Notes: Hi all, We’re sharing AWS Solutions Architect Associate (SAA-C02) Practice Exam Part 10 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take the AWS Solutions Architect Associate SAA-C02 Actual Exam Version because it include actual exam questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
For PDF Version:
AWS Solutions Architect Associate SAA-C02 Practice Exam Part 1
AWS Solutions Architect Associate SAA-C02 Practice Exam Part 2
AWS Solutions Architect Associate SAA-C02 Practice Exam Part 3
AWS Solutions Architect Associate SAA-C02 Practice Exam Part 4
AWS Solutions Architect Associate SAA-C02 Practice Exam Part 5
AWS Solutions Architect Associate SAA-C02 Practice Exam Part 6
AWS Solutions Architect Associate SAA-C02 Practice Exam Part 7
AWS Solutions Architect Associate SAA-C02 Practice Exam Part 8
AWS Solutions Architect Associate SAA-C02 Practice Exam Part 9
For Audio Version: https://www.youtube.com/playlist?list=PLRfkgcv2GPKOilM6C2VuWYosdNjfD_S2R
121. A company is using a centralized AWS account to store log data in various Amazon S3 buckets. A solutions architect needs to ensure that the data is encrypted at rest before the data is uploaded to the S3 buckets. The data also must be encrypted in transit. Which solution meets these requirements?
A. Use client-side encryption to encrypt the data that is being uploaded to the S3 buckets.
B. Use server-side encryption to encrypt the data that is being uploaded to the S3 buckets.
C. Create bucket policies that require the use of server-side encryption with S3 managed encryption keys (SSE-S3) for S3 uploads.
D. Enable the security option to encrypt the S3 buckets through the use of a default AWS Key Management Service (AWS KMS) key.
122. A business wishes to implement a shared file system for its.NET application servers and Microsoft SQL Server databases that are hosted on Amazon EC2 instances running Windows Server 2016. The solution must interact with the corporate Active Directory domain, be very durable, be managed by AWS, and provide high levels of throughput and IOPS. Which solution satisfies these criteria?
A. Use Amazon FSx for Windows File Server.
B. Use Amazon Elastic File System (Amazon EFS).
C. Use AWS Storage Gateway in file gateway mode.
D. Deploy a Windows file server on two On Demand instances across two Availability Zones.
123. A business is in the process of deploying a data lake on AWS. A solutions architect must describe a strategy for encrypting data at rest. S3/Amazon According to the company’s security policy:
Keys must be rotated every 90 days.
Strict separation of duties between key users and key administrators must be implemented.
Auditing key usage must be possible.
What recommendations should the solutions architect make?
A. Server-side encryption with AWS KMS managed keys (SSE-KMS) with customer managed customer master keys (CMKs)
B. Server-side encryption with AWS KMS managed keys (SSE-KMS) with AWS managed customer master keys (CMKs)
C. Server-side encryption with Amazon S3 managed keys (SSE-S3) with customer managed customer master keys (CMKs)
D. Server-side encryption with Amazon S3 managed keys (SSE-S3) with AWS managed customer master keys (CMKs)
124. A business uses AWS to host a three-tier environment that collects sensor data from its consumers’ devices. The traffic is routed via a Network Load Balancer (NLB), then to Amazon EC2 instances for the web tier and then to Amazon EC2 instances for the application layer that conducts database calls. What should a solutions architect do to enhance data security when it is being sent to the web tier?
A. Configure a TLS listener and add the server certificate on the NLB.
B. Configure AWS Shield Advanced and enable AWS WAF on the NLB.
C. Change the load balancer to an Application Load Balancer and attach AWS WAF to it.
D. Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances using AWS Key Management Service (AWS KMS).
125. A business wishes to enhance the availability and performance of a hybrid application. The application is composed of a stateful TCP-based workload that is hosted on Amazon EC2 instances across several AWS Regions, and a stateless UOP-based task that is housed on-premises. Which activities should a solutions architect do in combination to increase availability and performance? (Select two.)
A. Create an accelerator using AWS Global Accelerator. Add the load balancers as endpoints.
B. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the load balancers.
C. Configure two Application Load Balancers in each Region. The first will route to the EC2 endpoints and the second will route to the on-premises endpoints.
D. Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure a Network Load Balancer in each Region that routes to the on- premises endpoints.
E. Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure an Application Load Balancer in each Region that routes to the on-premises endpoints.
126. A solutions architect is reviewing the security of a newly transferred workload. The workload is a web application that is composed of Amazon EC2 instances that are part of an Auto Scaling group and are routed via an Application Load Balancer. The solutions architect must strengthen the security posture and mitigate the resource effect of a DDoS assault. Which of the following solutions is the MOST EFFECTIVE?
A. Configure an AWS WAF ACL with rate-based rules. Create an Amazon CloudFront distribution that points to the Application Load Balancer. Enable the WAF ACL on the CloudFront distribution.
B. Create a custom AWS Lambda function that adds identified attacks into a common vulnerability pool to capture a potential DDoS attack. Use the identified information to modify a network ACL to block access.
