AWS Solutions Architect Associate SAA-C02 Practice Questions Part 5iam.awslagi
Notes: Hi all, We’re sharing AWS Solutions Architect Associate (SAA-C02) Practice Exam Part 5 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take AWS Solutions Architect Associate Guarantee Part because it include actual exam questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
For PDF Version:
Part 1: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions/
Part 2: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions-part-2/
Part 3: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions-part-3/
Part 4: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions-part-4/
Part 5: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions-part-5/
Part 6: https://awslagi.com/aws-solutions-architect-associate-saa-c02-practice-questions-part-6/
241. A solution architect is designing new social media application. The application must provide a secure method uploading profile photos. Each user should be able to upload a profile photo into a shared storage location after profile is created. Which approach will meet all of these requirements?
A. Use Amazon Kinesis with AWS Cloudtrail for auditing the specific times when profile photos are uploaded.
B. Use Amazon EBS volumes with IAM policies restricting user access to specific time periods.
C. Use Amazon S3 with the default private access policy and generate pre-signed URLs each time a new site is created.
D. Use Amazon Cloudfront with AWS CloudTrail for auditing the specific times when profile photos are uploaded.
242. A solution architect is creating a new relational database. The compliance will use the database and mandates that data content must be stored across three different Availability Zones. Which of the following options should the Architect use?
A. Amazon Aurora
B. Amazon RDS MySQL with Multi-AZ enabled.
C. Amazon DynamoDB
D. Amazon Elasticache
243. A solution Architect needs to allow developers to have SSH connectivity to web servers. The requirements are as follow:
– Limit access to users originating from the corporate network.
– Web servers cannot have SSH access directly from the internet.
– Web servers reside in a private subnet.
Which combination of steps must the Architect complete to meet these requirements? ( Select TWO)
A. Create a bastion host that authenticates users against the corporate directory.
B. Create a bastion host with security group rules that only allow traffic from the corporate network.
C. Attach an Iam role to the bastion host with relevant permissions.
D. Configure the web servers security group to allow SSH traffic from a bastion host.
E. Deny all SSH traffic from the corporate network in the inbound network ACL.
244. A data analytics startup company asks a Solutions Architect to recommend an AWS data store option for indexed data. The data processing engine will generate and input more than 64 TB of processed data every day, with item sizes reaching up to 300KB. The Startup Is flexible with data storage models and is more interested in a database that requires minimal effort to scale with a growing dataset size. Which AWS data store service should the Architect recommend?
A. Amazon RDS
B. Amazon Redshift
C. Amazon DynamoDB
D. Amazon S3
245. An application is running on Amazon EC2 instances behind an Application Load Balancer. The Instances run in an auto scaling group across multiple Availability Zones. Four instances are required to handle a predictable traffic load. The Solutions Architect wants to ensure that theopreationis fault-tolerant up to the loss of one Availability Zone. Which is the MOST cost-efficient way to meet these requirements?
A. Deploy two instances in each of three Availability Zones.
B. Deploy two instances in each of two Availability Zones.
C. Deploy four instances in each of two Availability Zones.
D. Deploy one instance in each of three Availability Zones.
246. An organization runs an online voting system for a television program. During broadcast,hundred of thousands of votes are submitted within minutes and sent to a front-end fleet of auto-scaled Amazon EC2 instances. The EC2 instances push the votes to an RDBMS database. The database is unable to keep up with the front-end connection request. What is the MOST efficient and cost-effective way of ensuring that votes are processed in a timely manner?
A. Each front-end node should send votes to an Amazon SQS queue. Provision worker instances to read the SQS queue and process message information into the RDBMS database.
B. As the load on the database increases, horizontally-scale the RDBMS database with additional memory-optimized instances. When voting has ended, scale down the additional instances.
C. Re-provision the RDBMS database with larger, memory-optimized instances. When voting end, re-provision the back-end database with smaller instances.
D. Send votes from each front-end node to Amazon DynamoDB. Provision worker instances to process the votes in DynamoDB into the RDBMS database.
