• Home
  • Articles
  • Pass Exam Questions Efficiently With SAA-C02 Questions (2023) [Q42-Q60]

Pass Exam Questions Efficiently With SAA-C02 Questions (2023) [Q42-Q60]

Share

Pass Exam Questions Efficiently With SAA-C02 Questions (2023) 

SAA-C02 Questions - Truly Beneficial For Your Amazon Exam 

NEW QUESTION # 42
A company needs to use its on-premises LDAP directory service to authenticate its users to the AWS Management Console.
The directory service is not compatible with Security Assertion Markup Language (SAML) Which solution meets these requirements?

  • A. Set up a process that rotates the IAM credentials whenever LDAP credentials are updated.
  • B. Develop an on-premises custom identity broker application of process mat uses AWS Security Token Service (AWS STS) to get short-lived credentials
  • C. Enable AWS Single Sign-On between AWS and the on-premises LDAP
  • D. Create an 1AM policy mat uses AWS credentials and integrate the policy into LDAP

Answer: C


NEW QUESTION # 43
A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of fobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely copied and the job items are durably stored Which design should the solutions architect use?

  • A. Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic
  • B. Create an Amazon SQS queue to hold the jobs that needs to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue
  • C. Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch configuration that uses the AMI Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage
  • D. Create an Amazon SQS queue to hold the jobs that need to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch configuration that uses the AM' Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage

Answer: B

Explanation:
"Create an Amazon SQS queue to hold the jobs that needs to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue" In this case we need to find a durable and loosely coupled solution for storing jobs. Amazon SQS is ideal for this use case and can be configured to use dynamic scaling based on the number of jobs waiting in the queue.To configure this scaling you can use the backlog per instance metric with the target value being the acceptable backlog per instance to maintain. You can calculate these numbers as follows: Backlog per instance: To calculate your backlog per instance, start with the ApproximateNumberOfMessages queue attribute to determine the length of the SQS queue


NEW QUESTION # 44
A company is running a media store across multiple Amazon EC2 instances distnbuted across multiple Availability Zones in a single VPC. The company wants a high-performing solution to share data between all the EC2 instances, and prefers to keep the data within the VPC only What should a solutions architect recommend?

  • A. Configure an Amazon Elastic Block Store (Amazon EBS) volume and mount it across ail instances.
  • B. Create an Amazon S3 bucket and call the service APIs from each instance's application.
  • C. Create an Amazon S3 bucket and configure all instances to access it as a mounted volume
  • D. Configure an Amazon Elastic File System (Amazon EPS) file system and mount it across all instances

Answer: A


NEW QUESTION # 45
A company runs a production application on a fleet of Amazon EC2 instances.
The application reads the data from an Amazon SQS queue and processes the messages in parallel.
The message volume is unpredictable and often has intermittent traffic.
This application should continually process messages without any downtime Which solution meets these requirements MOST cost-effectively?

  • A. Use Reserved Instances exclusively to handle the maximum capacity required
  • B. Use Reserved instances for the baseline capacity and use On-Demand Instances to handle additional capacity
  • C. Use Spot Instances exclusively to handle the maximum capacity required
  • D. Use Reserved Instances for the baseline capacity and use Spot InstaKes to handle additional capacity

Answer: B

Explanation:


NEW QUESTION # 46
A company is running an ecommerce application on Amazon EC2 The application consists of a stateless web tier that requires a minimum of 10 instances, and a peak of 250 instances to support the application's usage The application requires 50 instances 80% of the time Which solution should be used to minimize costs?

  • A. Purchase Reserved Instances to cover 250 instances
  • B. Purchase Reserved Instances to cover 80 instances Use Spot Instances to cover the remaining instances
  • C. Purchase On-Demand Instances to cover 40 instances Use Spot Instances to cover the remaining instances
  • D. Purchase Reserved Instances to cover 50 instances Use On-Demand and Spot Instances to cover the remaining instances

Answer: D


NEW QUESTION # 47
A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options. The storage solution must be highly available and integrated with Active Directory for access control.
Which solution will satisfy these requirements?

  • A. Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.
  • B. Configure Amazon EFS storage and set the Active Directory domain for authentication.
  • C. Create an SMB file share on an AWS Storage Gateway file gateway in two Availability Zones.
  • D. Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume.

Answer: A

Explanation:
Explanation/Reference: https://aws.amazon.com/fsx/windows/


NEW QUESTION # 48
A company has hired a new cloud engineer who should not have access to an Amazon S3 bucket named Company Confidential. the cloud engineer must be able to read from and write to an S3 bucket called AdminTools.
Which IAM policy will meet these requirements?
A)

B)

C)

D)

  • A. Option D
  • B. Option C
  • C. Option A
  • D. Option B

Answer: C


NEW QUESTION # 49
A recent analysis of a company's IT expenses highlights the need to reduce backup costs. The company's chief information officer wants to simplify the on-premises backup infrastructure and reduce costs by eliminating the use of physical backup tapes. The company must preserve the existing investment in the on-premises backup applications and workflows.
What should a solutions architect recommend?

