Notes: Hi all, We’re sharing AWS Solutions Architect Associate (SAA-C02) Practice Exam Part 2 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take AWS Solutions Architect Associate Guarantee Part because it include actual exam questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.

For PDF Version:
Part 1: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions/
Part 2: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions-part-2/
Part 3: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions-part-3/
Part 4: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions-part-4/
Part 5: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions-part-5/
Part 6: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions-part-6/

61. A Solutions Architect is creating an application running in an Amazon VPC that needs to access AWS Systems Manager Parameter Store. Network security rules prohibit any route table entry with a 0.0.0.0/0 destination. What infrastructure addition will allow access to the AWS service while meeting the requirements?

1. VPC peering
2. NAT instance 
3. NAT gateway 
4. AWS PrivateLink

62. An application generates audit logs of operational activities. Compliance requirements mandate that the application retain the logs for 5 years. How can these requirements be met?

1. Save the logs in an Amazon S3 bucket and enable Multi-Factor Authentication Delete (MFA Delete) on the bucket.
2. Save the logs in an Amazon EFS volume and use Network File System version 4 (NFSv4) locking with the volume. 
3. Save the logs in an Amazon Glacier vault and use the Vault Lock feature. 
4. Save the logs in an Amazon EBS volume and take monthly snapshots.

63. A company creates business-critical 3D images every night. The images are batch-processed every Friday and require an uninterrupted 48 hours to complete. What is the MOST cost-effective Amazon EC2 pricing model for this scenario?

1. On-Demand Instances 
2. Scheduled Reserved Instances
3. Reserved Instances 
4. Spot Instances

64. A company has thousands of files stored in an Amazon S3 bucket that has a well-defined access pattern. The files are accessed by an application multiple times a day for the first 30 days. Files are rarely accessed within the next 90 days. After that, the files are never accessed again. During the first 120 days, accessing these files should never take more than a few seconds. Which lifecycle policy should be used for the S3 objects to minimize costs based on the access pattern?

1. Use Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage for the first 30 days. Then move the files to the GLACIER storage class for the next 90 days. Allow the data to expire after that.
2. Use Amazon S3 Standard storage for the first 30 days. Then move the files to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) for the next 90 days. Allow the data to expire after that. 
3. Use Amazon S3 Standard storage for first 30 days. Then move the files to the GLACIER storage class for the next 90 days. Allow the data to expire after that. 
4. Use Amazon S3 Standard-Infrequent Access (S3 Standard-IA) for the first 30 days. After that, move the data to the GLACIER storage class, where is will be deleted automatically.

65. During a review of business applications, a Solutions Architect identifies a critical application with a relational database that was built by a business user and is running on the user’s desktop. To reduce the risk of a business interruption, the Solutions Architect wants to migrate the application to a highly available, multi-tiered solution in AWS. What should the Solutions Architect do to accomplish this with the LEAST amount of disruption to the business?

1. Create an import package of the application code for upload to AWS Lambda, and include a function to create another Lambda function to migrate data into an Amazon RDS database 
2. Create an image of the user’s desktop, migrate it to Amazon EC2 using VM Import, and place the EC2 instance in an Auto Scaling group
3. Pre-stage new Amazon EC2 instances running the application code on AWS behind an Application Load Balancer and an Amazon RDS Multi-AZ DB instance 
4. Use AWS DMS to migrate the backend database to an Amazon RDS Multi-AZ DB instance. Migrate the application code to AWS Elastic Beanstalk 

66. A three-tier application is being created to host small news articles. The application is expected to serve millions of users. When breaking news occurs, the site must handle very large spikes in traffic without significantly impacting database performance. Which design meets these requirements while minimizing costs?

1. Use Auto Scaling groups to increase the number of Amazon EC2 instances delivering the web 
2. Use Auto Scaling groups to increase the size of the Amazon RDS instances delivering the database 
3. Use Amazon DynamoDB strongly consistent reads to adjust for the increase in traffic 
4. Use Amazon DynamoDB Accelerator (DAX) to cache read operations to the database

67. An application running in a private subnet accesses an Amazon DynamoDB table. There is a security requirement that the data never leave the AWS network. How should this requirement be met?

