AWS Certified Solutions Architect - Associate SAA-C03 證照考古題

AWS Certified Solutions Architect - Associate SAA-C03

AWS 架構師證照考古題大全20241004

Amazon Web Service（AWS 亞馬遜）全系列考古題，2024年最新題庫，持續更新，全網最完整。AWS 證照含金量高，自我進修、跨足雲端產業必備近期版本更新，隨時追蹤最新趨勢變化。

QUESTION 241

A company runs multiple Windows workloads on AWS. The company's employees use Windows file shares that are hosted on two Amazon EC2 instances. The file shares synchronize data between themselves and maintain duplicate copies. The company wants a highly available and durable storage solution that preserves how users currently access the files.

What should a solutions architect do to meet these requirements?

A. Migrate all the data to Amazon S3. Set up IAM authentication for users to access files.

B. Set up an Amazon S3 File Gateway. Mount the S3 File Gateway on the existing EC2 instances.

C. Extend the file share environment to Amazon FSx for Windows File Server with a Multi-AZ configuration. Migrate all the data to FSx for Windows File Server.

D. Extend the file share environment to Amazon Elastic File System (Amazon EFS) with a Multi-AZ configuration. Migrate all the data to Amazon EFS.

Correct Answer: C

Section: (none)

QUESTION 242

A company has an AWS Glue extract, transform, and load (ETL) job that runs every day at the same time. The job processes XML data that is in an Amazon S3 bucket New data is added to the S3 bucket every day.A solutions architect notices that AWS Glue is processing all the data during each run.

What should the solutions architect do to prevent AWS Glue from reprocessing old data?

A. Edit the job to use job bookmarks.

B. Edit the job to delete data after the data is processed.

C. Edit the job by setting the NumberOfWorkers field to 1.

D. Use a FindMatches machine learning (ML) transform.

Correct Answer: A

Section: (none)

QUESTION 243

A company is migrating applications to AWS. The applications are deployed in different accounts. The company manages the accounts centrally by using AWS Organizations. The company's security team needs a single sign-on (SSO) solution across all the company's accounts. The company must continue managing the users and groups in its on-premises self-managed Microsoft Active Directory.

Which solution will meet these requirements?

A. Enable AWS Single Sign-On (AWS SSO) from the AWS SSO console. Create a one-way forest trust or a one-way domain trust to connect the company's self-managed Microsoft Active Directory with AWS SSO by using AWS Directory Service for Microsoft Active Directory.

B. Enable AWS Single Sign-On (AWS SSO) from the AWS SSO console. Create a two-way forest trust to connect the company's self-managed Microsoft Active Directory with AWS SSO by using AWS Directory Service for Microsoft Active Directory

C. Use AWS Directory Service. Create a two-way trust relationship with the company's self-managed Microsoft Active Directory.

D. Deploy an identity provider (ldP) on premises. Enable AWS Single Sign-On (AWS SSO) from the AWS

SSO console.

Correct Answer: A

Section: (none)

QUESTION 244

A company is building a web-based application running on Amazon EC2 instances in multiple Availability Zones. The web application will provide access to a repository of text documents totaling about 900 TB in size. The company anticipates that the

web application will experience periods of high demand. A solutions architect must ensure that the storage component for the text documents can scale to meet the demand of the application at all times. The company is concerned about the overall cost of the solution.

Which storage solution meets these requirements MOST cost-effectively?

A. Amazon Elastic Block Store (Amazon EBS)

B. Amazon Elastic File System (Amazon EFS)

C. Amazon OpenSearch Service (Amazon Elasticsearch Service)

D. Amazon S3

Correct Answer: D

Section: (none)

QUESTION 245

A company has an application that runs on Amazon EC2instances and uses an Amazon Aurora database. The EC2instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management. What should a solutions architect do to accomplish this goal?

A. Use AWS Secrets Manager. Turn on automatic rotation.

B. Use AWS Systems Manager Parameter Store. Turn on automatic rotation.

C. Create an Amazon S3 bucket to store objects that are encrypted with an AWS Key Management Service (AWS KMS) encryption key. Migrate the credential file to the S3 bucket. Point the application to the S3 bucket.

D. Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2instance. Attach the new EBS volume to each EC2 instance. Migrate the credential file to the new EBS volume. Point the application to the new EBS volume.

