• 2021-09-27

[2021.8 Updated] The latest actual update Amazon SAA-C02 exam dumps | lead4pass PDF and SOFTWARE

The latest update Amazon SAA-C02 brain dumps comes from Lead4Pass! Amazon SAA-C02 exam questions are updated throughout the year to ensure that they are actually valid!
Welcome to download the latest Lead4Pass Amazon SAA-C02 dumps with PDF and SOFTWARE: https://www.lead4pass.com/saa-c02.html (693 Q&A)

[Lead4Pass SAA-C02 pdf] Amazon SAA-C02 exam PDF uploaded from google drive, online download provided by the latest update of Lead4pass:
https://drive.google.com/file/d/1PyD7m-zQTZG3oxjjmpwdrA3Oklp-MdV1/

[Lead4pass SAA-C02 practice test] Latest update Amazon SAA-C02 exam questions and answers online practice test

QUESTION 1
A company hosts an application used to upload files to an Amazon S3 bucket Once uploaded, the files are processed to
extract metadata, which takes less than 5 seconds. The volume and frequency of the uploads vanes from a few files
each hour to hundreds of concurrent uploads. The company has asked a solutions architect to design a cost effective
architecture that will meet these requirements. What should the solutions architect recommend?
A. Configure AWS CloudTrail trails to log S3 API calls Use AWS AppSync to process the files
B. Configure an object-created event notification within the S3 bucket to invoke an AWS Lambda function to process the files.
C. Configure Amazon Kinesis Data Streams to process and send data to Amazon S3 Invoke an AWS Lambda function
to process the files
D. Configure an Amazon Simple Notification Service (Amazon SNS) topic to process the files uploaded to Amazon S3.
Invoke an AWS Lambda function to process the files.
Correct Answer: B

 

QUESTION 2
A solutions architect has created a new AWS account and must secure AWS account root user access Which
combination of actions will accomplish this? (Select TWO.)
A. Ensure the root user uses a strong password
B. Enable multi-factor authentication to the root user
C. Store root user access keys in an encrypted Amazon S3 bucket
D. Add the root user to a group containing administrative permissions.
E. Apply the required permissions to the root user with an inline policy document
Correct Answer: BD

 

QUESTION 3
A solutions architect is designing a solution that will include a database in Amazon RDS Corporate security policy
mandates that the database its logs, and its backups are all encrypted What is the MOST efficient option to fulfill the
security policy using Amazon RDS?
A. Launch an Amazon RDS instance with encryption enabled Enable encryption for logs and backups
B. Launch an Amazon RDS instance Enable encryption for the database, logs, and backups
C. Launch an Amazon RDS instance with encryption enabled Logs and backups are automatically encrypted
D. Launch an Amazon RDS instance Enable encryption for backups Encrypt logs with a database- engine feature
Correct Answer: C

 

QUESTION 4
A company wants to monitor its AWS costs for financial review. The cloud operations team is designing an architecture
in the AWS Organizations master account to query AWS Cost and Usage Reports for all member accounts. The team
must run this query once a month and provide a detailed analysis of the bill Which solution is the MOST scalable and
cost-effective way to meet these requirements?
A. Enable Cost and Usage Reports in the master account. Deliver reports to Amazon Kinesis Use Amazon EMR tor
analysis.
B. Enable Cost and Usage Reports in the master account. Deliver the reports to Amazon S3 Use Amazon Athena for
analysis.
C. Enable Cost and Usage Reports for member accounts. Deliver the reports to Amazon S3 Use Amazon Redshift for
analysis.
D. Enable Cost and Usage Reports for member accounts. Deliver the reports to Amazon Kinesis Use Amazon
QuicKSight for analysis.
Correct Answer: B

 

QUESTION 5
A company that operates a web application on premises is preparing to launch a newer version of the application on
AWS. The company needs to route requests to either the AWS-hosted or the on-premiseshosted application based on
the URL query string. The on-premises application is not available from the internet, and a VPN connection is
established between Amazon VPC and the company\\’s data center. The company wants to use an Application Load
Balancer (ALB) for this launch.
Which solution meets these requirements?
A. Use two ALBs: one for on-premises and one for the AWS resource. Add hosts to each target group of each ALB.
Route with Amazon Route 53 based on the URL query string.
B. Use two ALBs: one for on-premises and one for the AWS resource. Add hosts to the target group of each ALB.
Create a software router on an EC2 instance based on the URL query string.
C. Use one ALB with two target groups: one for the AWS resource and one for on premises. Add hosts to each target
group of the ALB. Configure listener rules based on the URL query string.
D. Use one ALB with two AWS Auto Scaling groups: one for the AWS resource and one for on premises. Add hosts to
each Auto Scaling group. Route with Amazon Route 53 based on the URL query string.
Correct Answer: A

 

QUESTION 6
A company has a web application hosted over 10 Amazon CC2 instances with traffic directed by Amazon Route 53. The
company occasionally experiences a timeout error when attempting to browse the
application. The networking team finds that some DNS queries return IP addresses of unhealthy instances,
resulting in the timeout error
What should a solutions architect implement to overcome these timeout errors?
A. Create a Route 53 simple touting policy record lot each EC2 instance Associate a hearth check with each record
B. Create a Route 53 failover routing policy record for each EC2 instance Associate a health check with each record
C. Create an Amazon CloudFront distribution with EC? instances as its origin Associate a health check with the EC?
instances
D. Create an Application Load Balancer (ALB) with a health check in front of the EC2 instances Route to the ALB from
Route 53
Correct Answer: A

 

