SAA-C02 : AWS Certified Solutions Architect – Associate SAA-C02 : Part 21
-
An online shopping application accesses an Amazon RDS Multi-AZ DB instance. Database performance is slowing down the application. After upgrading to the next-generation instance type, there was no significant performance improvement.
Analysis shows approximately 700 IOPS are sustained, common queries run for long durations and memory utilization is high.
Which application change should a solutions architect recommend to resolve these issues?
- Migrate the RDS instance to an Amazon Redshift cluster and enable weekly garbage collection.
- Separate the long-running queries into a new Multi-AZ RDS database and modify the application to query whichever database is needed.
- Deploy a two-node Amazon ElastiCache cluster and modify the application to query the cluster first and query the database only if needed.
- Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue for common queries and query it first and query the database only if needed.
-
A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year.
Which solution meets these requirements and is the MOST operationally efficient?
- Server-side encryption with customer-provided keys (SSE-C)
- Server-side encryption with Amazon S3 managed keys (SSE-S3)
- Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation
- Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automatic rotation
-
A company is preparing to migrate its on-premises application to AWS. The application consists of application servers and a Microsoft SQL Server database The database cannot be migrated to a different engine because SQL Server features are used in the application’s NET code. The company wants to attain the greatest availability possible while minimizing operational and management overhead.
What should a solutions architect do to accomplish this?
- Install SQL Server on Amazon EC2 in a Multi-AZ deployment.
- Migrate the data to Amazon RDS for SQL Server in a Multi-AZ deployment.
- Deploy the database on Amazon RDS for SQL Server with Multi-AZ Replicas.
- Migrate the data to Amazon RDS for SQL Server in a cross-Region Multi-AZ deployment.
-
A company has an application running on Amazon EC2 instances in a private subnet. The application needs to store and retrieve data in Amazon S3. To reduce costs, the company wants to configure its AWS resources in a cost-effective manner.
How should the company accomplish this?
- Deploy a NAT gateway to access the S3 buckets.
- Deploy AWS Storage Gateway to access the S3 buckets.
- Deploy an S3 gateway endpoint to access the S3 buckets.
- Deploy an S3 interface endpoint to access the S3 buckets.
-
A media company has an application that tracks user clicks on its websites and performs analytics to provide near-real time recommendations. The application has a Heel of Amazon EC2 instances that receive data from the websites and send the data to an Amazon RDS DB instance. Another fleet of EC2 instances hosts the portion of the application that is continuously checking changes in the database and executing SQL queries to provide recommendations. Management has requested a redesign to decouple the infrastructure. The solution must ensure that data analysts are writing SQL to analyze the data only No data can the lost during the deployment.
What should a solutions architect recommend?
- Use Amazon Kinesis Data Streams to capture the data from the websites Kinesis Data Firehose to persist the data on Amazon S3, and Amazon Athena to query the data.
- Use Amazon Kinesis Data Streams to capture the data from the websites. Kinesis Data Analytics to query the data, and Kinesis Data Firehose to persist the data on Amazon S3.
- Use Amazon Simple Queue Service (Amazon SQS) to capture the data from the websites, keep the fleet of EC2 instances, and change to a bigger instance type in the Auto Scaling group configuration.
- Use Amazon Simple Notification Service (Amazon SNS) to receive data from the websites and proxy the messages to AWS Lambda functions that execute the queries and persist the data. Change Amazon RDS to Amazon Aurora Serverless to persist the data.
-
A company runs an application that uses multiple Amazon EC2 instances to gather data from its users. The data is then processed and transferred to Amazon S3 for long-term storage. A review of the application shows that there were long periods of time when the EC2 instances were not being used. A solutions architect needs to design a solution that optimizes utilization and reduces costs.
Which solution meets these requirements?
- Use Amazon EC2 in an Auto Scaling group with On-Demand instances.
- Build the application to use Amazon Lightsail with On-Demand Instances.
- Create an Amazon CloudWatch cron job to automatically stop the EC2 instances when there is no activity.
- Redesign the application to use an event-driven design with Amazon Simple Queue Service (Amazon SQS) and AWS Lambda.
-
A company is using Site-to-Site VPN connections for secure connectivity to its AWS Cloud resources from on premises. Due to an increase in traffic across the VPN connections to the Amazon EC2 instances, users are experiencing slower VPN connectivity.
Which solution will improve the VPN throughput?
- Implement multiple customer gateways for the same network to scale the throughput.
- Use a transit gateway with equal cost multipath routing and add additional VPN tunnels.