247. A company needs to quickly ensure that all files created in an Amazon S3 bucket in us-east-1 are also available in another bucket in ap-southeast-2. Which option represents the SIMPLEST way to implement this design ?
A. Add an S3 lifecycle rule to move any new files from the bucket in us-east-1 to the bucket in ap-southeast-2
B. Create a Lambda function to be triggered for every new file in us-east-1 that copies the file to the bucket in ap-southeast-2
C. Use SNS to notify the bucket in ap-southeast-2 to create a file whenever a file is created in the bucket in us-east-1
D. Enable versioning and configure cross-region replication from the bucket in us-east-1 to the bucket in ap-southeast-2
248. Two Auto Scaling applications, Application A and Application B, currently run within a shared set of subnets. A solutions architect wants to make sure that Application A can make request to Application B, but Application B should be denied from making request to Application A. Which is the SIMPLEST solution to achieve this policy?
A. Using security groups that reference the security groups of the other application.
B. Using security groups that reference the application servers IP address.
C. Using Network Access Control Lists to allow/deny traffic based on application IP address.
D. Migrating the applications to separate subnets from each other.
249. A workload consists of downloading an image from an Amazon S3 bucket, processing the image, and moving it to another Amazon S3 Bucket. An Amazon EC2 instance runs a scheduled task every hour to perform the operation. How should a Solutions Architect redesign the process so that it is highly available?
A. Change the Amazon EC2 instance to compute optimized.
B. Launch a second Amazon EC2 instance to monitor the health of the first
C. Trigger a Lambda function when a new object is uploaded.
D. Initially copy the images to an attached Amazon EBS volume.
250. A company hosts a website on premises. The website has a mix of static and dynamic content but users experience latency when loading static files. Which AWS service can help reduce latency?
A. Amazon Cloudfront with on-premises servers as the origin.
B. ELB Application Load Balancer.
C. Amazon Route 53 latency-based routing.
D. Amazon EFS to store and serve static files.
251. A Solutions Architect has a two-tier blog application with a single Amazon EC2 instance web server and Amazon RDS MySQL Multi-AZ DB instances. The Architect is re-architecting the application for high availability by adding instances in a second Availability Zone. Which additional services will improve the availability of the application ? ( Select TWO.)
A. Auto Scaling Group
B. AWS CLoudTrail
C. ELB Classic Load Balancer
D. Amazon Dynamodb
E. Amazon ElastiCache
252. A Solutions Architect is designing an architecture for a mobile gaming application. The application is expected to be very popular. The Architect needs to prevent the Amazon RDS MySQL database from becoming a bottleneck due to frequently accessed queries. Which service or feature should the Architect add to prevent a bottleneck?
A. Multi-AZ feature on the RDS MySQL database.
B. ELB Classic Load Balancer in front of the web application tier.
C. Amazon SQS in front of RDS MySQL database.
D. Amazon ElastiCache in front of the RDS MySQL Database.
253. A Solutions Architect is developing a solution for sharing files in an organization. The solution must allow multiple users to access the storage service at once from different virtual machines and scale automatically. It must also support file-level locking. Which storage service meets the requirements of this use case?
A. Amazon S3
B. Amazon EFS
C. Amazon EBS
D. Cached Volumes
254. An application runs on multiple Amazon EC2 instances. Each running instance of the application must have access to a shared file system. Where should the data be stored?
A. Amazon S3
B. Amazon DynamoDB
C. Amazon EFS
D. Amazon EBS
255. A Solutions Architect is developing software on AWS that requires access to multiple AWS services, including an Amazon EC2 instance. This is a security sensitive application, and AWS credentials such as Access key ID and Secret Access Key need to be protected and cannot be exposed anywhere in the system. What security measure would satisfy these requirements?
A. Store the AWS Access Key ID/Secret Access Key combination in software comments.
B. Assign an IAM user to the Amazon EC2 Instance.
C. Assign an IAM role to the Amazon EC2 instance.
D. Enable multi-factor authentication for the AWS root account.
256. A solutions Architect is designing a solution that can monitor memory and disk space utilization of all Amazon EC2 instances running Amazon Linux and Windows. Which solution meets this requirement?
