EXAM SAA-C02 > saa-c02-part-04 > Flashcards

saa-c02-part-04 Flashcards

(20 cards)

Study These Flashcards
1
Q

A company has a multi-tier application that runs six front-end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer (ALB). A solutions architect needs to modify the infrastructure to be highly available without modifying the application.

Which architecture should the solutions architect choose that provides high availability?

  1. Create an Auto Scaling group that uses three instances across each of two Regions.
  2. Modify the Auto Scaling group to use three instances across each of two Availability Zones.
  3. Create an Auto Scaling template that can be used to quickly create more instances in another Region.
  4. Change the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier.
A
  1. Modify the Auto Scaling group to use three instances across each of two Availability Zones

highly available = 2 AZ

6/2 = three

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company runs an application on a group of Amazon Linux EC2 instances. For compliance reasons, the company must retain all application log files for 7 years. The log files will be analyzed by a reporting tool that must access all files concurrently.

Which storage solution meets these requirements MOST cost-effectively?

  1. Amazon Elastic Block Store (Amazon EBS)
  2. Amazon Elastic File System (Amazon EFS)
  3. Amazon EC2 instance store
  4. Amazon S3
A
  1. Amazon S3
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A media streaming company collects real-time data and stores it in a disk-optimized database system. The company is not getting the expected throughput and wants an in-memory database storage solution that performs faster and provides high availability using data replication.

Which database should a solutions architect recommend?

  1. Amazon RDS for MySQL
  2. Amazon RDS for PostgreSQL.
  3. Amazon ElastiCache for Redis
  4. Amazon ElastiCache for Memcached
A

in-memory DB = ElastiCache for Redis (non-relational)

HA = redis

replication = redis

memcached = not HA

https://aws.amazon.com/elasticache/redis-vs-memcached/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A company hosts its product information webpages on AWS. The existing solution uses multiple Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. The website also uses a custom DNS name and communicates with HTTPS only using a dedicated SSL certificate. The company is planning a new product launch and wants to be sure that users from around the world have the best possible experience on the new website.

What should a solutions architect do to meet these requirements?

  1. Redesign the application to use Amazon CloudFront.
  2. Redesign the application to use AWS Elastic Beanstalk.
  3. Redesign the application to use a Network Load Balancer.
  4. Redesign the application to use Amazon S3 static website hosting.
A
  1. Redesign the application to use Amazon CloudFront.

users from around the world = edge caching = CloudFront

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of jobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely coupled and the job items are durably stored.

Which design should the solutions architect use?

  1. Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch configuration that uses the AMI. Create an Auto Scaling group using the launch configuration. Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage.
  2. Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch configuration that uses the AMI. Create an Auto Scaling group using the launch configuration. Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage.
  3. Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue.
  4. Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic.
A
  1. Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue.

loosely coupled = SQS queue needed

launch templates are better than launch configurations because they support versioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis. An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.
Which action will MOST securely grant the EC2 instance access to the S3 bucket?

  1. Attach a resource-based policy to the S3 bucket.
  2. Create an IAM user for the application with specific permissions to the S3 bucket.
  3. Associate an IAM role with least privilege permissions to the EC2 instance profile.
  4. Store AWS credentials directly on the EC2 instance for applications on the instance to use for API calls.
A
  1. Associate an IAM role with least privilege permissions to the EC2 instance profile.

instance needs permission = IAM role (always look for “role” answers)

least privilege

https://aws.amazon.com/ko/premiumsupport/knowledge-center/ec2-instance-access-s3-bucket/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company has on-premises servers running a relational database. The current database serves high read traffic for users in different locations. The company wants to migrate to AWS with the least amount of effort. The database solution should support disaster recovery and not affect the company’s current traffic flow.
Which solution meets these requirements?