Correct Answer: A

Section: (none)

想知道更多關於小豬科技的優勢？點擊這裡了解我們如何助力您的業務成長。

QUESTION 246

A large media company hosts a web application on AWS The company wants to start caching confidential media files so that users around the world will have reliable access to the files The content is stored in Amazon S3 buckets. The company must deliver the content quickly, regardless of where the requests originate geographically.

Which solution will meet these requirements?

A. Use AWS DataSync to connect the S3 buckets to the web application.

B. Deploy AWS Global Accelerator to connect the S3 buckets to the web application.

C. Deploy Amazon CloudFront to connect the S3 buckets to CloudFront edge servers

D. Use Amazon Simple Queue Service (Amazon SQS) to connect the S3 buckets to the web application.

Correct Answer: C

Section: (none)

QUESTION 247

A company is implementing a new business application. The application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage. A solutions architect needs to ensure that the EC2 instances can access the S3 bucket.

What should the solutions architect do to meet this requirement?

A. Create an IAM role that grants access to the S3 bucket. Attach the role to the EC2 instances.

B. Create an IAM policy that grants access to the S3 bucket. Attach the policy to the EC2 instances.

C. Create an IAM group that grants access to the S3 bucket. Attach the group to the EC2 instances.

D. Create an IAM user that grants access to the S3 bucket. Attach the user account to the EC2 instances.

Correct Answer: A

Section: (none)

QUESTION 248

A company is developing a marketing communications service that targets mobile app users. The company needs to send confirmation messages with Short Message Service(SMS) to its users.The users must be able to reply to the SMS messages.The company must store the responses for a year for analysis. What should a solutions architect do to meet these requirements?

A. Create an Amazon Connect contact flow to send the SMS messages. Use AWS Lambda to process the responses

B. Build an Amazon Pinpoint journey. Configure Amazon Pinpoint to send events to an Amazon Kinesis data stream for analysis and archiving

C. Use Amazon Simple Queue Service (Amazon SQS) to distribute the SMS messages. Use AWS Lambda to process the responses

D. Create an Amazon Simple Notification Service (Amazon SNS) FIFO topic. Subscribe an Amazon Kinesis data stream to the SNS topic for analysis and archiving

Correct Answer: B

Section: (none)

QUESTION 249

A media company uses Amazon CloudFront for its publicly available streaming video content. The company wants to secure the video content that is hosted in Amazon S3 by controlling who has access. Some of the company's users are using a custom HTTP client that does not support cookies. Some of the company's users are unable to change the hardcoded URLs that they are using for access.

Which services or methods will meet these requirements with the LEAST impact to the users? (Select TWO.)

A. Signed cookies

B. Signed URLs

C. AWS AppSync

D. JSON Web Token (JWT

E. AWS Secrets Manager

Correct Answer: AB

Section: (none)

QUESTION 250

A company needs a backup strategy for its three-tier stateless web application. The web application runs on Amazon EC2 instances in an Auto Scaling group with a dynamic scaling policy that is configured to respond to scaling events. The database tier runs on Amazon RDS for PostgreSQL.The web application does not require temporary local storage on the EC2 instances.The company's recovery point objective(RPO) is 2 hours.

The backup strategy must maximize scalability and optimize resource utilization for this environment. Which solution will meet these requirements?

A. Take snapshots of Amazon Elastic Block Store (Amazon EBS) volumes of the EC2 instances and database every 2 hours to meet the RPO

B. Configure a snapshot lifecycle policy to take Amazon Elastic Block Store (Amazon EBS) snapshots. Enable automated backups in Amazon RDS to meet the RPO

C. Retain the latest Amazon Machine Images (AMIs) of the web and application tiers. Enable automated backups in Amazon RDS and use point-in-time recovery to meet the RPO

D. Take snapshots of Amazon Elastic Block Store (Amazon EBS) volumes of the EC2 instances every 2 hours.Enable automated backups in Amazon RDS and use point-in-time recovery to meet the RPO

Correct Answer: C

Section: (none)

不要錯過小豬科技的專屬優惠，馬上註冊您的雲端帳號。

QUESTION 251

A financial company hosts a web application on AWS. The application uses an Amazon API Gateway Regional API endpoint to give users the ability to retrieve current stock prices. The company's security team has noticed an increase in the number of API requests.The security team is concerned that HTTP flood attacks might take the application offline.

A solutions architect must design a solution to protect the application from this type of attack. Which solution meets these requirements with the LEAST operational overhead?