1. Configure a network ACL on DynamoDB to limit traffic to the private subnet 
2. Enable DynamoDB encryption at rest using an AWS KMS key 
3. Add a NAT gateway and configure the route table on the private subnet
4. Create a VPC endpoint for DynamoDB and configure the endpoint policy

68. A client reports that they want see an audit log of any changes made to AWS resources in their account. What can the client do to achieve this? 

1. Set up Amazon CloudWatch monitors on services they own 
2. Enable AWS CloudTrail logs to be delivered to an Amazon S3 bucket
3. Use Amazon CloudWatch Events to parse logs 
4. Use AWS OpsWorks to manage their resources

69. A company is storing data in an Amazon DynamoDB table and needs to take daily backups and retain them for 6 months. How should the Solutions Architect meet these requirements without impacting the production workload? 

1. Use DynamoDB replication and restore the table from the replica 
2. Use AWS Data Pipeline and create a scheduled job to back up the DynamoDB table daily 
3. Use Amazon CloudWatch Events to trigger an AWS Lambda function that makes an on-demand backup of the table 
4. Use AWS Batch to create a scheduled backup with the default template, then back up to Amazon S3 daily.

70. An organization uses Amazon S3 to store video content served via its website. It only has rights to deliver this content to users within its own country and needs to restrict access. How can the organization ensure that these files are only accessible from within its country? 

1. Use a custom Amazon S3 bucket policy to allow access only to users inside the organization’s country
2. Use Amazon CloudFront and Geo Restriction to allow access only to users inside the organization’s country 
3. Use an Amazon S3 bucket ACL to allow access only to users inside the organization’s country 
4. Use file-based ACL permissions on each video file to allow access only to users inside the organization’s country 

71. A Solutions Architect is designing a multi-tier application consisting of an Application Load Balancer, an Amazon RDS database instance, and an Auto Scaling group on Amazon EC2 instances. Each tier is in a separate subnet. There are some EC2 instances in the subnet that belong to another application. The RDS database instance should accept traffic only from the EC2 instances in the Auto Scaling group. What should be done to meet these requirements?

1. Configure the inbound network ACLs on the database subnet to accept traffic from the IP addresses of the EC2 instances only. 
2. Configure the inbound rules on the security group associated with the RDS database instance. Set the source to the security group associated with instances in the Auto Scaling group. 
3. Configure the outbound rules on the security group associated with the Auto Scaling group. Set the destination to the security group associated with the RDS database instance.
4. Configure the inbound network ACLs on the database subnet to accept traffic only from the CIDR range of the subnet used by the Auto Scaling group.

72. A Solutions Architect is designing an application in AWS. The Architect must not expose the application or database tier over the Internet for security reasons. The application must be low cost and have a scalable front end. The databases and application tier must have only one-way Internet access to download software and patch updates. Which solution helps to meet these requirements? 

1. Use a NAT Gateway as the front end for the application tier and to enable the private resources to have Internet access. 
2. Use an Amazon EC2-based proxy server as the front end for the application tier, and a NAT Gateway to allow Internet access for private resources. 
3. Use an ELB Classic Load Balancer as the front end for the application tier, and an Amazon EC2 proxy server to allow Internet access for private resources. 
4. Use an ELB Classic Load Balancer as the front end for the application tier, and a NAT Gateway to allow Internet access for private resources.

73. A Solutions Architect is designing a three-tier web application that will allow customers to upload pictures from a mobile application. The application will then generate a thumbnail of the picture and return a message to the user confirming that the image was successfully uploaded. Generation of the thumbnail may take up to 5 seconds. To provide a sub second response time to the customers uploading the images, the Solutions Architect wants to separate the web tier from the application tier. Which service would allow the presentation tier to asynchronously dispatch the request to the application tier? 

1. AWS Step Functions
2. AWS Lambda .
3. Amazon SNS 
4. Amazon SQS 

74. A Solutions Architect is designing an application that requires having six Amazon EC2 instances running at all times. The application will be deployed in the sa-east-1 region, which has three Availability Zones: sa-east-1a, sa-east-1b, and sa-east-1c. Which action will provide 100 percent fault tolerance and the LOWEST cost in the event that one Availability Zone in the region becomes unavailable?

