AWS Certified Solutions Architect - Associate SAA-C03 證照考古題

AWS 架構師證照考古題大全20241010

AWS Certified Solutions Architect - Associate SAA-C03

Amazon Web Service（AWS 亞馬遜）全系列考古題，2024年最新題庫，持續更新，全網最完整。AWS 證照含金量高，自我進修、跨足雲端產業必備近期版本更新，隨時追蹤最新趨勢變化。

QUESTION 401

A company wants to provide users with access to AWS resources. The company has 1,500 users and manages their access to on-premises resources through Active Directory user groups on the corporate network. However, the company does not want users to have to maintain another identity to access the resources. A solutions architect must manage user access to the AWSresources while preserving access to the on-premises resources.

What should the solutions architect do to meet these requirements?

A.       Create an IAM user for each user in the company. Attach the appropriate policies to each user.

B.       Use Amazon Cognito with an Active Directory user pool Create roles with the appropriate policies attached.

C.      Define cross-account roles with the appropriate policies attached. Map the roles to the Active Directory groups.

D.      Configure Security Assertion Markup Language (SAML)20-based federation. Create roles with the appropriate policies attached. Map the roles to the Active Directory groups.

Correct Answer: D

Section: (none)

QUESTION 402

A company runs several websites on AWS for its different brands. Each website generates tens of gigabytes of web traffic logs each day.A solutions architect needs to design a scalable solution to give the company's developers the ability to analyze trafficpatterns across all the company's websites. This analysis by the developers will occur on demand once a week over the course of several months. The solution must support queries with standard SQL.

Which solution will meet these requirements MOST cost-effectively?

A.       Store the logs in Amazon S3. Use Amazon Athena for analysis

B.       Store the logs in Amazon RDS. Use a database client for analysis

C.      Store the logs in Amazon OpenSearch Service (Amazon Elasticsearch Service). Use Amazon OpenSearch Service (Amazon Elasticsearch Service) for analysis.

D.      Store the logs in an Amazon EMR cluster. Use a supported open-source framework for SQL-based analysis.

Correct Answer: A

Section: (none)

QUESTION 403

A company wants to migrate two DNS servers to AWS. The servers host a total of approximately 200 zones and receive 1 million requests each day on average. The company wants to maximize availability while minimizing the operational overhead that is related to the management of the two servers. What should a solutions architect recommend to meet these requirements?

A.       Create 200 new hosted zones in the Amazon Route 53 console. Import zone files

B.       Launch a single large Amazon EC2 instance. Import zone files. Configure Amazon CloudWatch alarms and notifications to alert the company about any downtime.

C.      Migrate the servers to AWS by using AWS Server Migration Service (AWS SMS).Configure Amazon CloudWatch alarms and notifications to alert the company about any downtime

D.      Launch an Amazon EC2instance in an Auto Scaling group across two Availability Zones. Import zone files. Set the desiredcapacity to 1and the maximum capacity to 3 for the Auto Scaling group. Configure scaling alarms to scale based on CPU utilization.

Correct Answer: A

Section: (none)

QUESTION 404

A solutions architect launches an Amazon EC2 instance inside a new VPC. The solutions architect configures network ACL rules and security group rules that allow the appropriate traffic to flow to and from the instance. An Elastic IP address is associated withthe instance. The solutions architect needs to be able to access the instance from the internet.

Which combination of actions should the solutions architect take to accomplish this goal? (Select TWO)

A.       Create an internet gateway. Attach the internet gateway to the VPC

B.       Create an internet gateway. Attach the internet gateway to the instance's subnet

C.      Create an internet gateway Attach the internet gateway to the instance

D.      Add a route to the route table of the instance's subnet. Route traffic from the instance's subnet to the internet gateway

E.       Add a route to the route table of the instance's subnet Route traffic from the internet gateway to the instance's subnet

Correct Answer: AD

Section: (none)

QUESTION 405

A company wants to run a gaming application on Amazon EC2 instances that are part of an Auto Scaling group in the AWS Cloud. The application will transmit data by using UDP packets. The company wants to ensure that the application can scale out and in astraffic increases and decreases. What should a solutions architect do to meet these requirements?

