AWS Certified Solutions Architect - Associate SAA-C03 證照考古題

AWS 架構師證照考古題大全20241007

AWS Certified Solutions Architect - Associate SAA-C03

Amazon Web Service（AWS 亞馬遜）全系列考古題，2024年最新題庫，持續更新，全網最完整。AWS 證照含金量高，自我進修、跨足雲端產業必備近期版本更新，隨時追蹤最新趨勢變化。

QUESTION 321

A company is developing a new machine learning (ML) model solution on AWS.The models are developed as independentmicroservices that fetch approximately 1 GB of model data from Amazon S3 at startup and load the data into memory. Users access the models through an asynchronous API. Users can send a request or a batch of requests and specify where theresults should be sent. The company provides models to hundreds of users. The usage patterns for the models are irregular. Some models could be unused for days or weeks. Other models could receive batches of thousands of requests at a time.

Which design should a solutions architect recommend to meet these requirements?

A.       Direct the requests from the API to a Network Load Balancer (NLB). Deploy the models as AWS IAMbda functions that are invoked by the NLB

B.       Direct the requests from the API to an Application Load Balancer(ALB). Deploy the models as Amazon Elastic Container Service(Amazon ECS) services that read from an Amazon Simple Queue Service (Amazon SQS) queue. Use AWS App Mesh to scale the instances of the ECS cluster based on the SQS queue size

C.      Direct the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue. Deploy the models as AWS IAMbda functions that are invoked by SQS events. Use AWS Auto Scaling to increase the number of vCPUs for the IAMbda functions based on the SQS queue size

D.      Direct the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue. Deploy the models as Amazon Elastic Container Service (Amazon ECS) services that read from the queue.Enable AWS Auto Scaling on AmazonECS for both the cluster and copies of the service based on the queue size

Correct Answer: D

Section: (none)

QUESTION 322

A company has a workload in an AWS Region. Customers connect to and access the workload by using an Amazon API GatewayREST API.The company uses Amazon Route 53 as its DNS provider. The company wants to provide individual and secure URLs for all customers. Which combination of steps will meet these requirements with the MOST operational efficiency? (Select THREE.)

A.       Register the required domain in a registrar. Create a wildcard custom domain name in a Route 53 hosted zone and record in the zone that points to the API Gateway endpoint

B.       Request a wildcard certificate that matches the domains in AWS Certificate Manager (ACM) in a different Region

C.      Create hosted zones for each customer as required in Route 53. Create zone records that point to the API Gateway endpoint

D.      Request a wildcard certificate that matches the custom domain name in AWS Certificate Manager (ACM) in the same Region

E.       Create multiple API endpoints for each customer in API Gateway

F.       Create a custom domain name in API Gateway for the REST API. Import the certificate from AWS Certificate Manager (ACM)

Correct Answer: ADF

Section: (none)

QUESTION 323

A company stores several petabytes of data across multiple AWS accounts.The company uses AWS Lake Formation to manage its data lake.The company's data science team wants to securely share selective data from its accounts with the company's engineering team for analytical purposes. Which solution will meet these requirements with the LEAST operational overhead?

A.       Copy the required data to a common account. Create an IAM access role in that account. Grant access by specifying a permission policy that includes users from the engineering team accounts as trusted entities

B.       Use the Lake Formation permissions Grant command in each account where the data is stored to allow the required engineering team users to access the data

C.      Use AWS Data Exchange to privately publish the required data to the required engineering team accounts

D.      Use Lake Formation tag-based access control to authorize and grant cross-account permissions for the required data to the engineering team accounts

Correct Answer: D

Section: (none)

QUESTION 324

A company uses a legacy application to produce data in CSV format. The legacy application stores the output data in Amazon S3. The company is deploying a new commercial off-the-shelf (COTS) application that can perform complex SQL queries to analyze data that is stored in Amazon Redshift and Amazon S3 only. However, the COTS application cannot process the csvfiles that the legacy application produces. The company cannot update the legacy application to produce data in another format. The company needs to implement a solution so that the COTS application can use the data that the legacy application produces Which solution will meet these requirements with the LEAST operational overhead?