1. Deploy six Amazon EC2 instances in sa-east-1a, six Amazon EC2 instances in sa-east-1b, and six Amazon EC2 instances in sa-east-1c 
2. Deploy six Amazon EC2 instances in sa-east-1a, four Amazon EC2 instances in sa-east-1b, and two Amazon EC2 instances in sa-east-1c 
3. Deploy three Amazon EC2 instances in sa-east-1a, three Amazon EC2 instances in sa-east-1b, and three Amazon EC2 instances in sa-east-1c
4. Deploy two Amazon EC2 instances in sa-east-1a, two Amazon EC2 instances in sa-east-1b, and two Amazon EC2 instances in sa-east-1c 

75. A Solutions Architect designed a system based on Amazon Kinesis Data Streams. After the workflow was put into production, the company noticed it performed slowly and identified Kinesis Data Streams as the problem. One of the streams has a total of 10 Mb/s throughput. What should the Solutions Architect recommend to improve performance?

1. Use AWS Lambda to preprocess the data and transform the records into a simpler format, such as CSV. 
2. Run the MergeShard command to reduce the number of shards that the consumer can more easily process. 
3. Change the workflow to use Amazon Kinesis Data Firehose to gain a higher throughput. 
4. Run the UpdateShardCount command to increase the number of shards in the stream

76. A Solutions Architect is considering possible options for improving the security of the data on an Amazon EBS volume attached to an Amazon EC2 instance. Which solution will improve the security of the data? 

1. Use AWS KMS to encrypt the EBS volume
2. Create an IAM policy that restricts read and write access to the volume 
3. Migrate the sensitive data to an instance store volume 
4. Use Amazon single sign-on to control login access to the EC2 instance

77. A Solutions Architect must design a solution that encrypts data in Amazon S3. Corporate policy mandates encryption keys be generated and managed on premises. Which solution should the Architect use to meet the security requirements? 

1. AWS CloudHSM 
2. SSE-KMS: Server-side encryption with AWS KMS managed keys 
3. SSE-S3: Server-side encryption with Amazon-managed master key 
4. SSE-C: Server-side encryption with customer-provided encryption keys

78. A company is storing application data in Amazon S3 buckets across multiple AWS regions. Company policy requires that encryption keys be generated at the company headquarters, but the encryption keys may be stored in AWS after generation. The Solutions Architect plans to configure cross-region replication. Which solution will encrypt the data whole requiring the LEAST amount of operational overhead? 

1. Configure the applications to write to an S3 bucket using client-side encryption 
2. Configure S3 buckets to encrypt using AES-256 
3. Configure S3 object encryption using AWS CLI with Server-Side Encryption with AWS KMS Managed Keys (SSE-KMS) 
4. Configure S3 buckets to use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) with imported key material in both regions

79. A customer has an application that is used by enterprise customers outside of AWS. Some of these customers use legacy firewalls that cannot whitelist by DNS name, but whitelist based only on IP address. The application is currently deployed in two Availability Zones, with one EC2 instance in each that has Elastic IP addresses. The customer wants to whitelist only two IP addresses, but the two existing EC2 instances cannot sustain the amount of traffic. What can a Solutions Architect do to support the customer and allow for more capacity? (Choose two.) 

1. Create a Network Load Balancer with an interface in each subnet, and assign a static IP address to each subnet. 
2. Create additional EC2 instances and put them on standby. Remap an Elastic IP address to a standby instance in the event of a failure.
3. Use Amazon Route 53 with a weighted, round-robin routing policy across the Elastic IP addresses to resolve one at a time.
4. Add additional EC2 instances with Elastic IP addresses, and register them with Amazon Route 53 
5. Switch the two existing EC2 instances for an Auto Scaling group, and register them with the Network Load Balancer.

80. A company is launching a dynamic website, and the Operations team expects up to 10 times the traffic on the launch date. This website is hosted on Amazon EC2 instances and traffic is distributed by Amazon Route 53. A Solutions Architect must ensure that there is enough backend capacity to meet user demands. The Operations team wants to scale down as quickly as possible after the launch. What is the MOST cost-effective and fault-tolerant solution that will meet the company’s customer demands? (Choose two.)

