SAA-C02 Dumps [Latest Version]: Useful AWS Certified Solutions Architect – Associate Prepare Materials

Candidates can use the latest version of the SAA-C02 dumps updated by Pass4itSure to efficiently prepare for the AWS Certified Solutions Architect – Associate exam.

The new version of the SAA-C02 dumps > > https://www.pass4itsure.com/saa-c02.html is very accurate, which helps you prepare for the Amazon SAA-C02 exam. It will be your best AWS Certified Solutions Architect – Associate preparation material.

introduction SAA-C02 exam

A brief introduction to the AWS Certified Solutions Architect – Associate exam, what to say?

The true SAA-C02 exam is for anyone with a year or more of hands-on experience designing usable, cost-effective, fault-tolerant, and scalable distributed systems on AWS. You will need to complete the exam in 130 minutes and answer 65 questions. The type of question can be multiple choices or multiple answers. It costs $150 to take the exam.

Participate and pass AWS Certified Solutions Architect-Associate (SAA-C02) to earn AWS Certified Associate certification.

Which is the ideal AWS Certified Solutions Architect – Associate preparation material?

That must be the latest SAA-C02 dumps from the Pass4itSure launch.

Pass4itSure SAA-C02 dumps provide useful AWS Certified Solutions Architect-Assistant preparation materials, based on real exams, that are very effective. Can help you easily pass the SAA-C02 exam.

Where can I get the latest SAA-C02 dumps for Free Q&A?

Here is a free SAA-C02 exam preparation material for you.

SAA-C02 exam free preparation questions PDF download: https://drive.google.com/file/d/1kCMAVYvlQJu-d5egupz1_YRmapcMWuNg/view?usp=sharing

You can also read the online SAA-C02 exam questions directly below.

(SAA-C02 Free Dumps) AWS Certified Solutions Architect – Associate Exam Questions Answers: 2022.9

Q1 NEW.

A company has an AWS Glue extract. transform, and load (ETL) job that runs every day at the same time. The job processes XML data that is in an Amazon S3 bucket. New data is added to the S3 bucket every day.

A solutions architect notices that AWS Glue is processing all the data during each run. What should the solutions architect do to prevent AWS Glue from reprocessing old data?

A. Edit the job to use job bookmarks.
B. Edit the job to delete data after the data is processed
C. Edit the job by setting the number of workers field to 1.
D. Use a FindMatches machine learning (ML) transform.

Correct Answer: B

Q2 New.

A company captures ordered clickstream data from multiple websites and uses batch processing to analyze the data. The company receives 100 million event records, all approximately 1 KB in size, each day. The company loads the data into Amazon Redshift each night, and business analysts consume the data.

The company wants to move toward near-real-time data processing for timely insights. The solution should process the streaming data while requiring the least possible operational overhead. Which combination of AWS services will meet these requirements MOST cost-effectively? (Choose two.)

A. Amazon EC2
B. AWS Batch
C. Amazon Simple Queue Service (Amazon SQS)
D. Amazon Kinesis Data Firehose
E. Amazon Kinesis Data Analytics

Correct Answer: BC

Q3 New.

A company is planning to host its compute-intensive applications on Amazon EC2 instances. The majority of the network traffic will be between these applications The company needs a solution that minimizes latency and maximizes network throughput

The underlying hardware for the EC2 instances must not be shared with any other company Which solution will meet these requirements?

A. Launch EC2 instances as Dedicated Hosts in a cluster placement group
B. Launch EC2 instances as Dedicated Hosts in a partition placement group
C. Launch EC2 instances as Dedicated Instances in a cluster placement group
D. Launch EC2 instances as Dedicated Instances in a partition placement group

Correct Answer: A

Q4 New.

A solutions architect is working on optimizing a legacy document management application running on Microsoft a network file share. The chief information officer wants to reduce the on-premises data center footprint and minimize storage by moving on-premises storage to AWS.

What should the solution architect do to meet these requirements?

A. Set up an AWS Storage Gateway file gateway.
B. Set up Amazon Elastic File System (Amazon EFS).
C. Set up AWS Storage Gateway as a volume gateway.
D. Set up an Amazon Elastic Block Store (Amazon EBS) volume.

Correct Answer: A

Q5 New.

Cost Explorer is showing charges higher than expected for Amazon Elastic Block Store (Amazon EBS) volumes connected to application servers in a production account A significant portion of the changes from Amazon EBS are from volumes that were created as Provisioned IOPS SSD (io1) volume types Controlling costs is the highest priority for
this application.

Which steps should the user take to analyze and reduce the EBS costs without incurring any application downtime\\’? (Select TWO)

A. Use the Amazon EC2 ModifylnstanceAttribute action to enable EBS optimization on the application server instances
B. Use the Amazon CloudWatch GetMetricData action to evaluate the read-write operations and read/ write bytes of each volume
C. Use the Amazon EC2 ModifyVoiume action to reduce the size of the underutilized 101 volumes
D. Use the Amazon EC2 ModifyVolume action to change the volume type of the underutilized io1 volumes to General Purpose SSD (gp2)
E. Use an Amazon S3 PutBucketPolicy action to migrate existing volume snapshots to Amazon S3 Glacier

Correct Answer: AD

Q6 New.

A company has a service that produces event data. The company wants to use AWS to process the event data as it is received. The data is written in a specific order that
must be maintained throughout processing The company wants to implement a solution that minimizes operational overhead.

How should a solution architect accomplish this?

A. Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue to hold messages. Set up an AWS Lambda function to process messages from the queue.
B. Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process. Configure an AWS Lambda function as a subscriber
C. Create an Amazon Simple Queue Service (Amazon SQS) standard queue to hold messages Set up an AWS Lambda function ūüėģ process messages from the queue independently
D. Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process Configure an Amazon Simple Queue Service (Amazon SQS) queue as a subscriber.

Correct Answer: A

Q7 New.

A company runs a web-based portal that provides users with global breaking news, local alerts, and weather updates. The portal delivers each user a personalized view by using a mixture of static and dynamic content Content is served over HTTPS through an API server running on an Amazon EC2 instance behind an Application Load Balancer (ALB).

The company wants the portal to provide this content to its users across the world as quickly as possible. How should a solutions architect design the application to ensure the LEAST amount of latency for all users?

A. Deploy the application stack in a single AWS Region Use Amazon CloudFront to serve all static and dynamic content by specifying the ALB as an origin
B. Deploy the application stack in two AWS Regions Use an Amazon Route 53 latency routing policy to serve all content from the ALB in the closest Region.
C. Deploy the application stack in a single AWS Region Use Amazon CloudFront to serve the static content Serve the dynamic content directly from the ALB.
D. Deploy the application stack in two AWS Regions Use an Amazon Route 53 geolocation routing policy to serve all content from the ALB in the closest Region.

Correct Answer: A

Q8 New.

A company uses on-premises servers to host its applications. The company is running out of storage capacity. The applications use both block storage and NFS storage. The company needs a high-performing solution that supports local caching without re-architecting its existing applications.

Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.)

A. Mount Amazon S3 as a file system to the on-premises servers.
B. Deploy an AWS Storage Gateway file gateway to replace NFS storage
C. Deploy AWS Snowball Edge to provision NFS mounts to on-premises servers.
D. Deploy an AWS Storage Gateway volume gateway to replace the block storage.
E. Deploy Amazon Elastic Fife System (Amazon EFS) volumes and mount them to on-premises servers.

Correct Answer: BD

Q9 New.

A company is using a centralized AWS account to store log data in various Amazon S3 buckets. A solutions architect needs to ensure that the data is encrypted at rest before the data is uploaded to the S3 buckets. The data also must be encrypted in transit.

Which solution meets these requirements?

A. Use client-side encryption to encrypt the data that is being uploaded to the S3 buckets.
B. Use server-side encryption to encrypt the data that is being uploaded to the S3 buckets.
C. Create bucket policies that require the use of server-side encryption with S3-managed encryption keys (SSE-S3) for S3 uploads.
D. Enable the security option to encrypt the S3 buckets through the use of a default AWS Key Management Service (AWS KMS) key.

Correct Answer: B

Reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingEncryption.html

Q10 New.

Organizers for a global event want to put daily reports online as static HTML pages The pages are expected to generate millions of views from users around the world The files are stored in an Amazon S3 bucket A solutions architect has been asked to design an efficient and effective solution.

Which action should the solutions architect take to accomplish this?

A. Generate pre-signed URLs for the files
B. Use cross-Region replication to all Regions
C. Use the geo proximity feature of Amazon Route 53
D. Use Amazon CloudFront with the S3 bucket as its origin

Correct Answer: D

Using Amazon S3 Origins, MediaPackage Channels, and Custom Origins for Web Distributions Using Amazon S3 Buckets for Your Origin When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront to deliver in an Amazon S3 bucket.

You can use any method that is supported by Amazon S3 to get your objects into Amazon S3, for example, the Amazon S3 console or API, or a third-party tool. You can create a hierarchy in your bucket to store the objects, just as you would with any other Amazon S3 bucket.

Using an existing Amazon S3 bucket as your CloudFront origin server doesn\’t change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects at the standard Amazon S3 price. You incur regular Amazon S3 charges for storing the objects in the bucket.

Using Amazon S3 Buckets Configured as Website Endpoints for Your Origin You
can set up an Amazon S3 bucket that is configured as a website endpoint as a custom origin with CloudFront. When you configure your CloudFront distribution, for the origin, enter the Amazon S3 static website hosting endpoint for your bucket.

This value appears in the Amazon S3 console, on the Properties tab, and in the Static website hosting pane.

For example http://bucket-name.s3-website-region.amazonaws.com

For more information about specifying Amazon S3 static website endpoints, see Website endpoints in the Amazon Simple Storage Service Developer Guide. When you
specify the bucket name in this format as your origin, you can use Amazon S3 redirects and Amazon S3 custom error documents.

For more information about Amazon S3 features, see the Amazon S3 documentation. Using an Amazon S3 bucket as your CloudFront origin server doesn\’t change it in any way. You can still use it as you normally would and you incur regular Amazon S3 charges.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCust omOrigins.html

Q11 New.

A company has a three-tier, stateless web application. The company\’s web and application tiers run on Amazon BC2 instances in an Auto Scaling group with an Amazon Elastic Block Store (Amazon EBS) root volume, and the database tier runs on Amazon RDS for PostgreSQL. The company\’s recovery point objective (RPO) is 2 hours

What should a solutions architect recommend enabling backups for this environment?

A. Take snapshots of EBS volumes of the EC2 instances and database every 2 hours
B. Configure a snapshot lifecycle policy to take EBS snapshots and configure an automated database backup in Amazon RDS to meet the RPO
C. Take snapshots of EBS volumes of the EC2 instances every 2 hours Configure an automated database backup in Amazon RDS so that it runs every 2 hours
D. Retain the latest Amazon Machine Images (AMIs) of the web and application tiers Configure daily Amazon RDS snapshots and use point-in-time recovery to meet the RPO.

Correct Answer: D

Q12 New.

A gaming company hosts a browser-based application on AWS. The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users.

The application has increased in popularity, and millions of users worldwide are accessing these media files. The company wants to provide the files to the users while reducing the load on the origin.

Which solution meets these requirements MOST cost-effectively?

A. Deploy an AWS Global Accelerator accelerator in front of the web servers.
B. Deploy an Amazon CloudFront web distribution in front of the S3 bucket.
C. Deploy an Amazon ElastiCache for Redis instance in front of the web servers.
D. Deploy an Amazon ElastiCache for Memcached instance in front of the web servers.

Correct Answer: B

Reference: https://aws.amazon.com/getting-started/hands-on/deliver-content-faster/

Q13 New.

A company hosts a training site on a fleet of Amazon EC2 instances. The company anticipates that its new course, which consists of dozens of training videos on the site, will be extremely popular when it is released in 1 week.

What should a solutions architect do to minimize the anticipated server load?

A. Store the videos in Amazon ElastiCache for Redis Update the web servers to serve the videos using the Elastic cache API
B. Store the videos in Amazon Elastic File System (Amazon EFS) Create a user data script for the web servers to mount the EFS volume.
C. Store the videos in an Amazon S3 bucket Create an Amazon CloudFlight distribution with an origin access identity (OAI) of that S3 bucket Restrict Amazon S3 access to the OAI.
D. Store the videos in an Amazon S3 bucket. Create an AWS Storage Gateway file gateway to access the S3 bucket Create a user data script for the web servers to mount the file gateway

Correct Answer: C

With the latest SAA-C02 dumps, it’s easy to get AWS Certified Associate certification. More Amazon SAA-C02 exam questions are on this website.

DVA-C01 Exam Dumps [Latest Version] Confident AWS DVA-C01 Exam Materials

We’ve updated the latest version of the DVA-C01 exam dumps, which gives you confidence in the AWS DVA-C01 exam materials to help you easily win the Amazon DVA-C01 exam.

Leave it all to the Pass4itSure DVA-C01 exam dumps, and leave it to you: Go to the latest DVA-C01 dumps page https://www.pass4itsure.com/aws-certified-developer-associate.html to get the latest AWS DVA-C01 exam Q&A material, and then practice it well.

A brief summary of the AWS Certified Developer – Associate exam, try?

The AWS Certified Developer – Associate exam requires 65 questions to be answered in 130 minutes, which can be multiple choice or multiple choice. Taking the exam costs $150.

To pass the AWS Certified Developer – Associate (DVA-C01) exam, you need to achieve a score of 720. After passing the exam, you can earn the AWS Certified Associate certification.

Is it necessary to take the DVA-C01 exam?

