Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

EXAM SAA-C02 > saa-c02-part-02 > Flashcards

saa-c02-part-02 Flashcards

1
Q

A company’s web application uses an Amazon RDS PostgreSQL DB instance to store its application data. During the financial closing period at the start of every month, Accountants run large queries that impact the database’s performance due to high usage. The company wants to minimize the impact that the reporting activity has on the web application.

What should a solutions architect do to reduce the impact on the database with the LEAST amount of effort?

  1. Create a read replica and direct reporting traffic to the replica.
  2. Create a Multi-AZ database and direct reporting traffic to the standby.
  3. Create a cross-Region read replica and direct reporting traffic to the replica.
  4. Create an Amazon Redshift database and direct reporting traffic to the Amazon Redshift database.
A
  1. Create a read replica and direct reporting traffic to the replica.

queries = performance = read replicas

LEAST amount of effort = read replica

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company wants to migrate a high performance computing (HPC) application and data from on-premises to the AWS Cloud. The company uses tiered storage on premises with hot high-performance parallel storage to support the application during periodic runs of the application, and more economical cold storage to hold the data when the application is not actively running.

Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Choose two.)

  1. Amazon S3 for cold data storage
  2. Amazon Elastic File System (Amazon EFS) for cold data storage
  3. Amazon S3 for high-performance parallel storage
  4. Amazon FSx for Lustre for high-performance parallel storage
  5. Amazon FSx for Windows for high-performance parallel storage
A

1 Amazon S3 for cold data storage

  1. Amazon FSx for Lustre for high-performance parallel storage

economical cold storage = S3

high-performance parallel storage = FSx for Lustre

high performance computing (HPC) = FSx for Lustre

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company’s application is running on Amazon EC2 instances in a single Region. In the event of a disaster, a solutions architect needs to ensure that the resources can also be deployed to a second Region.

Which combination of actions should the solutions architect take to accomplish this? (Choose two.)

  1. Detach a volume on an EC2 instance and copy it to Amazon S3.
  2. Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region.
  3. Launch a new EC2 instance in a new Region and copy a volume from Amazon S3 to the new instance.
  4. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination.
  5. Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the destination Region using that EBS volume.
A
  1. Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region.
  2. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination.

Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region.

second region = AMI Copy

Copy an Amazon Elastic Block Store = not synchronized = not answer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not traverse the internet.

What should the solutions architect do to accomplish this? (Choose two.)

  1. Create a route table entry for the endpoint.
  2. Create a gateway endpoint for DynamoDB.
  3. Create a new DynamoDB table that uses the endpoint.
  4. Create an ENI for the endpoint in each of the subnets of the VPC.
  5. Create a security group entry in the default security group to provide access.
A
  1. Create a route table entry for the endpoint.
  2. Create a gateway endpoint for DynamoDB.

API calls to Amazon DynamoDB = endpoint + DynamoDB = Gateway endpoint

Gateway endpoint = target for a route in your route table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company’s legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption. Due to new compliance requirements, all existing and new data in this database must be encrypted.

How should this be accomplished?

  1. Create an Amazon S3 bucket with server-side encryption enabled. Move all the data to Amazon S3. Delete the RDS instance.
  2. Enable RDS Multi-AZ mode with encryption at rest enabled. Perform a failover to the standby instance to delete the original instance.
  3. Take a Snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.
  4. Create an RDS read replica with encryption at rest enabled. Promote the read replica to master and switch the application over to the new master. Delete the old RDS instance.
A
  1. Take a Snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.

unencryptred to encrypted = start with snapshot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A manufacturing company wants to implement predictive maintenance on its machinery equipment. The company will install thousands of IoT sensors that will send data to AWS in real time. A solutions architect is tasked with implementing a solution that will receive events in an ordered manner for each machinery asset and ensure that data is saved for further processing at a later time.
Which solution would be MOST efficient?

  1. Use Amazon Kinesis Data Streams for real-time events with a partition for each equipment asset. Use Amazon Kinesis Data Firehose to save data to Amazon S3.
  2. Use Amazon Kinesis Data Streams for real-time events with a shard for each equipment asset. Use Amazon Kinesis Data Firehose to save data to Amazon Elastic Block Store (Amazon EBS).
  3. Use an Amazon SQS FIFO queue for real-time events with one queue for each equipment asset. Trigger an AWS Lambda function for the SQS queue to save data to Amazon Elastic File System (Amazon EFS).
  4. Use an Amazon SQS standard queue for real-time events with one queue for each equipment asset. Trigger an AWS Lambda function from the SQS queue to save data to Amazon S3.
A

1 Use Amazon Kinesis Data Streams for real-time events with a partition for each equipment asset. Use Amazon Kinesis Data Firehose to save data to Amazon S3.

real time = Kinesis

data is saved for further processing at a later time = S3

SQS = not real time

shard for each equipment asset = not efficient

https://docs.aws.amazon.com/iot/latest/developerguide/aws-iot-how-it-works.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company’s website runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The website has a mix of dynamic and static content. Users around the globe are reporting that the website is slow.