1. Set up an Application Load Balancer to distribute traffic to multiple EC2 instances 
2. Set up an Auto Scaling group across multiple Availability Zones for the website, and create scaleout and scale-in policies 
3. Create an Amazon CloudWatch alarm to send an email through Amazon SNS when EC2 instances experience higher loads 
4. Create an AWS Lambda function to monitor website load time, run it every 5 minutes, and use the AWS SDK to create a new instance if website load time is longer than 2 seconds 
5. Use Amazon CloudFront to cache the website content during launch and set a TTL for cache content to expire after the launch date

81. A Solutions Architect is designing an application that is expected to have millions of users. The Architect needs options to store session data. Which option is the MOST performance? 

1. Amazon ElastiCache 
2. Amazon RDS
3. Amazon S3 
4. Amazon EFS

82. A Solutions Architect is designing an elastic application that will have between 10 and 50 Amazon EC2 concurrent instances running, dependent on load. Each instance must mount storage that will read and write to the same 50 GB folder. Which storage type meets the requirements? 

1. Amazon S3 
2. Amazon EFS 
3. Amazon EBS volumes 
4. Amazon EC2 instance store

83. An application stores data in an Amazon RDS MySQL DB instance. The database traffic primarily consists of read queries, which are overwhelming the current database. A Solutions Architect wants to scale the database. What combination of steps will achieve the goal? (Choose two.)

1. Add the MySQL database instances to an Auto Scaling group 
2. Migrate the MySQL database to Amazon Aurora 
3. Migrate the MySQL database to a PostgreSQL database 
4. Create read replicas in different Availability Zones
5. Create an ELB Application Load Balancer

84. A Solutions Architect plans to migrate a load balancer tier from a data center to AWS. Several websites have multiple domains that require secure load balancing. The Architect decides to use Elastic Load Balancing Application Load Balancers. What is the MOST efficient method for achieving secure communication? 

1. Create a wildcard certificate and upload it to the Application Load Balancer 
2. Create an SNI certificate and upload it to the Application Load Balancer
3. Create a secondary proxy server to terminate SSL traffic before the traffic reaches the Application Load Balancer 
4. Let a third-party Certificate Manager manage certificates required to all domains and upload them to the Application Load Balancer

85. A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access. Which of the following would be the LEAST complicated implementation?

1. Use an Amazon CloudFront distribution with an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design a Lambda function to remove data that is older than 14 days. 
2. Use an S3 bucket and provide direct access to the file. Design the application to   track purchases in a DynamoDB table. Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB. 
3. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URI. 
4. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 60 minutes for the URL, and recreate the URL as necessary.

86. An application server needs to be in a private subnet without access to the Internet. The solution must retrieve and upload files to an Amazon S3 bucket. How should a Solutions Architect design a solution to meet these requirements?

1. Use Amazon S3 VPC endpoints 
2. Deploy a proxy server 
3. Use a NAT Gateway 
4. Use a private Amazon S3 bucket

87. A company is running its application in a single region on Amazon EC2 with Amazon EBS and Amazon S3 part of the storage design. What should be done to reduce data transfer costs? 

1. Create a copy of the compute environment in another region 
2. Convert the application to run on Lambda@Edge 
3. Create an Amazon CloudFront distribution with Amazon S3 as the origin 
4. Replicate Amazon S3 data to buckets in regions closer to the requester

88. A company has an application that generates invoices and makes the invoices available online. Invoices are stored as PDFs in an Amazon S3 bucket. Customers typically only view each invoice during the month it is issued. However, past invoices need to be immediately available. There are concerns over rising storage costs as the company gains more customers. What is the MOST cost-effective method to store the data? 

1. Use Amazon S3 for current invoices. Set up lifecycle rules to migrate invoices to the GLACIER storage class after 30 days. 
2. Store the invoices as text files. Use Amazon CloudFront to convert the invoices from text to PDF when customers download invoices.
3. Store the invoices as binaries in an Amazon RDS database instance. Retrieve them from the database when customers request invoices. 
4. Use Amazon S3 for current invoices. Set up lifecycle rules to migrate invoices to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days. 