C. Enable VPC Flow Logs and store then in Amazon S3. Create a custom AWS Lambda functions that parses the logs looking for a DDoS attack. Modify a network ACL to block identified source IP addresses.
D. Enable Amazon GuardDuty and configure findings written to Amazon CloudWatch. Create an event with CloudWatch Events for DDoS alerts that triggers Amazon Simple Notification Service (Amazon SNS). Have Amazon SNS invoke a custom AWS Lambda function that parses the logs, looking for a DDoS attack. Modify a network ACL to block identified source IP addresses.
127. A business is building an ecommerce solution that will have a load-balanced front end, a container-based application, and a relational database. A solutions architect must design a highly accessible system that requires little human intervention. Which solutions satisfy these criteria? (Select two.)
A. Create an Amazon RDS DB instance in Multi-AZ mode.
B. Create an Amazon RDS DB instance and one or more replicas in another Availability Zone.
C. Create an Amazon EC2 instance-based Docker cluster to handle the dynamic application load.
D. Create an Amazon Elastic Container Service (Amazon ECS) cluster with a Fargate launch type to handle the dynamic application load.
E. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type to handle the dynamic application load.
128. A business created a stateless two-tier application using Amazon EC2 in a single Availability Zone and an Amazon RDS Multi-AZ database instance. The new administration of the organization wants to guarantee that the application is highly accessible. What actions should a solutions architect do in order to satisfy this requirement?
A. Configure the application to use Multi-AZ EC2 Auto Scaling and create an Application Load Balancer.
B. Configure the application to take snapshots of the EC2 instances and send them to a different AWS Region.
C. Configure the application to use Amazon Route 53 latency-based routing to feed requests to the application.
D. Configure Amazon Route 53 rules to handle incoming requests and create a Multi-AZ Application Load Balancer.
129. A major company’s administrator want to monitor and prevent cryptocurrency-related assaults on the company’s AWS accounts. Which AWS service can the administrator use to safeguard the organization from cyberattacks?
A. Amazon Cognito
B. Amazon GuardDuty
C. Amazon Inspector
D. Amazon Macie
130. A business maintains data in an on-premises data center, which is utilized by a variety of on-premises applications. The organization wishes to preserve its current application environment while using AWS services for data analytics and future visualizations.Which storage service should a solutions architect propose to his or her clients?
A. Amazon Redshift
B. AWS Storage Gateway for files
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon Elastic File System (Amazon EFS)
131. A business is considering migrating a commercial off-the-shelf application from its on-premises data center to Amazon Web Services (AWS). The software is licensed on a per-socket and per-core basis, with predictable capacity and uptime requirements. The corporation wants to continue using its current licenses, which were acquired earlier this year. Which price option for Amazon EC2 is the MOST cost-effective?
A. Dedicated Reserved Hosts
B. Dedicated On-Demand Hosts
C. Dedicated Reserved Instances
D. Dedicated On-Demand Instances
132. A firm is developing a web application that will use Amazon S3 to store a big number of photos. Users will get access to the photographs for varying durations of time. The business wishes to:
Retain all the images
Incur no cost for retrieval.
Have minimal management overhead.
Have the images available with no impact on retrieval time.
Which solution satisfies these criteria?
A. Implement S3 Intelligent-Tiering
B. Implement S3 storage class analysis
C. Implement an S3 Lifecycle policy to move data to S3 Standard-Infrequent Access (S3 Standard-IA).
D. Implement an S3 Lifecycle policy to move data to S3 One Zone-Infrequent Access (S3 One Zone-IA).
132. A business offers an online shopping application and all orders are stored in an Amazon RDS for PostgreSQL Single-AZ database instance. Management want to remove single points of failure and has requested a solutions architect to offer a method for minimizing database downtime without modifying the application code. Which solution satisfies these criteria?
A. Convert the existing database instance to a Multi-AZ deployment by modifying the database instance and specifying the Multi-AZ option.
B. Create a new RDS Multi-AZ deployment. Take a snapshot of the current RDS instance and restore the new Multi-AZ deployment with the snapshot.
C. Create a read-only replica of the PostgreSQL database in another Availability Zone. Use Amazon Route 53 weighted record sets to distribute requests across the databases.
D. Place the RDS for PostgreSQL database in an Amazon EC2 Auto Scaling group with a minimum group size of two. Use Amazon Route 53 weighted record sets to distribute requests across instances.
133. A business intends to launch a freshly developed application on AWS in a default VPC. The program will be divided into two layers: a web layer and a database layer. The web server and MySQL database were constructed in public subnets, whereas the web server and MySQL database were created in private subnets. The default network ACL settings are used to build all subnets, and the default security group in the VPC is replaced with new custom security groups.
The critical criteria are as follows:
The web servers must be accessible only to users on an SSL connection.
The database should be accessible to the web layer, which is created in a public subnet only.
All traffic to and from the IP range 182.20.0.0/16 subnet should be blocked.
Which combination of actions satisfies these criteria? (Choose two.)
A. Create a database server security group with inbound and outbound rules for MySQL port 3306 traffic to and from anywhere (0 0.0.0/0).
B. Create a database server security group with an inbound rule for MySQL port 3306 and specify the source as a web server security group.