A.       Create an AWS Glue extract, transform, and load (ETL) job that runs on a schedule. Configure the ETL job to process the .csv files and store the processed data in Amazon Redshift

B.       Develop a Python script that runs on Amazon EC2 instances to convert the csy files to .sgl files.Invoke the Python script on a cron schedule to store the output files in Amazon S3

C.      Create an AWS IAMbda function and an Amazon DynamoDB table. Use an S3 event to invoke the IAMbda function.Configure the IAMbda function to perform an extract. transform, and load (ETL) job to process the csv files and store the processed data in the DynamoDB table

D.      Use Amazon EventBridge to launch an Amazon EMR cluster on a weekly schedule. Configure the EMR cluster to perform an extract, transform, and load(ETL) job to process the .csv files and store the processed data in an Amazon Redshift table

Correct Answer: A

Section: (none)

QUESTION 325

A solutions architect is designing an asynchronous application to process credit card data validation requests for a bank. Theapplication must be secure and be able to process each request at least once. Which solution will meet these reguirements MOST cost-effectively?

A.       Use AWS Lambda event source mapping. Set Amazon Simple Queue Service(Amazon SQS) standard queues as the event source. Use AWS Key Management Service(SSE-KMS)for encryption. Add the kms:Decrypt permission for the Lambda execution role

B.       Use AwS Lambda event source mapping. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues as theevent source. Use SQS managed encryption keys (SSE-SQS) for encryption. Add the encryption key invocation permission for the Lambda function

C.      Use the AwS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) FIFO queues as the event source. Use AWS KMS keys(SSE-KMS) Add the kms Decrypt permission for the Lambda execution role

D.      Use the AwS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) standard queues as the event source. Use AwS KMS keys(SSE-KMS) for encryption. Add the encryption key invocation permission for the Lambd function

Correct Answer: A

Section: (none)

想要提升您的雲端運營效率？點擊這裡 了解小豬科技的專業方案。

QUESTION 326

A company has a serverless application on AWS that uses Amazon RDS as a backend database.The application sometimesexperiences a sudden unpredictable increase in traffic. During traffic increases,the application frequently opens and closes connections to the database, which causes the application to receive errors from the database or run out of connections. The company needs to ensure that the application is always scalable and highly available.

Which solution will meet these requirements WITHOUT any code changes to the application?

A.       Increase the maximum number of connections in the option group of the RDS database of the serverless application

B.       Increase the instance size of the RDS DB instance to meet the peak load traffic

C.      Deploy Amazon RDS Proxy between the serverless application and Amazon RDS

D.      Purchase Reserved Instances for Amazon RDS to ensure that the database is highly available during peak load traffic

Correct Answer: C

Section: (none)

QUESTION 327

A company wants to host a scalable web application on AWS. The application will be accessed by users from differentgeographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost-effective solution to minimize upload and download latency and maximize performance.

What should a solutions architect do to accomplish this?

A.       Use Amazon S3 with Transfer Acceleration to host the application.

B.       Use Amazon S3 with CacheControl headers to host the application.

C.      Use Amazon EC2 with Auto Scaling and Amazon CloudFront to host the application.

D.      Use Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the application.

Correct Answer: C

Section: (none)

QUESTION 328

A company's application hosted on Amazon EC2 instances needs to access an Amazon S3 bucket. Due to data sensitivity, traffic cannot traverse the internet How should a solutions architect configure access?

A.       Create a private hosted zone using Amazon Route 53.

B.       Configure a VPC gateway endpoint for Amazon S3 in the VPC.

C.      Configure AWS PrivateLink between the EC2 instance and the S3 bucket.

D.      Set up a site-to-site VPN connection between the VPC and the S3 bucket.

Correct Answer: B

Section: (none)

QUESTION 329

A company operates an ecommerce website on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. The site is experiencing performance issues related to a high request rate from illegitimate external systemswith changing IP addresses. The security team is worried about potential DDoS attacks against the website. The company must block the illegitimate incoming requests in a way that has a minimal impact on legitimate users.

What should a solutions architect recommend?

A.       Deploy Amazon Inspector and associate it with the ALB.

B.       Deploy AWS WAF, associate it with the ALB, and configure a rate-limiting rule.

C.      Deploy rules to the network ACLs associated with the ALB to block the incoming traffic.

D.      Deploy Amazon GuardDuty and enable rate-limiting protection when configuring GuardDuty.

Correct Answer: B

Section: (none)

QUESTION 330

As part of budget planning, management wants a report of AWS billed items listed by user. The data will be used to create department budgets. A solutions architect needs to determine the most effective way to obtain this report information.

Which solution meets these requirements?