- Configure a virtual private gateway with equal cost multipath routing and multiple channels.
- Increase the number of tunnels in the VPN configuration to scale the throughput beyond the default limit.
-
A company has a mobile game that reads most of its metadata from an Amazon RDS DB instance. As the game increased in popularity developers noticed slowdowns related to the game’s metadata load times. Performance metrics indicate that simply scaling the database will not help. A solutions architect must explore all options that include capabilities for snapshots replication and sub-millisecond response times.
What should the solutions architect recommend to solve these issues?
- Migrate the database to Amazon Aurora with Aurora Replicas.
- Migrate the database to Amazon DyramoDB with global tables.
- Add an Amazon ElastiCache for Redis layer in front of the database.
- Add an Amazon ElastiCache for Memcached layer in front of the database.
-
A company has several Amazon EC2 instances set up in a private subnet for security reasons. These instances host applications that read and write large amounts of data to and from Amazon S3 regularly. Currently, subnet routing directs all the traffic destined for the internet through a NAT gateway. The company wants to optimize the overall cost without impacting the ability of the application to communicate with Amazon S3 or the outside internet.
What should a solutions architect do to optimize costs?
- Create an additional NAT gateway. Update the route table to route to the NAT gateway. Update the network ACL to allow S3 traffic.
- Create an internet gateway. Update the route table to route traffic to the internet gateway. Update the network ACL to allow S3 traffic.
- Create a VPC endpoint for Amazon S3. Attach an endpoint policy to the endpoint. Update the route table to direct traffic to the VPC endpoint.
- Create an AWS Lambda function outside of the VPC to handle S3 requests. Attach an IAM policy to the EC2 instances, allowing them to invoke the Lambda function.
-
A company is deploying an application in three AWS Regions using an Application Load Balancer Amazon Route 53 will be used to distribute traffic between these Regions.
Which Route 53 configuration should a solutions architect use to provide the MOST high-performing experience?
- Create an A record with a latency policy.
- Create an A record with a geolocation policy.
- Create a CNAME record with a failover policy.
- Create a CNAME record with a geoproximity policy.
-
A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3. These files are encrypted using AWS Key Management Service Customer Master Keys (AWS KMS CMKs). A solutions architect needs to design a solution that will ensure the required permissions are set correctly.
Which combination of actions accomplish this? (Choose two.)
- Attach the kms:decrypt permission to the Lambda function’s resource policy.
- Grant the decrypt permission for the Lambda IAM role in the KMS key’s policy.
- Grant the decrypt permission for the Lambda resource policy in the KMS key’s policy.
- Create a new IAM policy with the kms:decrypt permission and attach the policy to the Lambda function.
- Create a new IAM role with the kms:decrypt permission and attach the execution role to the Lambda function.
-
A company is migrating a Linux-based web server group to AWS. The web servers must access files in a shared file store for some content. To meet the migration date, minimal changes can be made.
What should a solutions architect do to meet these requirements?ឮ
- Create an Amazon S3 Standard bucket with access to the web server.
- Configure an Amazon CloudFront distribution with an Amazon S3 bucket as the origin.
- Create an Amazon Elastic File System (Amazon EFS) volume and mount it on all web servers.
- Configure Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS SSD (io1) volumes and mount them on all web servers.
-
A company that operates a web application on premises is preparing to launch a newer version of the application on AWS. The company needs to route requests to either the AWS-hosted or the on-premises-hosted application based on the URL query string. The on-premises application is not available from the internet, and a VPN connection is established between Amazon VPC and the company’s data center. The company wants to use an Application Load Balancer (ALB) for this launch.
Which solution meets these requirements?
- Use two ALBs: one for on-premises and one for the AWS resource. Add hosts to each target group of each ALB. Route with Amazon Route 53 based on the URL query string.
- Use two ALBs: one for on-premises and one for the AWS resource. Add hosts to the target group of each ALB. Create a software router on an EC2 instance based on the URL query string.
- Use one ALB with two target groups: one for the AWS resource and one for on premises. Add hosts to each target group of the ALB. Configure listener rules based on the URL query string.
- Use one ALB with two AWS Auto Scaling groups: one for the AWS resource and one for on premises. Add hosts to each Auto Scaling group. Route with Amazon Route 53 based on the URL query string.
-
A solutions architect is developing a multiple-subnet VPC architecture. The solution will consist of six subnets in two Availability Zones. The subnets are defined as public, private and dedicated for databases. Only the Amazon EC2 instances running in the private subnets should be able to access a database.
Which solution meets these requirements?