A. Create an Amazon CloudFront distribution in front of the API Gateway Regional API endpoint with a maximum TTL of 24 hours

B. Create a Regional AWS WAF web ACL with a rate-based rule. Associate the web ACL with the API Gateway stage

C. Use Amazon CloudWatch metrics to monitor the Count metric and alert the security team when the predefined rate is reached

D. Create an Amazon CloudFront distribution with Lambda@Edge in front of the API Gateway Regional API endpoint. Create an AWS Lambda function to block requests from IP addresses that exceed the predefined rate

Correct Answer: B

Section: (none)

QUESTION 252

A company wants to migrate an Oracle database to AWS. The database consists of a single table that contains millions of geographic information systems (GlS) images that are high resolution and are identified by a geographic code.

When a natural disaster occurs, tens of thousands of images get updated every few minutes. Each geographic code has a single image or row that is associated with it. The company wants a solution that is highly available and scalable during such events.

Which solution meets these requirements MOST cost-effectively?

A. Store the images and geographic codes in a database table. Use Oracle running on an Amazon RDS Multi-AZ DB instance

B. Store the images in Amazon S3 buckets. Use Amazon DynamoDB with the geographic code as the key and the image S3 URL as the value

C. Store the images and geographic codes in an Amazon DynamoDB table. Configure DynamoDB Accelerator (DAX) during times of high load

D. Store the images in Amazon S3 buckets. Store geographic codes and image S3 URLs in a database table. Use Oracle running on an Amazon RDS Multi-AZ DB instance

Correct Answer: B

Section: (none)

QUESTION 253

A company has launched an Amazon RDS for MySQL DB instance. Most of the connections to the database come from serverless applications Application traffic to the database changes significantly at random intervals. At times of high demand, users report that their applications experience database connection rejection errors.

Which solution will resolve this issue with the LEAST operational overhead?

A. Create a proxy in RDS Proxy. Configure the users' applications to use the DB instance through RDS Proxy

B. Deploy Amazon ElastiCache for Memcached between the users' applications and the DB instance

C. Migrate the DB instance to a different instance class that has higher I/O capacity. Configure the users' applications to use the new DB instance

D. Configure Multi-AZ for the DB instance. Configure the users'applications to switch between the DB instances

Correct Answer: A

Section: (none)

QUESTION 254

A solutions architect must create a disaster recovery (DR) plan for a high-volume software as a service (SaaS) platform. All data for the platform is stored in an Amazon Aurora MySQL DB cluster.

The DR plan must replicate data to a secondary AWS Region. Which solution will meet these requirements MOST cost_effectively?

A. Use MySQL binary log replication to an Aurora cluster in the secondary Region. Provision one DB instance for the Aurora cluster in the secondary Region

B. Set up an Aurora global database for the DB cluster. When setup is complete, remove the DB instance from the secondary Region

C. Use AWS Database Migration Service (AWS DMS) to continuously replicate data to an Aurora cluster in the secondary Region. Remove the DB instance from the secondary Region

D. Set up an Aurora global database for the DB cluster. Specify a minimum of one DB instance in the secondary Region

Correct Answer: D

Section: (none)

QUESTION 255

A company wants to give a customer the ability to use on-premises Microsoft Active Directory to download files that are stored in Amazon S3. The customer's application uses an SFTP client to download the files

Which solution will meet these requirements with the LEAST operational overhead and no changes to the customer's application?

A. Set up AWS Transfer Family with SFTP for Amazon S3. Configure integrated Active Directory authentication

B. Set up AWS Database Migration Service (AWS DMS) to synchronize the on-premises client with Amazon S3. Configure integrated Active Directory authentication

C. Set up AWS DataSync to synchronize between the on-premises location and the S3 location by using AWS IAM Identity Center (AWS Single Sign-On)

D. Set up a Windows Amazon EC2 instance with SFTP to connect the on-premises client with Amazon S3. Integrate AWS Identity and Access Management (IAM)

Correct Answer: A

Section: (none)

聯絡小豬科技專員，立即獲取專屬雲端解決方案。

QUESTION 256

A company runs an application on Amazon EC2 Linux instances across multiple Availability Zones. The application needs a storage layer that is highly available and Portable Operating System Interface (POSIX)- compliant. The storage layer must provide maximum data durability and must be shareable across the EC2 instances. The data in the storage layer will be accessed frequently for the first 30 days and will be accessed infrequently after that time.

Which solution will meet these requirements MOST cost-effectively?