A.       Run a query with Amazon Athena to generate the report.

B.       Create a report in Cost Explorer and download the report.

C.      Access the bill details from the billing dashboard and download the bill.

D.      Modify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES).

Correct Answer: B

Section: (none)

不要錯過小豬科技的專屬優惠，馬上註冊 您的雲端帳號。

QUESTION 331

A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gatewayto connect to a single device in the data center. The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.

What should a solutions architect do to mitigate any single point of failure in this architecture?

A.       Add a set of VPNs between the Management and Production VPCs.

B.       Add a second virtual private gateway and attach it to the Management VPC.

C.      Add a second set of VPNs to the Management VPC from a second customer gateway device.

D.      Add a second VPC peering connection between the Management VPC and the Production VPC.

Correct Answer: C

Section: (none)

QUESTION 332

A company wants to share forensic accounting data is stored in an Amazon RDS DB instance with an external auditor. TheAuditor has its own AWS account and requires its own copy of the database. How should the company securely share the database with the auditor?

A.       Create a read replica of the database and configure IAM standard database authentication to grant the auditor access.

B.       Copy a snapshot of the database to Amazon S3 and assign an IAM role to the auditor to grant access to the object in that bucket.

C.      Export the database contents to text files, store the files in Amazon S3, and create a new IAM user for the auditor with access to that bucket.

D.      Make an encrypted snapshot of the database, share the snapshot, and allow access to the AWS Key Management Service (AWS KMS) encryption key.

Correct Answer: D

Section: (none)

QUESTION 333

The following IAM policy is attached to an IAM group. This iS the only policy applied to the group . What are the effective IAM permissions of this policy for group members?

A.       Group members are permitted any Amazon EC2 action within the us-east-1 Region. Statements after the Allow permission are not applied.

B.       Group members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA).

C.      Group members are allowed the ec2: StopInstances and ec2.Terminatelnstances permissions for all

Regions when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action.

D.      Group members are allowed the ec2: StopInstances and ec2:TerminateInstances permissions for the us- east-1 Region only when logged in with multi-factor authentication (MFA) Group members are permitted any other Amazon EC2 action within the us-east-1 Region.

Correct Answer: D

Section: (none)

QUESTION 334

A company has developed a new video game as a web application. The application is in a three-tier architecture in a VPC with Amazon RDS for MySQL in the database layer. Several players will compete concurrently online. The game' s developers wantto display a top-10 scoreboard in near-real time and offer the ability to stop and restore the game while preserving the current scores. What should a solutions architect do to meet these requirements?

A.       Set up an Amazon ElastiCache for Memcached cluster to cache the scores for the web application to display.

B.       Set up an Amazon ElastiCache for Redis cluster to compute and cache the scores for the web application to display.

C.      Place an Amazon CloudFront distribution in front of the web application to cache the scoreboard in a section of the application.

D.      Create a read replica on Amazon RDS for MySQL to run queries to compute the scoreboard and serve the read traffic to the web application.

Correct Answer: B

Section: (none)

QUESTION 335

A company hosts its application in the AWS Cloud. The application runs on Amazon EC2 instances behind an Elastic Load Balancer in an Auto Scaling group and with an Amazon DynamoDB table. The company wants to ensure the application can be made available in another AWS Region with minimal downtime.

What should a solutions architect do to meet these requirements with the L EAST amount of downtime?

A.       Create an Auto Scaling group and a load balancer in the disaster recovery Region. Configure the DynamoDB table as a global tablc. Configure DNS failover to point to the now disaster recovery Region's load balancer.

B.       Create an AWS CloudFormation template to create EC2 instances, load balancers, and DynamoDB tables to be executed when needed. Configure DNS failover to point to the new disaster recovery Region's load balancer.

C.      Create an AWS CloudFormaticn template to create EC2 instances and a load balancer to be executed when needed.

Configure the DynamoDB table as a global table. Configure DNS failover to point to the new disaster recovery Region's load balancer.

D.      Create an Auto Scaling group and load balancer in the disaster recovery Region. Configure the DynamoDB table as aglobal table. Create an Amazon CloudWatch alarm to trigger an AWS Lambda function that updates Amazon Route 53 pointing to the disaster recovery load balancer.

Correct Answer: A

Section: (none)

有技術問題？點擊這裡 聯絡我們的小豬科技專員。

QUESTION 336

A manufacturing company has machine sensors that upload .csv files to an Amazon S3 bucket. These .csv files must be converted into images and must be made available as soon as possible for the automatic generation of graphical reports.

