CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Amazon Web Services Other Certification SAA-C02 Amazon Web Services Study Notes

Page: 16 / 27
Total 1 questions
Get SAA-C02 Full Access Download SAA-C02 PDF

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Question 61

An application runs on Amazon EC2 instances across multiple Availability Zones. The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer The application performs best when the CPU utilization of the EC2 instances is at or near 40%.

What should a solutions architect do to maintain the desired performance across all instances in the group?

Options:

A.

Use a simple scaling policy to dynam

B.

Amazon DynamoDB global tables

C.

Amazon RDS for MySQL with Multi-AZ enabled

D.

Amazon RDS for MySQL with a cross-Region snapshot copy

Question 62

A company has three VPCs named Development, Testing and Production in the us-east-1 Region. The three VPCs need to be connected to an on-premises data center and are designed to be separate to maintain security and prevent any resource sharing A solutions architect needs to find a scalable and secure solution

What should the solutions architect recommend?

Options:

A.

Create an AWS Direct Connect connection and a VPN connection for each VPC to connect back to the data center.

B.

Create VPC peers from all the VPCs to the Production VPC Use an AWS Direct Connect connection from the Production VPC back to the data center

C.

Connect VPN connections from all the VPCs to a VPN in the Production VPC. Use a VPN connection from the Production VPC back to the data center

D.

Create a new VPC called Network Within the Network VPC create an AWS Transit Gateway with an AWS Direct Connect connection back to the data center Attach all the other VPCs to the Network VPC.

Question 63

A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company's security policy requires that all website traffic be inspected by AWS WAF.

How should the solutions architect comply with these requirements?

Options:

A.

Configure an S3 bucket policy to accept requests coming from the AWS WAF Amazon Resource Name (ARN) only.

B.

Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin.

C.

Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only. Associate AWS WAF to CloudFront.

D.

Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket Enable AWS WAF on the distribution

Question 64

A company is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in Amazon RDS MySQL Multi-AZ DB instances The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web-based attacks.

What should a solutions architect recommend?

Options:

A.

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer Configure the EC2 instance iptables rules to drop suspicious web traffic. Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.

B.

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Move DB instances to the same subnets that EC2 instances are located in. Create a security group for the DB instances Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.

C.

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group

D.

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.

Page: 16 / 27
Total 1 questions
Get SAA-C02 Full Access Download SAA-C02 PDF