• Home
  • Articles
  • (Feb-2024) AWS-Solutions-Architect-Associate Exam Dumps Contains FREE Real Quesions from the Actual Exam [Q10-Q35]

(Feb-2024) AWS-Solutions-Architect-Associate Exam Dumps Contains FREE Real Quesions from the Actual Exam [Q10-Q35]

Share

(Feb-2024) AWS-Solutions-Architect-Associate Exam Dumps Contains FREE Real Quesions from the Actual Exam

Free Test Engine Verified By AWS Certified Solutions Architect Certified Experts


The AWS-Solutions-Associate exam is a certification exam for individuals who want to become an AWS Certified Solutions Architect - Associate (SAA-C02). AWS-Solutions-Architect-Associate exam focuses on the knowledge and skills required to design and deploy scalable, highly available, and fault-tolerant systems on Amazon Web Services (AWS). AWS Certified Solutions Architect - Associate (SAA-C02) certification is highly valued in the IT industry and is a prerequisite for many AWS job roles.


The AWS Certified Solutions Architect - Associate certification is ideal for professionals who possess a working knowledge of AWS services and have experience in designing distributed applications. AWS-Solutions-Architect-Associate exam is designed to validate the candidate’s ability to identify and define requirements for AWS-based applications, design and deploy scalable, highly available, and fault-tolerant systems, and implement and manage secure applications and infrastructure.

 

NEW QUESTION # 10
Do you need to shutdown your EC2 instance when you create a snapshot of EBS volumes that serve as root devices?

  • A. No, the snapshot would turn off your instance automatically.
  • B. No, you only need to shutdown an instance before deleting it.
  • C. Yes
  • D. No

Answer: C

Explanation:
Yes, to create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html


NEW QUESTION # 11
A company has established a new AWS account. The account is newly provisioned and no changed have been made to the default settings. The company is concerned about the security of the AWS account root user.
What should be done to secure the root user?

  • A. Create IAM users for daily administrative tasks Disable the root user.
  • B. Generate an access key for the root user. Use the access key for daily administration tasks instead of the AWS Management Console.
  • C. Create IAM users for daily administrative tasks Enable multi-factor authentication on the root user.
  • D. Provide the root user credentials to the most senior solution architect. Have the solution architect use the root user for daily administration tasks.

Answer: C


NEW QUESTION # 12
A user has configured an EC2 instance in the US-East-1a zone. The user has enabled detailed monitoring of the instance. The user is trying to get the data from CloudWatch using a CLI.
Which of the below mentioned CloudWatch endpoint URLs should the user use?

  • A. cloudwatch.us-east-1a.amazonaws.com
  • B. monitoring.us-east-1.amazonaws.com
  • C. monitoring.us-east-1-a.amazonaws.com
  • D. monitoring.us-east-1a.amazonaws.com

Answer: B

Explanation:
The CloudWatch resources are always region specific and they will have the end point as region specific. If the user is trying to access the metric in the US-East-1 region, the endpoint URL will be: monitoring.us- east-1.amazonaws.com Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/regions_endpoints.html


NEW QUESTION # 13
What happens to Amazon EBS root device volumes, by default, when an instance terminates?

  • A. Amazon EBS root device volumes remain in the database until you delete them.
  • B. Amazon EBS root device volumes are moved to IAM.
  • C. Amazon EBS root device volumes are automatically deleted.
  • D. Amazon EBS root device volumes are copied into Amazon RDS.

Answer: C

Explanation:
By default, Amazon EBS root device volumes are automatically deleted when the instance terminates.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html


NEW QUESTION # 14
Location of Instances are ____________

  • A. Regional
  • B. Global
  • C. based on Availability Zone

Answer: C


NEW QUESTION # 15
A company has two applications: a sender application that sends messages with payloads to be processed and a processing application intended to receive the messages with payloads The company wants to implement an AWS service to handle messages between the two applications The sender application can send about 1,000 messages each hour The messages may take up to 2 days to be processed If the messages fail to process, they must be retained so that they do not impact the processing of any remaining messages.
Which solution meets these requirements and is the MOST operationally efficient?

  • A. Use an Amazon Kinesis data stream to receive the messages from the sender application. Integrate the processing application with the Kinesis Client Library (KCL).
  • B. Integrate the sender and processor applications with an Amazon Simple Queue Service (Amazon SQS) queue Configure a dead-letter queue to collect the messages that failed to process
  • C. Set up an Amazon EC2 instance running a Redis database Configure both applications to use the instance Store process, and delete the messages., respectively
  • D. Subscribe the processing application to an Amazon Simple Notification Service (Amazon SNS) topic to receive notifications to process, integrate the sender application to write to the SNS topic.