The images become irrelevant after 1 month, but the .csv files must be kept to train machine learning (ML) models twice a year. The ML trainings and audits are planned weeks in advance Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO)

A.       Launch an Amazon EC2 Spot Instance that downloads the .csv files every hour, generates the image files and uploads the images to the S3 bucket.

B.       Design an AWS Lambda function that converts the .csv files into images and stores the images in the S3 bucket Invoke the Lambda function when a .csv file is uploaded

C.      Create S3 Lifecycle rules for .csv files and image files in the S3 bucket Transition the .csv files from S3 Standard to S3 Glacier 1 day after they are uploaded Expire the image files after 30 days.

D.      Create S3 Lifecycle rules for .csv files and image files in the S3 bucket. Transition the .csv files from S3 Standard to S3One Zone-Infrequent Access (S3 One Zone-IA)1day after they are uploaded. Expire the image files after 30 days.

E.       Create S3 Lifecycle rules for .csv files and image files in the S3 bucket. Transition the .csv files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 1 day after they are uploaded. Keep the image files in Reduced Redundancy Storage(RRS).

Correct Answer: BC

Section: (none)

QUESTION 337

A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees' devices. Thefiles are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.

Which solution will meet these requirements?

A.       Migrate the file server to an Amazon EC2 instance in a public subnet Configure the security group to limit inbound traffic to the employees' IP addresses

B.       Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.

C.      Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.

D.      Migrate the files to Amazon S3, and create a public VPC endpoint Allow employees to sign on with AWS Single Sign-on.

Correct Answer: B

Section: (none)

QUESTION 338

A company offers a food delivery service that is growing rapidly. Because of the growth, the company's order processing system is experiencing scaling problems during peak traffic hours. The current architecture includes the following:

-  A group of Amazon EC2instances that run in an Amazon EC2 Auto Scaling group to collect orders from the application

-  Another group of EC2instances that run in an Amazon EC2 Auto Scaling group to fulfill orders The order collection process occurs quickly, but the order fulfillment process can take longer Data must not be lost because of a scaling event.

A solutions architect must ensure that the order collection process and the order fulfillment process can both scale properlyduring peak traffic hours. The solution must optimize utilization of the company's AWS resources.

Which solution meets these requirements?

A.       Use Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups. Configure each Auto Scaling group's minimum capacity according to peak workload values.

B.       Use Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups. Configure a

CloudWatch alarm to invoke an Amazon Simple Notification Service (Amazon SNS) topic that creates additional Auto

Scaling groups on demand.

C.      Provision two Amazon Simple Queue Service (Amazon SQS) queues: one for order collection and another for order

fulfillment Configure the EC2instances to poll their respective queue. Scale the Auto Scaling groups based on notifications that the queues send.

D.      Provision two Amazon Simple Queue Service (Amazon SQS)queues: one for order collection and another for order

fulfillment Configure the EC2instances to poll their respective queue. Create a metric based on a

backlog per instance

calculation. Scale the Auto Scaling groups based on this metric.

Correct Answer: D

Section: (none)

QUESTION 339

A company has hired a solutions architect to design a reliable architecture for its application. The application consists of oneAmazon RDS DB instance and two manually provisioned Amazon EC2instances that run web servers. The EC2 instances are located in a single Availability Zone. An employee recently deleted the DB instance, and the application was unavailable for 24 hours as a result. The company is concerned with the overall reliability of its environment. What should the solutions architect do to maximize reliability of the application's infrastructure?

A.       Delete one EC2 instance and enable termination protection on the other EC2instance. Update the DB instance to be Multi-AZ, and enable deletion protection.

B.       Update the DB instance to be Multi-AZ, and enable deletion protection. Place the EC2instances behind an Application Load Balancer, and run them in an EC2 Auto Scaling group across multiple Availability Zones.

C.      Create an additional DB instance along with an Amazon API Gateway and an AWS Lambda function. Configure the application to invoke the Lambda function through API Gateway. Have the Lambda function write the data to the two DB instances.

D.      Place the EC2 instances in an EC2 Auto Scaling group that has multiple subnets located in multiple Availability Zones.Use Spot instances instead of On-Demand instances. Set up Amazon CloudWatch alarms to monitor the health of the instances. Update the DB instance to be Multi-AZ, and enable deletion protection.