  1. Use a database in Amazon RDS with Multi-AZ and at least one read replica.
  2. Use a database in Amazon RDS with Multi-AZ and at least one standby replica.
  3. Use databases hosted on multiple Amazon EC2 instances in different AWS Regions.
  4. Use databases hosted on Amazon EC2 instances behind an Application Load Balancer in different Availability Zones.
A
  1. Use a database in Amazon RDS with Multi-AZ and at least one read replica.

relational database = RDS

high read traffic = read replicas

disaster recovery = Multi-AZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company’s application is running on Amazon EC2 instances within an Auto Scaling group behind an Elastic Load Balancer. Based on the application’s history the company anticipates a spike in traffic during a holiday each year. A solutions architect must design a strategy to ensure that the Auto Scaling group proactively increases capacity to minimize any performance impact on application users.
Which solution will meet these requirements?

  1. Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization exceeds 90%.
  2. Create a recurring scheduled action to scale up the Auto Scaling group before the expected period of peak demand.
  3. Increase the minimum and maximum number of EC2 instances in the Auto Scaling group during the peak demand period.
  4. Configure an Amazon Simple Notification Service (Amazon SNS) notification to send alerts when there are autoscaling EC2_INSTANCE_LAUNCH events.
A
  1. Create a recurring scheduled action to scale up the Auto Scaling group before the expected period of peak demand.

during a holiday each year = predictable = scheduled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A company hosts an application on multiple Amazon EC2 instances. The application processes messages from an Amazon SQS queue, writes for an Amazon RDS table, and deletes the message from the queue. Occasional duplicate records are found in the RDS table. The SQS queue does not contain any duplicate messages.

What should a solutions architect do to ensure messages are being processed once only?

  1. Use the CreateQueue API call to create a new queue.
  2. Use the AddPermission API call to add appropriate permissions.
  3. Use the ReceiveMessage API call to set an appropriate wait time.
  4. Use the ChangeMessageVisibility API call to increase the visibility timeout.
A
  1. Use the ChangeMessageVisibility API call to increase the visibility timeout.

duplicate records = multiple subscribers see the message = visibility timeout (not long enough for processing)

The problem here is multiple EC2 instances are picking up the SAME message, processing them, and writing the results into RDS - This is caused by the visibility timeout being shorter than the processing time, resulting in timeout expiring BEFORE the EC2 instances can finish processing and DELETE the message from the queue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An Amazon EC2 administrator created the following policy associated with an IAM group containing several users:

What is the effect of this policy?

  1. Users can terminate an EC2 instance in any AWS Region except us-east-1.
  2. Users can terminate an EC2 instance with the IP address 10.100.100.1 in the us-east-1 Region.
  3. Users can terminate an EC2 instance in the us-east-1 Region when the user’s source IP is 10.100.100.254.
  4. Users cannot terminate an EC2 instance in the us-east-1 Region when the user’s source IP is 10.100.100.254.
A
  1. Users can terminate an EC2 instance in the us-east-1 Region when the user’s source IP is 10.100.100.254.

1 is wrong because the deny

2 is wrong because the allow is for source IP not instance IP

4 is wrong because the words cannot terminate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A solutions architect is optimizing a website for an upcoming musical event. Videos of the performances will be streamed in real time and then will be available on demand. The event is expected to attract a global online audience.
Which service will improve the performance of both the real-time and on-demand steaming?

  1. Amazon CloudFront
  2. AWS Global Accelerator
  3. Amazon Route S3
  4. Amazon S3 Transfer Acceleration
A
  1. Amazon CloudFront

Global online audience = performance + caching = CloudFront

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company has a three-tier image-sharing application. It uses an Amazon EC2 instance for the front-end layer, another for the backend tier, and a third for the MySQL database. A solutions architect has been tasked with designing a solution that is highly available, and requires the least amount of changes to the application
Which solution meets these requirements?

  1. Use Amazon S3 to host the front-end layer and AWS Lambda functions for the backend layer. Move the database to an Amazon DynamoDB table and use Amazon S3 to store and serve users’ images.
  2. Use load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end and backend layers. Move the database to an Amazon RDS instance with multiple read replicas to store and serve users’ images.
  3. Use Amazon S3 to host the front-end layer and a fleet of Amazon EC2 instances in an Auto Scaling group for the backend layer. Move the database to a memory optimized instance type to store and serve users’ images.
  4. Use load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end and backend layers. Move the database to an Amazon RDS instance with a Multi-AZ deployment. Use Amazon S3 to store and serve users’ images.
A
  1. Use load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end and backend layers. Move the database to an Amazon RDS instance with a Multi-AZ deployment. Use Amazon S3 to store and serve users’ images.