Answer: B


NEW QUESTION # 16
Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?

  • A. Yes
  • B. Only via Console
  • C. No
  • D. Only via API

Answer: C


NEW QUESTION # 17
A company wants to improve the availability and performance of its hybrid application. The application consists of a stateful TCP-based workload hosted on Amazon EC2 instances in different AWS Regions and a stateless UDP-based workload hosted on premises.
Which combination of actions should a solutions architect take to improve availability and performance?
(Select TWO.)

  • A. Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure an Application Load Balancer in each Region that routes to the on-premises endpoints.
  • B. Create an accelerator using AWS Global Accelerator. Add the load balancers as endpoints.
  • C. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the load balancers.
  • D. Configure two Application Load Balancers in each Region. The first will route to the EC2 endpoints, and the second will route to the on-premises endpoints.
  • E. Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure a Network Load Balancer in each Region that routes to the on-premises endpoints.

Answer: B,C


NEW QUESTION # 18
Which of the following cache engines does Amazon ElastiCache support?

  • A. Amazon ElastiCache supports Redis and WinCache.
  • B. Amazon ElastiCache supports Memcached and Redis.
  • C. Amazon ElastiCache supports Memcached only.
  • D. Amazon ElastiCache supports Memcached and Hazelcast.

Answer: B

Explanation:
The cache engines supported by Amazon ElastiCache are Memcached and Redis.
http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/SelectEngine.html


NEW QUESTION # 19
A solutions architect is redesigning a monolithic application to be a loosely coupled application composed of two microservices: Microservice A and Microservice B Microservice A places messages in a mam Amazon Simple Queue Service (Amazon SOS) queue for Microservice B to consume When Microservice B fails to process a message after four retries, the message needs to be removed from the queue and stored for further investigation.
What should the solutions architect do to meet these requirements?

  • A. Create an SQS dead-letter queue Microservice B adds failed messages to that queue after it receives and fails to process the message four times.
  • B. Create an SQS queue for failed messages. Configure the SQS queue for failed messages to pull messages from the main SQS queue after the original message has been received four times.
  • C. Create an SQS queue for failed messages Microservice A adds failed messages to that queue after Microservice B receives and fails to process the message four times.
  • D. Create an SQS dead-letter queue Configure the main SQS queue to deliver messages to the dead-letter queue after the message has been received four times.

Answer: D

Explanation:
Explanation
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html


NEW QUESTION # 20
An online retailer needs to regularly process large product catalogs, which are handled in batches. These are sent out to be processed by people using the Amazon Mechanical Turk service, but the retailer has asked its Solutions Architect to design a workflow orchestration system that allows it to handle multiple concurrent Mechanical Turk operations, deal with the result assessment process, and reprocess failures.
Which of the following options gives the retailer the ability to interrogate the state of every workflow with the LEAST amount of implementation effort?

  • A. Build the workflow in AWS Step Functions, using it to orchestrate multiple concurrent workflows. The status of each workflow can be visualized in the AWS Management Console, and historical data can be written to Amazon S3 and visualized using Amazon QuickSight.
  • B. Hold workflow information in an Amazon RDS instance with AWS Lambda functions polling RDS for status changes. Worker Lambda functions then process the next workflow steps. Amazon QuickSight will visualize workflow states directly out of Amazon RDS.
  • C. Use Amazon SWF to create a workflow that handles a single batch of catalog records with multiple worker tasks to extract the data, transform it, and send it through Mechanical Turk. Use Amazon ES and Kibana to visualize AWS Lambda processing logs to see the workflow states.
  • D. Trigger Amazon CloudWatch alarms based upon message visibility in multiple Amazon SQS queues (one queue per workflow stage) and send messages via Amazon SNS to trigger AWS Lambda functions to process the next step. Use Amazon ES and Kibana to visualize Lambda processing logs to see the workflow states.

Answer: D


NEW QUESTION # 21
Which of the following commands accepts binary data as parameters?