Correct Answer: B

Section: (none)

QUESTION 340

A company is hosting a web application from an Amazon S3 bucket. The application uses Amazon Cognito as an identityprovider to authenticate users and return a JSON Web Token (JWT) that provides access to protected resources that are stored in another S3 bucket.

Upon deployment of the application, users report errors and are unable to access the protected content. A solutions architect must resolve this issue by providing proper permissions so that users can access the protected content.

Which solution meets these requirements?

A.       Update the Amazon Cognito identity pool to assume the proper IAM role for access to the protected content.

B.       Update the S3ACl to allow the application to access the protected content

C.      Redeploy the application to Amazon S3 to prevent eventually consistent reads in the S3 bucket from affecting the ability of users to access the protected content

D.      Update the Amazon Cognito pool to use custom attribute mappings within the identity pool and grant users the proper permissions to access the protected content

Correct Answer: A

Section: (none)

探索小豬科技的全新服務，了解更多 讓我們助您站上雲端！

QUESTION 341

A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that is located in the same AWS account.

Which solution will meet these requirements in the MOST secure manner?

A.       Apply an S3 bucket policy that grants read access to the S3 bucket.

B.       Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to the S3 bucket

C.      Embed an access key and a secret key in the Lambda function's code to grant the required IAM permissions for read access to the S3 bucket.

D.      Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to all S3

buckets in the account.

Correct Answer: B

Section: (none)

QUESTION 342

A company is storing 700 terabytes of data on a large network-attached storage (NAS) system in its corporate datacenter. The company has a hybrid environment with a 10 Gbps AWS Direct Connect connection.

After an audit from a regulator, the company has 90 days to move the data to the cloud. The company needs to move the dataefficiently and without disruption. The company still needs to be able to access and update the data during the transfer window.

Which solution will meet these requirements?

A.       Create an AWS DataSync agent in the corporate data center. Create a data transfer task. Start the transfer to an Amazon S3 bucket

B.       Back up the data to AWS Snowball Edge Storage Optimized devices. Ship the devices to an AWS data center. Mount a target Amazon S3 bucket on the on-premises file system

C.      User sync to copy the data directly from local storage to a designated Amazon S3 bucket over the Direct Connect connection.

D.      Back up the data on tapes. Ship the tapes to an AWS data center. Mount a target Amazon S3 bucket on the on-premises file system

Correct Answer: A

Section: (none)

QUESTION 343

A company wants to implement a disaster recovery plan for its primary on-premises file storage volume. The file storage volumeis mounted from an Internet Small Computer Systems Interface (iSCSI) device on a local storage server. The file storage volumeholds hundreds of terabytes (TB) of data. The company wants to ensure that end users retain immediate access to all file types from the on-premises systems without experiencing latency.

Which solution will meet these requirements with the LEAST amount of change to the company's existing infrastructure?

A.       Provision an Amazon S3 File Gateway as a virtual machine (VM) that is hosted on premises Set the local cache to 10 TB. Modify existing applications to access the files through the NFS protocol. To recover from a disaster. provision an AmazonEC2 instance and mount the S3 bucket that contains the files

B.       Provision an AWS Storage Gateway tape gateway Use a data backup solution to back up all existing data to a virtualtape library Configure the data backup solution to run nightly after the initial backup is complete. To recover from a disaster. provision an Amazon EC2 instance and restore the data to an Amazon Elastic Block Store (Amazon EBS) volume from the volumes in the virtual tape library

C.      Provision an AWS Storage Gateway Volume Gateway cached volume. Set the local cache to 10 TB Mount the VolumeGateway cached volume to the existing file server by using iSCSI, and copy all files to the storage volume. Configure scheduled snapshots of the storage volume To recover from a disaster, restore a snapshot to an Amazon Elastic Block Store (Amazon EBS) volume and attach the EBS volume to an Amazon EC2 instance

D.      Provision an AWS Storage Gateway Volume Gateway stored volume with the same amount of disk space as the existingfile storage volume. Mount the Volume Gateway stored volume to the existing file server by using iSCSI, and copy all files to the storage volume. Configure scheduled snapshots of the storage volume To recover from a disaster,restore a snapshot to an Amazon Elastic Block Store (Amazon EBS) volume and attach the EBS volume to an Amazon EC2 instance

Correct Answer: D

Section: (none)

QUESTION 344

A solutions architect must secure a VPC network that hosts Amazon EC2instances. The EC2instances contain highly sensitive data and run in a private subnet. According to company policy, the EC2instances that run in the VPC can access only approvedthird-party software repositories on the internet for software product updates that use the third party's URL Other internet traffic must be blocked.

