D. Group members are allowed the ec2 Stoplnstances and ec2. Terminate instances
permissions for the us-east-1 Region only when logged in with multi-factor
authentication (MFA) Group members are permitted any other Amazon EC2 action
within the us-east-1 Region.
Correct Answer:
D. Group members are allowed the ec2 Stoplnstances and ec2. Terminate instances
authentication (MFA) Group members are permitted any other Amazon EC2 action
within the us-east-1 Region.
Exam Question 474

A company runs an AWS Lambda function in private subnets in a VPC. The subnets
have a default route to the internet through an Amazon EC2 NAT instance. The Lambda
function processes input data and saves its output as an object to Amazon S3
intermittently the Lambda function times out while trying to upload the object because
of saturated traffic on the NAT instance’s network. The company wants to access
Amazon S3 without traversing the internet
A. Replace the fcC2 NAT instance with an AWS managed NAT gateway
B. Increase the size of the EC2 NAT instance in the VPC to a network optimized
instance type
C. Provision a gateway endpoint for Amazon S3 in the VPC Update the route tables of
the subnets accordingly
D. Provision a transit gateway Place transit gateway attachments in the private subnets
where the Lambda function is running
Correct Answer:
B. Increase the size of the EC2 NAT instance in the VPC to a network optimized
instance type
Exam Question 475

A solution architect is creating a new Amazon CloudFront distribution for an application
Some of Ine information submitted by users is sensitive. The application uses HTTPS
but needs another layer” of security. The sensitive information should be protected
throughout the entire application stack end access to the information should be
restricted to certain applications
Which action should the solutions architect take?
A. Configure a CloudFront signed URL

B. Configure a CloudFront signed cookie.
C. Configure a CloudFront field-level encryption profile
D. Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the
Viewer Protocol Policy
Correct Answer:
C. Configure a CloudFront field-level encryption profile
Exam Question 476
A company is deploying a two-tier web application in a VPC. The web tier is using an
Amazon EC2 Auto Scaling group with public subnets that span multiple Availability
Zones. The database tier consists of an Amazon RDS for MySQL DB instance in
separate private subnets. The web tier requires access to the database to retrieve
product information.
The web application is not working as intended. The web application reports that it
cannot connect to the database. The database is confirmed to be up and running. All
configurations for the network ACLs. security groups, and route tables are still in their
default states.
What should a solutions architect recommend to fix the application?
A. Add an explicit rule to the private subnet’s network ACL to allow traffic from the web
tier’s EC2 instances.
B. Add a route in the VPC route table to allow traffic between the web tier’s EC2
instances and The database tier.
C. Deploy the web tier’s EC2 instances and the database tier’s RDS instance into two
separate VPCs. and configure VPC peering.
D. Add an inbound rule to the security group of the database tier’s RDS instance to allow
traffic from the web tier’s security group.
Correct Answer:
D. Add an inbound rule to the security group of the database tier’s RDS instance to allow
traffic from the web tier’s security group.
Exam Question 477

A company runs a photo processing application mat needs to frequently upload and
download pictures from Amazon S3 buckets that are located in the same AWS Region A
solutions architect has noticed an increased cost in data transfer lees and needs to
implement a solution to reduce these costs
How can the solutions architect meet this requirement?

A. Deploy Amazon API Gateway into a public subnet and adjust the route table to route
S3 calls through it
B. Deploy a NAT gateway into a public subnet and attach an endpoint policy that allows
access to the S3 buckets
C. Deploy the application into a public subnet and allow it to route through an internet
gateway to access the S3 buckets
D. Deploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that
allows access to the S3 buckets
Correct Answer:
C. Deploy the application into a public subnet and allow it to route through an internet
gateway to access the S3 buckets
Exam Question 478

A company needs to store 160TB of data for an indefinite of time. The company must
be able to use standard SQL and business intelligence tools to query all of the data. The
data will be queried no more than twice each month.
What is the MOST cost-effective solution that meets these requirements?
A. Store the data in Amazon Aurora Serverless with MySQL

B. Use an SQL client to query the data.
C. Store the data in Amazon S3. Use AWS Glue. Amazon Athena. IDBC and COBC drivers
to query the data.
D. Store the data in an Amazon EMR cluster with EMR File System (EMRFS) as the
storage layer use Apache Presto to query the data.
E. Store a subnet of the data in Amazon Redshift, and store the remaining data in
Amazon S3. Use Amazon Redshift Spectrum to query the S3 data.
Correct Answer:
D. Store the data in an Amazon EMR cluster with EMR File System (EMRFS) as the
storage layer use Apache Presto to query the data.
Exam Question 479

A company needs to connect its on-premises data center network to a new VPC. The
data center network has a 100 Mbps symmetrical Internet connection. An application
that is running on-premises will transfer multiple gigabytes of data each day. The
application will use an Amazon Kinesis Data Firehose delivery stream for processing.
What should a solutions architect recommend for maximum performance?
A. Create a VPC peering connection between the on-premises network and the VPC
Configure routing for the on-premises network to use the VPC peering connection.
B. Procure an AWS Snowball Edge Storage Optimized device. After several days’ worth
of data has accumulated, copy the data to the device and ship the device to AWS for
expedited transfer to Kinesis Data Firehose Repeat as needed
C. Create an AWS Site-to-Site VPN connection between the on-premises network and
the VPC Configure BGP routing between the customer gateway and the virtual private
gateway. Use the VPN connection to send the data from on-premises to Kinesis Data
Firehose.
D. Use AWS PrivateLink to create an interface VPC endpoint for Kinesis Data Firehose in
the VP
E. Set up a 1 Gbps AWS Direct Connect connection between the on-premises network
and AWS Use the PrivateLink endpoint to send the data from on-premises to Kinesis
Data Firehose.
Correct Answer:
D. Use AWS PrivateLink to create an interface VPC endpoint for Kinesis Data Firehose in
the VP
Exam Question 480

A company operates a website on Amazon EC2 Linux instances Some of the instances
are failing. Troubleshooting points to insufficient swap space on the failed instances.
The operations team lead needs a solution to monitor this
What should a solutions architect recommend?
A. Configure an Amazon CloudWatch SwapUsage metric dimension Monitor the

SwapUsage dimension in the EC2 metrics in CloudWatch.
B. Use EC2 metadata to collect information, then publish it to Amazon CloudWatch
custom metrics Monitor SwapUsage metrics in CloudWatch
C. Install an Amazon CloudWatch agent on the instances. Run an appropriate script on
a set schedule. Monitor SwapUtilization metrics in CloudWatch
D. Enable detailed monitoring in the EC2 console Create an Amazon CloudWatch
SwapUtilization custom metric Monitor SwapUtilization metrics in CloudWatch
Correct Answer:
A. Configure an Amazon CloudWatch SwapUsage metric dimension Monitor the
SwapUsage dimension in the EC2 metrics in CloudWatch.
Amazon, Exam
Pages: 1 2 3 4 5 6 7 8 9 10
Tags
AWS


Thievery →
P U P UWE B

Answers – Page 5
Exam Question 481

A company is designing a shared storage solution for a gaming application that is
hosted in the AWS Cloud. The company needs the ability to use SMB clients to access
data solution must be fully managed.
Which AWS solution meets these requirements?
A. Create an AWS DataSync task that shares the data as a mountable file system Mount
the file system to the application server
B. Create an Amazon EC2 Windows instance Install and configure a Windows file share
role on the instance Connect the application server to the file share
C. Create an Amazon FSx for Windows File Server file system Attach the file system to
the origin server Connect the application server to the Me system
D. Create an Amazon S3 bucket Assign an 1AM role to the application to grant access
to the S3 bucket Mount the S3 bucket to the application server
Correct Answer:
C. Create an Amazon FSx for Windows File Server file system Attach the file system to
the origin server Connect the application server to the Me system
Exam Question 482

