Lead4Pass has updated the AWS Certified Solutions Architect-Associate “SAA-C02” exam questions and answers to help you pass the exam easily! Lead4Pass SAA-C02 exam dumps have a 99.5% exam pass rate.
SAA-C02 dumps contain both PDF and VCE modes https://www.leads4pass.com/saa-c02.html (Total Questions: 693 Q&A). Any All modes can help you study easily and pass the exam smoothly.
Next, I will share some of the latest updated SAA-C02 exam practice questions to help you understand the latest exam content in advance.

Amazon SAA-C02 Exam PDF shared for free, part of it comes from Lead4Pass

This is part of the SAA-C02 exam PDF from Lead4Pass. You can download and study online! Get the complete SAA-C02 pdf which can be found in Lead4Pass!

New Amazon SAA-C02 test questions and answers online mock test

The latest Amazon SAA-C02 exam practice questions can help you quickly understand the current exam content! This is only part of the complete content! You can choose Lead4Pass! Get the latest updated SAA-C02 exam questions and answers

QUESTION 1
The following IAM policy is attached to an IAM group. This is the only policy applied to the group.

What are the effective IAM permissions of this policy for group members?
A. Group members are permitted any Amazon EC2 action within the uss-east-1 Region. Statements after The Allow
permission are not applied
B. Group member are denied any Amazon EC2 permissions in the us-east-1 Region unless they are tagged in with multifactor authentication (MFA).
C. Group members are allowed the ec2:StopInstances and ec2:Terminatelnstances permissions for all Regions when
logged in with multi-factor authentication (MFA). Group members authorized any other Amazon EC2 action.
D. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for the us-east-1
Region only when logged in with multi-factor authentication (MFA). Groups are permitted any other Amazon EC2 action within the us-east-1 Region
Correct Answer: D

QUESTION 2
A solutions architect is moving the static content from a public website hosted on Amazon EC2 instances to an Amazon
S3 bucket. An Amazon CloudFront distribution will be used to deliver the static assets. The security group used by the
EC2 instances restricts access to a limited set of IP ranges. Access to the static content should be similarly restricted.
Which combination of steps will meet these requirements? (Select TWO.)
A. Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket
policy so that only the OAI can read the objects.
B. Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group. Associate
this new web ACL with the CloudFront distribution.
C. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group.
Associate this new security group with the CloudFront distribution.
D. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group.
Associate this new security group with the S3 bucket hosting the static content.
E. Create a new IAM role and associate the role with the distribution. Change the permissions either on the S3 bucket or
on the files within the S3 bucket so that only the newly created IAM role has read and download permissions.
Correct Answer: AB

QUESTION 3
A company is running an online transaction processing (OLTP) workload on AWS. This workload uses an unencrypted
Amazon RDS DB instance in a Multi-AZ deployment. Daily database snapshots are taken from this instance. What
should a solutions architect do to ensure the database and snapshots are always encrypted moving forward?
A. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot.
B. Create a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the snapshots lo it. Enable
encryption on the DB instance.
C. Copy the snapshots and enable encryption using AWS Key Management Service (AWS KMS).Restore encrypted
snapshot to an existing DB instance.
D. Copy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption with AWS
Key Management Service (AWS KMS) managed keys (SSE-KMS).
Correct Answer: A

QUESTION 4
A company has a live chat application running on list on-premises servers that use WebSockets. The company wants to
migrate the application to AWS Application traffic is inconsistent, and the company expects there to be more traffic with
sharp spikes in the future. The company wants a highly scalable solution with no server maintenance nor advanced
capacity planning Which solution meets these requirements?
A. Use Amazon API Gateway and AWS Lambda with an Amazon DynamoDB table as the data store Configure the
DynamoDB table for provisioned capacity
B. Use Amazon API Gateway and AWS Lambda with an Amazon DynamoDB table as the data store Configure the
DynaiWDB table for on-demand capacity
C. Run Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group with an Amazon
DynamoDB table as the data store Configure the DynamoDB table for on-demand capacity
D. Run Amazon EC2 instances behind a Network Load Balancer in an Auto Scaling group with an Amazon DynamoDB
table as the data store Configure the DynamoDB table for provisioned capacity
Correct Answer: B