Which solution meets these requirements?

A.       Update the route table for the private subnet to route the outbound traffic to an AWS Network Firewall firewall Configure domain list rule groups

B.       Set up an AWS WAF web ACL Create a custom set of rules that filter traffic requests based on source and destination IP address range sets

C.      Implement strict inbound security group rules. Configure an outbound rule that allows traffic only to the authorized software repositories on the internet by specifying the URLs

D.      Configure an Application Load Balancer (ALB)in front of the EC2 instances. Direct all outbound traffic to the ALB. Use a URL-based rule listener in the ALB's target group for outbound access to the internet.

Correct Answer: A

Section: (none)

QUESTION 345

A company hosts a multi-tier web application on Amazon Linux Amazon EC2instances behind an Application Load Balancer.The instances run in an Auto Scaling group across multiple Availability Zones. The company observes that the Auto Scaling group launches more On-Demand Instances when the application's end users access high volumes of static web content. Thecompany wants to optimize cost. What should a solutions architect do to redesign the application MOST cost-effectively?

A.       Update the Auto Scaling group to use Reserved Instances instead of On-Demand Instances.

B.       Update the Auto Scaling group to scale by launching Spot Instances instead of On-Demand Instances.

C.      Create an Amazon CloudFront distribution to host the static web contents from an Amazon S3 bucket.

D.      Create an AWS Lambda function behind an Amazon API Gateway API to host the static website contents.

Correct Answer: C

Section: (none)

立即註冊小豬科技，點擊這裡 開始您的雲端之旅！

QUESTION 346

A company wants to securely exchange data between its software as a service (SaaS) application Salesforce account and Amazon S3.The company must encrypt the data at rest by using AWS Key Management Service (AWS KMS) customer managed keys(CMKs). The company must also encrypt the data in transit. The company has enabled API access for theSalesforce account. Which solution will meet these requirements with the LEAST development effort?

A.       Create AWS Lambda functions to transfer the data securely from Salesforce to Amazon S3

B.       Create an AWS Step Functions workflow. Define the task to transfer the data securely from Salesforce to Amazon S3

C.      Create Amazon AppFlow flows to transfer the data securely from Salesforce to Amazon S3

D.      Create a custom connector for Salesforce to transfer the data securely from Salesforce to Amazon S3

Correct Answer: C

Section: (none)

QUESTION 347

A consulting company provides professional services to customers worldwide.The company provides solutions and tools forcustomers to expedite gathering and analyzing data on AWS.The company needs to centrally manage and deploy a common set of solutions and tools for customers to use for self-service purposes.

Which solution will meet these requirements?

A.       Create AWS CloudFormation templates for the customers

B.       Create AWS Service Catalog products for the customers

C.      Create AWS Systems Manager templates for the customers

D.      Create AWS Config items for the customers

Correct Answer: B

Section: (none)

QUESTION 348

An ecommerce company wants to use machine learning (ML) algorithms to build and train models.The company will use the models to visualize complex scenarios and to detect trends in customer data. The architecture team wants to integrate its MLmodels with a reporting platform to analyze the augmented data and use the data directly in its business intelligence dashboards. Which solution will meet these requirements with the LEAST operational overhead?

A.       Use AWS Glue to create an ML transform to build and train models. Use Amazon OpenSearch Service to visualize the data

B.       Use Amazon SageMaker to build and train models. Use Amazon QuickSight to visualize the dat

C.      Use a pre-built ML Amazon Machine Image (AMl) from the AWS Marketplace to build and train models. Use Amazon OpenSearch Service to visualize the data

D.      Use Amazon QuickSight to build and train models by using calculated fields. Use Amazon QuickSight to visualize the data

Correct Answer: B

Section: (none)

QUESTION 349

A company runs a web application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer that has sticky sessions enabled.The web server currently hosts the user session state.The company wants to ensure highavailability and avoid user session state loss in the event of a web server outage.

Which solution will meet these requirements?

A.       Use an Amazon ElastiCache for Memcached instance to store the session data. Update the application to use ElastiCache for Memcached to store the session state

B.       Use Amazon ElastiCache for Redis to store the session state. Update the application to use ElastiCache for Redis to store the session state

C.      Use an AWS Storage Gateway cached volume to store session data. Update the application to use AWS Storage Gateway cached volume to store the session state

D.      Use Amazon RDS to store the session state.Update the application to use Amazon RDS to store the session state

Correct Answer: B

Section: (none)

QUESTION 350

A company runs container applications by using Amazon Elastic Kubernetes Service(Amazon EKS).The company's workload isnot consistent throughout the day.The company wants Amazon EKS to scale in and out according to the workload.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Select TWO.)

