CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Complete SAA-C02 Amazon Web Services Materials

Page: 5 / 27
Total 1 questions
Get SAA-C02 Full Access Download SAA-C02 PDF

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Question 17

A company is planning on deploying a newly built application on AWS in a default VPC. The application will consist of a web layer and database layer. The web server was created in public subnets, and the MySQL database was created in private subnet. All subnets are created with the default network ACL settings, and the default security group in the VPC will be replaced with new custom security groups.

Options:

A.

Create a database server security group with inbound and outbound rules for MySQL port 3306 traffic to and from anywhere (0.0.0.0/0).

B.

Create a database server security group with an inbound rule for MySQL port 3300 and specify the source as a web server security group.

C.

Create a web server security group within an inbound allow rule for HTTPS port 443 traffic from anywbere (0.0.0.0/0) and an inbound deny rule for IP range 182. 20.0.0/16

D.

Create a web server security group with an inbound rule for HTTPS port 443 traffic from anywhere (0.0.0.0/0). Create network ACL inbound and outbound deny rules for IP range 182. 20.0.0/16

E.

Create a web server security group with an inbound and outbound rules for HTTPS port 443 traffic to and from anywbere (0.0.0.0/0). Create a network ACL inbound deny rule for IP range 182. 20.0.0/16.

Question 18

A new employee has joined a company as a deployment engineer. The deployment engineer will be using AWS CloudFormation templates to create multiple AWS resources. A solutions architect wants the deployment engineer to perform job activities while following the principle of least privilege.

Which steps should the solutions architect do in conjunction to reach this goal? (Select two.)

Options:

A.

Have the deployment engineer use AWS account roof user credentials for performing AWS CloudFormation stack operations.

B.

Create a new IAM user for the deployment engineer and add the IAM user to a group that has the PowerUsers IAM policy attached.

C.

Create a new IAM user for the deployment engineer and add the IAM user to a group that has the Administrate/Access IAM policy attached.

D.

Create a new IAM User for the deployment engineer and add the IAM user to a group that has an IAM policy that allows AWS CloudFormation actions only.

E.

Create an IAM role for the deployment engineer to explicitly define the permissions specific to the AWS CloudFormation stack and launch stacks using Dial IAM role.

Question 19

A company's web application consists of multiple Amazon EC2 instances that run behind an Application Load Balancer in a VPC. An Amazon ROS for MySQL DB instance contains the data. The company needs the ability to automatically detect and respond to suspicious or unexpected behaviour in its AWS environment the company already has added AWS WAF to its architecture.

What should a solutions architect do next lo protect against threats?

A, Use Amazon GuardDuty to perform threat detection. Configure Amazon EventBridge (Amazon CloudWatch Events) to filler for GuardDuty findings and to invoke pin AWS Lambda function to adjust the AWS WAF rules

B. Use AWS Firewall Manager to perform threat detection Configure Amazon EventBridge (Amazon CloudWatch Events) to filter for Firewall Manager findings and to invoke an AWS Lambda function to adjust the AWS WAF web ACL

C. Use Amazon Inspector to perform three! detection and to update the AWS WAT rules Create a VPC network ACL to limit access to the web application

D. Use Amazon Macie to perform throat detection and to update the AWS WAF rules Create a VPC network ACL to limit access to the web application

Options:

Question 20

A payment processing company records all voice communication with its customers and stores the audio files in an Amazon S3 bucket. The company needs to capture

the text from the audio files. The company must remove from the text any personally identifiable information (Pll) that belongs to customers.

What should a solutions architect do to meet these requirements?

Options:

A.

Process the audio files by using Amazon Kinesis Video Streams. Use an AWS Lambda function to scan for known Pll patterns.

B.

When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start an Amazon Textract task to analyze the call recordings.

C.

Configure an Amazon Transcribe transcription job with Pll redaction turned on. When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start the transcription job. Store the

output in a separate S3 bucket.

D.

Create an Amazon Connect contact flow that ingests the audio files with transcription turned on. Embed an AWS Lambda function to scan for known Pll patterns. Use Amazon EventBridge (Amazon CloudWatch Events) to start the contact flow when an audio file is uploaded to the S3 bucket.

Page: 5 / 27
Total 1 questions
Get SAA-C02 Full Access Download SAA-C02 PDF