  • A. --describe-instances-user
  • B. -cipher text-key
  • C. --user-data
  • D. --aws-customer-key

Answer: C

Explanation:
Explanation/Reference:
Explanation:
For commands that take binary data as a parameter, specify that the data is binary content by using the fileb:// prefix.
Commands that accept binary data include: aws ec2 run-instances --user-data parameter.
aws s3api put-object --sse-customer-key parameter. aws kms decrypt --ciphertext-blob parameter.
http://docs.aws.amazon.com/cli/latest/userguide/aws-cli.pdf


NEW QUESTION # 22
You are configuring your company's application to use Auto Scaling and need to move user state information. Which of the following AWS services provides a shared data store with durability and low latency?

  • A. Amazon DynamoDB
  • B. Amazon EC2 instance storage
  • C. AWS ElasticCAche Memcached
  • D. Amazon Simple Storage Service

Answer: D


NEW QUESTION # 23
What conditions could cause a Multi-AZ Amazon RDS failover to occur? (Choose two.)

  • A. A replica of the RDS instance is created in a different region
  • B. A failure of the primary database instance
  • C. The RDS instance is stopped manually
  • D. An Availability Zone becomes unavailable
  • E. Another master user is created

Answer: B,D

Explanation:
https://aws.amazon.com/rds/faqs/


NEW QUESTION # 24
A solutions architect is moving the static content from a public website hosted on Amazon EC2 instances to an Amazon S3 bucket. An Amazon CloudFront distribution will be used to deliver the static assets. The security group used by the EC2 instances restricts access to a limited set of IP ranges. Access to the static content should be similarly restricted.
Which combination of steps will meet these requirements? (Choose two.)

  • A. Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group.
    Associate this new web ACL with the CloudFront distribution.
  • B. Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket policy so that only the OAI can read the objects.
  • C. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the CloudFront distribution.
  • D. Create a new IAM role and associate the role with the distribution. Change the permissions either on the S3 bucket or on the files within the S3 bucket so that only the newly created IAM role has read and download permissions.
  • E. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the S3 bucket hosting the static content.

Answer: A,B


NEW QUESTION # 25
A Solutions Architect needs to allow developers to have SSH connectivity to web servers. The requirements are as follows:
- Limit access to users origination from the corporate network.
- Web servers cannot have SSH access directly from the Internet.
- Web servers reside in a private subnet.
Which combination of steps must the Architect complete to meet these requirements? (Choose two.)

  • A. Deny all SSH traffic from the corporate network in the inbound network ACL.
  • B. Attach an IAM role to the bastion host with relevant permissions.
  • C. Configure the web servers' security group to allow SSH traffic from a bastion host.
  • D. Create a bastion host that authenticates users against the corporate directory.
  • E. Create a bastion host with security group rules that only allow traffic from the corporate network.

Answer: C,E


NEW QUESTION # 26
A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access.
Which of the following would be the LEAST complicated implementation?

  • A. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 60 minutes for the URL, and recreate the URL as necessary.
  • B. Use an Amazon CloudFront distribution with an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design a Lambda function to remove data that is older than 14 days.
  • C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URI.
  • D. Use an S3 bucket and provide direct access to the file. Design the application to track purchases in a DynamoDB table. Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB.

Answer: C


NEW QUESTION # 27
A company uses Amazon S3 to store documents that may only be accessible to an Amazon EC2 instance in a certain virtual private cloud (VPC). The company fears that a malicious insider with access to this instance could also set up an EC2 instance in another VPC to access these documents.
Which of the following solutions will provide the required protection?

  • A. Use S3 server-side encryption and protect the key with an encryption context.
  • B. Use S3 client-side encryption and store the key in the instance metadata.
  • C. Use an S3 VPC endpoint and an S3 bucket policy to limit access to this VPC endpoint.
  • D. Use EC2 instance profiles and an S3 bucket policy to limit access to the role attached to the instance profile.

Answer: D


NEW QUESTION # 28
A Solutions Architect is designing a VPC. Instances in a private subnet must be able to establish IPv6 traffic to the Internet. The design must scale automatically and not incur any additional cost.
This can be accomplished with:

  • A. a NAT gateway
  • B. a custom NAT instance
  • C. an egress-only internet gateway
  • D. a VPC endpoint

Answer: C

Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html


NEW QUESTION # 29
In order for a table write to succeed, the provisioned throughput settings for the table and global secondary indexes, in DynamoDB, must have__________; otherwise, the write to the table will be throttled.