A. Use the Amazon S3 Standard storage class. Create an S3 Lifecycle policy to move infrequently accessed data to S3 Glacier

B. Use the Amazon S3 Standard storage class. Create an S3 Lifecycle policy to move infrequently accessed data to S3 Standard-Infrequent Access(S3 Standard 1A)

C. Use the Amazon Elastic File System (Amazon EFS) Standard storage class. Create a lifecycle management policy to move infrequently accessed data to EFS Standard-Infrequent Access (EFS Standard-IA)

D. Use the Amazon Elastic File System (Amazon EFS) One Zone storage class. Create a lifecycle management policy to move infrequently accessed data to EFS One Zone-Infrequent Access(EFS One Zone-IA)

Correct Answer: C

Section: (none)

QUESTION 257

An IAM user made several configuration changes to AWS resources in their company's account during a production deployment last week. A solutions architect learned that a couple of security group rules are not configured as desired. The solutions architect wants to confirm which IAM user was responsible for making changes.

Which service should the solutions architect use to find the desired information?

A. Amazon GuardDuty

B. Amazon Inspector

C. AWS CloudTrail

D. AWS Config

Correct Answer: C

Section: (none)

QUESTION 258

An image-hosting company stores its objects in Amazon S3 buckets.The company wants to avoid accidental exposure of the objects in the S3 buckets to the public All S3 objects in the entire AWS account need to remain private

Which solution will meet these requirements?

A. Use Amazon GuardDuty to monitor S3 bucket policies. Create an automatic remediation action rule that uses an AWS Lambda function to remediate any change that makes the objects public

B. Use AWS Trusted Advisor to find publicly accessible S3 buckets. Configure email notifications in Trusted Advisor when a change is detected. Manually change the S3 bucket policy if it allows public access

C. Use AWS Resource Access Manager to find publicly accessible S3 buckets. Use Amazon Simple Notification Service (Amazon SNS) to invoke an AWS Lambda function when a change is detected. Deploy a Lambda function that programmatically remediates the change

D. Use the S3 Block Public Access feature on the account level. Use AWS Organizations to create a service control policy (SCP) that prevents IAM users from changing the setting. Apply the SCP to the account

Correct Answer: D

Section: (none)

QUESTION 259

A company uses Amazon EC2 instances and AWS Lambda functions to run its application.The company has VPCs with public subnets and private subnets in its AWS account. The EC2 instances run in a private subnet in one of the VPCs.The Lambda functions need direct network access to the EC2 instances for the application to work.

The application will run for at least 1 year. The company expects the number of Lambda functions that the application uses to increase during that time. The company wants to maximize its savings on all application resources and to keep network latency between the services low.

Which solution will meet these requirements?

A. Purchase an EC2 Instance Savings Plan. Optimize the Lambda functions' duration and memory usage and the number of invocations. Connect the Lambda functions to the private subnet that contains the EC2 instances

B. Purchase an EC2 Instance Savings Plan. Optimize the Lambda functions' duration and memory usage,the number of invocations, and the amount of data that is transferred. Connect the Lambda functions to a public subnet in the same VPC where the EC2 instances run

C. Purchase a Compute Savings Plan. Optimize the Lambda functions' duration and memory usage,the number of invocations, and the amount of data that is transferred. Connect the Lambda functions to the private subnet that contains the EC2 instances

D. Purchase a Compute Savings Plan. Optimize the Lambda functions' duration and memory usage, the number of invocations, and the amount of data that is transferred. Keep the Lambda functions in the Lambda service VPC

Correct Answer: C

Section: (none)

QUESTION 260

A company runs a web application that is deployed on Amazon EC2 instances in the private subnet of a VPC. An Application Load Balancer (ALB) that extends across the public subnets directs web traffic to the EC2 instances. The company wants to implement new security measures to restrict inbound traffic from the ALB to the EC2 instances while preventing access from any other source inside or outside the private subnet of the EC2 instances.

Which solution will meet these requirements?

A. Configure a route in a route table to direct traffic from the internet to the private IP addresses of the EC2 instances

B. Configure the security group for the EC2 instances to only allow traffic that comes from the security group for the ALB

C. Move the EC2 instances into the public subnet. Give the EC2 instances a set of Elastic IP addresses

D. Configure the security group for the ALB to allow any TCP traffic on any port

Correct Answer: B

Section: (none)

深入了解小豬科技的創新技術，點擊這裡發現更多可能性。

QUESTION 261

A company wants to create a mobile app that allows users to stream slow-motion video clips on their mobile devices. Currently, the app captures video clips and uploads the video clips in raw format into an Amazon S3 bucket. The app retrieves these video clips directly from the S3 bucket. However, the videos are large in their raw format.