89. A company is developing a new stateless web service with low memory requirements. The service needs to scale based on demand. What is the MOST cost-effective solution? 

1. Deploy the application onto AWS Elastic Beanstalk 
2. Deploy the application onto AWS Lambda with access through Amazon API Gateway
3. Deploy the application onto an Amazon EC2 Spot Fleet
4. Deploy the application onto a container with an Amazon ECS EC2 launch type

90. An application produces monthly reports that must be immediately accessible for up to 7 days. After 7 days, the data can be archived. Compliance policies require that the archived data be retrievable within 24 hours of a request. What is the MOST cost-effective approach to satisfy the compliance requirement? 

1. Store the data in Amazon S3 Standard storage with a lifecycle rule to transition the data to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days, then transition to the GLACIER storage class after 30 days 
2. Store the data in Amazon S3 Standard storage with a lifecycle rule to transition the data to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days 
3. Store the data in Amazon S3 Standard storage with a lifecycle rule to transition the data to the GLACIER storage class after 30 days 
4. Store the data in Amazon S3 Standard storage with a lifecycle rule to transition the data to the GLACIER storage class after 7 days

91. An application running on AWS Lambda requires an API key to access a third-party service. The key must be stored securely with audited access to the Lambda function only. What is the MOST secure way to store the key? 

1. As an object in Amazon S3 
2. As a secure string in AWS Systems Manager Parameter Store 
3. Inside a file on an Amazon EBS volume attached to the Lambda function 
4. Inside a secrets file stored on Amazon EFS

92. A Solution Architect is creating a serverless web application that must access mapping data in hundreds of data files, each containing approximately 30 KB of data. The storage required is expected to grow to hundreds of terabytes. Which storage solution is most cost-effective, yet still meets the requirements for this use case? 

1. Amazon EFS 
2. Amazon EBS Cold HDD (sc1) 
3. Amazon S3 Standard 
4. Amazon DynamoDB

93. A Solutions Architect is building an online shopping application where users will be able to browse items, add items to a cart, and purchase the items. Images of items will be stored in Amazon S3 buckets organized by item category. When an item is no longer available for purchase, the item image will be deleted from the S3 bucket. Occasionally, during testing, item images deleted from the S3 bucket are still visible to some users. What is a flaw in this design approach?

1. Defining S3 buckets by item may cause partition distribution errors, which will impact performance. 
2. Amazon S3 DELETE requests are eventually consistent, which may cause other users to view items that have already been purchased
3. Amazon S3 DELETE requests apply a lock to the S3 bucket during the operation, causing other users to be blocked
4. Using Amazon S3 for persistence exposes the application to a single point of failure 

94. A company is using Amazon S3 for backups from an on-premises environment. Regulatory requirements state that data must be retained for at least 7 years. The data is infrequently accessed for 35 days, but needs to be instantly available. After 35 days, the data is rarely accessed.

1. Change the backup so the data goes to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) directly
2. Create an S3 lifecycle policy that moves the data to the GLACIER storage class after 7 years
3. Change the backup so the data goes to Amazon Glacier directly 
4. Create an S3 lifecycle policy that moves the data to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 35 days E. Creates an S3 lifecycle policy that moves the data to the GLACIER storage class after 35 days 

95. A company deployed a three-tier web application on Amazon EBS backed Amazon EC2 instances for the web and application tiers, and Amazon RDS for the database tier. The company is concerned about loss of data in the web and application tiers. What is the MOST efficient way to prevent data loss? 

1. Create an Amazon EFS file system and run a shell script to copy the data 
2. Create an Amazon EBS snapshot using an Amazon CloudWatch Events rule 
3. Create an Amazon S3 snapshot policy to back up the Amazon EBS volumes 
4. Create a snapshot lifecycle policy that takes periodic snapshots of the Amazon EBS volumes 

96. When designing an Amazon SQS message-processing solution, messages in the queue must be processed before the maximum retention time has elapsed. Which actions will meet this requirement? (Choose two.) 