- Create a now route table that excludes the route to the public subnets’ CIDR blocks. Associate the route table to the database subnets.
- Create a security group that denies ingress from the security group used by instances in the public subnets. Attach the security group to an Amazon RDS DB instance.
- Create a security group that allows ingress from the security group used by instances in the private subnets. Attach the security group to an Amazon RDS DB instance.
- Create a new peering connection between the public subnets and the private subnets. Create a different peering connection between the private subnets and the database subnets.
-
A disaster response team is using drones to collect images of recent storm damage. The response team’s laptops lack the storage and compute capacity to transfer the images and process the data. While the team has Amazon EC2 instances for processing and Amazon S3 buckets for storage, network connectivity is intermittent and unreliable. The images need to be processed to evaluate the damage.
What should a solutions architect recommend?
- Use AWS Snowball Edge devices to process and store the images.
- Upload the images to Amazon Simple Queue Service (Amazon SQS) during intermittent connectivity to EC2 instances.
- Configure Amazon Kinesis Data Firehose to create multiple delivery streams aimed separately at the S3 buckets for storage and the EC2 instances for processing the images.
- Use AWS Storage Gateway pre-installed on a hardware appliance to cache the images locally for Amazon S3 to process the images when connectivity becomes available.
-
A company has a multi-tier application deployed on several Amazon EC2 instances in an Auto Scaling group. An Amazon RDS for Oracle instance is the application’s data layer that uses Oracle-specific PL/SQL functions. Traffic to the application has been steadily increasing. This is causing the EC2 instances to become overloaded and the RDS instance to run out of storage. The Auto Scaling group does not have any scaling metrics and defines the minimum healthy instance count only. The company predicts that traffic will continue to increase at a steady but unpredictable rate before leveling off.
What should a solutions architect do to ensure the system can automatically scale for the increased traffic? (Choose two.)
- Configure storage Auto Scaling on the RDS for Oracle instance.
- Migrate the database to Amazon Aurora to use Auto Scaling storage.
- Configure an alarm on the RDS for Oracle instance for low free storage space.
- Configure the Auto Scaling group to use the average CPU as the scaling metric.
- Configure the Auto Scaling group to use the average free memory as the scaling metric.
-
An engineering team is developing and deploying AWS Lambda functions. The team needs to create roles and manage policies in AWS IAM to configure the permissions of the Lambda functions.
How should the permissions for the team be configured so they also adhere to the concept of least privilege?
- Create an IAM role with a managed policy attached. Allow the engineering team and the Lambda functions to assume this role.
- Create an IAM group for the engineering team with an IAMFullAccess policy attached. Add all the users from the team to this IAM group.
- Create an execution role for the Lambda functions. Attach a managed policy that has permission boundaries specific to these Lambda functions.
- Create an IAM role with a managed policy attached that has permission boundaries specific to the Lambda functions. Allow the engineering team to assume this role.
-
A company maintains a searchable repository of items on its website. The data is stored in an Amazon RDS for MySQL database table that contains over 10 million rows. The database has 2 TB of General Purpose SSD (gp2) storage. There are millions of updates against this data every day through the company’s website. The company has noticed some operations are taking 10 seconds or longer and has determined that the database storage performance is the bottleneck.
Which solution addresses the performance issue?
- Change the storage type to Provisioned IOPS SSD (io1).
- Change the instance to a memory-optimized instance class.
- Change the instance to a burstable performance DB instance class.
- Enable Multi-AZ RDS read replicas with MySQL native asynchronous replication.
-
A company has an Amazon S3 bucket that contains mission-critical data. The company wants to ensure this data is protected from accidental deletion. The data should still be accessible, and a user should be able to delete the data intentionally.
Which combination of steps should a solutions architect take to accomplish this? (Choose two.)
- Enable versioning on the S3 bucket.
- Enable MFA Delete on the S3 bucket.
- Create a bucket policy on the S3 bucket.
- Enable default encryption on the S3 bucket.
- Create a lifecycle policy for the objects in the S3 bucket.
-
A company has an on-premises business application that generates hundreds of files each day. These files are stored on an SMB file share and require a low-latency connection to the application servers. A new company policy states all application-generated files must be copied to AWS. There is already a VPN connection to AWS.
The application development team does not have time to make the necessary code modifications to move the application to AWS.
Which service should a solutions architect recommend to allow the application to copy files to AWS?
- Amazon Elastic File System (Amazon EFS)
- Amazon FSx for Windows File Server
- AWS Snowball
- AWS Storage Gateway
Subscribe
0 Comments
Newest