Refresh SAA-C02 Questions Pool For AWS Certified Solutions Architect - Associate (SAA-C02) Certification

NEW QUESTION 1
A company has an application that calls AWS Lambda functions A recent code review found database credentials stored in the source code The database credentials need to be removed from the Lambda source code The credentials must then be securely stored and rotated on an ongoing basis to meet security policy requirements
What should a solutions architect recommend to meet these requirements?

• A. Store the password in AWS CloudHSM Associate the Lambda function with a role that can retrieve the password from CloudHSM given its key ID
• B. Store the password in AWS Secrets Manager Associate the Lambda function with a role that can retrieve the password from Secrets Manager given its secret ID
• C. Move the database password to an environment variable associated with the Lambda function Retrieve the password from the environment variable upon execution
• D. Store the password in AWS Key Management Service (AWS KMS) Associate the Lambda function with a role that can retrieve the password from AWS KMS given its key ID

Answer: B

NEW QUESTION 2
An Amazon EC2 administrator created the following policy associated with an 1AM group containing several users.

What is the effect of this policy?

• A. Users can terminate an EC2 instance in any AWS Region except us-east-1.
• B. Users can terminate an EC2 instance with the IP address 10.100. 1001 in the us-east-1 Region
• C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254
• D. Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100. 100. 254

Answer: C

NEW QUESTION 3
A gaming company has multiple Amazon EC2 instances in a single Availability Zone for its multiplayer game that communicates with users on Layer 4 The chief technology officer (CTO) wants to make the architecture highly available and cost-effective.
What should a solutions architect do to meet these requirements? (Select TWO.)

• A. Increase the number of EC2 instances.
• B. Decrease the number of EC2 instances
• C. Configure a Network Load Balancer in front of the EC2 instances.
• D. Configure an Application Load Balancer in front of the EC2 instances
• E. Configure an Auto Scaling group to add or remove instances in multiple Availability Zones automatically.

Answer: CE

NEW QUESTION 4
A security team wants to limit access to specific services or actions in all of the team's AWS accounts. All accounts belong to a large organization in AWS Organizations The solution must be scalable and there must be a single point where permissions can be maintained.
What should a solutions architect do to accomplish this?

• A. Create an ACL to provide access to the services or actions.
• B. Create a security group to allow accounts and attach it to user groups
• C. Create cross-account roles in each account to deny access to the services or actions.
• D. Create a service control policy in the root organizational unit to deny access to the services or actions

Answer: D

NEW QUESTION 5
A solutions architect is tasked with transferring 750 TB of data from a network-attached file system located at a branch office to Amazon S3 Glacier The solution must avoid saturating the branch office's low-bandwidth internet connection
What is the MOST cost-effective solution1?

• A. Create a site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly Create a bucket policy to enforce a VPC endpoint
• B. Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination Create a bucket policy to enforce a VPC endpoint
• C. Mount the network-attached file system to Amazon S3 and copy the files directl
• D. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier
• E. Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier

Answer: D

NEW QUESTION 6
A company’s web application uses an Amazon RDS PostgreSQL DB instance to store its application data. During the financial closing period at the start of every month. Accountants run large queries that impact the database's performance due to high usage. The company wants to minimize the impact that the reporting activity has on the web application.
What should a solutions architect do to reduce the impact on the database with the LEAST amount of effort?

• A. Create a read replica and direct reporting traffic to the replica.
• B. Create a Multi-AZ database and direct reporting traffic to the standby.
• C. Create a cross-Region read replica and direct reporting traffic to the replica.
• D. Create an Amazon Redshift database and direct reporting traffic to the Amazon Redshift database.

Answer: B

NEW QUESTION 7
A company is hosting a web application on AWS using a single Amazon EC2 instance that stores
user-uploaded documents in an Amazon EBS volume For better scalability and availability the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone: placing both behind an Application Load Balancer After completing this change users reported that each time they refreshed the website they could see one subset of their documents or the other but never all of the documents at the same time
What should a solutions architect propose to ensure users see all of their documents at once''

• A. Copy the data so both EBS volumes contain all the documents
• B. Configure the Application Load Balancer to direct a user to the server with the documents
• C. Copy the data from both EBS volumes to Amazon EFS Modify the application to save new documents to Amazon EPS
• D. Configure the Application Load Balancer to send the request to both servers Return each document from the correct server

Answer: C

NEW QUESTION 8
A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access
Which of the following would be the LEAST complicated implementation?