C. Create a web server security group with an inbound allow rule for HTTPS port 443 traffic from anywhere (0.0.0.0/0) and an inbound deny rule for IP range 182.20.0.0/16.
D. Create a web server security group with an inbound rule for HTTPS port 443 traffic from anywhere (0.0.0.0/0). Create network ACL inbound and outbound deny rules for IP range 182.20.0.0/16.
E. Create a web server security group with inbound and outbound rules for HTTPS port 443 traffic to and from anywhere (0.0.0.0/0). Create a network ACL inbound deny rule for IP range 182.20.0.0/16.
134. A solutions architect is developing a solution that will lead customers to a backup static error page in the event that the original website becomes inaccessible. The DNS records for the major website are housed on Amazon Route 53, with the domain referring to an Application Load Balancer (ALB). Which configuration should the solutions architect use in order to fulfill the business’s requirements while reducing modifications and infrastructure overhead?
A. Point a Route 53 alias record to an Amazon CloudFront distribution with the ALB as one of its origins. Then, create custom error pages for the distribution.
B. Set up a Route 53 active-passive failover configuration. Direct traffic to a static error page hosted within an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy.
C. Update the Route 53 record to use a latency-based routing policy. Add the backup static error page hosted within an Amazon S3 bucket to the record so the traffic is sent to the most responsive endpoints.
D. Set up a Route 53 active-active configuration with the ALB and an Amazon EC2 instance hosting a static error page as endpoints. Route 53 will only send requests to the instance if the health checks fail for the ALB.
135. On AWS, a business hosts an online marketplace web application. During peak hours, the program serves hundreds of thousands of users. The business requires a scalable, near-real-time solution for sharing information about millions of financial transactions with various other internal systems. Additionally, transactions must be processed to remove sensitive data prior to being stored in a document database for fast retrieval. What recommendations should a solutions architect make to satisfy these requirements?
A. Store the transactions data into Amazon DynamoDB. Set up a rule in DynamoDB to remove sensitive data from every transaction upon write. Use DynamoDB Streams to share the transactions data with other applications.
B. Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3. Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive data. Other applications can consume the data stored in Amazon S3.
C. Stream the transactions data into Amazon Kinesis Data Streams. Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in AmazonDynamoDB. Other applications can consume the transactions data off the Kinesis data stream.
D. Store the batched transactions data in Amazon S3 as files. Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon S3. The Lambda function then stores the data in Amazon DynamoDB. Other applications can consume transaction files stored in Amazon S3.
136. A business may have many AWS accounts for different departments. One of the departments would want to share an Amazon S3 bucket with the rest of the organization. Which of the following solutions requires the LEAST amount of effort?
A. Enable cross-account S3 replication for the bucket.
B. Create a pre-signed URL for the bucket and share it with other departments.
C. Set the S3 bucket policy to allow cross-account access to other departments.
D. Create IAM users for each of the departments and configure a read-only IAM policy.
137. A business hosts a web application on Amazon Web Services (AWS) utilizing a single Amazon EC2 instance that saves user-uploaded documents in an Amazon Elastic Block Store (Amazon EBS) volume. To improve scalability and availability, the organization replicated the architecture and deployed a second EC2 instance and EBS volume in a different Availability Zone, both of which were placed behind an Application Load Balancer. After this update was made, users claimed that each time they refreshed the page, they could view a portion of their papers but never all of them. What should a solutions architect suggest to guarantee that users have access to all of their documents simultaneously?
A. Copy the data so both EBS volumes contain all the documents.
B. Configure the Application Load Balancer to direct a user to the server with the documents.
C. Copy the data from both EBS volumes to Amazon Elastic File System (Amazon EFS). Modify the application to save new documents to Amazon Elastic File System (Amazon EFS).
D. Configure the Application Load Balancer to send the request to both servers. Return each document from the correct server.
138. A solutions architect is in the process of implementing a distributed database across many Amazon EC2 instances. The database replicates all data across numerous instances to ensure that it can survive the loss of single instance. The database needs block storage that is low in latency and high in throughput in order to accommodate several million transactions per second per server. Which storage option should the architect of solutions use?
A. EBS Amazon Elastic Block Store (Amazon EBS)
B. Amazon EC2 instance store
C. Amazon Elastic File System (Amazon EFS)
D. Amazon S3
139. A three-tier web application is used to handle client orders. The web tier is made up of Amazon EC2 instances behind an Application Load Balancer, a middle tier made up of three EC2 instances that are isolated from the web layer through Amazon SQS, and an Amazon DynamoDB backend. During busy periods, consumers who place purchases through the site must wait much longer than usual for confirmations owing to prolonged processing delays. A solutions architect’s objective should be to minimize these processing times. Which course of action will be the MOST EFFECTIVE in achieving this?
A. Replace the SQS queue with Amazon Kinesis Data Firehose.
B. Use Amazon ElastiCache for Redis in front of the DynamoDB backend tier.
C. Add an Amazon CloudFront distribution to cache the responses for the web tier.
D. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SQS queue depth.
