CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Amazon Web Services SAA-C02 Actual Questions

Page: 24 / 27
Total 1 questions
Get SAA-C02 Full Access Download SAA-C02 PDF

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Question 93

A company is designing a new multi-tier web application that consists of the following components:

• Web and application servers that run on Amazon EC2 instances as part of Auto Scaling groups

• An Amazon RDS DB instance for data storage

A solutions architect needs to limit access to the application servers so that only the web servers can access them Which solution will meet these requirements?

Options:

A.

Deploy AWS PrivateLink in front of the application servers Configure the network ACL to allow only the web servers to access the application servers

B.

Deploy a VPC endpoint in front of the application servers Configure the security group to allow only the web servers to access the application servers

C.

Deploy a Network Load Balancer with a target group that contains the application servers" Auto Scaling group. Configure the network ACL to allow only the web servers to access the application servers

D.

Deploy an Application Load Balancer with a target group that contains the application servers' Auto Scaling group Configure the security group to allow only the web servers to access the application servers.

Question 94

A company has a custom application with embedded credentials that retrieves information from an Amazon RDS MySQL DB instance. Management says the application must be made more secure with the least amount of programming effort.

What should a solutions architect do to meet these requirements?

Options:

A.

Use AWS Key Management Service (AWS KMS) customer master keys (CMKs) to create keys. Configure the application to load the database credentials from AWS KMS. Enable automatic key rotation.

B.

Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Create an AWS Lambda function that rotates the credentials in Secret Manager.

C.

Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Secrets Manager.

D.

Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Systems Manager Parameter Store. Configure the application to load the database credentials from Parameter Store. Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Parameter Store.

Question 95

A company wants to deploy a new public web application on AWS The application includes a web server tier that uses Amazon EC2 instances The application also includes a database tier that uses an Amazon RDS for MySQL DB instance

The application must be secure and accessible for global customers that have dynamic IP addresses

How should a solutions architect configure the security groups to meet these requirements'?

Options:

A.

Configure the security group tor the web servers lo allow inbound traffic on port 443 from 0.0.0. 0/0) Configure the security group for the DB instance to allow inbound traffic on port 3306 from the security group of the web servers

B.

Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers Configure the security group for the DB instance lo allow inbound traffic on port 3306 from the security group of the web servers

C.

Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers Configure the security group for the DB instance to allow inbound traffic on port 3306 from the IP addresses of the customers

D.

Configure the security group for the web servers to allow inbound traffic on port 443 from 0.0.0.0.0 Configure the security group for the DB instance to allow inbound traffic on port 3306 from 0.0.0.0/0)

Question 96

An application running on an Amazon EC2 instance needs to access an Amazon DynamoDB table Both the EC2 instance and the DynamoDB table are in the same AWS account A solutions architect must configure the necessary permissions

Which solution will allow least privilege access to the DynamoDB table from the EC2 instance?

Options:

A.

Create an IAM role with the appropriate policy to allow access to the DynamoDB table Create an instance profile to assign this IAM role to the EC2 instance

B.

Create an IAM role with the appropriate policy to allow access to the DynamoDB table Add the EC2 instance to the trust relationship policy document to allow it to assume the role

C.

Create an IAM user with the appropriate policy to allow access to the DynamoDB table Store the credentials in an Amazon S3 bucket and read them from within the application code directly

D.

Create an IAM user with the appropriate policy to allow access to the DynamoDB table Ensure that the application stores the IAM credentials securely on local storage and uses them to make the DynamoDB calls

Page: 24 / 27
Total 1 questions
Get SAA-C02 Full Access Download SAA-C02 PDF