1. Use AWS STS to process the messages 
2. Use Amazon EBS-optimized Amazon EC2 instances to process the messages
3. Use Amazon EC2 instances in an Auto Scaling group with scaling triggered based on the queue length 
4. Increase the SQS queue attribute for the message retention period
5. Convert the SQS queue to a first-in first-out (FIFO) queue

97. A Solutions Architect is designing an Amazon VPC that requires access to a remote API server using IPv6. Resources within the VPC should not be accessed directly from the Internet. How should this be achieved? 

1. Use a NAT gateway and deny public access using security groups 
2. Attach an egress-only internet gateway and update the routing tables 
3. Use a NAT gateway and update the routing tables 
4. Attach an internet gateway and deny public access using security groups

98. Users submit requests to a service that takes several minutes to process. A Solutions Architect needs to ensure that these requests are processed at least once, and that the service has the ability to handle large increases in the number of requests. How should these requirements be met? 

1. Put the requests into an Amazon SQS queue and configure Amazon EC2 instances to poll the queue
2. Publish the message to an Amazon SNS topic that an Amazon EC2 subscriber can receive and process 
3. Save the requests to an Amazon DynamoDB table with a DynamoDB stream that triggers an Amazon EC2 Spot Instance 
4. Use Amazon S3 to store the requests and configure an event notification to have Amazon EC2 instances process the new object

99. A company needs to use AWS resources to expand capacity for a website hosted in an on-premises data center. The AWS resources will include load balancers, Auto Scaling, and Amazon EC2 instances that will access an on-premises database. Network connectivity has been established, but no traffic is going to the AWS environment. How should Amazon Route 53 be configured to distribute load to the AWS environment? (Select TWO.) 

1. Set up a weighted routing policy, distributing the workload between the load balancer and the on-premises environment. 
2. Set up an A record to point the DNS name to the IP address of the load balancer. 
3. Create multiple A records for the EC2 instances. 
4. Set up a geolocation routing policy to distribute the workload between the load balancer and the on-premises environment. 
5. Set up a routing policy for failover using the on-premises environment as primary and the load balancer as secondary.

100. A company hosts a website using Amazon API Gateway on the front end. Recently, there has been heavy traffic on the website and the company wants to control access by allowing authenticated traffic only. How should the company limit access to authenticated users only? (Select TWO.) 

1. Allow users that are authenticated through Amazon Cognito.
2. Limit traffic through API Gateway. 
3. Allow X.509 certificates to authenticate traffic. 
4. Deploy AWS KMS to identify users. 
5. Assign permissions in AWS IAM to allow users.

101. A company wants to create an application that will transmit protected health information (PHI) to thousands of service consumers in different AWS accounts. The application servers will sit in private VPC subnets. The routing for the application must be fault tolerant. What should be done to meet these requirements? 

1. Create a VPC endpoint service and grant permissions to specific service consumers to create a connection.
2. Create a virtual private gateway connection between each pair of service provider VPCs and service consumer VPCs. 
3. Create an internal Application Load Balancer in the service provider VPC and put application servers behind it. 
4. Create a proxy server in the service provider VPC to route requests from service consumers to the application servers.

102. A company needs to store data for 5 years. The company will need to have immediate and highly available access to the data at any point in time, but will not require frequent access. What lifecycle action should be taken to meet the requirements while reducing costs? 

1. Transition objects from Amazon S3 Standard to Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
2. Transition objects to expire after 5 years. 
3. Transition objects from Amazon S3 Standard to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) 
4. Transition objects from Amazon S3 Standard to the GLACIER storage class.

103. A company is developing a data lake solution in Amazon S3 to analyze large-scale datasets. The solution makes infrequent SQL queries only. In addition, the company wants to minimize infrastructure costs. Which AWS service should be used to meet these requirements? 

1. Amazon Athena 
2. Amazon Redshift Spectrum
3. Amazon RDS for PostgreSQL 
4. Amazon Aurora

104. A company plans to deploy a new application in AWS that reads and writes information to a database. The company wants to deploy the application in two different AWS Regions in an active-active configuration. The databases need to replicate to keep information in sync. What should be used to meet these requirements? 