Users are experiencing issues with buffering and playback on mobile devices. The company wants to implement solutions to maximize the performance and scalability of the app while minimizing operational overhead.

Which combination of solutions will meet these requirements? (Select TWO.)

A. Deploy Amazon CloudFront for content delivery and caching

B. Use AWS DataSync to replicate the video files across AWS Regions in other S3 buckets

C. Use Amazon Elastic Transcoder to convert the video files to more appropriate formats

D. Deploy an Auto Scaling group of Amazon EC2 instances in Local Zones for content delivery and caching

E. Deploy an Auto Scaling group of Amazon EC2 instances to convert the video files to more appropriate formats

Correct Answer: AC

Section: (none)

QUESTION 262

A solutions architect needs to design a new microservice for a company's application. Clients must be able to call an HTTPS endpoint to reach the microservice.The microservice also must use AWS Identity and

Access Management (IAM) to authenticate calls. The solutions architect will write the logic for this microservice by using a single AWS Lambda function that is written in Go 1.x;

Which solution will deploy the function in the MOST operationally efficient way?

A. Create an Amazon API Gateway REST API. Configure the method to use the Lambda function. Enable IAM authentication on the API

B. Create a Lambda function URL for the function. Specify AWS_IAM as the authentication type

C. Create an Amazon CloudFront distribution. Deploy the function to Lambda@Edge. Integrate IAM authentication logic into the Lambda@Edge function

D. Create an Amazon CloudFront distribution. Deploy the function to CloudFront Functions. Specify AWS_IAM as the authentication type

Correct Answer: A

Section: (none)

QUESTION 263

A company is migrating its on-premises workload to the AWS Cloud. The company already uses several Amazon EC2 instances and Amazon RDS DB instances.The company wants a solution that automatically starts and stops the EC2 instances and DB instances outside of business hours. The solution must minimize cost and infrastructure maintenance.

Which solution will meet these requirements?

A. Scale the EC2 instances by using elastic resize. Scale the DB instances to zero outside of business hours

B. Explore AWS Marketplace for partner solutions that will automatically start and stop the EC2 instances and DB instances on a schedule

C. Launch another EC2 instance. Configure a crontab schedule to run shell scripts that will start and stop the existing EC2 instances and DB instances on a schedule

D. Create an AWS Lambda function that will start and stop the EC2 instances and DB instances. Configure Amazon EventBridge to invoke the Lambda function on a schedule

Correct Answer: D

Section: (none)

QUESTION 264

A solutions architect needs to allow team members to access Amazon S3 buckets in two different AWS accounts: a development account and a production account. The team currently has access to S3 buckets in the development account by using unique IAM users that are assigned to an IAM group that has appropriate permissions in the account.

The solutions architect has created an IAM role in the production account. The role has a policy that grants access to an S3 bucket in the production account.

Which solution will meet these requirements while complying with the principle of least privilege?

A. Attach the AdministratorAccess policy to the development account users

B. Add the development account as a principal in the trust policy of the role in the production account

C. Turn off the S3 Block Public Access feature on the S3 bucket in the production account

D. Create a user in the production account with unique credentials for each team member

Correct Answer: B

Section: (none)

QUESTION 265

A company has implemented a self-managed DNS service on AWS.The solution consists of the following -- Amazon EC2 instances in different AWS Regions;

-- Endpoints of a standard accelerator in AWS Global Accelerator; The company wants to protect the solution against DDoS attacks;

What should a solutions architect do to meet this requirement?

A. Subscribe to AWS Shield Advanced. Add the accelerator as a resource to protect

B. Subscribe to AWS Shield Advanced. Add the EC2 instances as resources to protect

C. Create an AWS WAF web ACL that includes a rate-based rule. Associate the web ACL with the accelerator.

D. Create an AWS WAF web ACL that includes a rate-based rule. Associate the web ACL with the EC2 instances

Correct Answer: A

Section: (none)

立即加入小豬科技，點擊這裡註冊，享受雲端服務的便捷！

QUESTION 266

An ecommerce company needs to run a scheduled daily job to aggregate and filter sales records for analytics. The company stores the sales records in an Amazon S3 bucket. Each object can be up to 10 GB in size. Based on the number of sales events,the job can take up to an hour to complete.The CPU and memory usage of the job are constant and are known in advance.