• A. Use an Amazon CloudFront distribution with an origin access identity (OAI) Configure the distribution with an Amazon S3 origin to provide access to the file through signed URL’s Design a Lambda function to remove data that is older than 14 days.
• B. Use an S3 bucket and provide direct access to the tile Design the application to track purchases in a DynamoDH tableConfigure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB
• C. Use an Amazon CloudFront distribution with an OAI Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs Design the application to sot an expiration of 14 days for the URL
• D. Use an Amazon CloudFront distribution with an OAI Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs Design the application to set an expiration of 60 minutes for the URL and recreate the URL as necessary

Answer: C

NEW QUESTION 9
A solutions architect is designing a two-tier web application The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet Security is a high priority for the company
How should security groups be configured in this situation? (Select TWO )

• A. Configure the security group for the web tier to allow inbound traffic on port 443 from 0 0 0 0/0
• B. Configure the security group for the web tier to allow outbound traffic on port 443 from 0 0 0 0/0
• C. Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier
• D. Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier
• E. Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier

Answer: AC

NEW QUESTION 10
A company has a two-tier application architecture that runs in public and private subnets Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet The web application instances and the database are running in a single Availability Zone (AZ).
Which combination of steps should a solutions architect take to provide high availability for this architecture? (Select TWO.)

• A. Create new public and private subnets in the same AZ for high availability
• B. Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs
• C. Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer
• D. Create new public and private subnets in a new AZ Create a database using Amazon EC2 in one AZ
• E. Create new public and private subnets in the same VPC each in a new AZ Migrate the database to an Amazon RDS multi-AZ deployment

Answer: BE

NEW QUESTION 11
A company must generate sales reports at the beginning of every month. The reporting process launches 20 Amazon EC2 instances on the first of the month. The process runs for 7 days and cannot be interrupted. The company wants to minimize costs.
Which pricing model should the company choose?

• A. Reserved Instances
• B. Spot Block Instances
• C. On-Demand Instances
• D. Scheduled Reserved Instances D18912E1457D5D1DDCBD40AB3BF70D5D

Answer: C

NEW QUESTION 12
A company currently operates a web application backed by an Amazon RDS MySQL database It has automated backups that are run daily and are not encrypted A security audit requires future backups to be encrypted and the unencrypted backups to be destroyed The company will make at least one encrypted backup before destroying the old backups
What should be done to enable encryption for future backups''

• A. Enable default encryption for the Amazon S3 bucket where backups are stored
• B. Modify the backup section of the database configuration to toggle the Enable encryption check box
• C. Create a snapshot of the database Copy it to an encrypted snapshot Restore the database from the encrypted snapshot
• D. Enable an encrypted read replica on RDS for MySQL Promote the encrypted read replica to primary Remove the original database instance

Answer: C

NEW QUESTION 13
A company's website runs on Amazon EC2 instances behind an Application Load Balancer (ALB) The website has a mix of dynamic and static content Users around the globe are reporting that the website is slow
Which set of actions will improve website performance for users worldwide?

• A. Create an Amazon CloudFront distribution and configure the ALB as an origin Then update the Amazon Route 53 record to point to the CloudFront distribution
• B. Create a latency-based Amazon Route 53 record for the ALB Then launch new EC2 instances with larger instance sizes and register the instances with the ALB
• C. Launch ne
• D. EC2 instances hosting the same web application in different Regions closer to the users.Then register the instances with the same ALB using cross-Region VPC peering
• E. Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances Then update an Amazon Route 53 record to point to the S3 buckets

Answer: A

NEW QUESTION 14
A solutions architect is designing a solution where users will De directed to a backup static error page it the primary website is unavailable The primary website's DNS records are hosted in Amazon Route 53 where their domain is pointing to an Application Load Balancer (ALB)
Which configuration should the solutions architect use to meet the company's needs while minimizing changes and infrastructure overhead?