QUESTION 5
A company has media and application files that need to be shared internally. Users currently are authenticated using
Active Directory and access files from a Microsoft Windows platform. The chief execute officer wants to keep the same
user permissions, but wants the company to improve the process as the company is reaching its storage capacity limit.
What should a solutions architect recommend?
A. Set up a corporate Amazon S3 bucket and move and media and application files.
B. Configure Amazon FSx for Windows File Server and move all the media and application files.
C. Configure Amazon Elastic File System (Amazon EFS) and move all media and application files.
D. Set up Amazon EC2 on Windows, attach multiple Amazon Elastic Block Store (Amazon EBS) volumes and, and
move all media and application files.
Correct Answer: B

QUESTION 6
A company currently has 250 TB of backup files stored in Amazon S3 in a vendor\\’s proprietary format. Using a Linuxbased software application provided by the vendor, the company wants to retrieve files from Amazon S3, transform the
files to an industry-standard format, and re-upload them to Amazon S3. The company wants to minimize the data
transfer charges associated with this conversation. What should a solution architect do to accomplish this?
A. Install the conversion software as an Amazon S3 batch operation so the data is transformed without leaving Amazon
S3.
B. Install the conversion software onto an on-premises virtual machines. Perform the transformation and re-upload the
files to Amazon S3 from the virtual machine.
C. Use AWS Snowball Edge device to expert the data and install the conversion software onto the devices. Perform the
data transformation and re-upload the files to Amazon S3 from the Snowball devices.
D. Launch an Amazon EC2 instance in the same Region as Amazon S3 and install the conversion software onto the
instance. Perform the transformation and re-upload the files to Amazon S3 from the EC2 instance.
Correct Answer: C
https://aws.amazon.com/snowball/pricing/

QUESTION 7
A company has a 10 Gbps AWS Direct Connect connection from its on-premises servers to AWS. The
workloads using the connection are critical. The company requires a disaster recovery strategy with
maximum resiliency that maintains the current connection bandwidth at a minimum.
What should a solutions architect recommend?
A. Set up a new Direct Connect connection in another AWS Region.
B. Set up a new AWS managed VPN connection in another AWS Region.
C. Set up two new Direct Connect connections: one in the current AWS Region and one in another Region.
D. Set up two new AWS managed VPN connections: one in the current AWS Region and one in another Region.
Correct Answer: B

QUESTION 8
A solutions architect is designing an elastic application that will have between 10 and 50 Amazon EC2 concurrent
instances running depending on the load Each instance must mount storage that will read and write to the same 50 GB
folder Which storage type meets the requirements?
A. Amazon S3
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Amazon Elastic Block Store (Amazon EBS) volumes
D. Amazon EC2 instance store
Correct Answer: B

QUESTION 9
A company runs a legacy application with a single-tier architecture on an Amazon EC2 instance Disk I/O is low. with
occasional small spikes during business hours. The company requires the instance to be stopped from 8 PM to 8 AM
daily Which storage option is MOST appropriate for this workload?
A. Amazon EC2 instance storage
B. Amazon EBS General Purpose SSD (gp2) storage
C. Amazon S3
D. Amazon EBS Provisioned IOPS SSD (io2) storage
Correct Answer: B

QUESTION 10
A solutions architect is designing a system to analyze the performance of financial markets while the markets are closed
The system will run a series of compute-intensive jobs for 4 hours every night The time to complete the compute jobs is
expected to remain constant, and jobs cannot be interrupted once started Once completed, the system is expected to
run for a minimum of 1 year Which type of Amazon EC2 instances should be used to reduce the cost of the system?
A. Spot Instances
B. On-Demand Instances
C. Standard Reserved Instances
D. Scheduled Reserved Instances
Correct Answer: D