Which set of actions will improve website performance for users worldwide?

  1. Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution.
  2. Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB.
  3. Launch new EC2 instances hosting the same web application in different Regions closer to the users. Then register instances with the same ALB using cross-Region VPC peering.
  4. Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances. Then update an Amazon Route 53 record to point to the S3 buckets.
A
  1. Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution.

around the globe + website slow = caching needed = CloudFront

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company has been storing analytics data in an Amazon RDS instance for the past few years. The company asked a solutions architect to find a solution that allows users to access this data using an API. The expectation is that the application will experience periods of inactivity but could receive bursts of traffic within seconds.

Which solution should the solutions architect suggest?

  1. Set up an Amazon API Gateway and use Amazon ECS.
  2. Set up an Amazon API Gateway and use AWS Elastic Beanstalk.
  3. Set up an Amazon API Gateway and use AWS Lambda functions.
  4. Set up an Amazon API Gateway and use Amazon EC2 with Auto Scaling.
A
  1. Set up an Amazon API Gateway and use AWS Lambda functions.

experience periods of inactivity but could receive bursts of traffic within seconds = unpredictable = lambda

RDS instance = any type of application or backend service = Lambda

access this data using an API = API Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A company must generate sales reports at the beginning of every month. The reporting process launches 20 Amazon EC2 instances on the first of the month. The process runs for 7 days and cannot be interrupted. The company wants to minimize costs.

Which pricing model should the company choose?

  1. Reserved Instances
  2. Spot Block Instances
  3. On-Demand Instances
  4. Scheduled Reserved Instances
A
  1. On-Demand Instances

beginning of every month = reserve capacity = On-Demand Capacity Reservations

Scheduled Reserved Instances = dont exist anymore

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-scheduled-instances.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A gaming company has multiple Amazon EC2 instances in a single Availability Zone for its multiplayer game that communicates with users on Layer 4. The chief technology officer (CTO) wants to make the architecture highly available and cost-effective.

What should a solutions architect do to meet these requirements? (Choose two.)

  1. Increase the number of EC2 instances.
  2. Decrease the number of EC2 instances.
  3. Configure a Network Load Balancer in front of the EC2 instances.
  4. Configure an Application Load Balancer in front of the EC2 instances.
  5. Configure an Auto Scaling group to add or remove instances in multiple Availability Zones automatically.
A
  1. Configure a Network Load Balancer in front of the EC2 instances.
  2. Configure an Auto Scaling group to add or remove instances in multiple Availability Zones automatically.

multiplayer game = high throughput needed = NLB

Layer 4 = NLB

highly available = Auto Scaling group + multiple Availability Zones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A company currently operates a web application backed by an Amazon RDS MySQL database. It has automated backups that are run daily and are not encrypted. A security audit requires future backups to be encrypted and the unencrypted backups to be destroyed. The company will make at least one encrypted backup before destroying the old backups.

What should be done to enable encryption for future backups?

  1. Enable default encryption for the Amazon S3 bucket where backups are stored.
  2. Modify the backup section of the database configuration to toggle the Enable encryption check box.
  3. Create a snapshot of the database. Copy it to an encrypted snapshot. Restore the database from the encrypted snapshot.
  4. Enable an encrypted read replica on RDS for MySQL. Promote the encrypted read replica to primary. Remove the original database instance.
A
  1. Create a snapshot of the database. Copy it to an encrypted snapshot. Restore the database from the encrypted snapshot.

unencrypted db to encrypted = snapshot first

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company is hosting a website behind multiple Application Load Balancers. The company has different distribution rights for its content around the world. A solutions architect needs to ensure that users are served the correct content without violating distribution rights.

Which configuration should the solutions architect choose to meet these requirements?

  1. Configure Amazon CloudFront with AWS WAF.
  2. Configure Application Load Balancers with AWS WAF.
  3. Configure Amazon Route 53 with a geolocation policy.
  4. Configure Amazon Route 53 with a geoproximity routing policy.
A
  1. Configure Amazon Route 53 with a geolocation policy

users are served the correct content by location = Route 53 with a geolocation policy

no performance or port restrictions mentioned so its not CloudFront

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A solutions architect has created a new AWS account and must secure AWS account root user access.
Which combination of actions will accomplish this? (Choose two.)