It is necessary. According to reliable sources, after successfully passing the Amazon DVA-C01 exam to obtain THE AWS Certified Associate certification, salaries increased by an average of 25%. It will bring you intuitive wealth.

How can I effectively prepare for the Amazon DVA-C01 exam?

AWS Certified Developer - Associate Exam Materials

First, you need to find valid DVA-C01 exam material to help you prepare.

Here’ ‘s recommendation is the Pass4itSure DVA-C01 exam dumps, which provide you with the latest validated DVA-C01 exam materials to help you pass.

Then, you need to practice exam questions regularly to achieve proficiency.

For us, we have prepared free practice questions for you to experience.

The latest DVA-C01 exam questions are available for free download: https://drive.google.com/file/d/1C448HC1w2TguT70g8OJJOdm4aHijXv4x/view?usp=sharing

Try the new DVA-C01 free dumps to get ready for AWS Certified Associate certification:

Q1. A developer is building a backend system for the long-term storage of information from an inventory management system. The information needs to be stored so that other teams can build tools to report and analyze the data. How should the developer implement this solution to achieve the FASTEST running time?

A. Create an AWS Lambda function that writes to Amazon S3 synchronously Increase the function\\’s concurrency to match the highest expected value of concurrent scans and requests.
B. Create an AWS Lambda function that writes to Amazon S3 asynchronously Configure a dead-letter queue to collect unsuccessful invocations
C. Create an AWS Lambda function that writes to Amazon S3 synchronously Set the inventory system to retry failed requests.
D. Create an AWS Lambda function that writes to an Amazon ElastiCache for the Redis cluster asynchronously Configure a dead-letter queue to collect unsuccessful invocations.

Correct Answer: A

Q2. A developer is working on a serverless application that needs to process any changes to an Amazon DynamoDB table with an AWS Lambda function. How should the developer configure the Lambda function to detect changes to the DynamoDB table?

A. Create an Amazon Kinesis data stream, and attach it to the DynamoDB table. Create a trigger to connect the data stream to the Lambda function.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the Lambda function on a regular schedule. Connect to the DynamoDB table from the Lambda function to detect changes.
C. Enable DynamoDB Streams on the table. Create a trigger to connect the DynamoDB stream to the Lambda function.
D. Create an Amazon Kinesis Data Firehose delivery stream, and attach it to the DynamoDB table. Configure the delivery stream destination as the Lambda function.

Correct Answer: C

Reference: https://aws.amazon.com/getting-started/projects/build-serverless-web-app-lambda-apigateways3-dynamodbcognito/module-3/

Q3. A company is using Amazon API Gateway to manage its public-facing API. The CISO requires that the APIs be used by test account users only. What is the MOST secure way to restrict API access to users of this particular AWS account?

A. Client-side SSL certificates for authentication
B. API Gateway resource policies
C. Cross-origin resource sharing (CORS)
D. Usage plans

Correct Answer: B

Reference: https://aws.amazon.com/blogs/compute/control-access-to-your-apis-using-amazon-apigateway-resourcepolicies/

Q4. A Developer has an application that must accept a large number of incoming data streams and process the data before sending it to many downstream users. Which serverless solution should the Developer use to meet these requirements?

A. Amazon RDS MySQL stored procedure with AWS Lambda
B. AWS Direct Connect with AWS Lambda
C. Amazon Kinesis Data Streams with AWS Lambda
D. Amazon EC2 bash script with AWS Lambda

Correct Answer: C

Reference: https://aws.amazon.com/kinesis/data-analytics/faqs/

Q5. A developer is using Amazon S3 as the event source that invokes a Lambda function when new objects are created in the bucket. The event source mapping information is stored in the bucket notification configuration.
The developer is working with different versions of the Lambda function and has a constant need to update notification configuration so that Amazon S3 invokes the correct version. What is the MOST efficient and effective way to achieve mapping between the S3 event and Lambda?

A. Use a different Lambda trigger.
B. Use Lambda environment variables.
C. Use a Lambda alias.
D. Use Lambda tags.

Correct Answer: A

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/lambda-s3-event-configurationerror/

Q6. A company\\’s fleet of Amazon EC2 instances receives data from millions of users through an API. The servers batch the data, add an object for each user, and upload the objects to an S3 bucket to ensure high access rates.
The object attributes are Customer ID, Server ID, TS-Server (TimeStamp and Server ID), the size of the object, and a timestamp. A developer wants to find all the objects for a given user collected during a specified time range. After creating an S3 object-created event, how can the Developer achieve this requirement?

A. Execute an AWS Lambda function in response to the S3 object creation events that create an Amazon DynamoDB record for every object with the Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes.

B. Execute an AWS Lambda function in response to the S3 object creation events that create an Amazon Redshift record for every object with the Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes.

C. Execute an AWS Lambda function in response to the S3 object creation events that create an Amazon DynamoDB record for every object with the Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes.

D. Execute an AWS Lambda function in response to the S3 object creation events that create an Amazon Redshift record for every object with the Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes.

Correct Answer: C

Q7. A developer wants to secure sensitive configuration data such as passwords, database strings, and application license codes. Access to this sensitive information must be tracked for future audit purposes. Where should the sensitive information be stored, adhering to security best practices and operational requirements?

A. In an encrypted file on the source code bundle; grant the application access with Amazon IAM
B. In the Amazon EC2 Systems Manager Parameter Store; grant the application access with IAM
C. On an Amazon EBS encrypted volume; attach the volume to an Amazon EC2 instance to access the data
D. As an object in an Amazon S3 bucket; grant an Amazon EC2 instance access with an IAM role

Correct Answer: B
Reference: https://aws.amazon.com/blogs/security/how-to-enhance-the-security-of-sensitive-customerdata-by-usingamazon-cloudfront-field-level-encryption/

Q8. A Developer is migrating existing applications to AWS. These applications use MongoDB as their primary data store, and they will be deployed to Amazon EC2 instances. Management requires that the Developer minimize changes to applications while using AWS services. Which solution should the Developer use to host MongoDB in AWS?

A. Install MongoDB on the same instance where the application is running.
B. Deploy Amazon DocumentDB in MongoDB compatibility mode.
C. Use Amazon API Gateway to translate API calls from MongoDB to Amazon DynamoDB.
D. Replicate the existing MongoDB workload to Amazon DynamoDB.

Correct Answer: D

Q9. An application development team decides to use AWS X-Ray to monitor application code to analyze performance and perform r cause analysis What does the team need to do to begin using X-Ray? (Select TWO )

A. Log instrumentation output into an Amazon SQS queue
B. Use a visualization tool to view application traces
C. Instrument application code using the AWS SDK
D. Install the X-Ray agent on the application servers
E. Create an Amazon DynamoDB table to store the trace logs

Correct Answer: DE

Q10. A Lambda function is packaged for deployment to multiple environments, including development, test, production, etc. Each environment has a unique set of resources such as databases, etc. How can the Lambda function use the resources for the current environment?

A. Apply tags to the Lambda functions.
B. Hardcore resources in the source code.
C. Use environment variables for the Lambda functions.
D. Use a separate function for development and production.

Correct Answer: C

Q11. A developer is creating a serverless web application and maintains different branches of code. The developer wants to avoid updating the Amazon API Gateway target endpoint each time a new code push is performed. What solution would allow the developer to perform a code push efficiently, without the need to update the API Gateway?

A. Associate different AWS Lambda functions to an API Gateway target endpoint.
B. Create different stages in API Gateway, then associate API Gateway with AWS Lambda.
C. Create aliases and versions in AWS Lambda.
D. Tag the AWS Lambda functions with different names.

Correct Answer: C

Q12. A company is adding items to an Amazon DynamoDB table from an AWS Lambda function that is written in Python. A developer needs to implement a solution that inserts records in the DynamoDB table and performs an automatic retry when the insert fails. Which solution meets these requirements with MINIMUM code changes?

A. Configure the Python code to run the AWS CLI through the shell to call the PutItem operation
B. Call the PutItem operation from Python by using the DynamoDB HTTP API
C. Queue the items in AWS Glue, which will put them into the DynamoDB table
D. Use the AWS software development kit (SDK) for Python (boto3) to call the PutItem operation

Correct Answer: D

Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ GettingStarted.Python.html

Q13. In a move toward using microservices, a company\’s Management team has asked all Development teams to build their services so that API requests depend only on that service\’s data store. One team is building a Payments service that has its own database; the service needs data that originates in the Accounts database. Both are using Amazon
DynamoDB.
What approach will result in the simplest, decoupled, and most reliable method to get near-real-time updates from the Accounts database?

A. Use Amazon Glue to perform frequent ETL updates from the Accounts database to the Payments database.
B. Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database.
C. Use Amazon Kinesis Data Firehouse to deliver all changes from the Accounts database to the Payments database.
D. Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.

Correct Answer: D

Reference:
https://aws.amazon.com/blogs/database/how-to-perform-ordered-data-replication- between applications-by using amazon-dynamodb-streams/

Use the DVA-C01 exam dumps to confidently prepare for the AWS Certified Developer – Associate (DVA-C01) exam. Download the full DVA-C01 exam dumps 2022 here: https://www.pass4itsure.com/aws-certified-developer-associate.html

AWS DAS-C01 Dumps 2022 [New Release] is Now Available!

We are pleased to announce that the latest version of the Pass4itSure DAS-C01 dumps is now available for download! Please note that the latest DAS-C01 dumps effectively help you pass the exam quickly, and it contains 164+ unique new questions.

We strongly recommend using the latest version of the DAS-C01 dumps (PDF+VCE) to prepare for the exam. Before the final exam, you must practice the exam questions in the dump and master all AWS Certified Data Analytics – Specialty knowledge.

AWS Certified Data Analytics – Specialty (DAS-C01) exam content is included in the latest dumps and can be viewed at the following link:

Pass4itSure DAS-C01 dumps https://www.pass4itsure.com/das-c01.html

Rest assured, this is the latest stable version.

Next, we’ll share the free DAS-C01 dumps experience, Welcome to test

Q#1

A banking company is currently using Amazon Redshift for sensitive data. An audit found that the current cluster is unencrypted. Compliance requires that a database with sensitive data must be encrypted using a hardware security module (HSM) with customer-managed keys.

Which modifications are required in the cluster to ensure compliance?

A. Create a new HSM-encrypted Amazon Redshift cluster and migrate the data to the new cluster.
B. Modify the DB parameter group with the appropriate encryption settings and then restart the cluster.
C. Enable HSM encryption in Amazon Redshift using the command line.
D. Modify the Amazon Redshift cluster from the console and enable encryption using the HSM option.

Correct Answer: A

When you modify your cluster to enable AWS KMS encryption, Amazon Redshift automatically migrates your data to a new encrypted cluster.

Reference: https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html

Q#2

A company is sending historical datasets to Amazon S3 for storage. A data engineer at the company wants to make these datasets available for analysis using Amazon Athena. The engineer also wants to encrypt the Athena query results in an S3 results location by using AWS solutions for encryption.

The requirements for encrypting the query results are as
follows:

  • Use custom keys for encryption of the primary dataset query results.
  • Use generic encryption for all other query results.
  • Provide an audit trail for the primary dataset queries that show when the keys were used and by whom.

A. Use server-side encryption with S3 managed encryption keys (SSE-S3) for the primary dataset. Use SSE-S3 for the other datasets.
B. Use server-side encryption with customer-provided encryption keys (SSE-C) for the primary dataset. Use server-side encryption with S3 managed encryption keys (SSE-S3) for the other datasets.
C. Use server-side encryption with AWS KMS managed customer master keys (SSE-KMS CMKs) for the primary dataset. Use server-side encryption with S3 managed encryption keys (SSE-S3) for the other datasets.
D. Use client-side encryption with AWS Key Management Service (AWS KMS) customer-managed keys for the primary dataset. Use S3 client-side encryption with client-side keys for the other datasets.

Correct Answer: A

Reference: https://d1.awsstatic.com/product-marketing/S3/Amazon_S3_Security_eBook_2020.pdf

Q#3

A company has collected more than 100 TB of log files in the last 24 months. The files are stored as raw text in a dedicated Amazon S3 bucket. Each object has a key of the form year-month-day_log_HHmmss.txt where HHmmss represents the time the log file was initially created. A table was created in Amazon Athena that points to the S3 bucket.

One-time queries are run against a subset of columns in the table several times an hour.
A data analyst must make changes to reduce the cost of running these queries. Management wants a solution with minimal maintenance overhead.

Which combination of steps should the data analyst take to meet these requirements? (Choose three.)

A. Convert the log files to Apache Avro format.
B. Add a key prefix of the form date=year-month-day/ to the S3 objects to partition the data.
C. Convert the log files to Apache Parquet format.
D. Add a key prefix of the form year-month-day/ to the S3 objects to partition the data.
E. Drop and recreate the table with the PARTITIONED BY clause. Run the ALTER TABLE ADD PARTITION statement.
F. Drop and recreate the table with the PARTITIONED BY clause. Run the MSCK REPAIR TABLE statement.

Correct Answer: BCF

Reference: https://docs.aws.amazon.com/athena/latest/ug/msck-repair-table.html

Q# 4

A company is providing analytics services to its sales and marketing departments. The departments can access the data only through their business intelligence (BI) tools, which run queries on Amazon Redshift using an Amazon Redshift internal user to connect.

Each department is assigned a user in the Amazon Redshift database with the permissions needed for that department. The marketing data analysts must be granted direct access to the advertising table, which is stored in Apache Parquet format in the marketing S3 bucket of the company data lake. The company data lake is managed by AWS Lake Formation.

Finally, access must be limited to the three promotion columns in the table.
Which combination of steps will meet these requirements? (Choose three.)