A. Default Amazon CloudWatch metrics.
B. Custom Amazon CloudWatch metrics.
C. Amazon Inspector resource monitoring.
D. Detailed monitoring of Amazon EC2 instances.
257 . A solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. Load on this platform will be constant, using a number of r4.8xlarge instances. Key drivers for this system include high availability, but elasticity is not required. What is the MOST cost-effective way to purchase compute for this platform?
A. Scheduled Reserved Instances.
B. Convertible Reserved Instances.
C. Standard Reserved Instances.
D. Spot Instances.
258. A solutions Architect is designing an application that will encrypt all data in an Amazon redshift cluster. Which action will encrypt the data at rest?
A. Place the Redshift cluster in a private subnet.
B. Use the AWS KMS Default Customer master key.
C. Encrypt the Amazon EBS volumes.
D. Encrypt the data using SSL/TLS.
259. A solutions Architect is deploying a new production MySQL database on AWS. It is critical that the database is highly available. What should the Architect to do achieve this goal with Amazon RDS?
A. Create a read replica of the primary database and deploy it in a different AWS Region.
B. Enable multi-AZ to create a standby database in a different Availability Zone.
C. Enable multi-AZ to create a standby database in a different AWS Region.
D. Create a read replica of the primary database and deploy it in a different Availability Zone.
260. A bank is writing new software that is heavily dependent upon database transactions for write consistency. The application will also occasionally generate reports on data in the database, and will do joins across multiple tables. The database must automatically scale as the amount of data grows. Which AWS service should be used to run the database?
A. Amazon S3
B. Amazon Aurora
C. Amazon DynamoDB
D. Amazon Redshift
261. A Solutions Architect is designing a solution with AWS Lambda where different environments require different database passwords. What should the Architect do to accomplish this in a secure and scalable way?
A. Create a Lambda function for each individual environment.
B. Use Amazon DynamoDB to store environment variables.
C. Use encrypted AWS Lambda environment variables.
D. Implement a dedicated Lambda function for distributing environment variables.
262. A Solutions Architect notices slower response times from an application. The CloudWatch metrics on the MySQL RDS indicate Read IOPs are high and fluctuate significantly when the database is under load. How should the database environment be re-designed to resolve the IOPs fluctuation?
A. Change the RDS instance type to get more RAM
B. Change the storage type to provisioned IOPS
C. Scale the web server tier horizontally
D. Split the DB layer into separate RDS instance.
263. A Solutions Architect is designing a solution that retains traffic information between network interfaces. This traffic information will be monitored for anomalies by an InfoSec team using Amazon Cloudwatch. What approach should the Architect take?
A. Save all inbound request to Amazon DynamoDB
B. Maintain traffic history on each Amazon EC2 instance.
C. Enable Amazon VPC Flow Logs.
D. Save all inbound request to Amazon S3
264. A restaurant reservation application needs the ability to maintain a waiting list. When a customer tries to reserve a table,and none are available, the customer must be put on the waiting list, and the application must notify the customer when a table becomes free. What service should the Solutions Architect recommend to ensure that the system respects the order in which the customer request are put onto the waiting list?
A. Amazon SNS
B. AWS Lambda with sequential dispatch
C. A FIFO queue in Amazon SQS
D. A standard queue in Amazon SQS
265. A solutions Architect is building an application that stores data into Amazon RDS. One table in particular is read heavy and minimal latency is critical. Which of the following would provide the highest level of performance?
A. Use Amazon DynamoDB Accelerator
B. Use Amazon RDS read replicas.
C. Use Amazon Cloudfront
D. Use Amazon Elasticache.
266. A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at rest. Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when anencrytionkey was used and by whom. Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO?
A. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Customer-Provided Keys (SSE-C)
B. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
C. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
D. Create an Amazon S3 bucket to store the reports and use Amazon S3 versioning with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
267. A Solutions Architect is designing an Amazon VPC. Applications in the VPC must have private connectivity to Amazon DynamoDB in the same AWS Region. The design should route DynamoDB traffic through.