A company is Re-architecting a strongly coupled application to be loosely coupled
Previously the application used a request/response pattern to communicate between
tiers. The company plans to use Amazon Simple Queue Service (Amazon SQS) to
achieve decoupling requirements. The initial design contains one queue for requests
and one for responses However, this approach is not processing all the messages as
the application scales.
What should a solutions architect do to resolve this issue?
A. Configure a dead-letter queue on the ReceiveMessage API action of the SQS queue.
B. Configure a FIFO queue, and use the message deduplication ID and message group I
C. Create a temporary queue, with the Temporary Queue Client to receive each response
message.
D. Create a queue for each request and response on startup for each producer, and use
a correlation ID message attribute.
Correct Answer:
A. Configure a dead-letter queue on the ReceiveMessage API action of the SQS queue.
Exam Question 483

A solutions architect is creating a new Amazon CloudFront distribution for an
application Some of the information submitted by users is sensitive. The application
uses HTTPS but needs another layer of security. The sensitive information should be
protected throughout the entire application stack, and access to the information should
be restricted to certain applications.
Which action should the solutions architect take?

B. Configure a CloudFront signed cookie.
C. Configure a CloudFront field-level encryption profile.
D. Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the
Viewer Protocol Pokey
Correct Answer:
Exam Question 484

A solutions architect needs to design a resilient solution for Windows users’ home
directories. The solution must provide fault tolerance, file-level backup and recovery,
and access control, based upon the company’s Active Directory.
Which storage solution meets these requirements?
A. Configure Amazon S3 to store the users’ home directories. Join Amazon S3 to Active
Directory.
B. Configure a Multi-AZ file system with Amazon FSx for Windows File Server Join
Amazon FSx to Active Directory.
C. Configure Amazon Elastic File System (Amazon EFS) for the users’ home directories.
Configure AWS Single Sign-On with Active Directory.
D. Configure Amazon Elastic Block Store (Amazon EBS) to store the users’ home
directories Configure AWS Single Sign-On with Active Directory.
Correct Answer:
C. Configure Amazon Elastic File System (Amazon EFS) for the users’ home directories.
Configure AWS Single Sign-On with Active Directory.
Exam Question 485

A solutions architect is creating a data processing job that runs once daily and can take
up to 2 hours to complete If the job is interrupted, it has to restart from the beginning
How should the solutions architect address this issue in the MOST cost-effective
manner?
A. Create a script that runs locally on an Amazon EC2 Reserved Instance that is
triggered by a cron job.
B. Create an AWS Lambda function triggered by an Amazon EventBridge (Amazon
CloudWatch Events} scheduled event
C. Use an Amazon Elastic Container Service (Amazon ECS) Fargate task triggered by an
Amazon EventBridge (Amazon CloudWatch Events) scheduled event.
D. Use an Amazon Elastic Container Service (Amazon ECS) task running on Amazon
EC2 triggered by an Amazon EventBridge (Amazon CloudWatch Events) scheduled
event.
Correct Answer:
C. Use an Amazon Elastic Container Service (Amazon ECS) Fargate task triggered by an
Amazon EventBridge (Amazon CloudWatch Events) scheduled event.
Exam Question 486
A company hosts its multi-tier public web application in the AWS Cloud. The web
application runs on Amazon EC2 instances and its database runs on Amazon RDS. The
company is anticipating a large increase in sales during an upcoming holiday weekend
A solutions architect needs to build a solution to analyze the performance of the web
application with a granularity of no more than 2 minutes.
What should the solutions architect do to meet this requirement?
A. Send Amazon CloudWatch logs to Amazon Redshift Use Amazon QuickSight to

perform further analysis
B. Enable detailed monitoring on all EC2 instances Use Amazon CloudWatch metrics to
C. Create an AWS Lambda function to fetch EC2 logs from Amazon CloudWatch Logs
Use Amazon CloudWatch metrics to perform further analysis
D. Send EC2 logs to Amazon S3 Use Amazon Redshift to fetch logs from the S3 bucket
to process raw data for further analysis with Amazon QuickSight.
Correct Answer:
B. Enable detailed monitoring on all EC2 instances Use Amazon CloudWatch metrics to
Exam Question 487

A company is creating a three-tier web application consisting of a web server, an
application server, and a database server. The application will track GPS coordinates of
packages as they are being delivered. The application will update the database every 0-
5 seconds.
The tracking will need to read a fast as possible for users to check the status of their
packages. Only a few packages might be tracked on some days, whereas millions of
package might be tracked on other days. Tracking will need to be searchable by tracking
ID customer ID and order ID Order than 1 month no longer read to be tracked.
What should a solution architect recommend to accomplish this with minimal cost of
ownership?
A. Use Amazon DynamoDB Enable Auto Scaling on the DynamoDB table. Schedule an
automatic deletion script for items older than 1 month.
B. Use Amazon DynamoDB with global secondary indexes. Enable Auto Scaling on the
DynamoDB table and the global secondary indexes. Enable TTL on the DynamoDB table.
C. Use an Amazon RDS On-Demand instance with Provisioned IOPS (PIOPS). Enable
Amazon CloudWatch alarms to send notifications when PIOPS are exceeded. Increase
and decrease PIOPS as needed.
D. Use a Amazon RDS Reserved Instance with Provisioned IOPS (PIOPS). Enable
Amazon CloudWatch alarms to send notification when PIOPS are exceeded. Increase
and decrease PIOPS as needed.
Correct Answer:
B. Use Amazon DynamoDB with global secondary indexes. Enable Auto Scaling on the
DynamoDB table and the global secondary indexes. Enable TTL on the DynamoDB table.
Exam Question 488

A start-up company has a web application based in the us-east-1 Region with multiple
Amazon EC2 instances running behind an Application Load Balancer across multiple
Availability Zones As the company’s user base grows in the us-west-1 Region, it needs 3
solution with low latency and high availability.
What should a solutions architect do to accomplish this?
A. Provision EC2 instances in us-west-1. Switch my Application Load Balancer to a

Network Load Balancer to achieve cross-Region load balancing.
B. Provision EC2 instances and an Application Load Balancer in us-west-1 Make the
load balancer distribute the traffic based on the location of the request
C. Provision EC2 instances and configure an Application Load Balancer in us-west-1.
Create an accelerator in AWS Global Accelerator that uses an endpoint group that
includes the load balancer endpoints in both Regions.
D. Provision EC2 Instances and configure an Application Load Balancer in us-west-1

Configure Amazon Route 53 with a weighted routing policy. Create alias records in
Route 53 that point to the Application Load Balancer
Correct Answer:
C. Provision EC2 instances and configure an Application Load Balancer in us-west-1.
Create an accelerator in AWS Global Accelerator that uses an endpoint group that
includes the load balancer endpoints in both Regions.
Answer Description:
ELB provides load balancing within one Region, AWS Global Accelerator provides traffic
management across multiple Regions […] AWS Global Accelerator complements ELB by
extending these capabilities beyond a single AWS Region, allowing you to provision a
global interface for your applications in any number of Regions. If you have workloads
that cater to a global client base, we recommend that you use AWS Global Accelerator.
If you have workloads hosted in a single AWS Region and used by clients in and around
the same Region, you can use an Application Load Balancer or Network Load Balancer
to manage your resources.
References:
AWS Global Accelerator FAQs
Exam Question 489

A company has a service that produces event data. The company wants to use AWS to
process the event data as it is received. The data is written in a specific order that must
be maintained throughout processing. The company wants to implement a solution that
minimizes operational overhead.
How should a solution architect accomplish this”
A. Create an Amazon Simple Queue Service (Amazon SOS) FIFO queue to hold
messages. Set up an AWS Lambda function to process messages from the queue.
B. Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver
notifications containing payloads to process. Configure an AWS Lambda function as a

subscriber
C. Create an Amazon Simple Queue Service (Amazon SOS) standard queue to hold
messages Set up an AWS Lambda function 😮 process messages from the queue
independently
D. Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver
notifications containing payloads to process Configure an Amazon Simple Queue
Service (Amazon SQS) queue as a subscriber.
Correct Answer:
A. Create an Amazon Simple Queue Service (Amazon SOS) FIFO queue to hold
messages. Set up an AWS Lambda function to process messages from the queue.
Exam Question 490

The following IAM policy is attached to an IAM group. This is the only policy applied to
the group.
What are the effective IAM permissions of this policy for group members?
A. Group members are permitted any Amazon EC2 action within the us-east-1 Region.
Statements after. The Allow permission are not applied
B. Group member are denied any Amazon EC2 permissions in the us-east-1 Region
unless they are tagged in with multi-factor authentication (MFA).
C. Group members are allowed the ec2:StopInstances and ec2:Terminatelnstances
permissions for all Regions when logged in with multi-factor authentication (MFA).
Group members authorized any other Amazon EC2 action.
D. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances
authentication (MFA). Groups are permitted any other Amazon EC2 action within the us-
east-1 Region
Correct Answer:
D. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances
authentication (MFA). Groups are permitted any other Amazon EC2 action within the us-
east-1 Region
Amazon, Exam
Pages: 1 2 3 4 5 6 7 8 9 10
Tags
AWS

Thievery →
P U P UWE B

Answers – Page 5
Exam Question 491

A company is running a highly sensitive application on Amazon EC2 backed by an
Amazon RDS database Compliance regulations mandate that all personally identifiable
information (Pll) be encrypted at rest.
Which solution should a solutions architect recommend to meet this requirement with
the LEAST amount of changes to the infrastructure”
A. Deploy AWS Certificate Manager to generate certificates Use the certificates to

encrypt the database volume
B. Deploy AWS CloudHS
C. generate encryption keys, and use the customer master key (CMK) to encrypt
database volumes.
D. Configure SSL encryption using AWS Key Management Service customer master
keys (AWS KMS CMKs) to encrypt database volumes
E. Configure Amazon Elastic Block Store {Amazon EBS) encryption and Amazon RDS
encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance
and database volumes.
Correct Answer:
D. Configure SSL encryption using AWS Key Management Service customer master
keys (AWS KMS CMKs) to encrypt database volumes
Exam Question 492

A company recently migrated a message processing system to AWS. The system
receives messages into an ActiveMQ queue running on an Amazon EC2 instance.
Messages are processed by a consumer application running on Amazon EC2. The
consumer application processes the messages and writes results to a MySQL database
running on Amazon EC2. The company wants this application to be highly available with
low operational complexity
Which architecture offers the HIGHEST availability?
A. Add a second ActiveMQ server to another Availability Zone Add an additional

consumer EC2 instance in another Availability Zone Replicate the MySQL database to
another Availability Zone.
B. Use Amazon MQ with active/standby brokers configured across two Availability
Zones Add an additional consumer EC2 instance in another Availability Zone. Replicate
the MySQL database to another Availability Zone

C. Use Amazon MQ with active/standby brokers configured across two Availability
Zones. Add an additional consumer EC2 instance in another Availability Zone. Use
Amazon RDS for MySQL with Multi-AZ enabled
D. Use Amazon MQ with active/standby brokers configured across two Availability
Zones Add an Auto Scaling group for the consumer EC2 instances across two
Availability Zones Use Amazon RDS for MySQL with Multi-AZ enabled.
Correct Answer:
Exam Question 493

A meteorological startup company has a custom web application to sell weather data
to its users online. The company uses Amazon DynamoDB to store its data and wants
to build a new service that sends an alert to the managers of four internal teams every
time a new weather event is recorded. The company does not want this new service to
affect the performance of the current application
What should a solutions architect do to meet these requirements with the LEAST
amount of operational overhead?
A. Use DynamoDB transactions to write new event data to the table Configure the
transactions to notify internal teams.
B. Have the current application publish a message to four Amazon Simple Notification
Service (Amazon SNS) topics. Have each team subscribe to one topic.
C. Enable Amazon DynamoDB Streams on the table Use triggers to write to a single
Amazon Simple Notification Service (Amazon SNS) topic to which the teams can
subscribe
D. Add a custom attribute to each record to flag new items Write a cron job that scans
the table every minute for items that are new and notifies an Amazon Simple Queue
Service (Amazon SQS) queue to which the teams can subscribe
Correct Answer:
A. Use DynamoDB transactions to write new event data to the table Configure the
transactions to notify internal teams.
Exam Question 494

A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones
in a specific AWS Region for an upcoming event that will last 1 week.
What should the company do to guarantee the EC2 capacity?
A. Purchase Reserved Instances that specify the Region needed.

B. Create an On-Demand Capacity Reservation that specifies the Region needed.
C. Purchase Reserved Instances that specify the Region and three Availability Zones
needed.
D. Create an On-Demand Capacity Reservation that specifies the Region and three
Availability Zones needed.
Correct Answer:
A. Purchase Reserved Instances that specify the Region needed.
Exam Question 495

A company receives data from millions of users totaling about 1 TB each flay. The
company provides its user’s with usage reports gang back 12 months Al usage data
must be stored for at least 5 years to comply with regulatory and auditing requirements
Which storage solution is MOST cost-effective?
A. Store the data in Amazon S3 Standard. Set a lifecycle -rule to transition the data to S3
Glacier Deep Archive after 1 year. Set a Recycle rule to delete the data after5 years.
B. Store. The data in Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA). Set a
lifecycle rule to transition the data to S3 Glacier after 1 year Set the lifecycle rule to
delete the data after 5 years.
C. Store the data in Amazon S3 Standard Set a lifecycle rule to transition the data to S3
Standard-infrequent Access (S3 Standard-IA) after 1 year Sol a lifecycle rule to delete
the data after 5 years.
D. Store the data in Amazon S3 Standard Set a lifecycle -rule to transition the data to S3
One Zone-infrequent Access (S3 One Zone-IA) after 1 year, Set a Lifecycle rule to delete
the data after 5 years.
Correct Answer:
A. Store the data in Amazon S3 Standard. Set a lifecycle -rule to transition the data to S3
Glacier Deep Archive after 1 year. Set a Recycle rule to delete the data after5 years.
Exam Question 496

A three-tier web application processes orders from customers. The web tier consists of
Amazon EC2 instances behind an Application Load Balancer, a middle tier of three EC2
instances decoupled from the web tier using Amazon SQS. and an Amazon DynamoDB
backend. At peak times, customers who submit orders using the site have to wait much
longer than normal to receive confirmations due to lengthy processing times. A
solutions architect needs to reduce these processing times.
Which action will be MOST effective in accomplishing this?
A. Replace the SQS queue with Amazon Kinesis Data Firehose.

B. Use Amazon ElastiCache for Redis in front of the DynamoDB backend tier.
C. Add an Amazon CloudFront distribution to cache the responses for the web tier.
D. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the
SOS queue depth.
Correct Answer:
D. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the
SOS queue depth.
Exam Question 497
A company has hired a new cloud engineer who should not have access to an Amazon
S3 bucket named Company Confidential. the cloud engineer must be able to read from
and write to an S3 bucket called AdminTools.
Which IAM policy will meet these requirements?
A.
B.
C.
D.
Correct Answer:
A.
Exam Question 498
A company needs to store data in Amazon S3 A compliance requirement states that

when any changes are made to objects the previous state of the object with any
changes must be preserved Additionally files older than 5 years should not be accessed
but need to be archived for auditing
What should a solutions architect recommend that is MOST cost-effective?
A. Enable object-level versioning and S3 Object Lock in governance mode

B. Enable object-level versioning and S3 Object Lock in compliance mode
C. Enable object-level versioning Enable a lifecycle policy to move data older than 5
years to S3 Glacier Deep Archive
D. Enable object-level versioning Enable a lifecycle policy to move data older than 5
years to S3 Standard-Infrequent Access (S3 Standard-IA)
Correct Answer:
C. Enable object-level versioning Enable a lifecycle policy to move data older than 5
years to S3 Glacier Deep Archive
Exam Question 499

A company recently migrated a message processing system to AWS. The system
receives messages into an ActiveMQ queue running on an Amazon EC2 instance.
Messages are processed by a consumer application running on Amazon EC2. The
consumer application processes the messages and writes results to a MySQL database
running on Amazon EC2. The company wants this application to be highly available with
low operational complexity
Which architecture offers the HIGHEST availability?
A. Add a second ActiveMQ server to another Availability Zone Add an additional

consumer EC2 instance in another Availability Zone Replicate the MySQL database to
another Availability Zone.
B. Use Amazon MQ with active/standby brokers configured across two Availability
Zones Add an additional consumer EC2 instance in another Availability Zone. Replicate
the MySQL database to another Availability Zone

C. Use Amazon MQ with active/standby brokers configured across two Availability
Zones. Add an additional consumer EC2 instance in another Availability Zone. Use
Amazon RDS for MySQL with Multi-AZ enabled
Correct Answer:
Exam Question 500

A company hosts its core network services, including directory services and DNS. in its
on-premises data center. The data center is connected to the AWS Cloud using AWS
Direct Connect (DX) Additional AWS accounts are planned that will require quick, cost-
effective, and consistent access to these network services.
What should a solutions architect implement to meet these requirements with the
LEAST amount of operational overhead?
A. Create a DX connection in each new account Route the network traffic to the on-
premises servers
B. Configure VPC endpoints in the DX VPC for all required services Route the network
traffic to the on-premises servers.
C. Create a VPN connection between each new account and the DX VPC, Route the
network traffic to the on-premises servers
D. Configure AWS Transit Gateway between the accounts Assign DX to the transit
gateway and route network traffic to the on-premises servers
Correct Answer:
D. Configure AWS Transit Gateway between the accounts Assign DX to the transit
gateway and route network traffic to the on-premises servers

Amazon, Exam
Pages: 1 2 3 4 5 6 7 8 9 10
Tags
AWS


Thievery →

pupu_5_1_merged

Uploaded by

Copyright:

Available Formats

pupu_5_1_merged

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

pupu_5_1_merged

Uploaded by

Copyright:

Available Formats

1/14/23, 4:03 AM AWS Certified Solutions Architect - Associate SAA-C02 Exam Questions and Answers - Page 5

AWS Certified Solutions Architect –

Exam Question 401

A. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring

Exam Question 402

Exam Question 403

What should a solutions architect recommend to decouple the system?

Exam Question 404

Which solution meets these requirements?

A. Replace the NAT gateway with a NAT instance.

Exam Question 405

What should a solutions architect do to increase the application’s performance?

Exam Question 406

What should a solutions architect do to accomplish this?

Exam Question 407

A. Server-side encryption with customer-provided keys (SSE-C)

Exam Question 408

What should a solutions architect recommend?

Exam Question 409

What should the solutions architect recommend to solve these issues?

A. Migrate the database to Amazon Aurora with Aurora Replicas.

Exam Question 410

A. Create an A record with a latency policy.

← AWS Certified Solutions Architect – Associate SAA-C02 Exam

The Best Way to Keep Your Bitcoins Protected from Digital

Copyright © 2023 PUPUWEB

AWS Certified Solutions Architect –

Exam Question 411

A. Configure storage Auto Scaling on the RDS for Oracle instance.

Exam Question 412

What should a solutions architect recommend to ensure the application is able to

A. Configure an Amazon CloudFront distribution in front of the ALB.

Exam Question 413

What should a solutions architect do to meet these requirements?

A. Use Amazon EC2 instances, and install Docker on the instances.

Exam Question 414

What can a solutions architect do to meet this requirement?

A. Configure gateway VPC endpoints to Amazon S3 and DynamoDB.

Exam Question 415

Exam Question 416

Which solution will meet these requirements?

Exam Question 417

Exam Question 418

Which combination of actions should a solutions architect take to meet these

A. Deploy an Amazon Elastic Container Service (Amazon ECS) cluster.

Exam Question 419

Which solution accomplishes these goals MOST cost-effectively?

Exam Question 420

What should a solutions architect do to meet these requirements?

OAI with EC2 instances in each Region to support global traffic.

← AWS Certified Solutions Architect – Associate SAA-C02 Exam

The Best Way to Keep Your Bitcoins Protected from Digital

Copyright © 2023 PUPUWEB

AWS Certified Solutions Architect –

Exam Question 421

Which combination of configuration options will meet these requirements? (Choose

Exam Question 422

Exam Question 423

Exam Question 424

Which solution meets these requirements?