  • A. enough write capacity to accommodate the write
  • B. no additional write cost for the index
  • C. the size less than or equal to 1 KB
  • D. 100 bytes of overhead per index item

Answer: A

Explanation:
Explanation/Reference:
Explanation:
In order for a table write to succeed in DynamoDB, the provisioned throughput settings for the table and global secondary indexes must have enough write capacity to accommodate the write; otherwise, the write will be throttled.
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.html


NEW QUESTION # 30
A company stores project information in a shared spreadsheet. The company wants to create a web application to replace the spreadsheet The company has chosen Amazon DynamoDB to store the spreadsheet's data and is designing the web application to display the project information that is obtained from DynamoDB.
A solutions architect must design the web application's backend by using managed services that require minimal operational maintenance.
Which architectures meet these requirements? (Select TWO.)

  • A. An Elastic Load Balancer forwards requests to a target group of Amazon EC2 instances The EC2 instances run an application that accesses DynamoDB.
  • B. An Amazon Route 53 hosted zone routes requests to an AWS Lambda endpoint to invoke a Lambda function that accesses DynamoDB.
  • C. An Amazon API Gateway REST API invokes an AWS Lambda function. The Lambda function accesses DynamoDB.
  • D. An Elastic Load Balancer forwards requests to a target group with DynamoDB set up as the target.
  • E. An Amazon API Gateway REST API accesses the project information that is in DynamoDB.

Answer: A,E


NEW QUESTION # 31
A developer is creating an AWS Lambda function to perform dynamic updates to a database when an item is added to an Amazon Simple Queue Service (Amazon SOS) queue A solutions architect must recommend a solution that tracks any usage of database credentials in AWS CloudTrail. The solution also must provide auditing capabilities.
Which solution will meet these requirements?

  • A. Store the encrypted credentials in a Lambda environment variable
  • B. Create an Amazon DynamoDB table to store the credentials Encrypt the table
  • C. Store the credentials as a secure string in AWS Systems Manager Parameter Store
  • D. Use an AWS Key Management Service (AWS KMS) key store to store the credentials

Answer: D


NEW QUESTION # 32
You need to set up a high level of security for an Amazon Relational Database Service (RDS) you have just built in order to protect the confidential information stored in it. What are all the possible security groups that RDS uses?

  • A. DB security groups only.
  • B. EC2 security groups only.
  • C. VPC security groups, and EC2 security groups.
  • D. DB security groups, VPC security groups, and EC2 security groups.

Answer: D

Explanation:
A security group controls the access to a DB instance. It does so by allowing access to IP address ranges or Amazon EC2 instances that you specify.
Amazon RDS uses DB security groups, VPC security groups, and EC2 security groups. In simple terms, a DB security group controls access to a DB instance that is not in a VPC, a VPC security group controls access to a DB instance inside a VPC, and an Amazon EC2 security group controls access to an EC2 instance and can be used with a DB instance.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html


NEW QUESTION # 33
A company plans to store sensitive user data on Amazon S3. Internal security compliance requirement mandata encryption of data before sending it to Amazon S3.
What should a solution architect recommend to satisfy these requirements?

  • A. Server-side encryption with keys stored in AWS key Management Service (AWS KMS)
  • B. Server-side encryption with customer-provided encryption keys
  • C. Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS)
  • D. Client-side encryption with Amazon S3 managed encryption keys

Answer: B


NEW QUESTION # 34
A company Is reviewing Its AWS Cloud deployment to ensure its data is not accessed by anyone without appropriate authorization. A solutions architect is tasked with identifying all open Amazon S3 buckets and recording any S3 bucket configuration changes.
What should the solutions architect do to accomplish this?

  • A. Enable AWS Trusted Advisor with the appropriate checks.
  • B. Enable Amazon S3 server access logging and configure Amazon CloudWatch Events.
  • C. Enable AWS Config service with the appropriate rules
  • D. Write a script using an AWS SDK to generate a bucket report

Answer: C


NEW QUESTION # 35
......

Use Real Amazon Achieve the AWS-Solutions-Architect-Associate Dumps - 100% Exam Passing Guarantee: https://www.passexamdumps.com/AWS-Solutions-Architect-Associate-valid-exam-dumps.html

Verified AWS-Solutions-Architect-Associate Q&As - Pass Guarantee AWS-Solutions-Architect-Associate Exam Dumps: https://drive.google.com/open?id=1hJeSthlD3Ni6lkroaBRcN35hDLtE0TE3

Related Articles

more
Amazon AWS-Solutions-Architect-Associate Certification Practice Exam