A.       Attach a Network Load Balancer to the Auto Scaling group.

B.       Attach an Application Load Balancer to the Auto Scaling group.

C.      Deploy an Amazon Route 53 record set with a weighted policy to route traffic appropriately

D.      Deploy a NAT instance that is configured with port forwarding to the EC2 instances in the Auto Scaling group

Correct Answer: A

Section: (none)

掌握最新科技，點擊這裡 深入了解小豬科技的創新方案！

QUESTION 406

An ecommerce company has an order-processing application that uses Amazon API Gateway and an AWS Lambda function. The application stores data in an Amazon Aurora PostgreSQL database.During a recent sales event, a sudden surge in customer orders occurred. Some customers experienced timeouts, and the application did not process the orders of those customers. A solutions architect determined that the CPU utilization and memory utilization were high on the database because of a large number of open connections. The solutions architect needs to prevent the timeout errors while making the least possible changes to the application.

Which solution will meet these requirements?

A.       Configure provisioned concurrency for the Lambda function. Modify the database to be a global database in multiple AWS Regions.

B.       Use Amazon RDS Proxy to create a proxy for the database. Modify the Lambda function to use the RDS Proxy endpoint instead of the database endpoint.

C.      Create a read replica for the database in a different AWS Region. Use query string parameters in API Gateway to route traffic to the read replica.

D.      Migrate the data from Aurora PostgreSQL to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS). Modify the Lambda function to use the DynamoDB table.

Correct Answer: B

Section: (none)

QUESTION 407

A company is building an Amazon Elastic Kubernetes Service (Amazon EKS) cluster for its workloads All

secrets that are stored in Amazon EKS must be encrypted in the Kubernetes etcd key-value store. Which solution will meet these requirements?

A.       Create a new AWS Key Management Service(AWS KMS) key. Use AWS Secrets Manager to manage,rotate,and store all secrets in Amazon EKS

B.       Create a new AWS Key Management Service(AWS KMS) key.Enable Amazon EKS KMS secrets encryption on the Amazon EKS cluster

C.      Create the Amazon EKS cluster with default options. Use the Amazon Elastic Block Store (Amazon EBS) Container Storage Interface(CSl) driver as an add-on

D.      Create a new AWS Key Management Service (AWS KMS) key with the alias/aws/ebs alias Enable default Amazon Elastic Block Store(Amazon EBS) volume encryption for the account.

Correct Answer: B

Section: (none)

QUESTION 408

A research company uses on-premises devices to generate data for analysis. The company wants to use the AWS Cloud toanalyze the data. The devices generate .csv files and support writing the data to an SMB file share.Company analysts must be able to use SQL commands to query the data. The analysts will run queries periodically throughout the day.

Which combination of steps will meet these requirements MOST cost-effectively?(Select THREE.)

A.       Deploy an AWS Storage Gateway on premises in Amazon S3 File Gateway mode

B.       Deploy an AWS Storage Gateway on premises in Amazon FSx File Gateway mode

C.      Set up an AWS Glue crawler to create a table based on the data that is in Amazon S3

D.      Set up an Amazon EMR cluster with EMR File System(EMRFS)to query the data that is in Amazon S3.Provide access to analysts

E.       Set up an Amazon Redshift cluster to query the data that is in Amazon S3.Provide access to analysts

F.       Set up Amazon Athena to query the data that is in Amazon S3.Provide access to analysts

Correct Answer: ACF

Section: (none)

QUESTION 409

A company wants to use high-performance computing and artificial intelligence to improve its fraud prevention and detectiontechnology. The company requires distributed processing to complete a single workload as quickly as possible.

Which solution will meet these requirements?

A.       Use Amazon Elastic Kubernetes Service(Amazon EKS) and multiple containers

B.       Use AWS ParallelCluster and the Message Passing Interface (MPl) libraries

C.      Use an Application Load Balancer and Amazon EC2 instances

D.      Use AWS Lambda functions

Correct Answer: B

Section: (none)

QUESTION 410

A company has an application that ingests incoming messages. Dozens of other applications and microservices then quickly consume these messages. The number of messages varies drastically and sometimes increases suddenly to 100,000 each second.The company wants to decouple the solution and increase scalability.

Which solution meets these requirements?

A.       Persist the messages to Amazon Kinesis Data Analytics. Configure the consumer applications to read and process the messages.

B.       Deploy the ingestion application on Amazon EC2 instances in an Auto Scaling group to scale the number of EC2 instances based on CPU metrics.

C.      Write the messages to Amazon Kinesis Data Streams with a single shard. Use an AWS Lambda function to preprocessmessages and store them in Amazon DynamoDB. Configure the consumer applications to read from DynamoDB to process the messages.

D.      Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with multiple Amazon Simple QueueService (Amazon SOS) subscriptions. Configure the consumer applications to process the messages from the queues.