1. Amazon Athena with Amazon S3 cross-region replication 
2. AWS Database Migration Service with change data capture 
3. Amazon DynamoDB with global tables 
4. Amazon RDS for PostgreSQL with a cross-region Read Replica

105. A Solutions Architect is designing a new architecture that will use an Amazon EC2 Auto Scaling group. Which of the following factors determine the health check grace period? (Select TWO.) 

1. How frequently the Auto Scaling group scales up or down.
2. How many Amazon CloudWatch alarms are configured for status checks. 
3. How much of the application code is embedded in the AMI. 
4. How long it takes for the Auto Scaling group to detect a failure.
5. How long the bootstrap script takes to run. 

106. A company wants to improve latency by hosting images within a public Amazon S3 bucket fronted by an Amazon CloudFront distribution. The company wants to restrict access to the S3 bucket to include the CloudFront distribution only, while also allowing CloudFront to continue proper functionality. What should be done after making the bucket private to restrict access with the LEAST operational overhead?

1. Create a CloudFront origin access identity and create a security group that allows access from CloudFront. 
2. Create a CloudFront origin access identity and update the bucket policy to grant access to it. 
3. Create a bucket policy restricting all access to the bucket to include CloudFront IPs only. 
4. Enable the CloudFront option to restrict viewer access and update the bucket policy to allow the distribution

107. A Solutions Architect is designing an application that will run on Amazon ECS behind an Application Load Balancer (ALB). For security reasons, the Amazon EC2 host instances for the ECS cluster are in a private subnet. What should be done to ensure that the incoming traffic to the host instances is from the ALB only? 

1. Create network ACL rules for the private subnet to allow incoming traffic on ports 32768 through 61000 from the IP address of the ALB only. 
2. Update the EC2 cluster security group to allow incoming access from the IP address of the ALB only. 
3. Modify the security group used by the EC2 cluster to allow incoming traffic from the security group used by the ALB only. 
4. Enable AWS WAF on the ALB and enable the ECS rule.

108. A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Every night, the Auto Scaling group doubles in size. Traffic analysis shows that users in a particular region are requesting the same static content stored locally on the EC2 instances. How can a Solutions Architect reduces the need to scale and improve application performance for the users? 

1. Re-deploy the application in a new VPC that is closer to the users making the requests. 
2. Create an Amazon CloudFront distribution for the site and redirect user traffic to the distribution.
3. Store the contents on Amazon EFS instead of the EC2 root volume. 
4. Implement Amazon Redshift to create a repository of the content closer to the users.

109. A solutions Architect is designing a new workload where an AWS Lambda function will access an Amazon DynamoDB table. What is the MOST secure means of granting the Lambda function access to the DynamoDB table? 

1. Create an identity and access management (IAM) role with the necessary permissions to access the DynamoDB table, and assign the role to the Lambda function.
2. Create a DynamoDB user name and password and give them to the Developer to use in the Lambda function.
3. Create an identity and access management (IAM) user, and create access and secret keys for the user. Give the user the necessary permissions to access the DynamoDB table. Have the Developer use these keys to access the resources. 
4. Create an identity and access management (IAM) role allowing access from AWS Lambda and assign the role to the DynamoDB table.

110. A retail company operates an e-commerce environment that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group. Images are hosted in an Amazon S3 bucket using a custom domain name. During a flash sale with 10,000 simultaneous users, some images on the website are not loading. What should be done to resolve the performance issue?

1. Move the images to the EC2 instances in the Auto Scaling group. 
2. Enable Transfer Acceleration for the S3 bucket. 
3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin. 
4. Increase the number of minimum, desired, and maximum EC2 instances in the Auto Scaling group.

111. A company’s Amazon RDS MySQL DB instance may be rebooted for maintenance and to apply patches. This database is critical and potential user disruption must be minimized. What should the Solution Architect do in this scenario? 

1. Set up an RDS MySQL cluster 
2. Create an RDS MySQL Read Replica. 
3. Set RDS MySQL to Multi-AZ.
4. Create an Amazon EC2 instance MySQL cluster.