A. Grant permissions in Amazon Redshift to allow the marketing Amazon Redshift user to access the three promotion columns of the advertising external table.
B. Create an Amazon Redshift Spectrum IAM role with permissions for Lake Formation. Attach it to the Amazon Redshift cluster.
C. Create an Amazon Redshift Spectrum IAM role with permissions for the marketing S3 bucket. Attach it to the Amazon Redshift cluster.
D. Create an external schema in Amazon Redshift by using the Amazon Redshift Spectrum IAM role. Grant usage to the marketing Amazon Redshift user.
E. Grant permissions in Lake Formation to allow the Amazon Redshift Spectrum role to access the three promotion columns of the advertising table.
F. Grant permissions in Lake Formation to allow the marketing IAM group to access the three promotion columns of the advertising table.

Correct Answer: BDE

Q#5

An airline has .csv-formatted data stored in Amazon S3 with an AWS Glue Data Catalog. Data analysts want to join this data with call center data stored in Amazon Redshift as part of a daily batch process. The Amazon Redshift cluster is already under a heavy load.

The solution must be managed, serverless, well-functioning, and minimize the load on the
existing Amazon Redshift cluster. The solution should also require minimal effort and development activity.

Which solution meets these requirements?

A. Unload the call center data from Amazon Redshift to Amazon S3 using an AWS Lambda function. Perform the join with AWS Glue ETL scripts.
B. Export the call center data from Amazon Redshift using a Python shell in AWS Glue. Perform the join with AWS Glue ETL scripts.
C. Create an external table using Amazon Redshift Spectrum for the call center data and perform the join with Amazon Redshift.
D. Export the call center data from Amazon Redshift to Amazon EMR using Apache Sqoop. Perform the join with Apache Hive.

Correct Answer: C

Q#6

A media analytics company consumes a stream of social media posts. The posts are sent to an Amazon Kinesis data stream partitioned on user_id. An AWS Lambda function retrieves the records and validates the content before loading the posts into an Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster.

The validation process needs to receive the posts for a given user in the order they were received by the Kinesis data stream.

During peak hours, the social media posts take more than an hour to appear in the Amazon OpenSearch Service (Amazon ES) cluster. A data analytics specialist must implement a solution that reduces this latency with the least possible operational overhead.

Which solution meets these requirements?

A. Migrate the validation process from Lambda to AWS Glue.
B. Migrate the Lambda consumers from standard data stream iterators to an HTTP/2 stream consumer.
C. Increase the number of shards in the Kinesis data stream.
D. Send the posts stream to Amazon Managed Streaming for Apache Kafka instead of the Kinesis data stream.

Correct Answer: C

For real-time processing of streaming data, Amazon Kinesis partitions data into multiple shards that can then be consumed by multiple Amazon EC2 Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Q#7

A company operates toll services for highways across the country and collects data that is used to understand usage patterns. Analysts have requested the ability to run traffic reports in near-real-time.

The company is interested in building an ingestion pipeline that loads all the data into an Amazon Redshift cluster and alerts operations personnel when toll traffic for a particular toll station does not meet a specified threshold. Station data and the corresponding threshold values are stored in Amazon S3.

Which approach is the MOST efficient way to meet these requirements?

A. Use Amazon Kinesis Data Firehose to collect data and deliver it to Amazon Redshift and Amazon Kinesis Data Analytics simultaneously.

Create a reference data source in Kinesis Data Analytics to temporarily store the threshold values from Amazon S3 and compare the count of vehicles for a particular toll station against its corresponding threshold value. Use AWS Lambda to publish an Amazon Simple Notification Service (Amazon SNS) notification if the threshold is not met.

B. Use Amazon Kinesis Data Streams to collect all the data from toll stations. Create a stream in Kinesis Data Streams to temporarily store the threshold values from Amazon S3. Send both streams to Amazon Kinesis Data Analytics to compare the count of vehicles for a particular toll station against its corresponding threshold value.

Use AWS Lambda to publish an Amazon Simple Notification Service (Amazon SNS) notification if the threshold is not met. Connect Amazon Kinesis Data Firehose to Kinesis Data Streams to deliver the data to Amazon Redshift.

C. Use Amazon Kinesis Data Firehose to collect data and deliver it to Amazon Redshift. Then, automatically trigger an AWS Lambda function that queries the data in Amazon Redshift, compares the count of vehicles for a particular toll station against its corresponding threshold values read from Amazon S3, and publishes an Amazon Simple Notification Service (Amazon SNS) notification if the threshold is not met.

D. Use Amazon Kinesis Data Firehose to collect data and deliver it to Amazon Redshift and Amazon Kinesis Data Analytics simultaneously. Use Kinesis Data Analytics to compare the count of vehicles against the threshold value for the station stored in a table as an in-application stream based on information stored in Amazon S3.

Configure an AWS Lambda function as an output for the application that will publish an Amazon Simple Queue Service (Amazon SQS) notification to alert operations personnel if the threshold is not met.

Correct Answer: D

Q#8

A telecommunications company is looking for an anomaly-detection solution to identify fraudulent calls. The company currently uses Amazon Kinesis to stream voice call records in a JSON format from its on-premises database to Amazon S3. The existing dataset contains voice call records with 200 columns. To detect fraudulent calls, the solution would
need to look at 5 of these columns only.

The company is interested in a cost-effective solution using AWS that requires minimal effort and experience in anomaly detection algorithms. Which solution meets these requirements?

A. Use an AWS Glue job to transform the data from JSON to Apache Parquet. Use AWS Glue crawlers to discover the schema and build the AWS Glue Data Catalog. Use Amazon Athena to create a table with a subset of columns. Use Amazon QuickSight to visualize the data and then use Amazon QuickSight machine learning-powered anomaly
detection.

B. Use Kinesis Data Firehose to detect anomalies on a data stream from Kinesis by running SQL queries, which compute an anomaly score for all calls and store the output in Amazon RDS. Use Amazon Athena to build a dataset and Amazon QuickSight to visualize the results.

C. Use an AWS Glue job to transform the data from JSON to Apache Parquet. Use AWS Glue crawlers to discover the schema and build the AWS Glue Data Catalog. Use Amazon SageMaker to build an anomaly detection model that can detect fraudulent calls by ingesting data from Amazon S3.

D. Use Kinesis Data Analytics to detect anomalies on a data stream from Kinesis by running SQL queries, which compute an anomaly score for all calls. Connect Amazon QuickSight to Kinesis Data Analytics to visualize the anomaly scores.

Correct Answer: A

Q#9

A company currently uses Amazon Athena to query its global datasets. The regional data is stored in Amazon S3 in the us-east-1 and us-west-2 Regions. The data is not encrypted. To simplify the query process and manage it centrally, the company wants to use Athena in us-west-2 to query data from Amazon S3 in both Regions. The solution should be as
low-cost as possible.

What should the company do to achieve this goal?

A. Use AWS DMS to migrate the AWS Glue Data Catalog from us-east-1 to us-west-2. Run Athena queries in west-2.

B. Run the AWS Glue crawler in us-west-2 to catalog datasets in all Regions. Once the data is crawled, run Athena queries in us-west-2.

C. Enable cross-Region replication for the S3 buckets in us-east-1 to replicate data in us-west-2. Once the data is replicated in us-west-2, run the AWS Glue crawler there to update the AWS Glue Data Catalog in us-west-2 and run Athena queries.

D. Update AWS Glue resource policies to provide us-east-1 AWS Glue Data Catalog access to us-west-2. Once the catalog in us-west-2 has access to the catalog in us-east-1, run Athena queries in us-west-2.

Correct Answer: C

Q#10

A company wants to research user turnover by analyzing the past 3 months of user activities. With millions of users, 1.5 TB of uncompressed data is generated each day. A 30-node Amazon Redshift cluster with 2.56 TB of solid-state drive (SSD) storage for each node is required to meet the query performance goals.

The company wants to run an additional analysis on a year\’s worth of historical data to examine trends indicating which features are most popular. This analysis will be done once a week.

What is the MOST cost-effective solution?

A. Increase the size of the Amazon Redshift cluster to 120 nodes so it has enough storage capacity to hold 1 year of data. Then use Amazon Redshift for the additional analysis.

B. Keep the data from the last 90 days in Amazon Redshift. Move data older than 90 days to Amazon S3 and store it in Apache Parquet format partitioned by date. Then use Amazon Redshift Spectrum for the additional analysis.

C. Keep the data from the last 90 days in Amazon Redshift. Move data older than 90 days to Amazon S3 and store it in Apache Parquet format partitioned by date. Then provision a persistent Amazon EMR cluster and use Apache Presto for the additional analysis.

D. Resize the cluster node type to the dense storage node type (DS2) for an additional 16 TB storage capacity on each individual node in the Amazon Redshift cluster. Then use Amazon Redshift for the additional analysis.

Correct Answer: B

Q#11

A company has developed an Apache Hive script to batch process data started in Amazon S3. The script needs to run once every day and store the output in Amazon S3. The company tested the script, and it completes within 30 minutes on a small local three-node cluster.

Which solution is the MOST cost-effective for scheduling and executing the script?

A. Create an AWS Lambda function to spin up an Amazon EMR cluster with a Hive execution step. Set KeepJobFlowAliveWhenNoSteps to false and disable the termination protection flag. Use Amazon CloudWatch Events to schedule the

B. Use the AWS Management Console to spin up an Amazon EMR cluster with Python Hue. Hive, and Apache Oozie. Set the termination protection flag to true and use Spot Instances for the core nodes of the cluster. Configure an Oozie workflow in the cluster to invoke the Hive script daily.

C. Create an AWS Glue job with the Hive script to perform the batch operation. Configure the job to run once a day using a time-based schedule.

D. Use AWS Lambda layers and load the Hive runtime to AWS Lambda and copy the Hive script. Schedule the Lambda function to run daily by creating a workflow using AWS Step Functions.

Correct Answer: C

Q#12

A manufacturing company is storing data from its operational systems in Amazon S3. The company\\’s business analysts need to perform one-time queries of the data in Amazon S3 with Amazon Athena. The company needs to access the Athena network from the on-premises network by using a JDBC connection.

The company has created a VPC Security policy mandate that requests to AWS services cannot traverse the Internet. Which combination of steps should a data analytics specialist take to meet these requirements? (Choose two.)

A. Establish an AWS Direct Connect connection between the on-premises network and the VPC.
B. Configure the JDBC connection to connect to Athena through Amazon API Gateway.
C. Configure the JDBC connection to use a gateway VPC endpoint for Amazon S3.
D. Configure the JDBC connection to use an interface VPC endpoint for Athena.
E. Deploy Athena within a private subnet.

Correct Answer: AE

AWS Direct Connect makes it easy to establish a dedicated connection from an on-premises network to one or more VPCs in the same region.

Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect.html
https://stackoverflow.com/questions/68798311/aws-athena-connect-from-lambda

Q#13

A marketing company collects data from third-party providers and uses transient Amazon EMR clusters to process this data. The company wants to host an Apache Hive metastore that is persistent, reliable, and can be accessed by EMR clusters and multiple AWS services and accounts simultaneously. The metastore must also be available at all times.

Which solution meets these requirements with the LEAST operational overhead?

A. Use AWS Glue Data Catalog as the metastore
B. Use an external Amazon EC2 instance running MySQL as the metastore
C. Use Amazon RDS for MySQL as the metastore
D. Use Amazon S3 as the metastore

Correct Answer: A

Reference: https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-hive-metastore-glue.html

…..

Past DAS-C01 exam questions and answers: https://www.examdemosimulation.com/?s=das-c01

DAS-C01 Free Dumps PDF Download: https://drive.google.com/file/d/1VIcdiMNqqt8auQ7ArmzsQn2zp_JQFHTQ/view?usp=sharing

View the latest full Pass4itSure DAS-C01 dumps: https://www.pass4itsure.com/das-c01.html help you quickly pass the AWS Certified Data Analytics – Specialty (DAS-C01) exam.

[SOA-C02 Questions Newly] Truly Amazon SOA-C02 Dumps Replace  

Do you want to pass the Amazon certification exam SOA-C02 quickly? Examdemosimulation is here to provide Amazon with n updated SOA-C02 dumps Mar2022 to help you pass the certification exam with a high score. You can get the latest Amazon exam dumps Learning Material Q&A 1-12 here.

Pass4itSure is the best learning resource for you to prepare for the Amazon certification exam SOA-C02 dumps https://www.pass4itsure.com/soa-c02.html. You will receive the latest Amazon SOA-C02 exam preparation materials in two formats:

  • Web-based SOA-C02 practice exam
  • SOA-C02 PDF (actual question)

Amazon SOA-C02 Dumps Real Question Answers 1-12

Q&A 1

A company is running a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The company configured an Amazon CloudFront distribution and set the ALB as the origin.

The company created an Amazon Route 53 CNAME record to send all traffic through the CloudFront distribution. As an unintended side effect, mobile users are
now being served the desktop version of the website.

Which action should a SysOps administrator take to resolve this issue?

A. Configure the CloudFront distribution behavior to forward the User-Agent header.
B. Configure the CloudFront distribution origin settings. Add a User-Agent header to the list of origin custom headers.
C. Enable IPv6 on the ALB. Update the CloudFront distribution origin settings to use the dual-stack endpoint.
D. Enable IPv6 on the CloudFront distribution. Update the Route 53 record to use the dual-stack endpoint.

Reference: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-elb-loadbalancer.html

Q&A 2

A company hosts an online shopping portal in the AWS Cloud. The portal provides HTTPS security by using a TLS certificate on an Elastic Load Balancer (ELB). Recently, the portal suffered an outage because the TLS certificate expired.

A SysOps administrator must create a solution to automatically renew certificates to avoid this issue in the future.