Correct Answer: D

Section: (none)

註冊小豬科技，立即擁有彈性且高效的雲端服務，點擊這裡

QUESTION 411

A company has an on-premises application that generates a large amount of time-sensitive data that is backed up to Amazon S3. The application has grown and there are user complaints about internet bandwidth limitations. A solutions architect needs todesign a long-term solution that allows for both timely backups to Amazon S3 and with minimal impact on internet connectivity for internal users.

Which solution meets these requirements?

A.       Establish AWS VPN connections and proxy all traffic through a VPC gateway endpoint.

B.       Establish a new AWS Direct Connect connection and direct backup traffic through this new connection.

C.      Order daily AWS Snowball devices. Load the data onto the Snowball devices and return the devices to AWS each day.

D.      Submit a support ticket through the AWS Management Console. Request the removal of S3 service limits from the account.

Correct Answer: B

Section: (none)

QUESTION 412

A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs ta share an Amazon Machine Image (AMI) from an existing AWS account with theMSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses an AWS Key Management Service (AWS KMS) customer managed key to encrypt EBS volume snapshots.

What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?

A.       Make the encrypted AMI and snapshots publicly available. Modify the key policy to allow the MSP Partner's AWS account to use the key.

B.       Modify the launchPermission property of the AMI. Share the AMI with the MSP Partner's AWS account only. Modify the key policy to allow the MSP Partner's AWS account to use the key.

C.      Modify the launchPermission property of the AMI. Share the AMI with the MSP Partner's AWS account only. Modify the keypolicy to trust a new KMS key that is owned by the MSP Partner for encryption.

D.      Export the AMI from the source account to an Amazon S3 bucket in the MSP Partner's AWS account, Encrypt the S3 bucketwith a new KMS key that is owned by the MSP Partner. Copy and launch the AMI in the MSP Partner's AWS account.

Correct Answer: B

Section: (none)

QUESTION 413

A company hosts multiple production applications. One of the applications consists of resources from Amazon EC2, AWS Lambda, Amazon RDS, Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Queue Service (Amazon SQS) across multiple AWS Regions. All company resources are tagged with a tag name of pplication?and a value that corresponds to eachapplication. A solutions architect must provide the quickest solution for identifying all of the tagged components.

Which solution meets these requirements?

A.       Use AWS CloudTrail to generate a list of resources with the application tag.

B.       Use the AWS CLI to query each service across all Regions to report the tagged components.

C.      Run a query in Amazon CloudWatch Logs Insights to report on the components with the application tag.

D.      Run a query with the AWS Resource Groups Tag Editor to report on the resources globally with the application tag.

Correct Answer: D

Section: (none)

QUESTION 414

A company needs to export its database once a day to Amazon S3 for other teams to access. The exported object size varies between 2 GB and 5 GB. The S3 access pattern for the data is variable and changes rapidly. The data must be immediatelyavailable and must remain accessible for up to 3 months. The company needs the most cost-effective solution that will not increase retrieval time.

Which S3 storage class should the company use to meet these requirements?

A.       S3 Intelligent-Tiering

B.       S3 Glacier Instant Retrieval

C.      S3 Standard

D.      S3 Standard-Infrequent Access (S3 Standard-IA)

Correct Answer: A

Section: (none)

QUESTION 415

A company is developing a new mobile app. The company must implement proper traffic filtering to protect its Application Load Balancer (ALB) against common application-level attacks, such as cross-site scripting or SQL injection. The company has minimal infrastructure and operational staff. The company needs to reduce its share of the responsibility in managing, updating, andsecuring servers for its AWS environment.

What should a solutions architect recommend to meet these requirements?

A.       Configure AWS WAF rules and associate them with the ALB.

B.       Deploy the application using Amazon S3 with public hosting enabled.

C.      Deploy AWS Shield Advanced and add the ALB as a protected resource.

D.      Create a new ALB that directs traffic to an Amazon EC2 instance running a third-party firewall, which then passes the traffic to the current ALB.

Correct Answer: A

Section: (none)

您值得擁有最好的支援，立即聯絡 我們的專員！

QUESTION 416

A company reporting system delivers hundreds of .csv files to an Amazon S3 bucket each day. The company must convert thesefiles to Apache Parquet format and must store the files in a transformed data bucket.

Which solution will meet these requirements with the LEAST development effort?

A.       Create an Amazon EMR cluster with Apache Spark installed. Write a Spark application to transform the data. Use EMR File System (EMRFS) to write files to the transformed data bucket.

B.       Create an AWS Glue crawler to discover the data. Create an AWS Glue extract, transform, and load (ETL) job to transform the data. Specify the transformed data bucket in the output step.