A. VPC peering connection.
B. NAT gateway
C. VPC Endpoint.
D. AWS Direct Connect.
268. A Company is launching a static website using the zone apex (mycompany.com). The company wants to use Amazon Route 53 for DNS. Which steps should the company perform to implement a scalable and cost-effective solution? (Select TWO)
A. Host the website on an Amazon EC2 instance with ELB and Auto scaling, and map a Route 53 alias record to the ELB endpoint.
B. Host the website using AWS Elastic Beanstalk, and map a Route 53 alias record to the Beanstalk stack.
C. Host the website on an Amazon EC2 instance, and map a Route 53 alias record to the public IP address of the Amazon EC2 instance.
D. Serve the website from an Amazon S3 bucket, and map a Route 53 alias record to the website endpoint.
E. Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers.
269. A company runs a legacy with a single-tiers architecture on an Amazon EC2 instance. Disk I/0 is low with occasional small spikes during business hours. The company requires the instance to be stopped from 8 PM to 8 AM daily. Which storage options is MOST appropriate for this workload?
A. Amazon EC2 instance storage
B. Amazon EBS General Purpose SSD (gp2) storage
C. Amazon S3
D. Amazon EBS Provisioned IOPS SSD (io1) storage
270. A company wants to migrate a highly transactional database to AWS. Requirements state that the database has more than 6TB of data and will grow exponentially. Which solution should a Solutions Architect recommend?
A. Amazon Aurora
B. Amazon Redshift
C. Amazon DynamoDB
D. Amazon RDS MySQL
271. A Solutions Architect needs to design an architecture for a new, mission-critical batch processing billing application. The application is required to run Monday, Wednesday and Friday from 5 AM to 11 AM. Which is the MOST cost-effective Amazon EC2 pricing model?
A. Amazon EC2 Spot Instances
B. On-Demand Amazon EC2 instances
C. Scheduled Reserved Instances
D. Dedicated Amazon EC2 Instances
272. A Solutions Architect is building a multi-tier website. The web servers will be in a public subnet, and the database servers will be in private subnet. Only the web servers can be accessed from the internet. The database servers must have internet access for software updates. Which solution meets these requirements?
A. Assign Elastic IP addresses to the database instances.
B. Allow Internet traffic on the private subnet through the network ACL
C. Use a NAT Gateway
D. Use an egress-only Internet Gateway.
273. A Solutions Architect is designing the storage layer for a production relational database. The database will run on Amazon EC2. The database is accessed by an application that performs intensive read and writes, so the database requires the LOWEST random I/O latency. Which data storage method fulfills the above requirements?
A. Store data in a file system backed by Amazon Elastic File System (EFS)
B. Store data in Amazon S3 and use a third-party solution to expose Amazon S3 as a file system to the database server.
C. Store data in Amazon DynamoDB and emulate relational database semantics.
D. Stripe data across multiple Amazon EBS volumes using RAID 0
274. A customer is deploying a production portal application on AWS. The database tier has structured data. The company requires a solution that is easily manageable and highly available. How can these requirements be met?
A. Deploy the database on multiple Amazon EC2 instances backed by Amazon EBS across multiple Availability Zones.
B. Use Amazon RDS with a multiple Availability Zone option.
C. Use RDS with a single Availability Zone option and schedule periodic database snapshots.
D. Use Amazon DynamoDB
275. A Solutions Architect is designing a microservice to process records from Amazon Kinesis Streams. The metadata must be stored in Amazon DynamoDB. The microservice must be capable of concurrently processing 10000 records daily as they arrive in the Kinesis Stream. The MOST scalable way to design the microservice is:
A. As an AWS Lambda function.
B. As a process on an Amazon EC2 instance.
C. As a Docker container running on Amazon ECS.
D. As a Docker container on an EC2 instance.
276. A solutions architect is migrating a company’s MySQL database to an Amazon RDS MySQL database. The company requires the database to be resilient with minimum downtime when failures occur. How can these requirements be met?
A. Enable a read replica in another Availability Zone.
B. Enable multiple Availability Zones in a different AWS Region.
C. Enable multiple Availability Zones in the same AWS Region.
D. Enable Amazon RDS instance snapshots in on Availability Zone.
277. A Solutions Architect is architecting a workload that requires a performant object-based storage system that must be shared with multiple Amazon EC2 instances. Which AWS service meets this requirement?
