One of the most sought-after credentials in the Cloud business is the AWS Certified Solutions Architect Associate SAA-C02 exam, or SAA for short. This certification verifies your understanding of the AWS Cloud and how to construct a well-architected AWS infrastructure.
It is your job as a Solutions Architect to be conversant with the services that fit your customers’ needs. Apart from that, you should be able to use these services to build an efficient, secure, dependable, fault-tolerant, and cost-effective infrastructure. These subjects will be covered in your AWS SA Associate test.

Related Read

Try 2021 AWS SAP-C01 Questions Real Exam Questions

 

QUESTION 1
A company recently implemented hybrid cloud connectivity using AWS Direct Connect and is migrating data to Amazon S3. The company is looking for a fully managed solution that will automate and accelerate the replication of data between the on-premises storage systems and AWS storage services.

Which solution should a solutions architect recommend to keep the data private?

A. Deploy an AWS DataSync agent for the on-premises environment. Configure a sync job to replicate the data and connect it with an AWS service endpoint.
B. Deploy an AWS DataSync agent for the on-premises environment. Schedule a batch job to replicate point-ln-time snapshots to AWS.
C. Deploy an AWS Storage Gateway volume gateway for the on-premises environment. Configure it to store data locally, and asynchronously back up point-in- time snapshots to AWS.
D. Deploy an AWS Storage Gateway file gateway for the on-premises environment. Configure it to store data locally, and asynchronously back up point-in-lime snapshots to AWS.

Correct Answer: C

QUESTION 2
A solutions architect must provide a fully managed replacement for an on-premises solution that allows employees and partners to exchange files The solution must be easily accessible to employees connecting from on-premises systems, remote employees, and external partners

Which solution meets these requirements?

A. Use AWS Transfer for SFTP to transfer files into and out of Amazon S3.
B. Use AWS Snowball Edge for local storage and large-scale data transfers.
C. Use Amazon FSx to store and transfer files to make them available remotely
D. Use AWS Storage Gateway to create a volume gateway to store and transfer files to Amazon S3

Correct Answer: D

QUESTION 3
A solutions architect needs to design a network that will allow multiple Amazon EC2 instances to access a common data source used for mission-critical data that can be accessed by all the EC2 instances simultaneously. The solution must be highly scalable, easy to implement, and support the NFS protocol.

Which solution meets these requirements?

A. Create an Amazon EFS file system. Configure a mount target in each Availability Zone. Attach each instance to the appropriate mount target.
B. Create an additional EC2 instance and configure it as a file server. Create a security group that allows communication between the instances and apply that to the additional instance.
C. Create an Amazon S3 bucket with the appropriate permissions. Create a role in AWS IAM that grants the correct permissions to the S3 bucket. Attach the role to the EC2 instances that need access to the data.
D. Create an Amazon EBS volume with the appropriate permissions. Create a role in AWS IAM that grants the correct permissions to the EBS volume. Attach the role to the EC2 instances that need access to the data.

Correct Answer: A

QUESTION 4
A company wants to run a hybrid workload for data processing. The data needs to be accessed by on-premises applications for local data processing using an NFS protocol, and must also be accessible from the AWS Cloud for further analytics and batch processing.

Which solution will meet these requirements?

A. Use an AWS Storage Gateway file gateway to provide file storage to AWS, then perform analytics on this data in the AWS Cloud.
B. Use an AWS storage Gateway tape gateway to copy the backup of the local data to AWS, then perform analytics on this data in the AWS cloud.
C. Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AWS.
D. Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS cloud, then perform analytics on this data in the cloud.

Correct Answer: A

QUESTION 5
A company hosts its multi-tier, pubic web appl cation in the AWS Cloud. The web application runs on Amazon EC2 instances, and its database runs on Amazon RDS The company is anticipating a large increase in sales during an upcoming holiday weekend. A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes.

What should the solutions architect do to meet this requirement?

A. Send Amazon Cloud Watch logs to Amazon Red shit Use Amazon Quick Sight to perform further analysis
B. Enable detailed monitoring on all EC2 instances. Use Amazon Cloud Watch metrics to perform further analysis
C. Create an AWS Lambda function to fetch EC2 logs from Amazon Cloud Watch Logs Use Amazon CloudWatch metrics to perform further a nays
D. Send EC2 logs to Amazon S3. Use Amazon Redshift to fetch log from the S3 bucket to process raw data for future analysis with Amazon Quick Sight

Correct Answer: B

QUESTION 6
An administrator of a large company wants to monitor for and prevent any cryptocurrency-related attacks on the company’s AWS accounts.

Which AWS service can the administrator use to protect the company against attacks?

A. Amazon Cognit
B. Amazon GuardDuty
C. Amazon Inspector
D. Amazon Macie

Correct Answer: B

QUESTION 7
A company has created a multi-tier application for its ecommerce website. The website uses an Application Load Balancer that resides in the public subnets, a web tier in the public subnets, and a MySQL cluster hosted on Amazon EC2 instances in the private subnets. The MySQL database needs to retrieve product catalog and pricing information that is hosted on the internet by a third-party provider. A solutions architect must devices a strategy that maximizes security without increasing operational overhead.

What should the solutions architect do to meet these requirements?

A. Deploy a NAT instance in the VPC. Route all the internet-based traffic through the NAT instance.
B. Deploy a NAT gateway in the public subnets. Modify the private subnet route table to direct all internetbound traffic to the NAT gateway.
C. Configure an internet gateway and attach it to the VPC. Modify the private subnet route table to direct internet-bound traffic to the internet gateway.
D. Configure a virtual private gateway and attach it to the VPC. Modify the private subnet route table to direct internet-bound traffic to the virtual private gateway.

Correct Answer: C

QUESTION 8
What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?

A. Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set.
B. Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set to private.
C. Update the bucket policy to deny if the PutObject does not have an aws:SecureTransport header set to true.
D. Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.

Correct Answer: D

QUESTION 9
A company’s legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption. Due to new compliance requirements, all existing and new data in this database must be encrypted.

How should this be accomplished?

A. Create an Amazon S3 bucket with server-side encryption enabled. Move all the data to Amazon S3. Delete the RDS instance.
B. Enable RDS Multi-AZ mode with encryption at rest enabled. Perform a failover to the standby instance to delete the original instance.
C. Take a Snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.
D. Create an RDS read replica with encryption at rest enabled. Promote the read replica to master and switch the over to the new master. Delete the old RDS instance.

Correct Answer: C

QUESTION 10
A company is designing an interne-facing web application. The app cat n runs on Amazon EC2 for Linuxbased instances that store sensitive user data in Amazon RDS MySQL Multi-Az DB instances. The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web-based attacks.

What should a solutions architect recommend?

A. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Configure the EC2 instance iptables rules to drop suspicious web traffic. Create a security group for the DB instances Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
B. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Appl cation Load Balancer Move DB instances to the same subnets that EC2 instances are located in Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances
C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer Use A WSW AF to monitor inbound web traffic for threats. Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group
D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer Use AWS WAF to monitor inbound web traffic or threats. Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances Configure the RDS security group to only allow port 3306 inbound

Correct Answer: C

For those who want assistance with their practice, SPOTO dumps will be the most useful alternative. Consider taking the SPOTO Dumps Test with our Verified Test Questions, and you’ll notice that every question on the test matches the SPOTO Dumps.

Refer a Friend to Get a Special Discount is still going on. Don’t miss it ↓

Latest SPOTO Candidates Pass Feedback

Last modified: 2021-09-23

Author

Comments

Write a Reply or Comment

Your email address will not be published.