  1. Ensure the root user uses a strong password.
  2. Enable multi-factor authentication to the root user.
  3. Store root user access keys in an encrypted Amazon S3 bucket.
  4. Add the root user to a group containing administrative permissions.
  5. Apply the required permissions to the root user with an inline policy document.
A
  1. Ensure the root user uses a strong password.
  2. Enable multi-factor authentication to the root user.

secure AWS account root user access = multi-factor authentication

https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A solutions architect at an ecommerce company wants to back up application log data to Amazon S3. The solutions architect is unsure how frequently the logs will be accessed or which logs will be accessed the most. The company wants to keep costs as low as possible by using the appropriate S3 storage class.

Which S3 storage class should be implemented to meet these requirements?

  1. S3 Glacier
  2. S3 Intelligent-Tiering
  3. S3 Standard-Infrequent Access (S3 Standard-IA)
  4. S3 One Zone-Infrequent Access (S3 One Zone-IA)
A
  1. S3 Intelligent-Tiering

unsure = unpredictable = intelligent-tiering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A company’s website is used to sell products to the public. The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). There is also an Amazon CloudFront distribution, and AWS WAF is being used to protect against SQL injection attacks. The ALB is the origin for the CloudFront distribution. A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website.

What should a solutions architect do to protect the application?

  1. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address.
  2. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address.
  3. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
  4. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
A
  1. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address.

IP that needs to be blocked = WAF IP match condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A solutions architect is designing an application for a two-step order process. The first step is synchronous and must return to the user with little latency. The second step takes longer, so it will be implemented in a separate component. Orders must be processed exactly once and in the order in which they are received.
How should the solutions architect integrate these components?

  1. Use Amazon SQS FIFO queues.
  2. Use an AWS Lambda function along with Amazon SQS standard queues.
  3. Create an SNS topic and subscribe an Amazon SQS FIFO queue to that topic.
  4. Create an SNS topic and subscribe an Amazon SQS Standard queue to that topic.
A
  1. Create an SNS topic and subscribe an Amazon SQS FIFO queue to that topic.

in the order = SQS FIFO

second step implemented in a separate component = fanout= SNS topic

17
Q

A web application is deployed in the AWS Cloud. It consists of a two-tier architecture that includes a web layer and a database layer. The web server is vulnerable to cross-site scripting (XSS) attacks.

What should a solutions architect do to remediate the vulnerability?

  1. Create a Classic Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
  2. Create a Network Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
  3. Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
  4. Create an Application Load Balancer. Put the web layer behind the load balancer and use AWS Shield Standard.
A
  1. Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.

cross-site scripting (XSS) protection = WAF = tightly integrated with Application Load Balancer (ALB)

https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-xss-conditions.html https://aws.amazon.com/elasticloadbalancing/features/

18
Q

A company’s website is using an Amazon RDS MySQL Multi-AZ DB instance for its transactional data storage. There are other internal systems that query this DB instance to fetch data for internal batch processing. The RDS DB instance slows down significantly when the internal systems fetch data. This impacts the website’s read and write performance, and the users experience slow response times.

Which solution will improve the website’s performance?

  1. Use an RDS PostgreSQL DB instance instead of a MySQL database.
  2. Use Amazon ElastiCache to cache the query responses for the website.
  3. Add an additional Availability Zone to the current RDS MySQL Multi-AZ DB instance.
  4. Add a read replica to the RDS DB instance and configure the internal systems to query the read replica.
A
  1. Add a read replica to the RDS DB instance and configure the internal systems to query the read replica.

query = read performance = read replicas

19
Q

An application runs on Amazon EC2 instances across multiple Availability Zones. The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer. The application performs best when the ok of the EC2 instances is at or near 40%.

What should a solutions architect do to maintain the desired performance across all instances in the group?

  1. Use a simple scaling policy to dynamically scale the Auto Scaling group.
  2. Use a target tracking policy to dynamically scale the Auto Scaling group.
  3. Use an AWS Lambda function to update the desired Auto Scaling group capacity.
  4. Use scheduled scaling actions to scale up and scale down the Auto Scaling group.
A
  1. Use a target tracking policy to dynamically scale the Auto Scaling group.

at or near 40% = scaling metric and target value = target tracking policy

20
Q

A company runs an internal browser-based application. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales up to 20 instances during work hours, but scales down to 2 instances overnight. Staff are complaining that the application is very slow when the day begins, although it runs well by mid-morning.
How should the scaling be changed to address the staff complaints and keep costs to a minimum?

  1. Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens.
  2. Implement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period.
  3. Implement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period.
  4. Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens.
A
  1. Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens.

group scales up to 20 instances during work hours but very slow when the day begins = need scheduled scaling sooner

desired capacity to 20 = still allows scale in

https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html

EXAM SAA-C02 (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions