Lead4Pass SAA-C02 dumps: SAA-C02 dumps pdf, SAA-C02 dumps VCE.
How to get SAA-C02 certification?
Participate in the AWS Certified Solutions Architect – Associate (SAA-C02) exam, pass the verification of 65 multiple-choice and multiple-choice questions, and obtain a certification with a score of 720 or more out of a total score of 1,000.
How to pass the SAA-C02 exam 100%?
- Learn AWS Certified Solutions Architect – Associate Technical Knowledge
- Participate in the SAA-C02 online exam practice
- Participate in discussion communities: Quora, Reddit…
- Lead4Pass SAA-C02 dumps: https://www.leads4pass.com/saa-c02.html (2022 latest update)
Participate in the SAA-C02 online exam practice:
Answers will be announced at the end of the article.
SAA-C02 Q1:
A company is designing a cloud communications platform trial is driven by APIs. The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB). The company uses Amazon API Gateway to provide external users with access to the application through APIs. The company wants to protect the platform against web exploits like SQL Injection and also wants to detect and mitigate large, sophisticated DDoS attacks Which combination of solutions provides the MOST protection? (Select TWO.)
A. Use AWS WAF to protect the NLB
B. Use AWS Shield Advanced with the NLB
C. Use AWS WAF to protect Amazon API Gateway
D. Use Amazon GuardDuty with AWS Shield Standard
E. Use AWS Shield Standard with Amazon API Gateway
SAA-C02 Q2:
A company that recently started using AWS establishes a Site-to-Site VPN between its on-premises data center and AWS. The company\\’s security mandate states that traffic originating from on premises should stay within the company\\’s private IP space when communicating with an Amazon Elastic Container Service (Amazon ECS) cluster that is hosting a sample web application.
Which solution meets this requirement?
A. Configure a gateway endpoint for Amazon ECS. Modify the route table to include an entry pointing to the ECS cluster.
B. Create a Network Load Balancer and AWS PrivateLink endpoint for Amazon ECS in the same VPC that is hosting the ECS cluster.
C. Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VPC. Connect the two VPCs by using VPC peering.
D. Configure an Amazon Route 53 record with Amazon ECS as the target. Apply a server certificate to Route 53 from AWS Certificate Manager (ACM) for SSL offloading.
SAA-C02 Q3:
A company\\’s application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones On the first day of every month at midnight the application becomes much slower when the month-end financial calculation batch executes This causes the CPU utilization of the EC2 instances to immediately peak to 100%. which disrupts the application What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?
A. Configure an Amazon CloudFront distribution in front of the ALB
B. Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization
C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
D. Configure Amazon ElastiCache to remove some of the workload from the EC2 instances
Scheduled Scaling for Amazon EC2 Auto Scaling Scheduled scaling allows you to set your own scaling schedule. For example, let\\’s say that every week the traffic to your web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday. You can plan your scaling actions based on the predictable traffic patterns of your web application. Scaling actions are performed automatically as a function of time and date.
https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html
SAA-C02 Q4:
A customer has a service based out of Oregon. US and Paris. France. The application stores data in an Amazon S3 bucket located in Oregon. That data is updated frequently. The Pans office is experiencing slow response times when retrieving objects.
What should a solutions architect do to resolve the slow response times for the Paris office?
A. Set up an S3 bucket based in Paris, and enable Cross-Region Replication from the Oregon bucket to the Paris bucket.
B. Create an Application Load Balancer that load balances data retrieval between the Oregon S3 bucket and a new Paris S3 bucket.
C. Create an Amazon CloudFront distribution with the bucket located m Oregon as the origin and set the maximum TTL setting for the cache behavior to zero.
D. Set up an S3 bucket based in Paris, and enable a lifecycle management rule to transition data from the Oregon bucket to the Paris bucket.
SAA-C02 Q5:
A company wants lo build an immutable infrastructure for its software applications The company wants to test the software applications before sending traffic to them The company seeks an efficient solution that limits the effects of application bugs.
Which combination of steps should a solutions architect recommend? {Select TWO)
A. Use AWS Cloud Formation to update the production infrastructure and roll back the stack if the update fails
B. Apply Amazon Route 53 weighted routing to test the staging environment and gradually increase the traffic as the tests pass
C. Apply Amazon Route 53 failover routing to test the staging environment and fail over to the production environment if the tests pass
D. Use AWS Cloud Formation with a parameter set to the staging value in a separate environment other than the production environment
E. Use AWS Cloud Formation to deploy the staging environment with a snapshot deletion policy and reuse the resources in the production environment if the tests pass
SAA-C02 Q6:
A company\\’s dynamic website is hosted using on-premises servers in the United States. The company is launching its product in Europe and it wants to optimize site loading times for new European users. The site\\’s backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed What should the solutions architect recommend?