What is the MOST operationally efficient solution that meets these requirements?

A. Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. Write a scheduled AWS Lambda function to renew the certificate every 18 months.
B. Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.
C. Register a certificate with a third-party certificate authority (CA). Import this certificate into the AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.
D. Register a certificate with a third-party certificate authority (CA). Configure the ELB to import the certificate directly from the CA. Set the certificate refresh cycle on the ELB to refresh when the certificate is within 3 months of the expiration date.

Q&A 3

A SysOps administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connections to the internet.

Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)

A. Add a NAT gateway to a public subnet.
B. Attach a private address to the elastic network interface on the EC2 instance.
C. Attach an Elastic IP address to the internet gateway.
D. Add an entry to the routing table for the subnet that points to an internet gateway.
E. Create an internet gateway and attach it to a VPC.

Q&A 4

A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone.

A SysOps administrator must make the application highly available.
Which action should the SysOps administrator take to meet this requirement?

A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.

Q&A 5

A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.

Which condition should be used with the alarm?

A. AWS/ApplicationELB HealthyHostCount = 1
C. AWS/EC2 StatusCheckFailed = 1

Q&A 6

A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry:

2 111122223333 eni- 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK

What is a possible cause of these failed connections?

A. A security group is denying traffic on port 443.
B. The EC2 instance is shut down.
C. The network ACL is blocking HTTPS traffic.
D. The VPC has no internet gateway attached.

Q&A 7

A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed.

Users must be able to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by
using Windows ACLs.

Which solution will net these requirements?

A. Create a single AWS Storage Gateway file gateway.
B. Create an Amazon FSx for Windows File Server Multi-AZ file system.
C. Deploy two AWS Storage Gateway file gateways across two Availability Zones. Configure an Application Load Balancer in front of the file gateways.
D. Deploy two Amazon FSx for Windows File Server Single-AZ 2 file systems. Configure Microsoft Distributed File System Replication (DFSR).

Reference: https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html

Q&A 8

A company monitors its account activity using AWS CloudTrail and is concerned that some log files are being tampered with after the logs have been delivered to the account\\’s Amazon S3 bucket.

Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
B. Enable log file integrity validation and use digest files to verify the hash value of the log file.
C. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
D. Enable S3 server access logging to track requests made to the log bucket for security audits.

Q&A 9

A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC and all security groups allow all outbound traffic:

Which solution will provide the EC2 instances in the private subnet with access to the internet?

A. Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.
B. Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.
C. Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.
D. Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

Q&A 10

A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). The company notices that random periods of increased traffic cause a degradation in the application\\’s performance.

A SysOps administrator must scale the application to meet the increased traffic.
Which solution meets these requirements?

A. Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance if the desired threshold is reached.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor application latency and add an EC2 instance to the ALB if the desired threshold is reached.
C. Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy. Attach the ALB to the Auto Scaling group.
D. Deploy the application to an Auto Scaling group of EC2 instances with a scheduled scaling policy. Attach the ALB to the Auto Scaling group.

Q&A 11

their own development environments and these development environments must be identical. Each development environment consists of Amazon EC2 instances and an Amazon RDS DB instance. The development environments should be created only when necessary, and they must be terminated each night to minimize costs.

What is the MOST operationally efficient solution that meets these requirements?

A. Provide developers with access to the same AWS CloudFormation template so that they can provide their development environment when necessary. Schedule a nightly cron job on each development instance to stop all running processes to reduce CPU utilization to nearly zero.

B. Provide developers with access to the same AWS CloudFormation template so that they can provide their development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to delete the AWS CloudFormation stacks.

C. Provide developers with CLI commands so that they can provide their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2 instances and the DB instance.

D. Provide developers with CLI commands so that they can provide their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to cause AWS CloudFormation to delete all of the development environment resources.

Q&A 12

A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.

Which combination of actions should a SysOps administrator take to resolve this problem? (Choose two.)

A. Change to the least outstanding requests algorithm on the ALB target group.
B. Configure cookie forwarding in the CloudFront distribution cache behavior.
C. Configure header forwarding in the CloudFront distribution cache behavior.
D. Enable group-level stickiness on the ALB listener rule.
E. Enable sticky sessions on the ALB target group.

Post the correct answer and correct it:

123456789101112
CCDECAABCACCCE

You will also receive a Pass4itSure Amazon SOA-C02 dumps in PDF format.

Never Fail With SOA-C02 Exam Dumps PDF 2022

free SOA-C02 exam pdf [google drive] https://drive.google.com/file/d/1swC43K9J3nAUA4ehjLuJOgEDtL9JuCgp/view?usp=sharing

If you’re looking for the latest Amazon Certification Exam SOA-C02 exam preparation study materials, then you must use Pass4itSure-designed SOA-C02 dumps Mar2022 exam questions 100% to help you pass the exam.

Free Share Link:

Get latest SOA-C02 exam dumps Mar2022 https://www.pass4itsure.com/soa-c02.html (Contains 115+ unique questions)

Download Authentic SOA-C02 Dumps (2022) – Free PDF https://drive.google.com/file/d/1swC43K9J3nAUA4ehjLuJOgEDtL9JuCgp/view?usp=sharing

Past Amazon SOA-C02 exam practice questions https://www.examdemosimulation.com/valid-amazon-soa-c02-practice-questions-free-share-from-pass4itsure/



[SAP-C01 Dumps Mar2022] Amazon SAP-C01 Dumps Practice Questions

Today, earning AWS Certified Professional SAP-C01 certification is one of the most productive investments to accelerate your career. The Amazon SAP-C01 certification exam is one of the most important exams that many IT aspirants dream of. You must have valid SAP-C01 exam dumps question preparation materials to prepare for the exam.

Pass4itSure Latest version SAP-C01 dumps Mar2022 https://www.pass4itsure.com/aws-solution-architect-professional.html is your best preparation material to ensure you successfully pass the exam and become certified.

Check out the following free SAP-C01 dumps Mar2022 practice questions(1-12)

1.

An organization is undergoing a security audit. The auditor wants to view the AWS VPC configurations as the organization has hosted all the applications in the AWS VPC. The auditor is from a remote place and wants to have access to AWS to view all the VPC records.

How can the organization meet the expectations of the auditor without compromising the security of its AWS infrastructure?

A. The organization should not accept the request as sharing the credentials means compromising security.
B. Create an IAM role that will have read-only access to all EC2 services including VPC and assign that role to the auditor.
C. Create an IAM user who will have read-only access to the AWS VPC and share those credentials with the auditor.
D. The organization should create an IAM user with VPC full access but set a condition that will not allow modifying anything if the request is from any IP other than the organization\\’s data center.

Correct Answer: C

A Virtual Private Cloud (VPC) is a virtual network dedicated to the user\\’s AWS account. The user can create subnets as per the requirement within a VPC. The VPC also works with IAM and the organization can create IAM users who have access to various VPC services. If an auditor wants to have access to the AWS VPC to verify the rules, the organization
should be careful before sharing any data which can allow making updates to the AWS infrastructure.

In this scenario, it is recommended that the organization creates an IAM user who will have read-only access to the VPC. Share the above-mentioned credentials with the auditor as it cannot harm the organization. The sample policy is given below:
{
“Effect”:”Allow”, “Action”: [ “ec2:DescribeVpcs”, “ec2:DescribeSubnets”,
“ec2: DescribeInternetGateways”, “ec2:DescribeCustomerGateways”, “ec2:DescribeVpnGateways”,
“ec2:DescribeVpnConnections”, “ec2:DescribeRouteTables”, “ec2:DescribeAddresses”, “ec2:DescribeSecurityGroups”,
“ec2:DescribeNetworkAcls”, “ec2:DescribeDhcpOptions”, “ec2:DescribeTags”, “ec2:DescribeInstances”
],
“Resource”:”*”
}
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_IAM.html

2.

IAM users do not have permission to create Temporary Security Credentials for federated users and roles by default. In contrast, IAM users can call __ without the need of any special permissions

A. GetSessionName
B. GetFederationToken
C. GetSessionToken
D. GetFederationName

Correct Answer: C

Currently the STS API command GetSessionToken is available to every IAM user in your account without previous permission. In contrast, the GetFederationToken command is restricted and explicit permissions need to be granted so a user can issue calls to this particular Action.

Reference: http://docs.aws.amazon.com/STS/latest/UsingSTS/STSPermission.html

3.

What is the role of the PollForTask action when it is called by a task runner in AWS Data Pipeline?

A. It is used to retrieve the pipeline definition.
B. It is used to report the progress of the task runner to AWS Data Pipeline.
C. It is used to receive a task to perform from AWS Data Pipeline.
D. It is used to inform AWS Data Pipeline of the outcome when the task runner completes a task.

Correct Answer: C

Task runners call PollForTask to receive a task to perform from AWS Data Pipeline. If tasks are ready in the work queue, PollForTask returns a response immediately. If no tasks are available in the queue, PollForTask uses longpolling and holds on to a poll connection for up to 90 seconds, during which time any newly scheduled tasks are handed to the task agent.

Your remote worker should not call PollForTask again on the same worker group until it receives a response, and this may take up to 90 seconds.
Reference: http://docs.aws.amazon.com/datapipeline/latest/APIReference/API_PollForTask.html

4.

Which of the following is true of an instance profile when an IAM role is created using the console?

A. The instance profile uses a different name.
B. The console gives the instance profile the same name as the role it corresponds to.
C. The instance profile should be created manually by a user.
D. The console creates the role and instance profile as separate actions.

Correct Answer: B

Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the console, the console creates an instance profile automatically and gives it the same name as the role it corresponds to.

If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role and instance profile as separate actions, and you might give them different names.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
Exam C

5.

A company is configuring connectivity to a multi-account AWS environment to support application workloads that serve users in a single geographic region. The workloads depend on a highly available, on-premises legacy system deployed across two locations.

It is critical for the AWS workloads to maintain connectivity to the legacy system, and a minimum of 5 Gbps of bandwidth is required. All application workloads within AWS must have connectivity with one another.

Which solution will meet these requirements?

A. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from a DX partner for each on? remises location. Create private virtual interfaces on each connection for each AWS account VPC. Associate the private virtual interface with a virtual private gateway attached to each VPC.

B. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from two DX partners for each on-premises location. Create and attach a virtual private gateway for each AWS account VPC. Create a DX gateway in a central network account and associate it with the virtual private gateways. Create a public virtual interface on each DX connection and associate the interface with the DX gateway.

C. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from two DX partners for each on-premises location. Create a transit gateway and a DX gateway in a central network account. Create a transit virtual interface for each DX interface and associate them with the DX gateway. Create a gateway association between the DX
gateway and the transit gateway.

D. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from a DX partner for each on-premises location. Create and attach a virtual private gateway for each AWS account VPC. Create a transit gateway in a central network account and associate it with the virtual private gateways. Create a transit virtual interface on each DX
connection and attach the interface to the transit gateway.

Correct Answer: B

6.

True or False: “In the context of Amazon ElastiCache, from the application\’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node.”

A. True, from the application\’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node since, each has a unique node identifier.

B. True, from the application\’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node.

C. False, you can connect to a cache node, but not to a cluster configuration endpoint.

D. False, you can connect to a cluster configuration endpoint, but not to a cache node.

Correct Answer: B

This is true. From the application\’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node.

In the process of connecting to cache nodes, the application resolves the configuration endpoint\’s DNS name. Because the configuration endpoint maintains CNAME entries for all of the cache nodes, the DNS name resolves to one of the nodes; the client can then connect to that node.

Reference:
http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/AutoDiscovery.HowAutoDiscoveryWorks.html

7.

An AWS partner company is building a service in AWS Organizations using its organization named org1. This service requires the partner company to have access to AWS resources in a customer account, which is in a separate organization named org2.

The company must establish least privilege security access using an API or command-line tool to the customer account.

What is the MOST secure way to allow org1 to access resources in org2?

A. The customer should provide the partner company with their AWS account access keys to log in and perform the required tasks.

B. The customer should create an IAM user and assign the required permissions to the IAM user. The customer should then provide the credentials to the partner company to log in and perform the required tasks.

C. The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role\’s Amazon Resource Name (ARN) when requesting access to perform the required tasks.

D. The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role\’s Amazon Resource Name (ARN), including the external ID in the IAM role\’s trust policy, when requesting access to perform the required tasks.

Correct Answer: B

8.

A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect must implement a solution that the company can use to share a common network across multiple accounts.

The company\’s infrastructure team has a dedicated infrastructure account that has a VPC. The infrastructure team must use this account to manage the network. Individual accounts cannot have the ability to manage their own networks. However, individual accounts must be able to create AWS resources within subnets.

Which combination of actions should the solutions architect perform to meet these requirements? (Choose two.)

A. Create a transit gateway in the infrastructure account.

B. Enable resource sharing from the AWS Organizations management account.

C. Create VPCs in each AWS account within the organization in AWS Organizations. Configure the VPCs to share the same CIDR range and subnets as the VPC in the infrastructure account. Peer the VPCs in each individual account with the VPC in the infrastructure account.

D. Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to associate with the resource share.

E. Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each prefix-list to associate with the resource share.

Correct Answer: BE

9.

A company has an application that generates a weather forecast that is updated every 15 minutes with an output resolution of 1 billion unique positions, each approximately 20 bytes in size (20 Gigabytes per forecast).

Every hour, the forecast data is globally accessed approximately 5 million times (1,400 requests per second), and up to 10 times more
during weather events.

The forecast data is overwritten in every update. Users of the current weather forecast application expect responses to queries to be returned in less than two seconds for each request.

Which design meets the required request rate and response time?