140. A solutions architect is developing a solution that will need frequent modifications to a website hosted on Amazon S3 with versioning enabled. Due to compliance requirements, older versions of the objects will be seldom accessed and will need to be removed after two years. What should the solutions architect propose as the CHEAPEST way to achieve these requirements?
A. Use S3 batch operations to replace object tags. Expire the objects based on the modified tags.
B. Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier. Expire the objects after 2 years.
C. Enable S3 Event Notifications on the bucket that sends older objects to the Amazon Simple Queue Service (Amazon SQS) queue for further processing.
D. Replicate older object versions to a new bucket. Use an S3 Lifecycle policy to expire the objects in the new bucket after 2 years.
141. A solutions architect is developing a web application that will be hosted on Amazon EC2 instances and managed by an Application Load Balancer (ALB). The organization places a high premium on the application’s resilience to hostile internet activities and assaults, as well as its protection against newly discovered vulnerabilities and exposures. What recommendations should the solutions architect make?
A. Leverage Amazon CloudFront with the ALB endpoint as the origin.
B. Deploy an appropriate managed rule for AWS WAF and associate it with the ALB.
C. Subscribe to AWS Shield Advanced and ensure common vulnerabilities and exposures are blocked.
D. Configure network ACLs and security groups to allow only ports 80 and 443 to access the EC2 instances.
142. A business wishes to transition its online application to Amazon Web Services (AWS). The classic web application is divided into three tiers: the web layer, the application tier, and the MySQL database. The rearchitected application must be built using technologies that eliminate the need for the administration team to manage instances or clusters. Which service combination should a solution architect include into the overall architecture? (Select two.)
A. Amazon Aurora Serverless
B. Amazon EC2 Spot Instances
C. Amazon Elasticsearch Service (Amazon ES)
D. Amazon RDS for MySQL
E. AWS Fargate
143. A solutions architect is developing a security solution for a firm that want to deliver individual AWS accounts to developers through AWS Organizations while retaining normal security restrictions. Due to the fact that individual developers will have root user access to their own AWS accounts, the solutions architect needs to verify that the obligatory AWS CloudTrail configuration deployed to new developer accounts is not updated. Which activity satisfies these criteria?
A. Create an IAM policy that prohibits changes to CloudTrail, and attach it to the root user.
B. Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled.
C. Create a service control policy (SCP) the prohibits changes to CloudTrail, and attach it the developer accounts.
D. Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the master account.
144. A business is developing a new online service that will be hosted on Amazon EC2 instances with the assistance of an Elastic Load Balancer. However, many online service clients can only communicate with IP addresses that have been whitelisted on their firewalls. What should a solutions architect suggest to a customer in order to satisfy their needs?
A. A Network Load Balancer with an associated Elastic IP address.
B. An Application Load Balancer with an associated Elastic IP address
C. An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address
D. An EC2 instance with a public IP address running as a proxy in front of the load balancer
145. The application running on Amazon EC2 instances requires access to an Amazon S3 bucket. Due to the sensitivity of the data, it cannot be sent via the internet. What configuration should a solutions architect make for access?
A. Create a private hosted zone using Amazon Route 53.
B. Configure a VPC gateway endpoint for Amazon S3 in the VPC.
C. Configure AWS PrivateLink between the EC2 instance and the S3 bucket.
D. Set up a site-to-site VPN connection between the VPC and the S3 bucket.
146. A business is collaborating with a third-party vendor who needs write access to the business’s Amazon Simple Queue Service (Amazon SQS) queue. The vendor has their own Amazon Web Services account. What actions should a solutions architect take to ensure least privilege access is implemented?
A. Update the permission policy on the SQS queue to give write access to the vendor’s AWS account.
B. Create an IAM user with write access to the SQS queue and share the credentials for the IAM user.
C. Update AWS Resource Access Manager to provide write access to the SQS queue from the vendor’s AWS account.
D. Create a cross-account role with access to all SQS queues and use the vendor’s AWS account in the trust document for the role.
147. A solutions architect is tasked with the responsibility of building an architecture for a new application that demands low network latency and high network throughput across Amazon EC2 instances. Which component of the architectural design should be included?
A. An Auto Scaling group with Spot Instance types.
B. A placement group using a cluster placement strategy.
C. A placement group using a partition placement strategy.
D. An Auto Scaling group with On-Demand instance types.
148. A business operates a website that is hosted on Amazon EC2 instances spread across two Availability Zones. The organization anticipates traffic increases around certain holidays and wants to provide a consistent customer experience. How can a solutions architect satisfy this criterion?
A. Use step scaling.
B. Use simple scaling.
C. Use lifecycle hooks.
D. Use scheduled scaling.
149. A business wants to enhance the availability and performance of its stateless UDP-based workload. The workload is spread across various AWS Regions using Amazon EC2 instances. What should a solutions architect suggest as a means of achieving this?
A. Place the EC2 instances behind Network Load Balancers (NLBs) in each Region. Create an accelerator using AWS Global Accelerator. Use the NLBs as endpoints for the accelerator.
B. Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an accelerator using AWS Global Accelerator. Use the ALBs as endpoints for the accelerator.
C. Place the EC2 instances behind Network Load Balancers (NLBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the NLBs.
D. Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the ALBs.