A.       Use an AWS Lambda function to resize the EKS cluster

B.       Use the Kubernetes Metrics Server to activate horizontal pod autoscaling

C.      Use the Kubernetes Cluster Autoscaler to manage the number of nodes in the cluster

D.      Use Amazon API Gateway and connect it to Amazon EKS

E.       Use AWS App Mesh to observe network activity

Correct Answer: BC

Section: (none)

如需幫助，立即聯絡 我們的小豬科技專員，快速解決您的需求。

QUESTION 351

A company has a stateless web application that runs on AWS Lambda functions that are invoked by Amazon API Gateway.The company wants to deploy the application across multiple AWS Regions to provide Regional failover capabilities.

What should a solutions architect do to route traffic to multiple Regions?

A.       Create Amazon Route 53 health checks for each Region. Use an active-active failover configuration

B.       Create an Amazon CloudFront distribution with an origin for each Region. Use CloudFront health checks to route traffic

C.      Create a transit gateway. Attach the transit gateway to the API Gateway endpoint in each Region. Configure the transit gateway to route requests

D.      Create an Application Load Balancer in the primary Region. Set the target group to point to the API Gateway endpoint hostnames in each Region

Correct Answer: B

Section: (none)

QUESTION 352

A company wants to implement a backup strategy for Amazon EC2 data and multiple Amazon S3 buckets. Because of regulatory requirements,the company must retain backup files for a specific time period.The company must not alter the files for the duration of the retention period.

Which solution will meet these requirements?

A.       Use AWS Backup to create a backup vault that has a vault lock in governance mode. Create the required backup plan

B.       Use Amazon Data Lifecycle Manager to create the required automated snapshot policy

C.      Use Amazon S3 File Gateway to create the backup. Configure the appropriate S3 Lifecycle management

D.      Use AWS Backup to create a backup vault that has a vault lock in compliance mode. Create the required backup plan

Correct Answer: D

Section: (none)

QUESTION 353

A company that uses AWS has discovered that a former employee has launched large Amazon EC2 instances to minecryptocurrencies.The company wants to prevent the launch of new large instances. The company needs a solution that sends notifications if instances are used for mining activities. The solution also needs to centrally manage IAM users by using MicrosoftActive Directory as an identity provider (IdP). Which solution will meet these requirements?

A.       Use Amazon GuardDuty and Amazon EventBridge to detect mining activities and provide notifications. Implement AWS Organizations and a service control policy(SCP) that denies large instances. Implement single sign-on (SSO) with AWSDirectory Service for Microsoft Active Directory as the IdP to manage the users

B.       Use Amazon Macie and Amazon EventBridge to detect mining activities and provide notifications. Implement AWS Organizations and a service control policy (SCP) that denies large instances. Implement single sign-on (SSO) with AWSDirectory Service for Microsoft Active Directory as the IdP to manage the users

C.      Use Amazon GuardDuty and Amazon EventBridge to detect mining activities and provide notifications. Implement AWS Organizations and a service control policy (SCP) that denies large instances. Implement Amazon Cognito with AWS Directory Service for Microsoft Active Directory as the IdP to manage the users

D.      Use Amazon Macie and Amazon EventBridge to detect mining activities and provide notifications. Implement AWS Organizations and a service control policy (SCP) that denies large instances. Implement Amazon Cognito with AWSDirectory Service for Microsoft Active Directory as the IdP to manage the users

Correct Answer: A

Section: (none)

QUESTION 354

A company uses Amazon S3 to store high-resolution pictures in an S3 bucket. To minimize application changes,thecompany stores the pictures as the latest version of an S3 object. The company needs to retain only the two most recent versions of the pictures.

The company wants to reduce costs.The company has identified the S3 bucket as a large expense Which solution will reduce the S3 costs with the LEAST operational overhead?

A.       Use S3 Lifecycle to delete expired object versions and retain the two most recent versions

B.       Use an AWS Lambda function to check for older versions and delete all but the two most recent versions

C.      Use S3 Batch Operations to delete noncurrent object versions and retain only the two most recent versions

D.      Deactivate versioning on the S3 bucket and retain the two most recent versions

Correct Answer: D

Section: (none)

QUESTION 355

An application that is hosted on Amazon EC2 instances needs to access an Amazon S3 bucket. Traffic must not traverse the internet.