A. Store forecast locations in an Amazon ES cluster. Use an Amazon CloudFront distribution targeting an Amazon API Gateway endpoint with AWS Lambda functions responding to queries as the origin. Enable API caching on the API Gateway stage with a cache-control timeout set for 15 minutes.

B. Store forecast locations in an Amazon EFS volume. Create an Amazon CloudFront distribution that targets an Elastic Load Balancing group of an Auto Scaling fleet of Amazon EC2 instances that have mounted the Amazon EFS volume. Set the cache-control timeout for 15 minutes in the CloudFront distribution.

C. Store forecast locations in an Amazon ES cluster. Use an Amazon CloudFront distribution targeting an API Gateway endpoint with AWS Lambda functions responding to queries as the origin. Create an Amazon [email protected] function that caches the data locally at edge locations for 15 minutes.

D. Store forecast locations in Amazon S3 as individual objects. Create an Amazon CloudFront distribution targeting an Elastic Load Balancing group of an Auto Scaling fleet of EC2 instances, querying the origin of the S3 object. Set the cache-control timeout for 15 minutes in the CloudFront distribution.

Correct Answer: C

Reference: https://aws.amazon.com/blogs/networking-and-content-delivery/lambdaedge-design-best-practices/

10.

The following are AWS Storage services? (Choose two.)

A. AWS Relational Database Service (AWS RDS)
B. AWS ElastiCache
C. AWS Glacier
D. AWS Import/Export

Correct Answer: CD

11.

An organization is trying to set up a VPC with Auto Scaling. Which configuration steps below are not required to set up AWS VPC with Auto Scaling?

A. Configure the Auto Scaling group with the VPC ID in which instances will be launched.
B. Configure the Auto Scaling Launch configuration with multiple subnets of the VPC to enable the Multi-AZ feature.
C. Configure the Auto Scaling Launch configuration which does not allow assigning a public IP to instances.
D. Configure the Auto Scaling Launch configuration with the VPC security group.

Correct Answer: B

The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an Auto Scaling group.

Before creating the Auto Scaling group it is recommended that the user creates the Launch configuration. Since it is a VPC, it is recommended to select the parameter which does not allow assigning a public IP to the instances.


The user should also set the VPC security group with the Launch configuration and select the subnets where the instances will be launched in the AutoScaling group. The HA will be provided as the subnets may be a part of separate AZs.

Reference:
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/autoscalingsubnets.html

12.

A company has a web application that allows users to upload short videos. The videos are stored on Amazon EBS volumes and analyzed by custom recognition software for categorization.

The website contains static content that has variable traffic with peaks in certain months. The architecture consists of Amazon EC2 instances running in an Auto Scaling group for the web application and EC2 instances running in an Auto Scaling group to process an Amazon SQS-queue.

The company wants to re-architect the application to reduce
operational overhead using AWS managed services where possible and remove dependencies on third-party software.

Which solution meets these requirements?

A. Use Amazon ECS containers for the web application and Spot instances for the Scaling group that processes the SQS queue. Replace the custom software with Amazon Rekognition to categorize the videos.

B. Store the uploaded videos in Amazon EFS and mount the file system to the EC2 instances for the web application. Process the SQS queue with an AWS Lambda function that calls the Amazon Rekognition API to categorize the videos.

C. Host the web application in Amazon S3. Store the uploaded videos in Amazon S3. Use S3 event notification to publish events to the SQS queue. Process the SQS queue with an AWS Lambda function that calls the Amazon Rekognition API to categorize the videos.

D. Use AWS Elastic Beanstalk to launch EC2 instances in an Auto Scaling group for the application and launch a working environment to process the SQS queue. Replace the custom software with Amazon Rekognition to categorize the videos.

Correct Answer: A

In addition, free SAP-C01 dumps Mar2022 PDF format is shared for you to download

Free SAP-C01 Dumps Pdf Question [google drive] https://drive.google.com/file/d/1gGGeMsq3YyCxavxldDOlVIagJ4ieNQmL/view?usp=sharing

After the above testing, you have a good experience with the latest version of SAP-C01 dumps Mar2022, so using the full Amazon SAP-C01 dumps https://www.pass4itsure.com/aws-solution-architect-professional.html easily earn your AWS Certified Professional certification.

Past articles about the SAP-C01 exam https://www.examdemosimulation.com/amazon-aws-sap-c01-dumps-pdf-top-trending-exam-questions-update/

[NEW] Amazon SAA-C02 dumps pdf questions and exam tips Up-to-date

The SAA-C02 exam is difficult to pass, and good SAA-C02 dumps are hard to find! How do you break through? Some of you took more than 3 months to prepare and didn’t have confidence, and some of you sprinted for a month or so to get through. Share free Amazon SAA-C02 dumps pdf questions and exam tips here that will give you confidence.

BIG TIP: If you have learned from Pass4Sure SAA-C02 dumps pdf https://www.pass4itsure.com/saa-c02.html(PDF+VCE), 100% of the problems are from there, make sure you pass.

The first step is free Amazon SAA-C02 dumps practice questions to share with you:

1-

A developer has an application that uses an AWS Lambda function to upload files to Amazon S3 and needs the required permissions to perform the task.

The developer already has an IAM user with valid IAM credentials required for Amazon S3. What should a solutions architect do to grant the permissions?

A. Add required IAM permissions in the resource policy of the Lambda function.
B. Create a signed request using the existing IAM credential in the Lambda function.
C. Create a new IAM user and use the existing IAM credentials in the Lambda function
D. Create an IAM execution role with the required permissions and attach the IAM role to the Lambda function

2 –

A financial services company has a web application that serves users in the United States and Europe The application consists of a database tier and a web server tier The database tier consists of a MySQL database hosted in us-east-1

Amazon Route 53 geo proximity routing is used to direct traffic to instances in the closest Region A performance review of the system reveals that European users are not receiving the same level of query performance as those in the United States

Which changes should be made to the database tier to improve performance?

A. Migrate the database to Amazon RDS for MySQL Configure Multi-AZ in one of the European Regions
B. Migrate the database to Amazon DynamoDB Use DynamoDB global tables to enable replication to additional Regions
C. Deploy MySQL instances in each Region Deploy an Application Load Balancer in front of MySQL to reduce the load on the primary instance
D. Migrate the database to an Amazon Aurora global database in MySQL compatibility mode Configure read replicas in one of the European Regions

3 –

A company designs a mobile app for its customers to upload photos to a website. The app needs a secure login with multi-factor authentication (MFA). The company wants to limit the initial build time and the maintenance of the solution

Which solution should a solutions architect recommend to meet these requirements?

A. Use Amazon Cognito Identity with SMS-based MFA.
B. Edit 1 AM policies to require MFA for all users
C. Federate 1 AM against the corporate Active Directory that requires MFA
D. Use Amazon API Gateway and require server-side encryption (SSE) for photos

4 –

A company recently launched a new service that involves medical images. The company scans the images and sends them from its on-premises data center through an AWS Direct Connect connection to Amazon EC2 instances.

After processing is complete, the images are stored in an Amazon S3 bucket.

A company requirement states that the EC2 instances cannot be accessible through the internet. The EC2 instances run in a private subnet, which has a default route back to the on-premises data center for outbound internet access.

Usage of the new service is increasing rapidly. A solutions architect must recommend a solution that meets the company\\’s requirements and reduces the Direct Connect charges.

Which solution accomplishes these goals MOST cost-effectively?

A. Configure a VPC endpoint for Amazon S3. Add an entry to the private subnet\\’s route table for the S3 endpoint.
B. Configure a NAT gateway in a public subnet. Configure the private subnet\\’s route table to use the NAT gateway.
C. Configure Amazon S3 as a file system mount point on the EC2 instances. Access Amazon S3 through the mount.
D. Move the EC2 instances into a public subnet. Configure the public subnet route table to point to an internet gateway.

5 –

A company is designing a cloud communications platform trial is driven by APIs. The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB). The company uses Amazon API Gateway to provide external users with access to the application through APIs.

The company wants to protect the platform against web exploits like SQL Injection and also wants to detect and mitigate large, sophisticated DDoS attacks Which combination of solutions provides the MOST protection? (Select TWO.)

A. Use AWS WAF to protect the NLB
B. Use AWS Shield Advanced with the NLB
C. Use AWS WAF to protect Amazon API Gateway
D. Use Amazon GuardDuty with AWS Shield Standard
E. Use AWS Shield Standard with Amazon API Gateway

6 –

A company runs an application on Amazon EC2 Instances. The application is deployed in private subnets in three Availability Zones of the us-east-1 Region.

The instances must be able to connect to the internet to download files The company wants a design that Is highly available across the Region.

Which solution should be implemented to ensure that there are no disruptions to Internet connectivity?

A. Deploy a NAT Instance In a private subnet of each Availability Zone.
B. Deploy a NAT gateway in a public subnet of each Availability Zone.
C. Deploy a transit gateway in a private subnet of each Availability Zone.
D. Deploy an internet gateway in a public subnet of each Availability Zone.

7 –

A solutions architect is designing a new workload in which an AWS Lambda function will access an Amazon DynamoDB table. What are the MOST secure means of granting the Lambda function access to the DynamoDB labia?

A. Create an IAM role with the necessary permissions to access the DynamoDB table Assign the role to the Lambda function.
B. Create a DynamoDB user name and password and give them to the developer to use in the Lambda function.
C. Create an IAM user, and create access and secret keys for the user. Give the user the necessary permissions to access the DynarnoOB table. Have the developer use these keys to access the resources.
D. Create an IAM role allowing access from AWS Lambda Assign the role to the DynamoDB table

8 –

Organizers for a global event want to put daily reports online as static HTML pages The pages are expected to generate millions of views from users around the world The files are stored in an Amazon S3 bucket A solutions architect has been asked to design an efficient and effective solution

Which action should the solutions architect take to accomplish this?

A. Generate pre-signed URLs for the files
B. Use cross-Region replication to all Regions
C. Use the geo proximity feature of Amazon Route 53
D. Use Amazon CloudFront with the S3 bucket as its origin

Using Amazon S3 Origins, MediaPackage Channels, and Custom Origins for Web Distributions Using Amazon S3 Buckets for Your Origin When you use Amazon S3 as an origin for your distribution, you place any objects that you
want CloudFront to deliver in an Amazon S3 bucket.

You can use any method that is supported by Amazon S3 to get your objects into Amazon S3, for example, the Amazon S3 console or API, or a third-party tool. You can create a hierarchy in your bucket to store the objects, just as you would with any other Amazon S3 bucket.

Using an existing Amazon S3 bucket as your CloudFront origin server doesn\’t change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects at the standard Amazon S3 price. You incur
regular Amazon S3 charges for storing the objects in the bucket.

Using Amazon S3 Buckets Configured as Website Endpoints for Your Origin You can set up an Amazon S3 bucket that is configured as a website endpoint as custom origin with CloudFront.

When you configure your CloudFront distribution, for the origin, enter the Amazon S3 static website hosting endpoint for your bucket. This value appears in the Amazon S3 console, on the Properties tab, in the Static website hosting pane.

For example:
http://bucket-name.s3-website-region.amazonaws.com
For more information about specifying Amazon S3 static website endpoints, see Website endpoints in the Amazon Simple Storage Service Developer Guide. When you specify the bucket name in this format as your origin, you can use
Amazon S3 redirects and Amazon S3 custom error documents.

For more information about Amazon S3 features, see
the Amazon S3 documentation. Using an Amazon S3 bucket as your CloudFront origin server doesn\’t change it in any way.

You can still use it as you normally would and you incur regular Amazon S3 charges. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCust omOrigins.html

9 –

A company runs multiple Amazon EC2 Linux instances in a VPC across two Availability Zones The instances, host applications that use a hierarchical directory structure The applications need to read and write rapidly and concurrently to shared storage
What should a solutions architect do to meet these requirements?

A. Create an Amazon S3 bucket Allow access from all the EC2 instances in the VPC
B. Create an Amazon Elastic File System (Amazon EFS) file system Mount the EFS file system from each EC2 instance
C. Create a file system on a Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume Attach the EBS volume to all the EC2 instances
D. Create file systems on Amazon Elastic Block Store (Amazon EBS) volumes that are attached to each EC2 instance Synchronize the EBS volumes across the different EC2 instances

10 –

An eCommerce company is experiencing an increase in user traffic. The company\\’s store is deployed on Amazon EC2 instances as a two-tier two application consisting of a web tier and a separate database tier As traffic increases, the company notices that the architecture is causing significant delays in sending timely marketing and order confirmation
email to users.

The company wants to reduce the time it spends resolving complex email delivery issues and minimize operational overhead What should a solutions architect do to meet these requirements?

A. Create a separate application tier using EC2 instances dedicated to email processing.
B. Configure the web instance to send email through Amazon Simple Email Service (Amazon SES)
C. Configure the web instance to send email through Amazon Simple Notification Service (Amazon SNS)
D. Create a separate application tier using EC2 instances dedicated to email processing. Place the instances in an Auto Scaling group.

11 –

A company\\’s security policy requires that alt AWS API activity in its AWS accounts be recorded for periodic auditing. The company needs to ensure that AWS CloudTrail is enabled on all of its current and future AWS accounts using AWS Organizations.

Which solution is MOST secure?

A. At the organization\\’s root define and attach a service control policy (SCP) that permits enabling CloudTrail only
B. Create 1 AM groups in the organization\\’s master account as needed Define and attach a 1 AM policy to the groups that prevent users from disabling CloudTrail
C. Organize accounts into organizational units (OUs) At the organization\\’s root, define and attach a service control policy (SCP) that prevents users from disabling CloudTrail
D. Add all existing accounts under the organization\\’s root Define and attach a service control policy (SCP) to every account that prevents users from disabling CloudTrail

12 –

A company is selling up an application to use an Amazon RDS MySQL DB instance. The database must be architected for high availability across Availability Zones and AWS Regions with minimal downtime.