QUESTION 11
A solutions architect is designing the cloud architecture for a new application being deployed on AWS The process
should run in parallel while adding and removing application nodes as needed based on the number of jobs to be
processed The processor application is stateless The solutions architect must ensure that the application is loosely
coupled and the job items are durably stored Which design should the solutions architect use?
A. Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI)
that consists of the processor application Create a launch configuration that uses the AMI Create an Auto Scaling group
using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on
CPU usage
B. Create an Amazon SQS queue to hold the jobs that need to be processed Create an Amazon Machine Image (AMI)
that consists of the processor application Create a launch configuration that uses the AMI Create an Auto Scaling group
using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on
network usage
C. Create an Amazon SQS queue to hold the jobs that needs to be processed Create an Amazon Machine Image (AMI)
that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group
using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the
number of items in the SQS queue
D. Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI)
that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group
using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the
number of messages published to the SNS topic.
Correct Answer: C
Amazon Simple Queue Service Amazon Simple Queue Service (SQS) is a fully managed message queuing service that
enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the
complexity and overhead associated with managing and operating message oriented middleware, and empowers
developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software
components at any volume, without losing messages or requiring other services to be available. Get started with SQS in
minutes using the AWS console, Command Line Interface or SDK of your choice, and three simple commands. SQS
offers two types of message queues. Standard queues offer maximum throughput, best-effort ordering, and at-leastonce delivery. SQS FIFO queues are designed to guarantee that messages are processed exactly once, in the exact
order that they are sent. Scaling Based on Amazon SQS There are some scenarios where you might think about scaling
in response to activity in an Amazon SQS queue. For example, suppose that you have a web app that lets users upload
images and use them online. In this scenario, each image requires resizing and encoding before it can be published.
The app runs on EC2 instances in an Auto Scaling group, and it\\’s configured to handle your typical upload rates.
Unhealthy instances are terminated and replaced to maintain current instance levels at all times. The app places the
raw bitmap data of the images in an SQS queue for processing. It processes the images and then publishes the
processed images where they can be viewed by users. The architecture for this scenario works well if the number of
image uploads doesn\\’t vary over time. But if the number of uploads changes over time, you might consider using
dynamic scaling to scale the capacity of your Auto Scaling group.
https://aws.amazon.com/sqs/#:~:text=Amazon%20SQS%20leverages%20the%20AWS,queues%20pr
ovide%20nearly%20unlimited%20throughput. https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqsqueue.html

QUESTION 12
A company is hosting 60 TB of production-level data in an Amazon S3 bucket A solutions architect needs to bring that
data on premises for quarterly audit requirements This export of data must be encrypted while in transit The company
has low network bandwidth in place between AWS and its on-premises data center What should the solutions architect
do to meet these requirements?
A. Deploy AWS Migration Hub with 90-day replication windows for data transfer.
B. Deploy an AWS Storage Gateway volume gateway on AWS Enable a 90-day replication window to transfer the data
C. Deploy Amazon Elastic File System (Amazon EFS), with lifecycle policies enabled, on AWS. Use it to transfer the
data
D. Deploy an AWS Snowball device in the on-premises data center after completing an export job request in the AWS
Snowball console
Correct Answer: A

QUESTION 13
A company purchased Amazon EC2 Partial Upfront Reserved Instances for a 1-year term. A solutions architect wants to
analyze how much the daily effective cost is with all possible discounts. Which view must the solutions architect choose
in the advanced options of Cost Explorer to get the correct values?
A. Show net amortized costs
B. Show net unblended costs
C. Show amortized costs
D. Show blended costs
Correct Answer: C

Get the complete SAA-C02 exam dumps https://www.leads4pass.com/saa-c02.html (PDF+VCE). Update throughout the year! Ensure that all problems are immediate and effective! Help you successfully obtain certification.

ps.
This is part of the SAA-C02 exam PDF from Lead4Pass. You can download and study online! Get the complete SAA-C02 pdf which can be found in Lead4Pass!