How should a solutions architect configure access to meet these requirements?

A.       Create a private hosted zone by using Amazon Route 53

B.       Set up a gateway VPC endpoint for Amazon S3 in the VPC

C.      Configure the EC2 instances to use a NAT gateway to access the S3 bucket

D.      Establish an AWS Site-to-Site VPN connection between the VPC and the S3 bucket

Correct Answer: B

Section: (none)

享受一流的雲端支持，馬上註冊 小豬科技！

QUESTION 356

A company needs to integrate with a third-party data feed. The data feed sends a webhook to notify an external service whennew data is ready for consumption. A developer wrote an AWS Lambda function to retrieve data when the company receives a webhook callback. The developer must make the Lambda function available for the third party to call.

Which solution will meet these requirements with the MOST operational efficiency?

A.       Create a function URL for the Lambda function. Provide the Lambda function URL to the third party for the webhook

B.       Deploy an Application Load Balancer (ALB) in front of the Lambda function. Provide the ALB URL to the third party for the webhook

C.      Create an Amazon Simple Notification Service(Amazon SNS) topic. Attach the topic to the Lambda function. Provide the public hostname of the SNS topic to the third party for the webhook

D.      Create an Amazon Simple Queue Service (Amazon SQS) queue. Attach the queue to the Lambda function. Provide the public hostname of the SQS queue to the third party for the webhook

Correct Answer: A

Section: (none)

QUESTION 357

A company uses AWS and sells access to copyrighted images. The company's global customer base needs to be able toaccess these images quickly. The company must deny access to users from specific countries.The company wants to minimize costs as much as possible.

Which solution will meet these requirements?

A.       Use Amazon S3 to store the images. Turn on multi-factor authentication (MFA) and public bucket access. Provide customers with a link to the S3 bucket

B.       Use Amazon S3 to store the images. Create an IAM user for each customer. Add the users to a group that has permission to access the S3 bucket

C.      Use Amazon EC2 instances that are behind Application Load Balancers (ALBs) to store the images.

Deploy the instances only in the countries the company

services. Provide customers with links to the ALBs for their specific country's instances

D.      Use Amazon S3 to store the images. Use Amazon CloudFront to distribute the images with geographic restrictions. Provide a signed URL for each customer to access the data in CloudFront

Correct Answer: D

Section: (none)

QUESTION 358

A solutions architect wants to use the following JsON text as an identity-based policy to grant specific permissions:

{"Statement": [{ "Action":[ "ssm:ListDocuments", "ssm: GetDocument'

],

"Effect": "Allow",

"Resource": "*"

"Sid": "'}

],

"Version":"2012-10-17"

}

Which IAM principals can the solutions architect attach this policy to?(Select TWO.)

A.       Role

B.       Group

C.      Organization

D.      Amazon Elastic Container Service (Amazon ECS) resource

E.       Amazon EC2 resource

Correct Answer: AB

Section: (none)

QUESTION 359

A company hosts an internal serverless application on AWS by using Amazon API Gateway and AWS Lambda. The company'semployees report issues with high latency when they begin using the application each day. The company wants to reduce latency.

Which solution will meet these requirements?

A.       Increase the API Gateway throttling limit

B.       Set up a scheduled scaling to increase Lambda provisioned concurrency before employees begin to use the application each day.

C.      Create an Amazon CloudWatch alarm to initiate a Lambda function as a target for the alarm at the beginning of each day,

D.      Increase the Lambda function memory

Correct Answer: B

Section: (none)

QUESTION 360

A company is subscribed to the AWS Business Support plan. Compliance rules require the company to check on AWSinfrastructure health before deployments can proceed. The company needs a programmatic and automated way to check on infrastructure health at the beginning of new deployments.

Which solution will meet these requirements?

A.       Use the AWS Trusted Advisor API at the start of each deployment. Pause all new deployments if the API returns any issues

B.       Use the AWS Health API at the start of each deployment. Pause all new deployments if the API returns any issues

C.      Query the AWS Support API at the start of each deployment Pause all new deployments if the API returns any open issues

D.      Send an API call to each workload ahead of deployment Pause the deployments if the API call fails

Correct Answer: B

Section: (none)

需要更詳細的資訊？聯絡專員，我們會為您提供最佳建議。