A solutions architect needs to minimize the amount of operational effort that is needed for the job to run. Which solution meets these requirements?

A. Create an AWS Lambda function that has an Amazon EventBridge notification. Schedule the EventBridge event to run once a day

B. Create an AWS Lambda function. Create an Amazon API Gateway HTTP API, and integrate the API with the function. Create an Amazon EventBridge scheduled event that calls the API and invokes the function

C. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an AWS Fargate launch type. Create an Amazon EventBridge scheduled event that launches an ECS task on the cluster to run the job

D. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type and an Auto Scaling group with at least one EC2 instance Create an Amazon EventBridge scheduled event that launches an ECS task on the cluster to run the job

Correct Answer: C

Section: (none)

QUESTION 267

A company needs to create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster to host a digital media streaming application.The EKS cluster will use a managed node group that is backed by Amazon Elastic Block Store (Amazon EBS) volumes for storage. The company must encrypt all data at rest by using a customer managed key that is stored in AWS Key Management Service (AWS KMS);

Which combination of actions will meet this requirement with the LEAST operational overhead?(Select TWO.)

A. Use a Kubernetes plugin that uses the customer managed key to perform data encryption

B. After creation of the EKS cluster, locate the EBS volumes.Enable encryption by using the customer managed key

C. Enable EBS encryption by default in the AWS Region where the EKS cluster will be created. Select the customer managed key as the default key

D. Create the EKS cluster. Create an IAM role that has a policy that grants permission to the customer managed key. Associate the role with the EKS cluster

E. Store the customer managed key as a Kubernetes secret in the EKS cluster. Use the customer managed key to encrypt the EBS volumes

Correct Answer: BD

Section: (none)

QUESTION 268

A company is storing petabytes of data in Amazon S3 Standard. The data is stored in multiple S3 buckets

and is accessed with varying frequency. The company does not know access patterns for all the data.The company needs to implement a solution for each S3 bucket to optimize the cost of S3 usage.

Which solution will meet these requirements with the MOST operational efficiency?

A. Create an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucket to S3 Intelligent-Tiering

B. Use the S3 storage class analysis tool to determine the correct tier for each object in the S3 bucket. Move each object to the identified storage tier

C. Create an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucket to S3 Glacier Instant Retrieval

D. Create an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucket to S3 One Zone-Infrequent Access(S3 One Zone-IA)

Correct Answer: A

Section: (none)

QUESTION 269

A solutions architect is designing a two-tiered architecture that includes a public subnet and a database subnet. The web servers in the public subnet must be open to the internet on port 443.The Amazon RDS for MySQL DB instance in the database subnet must be accessible only to the web servers on port 3306;

Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

A. Create a network ACL for the public subnet. Add a rule to deny outbound traffic to 0.0.0.0/0 on port 3306

B. Create a security group for the DB instance. Add a rule to allow traffic from the public subnet CIDR block on port 3306

C. Create a security group for the web servers in the public subnet. Add a rule to allow traffic from O.0.O.0/0 on port 443

D. Create a security group for the DB instance. Add a rule to allow traffic from the web servers' security group on port 3306

E. Create a security group for the DB instance. Add a rule to deny all traffic except traffic from the web servers' security group on port 3306

Correct Answer: CD

Section: (none)

QUESTION 270

An ecommerce company is experiencing an increase in user traffic.The company's store is deployed on Amazon EC2 instances as a two-tier web application consisting of a web tier and a separate database tier. As traffic increases, the company notices that the architecture is causing significant delays in sending timely marketing and order confirmation email to users.The company wants to reduce the time it spends resolving complex email delivery issues and minimize operational overhead.

What should a solutions architect do to meet these requirements?

A. Create a separate application tier using EC2 instances dedicated to email processing

B. Configure the web instance to send email through Amazon Simple Email Service (Amazon SES)

C. Configure the web instance to send email through Amazon Simple Notification Service (Amazon SNS)

D. Create a separate application tier using EC2 instances dedicated to email processing. Place the instances in an Auto Scaling group

Correct Answer: B

Section: (none)

我們的專員隨時待命，點擊這裡聯絡小豬科技，解決您的問題。

QUESTION 271

A company is using Amazon Route 53 latency-based routing to route requests to its UDP-based application for users around the world. The application is hosted on redundant servers in the company's on-premises data centers in the United States, Asia, and Europe. The company's compliance requirements state that the application must be hosted on premises. The company wants to improve the performance and availability of the application.