C.      Use AWS Batch to create a job definition with Bash syntax to transform the data and output the data to the transformed databucket. Use the job definition to submit a job. Specify an array job as the job type.

D.      Create an AWS Lambda function to transform the data and output the data to the transformed data bucket. Configure an event notification for the S3 bucket. Specify the Lambda function as the destination for the event notification.

Correct Answer: B

Section: (none)

QUESTION 417

A company has 700 TB of backup data stored in network attached storage (NAS) in its data center. This backup data need tobe accessible for infrequent regulatory requests and must be retained 7 years. The company has decided to migrate this backup data from its data center to AWS. The migration must be

complete within 1 month. The company has 500 Mbps of dedicated bandwidth on its public internet connection available for data transfer.

What should a solutions architect do to migrate and store the data at the LOWEST cost?

A.       Order AWS Snowball devices to transfer the data. Use a lifecycle policy to transition the files to Amazon S3 Glacier Deep Archive.

B.       Deploy a VPN connection between the data center and Amazon VPC. Use the AWS CLI to copy the data from on premises to Amazon S3 Glacier.

C.      Provision a 500 Mbps AWS Direct Connect connection and transfer the data to Amazon S3. Use a lifecycle policy to transition the files to Amazon S3 Glacier Deep Archive.

D.      Use AWS DataSync to transfer the data and deploy a DataSync agent on premises. Use the DataSync task to copy files from the on-premises NAS storage to Amazon S3 Glacier.

Correct Answer: A

Section: (none)

QUESTION 418

A company has a serverless website with millions of objects in an Amazon S3 bucket. The company uses the S3 bucket as theorigin for an Amazon CloudFront distribution. The company did not set encryption on the S3 bucket before the objects were loaded. A solutions architect needs to enable encryption for all existing objects and for all objects that are added to the S3 bucket in the future.

Which solution will meet these requirements with the LEAST amount of effort?

A.       Create a new S3 bucket. Turn on the default encryption settings for the new S3 bucket. Download all existing objects to temporary local storage. Upload the objects to the new S3 bucket.

B.       Turn on the default encryption settings for the S3 bucket. Use the S3 Inventory feature to create a .csv file that lists theunencrypted objects. Run an S3 Batch Operations job that uses the copy command to encrypt those objects.

C.      Create a new encryption key by using AWS Key Management Service (AWS KMS). Change the settings on the S3 bucket to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS). Turn on versioning for the S3 bucket.

D.      Navigate to Amazon S3 in the AWS Management Console. Browse the S3 bucket objects. Sort by the encryption field. Select each unencrypted object. Use the Modify button to apply default encryption settings to every unencrypted object in the S3 bucket.

Correct Answer: B

Section: (none)

QUESTION 419

A company has a web server running on an Amazon EC2 instance in a public subnet with an Elastic IP address. The default security group is assigned to the EC2 instance. The default network ACL has been modified to block all traffic. A solutions architectneeds to make the web server accessible from everywhere on port 443.

Which combination of steps will accomplish this task? (Choose two.)

A.       Create a security group with a rule to allow TCP port 443 from source 0.0.0.0/0.

B.       Create a security group with a rule to allow TCP port 443 to destination 0.0.0.0/0.

C.      Update the network ACL to allow TCP port 443 from source 0.0.0.0/0.

D.      Update the network ACL to allow inbound/outbound TCP port 443 from source 0.0.0.0/0 and to destination 0.0.0.0/0.

E.       Update the network ACL to allow inbound TCP port 443 from source 0.0.0.0/0 and outbound TCP port 32768-65535 to destination 0.0.0.0/0.

Correct Answer: AE

Section: (none)

QUESTION 420

A company application is having performance issues. The application is stateful and needs to complete in-

memory tasks on Amazon EC2 instances. The company used AWS CloudFormation to deploy infrastructure and used the M5EC2 instance family. As traffic increased, the application performance degraded. Users are reporting delays when the users attempt to access the application.

Which solution will resolve these issues in the MOST operationally efficient way?

A.       Replace the EC2 instances with T3 EC2 instances that run in an Auto Scaling group. Make the changes by using the AWS Management Console.

B.       Modify the CloudFormation templates to run the EC2 instances in an Auto Scaling group. Increase the desired capacity and the maximum capacity of the Auto Scaling group manually when an increase is necessary.

C.      Modify the CloudFormation templates. Replace the EC2 instances with R5 EC2 instances. Use Amazon CloudWatch built-in EC2 memory metrics to track the application performance for future capacity planning.

D.      Modify the CloudFormation templates. Replace the EC2 instances with R5 EC2 instances. Deploy the Amazon CloudWatch agent on the EC2 instances to generate custom application latency metrics for future capacity planning.