• A. Point a Route 53 alias record to an Amazon CloudFront distribution with the ALB as one of its origins Then, create custom error pages for the distribution
• B. Set up a Route 53 active-passive failover configuration Direct traffic to a static error page hosted within an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy
• C. Update the Route 53 record to use a latency-based routing policy Add the backup static error page hosted within an Amazon S3 bucket to the record so the traffic is sent to the most responsive endpoints
• D. Set up a Route 53 active-active configuration with the ALB and an Amazon EC2 instance hosting a static error page as endpoints Route 53 will only send requests to the instance if the health checks fail for the ALB

Answer: B

NEW QUESTION 15
A start-up company has a web application based in the us-east-1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones. As the company’s user base grows in the us-west-1 Region, it needs a solution with low latency and high availability.
What should a solutions architect do to accomplish this?

• A. Provision EC2 instances in us-west-1. Switch the Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing.
• B. Provision EC2 instances and an Application Load Balancer in us-west-1. Make the load balancer distribute the traffic based on the location of the request.
• C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.
• D. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Configure Amazon Route 53 with a weighted routing polic
• E. Create alias records in Route 53 that point to the Application Load Balancer.

Answer: B

NEW QUESTION 16
A company's website is used to sell products to the public The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB) There is also an Amazon CloudFront distribution and AWS WAF is being used to protect against SQL injection attacks The ALB is the origin for the CloudFront distribution A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website
What should a solutions architect do to protect the application"?

• A. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address
• B. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address
• C. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address
• D. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address

Answer: B

NEW QUESTION 17
A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours The company wants to use these data points in its existing analytics platform A solutions architect must determine the most viable multi-tier option to support this architecture The data points must be accessible from the REST API
Which action meets these requirements for storing and retrieving location data?

• A. Use Amazon Athena with Amazon S3
• B. Use Amazon API Gateway with AWS Lambda
• C. Use Amazon QuickSight with Amazon Redshift
• D. Use Amazon API Gateway with Amazon Kinesis Data Analytics

Answer: D

NEW QUESTION 18
A company runs an internal browser-based application The application runs on Amazon EC2 instances behind an Application Load Balancer The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones The Auto Scaling group scales up to 20 instances during work hours, but scales down to 2 instances overnight Staff are complaining that the application is very slow when the day begins, although it runs well by mid-morning.
How should the scaling be changed to address the staff complaints and keep costs to a minimum?

• A. Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens
• B. Implement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period.
• C. Implement a target tracking action triggered at a lower CPU threshold and decrease the cooldown period
• D. Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens

Answer: B

NEW QUESTION 19
A solutions architect is designing a solution to access a catalog of images and provide users with the ability to submit requests to customize images Image customization parameters will be in any request sent to an AWS API Gateway API The customized image will be generated on demand, and users will receive a link they can click to view or download their customized image The solution must be highly available for viewing and customizing images
What is the MOST cost-effective solution to meet these requirements?

• A. Use Amazon EC2 instances to manipulate the original image into the requested customization Store the original and manipulated images in Amazon S3 Configure an Elastic Load Balancer in front of the EC2 instances
• B. Use AWS Lambda to manipulate the original image to the requested customization Store the original and manipulated images in Amazon S3 Configure an Amazon CloudFront distribution with the S3 bucket as the origin
• C. Use AWS Lambda to manipulate the original image to the requested customization Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB Configure an Elastic Load Balancer in front of the Amazon EC2 instances
• D. Use Amazon EC2 instances to manipulate the original image into the requested customization Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB Configure an Amazon CloudFront distribution with the S3 bucket as the origin

Answer: B

NEW QUESTION 20
A company is migrating a three-tier application to AWS. The application requires a MySQL database. In the past, the application users reported poor application performance when creating new entries. These
performance issues were caused by users generating different real-time reports from the application duringworking hours.
Which solution will improve the performance of the application when it is moved to AWS?

• A. Import the data into an Amazon DynamoDB table with provisioned capacit
• B. Refactor the application to use DynamoDB for reports.
• C. Create the database on a compute optimized Amazon EC2 instanc
• D. Ensure compute resources exceed the on-premises database.
• E. Create an Amazon Aurora MySQL Multi-AZ DB cluster with multiple read replica
• F. Configure the application reader endpoint for reports.
• G. Create an Amazon Aurora MySQL Multi-AZ DB cluste
• H. Configure the application to use the backup instance of the cluster as an endpoint for the reports.

Answer: B

NEW QUESTION 21
......