150. A business has a hybrid application that is hosted on a number of on-premises servers that all have static IP addresses. There is already a VPN in place that connects the VPC to the on-premises network. The corporation wants to disperse TCP traffic for internet users among its on-premises servers. What recommendations should a solutions architect make to provide a highly accessible and scalable solution?
A. Launch an internet-facing Network Load Balancer (NLB) and register on-premises IP addresses with the NLB.
B. Launch an internet-facing Application Load Balancer (ALB) and register on-premises IP addresses with the ALB.
C. Launch an Amazon EC2 instance, attach an Elastic IP address, and distribute traffic to the on-premises servers.
D. Launch an Amazon EC2 instance with public IP addresses in an Auto Scaling group and distribute traffic to the on-premises servers.
151. A business requires that an Amazon S3 gateway endpoint accept traffic only from trusted buckets. Which approach should a solutions architect use in order to fulfill this requirement?
A. Create a bucket policy for each of the company’s trusted S3 buckets that allows traffic only from the company’s trusted VPCs.
B. Create a bucket policy for each of the company’s trusted S3 buckets that allows traffic only from the company’s S3 gateway endpoint IDs.
C. Create an S3 endpoint policy for each of the company’s S3 gateway endpoints that blocks access from any VPC other than the company’s trusted VPCs.
D. Create an S3 endpoint policy for each of the company’s S3 gateway endpoints that provides access to the Amazon Resource Name (ARN) of the trusted S3 buckets.
152. A business is utilizing Amazon Elastic Container Service (Amazon ECS) to host its application and want to assure high availability. The business needs to be able to update its application even if nodes in one Availability Zone are unavailable. The application is projected to get 100 requests per second, and each container job is capable of serving at least 60 requests per second. The organization configured Amazon ECS to use a rolling update deployment mode, with the minimum healthy percent parameter set to 50% and the maximum healthy percent parameter set to 100%. Which task and availability zone configurations satisfy these requirements?
A. Deploy the application across two Availability Zones, with one task in each Availability Zone.
B. Deploy the application across two Availability Zones, with two tasks in each Availability Zone.
C. Deploy the application across three Availability Zones, with one task in each Availability Zone.
D. Deploy the application across three Availability Zones, with two tasks in each Availability Zone.
153. A financial services organization maintains a web application that is accessible to users in the United States and Europe. The program is divided into two tiers: a database layer and a web server layer. The database tier is comprised of a MySQL database that is physically located in us-east-1. Amazon Route 53 geo proximity routing is used to route traffic to the nearest Region’s instances. According to a performance analysis of the system, European users are not obtaining the same degree of query performance as users in the United States. Which improvements to the database layer should be made to increase performance?
A. Migrate the database to Amazon RDS for MySQL. Configure Multi-AZ in one of the European Regions.
B. Migrate the database to Amazon DynamoDB. Use DynamoDB global tables to enable replication to additional Regions.
C. Deploy MySQL instances in each Region. Deploy an Application Load Balancer in front of MySQL to reduce the load on the primary instance.
D. Migrate the database to an Amazon Aurora global database in MySQL compatibility mode. Configure read replicas in one of the European Regions.
154. A development team is working in collaboration with another business to produce an integrated product. The other firm requires access to an Amazon Simple Queue Service (Amazon SQS) queue stored in the account of the development team. The other corporation want to poll the queue without granting access to its own account. How should a solutions architect manage SQS queue access?
A. Create an instance profile that provides the other company access to the SQS queue.
B. Create an IAM policy that provides the other company access to the SQS queue.
C. Create an SQS access policy that provides the other company access to the SQS queue.
D. Create an Amazon Simple Notification Service (Amazon SNS) access policy that provides the other company access to the SQS queue.
155. The website of a business is used to offer things to the general public. The site is hosted on Amazon EC2 instances that are part of an Auto Scaling group and protected by an Application Load Balancer (ALB). Additionally, an Amazon CloudFront distribution is available, and AWS WAF is utilized to guard against SQL injection attacks. The ALB is where the CloudFront distribution originates. Recent security log analysis identified an external malicious IP address that should be prevented from visiting the website. What steps should a solutions architect take to safeguard an application?
A. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address.
B. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address.
C. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
D. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
156. An Amazon EC2 instance is created in a new VPC’s private subnet. Although this subnet lacks outward internet connectivity, the EC2 instance requires the ability to obtain monthly security updates from a third-party vendor. What actions should a solutions architect take to ensure that these criteria are met?
A. Create an internet gateway, and attach it to the VPC. Configure the private subnet route table to use the internet gateway as the default route.
B. Create a NAT gateway, and place it in a public subnet. Configure the private subnet route table to use the NAT gateway as the default route.
C. Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the NAT instance as the default route.
D. Create an internet gateway, and attach it to the VPC. Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the internet gateway as the default route.
157. A solutions architect is tasked with the responsibility of creating the architecture for a new online application. The application will be hosted on AWS Fargate containers with an Application Load Balancer (ALB) and a PostgreSQL database hosted on Amazon Aurora. The web application will largely do read-only operations on the database. What should the solutions architect do to assure the website’s scalability as traffic increases? (Select two.)