A. Launch an Amazon EC2 instance in us-east-1 and migrate the site to it
B. Move the website to Amazon S3 Use cross-Region replication between Regions.
C. Use Amazon CloudFront with a custom origin pointing to the on-premises servers
D. Use an Amazon Route 53 geoproximity routing policy pointing to on-premises servers
SAA-C02 Q7:
A prediction process requires access to a trained model that is stored in an Amazon S3 bucket. The process takes a few seconds to process an image and make a prediction. The process is not overly resource-intensive, does not require any specialized hardware, and takes less than 512 MB of memory to run.
What is the MOST effective compute solution for this use case?
A. Amazon Elastic Container Service (Amazon ECS)
B. Amazon EC2 Spot instances
C. AWS Lambda functions
D. AWS Elastic Beanstalk
SAA-C02 Q8:
A company has a service that reads and writes large amounts of data from an Amazon S3 bucket in the same AWS Region The service is deployed on Amazon EC2 instances within the private subnet of a VPC. The service communicates with Amazon S3 over a NAT gateway in the public subnet However, the company wants a solution that will reduce the data output costs.
Which solution will meet these requirements MOST cost-effectively?
A. Provision a dedicated EC2 NAT instance in the public subnet. Configure the route table for the private subnet to use the elastic network interface of this instance as the destination for all S3 traffic
B. Provision a dedicated EC2 NAT instance in the private subnet. Configure the route table for the public subnet to use the elastic network interface of this instance as the destination for all S3 traffic.
C. Provision a VPC gateway endpoint. Configure the route table for the private subnet to use the gateway endpoint as the route for all S3 traffic.
D. Provision a second NAT gateway. Configure the route table foe the private subnet to use this NAT gateway as the destination for all S3 traffic.
SAA-C02 Q9:
A company is running a highly sensitive application on Amazon EC2 backed by an Amazon RDS database Compliance regulations mandate that all personally identifiable information (Pll) be encrypted at rest.
Which solution should a solutions architect recommend to meet this requirement with the LEAST amount of changes to the infrastructure?
A. Deploy AWS Certificate Manager to generate certificates Use the certificates to encrypt the database volume
B. Deploy AWS CloudHSM, generate encryption keys, and use the customer master key (CMK) to encrypt database volumes
C. Configure SSL encryption using AWS Key Management Service customer master keys (AWS KMS CMKs) to encrypt database volumes.
D. Configure Amazon Elastic Block Store (Amazon EBS) encryption and Amazon RDS encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance and database volumes
SAA-C02 Q10:
A solutions architect is designing a solution that will include a database in Amazon RDS Corporate security policy mandates that the database its logs, and its backups are all encrypted What is the MOST efficient option to fulfill the security policy using Amazon RDS?
A. Launch an Amazon RDS instance with encryption enabled Enable encryption for logs and backups
B. Launch an Amazon RDS instance Enable encryption for the database, logs, and backups
C. Launch an Amazon RDS instance with encryption enabled Logs and backups are automatically encrypted
D. Launch an Amazon RDS instance Enable encryption for backups Encrypt logs with a database- engine feature
SAA-C02 Q11:
A team has an application that detects new objects being uploaded into an Amazon bucket. The upload a trigger AWS Lambda function to write metadata into an Amazon DynamoDB table and an Amazon RDS for PostgreSQL database.
Which action should the team take to ensure high availability?
A. Enable Cross-Region Replication to ensure high availability
B. Create a Lambda function for each Availability Zone the application is deployed in
C. Enable Multi-AZ on the RDS PostgreSQL database.
D. Create a DynamoDB stream for the DynamoDB table
SAA-C02 Q12:
A company is deploying a two-tier web application in a VPC. The web tier is using an Amazon EC2 Auto Scaling group with public subnets that span multiple Availability Zones. The database tier consists of an Amazon RDS for MySQL DB instance in separate private subnets. The web tier requires access to the database to retrieve product information.
The web application is not working as intended. The web application reports that it cannot connect to the database. The database is confirmed to be up and running. All configurations for the network ACLs. security groups, and route tables are still in their default states.
What should a solutions architect recommend to fix the application?
A. Add an explicit rule to the private subnet\\’s network ACL to allow traffic from the web tier\\’s EC2 instances.
B. Add a route in the VPC route table to allow traffic between the web tier\\’s EC2 instances and Ihe database tier.
C. Deploy the web tier\\’s EC2 instances and the database tier\\’s RDS instance into two separate VPCs.and configure VPC peering.
D. Add an inbound rule to the security group of the database tier\\’s RDS instance to allow traffic from the web tier\\’s security group.
Verify the answer:
| Q1 | Q2 | Q3 | Q4 | Q5 | Q6 | Q7 | Q8 | Q9 | Q10 | Q11 | Q12 |
| AD | C | C | C | AB | C | C | C | D | C | C | D |
PS. Get SAA-C02 Online Practice Questions PDF: https://drive.google.com/file/d/1quaaKhwHJQ4cQzR4qb_r_22seEwKR7jE/view?usp=sharing
The free SAA-C02 exam practice questions are only 12 questions. Here is a part to help you verify your true strength, and full SAA-C02 dumps can help you study before the exam and pass the exam.
Full SAA-C02 dumps click here: https://www.leads4pass.com/saa-c02.html (Total Questions: 963 Q&A).