How should a solutions architect meet this requirement?

A. Set up an RDS MySQL Multi-AZ DB instance. Configure an appropriate backup window.
B. Set up an RDS MySQL Multi-AZ DB instance. Configure a read replica in a different Region.
C. Set up an RDS MySQL Single-AZ DB instance. Configure a read replica in a different Region.
D. Set up an RDS MySQL Single-AZ DB instance. Copy automated snapshots to at least one other Region.

Post answer

1. C, 2. D, 3. A, 4. B, 5. AD, 6. B, 7. A, 8. D, 9. B, 10. B, 11. D, 12. C

In the second step, you can also choose to study online for free SAA-C02 dumps pdf

[latest google drive SAA-C02 pdf] Contains 12 questions and answers with parsed AWS Certified Solutions Architect – Associate (SAA-C02) exam questions https://drive.google.com/file/d/1Oa-2k9ePg0XhbLn8PzRnIs2ci_eJTuXI/view?usp=sharing

Exam tips:

  • Do not drink too much water before the exam.
  • If English is not your primary language, use the ESL option.
  • Do not eat too many carbs before the test to avoid drowsiness

Exam Experience: For AWS Certified Solutions Architect – Associate (SAA-C02) exams, many people have the trouble mentioned at the beginning, don’t be dazed, believe in yourself. Pass4Sure SAA-C02 dumps pdf will help you learn to prepare and finally achieve your goals to earn the AWS Certified Associate certification.

Preparation: See the free SAA-C02 exam practice test above for a constant review of all the questions you made wrong in the practice exam. The next step is to get the full Pass4Sure SAA-C02 dumps pdf https://www.pass4itsure.com/saa-c02.html (980 total questions).

Thank you for reading, and finally wish everyone a smooth exam!

Examdemosimulation is designed to share Amazon’s latest SAA-C02 exam questions to help you pass.

Previous SAA-C02 exam questions

Latest AWS MLS-C01 Dumps PDF File And Practice Exam Questions Free

The MLS-C01 exam’s full name is AWS Certified Machine Learning – Specialty (MLS-C01) with a score of 820/1000. 750 is required to pass. It’s a tough exam that requires spending almost all of your allocated time on it. However, the pace of modern society is fast, and people’s time is limited.

How can we quickly study and pass the MLS-C01 exam?

MLS-C01 Exam Solutions:

Prepare for the exam with the latest AWS MLS-C01 dumps pdf and practice exam. Exam data provider for many years, with a high pass rate – Pass4itSure MLS-C01 dumps pdf 2022 https://www.pass4itsure.com/aws-certified-machine-learning-specialty.html (Updated: Mar 18, 2022)

Next is sharing time:

AWS MLS-C01 Dumps PDF File Free Download

[free pdf from google drive] MLS-C01 dumps pdf https://drive.google.com/file/d/1Bs4_E8OGlcrv-dEk6O1IpNjIxyTHK88U/view?usp=sharing

Take A Free Amazon MLS-C01 Practice Test

Do it yourself first, then check the answer and correct it.

[1]

A city wants to monitor its air quality to address the consequences of air pollution A Machine Learning Specialist needs to forecast the air quality in parts per million of contaminates for the next 2 days in the city As this is a prototype, only daily data from the last year is available

Which model is MOST likely to provide the best results in Amazon SageMaker?

A. Use the Amazon SageMaker k-Nearest-Neighbors (kNN) algorithm on the single time series consisting of the full year of data with a predictor_type of the regressor.
B. Use Amazon SageMaker Random Cut Forest (RCF) on the single time series consisting of the full year of data.
C. Use the Amazon SageMaker Linear Learner algorithm on the single time series consisting of the full year of data with a predictor_type of the regressor.
D. Use the Amazon SageMaker Linear Learner algorithm on the single time series consisting of the full year of data with a predictor_type of a classifier.

[2]

A company wants to classify user behavior as either fraudulent or normal. Based on internal research, a machine learning specialist will build a binary classifier based on two features: age of the account, denoted by x, and transaction month, denoted by y. The class distributions are illustrated in the provided figure.

The positive class is portrayed in red, while the negative class is portrayed in black.

Which model would have the HIGHEST accuracy?

A. Linear support vector machine (SVM)
B. Decision tree
C. Support vector machine (SVM) with a radial basis function kernel
D. Single perceptron with a Tanh activation function

[3]

A machine learning specialist stores IoT soil sensor data in the Amazon DynamoDB table and stores weather event data as JSON files in Amazon S3. The dataset in DynamoDB is 10 GB in size and the dataset in Amazon S3 is 5 GB in size.

The specialist wants to train a model on this data to help predict soil moisture levels as a function of weather events using Amazon SageMaker.

Which solution will accomplish the necessary transformation to train the Amazon SageMaker model with the LEAST amount of administrative overhead?

A. Launch an Amazon EMR cluster. Create an Apache Hive external table for the DynamoDB table and S3 data. Join the Hive tables and write the results out to Amazon S3.
B. Crawl the data using AWS Glue crawlers. Write an AWS Glue ETL job that merges the two tables and writes the output to an Amazon Redshift cluster.
C. Enable Amazon DynamoDB Streams on the sensor table. Write an AWS Lambda function that consumes the stream and appends the results to the existing weather files in Amazon S3.
D. Crawl the data using AWS Glue crawlers. Write an AWS Glue ETL job that merges the two tables and writes the output in CSV format to Amazon S3.

[4]

The Chief Editor for a product catalog wants the Research and Development team to build a machine learning system that can be used to detect whether or not individuals in a collection of images are wearing the company\\’s retail brand The team has a set of training data

Which machine learning algorithm should the researchers use that BEST meets their requirements?

A. Latent Dirichlet Allocation (LDA)
B. Recurrent neural network (RNN)
C. K-means
D. Convolutional neural network (CNN)

[5]

A Data Scientist needs to migrate an existing on-premises ETL process to the cloud. The current process runs at regular time intervals and uses PySpark to combine and format multiple large data sources into a single consolidated output for downstream processing.

The Data Scientist has been given the following requirements to the cloud solution:
Combine multiple data sources.

Reuse existing PySpark logic.
Run the solution on the existing schedule.
Minimize the number of servers that will need to be managed.

Which architecture should the Data Scientist use to build this solution?

A. Write the raw data to Amazon S3. Schedule an AWS Lambda function to submit a Spark step to a persistent Amazon EMR cluster based on the existing schedule. Use the existing PySpark logic to run the ETL job on the EMR cluster. Output the results to a ‚Äúprocessed‚ÄĚ location in Amazon S3 that is accessible for downstream use.

B. Write the raw data to Amazon S3. Create an AWS Glue ETL job to perform the ETL processing against the input data. Write the ETL job in PySpark to leverage the existing logic. Create a new AWS Glue trigger to trigger the ETL job based on the existing schedule. Configure the output target of the ETL job to write to a ‚Äúprocessed‚ÄĚ location in Amazon
S3 is accessible for downstream use.

C. Write the raw data to Amazon S3. Schedule an AWS Lambda function to run on the existing schedule and process the input data from Amazon S3. Write the Lambda logic in Python and implement the existing PySpark logic to perform the ETL process. Have the Lambda function output the results to a ‚Äúprocessed‚ÄĚ location in Amazon S3 that is
accessible for downstream use.

D. Use Amazon Kinesis Data Analytics to stream the input data and perform real-time SQL queries against the stream to carry out the required transformations within the stream. Deliver the output results to a ‚Äúprocessed‚ÄĚ location in Amazon S3 that is accessible for downstream use.

[6]

A Machine Learning Specialist prepared the following graph displaying the results of k-means fork = [1..10]:

Considering the graph, what is a reasonable selection for the optimal choice of k?


A. 1
B. 4
C. 7
D. 10

[7]

A power company wants to forecast future energy consumption for its customers in residential properties and commercial business properties. Historical power consumption data for the last 10 years is available.

A team of data scientists who performed the initial data analysis and feature selection will include the historical power consumption data
and data such as weather, number of individuals on the property, and public holidays.

The data scientists are using Amazon Forecast to generate forecasts.
Which algorithm in Forecast should the data scientists use to meet these requirements?

A. Autoregressive Integrated Moving Average (AIRMA)
B. Exponential Smoothing (ETS)
C. Convolutional Neural Network – Quantile Regression (CNN-QR)
D. Prophet

[8]

A Machine Learning Specialist is using Amazon SageMaker to host a model for a highly available customer-facing application.

The Specialist has trained a new version of the model, validated it with historical data, and now wants to deploy it to production To limit any risk of a negative customer experience, the Specialist wants to be able to monitor the model and roll it back if needed

What is the SIMPLEST approach with the LEAST risk to deploy the model and roll it back, if needed?

A. Create a SageMaker endpoint and configuration for the new model version. Redirect production traffic to the new endpoint by updating the client configuration. Revert traffic to the last version of the model does not perform as expected.

B. Create a SageMaker endpoint and configuration for the new model version. Redirect production traffic to the new endpoint by using a load balancer Revert traffic to the last version of the model does not perform as expected.

C. Update the existing SageMaker endpoint to use a new configuration that is weighted to send 5% of the traffic to the new variant. Revert traffic to the last version by resetting the weights if the model does not perform as expected.

D. Update the existing SageMaker endpoint to use a new configuration that is weighted to send 100% of the traffic to the new variant Revert traffic to the last version by resetting the weights if the model does not perform as expected.

[9]

Example Corp has an annual sale event from October to December. The company has sequential sales data from the past 15 years and wants to use Amazon ML to predict the sales for this year\\’s upcoming event.

Which method should Example Corp use to split the data into a training dataset and evaluation dataset?

A. Pre-split the data before uploading to Amazon S3
B. Have Amazon ML split the data randomly.
C. Have Amazon ML split the data sequentially.
D. Perform custom cross-validation on the data

[10]

A Machine Learning Specialist wants to bring a custom algorithm to Amazon SageMaker. The Specialist implements the algorithm in a Docker container supported by Amazon SageMaker.

How should the Specialist package the Docker container so that Amazon SageMaker can launch the training correctly?

A. Modify the bash_profile file in the container and add a bash command to start the training program
B. Use CMD config in the Dockerfile to add the training program as a CMD of the image
C. Configure the training program as an ENTRYPOINT named train
D. Copy the training program to the directory /opt/ml/train

[11]

A Machine Learning Specialist is configuring automatic model tuning in Amazon SageMaker When using the hyperparameter optimization feature, which of the following guidelines should be followed to improve optimization?

Choose the maximum number of hyperparameters supported by

A. Amazon SageMaker to search the largest number of combinations possible
B. Specify a very large hyperparameter range to allow Amazon SageMaker to cover every possible value.
C. Use log-scaled hyperparameters to allow the hyperparameter space to be searched as quickly as possible
D. Execute only one hyperparameter tuning job at a time and improve tuning through successive rounds of experiments

[12]

A data scientist uses an Amazon SageMaker notebook instance to conduct data exploration and analysis. This requires certain Python packages that are not natively available on Amazon SageMaker to be installed on the notebook instance.

How can a machine learning specialist ensure that required packages are automatically available on the notebook instance for the data scientist to use?

A. Install AWS Systems Manager Agent on the underlying Amazon EC2 instance and use Systems Manager Automation to execute the package installation commands.

B. Create a Jupyter notebook file (.ipynb) with cells containing the package installation commands to execute and place the file under the /etc/init directory of each Amazon SageMaker notebook instance.

C. Use the conda package manager from within the Jupyter notebook console to apply the necessary conda packages to the default kernel of the notebook.

D. Create an Amazon SageMaker lifecycle configuration with package installation commands and assign the lifecycle configuration to the notebook instance.

Reference: https://towardsdatascience.com/automating-aws-sagemaker-notebooks-2dec62bc2c84

Correct answer:

123456789101112
CCCCDCBACBCB

To sum up

Test your strength here before the exam, with 12 newly updated free exam dumps to test your true strength. The Pass4itSure MLS-C01 dumps pdf contains 215 latest updated exam questions, you can take the free test above and then download

the full Amazon MLS-C01 dumps pdf: https://www.pass4itsure.com/aws-certified-machine-learning-specialty.html to help you pass the exam.

Best learning resource:

Official AWS MLS-C01 Study Guide: https://d1.awsstatic.com/training-and-certification/docs-ml/AWS-Certified-Machine-Learning-Specialty_Exam-Guide.pdf

Most Useful AWS MLS-C01 Dumps Practice Exam https://www.pass4itsure.com/aws-certified-machine-learning-specialty.html complete version MLS-C01 practice test

Most Useful AWS MLS-C01 PDF https://drive.google.com/file/d/1Bs4_E8OGlcrv-dEk6O1IpNjIxyTHK88U/view?usp=sharing

Other early exam questions, you can compare:

https://www.examdemosimulation.com/get-the-most-updated-mls-c01-braindumps-and-amls-c01-exam-questions/
https://www.examdemosimulation.com/valid-amazon-aws-mls-c01-practice-questions-free-share-from-pass4itsure/

Experience Sharing: How to Find Amazon ANS-C00 Dumps?

For the Amazon ANS-C00 exam, the first step to success is to obtain an ANS-C00 dumps, which is, in layman’s terms, the correct learning material. So, in the exam, we first need to find out the important factors that bridge the gap between AWS Certified Specialty certification and test-takers – ANS-C00 dumps.

Pass successfully your Amazon ANS-C00 exam – https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html ANS-C00 dumps PDF +VCE.

1. How to find Amazon ANS-C00 dumps?

(1) User research

You can learn about and filter through Amazon ANS-C00 exam reviews, social media user reviews (Youtube/Instagram focus), Google Organic Search content, and ANS-C00 dumps.

(2) With the help of keywords

Using the exam name, the exam keywords search for “ANS-C00 dumps”, “ANS-C00 exam”, “AWS Certified Specialty”‚Ķ Find out which dump meets your requirements.

Pass4itSure ANS-C00 dumps is your best choice

Pass4itSure ANS-C00 dumps provide real exam questions and answers, displayed in PDF and VCE mode, you can choose the model you like.

Introduced how to find, and which is the best Amazon ANS-C00 dumps, followed by sharing the most useful and free ANS-C00 dumps Q&A

Amazon ANS-C00 dumps pdf Latest google drive:

free ANS-C00 pdf 2022 https://drive.google.com/file/d/1Usl0DPYUTyZfAxHq6fopE8TWoYv7ZQor/view?usp=sharing

Latest Amazon ANS-C00 dumps practice test questions

1.

In order to change the name of the AWS Config ____, you must stop the configuration recorder, delete the current one, and create a new one with a new name, since there can only be one of this per AWS account.

A. SNS topic
B. configuration history
C. delivery channel
D. S3 bucket path

Explanation: As AWS Config continually records the changes that occur to your AWS resources, it sends notifications and updated configuration states through the delivery channel. You can manage the delivery channel to control where AWS Config sends configuration updates.

You can have only one delivery channel per AWS account, and the delivery channel is required to use AWS Config. To change the delivery channel name, you must delete it and create a new delivery channel with the desired name.

Before you can delete the delivery channel, you must temporarily stop the configuration recorder. The AWS Config console does not provide the option to delete the delivery channel, so you must use the AWS CLI, the AWS Config API, or one of the AWS SDKs.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/update-dc.html

2.

How many tunnels do you get with each VPN connection hosted by AWS?

A. 4
B. 1
C. 2
D. 8

Explanation:
All AWS VPNs come with 2 tunnels for resiliency.

3.

Your organization runs a popular e-commerce application deployed on AWS that uses autoscaling in conjunction with an Elastic Load Balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses.

Which step should you take to fix this problem?

A. Generate new SSL certificates for all web servers and replace current certificates.
B. Change the security policy on the ELB to disable vulnerable protocols and ciphers.
C. Generate new SSL certificates and use ELB to front-end the encrypted traffic for all web servers.
D. Leverage your current configuration management system to update SSL policy on all web servers.

4.

A company is deploying a critical application on two Amazon EC2 instances in a VPC. Failed client connections to the EC2 instances must be logged according to company policy.

What is the MOST cost-effective solution to meet these requirements?

A. Move the EC2 instances to a dedicated VPC. Enable VPC Flow Logs with a filter on the deny action. Publish the flow logs to Amazon CloudWatch Logs.
B. Move the EC2 instances to a dedicated VPC subnet. Enable VPC Flow Logs for the subnet with a filter on the reject action. Publish the flow logs to an Amazon Kinesis Data Firehose stream with data delivery to an Amazon S3 bucket.
C. Enable VPC Flow Logs, filtered for rejected traffic, for the elastic network interfaces associated with the instances. Publish the flow logs to an Amazon Kinesis Data Firehose stream with data delivery to an Amazon S3 bucket.
D. Enable VPC Flow Logs, filtered for rejected traffic, for the elastic network interfaces associated with the instances. Publish the flow logs to Amazon CloudWatch Logs.

5.

A company installed an AWS Site-to-Site VPN and configured it to use two tunnels. The company has learned that the VPN connectivity is unstable. During a ping test from the on-premises data center to AWS, a network engineer notices that the first few ICMP replies time out but that subsequent requests are successful.

The AWS Management Console shows that the status for both tunnels last changed at the same time the ping responses were successfully received. Which steps should the network engineer take to resolve the instability? (Choose two.)

A. Enable dead peer detection (DPD) on the customer gateway device.
B. Change the tunnel configuration to active/standby on the virtual private gateway.
C. Use AS-PATH prepending on one path to cause all traffic to prefer that tunnel.
D. Send ICMP requests to an instance in the VPC every 5 seconds from the on-premises network.
E. Use a higher multi-exit discriminator (MED) value on the preferred path to prefer that tunnel.

6.

A company wants to enforce a compliance requirement that its Amazon EC2 instances use only on-premises DNS servers for name resolution. Outbound DNS requests to all other name servers must be denied. A network engineer configures the following set of outbound rules for a security group:

The network engineer discovers that the EC2 instances are still able to resolve DNS requests by using Amazon DNS servers inside the VPC.

Why is the solution failing to meet the compliance requirement?

A. The security group cannot filer outbound traffic to the Amazon DNS servers.
B. The security group must have inbound rules to prevent DNS requests from coming back to EC2 instances.
C. The EC2 instances are using the HTTPS port to send DNS queries to Amazon DNS servers.
D. The security group cannot filter outbound traffic to destinations within the same VPC.

7.

Your company is expanding its cloud infrastructure and moving many of its flat files and static assets to S3. You currently use a VPN to access your compute infrastructure, but you require more reliability for your static files as you are offloading all of your important data to AWS.

What is your best course of action while keeping costs low?

A. Create a Direct Connect connection using a Private VIF to access both compute and S3 resources.
B. Create an S3 endpoint and create a route to the endpoint prefix list for your VPN to allow access to your S3 resources.
C. Create two Direct Connect connections. Each is connected to a Private VIF to ensure maximum resiliency.
D. Create a Direct Connect connection using a Public VIF and route your VPN over the DX connection to your VPN endpoint.

Explanation:
An S3 endpoint cannot be used with a VPN. A Private VIF cannot access S3 resources. A Public VIF with a VPN will ensure security for your compute resources and access to your S3 resources. Two DX connections are very expensive and a Private VIF still won\\’t allow access to your S3 resources.

8.

You need to create a subnet in a VPC that supports 1000 hosts. You need to be as accurate as possible since you run a very large company. What CIDR should you use?

A. /16
B. /24
C. /7
D. /22

Explanation:
/22 supports 1019 hosts since AWS reserves 5 addresses.

9.

You are configuring a VPN to AWS for your company. You have configured the VGW and CGW. You have created the VPN. You have also run the necessary commands on your router. You allowed all TCP and UDP traffic between your data center and your VPC.

The tunnel still doesn\\’t come up. What is the most likely reason?

A. You forgot to turn on route propagation in the routing table.
B. You do not have a public ASN.
C. Your advertised subnet is too large.
D. You haven\\’t added protocol 50 to your firewall.

Explanation:
You haven\\’t allowed protocol 50 through the firewall. Protocol 50 is different from UDP (17) and TCP (6) and requires a rule in your firewall for your VPN tunnel to come up.

10.

Which two choices can serve as a directory service for WorkSpaces? (Choose two.)

A. Simple AD
B. Enhanced AD
C. Direct Connection
D. AWS Microsoft AD

Explanation:
There is no such thing as “Enhanced AD” and DX is not a directory service.

11.

Each custom AWS Config rule you create must be associated with a(n) AWS ____, which contains the logic that evaluates whether your AWS resources comply with the rule.

A. Lambda function
B. Configuration trigger
C. EC2 instance
D. S3 bucket

Explanation: You can develop custom AWS Config rules to be evaluated by associating each of them with an AWS Lambda function, which contains the logic that evaluates whether your AWS resources comply with the rule.

You associate this function with your rule, and the rule invokes the function either in response to configuration changes or periodically. The function then evaluates whether your resources comply with your rule, and sends its evaluation results to AWS Config.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html

12.

After setting an AWS Direct Connect, which of the following cannot be done with an AWS Direct Connect Virtual Interface?

A. You can delete a virtual interface; if its connection has no other virtual interfaces, you can delete the connection.
B. You can change the region of your virtual interface.
C. You can create a hosted virtual interface.
D. You can exchange traffic between the two ports in the same region connecting to different Virtual Private Gateways (VGWs) if you have more than one virtual interface.

Explanation: You must create a virtual interface to begin using your AWS Direct Connect connection. You can create a public virtual interface to connect to public resources or a private virtual interface to connect to your VPC.

Also, it is possible to configure multiple virtual interfaces on a single AWS Direct Connect connection, and you\\’ll need one private virtual interface for each VPC to connect to.

Each virtual interface needs a VLAN ID, interface IP address, ASN, and BGP key. To use your AWS Direct Connect connection with another AWS account, you can create a hosted virtual interface for that account.

These hosted virtual interfaces work the same as standard virtual interfaces and can connect to public resources or a VPC.

Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html

The answer is here, welcome to self-test:

123456789101112
CCDACECDDDADAD

The most useful and updated complete AWS Certified Specialty ANS-C00 dumps https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html

Links to practice questions for other Amazon certified popular exams:

https://www.examdemosimulation.com/12-latest-amazon-aws-dva-c01-dumps-practice-questions/
https://www.examdemosimulation.com/latest-amazon-aws-saa-c02-exam-dumps-qas-share-online/
https://www.examdemosimulation.com/free-aws-certified-specialty-exam-readiness-new-ans-c00-dumps-pdf/

The above is some learning sharing and thinking about the ANS-C00 dumps today.

12 Latest Amazon AWS DVA-C01 Dumps Practice Questions

Share free DVA-C01 practice questions and DVA-C01 dumps in preparation for the 2022 AWS Certified Associate certification.

Honey, if your goal is to get AWS Certified Associate certification in 2022 and look for the best Amazon AWS DVA-C01 dumps resources, you’ve come to the right place. Examdemosimulation is committed to sharing the latest DVA-C01 exam questions.

The full Amazon AWS DVA-C01 dumps issue is here https://www.pass4itsure.com/aws-certified-developer-associate.html PDF+ VCE DVA-C01 Dumps.

Previously, I’ve shared how to pass the AWS DVA-C01 exam as a novice in this blog, and now I’m going to share the latest practice questions, mock test q1-q12, to help you learn to pass the exam as quickly as possible.

Next, some of the best DVA-C01 mock tests and practice questions will be shared.

[2022 latest] Aws certified developer‚Äďassociate (dva-c01) dumps practice questions 1-12:

Q 1

An application that is deployed to Amazon EC2 is using Amazon DynamoDB. The application calls the DynamoDB REST API. Periodically, the application receives a ProvisionedThroughputExceededException error when the application writes to a DynamoDB table.
Which solutions will mitigate this error MOST cost-effectively? (Choose two.)

A. Modify the application code to perform exponential backoff when the error is received.
B. Modify the application to use the AWS SDKs for DynamoDB.
C. Increase the read and write throughput of the DynamoDB table.
D. Create a DynamoDB Accelerator (DAX) cluster for the DynamoDB table.
E. Create a second DynamoDB table. Distribute the reads and writes between two tables.

Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ Programming.Errors.html

Q 2

An application reads data from an Amazon DynamoDB table. Several times a day, for a period of 15 seconds, the application receives multiple ProvisionedThroughputExceeded errors.
How should this exception be handled?

A. Create a new global secondary index for the table to help with the additional requests.
B. Retry the failed read requests with exponential backoff.
C. Immediately retry the failed read requests.
D. Use the DynamoDB “UpdateItem” API to increase the provisioned throughput capacity of the table.

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Programming.Errors.html

Q 3

A company is launching a new web application in the AWS Cloud. The company\’s development team is using AWS Elastic Beanstalk for deployment and maintenance. According to the company\’s change management process, the development team must evaluate changes for a specific time period before completing the rollout.

Which deployment policy meets this requirement?

A. Immutable
B. Rolling
C. Rolling with additional batch
D. Traffic splitting

Q 4

A development team is migrating a monolithic application to Amazon API Gateway with AWS Lambda integrations using the AWS CD The zip deployment package exceeds the Lambda direct upload deployment package size limit. How should the Lambda function be deployed?

A. Use the zip tile to create a Lambda layer and reference it using the -code CLI parameter
B. Create a Docker image and reference the image using the –docker-image CLI parameter
C. Upload a deployment package using the –zp-file CLI parameter
D. Upload a deployment package to Amazon S3 and reference Amazon S3 using the — code CLI parameter

Q 5

An Amazon S3 bucket, “myawsbucket” is configured with website hosting in Tokyo region, what is the region-specific website endpoint?

A. www.myawsbucket.ap-northeast-1.amazonaws.com
B. myawsbucket.s3-website-ap-northeast-1.amazonawscom
C. myawsbucket.amazonaws.com
D. myawsbucket.tokyo.amazonaws.com

Depending on your Region, your Amazon S3 website endpoint follows one of these two formats. s3-website dash (-) Region – http://bucket-name.s3-website-Region.amazonaws.com s3-website dot (.) Region – http://bucketname.s3-website.Region.amazonaws.com https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html

Q 6

An application overwrites an object in Amazon S3, and then immediately reads the same object. Why would the application sometimes retrieve the old version of the object?

A. S3 overwrite PUTS are eventually consistent, so the application may read the old object.
B. The application needs to add extra metadata to label the latest version when uploading to Amazon S3.
C. All S3 PUTS are eventually consistent, so the application may read the old object.
D. The application needs to explicitly specify latest version when retrieving the object.

Q 7

An organization is using Amazon CloudFront to ensure that its users experience low-latency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application.

How can these requirements be met? (Choose two.)