A. Enable auto scaling on the ALB to scale the load balancer horizontally.
B. Configure Aurora Auto Scaling to adjust the number of Aurora Replicas in the Aurora cluster dynamically.
C. Enable cross-zone load balancing on the ALB to distribute the load evenly across containers in all Availability Zones.
D. Configure an Amazon Elastic Container Service (Amazon ECS) cluster in each Availability Zone to distribute the load across multiple Availability Zones.
E. Configure Amazon Elastic Container Service (Amazon ECS) Service Auto Scaling with a target tracking scaling policy that is based on CPU utilization.
158. A business has detected access requests from many dubious IP addresses. The security team determines that the requests originate from many IP addresses within the same CIDR range. What recommendations should a solutions architect provide to the team?
A. Add a rule in the inbound table of the security to deny the traffic from that CIDR range.
B. Add a rule in the outbound table of the security group to deny the traffic from that CIDR range.
C. Add a deny rule in the inbound table of the network ACL with a lower number than other rules.
D. Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules.
159. A business has a build server that is part of an Auto Scaling group and often runs numerous Linux instances. For tasks and setups, the build server needs stable and mountable shared NFS storage. What kind of storage should a solutions architect recommend?
A. Amazon S3
B. Amazon FSx
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon Elastic File System (Amazon EFS)
160. AWS-hosted applications make advantage of an Amazon Aurora Multi-AZ deployment for their database. When analyzing performance measurements, a solutions architect observed that database reads are using a significant amount of I/O and increasing delay to write requests to the database. What should the solutions architect do to distinguish between read and write requests?
A. Enable read-through caching on the Amazon Aurora database.
B. Update the application to read from the Multi-AZ standby instance.
C. Create a read replica and modify the application to use the appropriate endpoint.
D. Create a second Amazon Aurora database and link it to the primary database as a read replica.
161. A business operates an automotive sales website and keeps its listings in an Amazon RDS database. When a car is sold, the listing is deleted from the website and the data is sent to other target systems. What kind of design should a solutions architect suggest?
A. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) queue for the targets to consume.
B. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume.
C. Subscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics. Use AWS Lambda functions to update the targets.
D. Subscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues. Use AWS Lambda functions to update the targets.
162. A business wants to run a web application on AWS that communicates with a database contained inside a VPC. The application should have a high degree of availability. What recommendations should a solutions architect make?
A. Create two Amazon EC2 instances to host the web servers behind a load balancer, and then deploy the database on a large instance.
B. Deploy a load balancer in multiple Availability Zones with an Auto Scaling group for the web servers, and then deploy Amazon RDS in multiple Availability Zones.
C. Deploy a load balancer in the public subnet with an Auto Scaling group for the web servers, and then deploy the database on an Amazon EC2 instance in the private subnet.
D. Deploy two web servers with an Auto Scaling group, configure a domain that points to the two web servers, and then deploy a database architecture in multiple Availability Zones.
163. A software company is launching a new software-as-a-service (SaaS) solution that will be used by a large number of Amazon Web Services (AWS) customers. The service is hosted inside a Virtual Private Cloud (VPC) behind a Network Load Balancer. The software manufacturer wants to give users with access to this service with as little administrative overhead as possible and without exposing the service to the public internet. What actions should a solutions architect take to achieve this objective?
A. Create a peering VPC connection from each user’s VPC to the software vendor’s VPC.
B. Deploy a transit VPC in the software vendor’s AWS account. Create a VPN connection with each user account.
C. Connect the service in the VPC with an AWS Private Link endpoint. Have users subscribe to the endpoint.
D. Deploy a transit VPC in the software vendor’s AWS account. Create an AWS Direct Connect connection with each user account.
164. A business is developing a payment application that must be very reliable even in the event of regional service outages. A solutions architect must provide a data storage solution that is readily replicable and deployable across several AWS Regions. Additionally, the application needs low-latency atomicity, consistency, isolation, and durability (ACID) transactions that must be accessible promptly for report generation. Additionally, the development team must use SQL. Which data storage option satisfies these criteria?
A. Amazon Aurora Global Database
B. Amazon DynamoDB global tables
C. Amazon S3 with cross-Region replication and Amazon Athena
D. MySQL on Amazon EC2 instances with Amazon Elastic Block Store (Amazon EBS) snapshot replication
165. A business want to run a scalable web application on Amazon Web Services. The program will be accessible by people from all around the globe. Users of the application will be able to download and upload unique data in the gigabyte range. The development team is looking for an economical solution that minimizes upload and download latency and optimizes speed. What actions should a solutions architect take to achieve this?
A. Use Amazon S3 with Transfer Acceleration to host the application.
B. Use Amazon S3 with CacheControl headers to host the application.
C. Use Amazon EC2 with Auto Scaling and Amazon CloudFront to host the application.
D. Use Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the application.
166. A business’s on-premises volume backup system has reached the end of its useful life. The organization wants to include AWS into a new backup solution and wishes to retain local access to all data while it is backed up on AWS. The organization want to guarantee that data backed up on AWS is moved automatically and securely. Which solution satisfies these criteria?
A. Use AWS Snowball to migrate data out of the on-premises solution to Amazon S3. Configure on-premises systems to mount the Snowball S3 endpoint to provide local access to the data.
B. Use AWS Snowball Edge to migrate data out of the on-premises solution to Amazon S3. Use the Snowball Edge file interface to provide on-premises systems with local access to the data.
C. Use AWS Storage Gateway and configure a cached volume gateway. Run the Storage Gateway software appliance on premises and configure a percentage of data to cache locally. Mount the gateway storage volumes to provide local access to the data.
D. Use AWS Storage Gateway and configure a stored volume gateway. Run the Storage Gateway software appliance on premises and map the gateway storage volumes to on-premises storage. Mount the gateway storage volumes to provide local access to the data.
167. A business maintains an on-premises application that gathers and saves data on an on-premises NFS server. The firm just established a ten gigabit per second AWS Direct Connect connection. The company’s on-site storage capacity is rapidly depleting. The organization wants to move application data from its on-premises environment to the AWS Cloud while preserving low-latency access to the data from the on-premises application. What actions should a solutions architect take to ensure that these criteria are met?
A. Deploy AWS Storage Gateway for the application data, and use the file gateway to store the data in Amazon S3. Connect the on-premises application servers to the file gateway using NFS.
B. Attach an Amazon Elastic File System (Amazon EFS) file system to the NFS server, and copy the application data to the EFS file system. Then connect the on-premises application to Amazon EFS.
C. Configure AWS Storage Gateway as a volume gateway. Make the application data available to the on-premises application from the NFS server and with Amazon Elastic Block Store (Amazon EBS) snapshots.
D. Create an AWS DataSync agent with the NFS server as the source location and an Amazon Elastic File System (Amazon EFS) file system as the destination for application data transfer. Connect the on-premises application to the EFS file system.
168. In another Region, a business has constructed an isolated backup of its environment. The application is in warm standby mode and is protected by a load balancer (ALB). At the moment, failover is a manual operation that needs changing a DNS alias record to link to the secondary ALB in another Region. What is the best way for a solutions architect to automate the failover process?
A. Enable an ALB health check
B. Enable an Amazon Route 53 health check.
C. Create a CNAME record on Amazon Route 53 pointing to the ALB endpoint.
D. Create conditional forwarding rules on Amazon Route 53 pointing to an internal BIND DNS server.
169. A business has two AWS accounts: one for production and one for development. There are code modifications ready to be sent to the Production account from the Development account. Only two senior developers on the development team need access to the Production account during the alpha phase. During the beta phase, more developers may need access to undertake testing. What recommendations should a solutions architect make?
A. Create two policy documents using the AWS Management Console in each account. Assign the policy to developers who need access.
B. Create an IAM role in the Development account. Give one IAM role access to the Production account. Allow developers to assume the role.
C. Create an IAM role in the Production account with the trust policy that specifies the Development account. Allow developers to assume the role.
D. Create an IAM group in the Production account and add it as a principal in the trust policy that specifies the Production account. Add developers to the group.
170. A solutions architect is tasked with the responsibility of migrating a Windows internet information services (IIS) web application to Amazon Web Services (AWS). Currently, the program depends on a file share stored on the user’s network-attached storage (NAS). The solutions recommended transferring the IIS web servers to Amazon EC2 instances spread across several Availability Zones and linked to the storage solution, as well as creating an Elastic Load Balancer on the instances. Which alternative to an on-premises file sharing is the MOST robust and durable?
A. Migrate the file Share to Amazon RDS.
B. Migrate the file Share to AWS Storage Gateway
C. Migrate the file Share to Amazon FSx for Windows File Server.
D. Migrate the file share to Amazon Elastic File System (Amazon EFS)
171. A multinational conglomerate with operations in North America, Europe, and Asia is developing a new distributed application to improve its worldwide supply chain and manufacturing processes. Orders placed on a single continent should be accessible to all Regions in less than a second. The database should be capable to failover with a minimal Recovery Time Objective (RTO). The application’s uptime is critical to ensuring that production does not suffer. What recommendations should a solutions architect make?
A. Use Amazon DynamoDB global tables.
B. Use Amazon Aurora Global Database.
C. Use Amazon RDS for MySQL with a cross-Region read replica.
D. Use Amazon RDS for PostgreSQL with a cross-Region read replica.
172. A solutions architect must host a high-performance computing (HPC) workload on Amazon Web Services (AWS). The workload will be dispersed over hundreds of Amazon EC2 instances and will need concurrent access to a shared file system in order to facilitate distributed processing of big datasets. Multiple instances of the same dataset will be accessible concurrently. The workload demands an access latency of less than 1 millisecond. Following completion of processing, engineers will need access to the dataset for manual post processing. Which solution will satisfy these criteria?
A. Use Amazon Elastic File System (Amazon EFS) as a shared file system. Access the dataset from Amazon EFS.
B. Mount an Amazon S3 bucket to serve as the shared file system. Perform post processing directly from the S3 bucket.
C. Use Amazon FSx for Lustre as a shared file system. Link the file system to an Amazon S3 bucket for post processing.
D. Configure AWS Resource Access Manager to share an Amazon S3 bucket so that it can be mounted to all instances for processing and postprocessing.