What should a solutions architect do to meet these requirements'?

A. Configure three Network Load Balancers (NLBs) in the three AWS Regions to address the on-premises endpoints. Create an accelerator by using AWS Global Accelerator, and register the NLBs as its endpoints. Provide access to the application by using a CNAME that points to the accelerator DNS

B. Configure three Application Load Balancers (ALBs) in the three AWS Regions to address the on- premises endpoints. Create an accelerator by using AWS Global Accelerator, and register the ALBs as its endpoints. Provide access to the application by using a CNAME that points to the accelerator DNS

C. Configure three Network Load Balancers (NLBs) in the three AWS Regions to address the on-premises endpoints. In Route 53, create a latency-based record that points to the three NLBs, and use it as an origin for an Amazon CloudFront distribution. Provide access to the application by using a CNAME that points to the CloudFront DNS

D. Configure three Application Load Balancers (ALBs) in the three AWS Regions to address the on- premises endpoints. In Route 53, create a latency-based record that points to the three ALBs, and use it as an origin for an Amazon CloudFront distribution. Provide access to the application by using a CNAME that points to the CloudFront DNS

Correct Answer: A

Section: (none)

QUESTION 272

A company hosts a multiplayer gaming application on AWS. The company wants the application to read data with sub-milisecond latency and run one-time queries on historical data.

Which solution will meet these requirements with the LEAST operational overhead?

A. Use Amazon RDS for data that is frequently accessed. Run a periodic custom script to export the data to an Amazon S3 bucket

B. Store the data directly in an Amazon S3 bucket. Implement an S3 Lifecycle policy to move older data to S3 Glacier Deep Archive for long-term storage. Run one-time queries on the data in Amazon S3 by using Amazon Athena

C. Use Amazon DynamoDB with DynamoDB Accelerator (DAX) for data that is frequently accessed. Export the data to an Amazon S3 bucket by using DynamoDB table export. Run one-time queries on the data in Amazon S3 by using Amazon Athena

D. Use Amazon DynamoDB for data that is frequently accessed. Turn on streaming to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Firehose to read the data from Kinesis Data Streams. Store the records in an Amazon S3 bucket.

Correct Answer: C

Section: (none)

QUESTION 273

A hospital is designing a new application that gathers symptoms from patients. The hospital has decided to use Amazon Simple Queue Service(Amazon SQS) and Amazon Simple Notification Service (Amazon SNS) in the architecture.

A solutions architect is reviewing the infrastructure design. Data must be encrypted at rest and in transit. Only authorized personnel of the hospital should be able to access the data.

Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

A. Turn on server-side encryption on the SQS components. Update the default key policy to restrict key usage to a set of authorized principals

B. Turn on server-side encryption on the SNS components by using an AWS Key Management Service (AWS KMS) customer managed key. Apply a key policy to restrict key usage to a set of authorized principals

C. Turn on encryption on the SNS components. Update the default key policy to restrict key usage to a set of authorized principals. Set a condition in the topic policy to allow only encrypted connections over TLS

D. Turn on server-side encryption on the SQS components by using an AWS Key Management Service (AWS KMS)customer managed key. Apply a key policy to restrict key usage to a set of authorized

principals. Set a condition in the queue policy to allow only encrypted connections over TLS

E. Turn on server-side encryption on the SQS components by using an AWS Key Management Service (AWS KMS) customer managed key. Apply an IAM policy to restrict key usage to a set of authorized principals. Set a condition in the queue policy to allow only encrypted connections over TLS

Correct Answer: BD

Section: (none)

QUESTION 274

A company hosts a three-tier ecommerce application on a fleet of Amazon EC2 instances.The instances run in an Auto Scaling group behind an Application Load Balancer (ALB). All ecommerce data is stored in an Amazon RDS for MariaDB Multi-AZ DB instance.

The company wants to optimize customer session management during transactions. The application must store session data durably.

Which solutions will meet these requirements? (Select TWO.)

A. Turn on the sticky sessions feature (session affinity) on the ALB

B. Use an Amazon DynamoDB table to store customer session information

C. Deploy an Amazon Cognito user pool to manage user session information

D. Deploy an Amazon ElastiCache for Redis cluster to store customer session information

E. Use AWS Systems Manager Application Manager in the application to manage user session information

Correct Answer: AD

Section: (none)

QUESTION 275

A university research laboratory needs to migrate 30 TB of data from an on-premises Windows file server to Amazon FSx for Windows File Server. The laboratory has a 1 Gbps network link that many other departments in the university share.