A. Amazon EFS
B. Amazon S3
C. Amazon EBS
D. Amazon ElastiCache
278. A Solutions Architect is designing a solution to monitor weather changes by the minute. The frontend application is hosted on Amazon EC2 instances. The backend must be scalable to a virtually unlimited size, and data retrieval must occur with minimal latency. Which AWS service should the Architect use to store the data and achieve these requirements?
A. Amazon S3
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon EBS
279. An Internet-facing multi-tier web application must be highly available. An ELB Classic Load Balancer is deployed in front of the web tier. Amazon EC2 instances at the web application tier are deployed evenly across two Availability Zones. The database is deployed using RDS Multi-AZ. A NAT instance is launched for Amazon EC2 instances and database resources to access the internet. These instances are not assigned with public IP address. Which component poses a potential single point of failure in this architecture?
A. Amazon EC2
B. NAT instance
C. ELB Classic Load Balancer
D. Amazon RDS.
280. Legacy applications currently send messages through a single Amazon EC2 instance, which then routes the messages to the appropriate destinations. The Amazon EC2 instance is a bottleneck and single point of failure, so the company would like to address these issues. Which services could address this architectural use case? ( Select TWO)
A. Amazon SNS
B. AWS STS
C. Amazon SQS
D. Amazon Route53
E. AWS Glue
281. A company’s website receives 50000 request each second, and the company wants to use multiple applications to analyze the navigation patterns of the users on their website so that the experience can be personalized. What can a Solutions Architect use to collect page clicks for the website and process them sequentially for each user?
A. Amazon Kinesis Stream
B. Amazon SQS standard queue
C. Amazon SQS FIFO queue
D. AWS CloudTrail trail
282. A Solutions Architect has a multi-layer application running in Amazon VPC. The application has an ELB Classic Load Balancer as the front end in a public subnet, and an Amazon EC2-based reverse proxy that performs content-based routing to two backend Amazon EC2 instances hosted in a private subnet. The Architect sees tremendous traffic growth and is concerned that the reserve proxy and current backend setup will be insufficient. Which actions should the Architect take to achieve a cost-effective solution that ensures the application automatically scales to meet traffic demand? (Select TWO)
A. Replace the Amazon EC2 reverse proxy with an ELB internal Classic Load Balancer
B. Add Auto Scaling to the Amazon EC2 backend fleet.
C. Add Auto Scaling to the Amazon EC2 reverse proxy layer.
D. Use t2 burstable instance types for the backend fleet.
E. Replace both the frontend and reserve proxy layers with an ELB Application Load Balancer.
283. A solutions architect must select the storage type for a big data application that requires very high sequential I/0. The data must persist if the instance is stopped. Which of the following storage types will provide the best fit at the LOWEST cost for the application?
A. An Amazon EC2 instance store local SSD volume
B. An Amazon EBS provisioned IOPS SSD volume
C. An Amazon EBS throughput optimized HDD volume
D. An Amazon EBS general purpose SSD volume
284. An organization designs a mobile application for their customers to upload photos to a site. The application needs a secure login with MFA. The organization wants to limit the initial build time and maintenance of the solution. Which solution should a Solutions Architect recommend to meet the requirements?
A. Use Amazon Cognito Identity with SMS-based MFA
B. Edit AWS IAM policies to require MFA for all users.
C. Federate IAM against corporate AD that requires MFA
D. Use Amazon API Gateway and require SSE for photos.
285. A company has a legacy application using a proprietary file system and plans to migrate the application to AWS. Which storage service should the company use?
A. Amazon Dynamodb
B. Amazon S3
C. Amazon EBS
D. Amazon EFS
286. A Solutions Architect plans to migrate NAT instances to NAT gateway. The Architect has NAT instances with scripts to manage high availability. What is the MOST efficient method to achieve similar high availability with NAT gateway?
A. Remove source/destination check on NAT instances.
B. Launch a NAT gateway in each Availability Zone
C. Use a mix of NAT instances and NAT gateway
D. Add an ELB Application Load Balancer in front of NAT gateway