MySQL = RDS = 1 DynamoDB invalid

3 Move the database to a memory optimized instance = a lot of changes = invalid

only 2 and 4 left, highly available = RDS instance with a Multi-AZ and 4 wins

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A solutions architect is designing a system to analyze the performance of financial markets while the markets are closed. The system will run a series of compute-intensive jobs for 4 hours every night. The time to complete the compute jobs is expected to remain constant, and jobs cannot be interrupted once started. Once completed, the system is expected to run for a minimum of 1 year.
Which type of Amazon EC2 instances should be used to reduce the cost of the system?

  1. Spot Instances
  2. On-Demand Instances
  3. Standard Reserved Instances
  4. Scheduled Reserved Instances
A
  1. Scheduled Reserved Instances

4 hours every night = scheduled

Scheduled Reserved Instances (Scheduled Instances) enable you to purchase capacity reservations that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year term

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-scheduled-instances.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A company built a food ordering application that captures user data and stores it for future analysis. The application’s static front end is deployed on an Amazon EC2 instance. The front-end application sends the requests to the backend application running on separate EC2 instance. The backend application then stores the data in Amazon RDS.
What should a solutions architect do to decouple the architecture and make it scalable?

  1. Use Amazon S3 to serve the front-end application, which sends requests to Amazon EC2 to execute the backend application. The backend application will process and store the data in Amazon RDS.
  2. Use Amazon S3 to serve the front-end application and write requests to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe Amazon EC2 instances to the HTTP/HTTPS endpoint of the topic, and process and store the data in Amazon RDS.
  3. Use an EC2 instance to serve the front end and write requests to an Amazon SQS queue. Place the backend instance in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.
  4. Use Amazon S3 to serve the static front-end application and send requests to Amazon API Gateway, which writes the requests to an Amazon SQS queue. Place the backend instances in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.
A
  1. Use Amazon S3 to serve the static front-end application and send requests to Amazon API Gateway, which writes the requests to an Amazon SQS queue. Place the backend instances in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.

static front end = S3 = 1,2,4

decouple = SQS = 2,4

scalable = ASG = 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A solutions architect needs to design a managed storage solution for a company’s application that includes high-performance machine learning. This application runs on AWS Fargate, and the connected storage needs to have concurrent access to files and deliver high performance.
Which storage option should the solutions architect recommend?

  1. Create an Amazon S3 bucket for the application and establish an IAM role for Fargate to communicate with Amazon S3.
  2. Create an Amazon FSx for Lustre file share and establish an IAM role that allows Fargate to communicate with FSx for Lustre.
  3. Create an Amazon Elastic File System (Amazon EFS) file share and establish an IAM role that allows Fargate to communicate with Amazon Elastic File System (Amazon EFS).
  4. Create an Amazon Elastic Block Store (Amazon EBS) volume for the application and establish an IAM role that allows Fargate to communicate with Amazon Elastic Block Store (Amazon EBS).
A
  1. Create an Amazon Elastic File System (Amazon EFS) file share and establish an IAM role that allows Fargate to communicate with Amazon Elastic File System (Amazon EFS).

AWS Fargate = doesnt work with Lustre (https://docs.aws.amazon.com/fsx/latest/LustreGuide/mounting-ecs.html)

machine learning + high-performance + concurrent access = EFS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours. The company wants to use these data points in its existing analytics platform. A solutions architect must determine the most viable multi-tier option to support this architecture. The data points must be accessible from the REST API.
Which action meets these requirements for storing and retrieving location data?