  • A. Set up AWS Storage Gateway to connect with the backup applications using the NFS interface.
  • B. Set up an Amazon EFS file system that connects with the backup applications using the iSCSI interface
  • C. Set up an Amazon EFS file system that connects with the backup applications using the NFS interface
  • D. Set up AWS Storage Gateway to connect with the backup applications using the iSCSI-virtual tape library (VTL) interface.

Answer: D


NEW QUESTION # 50
A company is investigating potential solutions that would collect, process, and store users' service usage data.
The business objective is to create an analytics capability that will enable the company to gather operational insights quickly using standard SQL queries.
The solution should be highly available and ensure Atomicity, Consistency, Isolation, and Durability (ACID) compliance in the data tier.
Which solution should a solutions architect recommend?

  • A. Create an Amazon Neptune database in a Multi AZ design
  • B. Use Amazon DynamoDB transactions
  • C. Use a fully managed Amazon RDS for MySQL database in a Multi-AZ design
  • D. Deploy PostgreSQL on an Amazon EC2 instance that uses Amazon EBS Throughput Optimized HDD (st1) storage.

Answer: C


NEW QUESTION # 51
A weather forecasting company needs to process hundreds of gigabytes of data with sub-mill (second latency.
The company has a high performance computing (HPC) environment in its data center and wants to expand its forecasting capabilities A solutions architect must identify a highly available cloud storage solution that can handle large amounts of sustained throughput Files that are stored in the solution should be accessible to thousands of compute instances that will simultaneously access and process the entire dataset What should the solutions architect do to meet these requirements?

  • A. Use Amazon Elastic File System (Amazon EFS) with Provisioned Throughput mode
  • B. Use Amazon Elastic File System (Amazon EFS) with Bursting Throughput mode
  • C. Use Amazon FSx for Lustre scratch file systems.
  • D. Use Amazon FSx for Lustre persistent file systems

Answer: B


NEW QUESTION # 52
A solution architect is performing a security review of a recently migrated workload. The workload is a web application that consists of amazon EC2 instances in an Auto Scaling group behind an Application Load balancer. The solution architect must improve the security posture and minimize the impact of a DDoS attack on resources.
Which solution is MOST effective?

  • A. Create a custom AWS Lambda function that adds identified attacks into a common vulnerability pool to capture a potential DDoS attack. use the identified information to modify a network ACL to block access.
  • B. Enable VPC Flow Logs and store then in Amazon S3. Create a custom AWS Lambda functions that parses the logs looking for a DDoS attack. Modify a network ACL to block identified source IP addresses.
  • C. Configure an AWS WAF ACL with rate-based rules Create an Amazon CloudFront distribution that points to the Application Load Balancer. Enable the EAF ACL on the CloudFront distribution
  • D. Enable Amazon GuardDuty and , configure findings written 10 Amazon GloudWatch Create an event with Cloud Watch Events for DDoS alerts that triggers Amazon Simple Notification Service (Amazon SNS) Have Amazon SNS invoke a custom AWS lambda function that parses the logs looking for a DDoS attack Modify a network ACL to block identified source IP addresses

Answer: A


NEW QUESTION # 53
A company's order fulfillment service uses a MySQL database.
The database needs to support a large number of concurrent queries and transactions Developers are spending time patching and tuning the database.
This is causing delays in releasing new product features.
The company wants to use cloud-based services to help address this new challenge.
The solution must allow the developers to migrate the database with little or no code changes and must optimize performance.
Which service should a solutions architect use to meet these requirements?

  • A. MySQL on Amazon EC2
  • B. Amazon DynamoDB
  • C. Amazon ElastiCache
  • D. Amazon Aurora

Answer: D


NEW QUESTION # 54
A group requires permissions to list an Amazon S3 bucket and delete objects from that bucket. An administrator has created the following IAM policy to provide access to the bucket and applied that policy to the group. The group is not able to delete objects in the bucket. The company follows least-privilege access rules.