112. A company is writing a new service running on Amazon EC2 that must create thumbnail images of thousands of images in a large archive. The system will write scratch data to storage during the process. Which storage service is best suited for this scenario? 

1. EC2 instance store 
2. Amazon EFS 
3. Amazon CloudSearch 
4. Amazon EBS Throughput Optimized HDD (st1)

113. A user is designing a new service that receives location updates from 3,600 rental cars every hour. The cars upload their location to an Amazon S3 bucket. Each location must be checked for distance from the original rental location. Which services will process the updates and automatically scale? 

1. Amazon EC2 and Amazon EBS 
2. Amazon Kinesis Firehose and Amazon S3
3. Amazon ECS and Amazon RDS 
4. Amazon S3 events and AWS Lambda

114. A Solution Architect is designing a web application that runs on Amazon EC2 instances behind a load balancer. All data in transit must be encrypted. Which solutions will meet the encryption requirement? (Select TWO.) 

1. Use an Application Load Balancer (ALB) in passthrough mode, then terminate SSL on EC2 instances. 
2. Use an Application Load Balancer (ALB) with a TCP listener, then terminate SSL on EC2 instances.
3. Use a Network Load Balancer (NLB) with a TCP listener, then terminate SSL on EC2 instances.
4. Use an Application Load Balancer (ALB) with an HTTPS listener, then install SSL certificates on the ALB and EC2 instances. 
5. Use a Network Load Balancer (NLB) with an HTTPS listener, then install SSL certificates on the NLB and EC2 instances. 

115. A Solutions Architect needs to deploy an HTTP/HTTPS service on Amazon EC2 instances with support for WebSockets using load balancers. How can the Architect meet these requirements? 

1. Configure a Network Load Balancer. 
2. Configure an Application Load Balancer.
3. Configure a Classic Load Balancer. 
4. Configure a Layer-4 Load Balancer.

116. A Solutions Architect must design a storage solution for incoming billing reports in CSV format. The data does not need to be scanned frequently and is discarded after 30 days. Which service will be MOST cost-effective in meeting these requirements? 

1. Import the logs into an RDS MySQL instance. 
2. Use AWS Data Pipeline to import the logs into a DynamoDB table. 
3. Write the files to an S3 bucket and use Amazon Athena to query the data.
4. Import the logs to an Amazon Redshift cluster

117. How can a user track memory usage in an EC2 instance? 

1. Call Amazon CloudWatch to retrieve the memory usage metric data that exists for the EC2 instance. 
2. Assign an IAM role to the EC2 instance with an IAM policy granting access to the desired metric. 
3. Use an instance type that supports memory usage reporting to a metric by default. 
4. Place an agent on the EC2 instance to push memory usage to an Amazon CloudWatch custom metric.

118. An insurance company stores all documents related to annual policies for the duration of the policies. The documents are created once and then stored until they are required, typically at the end of the policy. A document must be capable of being retrieved immediately. The company is now moving their document management to the AWS Cloud. Which service should a Solutions Architect recommend as a cost-effective solution that meets the company’s requirements? 

1. Amazon RDS MySQL 
2. Amazon S3 Standard-Infrequent Access
3. Amazon Glacier 
4. Amazon S3 Standard

119. A company is running a series of national TV campaigns. These 30-second advertisements will introduce sudden traffic peaks targeted at a Node.js application. The company expects traffic to increase from five requests each minute to more than 5,000 requests each minute. Which AWS service should a Solutions Architect use to ensure traffic surges can be handled? 

1. AWS Lambda 
2. Amazon ElastiCache 
3. Size EC2 instances to handle peak load 
4. An Auto Scaling group for EC2 instances

120.  A Solutions Architect needs to design a solution that will allow Website Developers to deploy static web content without managing server infrastructure. All web content must be accessed over HTTPS with a custom domain name. The solution should be scalable as the company continues to grow. Which of the following will provide the MOST cost-effective solution?

1. Amazon EC2 instance with Amazon EBS 
2. AWS Lambda function with Amazon API Gateway 
3. Amazon CloudFront with an Amazon S3 bucket origin 
4. Amazon S3 with a static website