QUESTION 7
A solutions architect needs to allow developers to have SSH connectivity to web servers The requirements are as
follows
1.
Limit access to users originating from the corporate network.
2.
Web servers cannot have SSH access directly from the internet.
3.
Web servers reside in a private subnet.
Which combination of steps must the architect complete to meet these requirements? (Select TWO.)
A. Create a bastion host that authenticates users against the corporate directory
B. Create a bastion host with security group rules that only allow traffic from the corporate network.
C. Attach an 1AM role to the bastion host with relevant permissions
D. Configure the web servers\\’ security group to allow SSH traffic from a bastion host.
E. Deny all SSH traffic from the corporate network in the inbound network ACL.
Correct Answer: AE

 

QUESTION 8
A company has an on-premises volume backup solution that has reached its end of file. The company wants to use
AWS as part of a new backup solution and wants to maintain local access to at\\’ the data while is backed up on AWS.
The company wants to ensure that the data backed up on AWS. The company automatically and securely transferred.
Which solution meets these requirement?
A. Use AWS Snowball to migrate data out of the on-premises solution to Amazon S3. Configure on-premises systems to
mount the Snowball S3 endpoint to provide Weal access to the data
B. Use AWS Snowball Edge to migrate data out of the on-premises solution to Amazon S3. Use the Snowball Edge file
interface to provide on-premises system with local access to the data.
C. Use AWS Storage Gateway and configure a cached volume gateway Run the Storage Gateway software appliance
on premises and configure a percentage of data to cache locally. Mount the gateway storage volumes to provide local
access to the data.
D. Use AWS Storage Gateway and configure a stored volume gateway. Run the Storage Gateway software appliance
on premises and map the gateway storage volumes lo on-premises storage.Mount the gateway storage volumes lo
provide local access to the data.
Correct Answer: C

 

QUESTION 9
A company is relocating its data center and wants to securely transfer 50 TB of data to AWS within 2 weeks The
existing data center has a Site-to-Site VPN connection to AWS that is 90% utilized. Which AWS service should a
solutions architect use to meet these requirements?
A. AWS DataSync with a VPC endpoint
B. AWS Direct Connect
C. AWS Snowball Edge Storage Optimized
D. AWS Storage Gateway
Correct Answer: C

 

QUESTION 10
The DNS provider that hosts a company\\’s domain name records is experiencing outages that cause service disruption
for a website running on AWS The company needs to migrate to a more resilient managed DNS service and wants the
service to run on AWS. What should a solutions architect do to rapidly migrate the DNS hosting service?
A. Create an Amazon Route 53 public hosted zone for the domain name. Import the zone file containing the domain
records hosted by the previous provider.
B. Create an Amazon Route 53 private hosted zone for the domain name Import the zone file containing the domain
records hosted by the previous provider
C. Create a Simple AD directory in AWS. Enable zone transfer between the DNS provider and AWS Directory Service
for Microsoft Active Directory for the domain records.
D. Create an Amazon Route 53 Resolver inbound endpoint in the VPC Specify the IP addresses that the provider\\’s
DNS will forward DNS queries to Configure the provider\\’s DNS to forward DNS queries for the domain to the IP
addresses that are specified in the inbound endpoint.
Correct Answer: A

 

QUESTION 11
A company is using a centralized AWS account to store log data in various Amazon S3 buckets. A solutions architect
needs to ensure that the data is encrypted at rest before the data is uploaded to the S3 buckets. The data also must be
encrypted in transit.
Which solution meets these requirements?
A. Use client-side encryption to encrypt the data that is being uploaded to the S3 buckets.
B. Use server-side encryption to encrypt the data that is being uploaded to the S3 buckets.
C. Create bucket policies that require the use of server-side encryption with S3 managed encryption keys (SSE-S3) for
S3 uploads.
D. Enable the security option to encrypt the S3 buckets through the use of a default AWS Key Management Service
(AWS KMS) key.
Correct Answer: B
Reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingEncryption.html

 

QUESTION 12
A company purchased Amazon EC2 Partial Upfront Reserved Instances for a 1-year term. A solutions architect wants to
analyze how much the daily effective cost is with all possible discounts. Which view must the solutions architect choose
in the advanced options of Cost Explorer to get the correct values?
A. Show net amortized costs
B. Show net unblended costs
C. Show amortized costs
D. Show blended costs
Correct Answer: C

 

QUESTION 13
A solutions architect is designing a solution that requires frequent updates to a website that is hosted on Amazon S3
with versioning enabled. For compliance reasons, older versions of the objects will not be accessed frequently and will
need to be deleted after 2 years. What should the solutions architect recommend to meet these requirements at the
LOWEST cost?
A. Use S3 batch operations to replace object tags. Expire the objects based on the modified tags
B. Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier. Expire the objects after 2 years
C. Enable S3 Event Notifications on the bucket that sends older objects to the Amazon Simple Queue Service (Amazon
SQS) queue for further processing.
D. Replicate older object versions to a new bucket. Use an S3 Lifecycle policy to expire the objects In the new bucket
after 2 years
Correct Answer: B


Share the latest SAA-C02 exam pdf, SAA-C02 test questions and answers, and get complete SAA-C02 exam dumps. Lead4pass SAA-C02 Dumps.
Please visit: https://www.lead4pass.com/saa-c02.html (PDF + SOFTWARE) 100% guaranteed! Pass the exam easily!

ps. Get free Amazon SAA-C02 dumps PDF online: https://drive.google.com/file/d/1PyD7m-zQTZG3oxjjmpwdrA3Oklp-MdV1/