Amazon exam practice test / saa-c02 dumps / saa-c02 dumps pdf / saa-c02 exam / saa-c02 exam dumps / saa-c02 exam guide / saa-c02 exam questions / saa-c02 pdf / saa-c02 practice test

Is it possible to pass the AWS SAA-C02 exam in 4 days of study

Anything is possible, as long as you try. What needs to be done is to find the easiest way to pass the Amazon AWS SAA-C02 exam. Pass4itSure SAA-C02 dumps are the best resources for this certification. I mean, SAA-C02 dumps learning can improve your learning efficiency, let you pass the exam as quickly as possible.

The Pass4itSure SAA-C02 practice exam is absolutely first-class and helps you gain a better understanding of AWS SAA-C02. Here are some of the latest updates to the SAA-C02 exam practice questions to help you improve your pass rate! Of course, this is not enough to get the full SAA-C02 exam questions and answers https://www.pass4itsure.com/saa-c02.html (PDF + VCE) to help you pass the exam 100% early.

Free AWS SAA-C02 exam questions PDF

[latest PDF] free AWS SAA-C02 PDF https://drive.google.com/file/d/1KO4_xHVZhkSXpsoTfhzVq-2NPpjGA2Tc/view?usp=sharing

The latest free AWS SAA-C02 exam PDF is from Pass4itSure SAA-C02 exam dumps! Get the complete exam questions and answers in Pass4itSure.

Practice Exams: AWS SAA-C02 exam questions and answers free

QUESTION 1 #

A start-up company has a web application based in the us-east-1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones As the company\\’s user base grows in the west- 1 Region, it needs 3 solutions with low latency and high availability.

What should a solutions architect do to accomplish this?

A. Provision EC2 instances in us-west-1. Switch my Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing.

B. Provision EC2 instances and an Application Load Balancer in us-west-1 Make the load balancer distribute the traffic based on the location of the request

C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator uses an endpoint group that includes the load balancer endpoints in both Regions.

D. Provision EC2 Instances and configure an Application Load Balancer in us-wesl-1 Configure Amazon Route 53 with
a weighted routing policy. Create alias records in Route 53 that point to the Application Load Balancer

Correct Answer: C

Register endpoints for endpoint groups: You register one or more regional resources, such as Application Load Balancers, Network Load Balancers, EC2 Instances, or Elastic IP addresses, in each endpoint group. Then you can set weights to choose how much traffic is routed to each endpoint.
Endpoints in AWS Global Accelerator can be Network Load Balancers, Application Load
Balancers, Amazon EC2 instances, or Elastic IP addresses.

A static IP address serves as a single point of contact for clients, and Global Accelerator then distributes incoming traffic across healthy endpoints.
Global Accelerator directs traffic to endpoints by using the port (or port range) that you specify for the listener that the endpoint group for the endpoint belongs to.
Each endpoint group can have multiple endpoints. You can add each endpoint to multiple endpoint groups, but the endpoint groups must be associated with different listeners.

Global Accelerator continually monitors the health of all endpoints that are included in an endpoint group. It routes traffic only to the active endpoints that are healthy. If Global Accelerator does ?€™t have any healthy endpoints to route traffic to, it routes traffic to all endpoints.

Reference:
https://docs.aws.amazon.com/global-accelerator/latest/dg/about-endpoints.html
https://aws.amazon.com/global-accelerator/faqs/

QUESTION 2 #

Company is running an application on Amazon EC2 instances. Traffic to the workload increases substantially during business hours and decreases afterward. The CPU utilization of an EC2 instance is a strong indicator of end-user demand on the application. The company has configured an Auto Scaling group to have a minimum group size of 2 EC2 instances and a maximum group size of 10 EC2 instances.

The company is concerned that the current scaling policy that is associated with the Auto Scaling group might not be correct. The company must avoid over-provisioning EC2 instances and incurring unnecessary costs.

What should a solutions architect recommend to meet these requirements?

A. Configure Amazon EC2 Auto Scaling to use a scheduled scaling plan and launch an additional 8 EC2 instances during business hours.

B. Configure AWS Auto Scaling to use a scaling plan that enables predictive scaling. Configure predictive scaling with a scaling model of forecast and scale, and enforce the maximum capacity setting during scaling.

C. Configure a step scaling policy to add 4 EC2 instances at 50% CPU utilization and add another 4 EC2 instances at 90% CPU utilization. Configure scale-in policies to perform the reverse and remove EC2 instances based on the two values.

D. Configure AWS Auto Scaling to have the desired capacity of 5 EC2 instances, and disable any existing scaling policies. Monitor the CPU utilization metric for 1 week. Then create dynamic scaling policies that are based on the observed values.

Correct Answer: B

QUESTION 3 #

A company needs the ability to analyze the log files of its proprietary application The logs are stored in JSON format in an Amazon S3 bucket Queries will be simple and will run on- demand A solutions architect needs to perform the analysis with minimal changes to the existing architecture
What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?

A. Use Amazon Redshift to load all the content into one place and run the SQL queries as needed

B. Use Amazon CloudWatch Logs to store the logs Run SQL queries as needed from the Amazon CloudWatch console

C. Use Amazon Athena directly with Amazon S3 to run the queries as needed

D. Use AWS Glue to catalog the logs Use a transient Apache Spark cluster on Amazon EMR to run the SQL queries as needed

Correct Answer: B

QUESTION 4 #

An application running on AWS uses an Amazon Aurora Multi-AZ deployment for its database When evaluating performance metrics, a solutions architect discovered that the database reads are causing high I/O and adding latency to the write requests against the database What should the solutions architect do to separate the read requests from the write requests?

A. Enable read-through caching on the Amazon Aurora database

B. Update the application to read from the Multi-AZ standby instance

C. Create a read replica and modify the application to use the appropriate endpoint

D. Create a second Amazon Aurora database and link it to the primary database as a read replica.

Correct Answer: C

Amazon RDS Read Replicas provide enhanced performance and durability for RDS database (DB) instances. They make it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads.

You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas can also be promoted when needed to become standalone DB instances. Read replicas are available in Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server as well as Amazon Aurora.

For MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server database engines, Amazon RDS creates a second DB instance using a snapshot of the source DB instance. It then uses the engines\’ native asynchronous replication to update the read replica whenever there is a change to the source DB instance.

The read replica operates as a DB instance that allows only read-only connections; applications can connect to a read replica just as they would to any DB instance. Amazon RDS replicates all databases in the source DB instance.

Amazon Aurora further extends the benefits of reading replicas by employing an SSD-backed virtualized storage layer purpose-built for database workloads. Amazon Aurora replicas share the same underlying storage as the source instance, lowering costs and avoiding the need to copy data to the replica nodes. For more information about replication with Amazon Aurora, see the online documentation.

https://aws.amazon.com/rds/features/read-replicas/

QUESTION 5 #

A company has multiple AWS accounts, for various departments. One of the departments wants to share an Amazon S3 bucket with all other departments.

Which solution will require the LEAST amount of effort?

A. Enable cross-account S3 replication for the bucket

B. Create a pre-signed URL for the bucket and share it with other departments

C. Set the S3 bucket policy to allow cross-account access to other departments

D. Create IAM users for each of the departments and configure a read-only IAM policy

Correct Answer: C
https://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-accessexample2.html

QUESTION 6 #

A company has a customer relationship management (CRM) application that stores data in an Amazon RDS DB instance that runs Microsoft SQL Server. The company\’s IT staff has administrative access to the database. The database contains sensitive data. The company wants to ensure that the data is not accessible to the IT staff and that only authorized personnel can view the data.

What should a solutions architect do to secure the data?

A. Use client-side encryption with an Amazon RDS managed key.

B. Use client-side encryption with an AWS Key Management Service (AWS KMS) customer-managed key.

C. Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS) default encryption key.

D. Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS) customer-managed key.
Correct Answer: C

QUESTION 7 #

A solutions architect is designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability.

An intern! gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon EC2 instances to download software updates.

What should the solutions architect do to enable internet access for the private subnets?

A. Create three NAT gateways, one for each public subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT gateway in its AZ

B. Create three NAT instances, one for each private subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ

C. Create a second internet gateway on one of the private subnets. Update the routing table for the private subnets that forward non-VPC traffic to the private internet gateway

D. Create an egress-only internet gateway on one of the public subnets. Update the routing table for the private subnets that forward non-VPC traffic to the egress only internet gateway

Correct Answer: B

QUESTION 8 #

A company currently stores symmetric encryption keys in a hardware security module (HSM). A solution architect must design a solution to migrate key management to AWS. The solution should allow for key rotation and support the use of customer-provided keys.

Where should the key material be stored to meet these requirements?

A. Amazon S3

B. AWS Secrets Manager

C. AWS Systems Manager Parameter store

D. AWS Key Management Service (AWS KMS)

Correct Answer: B
https://aws.amazon.com/cloudhsm/

QUESTION 9 #

A solutions architect is designing a web application that will run on Amazon EC2 instances behind an Application Load Balancer (ALB) The company strictly requires that the application be resilient against malicious internet activity and attacks, and protect against new common vulnerabilities and exposures.

What should the solutions architect recommend?

A. Leverage Amazon CloudFront with the ALB endpoint as the origin

B. Deploy an appropriately managed rule for AWS WAF and associate it with the ALB

C. Subscribe to AWS Shield Advanced and ensure common vulnerabilities and exposures are blocked

D. Configure network ACLs and security groups to allow only ports 80 and 443 to access the EC2 instances

Correct Answer: B

QUESTION 10 #

The company has a live chat application running on a list of on-premises servers that use WebSockets. The company wants to migrate the application to AWS Application traffic is inconsistent, and the company expects there to be more traffic with sharp spikes in the future.

Does the company want a highly scalable solution with no server maintenance nor advanced capacity planning Which solution meets these requirements?

A. Use Amazon API Gateway and AWS Lambda with an Amazon DynamoDB table as the data store Configure the DynamoDB table for provisioned capacity

B. Use Amazon API Gateway and AWS Lambda with an Amazon DynamoDB table as the data store Configure the DynaiWDB table for on-demand capacity

C. Run Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group with an Amazon DynamoDB table as the data store Configure the DynamoDB table for on-demand capacity

D. Run Amazon EC2 instances behind a Network Load Balancer in an Auto Scaling group with an Amazon DynamoDB table as the data store Configure the DynamoDB table for provisioned capacity

Correct Answer: B

QUESTION 11 #

A company runs a static website through its on-premises data center. The company has multiple servers mat handle all of its traffic, but on busy days, services are interrupted and the website becomes unavailable. The company wants to expand its presence globally and plans to triple its website traffic.

What should a solutions architect recommend to meet these requirements?

A. Migrate the website content to Amazon S3 and host the website on Amazon CloudFront.

B. Migrate the website content to Amazon EC2 instances with public Elastic IP addresses in multiple AWS Regions.

C. Migrate the website content to Amazon EC2 instances and vertically scale as the load increases.

D. Use Amazon Route 53 to distribute the loads across multiple Amazon CloudFront distributions for each AWS Region that exists globally.

Correct Answer: A

Amazon CloudFront is a global Content Delivery Network (CDN), which will host your website on a global network of edge servers, helping users load your website more quickly. When requests for your website content come through, they are automatically routed to the nearest edge location, closest to where the request originated from, so your content is delivered to your end-user with the best possible performance.

QUESTION 12 #

A solution architect is performing a security review of a recently migrated workload. The workload is a web application that consists of Amazon EC2 instances in an Auto Scaling group behind an Application Load balancer. The solution architect must improve the security posture and minimize the impact of a DDoS attack on resources.

Which solution is MOST effective?

A. Configure an AWS WAF ACL with rate-based rules. Create an Amazon CloudFront distribution that points to the Application Load Balancer. Enable the EAF ACL on the CloudFront distribution

B. Create a custom AWS Lambda function that adds identified attacks into a common vulnerability pool to capture a potential DDoS attack. use the identified information to modify a network ACL to block access.

C. Enable VPC Flow Logs and store them in Amazon S3. Create a custom AWS Lambda functions that parse the logs looking for a DDoS attack. Modify a network ACL to block identified source IP addresses.

D. Enable Amazon GuardDuty and configure findings written 10 Amazon GloudWatch Create an event with Cloud Watch Events for DDoS alerts that trigger Amazon Simple Notification Service (Amazon SNS) Have Amazon SNS invoke a custom AWS Lambda function that parses the logs looking for a DDoS attack Modify a network ACL to block identified source IP addresses

Correct Answer: B

QUESTION 13

A solutions architect needs to ensure that all Amazon Elastic Block Store (Amazon EBS) volumes restored from unencrypted EBS snapshots are encrypted What should the solutions architect do to accomplish this?

A. Enable EBS encryption by default for the AWS Region

B. Enable EBS encryption by default for the specific volumes

C. Create a new volume and specify the symmetric customer master key (CMK) to use for encryption

D. Create a new volume and specify the asymmetric customer master key (CMK) to use for encryption.

Correct Answer: C

This is only part of the complete exam question answer in Pass4itSure. After each question, read the wrong answers carefully and try to understand the concepts. Instead of trying to remember the answer, try to understand the theory/concept.

Finally

Pass4itSure’s real-time updates to SAA-C02 questions and answers help you pass exams quickly. Study hard, use the right way to learn! It is possible to pass the Amazon AWS SAA-C02 exam in a 4-day study. You can visit Pass4itSure to get the complete AWS SAA-C02 exam dumps https://www.pass4itsure.com/saa-c02.html (Q&As: 787). 100% help you pass the exam early.

Good luck to those going for SAA-C02!