173. A firm is building a mobile game that sends score updates to a backend processor and then publishes the results on a leaderboard. A solutions architect must develop a solution capable of handling high volumes of traffic, processing mobile game updates in the order in which they are received, and storing the processed changes in a highly accessible database. Additionally, the organization wishes to reduce the management cost associated with maintaining the solution. What actions should the solutions architect take to ensure that these criteria are met?
A. Push score updates to Amazon Kinesis Data Streams. Process the updates in Kinesis Data Streams with AWS Lambda. Store the processed updates in Amazon DynamoDB.
B. Push score updates to Amazon Kinesis Data Streams. Process the updates with a fleet of Amazon EC2 instances set up for Auto Scaling. Store the processed updates in Amazon Redshift.
C. Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe an AWS Lambda function to the SNS topic to process the updates. Store the processed updates in a SQL database running on Amazon EC2.
D. Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue. Use a fleet of Amazon EC2 instances with Auto Scaling to process the updates in the SQS queue. Store the processed updates in an Amazon RDS Multi-AZ DB instance.
174. A solutions architect is tasked with the responsibility of building a multi-region disaster recovery solution for an application that will enable public API access. To load application code, the application will use Amazon EC2 instances with a userdata script and an Amazon RDS for MySQL database. Three hours is the Recovery Time Objective (RTO), while twenty-four hours is the Recovery Point Objective (RPO). Which architecture would be the LEAST EXPENSIVE to achieve these requirements?
A. Use an Application Load Balancer for Region failover. Deploy new EC2 instances with the userdata script. Deploy separate RDS instances in each Region.
B. Use Amazon Route 53 for Region failover. Deploy new EC2 instances with the userdata script. Create a read replica of the RDS instance in a backup Region.
C. Use Amazon API Gateway for the public APIs and Region failover. Deploy new EC2 instances with the userdata script. Create a MySQL read replica of the RDS instance in a backup Region.
D. Use Amazon Route 53 for Region failover. Deploy new EC2 instances with the userdata script for APIs, and create a snapshot of the RDS instance daily for a backup. Replicate the snapshot to a backup Region.
175. A business intends to develop a new web application using AWS. The firm anticipates consistent traffic for the most of the year and very high traffic on occasion. The web application must be highly available, fault resistant, and have a low response time. What recommendations should a solutions architect make to satisfy these requirements?
A. Use an Amazon Route 53 routing policy to distribute requests to two AWS Regions, each with one Amazon EC2 instance.
B. Use Amazon EC2 instances in an Auto Scaling group with an Application Load Balancer across multiple Availability Zones.
C. Use Amazon EC2 instances in a cluster placement group with an Application Load Balancer across multiple Availability Zones.
D. Use Amazon EC2 instances in a cluster placement group and include the cluster placement group within a new Auto Scaling group.
176. A business wants to use a hybrid workload for data processing. The data must be available through an NFS protocol to on-premises applications for local data processing, as well as via the AWS Cloud for further analytics and batch processing. Which solution will satisfy these criteria?
A. Use an AWS Storage Gateway file gateway to provide file storage to AWS, then perform analytics on this data in the AWS Cloud.
B. Use an AWS Storage Gateway tape gateway to copy the backup of the local data to AWS, then perform analytics on this data in the AWS cloud.
C. Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AWS.
D. Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS cloud, then perform analytics on this data in the cloud.
177. A corporation uses AWS to power its two-tier ecommerce website. The web tier is comprised of a load balancer that routes traffic to Amazon Elastic Compute Cloud machines. The database layer is implemented using an Amazon RDS database instance. The EC2 instances and the RDS database instance should not be made publicly accessible. Internet connectivity is required for the EC2 instances to complete payment processing of orders through a third-party web service. The application must have a high degree of availability. Which setup alternatives will satisfy these requirements? (Select two.)
A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.
B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.
C. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones. Deploy an RDS Multi-AZ DB instance in private subnets.
D. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnet.
E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets.
178. A solutions architect must verify that any volumes recovered from unencrypted EBS snapshots are encrypted. What is the solution architect’s role in achieving this?
A. Enable EBS encryption by default for the AWS Region.
B. Enable EBS encryption by default for the specific volumes.
C. Create a new volume and specify the symmetric customer master key (CMK) to use for encryption.
D. Create a new volume and specify the asymmetric customer master key (CMK) to use for encryption.
179. Every 90 days, a security team must enforce the rotation of all IAM users’ access keys. If an access key is discovered to be older, it must be disabled and deleted. A solutions architect must design a solution that will detect and remediate keys that are more than 90 days old. Which method satisfies these criteria with the LEAST amount of operational effort?
A. Create an AWS Config rule to check for the key age. Configure the AWS Config rule to run an AWS Batch job to remove the key.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age. Configure the rule to run an AWS Batch job to remove the key.
C. Create an AWS Config rule to check for the key age. Define an Amazon EventBridge (Amazon CloudWatch Events) rule to schedule an AWS Lambda function to remove the key.
D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age. Define an EventBridge (CloudWatch Events) rule to run an AWS Batch job to remove the key.