The laboratory wants to implement a data migration service that will maximize the performance of the data transfer. However, the laboratory needs to be able to control the amount of bandwidth that the service uses to minimize the impact on other departments. The data migration must take place within the next 5 days.

Which AWS solution will meet these requirements?

A. AWS Snowcone

B. .Amazon FSx File Gateway

C. AWS DataSync

D. AWS Transfer Family

Correct Answer: C

Section: (none)

探索小豬科技的全新服務，了解更多讓我們助您站上雲端！

QUESTION 276

A company runs an application that receives data from thousands of geographically dispersed remote devices that use UDP The application processes the data immediately and sends a message back to the device if necessary. No data is stored.

The company needs a solution that minimizes latency for the data transmission from the devices. The solution also must provide rapid failover to another AWS Region.

Which solution will meet these requirements?

A. Configure an Amazon Route 53 failover routing policy. Create a Network Load Balancer (NLB) in each of the two Regions. Configure the NLB to invoke an AWS Lambda function to process the data

B. Use AWS Global Accelerator. Create a Network Load Balancer (NLB) in each of the two Regions as an endpoint. Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type. Create an ECS service on the cluster. Set the ECS service as the target for the NLB. Process the data in Amazon ECS

C. Use AWS Global Accelerator. Create an Application Load Balancer (ALB) in each of the two Regions as an endpoint. Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type. Create an ECS service on the cluster. Set the ECS service as the target for the ALB. Process the data in Amazon ECS

D. Configure an Amazon Route 53 failover routing policy. Create an Application Load Balancer (ALB) in each of the two Regions. Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type. Create an ECS service on the cluster. Set the ECS service as the target for the ALB Process the data in Amazon ECS

Correct Answer: B

Section: (none)

QUESTION 277

A company is building a game system that needs to send unique events to separate leaderboard, matchmaking, and authentication services concurrently.The company needs an AWS event-driven system that guarantees the order of the events.

Which solution will meet these requirements?

A. Amazon EventBridge event bus

B. Amazon Simple Notification Service (Amazon SNS) FIFO topics

C. Amazon Simple Notification Service(Amazon SNS) standard topics

D. Amazon Simple Queue Service (Amazon SQS) FIFO queues

Correct Answer: B

Section: (none)

QUESTION 278

An ecommerce company is running a multi-tier application on AWS. The front-end and backend tiers both run on Amazon EC2. and the database runs on Amazon RDS for MySQL. The backend tier communicates with the RDS instance. There are frequent calls to return identical datasets from the database that are causing performance slowdowns. Which action should be taken to improve the performance of the backend?

A. Implement Amazon SNS to store the database calls.

B. Implement Amazon ElastiCache to cache the large datasets.

C. Implement an RDS for MySQL read replica to cache database calls.

D. Implement Amazon Kinesis Data Firehose to stream the calls to the database.

Correct Answer: B

Section: (none)

QUESTION 279

A company has a web application with sporadic usage patterns. There is heavy usage at the beginning of each month, moderate usage at the start of each week, and unpredictable usage during the week. The application consists of a web server and a MySQL database server running inside the data center. The company would like to move the application to the AWS Cloud, and needs to select a cost-effective database platform that will not require database modifications.

Which solution will meet these requirements?

A. Amazon DynamoDB

B. Amazon RDS for MySQL

C. MySQL-compatible Amazon Aurora Serverless

D. MySQL deployed on Amazon EC2 in an Auto Scaling group

Correct Answer: C

Section: (none)

QUESTION 280

A company is developing a real-time multiplier game that uses UDP for communications between client and

servers in an Auto Scaling group Spikes in demand are anticipated during the day, so the game server platform must adapt accordingly. Developers want to store gamer scores and other non-relational data in a database solution that will scale without intervention. Which solution should a solution architect recommend?

A. Use Amazon Route 53 for traffic distribution and Amazon Aurora Serverless for data storage.

B. Use a Network Load Balancer for traffic distribution and Amazon DynamoDB on-demand for data storage.

C. Use a Network Load Balancer for traffic distribution and amazon Aura Global for data storage.

D. Use an Application Load Balancer for traffic distribution and Amazon DynamoDB global tables for data storage

Correct Answer: B

Section: (none)

現在就註冊小豬科技，立即開始您的雲端轉型！