A)

B)

C)

D)

  • A. Option D
  • B. Option C
  • C. Option A
  • D. Option B

Answer: C


NEW QUESTION # 55
A company currently operates a web application backed by an Amazon RDS MySQL database It has automated backups that are run daily and are not encrypted A security audit requires future backups to be encrypted and the unencrypted backups to be destroyed The company will make at least one encrypted backup before destroying the old backups What should be done to enable encryption for future backups''

  • A. Enable default encryption for the Amazon S3 bucket where backups are stored
  • B. Enable an encrypted read replica on RDS for MySQL Promote the encrypted read replica to primary Remove the original database instance
  • C. Create a snapshot of the database Copy it to an encrypted snapshot Restore the database from the encrypted snapshot
  • D. Modify the backup section of the database configuration to toggle the Enable encryption check box

Answer: C

Explanation:
Explanation
However, because you can encrypt a copy of an unencrypted DB snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance DB instances that are encrypted can't be modified to disable encryption.
You can't have an encrypted read replica of an unencrypted DB instance or an unencrypted read replica of an encrypted DB instance.
Encrypted read replicas must be encrypted with the same key as the source DB instance when both are in the same AWS Region.
You can't restore an unencrypted backup or snapshot to an encrypted DB instance.
To copy an encrypted snapshot from one AWS Region to another, you must specify the KMS key identifier of the destination AWS Region. This is because KMS encryption keys are specific to the AWS Region that they are created in.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html


NEW QUESTION # 56
An organization has three separate AWS accounts, one each for development, testing, and production. The organization wants the testing team to have access to certain AWS resources in the production account. How can the organization achieve this?

  • A. Create the IAM user in a test account, and allow it access to the production environment with the IAM policy.
  • B. It is not possible to access resources of one account with another account.
  • C. Create the IAM roles with cross account access.
  • D. Create the IAM users with cross account access.

Answer: C

Explanation:
An organization has multiple AWS accounts to isolate a development environment from a testing or production environment. At times the users from one account need to access resources in the other account, such as promoting an update from the development environment to the production environment. In this case the IAM role with cross account access will provide a solution. Cross account access lets one account share access to their resources with users in the other AWS accounts.
Reference: http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf


NEW QUESTION # 57
A company wants to build an immutable infrastructure for its software applications The company wants to test the software applications before sending traffic to them The company seeks an efficient solution that limits the effects of application bugs
Which combination of steps should a solutions architect recommend? {Select TWO)

  • A. Apply Amazon Route 53 failover routing to test the staging environment and fail over to the production environment if the tests pass
  • B. Use AWS Cloud Formation to deploy the staging environment with a snapshot deletion policy and reuse the resources in the production environment if the tests pass
  • C. Use AWS Cloud Formation with a parameter set to the staging value in a separate environment other than the production environment
  • D. Use AWS Cloud Formation to update the production infrastructure and roll back the stack if the update fails
  • E. Apply Amazon Route 53 weighted routing to test the staging environment and gradually increase the traffic as the tests pass

Answer: B,D


NEW QUESTION # 58
A company is building ils web application by using contains on AWS.
The company requires three instances of the web application to run at all times.
The application must be highly available and must be able to scale to meet increases In demand Which solution meets these requirements?

  • A. Use the AWS Fargate launch type to create an Amazon Elastic Contain Service (Amazon ECS) duster Create a task definition for the web application Create an ECS service that ha6 a desired count of three tasks.
  • B. Use the AWS Fargate launch type to create an Amazon Elastic Contain Service (Amazon ECS) cluster that has three container instances in three different Availability Zones Create a task definition for the web application Create an ECS service that has a desired count of three tasks
  • C. Use the Amazon EC2 launch type to create an Amazon Elastic Contain Service (Amazon ECS) cluster that has three container Instances in one Availability Zone Create a task definition for the web application Place one task for each container instance.
  • D. Use the Amazon EC2 launch type to create an Amazon Elastic Contain Service (Amazon ECS) duster that has one container instance in two different Availability Zones. Ceate definition for the web application Place two tasks on one container instance Place one task on the remaining container instance

Answer: B


NEW QUESTION # 59
A company has an Amazon S3 data lake that is governed by AWS Lake Formation The company wants to create a visualization in Amazon QuickSight by joining the data in the data lake with operational data that is stored in an Amazon Aurora MySQL database The company wants to enforce column-level authorization so that the company's marketing team can access only a subset of columns in the database
Which solution will meet these requirements with the LEAST operational overhead?

  • A. Use AWS Glue Elastic Views to create a materialized view for the database in Amazon S3 Create an S3 bucket policy to enforce column-level access control for the QuickSight users Use Amazon S3 as the data source in QuickSight.
  • B. Use a Lake Formation blueprint to ingest the data from the database to the S3 data lake Use Lake Formation to enforce column-level access control for the QuickSight users Use Amazon Athena as the data source in QuickSight
  • C. Use Amazon EMR to ingest the data directly from the database to the QuickSight SPICE engine Include only the required columns
  • D. Use AWS Glue Studio to ingest the data from the database to the S3 data lake Attach an 1AM policy to the QuickSight users to enforce column-level access control. Use Amazon S3 as the data source in QuickSight

Answer: A


NEW QUESTION # 60
......

Truly Beneficial For Your Amazon Exam: https://actualtest.updatedumps.com/Amazon/SAA-C02-updated-exam-dumps.html

Related Articles

more
Amazon SAA-C02 Certification Practice Exam