  1. Use Amazon Athena with Amazon S3.
  2. Use Amazon API Gateway with AWS Lambda.
  3. Use Amazon QuickSight with Amazon Redshift.
  4. Use Amazon API Gateway with Amazon Kinesis Data Analytics.
Study These Flashcards
A
  1. Use Amazon API Gateway with Amazon Kinesis Data Analytics.

accessible from the REST API = API Gateway

analytics = Kinesis Data Analytics

17
Q

A solutions architect is designing a web application that will run on Amazon EC2 instances behind an Application Load Balancer (ALB). The company strictly requires that the application be resilient against malicious internet activity and attacks, and protect against new common vulnerabilities and exposures.
What should the solutions architect recommend?

  1. Leverage Amazon CloudFront with the ALB endpoint as the origin.
  2. Deploy an appropriate managed rule for AWS WAF and associate it with the ALB.
  3. Subscribe to AWS Shield Advanced and ensure common vulnerabilities and exposures are blocked.
  4. Configure network ACLs and security groups to allow only ports 80 and 443 to access the EC2 instances.
Study These Flashcards
A
  1. Subscribe to AWS Shield Advanced and ensure common vulnerabilities and exposures are blocked.

and protect against new common vulnerabilities and exposures = Shield Advanced

Application Load Balancer (ALB) = Layer 7 = Shield Advanced

18
Q

A company has an application that calls AWS Lambda functions. A code review shows that database credentials are stored in a Lambda function’s source code, which violates the company’s security policy. The credentials must be securely stored and must be automatically rotated on an ongoing basis to meet security policy requirements.

What should a solutions architect recommend to meet these requirements in the MOST secure manner?

  1. Store the password in AWS CloudHSM. Associate the Lambda function with a role that can use the key ID to retrieve the password from CloudHSM. Use CloudHSM to automatically rotate the password.
  2. Store the password in AWS Secrets Manager. Associate the Lambda function with a role that can use the secret ID to retrieve the password from Secrets Manager. Use Secrets Manager to automatically rotate the password.
  3. Store the password in AWS Key Management Service (AWS KMS). Associate the Lambda function with a role that can use the key ID to retrieve the password from AWS KMS. Use AWS KMS to automatically rotate the uploaded password.
  4. Move the database password to an environment variable that is associated with the Lambda function. Retrieve the password from the environment variable by invoking the function. Create a deployment script to automatically rotate the password.
Study These Flashcards
A

Store the password in AWS Secrets Manager. Associate the Lambda function with a role that can use the secret ID to retrieve the password from Secrets Manager. Use Secrets Manager to automatically rotate the password.

credentials (not keys) must be securely stored = Secrets Manager

automatically rotated = Secrets Manager

19
Q

A company is managing health records on-premises. The company must keep these records indefinitely, disable any modifications to the records once they are stored, and granularly audit access at all levels. The chief technology officer (CTO) is concerned because there are already millions of records not being used by any application, and the current infrastructure is running out of space. The CTO has requested a solutions architect design a solution to move existing data and support future records.
Which services can the solutions architect recommend to meet these requirements?

  1. Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with data events.
  2. Use AWS Storage Gateway to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events.
  3. Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events.
  4. Use AWS Storage Gateway to move existing data to AWS. Use Amazon Elastic Block Store (Amazon EBS) to store existing and new data. Enable Amazon S3 object lock and enable Amazon S3 server access logging.
Study These Flashcards
A
  1. Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with data events.

move existing data = DataSync = 1,3

management events are enabled by default = 3 out 1 in

20
Q

A company wants to use Amazon S3 for the secondary copy of its on-premises dataset. The company would rarely need to access this copy. The storage solution’s cost should be minimal.
Which storage solution meets these requirements?

  1. S3 Standard
  2. S3 Intelligent-Tiering
  3. S3 Standard-Infrequent Access (S3 Standard-IA)
  4. S3 One Zone-Infrequent Access (S3 One Zone-IA)
Study These Flashcards
A
  1. S3 One Zone-Infrequent Access (S3 One Zone-IA)

no mention of resilience so no need for S3 Standard IA

One Zone-Infrequent Access = cheapest

EXAM SAA-C02
flashcards
Decks in class (18)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions