AWS Certified Solutions Architect - Associate SAA-C03 證照考古題

AWS 架構師證照考古題大全 20240923

AWS Certified Solutions Architect - Associate SAA-C03

Amazon Web Service（AWS 亞馬遜）全系列考古題，2024年最新題庫，持續更新，全網最完整。AWS 證照含金量高，自我進修、跨足雲端產業必備近期版本更新，隨時追蹤最新趨勢變化。

QUESTION 41

A company runs an online marketplace web application on AWS. The application serves hundreds of thousands of users duringpeak hours. The company needs a scalable, near-real- time solution to share the details of millions of financial transactions withseveral other internal applications. Transactions also need to be processed to remove sensitive data before being stored in a document database for low-latency retrieval.

What should a solutions architect recommend to meet these requirements?

A.       Store the transactions data into Amazon DynamoDB.

Set up a rule in DynamoDB to remove sensitive data from every transaction upon write. Use DynamoDB Streams to share the transactions data with other applications.

B.       Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3.

Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive data. Other applications can consume the data stored in Amazon S3.

C.      Stream the transactions data into Amazon Kinesis Data Streams.

Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in Amazon DynamoDB.

Other applications can consume the transactions data off the Kinesis data stream.

D.      Store the batched transactions data in Amazon S3 as files.

Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon S3.

The Lambda function then stores the data in Amazon DynamoDB. Other applications can consume transaction files stored in Amazon S3.

Correct Answer: C

Section: (none)

想要深入了解小豬科技的雲端服務？點擊這裡 探索我們的全方位解決方案。

QUESTION 42

A company uses an Amazon S3 bucket to store static images for its website. The company configured permissions to allow access to Amazon S3 objects by privileged users only. What should a solutions architect do to protect against data loss? (Select TWO.)

A.       Enable versioning on the 53 bucket.

B.       Enable access logging on the S3 bucket.

C.      Enable server-side encryption on the 53 bucket.

D.      Configure an 53 lifecycle rule to transition objects to Amazon 53 Glacier

E.       Use MEA Delete to require multi-factor authentication to delete an object.

Correct Answer: AE

Section: (none)

QUESTION 43

A solutions architect is developing a multiple-subnet VPC architecture. The solution will consist of six subnets in two Availability Zones.

The subnets are defined as public, private, and dedicated for databases. Only the Amazon EC2 instances running in the private subnets should be able to access a database.

Which solution meets these requirements?

A.       Create a new route table that excludes the route to the public subnets' CIDR blocks. Associate the route table to the database subnets.

B.       Create a security group that denies ingress from the security group used by instances in the public subnets. Attach the security group to an Amazon RDS DB instance.

C.      Create a security group that allows ingress from the security group used by instances in the private subnets. Attach the security group to an Amazon RDS DB instance.

D.      Create a new peering connection between the public subnets and the private subnets. Create a different peering connection between the private subnets and the database subnets.

Correct Answer: C

Section: (none)

QUESTION 44

A solutions architect iS designing the architecture of a new application being deployed to the AWS Cloud. The application willrun on Amazon EC2 On-Demand Instances and will automatically scale across multiple Availability Zones. The EC2 instanceswill scale up and down frequently throughout the day. An Application Load Balancer (AL .B) will handle the load distribution. The architecture needs to support distributed session data management. The company is willing to make changes to code if needed. What should the solutions architect do to ensure that the architecture supports distributed session data management?

A.       Use Amazon ElastiCache to manage and store session data.

B.       Use session affinity (sticky sessions) of the AL .B to manage session data.

C.      Use Session Manager from AWS Systems Manager to manage the session.

D.      Use the GetSessionToken API operation in AWS Security Token Service (AWS STS) to manage the session.

Correct Answer: A

Section: (none)

QUESTION 45

A solutions architect is designing a solution that requires frequent updates to a website that is hosted on Amazon S3 withversioning enabled For compliance reasons, the older versions of the objects will not be accessed frequently and will need to be deleted after 2 years. What should the solutions architect recommend to meet these requirements at the LOWEST cost?

A.       Use S3 batch operations to replace object tags Expire the objects based on the modified tags.

B.       Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier. Expire the objects after 2 years.

C.      Enable S3 Event Notifications on the bucket that sends older objects to the Amazon Simple Queue Service (Amazon SQS) queue for further processing

D.      Replicate older object versions to a new bucket. Use an S3 Lifecycle policy to expire the objects in the new bucket after 2 years. 

Correct Answer: B

Section: (none)

QUESTION 46

A company is storing sensitive user information in an Amazon S3 bucket. The company wants to provide secure access to this bucket

from the application tier running on Amazon EC2 instances inside a VPC. Which combination of steps should a solutions architect take to accomplish this? (Select TWO.)

A.       Configure a VPC gateway endpoint for Amazon S3 within the VPC.

B.       Create a bucket policy to make the objects in the S3 bucket public.

C.      Create a bucket policy that limits access to only the application tier running in the VPC.

D.      Create an IAM user with an S3 access policy and copy the IAM credentials to the EC2 instance.

E.       Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket.

Correct Answer: AC

Section: (none)

QUESTION 47

A company is preparing to deploy a new serverless workload. A solutions architect needs to configure permissions for invoking an AWS Lambda function. The function will be triggered by an Amazon EventBridge (Amazon CloudWatch Events) rule.Permissions should be configured using the principle of least privilege.

Which solution will meet these requirements?

A.       Add an execution role to the function with lambda InvokeFunction as the action and * as the principal.

B.       Add an execution role to the function with lambda.lnvokeFunction as the action and Service. events amazonaws.com as the principal.

C.      Add a resource-based policy to the function with lambda:* as the action and Service: events amazonaws.com as the principal.

D.      Add a resource-based policy to the function with lambda:lnvokeFunction as the action and Service: events amazonaws .com as the principal.

Correct Answer: D

Section: (none)

QUESTION 48

A company has a service that produces event data The company wants to use AWS to process the event data as it iS received.The data iS written in a specific order that must be maintained throughout processing. The company wants to implement a solution that minimizes operational overhead.

How should a solutions architect accomplish this?

A.       Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue to hold messages Set up an AWS Lambda function to process messages from the queue.

B.       Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process.Configure an AWS Lambda function as a subscriber.

C.      Create an Amazon Simple Queue Service (Amazon SQS) standard queue to hold messages. Set up an AWS Lambda function to process messages from the queue independently.

D.      Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process Configure an Amazon Simple Queue Service (Amazon SQS) queue as a subscriber.

Correct Answer: A

Section: (none)

QUESTION 49

A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access toaudit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.

What should a solutions architect do to secure the audit documents?

A.       Enable the versioning and MFA Delete features on the S3 bucket

B.       Enable multi-factor authentication (MFA) on the IAM user credentials for each audit team IAM user account.

C.      Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3:DeleteOb|ect action during audit dates.

D.      Use AWS Key Management Service (AWS KMS> to encrypt the S3 bucket and restrict audit team IAM user accounts from accessing the KMS key.

Correct Answer: A

Section: (none)

QUESTION 50

A company receives 10 TB of instrumentation data each day from several machines located at a single factory.

The data consists of JSON files stored on a storage area network (SAN) in an on- premises data center located within the factory.

The company wants to send this data to Amazon S3 where it can be accessed by several additional systems that providecritical near-real-lime analytics. A secure transfer is important because the data is considered sensitive. Which solution offers the MOST reliable data transfer?

A.       AWS DataSync over public internet

B.       AWS DataSync over AWS Direct Connect

C.      AWS Database Migration Service (AWS DMS) over public internet

D.      AWS Database Migration Service (AWS DMS) over AWS Direct Connect

Correct Answer: B

Section: (none)

立即註冊小豬科技，點擊這裡 開始您的雲端之旅！

QUESTION 51

A company owns an asynchronous API that is used to ingest use requests and, based on the request type, dispatch requests to the appropriate microservice for processing. The company is using Amazon API Gateway to deploy the API front end, and an AWS Lambda function that invokes Amazon DynamoDB to store user requests before dispatching them to the processingmicroservices. The company provisioned as much DynamoDB throughput as its budget allows, but the company is still experiencing availability issues and is losing user requests. What should a solutions architect do to address this Issue without impacting existing users?

A.       Add throttling on the API Gateway with server-side throttling limits

B.       Use DynamoDB Accelerator (DAX) and LamDda to buffer writes to DynamoDB

C.      Create a secondary index in DynamoDB for the label with the user requests.

D.      Use the Amazon Simple Queue Service (Amazon SQS) queue and Lambda to buffer writes to DynamoDB.

Correct Answer: D

Section: (none)

QUESTION 52

A company has an application that ingests incoming messages. These messages are then quickly consumed by dozens ofother applications and microservices. The number of messages varies drastically and sometimes spikes as high as 100 000each second The company wants to decouple the solution and increase scalability.

Which solution meets these requirements?

A.       Persist the messages to Amazon Kinesis Data Analytics. All the applications will read and process the messages.

B.       Deploy the application on Amazon EC2 instances in an Auto Scaling group, which scales the number of EC2 instances based on CPU metrics.

C.      Write the messages to Amazon Kinesis Data Streams with a single shard. All applications will read from the stream and process the messages.

D.      Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with one or more Amazon Simple Queue Service (Amazon SQS) subscriptions All applications then process the messages from the queues.

Correct Answer: D

Section: (none)

QUESTION 53

A company wants to move a multi-tiered application from on premises to the AWS Cloud to improve the application'sperformance. The application consists of application tiers that communicate with each other by way of RESTful services. Transactions are dropped when one tier becomes overloaded. A solutions architect must design a solution that resolves these issues and modernizes the application. Which solution meets these requirements and is the MOST operationally efficient?

A.       Use Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer. Use Amazon Simple Queue Service (Amazon SQS) as the communication layer between application services.

B.       Use Amazon CloudWatch metrics to analyze the application performance history to determine the servers' peakutilization during the performance failures. Increase the size of the application server's Amazon EC2 instances to meet the peak

requirements.

C.      Use Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group. Use Amazon CloudWatch to monitor the SNS queue length and scale up and down as required.

D.      Use Amazon Simple Queue Service (Amazon SQS) to handle the messaging between application servers running onAmazon E02 in an Auto Scaling group. Use Amazon CloudWatch to monitor the SQS queue length and scale up when communication failures are detected.

Correct Answer: A

Section: (none)

QUESTION 54

A company recently started using Amazon Aurora as the data store for its global ecommerce application. When large reports are run,developers report that the ecommerce application is performing poorly. After reviewing metrics in Amazon CloudWatch, asolutions architect finds that the ReadlOPS and CPUUtilization metrics are spiking when monthly reports run.

What is the MOST cost-effective solution?

A.       Migrate the monthly reporting to Amazon Redshift

B.       Migrate the monthly reporting to an Aurora Replica.

C.      Migrate the Aurora database to a larger instance class.

D.      Increase tho Provisioned lOPS on the Aurora instance.

Correct Answer: B

Section: (none)

QUESTION 55

A company has two applications: a sender application that sends messages with payloads to be processed and a processing application intended to receive the messages with payloads. The company wants to implement an AWS service to handlemessages between the two applications. The sender application can send about 1,000 messages each hour. The messages may take up to 2 days to be processed. If the messages fail to process, they must be retained SO that they do not impact the processing 0f any remaining messages.

Which solution meets these requirements and is the MOST operationally efficient?

A.       Set up an Amazon EC2 instance running a Redis database. Configure both applications to use the instance.

Store,process,and delete the messages,respectively.

B.       Use an Amazon Kinesis data stream to receive the messages from the sender application. integrate the processing

application with the Kinesis Client Library (KCL).

C.      Integrate the sender and processor applications with an Amazon Simple Queue Service (Amazon SQS); queue. Configure a dead-letter queue to collect the messages that failed to process.

D.      Subscribe the processing application to an Amazon Simple Notification Service (Amazon SNS) topic to receive notifications to process. Integrate the sender application to write to the SNS topic.

Correct Answer: C

Section: (none)

QUESTION 56

A company wants to use high performance computing (HPC) infrastructure on AWS for financial risk modeling. The company'sHPC workloads run on Linux. Each HPC workflow runs on hundreds of Amazon EC2 Spot Instances, is short-lived and generates thousands of output files that are ultimately stored in persistent storage for analytics and long term future use. The companyseeks a cloud storage solution that permits the copying of on-premises data to long-term persistent storage to make data available for processing by all EC2 instances. The solution should also be a high performance file system that is integrated with persistent storage to read and write datasets and output files. Which combination of AWS services meets these requirements?

A.       Amazon FSx for Lustre integrated with Amazon S3

B.       Amazon FSx for Windows File Server integrated with Amazon S3

C.      Amazon S3 Glacier integrated with Amazon Elastic Block Store (Amazon EBS)

D.      Amazon S3 bucket with a VPC endpoint integrated with an Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2) volume.

Correct Answer: A

Section: (none)

QUESTION 57

A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. Theconsumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The companywants this application to be highly available with low operational complexity.

Which architecture offers the HIGHEST availability? 

A.       Add a second ActiveMQ server to another Availability Zone. Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone.

B.       Use Amazon MQ with active/standby brokers configured across two Availability Zones. Add an additional consumerEC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone.

C.      Use Amazon MQ with active/standby brokers configured across two Availability Zones. Add an additional consumer EC2instance in another Availability Zone. Use Amazon RDS for MySQL with Multi- AZ enabled.

D.      Use Amazon MQ with active/standby brokers configured across two Availability Zones. Add an Auto Scaling group for the consumer EC2 instances across two Availability Zones Use Amazon RDS for MySQL with Multi-AZ enabled.

Correct Answer: D

Section: (none)

QUESTION 58

A company runs an application in the AWS Cloud and uses Amazon DynamoDB as the database. The company deploysAmazon EC2 instances to a private network to process data from the database. The company uses two NAT instances to provide connectivity to DynamoDB.

The company wants to retire the NAT instances.

A solutions architect must implement a solution that provides connectivity to DynamoDB and that does not require ongoing management.

What is the MOST cost-effective solution that meets these requirements?

A.       Create a gateway VPC endpoint to provide connectivity to DynamoDB

B.       Configure a managed NAT gateway to provide connectivity to DynamoDB

C.      Establish an AWS Direct Connect connection between the private network and DynamoDB

D.      Deploy an AWS PrivateLink endpoint service between the private network and DynamoDB

Correct Answer: A

Section: (none)

QUESTION 59

A company runs a web-based portal that provides users with global breaking news, local alerts, and weather updates.

The portal delivers each user a personalized view by using a mixture of static and dynamic content. Content is served over HTTPS through an API server running on an Amazon EC2 instance behind an Application Load Balancer (ALB).

The company wants the portal to provide this content to its users across the world as quickly s possible. How should a solutions architect design the application to ensure the LEAST amount of latency for all users? 

A.       Deploy the application stack in a ingle AWS Region

Use Amazon CloudFront to serve all static and dynamic content by specifying the ALB as an origin

B.       Deploy the application stack in two AWS Regions

Use an Amazon Route 53 latency routing policy to serve all content from the ALB in the closest Region.

C.      Deploy the application stack in a single AWS Region Use Amazon CloudFront to serve the static content Serve the dynamic content directly from the ALB.

D.      Deploy t e application stack in two AWS Regions

Use an Amazon Route 53 geolocation routing policy to serve all content from the ALB in the closest Region.

Correct Answer: A

Section: (none)

享受一流的雲端支持，馬上註冊 小豬科技！

QUESTION 60

A company is running a batch application on Amazon EC2 instances. The application consists of a backend with multipleAmazon RDS databases. The application is causing a high number of reads on the databases. A solutions architect must reduce the number of database reads while ensuring high availability. What should the solutions architect do to meet this requirement?

If you have any questions, please contact wechat :ANYPASS. If you don't want to memorize the questions, please register for the through train.

A.       Add Amazon RDS read replicas.

B.       Use Amazon ElastiCache for Redis

C.      Use Amazon Route 53 DNS caching

D.      Use Amazon ElastiCache for Memcached

Correct Answer: B

Section: (none)

QUESTION 61

A company has a Microsoft NET application that runs on an on-premises Windows Server. The application stores data by usingan Oracle Database Standard Edition server. The company is planning a migration to AWS and wants to minimize development changes while moving the application. The AWS application environment should be highly available. Which combination of actions should the company take to meet these requirements? (Select TWO )

A.       Refactor the application as serverless with AWS Lambda functions running NET Core

B.       Rehost the application in AWS Elastic Beanstalk with the NET platform in a Multi-AZ deployment

C.      Replatform the application to run on Amazon EC2 with the Amazon Linux Amazon Machine Image (AMI).

D.      Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Amazon DynamoDB in a Multi-AZ deployment

E.       Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Oracle on Amazon RDS in a Multi-AZ deployment

Correct Answer: BE

Section: (none)

QUESTION 62

A company hosts its multi-tier applications on AWS.

For compliance, governance, auditing, and security, the company must track configuration changes on its AWS resources and record a history of API calls made o these resources. What should a solutions architect do to meet these requirements?

A.       Use AWS CloudTrail to track configuration changes and AWS Config to record API calls

B.       Use AWS Config to track configuration changes and AWS CloudTrail to record API calls

C.      Use AWS Config to track configuration changes and Amazon CloudWatch to record API calls

D.      Use AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls

Correct Answer: B

Section: (none)

QUESTION 63

A company recently launched Linux-based application instances on Amazon EC2 in a private subnet and launched a Linux-based bastion host on an Amazon EC2 instance in a public subnet of an VPC. A solution architect needs to connect from theon-premises network, through the company's internet connection, to the bastion host, and to the application servers. The solution architect must make sure that the security groups of all the EC2 instances will allow that access. Which combination of steps should the solutions architect take to meet these requirements? (select TWO)

A.       Replace the current security group of the bastion host with one that only allows inbound access from the application instances.

B.       Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company.

C.      Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company

D.      Replace the current security group of the application instances with one that allows inbound SSH access from only the private IP address of the bastion host.

Correct Answer: CD

Section: (none)

QUESTION 64

A company observes an increase in Amazon EC2 costs in its most recent bill. The billing team notices unwanted vertical scaling of instance types for a couple of EC2 instances. A solutions architect needs to create a graph comparing the last 2months of EC2 costs and perform an in- depth analysis to identity the root cause of the vertical scaling. How should the solutions architect generate the information with the LEAST operational overhead?

A.       Use AWS Budgets to create a budget report and compare costs based on instance types.

B.       Use Cost Explorer's granular filtering feature to perform an in-depth analysis of EC2 costs based on instance types.

C.      Use graphs from he AWS Billing and Cost Management dashboard to compare EC2 costs based on instance typ s for the least 2 months.

D.      Use AWS Cost and Usage Report to create a report and send it to an Amazon S3 bucket.

Use Amazon QuickSight Amazon S3 as a source to generate an interactive graph based on instance types.

Correct Answer: C

Section: (none)

QUESTION 65

A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda.

The application's traffic recently spiked due to fraudulent requests from botnets. Which steps should a solutions architect take to block requests from unauthorized users? (Select TWO.)

A.       Create a usage plan with an API key that is shared with genuine users only.

B.       Integrate logic within the Lambda function to ignore the requests from fraudulent addresses.

C.      Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out.

D.      Convert the existing public API to a private API.

Update the DNS records to redirect users to the new API endpoint.

E.       Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.

Correct Answer: AC

Section: (none)

有任何問題？聯絡專員，我們隨時為您服務！

QUESTION 66

A gaming company is designing a highly available architecture. The application runs on a modified Linux kernel and support only UDP-based traffic. The company needs the front-end tier to provide the best possible user experience. The tier must have low latency, route traffic to the nearest edge location, and possible static IP addresses for entry into the application endpoints.What should a solution architect do to meet these requirements?

A.       Configure Amazon Route 53 to forward requests to an Application Load Balancer.

Use AWS Lambda for the application in AWS Application Auto Scaling.

B.       Configure Amazon CloudFront to forward requests to a network Load Balancer. Use AWS Lambda for the application in a AWS Application Auto Scaling group

C.      Configure AWS Global Accelerator to forward requests to a Network Load Balancer. Use Amazon EC2 instances for the application in an EC2 Auto Sca ing group.

D.      Configure Amazon API Gateway to forward requests to an Application Load Balancer. Use Amazon EC2 instances for the application in an EC2 Auto Scaling group.

Correct Answer: C

Section: (none)

QUESTION 67

A company has an application mat provides marketing services to stores. The services are based on previous purchases by storecustomers. The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers.

Some of the files can exceed 200 GB in size.

Recently, the company discovered that some of the stores have uploaded tiles that contain personally identifiable information(PII) mat should not have been included. The company wants administrators to be alerted if PII is shared again. The companyalso wants to automate remediation. What should a solutions architect do to meet these requirements with the LEAS F development effort?

A.       Use an Amazon S3 bucket as a secure transfer point.

Use Amazon inspector to scan the objects in the bucket If objects contain PII, trigger an S3 Lifecycle policy to remove the objects that contain PII.

B.       Use an Amazon S3 bucket as a secure transfer point. Use Amazon Macie to scan the objects in the bucket

If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.

C.      Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket.

If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.

D.      Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket.

If objects contain PII, use Amazon Simple Email Service (Amazon SES) to Trigger a notification to the administrators and trigger an S3 Lifecycle policy to remove the objects that contain PII.

Correct Answer: B

Section: (none)

QUESTION 68

An entertainment company is using Amazon DynamoDB to store media metadata. The application is read intensive and experiencing delays. The company does not have staff to handle additional operational overhead and needs to improve the performance efficiency of DynamoDB without reconfiguring the application. What should a solutions architect recommend to meet this requirement?

A.       Use Amazon ElastiCache for Redis

B.       Use Amazon DynamoDB Accelerate (DAX)

C.      Replicate data by using DynamoDB global tables

D.      Use Amazon ElastiCache for Memcached with Auto Discovery enabled

Correct Answer: B

Section: (none)

QUESTION 69

A company runs a photo processing application that needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region. A solutions architect has noticed an increased cost in data transfer fees and needs to implement a solution to reduce these costs.

How can the solutions architect meet this requirement?

A.       Deploy Amazon API Gateway into a public subnet and adjust the oute table to route S3 calls through It.

B.       Deploy a NAT gateway into a public subnet and attach an end point policy that allows access to the S3 buckets.

C.      Deploy the application Into a public subnet and allow it to route through an internet gateway to access the S3 Buckets

D.      Deploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that allows access to the S3 buckets.

Correct Answer: D

Section: (none)

QUESTION 70

A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week. What should the company do to guarantee the EC2 capacity?

If you have any questions, please contact wechat :ANYPASS. If you don't want to memorize the questions, please register for the through train.

A.       Purchase Reserved Instances that specify the Region needed.

B.       Create an On-Demand Capacity Reservation that specifies the Region needed.

C.      Purchase Reserved Instances that specify the Region and three Availability Zones needed.

D.      Create an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed.

Correct Answer: D

Section: (none)

QUESTION 71

A company sells ringtones created from clips of popular songs. The files containing the ringtones are stored in Amazon S3 Standard and are at least 123 KB m size. The company has millions of files but downloads are infrequent for ringtones older than 90 days. The company needs to save money on storage while keeping the most accessed files readily available for its users. Which action should the company take to meet hese requirements MOST cost-effectively?

A.       Configure S3 Standard-infrequent Access (S3 Standard-IA) storage for the initial storage tier of the objects

B.       Move the files to S3 Intelligent-Tiering and configure it to move objects to a less expensive storage tier after 90 days

C.      Configure S3 inventory to manage objects and move them to S3 Standard-infrequent Access (S3 Standard-IA) after 90 days

D.      Implement an S3 Lifecycle policy that moves the objects from S3 Standard to S3 Standard- Infrequent Access (S3 Standard-IA) after 90 days

Correct Answer: D

Section: (none)

需要更詳細的資訊？聯絡專員，我們會為您提供最佳建議。

QUESTION 72

A company is designing a cloud communications platform trial is driven by APIs. The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB). The company uses Amazon API Gateway to provide external users with access to the application through APIs. The company wants to protect the platform against web exploits like SQL Injection and also wants to detect and mitigate large, sophisticated DDoS attacks. Which combination of solutions provides the MOSTprotection? (Select TWO.)

A.       Use AWS WAF to protect the NLB

B.       Use AWS Shield Advanced with the NLB

C.      Use AWS WAF to protect Amazon API Gateway

D.      Use Amazon GuardDuty with AWS Shield Standard

E.       Use AWS Shield Standard with Amazon API Gateway

Correct Answer: BC

Section: (none)

QUESTION 73

A company has an AWS account used for software engineering. The AWS account has access to the company's on-premises data center through a pair of AWS Direct Connect connections All non-VPC traffic routes to the virtual private gateway. A development team recently created an AWS Lambada function through the console. The development team needs to allow thefunction to access a database that runs in a private subnet in the company's data center.

Which solution will meet these requirements?

A.       Configure the Lambda function to run in the VPC with the appropriate security group.

B.       Set up a VPN connection from AWS to the data center. Route the traffic fromthe Lambda function through the VPN

C.      Update the route tables in the VPC to allow the Lambda function to access the on-premises data center through direct connect.

D.      Create an Elastic IP address.

Configure the Lambda function to send traffic through the Elastic IP address without an elastic network interface.

Correct Answer: C

Section: (none)

QUESTION 74

A development team runs monthly resource-intensive tests on its general purpose Amazon RDS (or MySQL DB instance withPerformance insights enabled. The testing lasts for 48 hours once a month and is the only process that uses the database. The team wants to reduce the cost of running the tests without reducing the compute and memory attributes of the DB instance. Which solution meets these requirements MOST cost-effectively?

A.       Stop the DB instance when tests are completed Restart the DB instance when required

B.       Use an Auto Scaling policy with me DB instance to automatically scale when tests are completed

C.      Create a snapshot when tests are completed Terminate the DB instance and restore the snapshot when required

D.      Modify the DB instance to a low-capacity instance when tests are completed Modify the DB instance again when required

Correct Answer: C

Section: (none)

QUESTION 75

A company hosts its web applications in the AWS Cloud. The company configures Elastic Load Balancers to use certificates that are imported into AWS Certificate Manager (ACM). The company's security team must be notified 30 days before the expiration of each certificate. What should a solutions architect recommend to meet this requirement? 

A.       Add a rule in ACM to publish a custom message to an Amazon Simple Notification Service (Amazon SNS) topic every day beginning 30 days before any certificate will expire

B.       Create an AWS Config rule that checks for certificates that will expire within 30 days. Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke a custom alert by way of Amazon Simple Notification Service (Amazon SNS) when AWS Config reports a noncompliant resource.

C.      Use AWS Trusted Advisor to check for certificates that will expire within 30 days. Create an Amazon CloudWatch alarm that is based on Trusted Advisor metrics for check status changes. Configure the alarm to send a custom alert by way of Amazon Simple Notification Service (Amazon SNS).

D.      Create an Amazon EventBridge (Amazon CloudWatch Events) rule to detect any certificates that will expire within 30 days Configure the rule to invoke an AWS Lambda function. Configure the Lambda function to send a custom alert byway of Amazon Simple Notification Service (Amazon SNS).

Correct Answer: B

Section: (none)

QUESTION 76

A medical records company is hosting an application on Amazon EC2 instances. The application processes customer data files that are stored on Amazon S3. The EC2 instances are hosted in public subnets. The EC2 instances access Amazon S3 over the internet, but they do not require any other network access. A new requirement mandates that the network traffic for file transfers take a private route and not be sent over the internet Which change to the network architecture should a solutions architect recommend to meet this requirement?

A.       Create a NAT gateway. Configure the route table for the public subnets to send traffic to Amazon S3 through the NAT gateway.

B.       Configure the security group for the EC2 instances to restrict outbound traffic so that only traffic to the S3 prefix list is permitted.

C.      Move the EC2instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets

D.      Remove the internet gateway from the VPC. Set up an AWS Direct Connect connection, and route traffic to Amazon S3 over the Direct Connect connection.

Correct Answer: C

Section: (none)

馬上加入小豬科技，立即註冊 並享受專屬優惠！

QUESTION 77

A social media company allows users to upload images to its website. The website runs on Amazon EC2instances. During upload requests, the website resizes the images to a standard size and stores the resized images in Amazon S3 Users areexperiencing slow upload requests to the website. The company needs to reduce coupling within the application and improve website performance. A solutions architect must design the most operationally efficient process for image uploads. Which combination of actions should the solutions architect take to meet these requirements? (Select TWO.)

A.       Configure the application to upload images to S3 Glacier

B.       Configure the web server to upload the original images to Amazon S3

C.      Configure the application to upload images directly from each users browser to Amazon S3 through the use of a presigned URL.

D.      Configure S3 Event Notifications to invoke an AWS Lambda function when an image is uploaded. Use the function to resize the image.

E.       Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function on a schedule to resize uploaded images.

Correct Answer: CD

Section: (none)

QUESTION 78

A company wants to run its critical applications in containers to meet requirements for scalability and availability. The companyprefers to focus on maintenance of the critical applications. The company does not want to be responsible for provisioning and managing the underlying infrastructure that runs the containerized workload.

What should a solutions architect do to meet these requirements?

A.       Use Amazon EC2 instances and install Docker on the instances.

B.       Use Amazon Elastic Container Service (Amazon ECS) on Amazon EC2 worker nodes.

C.      Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate.

D.      Use Amazon EC2 instances from an Amazon Elastic Container Service (Amazon ECS)-optimized Amazon Machine Image(AMI).

Correct Answer: C

Section: (none)

QUESTION 79

A solutions architect must design a highly available infrastructure for a website. The website is powered by Windows web servers that run on Amazon EC2 instances. The solutions architect must implement a solution that can mitigate a large-scale DDoS attack that originates from thousands of IP addresses.

Downtime is not acceptable for the website.

Which actions should the solutions architect take to protect the website from such an attack? (Select TWO)

A.       Use AWS Shield Advanced to stop the DDoS attack.

B.       Configure Amazon GuardDuty to automatically block the attackers.

C.      Configure the website to use Amazon CloudFront for both static and dynamic content.

D.      Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.

E.       Use EC2Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization.

Correct Answer: AC

Section: (none)

QUESTION 80

A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs to share an Amazon Machine Image (AMI) from an existing AWS account withthe MSP Partner's AWS account The AMI is backed by Amazon Elastic Block Store (Amazon EBS)and uses a customer managed customer master key (CMK) to encrypt EBS volume snapshots.

What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?

If you have any questions, please contact wechat :ANYPASS. If you don't want to memorize the questions, please register for the through train.

A.       Make the encrypted AMI and snapshots publicly available Modify the CMKs key policy to allow the MSP Partner's AWS account to use the key

B.       Modify the launch Permission property of the AMI Share the AMI with the MSP Partner's AWS account only. Modify the CMKs key policy to allow the MSP Partner's AWS account to use the key

C.      Modify the launch Permission property of the AMI. Share the AMI with the MSP Partner's AWS account only. Modify the CMKs key policy to trust a new CMK that is owned by the MSP Partner for encryption.

D.      Export the AMI from the source account to an Amazon S3 bucket in the MSP Partner's AWS account. Encrypt the S3bucket with a CMK that is owned by the MSP Partner. Copy and launch the AMI in the MSP Partner's AWS account.

Correct Answer: B

Section: (none)

需要專業建議？立即聯絡 小豬科技專員，獲取專屬支持！