A. Use AWS KMS to encrypt traffic between CloudFront and the web application.
B. Set the Origin Protocol Policy to “HTTPS Only”.
C. Set the Origin\\’s HTTP Port to 443.
D. Set the Viewer Protocol Policy to “HTTPS Only” or “Redirect HTTP to HTTPS”.
E. Enable the CloudFront option Restrict Viewer Access.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-tocloudfront.html
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-customorigin.html

Q 8

A company runs continuous integration/continuous delivery (CI/CD) pipeline for its application on AWS CodePipeline. A developer must write unit tests and run them as part of the pipelines before staging the artifacts for testing.
How should the Developer incorporate unit tests as part of CI/CD pipeline?

A. Create a separate codePipline pipline to run unit tests.
B. Update the AWS codeBuild build specification to include a phase for running unit tests.
C. Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests.
D. Create a testing branch in AWS CodeCommit to run unit tests.

Q 9

An application uses Amazon DynamoDB as its backend database The application experiences sudden spikes in traffic over the weekend and variable but predictable spikes during weekdays The capacity needs to be set to avoid throttling errors at all times.

How can this be accomplished cost-effectively?

A. Use provisioned capacity with AWS Auto Scaling throughout the week.
B. Use on-demand capacity for the weekend and provisioned capacity with AWS Auto Scaling during the weekdays
C. Use on-demand capacity throughout the week
D. Use provisioned capacity with AWS Auto Scaling enabled during the weekend and reserved capacity enabled during the weekdays

Q 10

Which features can be used to restrict access to data in S3? Choose 2 answers

A. Use S3 Virtual Hosting
B. Set an S3 Bucket policy.
C. Enable IAM Identity Federation.
D. Set an S3 ACL on the bucket or the object.
E. Create a CloudFront distribution for the bucket

https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/

Q 11

How can you secure data at rest on an EBS volume?

A. Attach the volume to an instance using EC2\\’s SSL interface.
B. Write the data randomly instead of sequentially.
C. Use an encrypted file system on top of the BBS volume.
D. Encrypt the volume using the S3 server-side encryption service.
E. Create an IAM policy that restricts read and write access to the volume.

Q 12

A company is using Amazon API Gateway to manage access to a set of microservices implemented as AWS Lambda functions. Following a bug report, the company makes a minor breaking change to one of the APIs.

In order to avoid impacting existing clients when the new API is deployed, the company wants to allow clients six months to migrate from v1 to v2.

Which approach should the Developer use to handle this change?

A. Update the underlying Lambda function and provide clients with the new Lambda invocation URL.
B. Use API Gateway to automatically propagate the change to clients, specifying 180 days in the phased deployment parameter.
C. Use API Gateway to deploy a new stage named v2 to the API and provide users with its URL.
D. Update the underlying Lambda function, create an Amazon CloudFront distribution with the updated Lambda function as its origin.

Post correct answer

Q1Q2Q3Q4Q5Q6Q7Q8Q9Q10Q11Q12
ABBADBABDBABDCC

[google drive] Amazon dva-c01 exam pdf 2022:

free download DVA-C01 pdf practice questions q1-q12 https://drive.google.com/file/d/1F-Dw8t1qmDpfT_XbolAmlbHKgvnPPytr/view?usp=sharing

Which DVA-C01 practice exam is the best? Should I go find a DVA-C01 dumps?

DVA-C01 practice questions and mock tests are an integral part of the exam, and of course you can’t do without the help of the DVA-C01 dumps. It is often seen that people ask which DVA-C01 practice exam is the best? Should I go find a DVA-C01 dumps?

Let me answer you clearly now: You can use the Pass4itSure DVA-C01 dumps to prepare for the exam. It is the best fit for you.

Never waste your time, Pass4itSure DVA-C01 dumps https://www.pass4itsure.com/aws-certified-developer-associate.html (PDF + VCE) to help with the AWS Certified Developer – Associate (DVA-C01) exam.

Here is the link to get practice for other Amazon AWS exams – https://www.examdemosimulation.com/category/amazon-exam-practice-test/

Latest Amazon AWS SAA-C02 exam dumps Q&As share online

Like other exams, the SAA-C02 exam is hard, and you can learn from the latest Amazon AWS SAA-C02 exam dumps PDF+ VCE. Examdemosimulation shares some of the best-used Updated Amazon SAA-C02 exams dumps learning materials and where to find them…

Where to find latest Amazon AWS SAA-C02 exam dumps?

Click on the link https://www.pass4itsure.com/saa-c02.html (get the latest SAA-C02 Dumps PDF + VCE) to purchase the full Amazon SAA-C02 exam dumps at the cheapest price with the discount code “Amazon”.

Here’s a Q&A from Pass4itsure SAA-C02 dumps share for the AWS Certified Solutions Architect – Associate (SAA-C02) exam:

Amazon AWS Certified Associate SAA-C02 practice test 1-12:

SAA-C02 Q&As

QUESTION 1

company\\’s human resources (HR) department saves its sensitive documents in an Amazon S3 bucket
named conf>dential_bucket An 1AM policy grants permission for ail S3 actions to a group of which each HR employee is a member A solutions architect needs to make the objects secure and raccessible outside the company\\’s AWS account and on-premises IP CIDR range The solutions architect adds the following S3 bucket policy ( “Version”: “2008-10-17”, “Statement”: [
{ “Effect”: “Deny”, “Principal”: { “AWS”: -“Action”: “s3:””, “Resource”: “arn:aws:s3:::confidential_bucket/*”, “Condition”: {
“StringNotLike”: {
“aws:sourceVpce”: “vpce-C12345789” }, “NotlpAddress”: { “aws:SourceIp”: [
“10.100.0.0/24”, “172.31.0.0/24”
J } }
} J }

What is the effect of the added bucket policy?

A. Option A
B. Option B
C. Option C
D. Option D

Correct Answer: D

QUESTION 2

A company is building a payment application that must be highly available even during regional service disruptions A solutions architect must design a data storage solution that can be easily replicated and used in other AWS Regions.

The application also requires low-latency atomicity, consistency, isolation, and durability (ACID) transactions that need to be immediately available to generate reports The development team also needs to use SQL. Which data storage solution meets these requirements\’?

A. Amazon Aurora Global Database
B. Amazon DynamoDB global tables
C. Amazon S3 with cross-Region replication and Amazon Athena
D. MySQL on Amazon EC2 instances with Amazon Elastic Block Store (Amazon EBS) snapshot replication

Correct Answer: C

QUESTION 3

A gaming company hosts a browser-based application on AWS. The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users.

The application has increased in popularity, and millions of users worldwide are accessing these media files. The company wants to provide the files to the users while reducing the load on the origin.
Which solution meets these requirements MOST cost-effectively?

A. Deploy an AWS Global Accelerator accelerator in front of the web servers.
B. Deploy an Amazon CloudFront web distribution in front of the S3 bucket.
C. Deploy an Amazon ElastiCache for Redis instance in front of the web servers.
D. Deploy an Amazon ElastiCache for Memcached instance in front of the web servers.

Correct Answer: B

Reference: https://aws.amazon.com/getting-started/hands-on/deliver-content-faster/

QUESTION 4

A company designed a stateless two-tier that uses Amazon EC2 in a single Availability Zone and an Amazon RDS multi DB instance. New company management wants to ensure the application is highly available.

What should a solutions architect do to meet this requirement?

A. Configure the application to use Multi-AZ EC2 Auto Scaling and create an Application Load Balancer.
B. Configure the application to take snapshots of the EC2 instances and send them to a different AWS Region.
C. Configure the application to use Amazon Route 53 latency-based routing to feed requests to the application.
D. Configure Amazon Route 53 rules to handle incoming requests and create a multi-AZ Application Load Balancer.

Correct Answer: A

QUESTION 5

The following IAM policy is attached to an IAM group. This is the only policy applied to the group.

What are the effective IAM permissions of this policy for group members?

A. Group members are permitted any Amazon EC2 action within the uss-east-1 Region. Statements after The Allow permission is not applied

B. Group members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are tagged in with multifactor authentication (MFA).

C. Group members are allowed the ec2:StopInstances and ec2:Terminatelnstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members authorized any other Amazon EC2 action.

D. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Groups are permitted any other Amazon EC2 action within the us-east-1 Region

Correct Answer: D

QUESTION 6

A company needs to use its on-premises LDAP directory service to authenticate its users to the AWS Management Console. The directory service is not compatible with Security Assertion Markup Language (SAML) Which solution meets these requirements?

A. Enable AWS Single Sign-On between AWS and the on-premises LDAP
B. Create a 1 AM policy mat that uses AWS credentials and integrate the policy into LDAP
C. Set up a process that rotates the IAM credentials whenever LDAP credentials are updated.
D. Develop an on-premises custom identity broker application of process mat uses AWS Security Token Service (AWS STS) to get short-lived credentials

Correct Answer: A

QUESTION 7

A company\\’s packaged application dynamically creates and returns single-use text files in response to user requests.

The company is using Amazon CloudFront for distribution but wants to future reduce data transfer costs. The company modifies the application\\’s source code.

What should a solution architect do to reduce costs?

A. Use Lambda adage to compress the files as they are sent to users.
B. Enable Amazon S3 Transfer Acceleration to reduce the response times.
C. Enable caching on the CloudFront distribution to store generated files at the edge.
D. Use Amazon S3 multipart uploads to move the files to Amazon S3 before returning them to users.

Correct Answer: C

QUESTION 8

A company is hosting an election reporting website on AWS for users around the world The website uses Amazon EC2 Instances for the web and application tiers in an Auto Scaling group with Application Load Balancers The database tier uses an Amazon RDS for MySQL database

The website is updated with election results once an hour and has historically observed hundreds of users accessing the reports The company Is expecting a significant increase In demand because of upcoming elections in different countries. A solutions architect must Improve The website\’s ability
to handle additional demand while minimizing the need for additional EC2 instances

Which solution will meet these requirements?

A. Launch an Amazon ElastiCache cluster to cache common database queries.
B. Launch an Amazon CloudFront web distribution to cache commonly requested website content
C. Enable disk-based caching on the EC2 instances to cache commonly requested website content
D. Deploy a reverse proxy into the design using an EC2 instance with caching enabled for commonly requested website content

Correct Answer: B

QUESTION 9

A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda The application\’s traffic recently spiked due to fraudulent requests from botnets.
Which steps should a solutions architect take to block requests from unauthorized users? (Select TWO.)

A. Create a usage plan with an API key that is shared with genuine users only.
B. Integrate logic within the Lambda function to ignore the requests from fraudulent addresses.
C. Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out.
D. Convert the existing public API to a private API. Update the DNS records to redirect users to the new API endpoint.
E. Create an IAM role for each user attempting to access the API. A user will assume the role when making the API
call.

Correct Answer: CD

QUESTION 10

A company runs a fleet of web servers using an Amazon RDS for PostgreSQL DB instance. After a routine compliance check, the company sets a standard that requires a recovery point objective (RPO) of less than 1 second for all its production databases.

Which solution meets these requirements?

A. Enable a Multi-AZ deployment for the DB instance.
B. Enable auto-scaling for the DB instance in one Availability Zone.
C. Configure the DB instance in one Availability Zone, and create multiple read replicas in a separate Availability Zone.
D. Configure the DB instance in one Availability Zone, and configure AWS Database Migration Service (AWS DMS) change data capture (CDC) tasks.

Correct Answer: A

Reference: https://aws.amazon.com/blogs/database/implementing-a-disaster-recovery-strategy-withamazon-rds/

QUESTION 11

A gaming company is designing a highly available architecture. the application runs on a modified Linux kernel and supports only UDP-based traffic. The company needs the front-end tier to provide the best possible user experience.

The tier must have low latency, route traffic to the nearest edge location, and possible static IP addresses for entry into the application endpoints. What should a solution architect do to meet these requirements?

A. Configure Amazon Route 53 to forward requests to an Application Load Balancer. Use AWS Lambda for the application in AWS Application Auto Scaling.
B. Configure Amazon CloudFront to forward requests to a Network Load Balancer. Use AWS Lambda for the application in an AWS Application Auto Scaling group.
C. Configure AWS Global Accelerator to forward requests to a Network Load Balancer. Use Amazon EC2 instances for the application in an EC2 Auto Scaling group.
D. Configure Amazon API Gateway to forward requests to an Application Load Balancer. Use Amazon EC2 instances for the application in an EC2 Auto Scaling group.

Correct Answer: A

QUESTION 12

A company that hosts an online shopping application that stores all orders in an Amazon RDS for PostgreSQL Single-AZ DB instance Management wants to eliminate single points of failure and has asked a solutions architect to recommend an approach to minimize database downtime without requiring any changes to the application code.

Which solution meets these requirements?

A. Convert the existing database instance to a Multi-AZ deployment by modifying the database instance and specifying the Multi-AZ option.

B. Create a new RDS Multi-AZ deployment Take a snapshot of the current RDS instance and restore the new Multi-AZ deployment with the snapshot

C. Create a read-only replica of the PostgreSQL database in another Availability Zone Use Amazon Route 53 weighted recordsets to distribute requests across the databases.

D. Place the RDS for PostgreSQL database in an Amazon EC2 Auto Scaling group with a minimum group size of two Use Amazon Route 53 weighted recordsets to distribute requests across instances.

Correct Answer: A

PS, SAA-C02 exam pdf free download

google drive:

https://drive.google.com/file/d/1eYGs-78qblOHmGnz798OPyLzJ41vYjBT/view?usp=sharing

Other Amazon exam practice test https://www.examdemosimulation.com/category/amazon-exam-practice-test/

You can trust Pass4itSure SAA-C02 exam dumps because it has many years of experience and is always up to date. Get the full SAA-C02 exam dumps https://www.pass4itsure.com/saa-c02.html (total Q&As: 922).

Thanks for making these practice tests! I would like to receive a reply like this.

I hope this helps others learn,

Good luck to those who choose SAA-C02!