Correct Answer: D

Section: (none)

準備迎接數位化轉型？了解更多 小豬科技的專業支援！

QUESTION 421

A solutions architect is designing a new API using Amazon API Gateway that will receive requests from users. The volume ofrequests is highly variable; several hours can pass without receiving a single request. The data processing will take placeasynchronously, but should be completed within a few seconds after a request is made.

Which compute service should the solutions architect have the API invoke to deliver the requirements at the lowest cost?

A.       An AWS Glue job

B.       An AWS Lambda function

C.      A containerized service hosted in Amazon Elastic Kubernetes Service (Amazon EKS)

D.      A containerized service hosted in Amazon ECS with Amazon EC2

Correct Answer: B

Section: (none)

QUESTION 422

A company runs an application on a group of Amazon Linux EC2 instances. For compliance reasons, the company must retain allapplication log files for 7 years. The log files will be analyzed by a reporting tool that must be able to access all the files concurrently.

Which storage solution meets these requirements MOST cost-effectively?

A.       Amazon Elastic Block Store (Amazon EBS)

B.       Amazon Elastic File System (Amazon EFS)

C.      Amazon EC2 instance store

D.      Amazon S3

Correct Answer: D

Section: (none)

QUESTION 423

A company has hired an external vendor to perform work in the company AWS account. The vendor uses an automated tool thatis hosted in an AWS account that the vendor owns. The vendor does not have IAM access to the company AWS account.

How should a solutions architect grant this access to the vendor?

A.       Create an IAM role in the company account to delegate access to the vendor IAM role. Attach the

appropriate IAM policies to the role for the permissions that the vendor requires.

B.       Create an IAM user in the company account with a password that meets the password complexity requirements. Attach the appropriate IAM policies to the user for the permissions that the vendor requires.

C.      Create an IAM group in the company account. Add the tool IAM user from the vendor account to the group. Attach theappropriate IAM policies to the group for the permissions that the vendor requires.

D.      Create a new identity provider by choosing WS account?as the provider type in the IAM console. Supply the vendorAWS account ID and user name. Attach the appropriate IAM policies to the new provider for the permissions that the vendor requires.

Correct Answer: A

Section: (none)

QUESTION 424

A company has deployed a Java Spring Boot application as a pod that runs on Amazon Elastic Kubernetes Service (Amazon EKS) in private subnets. The application needs to write data to an Amazon DynamoDB table. A solutions architect must ensure that the application can interact with the DynamoDB table without exposing traffic to the internet.

Which combination of steps should the solutions architect take to accomplish this goal? (Choose two.)

A.       Attach an IAM role that has sufficient privileges to the EKS pod.

B.       Attach an IAM user that has sufficient privileges to the EKS pod.

C.      Allow outbound connectivity to the DynamoDB table through the private subnets?network ACLs.

D.      Create a VPC endpoint for DynamoDB.

E.       Embed the access keys in the Java Spring Boot code.

Correct Answer: AD

Section: (none)

QUESTION 425

A company recently migrated its web application to AWS by rehosting the application on Amazon EC2 instances in a single AWSRegion. The company wants to redesign its application architecture to be highly available and fault tolerant. Traffic must reach all running EC2 instances randomly.

Which combination of steps should the company take to meet these requirements? (Choose two.)

A.       Create an Amazon Route 53 failover routing policy.

B.       Create an Amazon Route 53 weighted routing policy.

C.      Create an Amazon Route 53 multivalue answer routing policy.

D.      Launch three EC2 instances: two instances in one Availability Zone and one instance in another Availability Zone.

E.       Launch four EC2 instances: two instances in one Availability Zone and two instances in another Availability Zone.

Correct Answer: CE

Section: (none)

一站式雲端解決方案在等著您，立即註冊 小豬科技！

QUESTION 426

A media company collects and analyzes user activity data on premises. The company wants to migrate this capability to AWS. The user activity data store will continue to grow and will be petabytes in size. The company needs to build a highly available data ingestion solution that facilitates on-demand analytics of existing data and new data with SQL.

Which solution will meet these requirements with the LEAST operational overhead?

A.       Send activity data to an Amazon Kinesis data stream. Configure the stream to deliver the data to an Amazon S3 bucket.

B.       Send activity data to an Amazon Kinesis Data Firehose delivery stream. Configure the stream to deliver the data to an Amazon Redshift cluster.

C.      Place activity data in an Amazon S3 bucket. Configure Amazon S3 to run an AWS Lambda function on the data as the data arrives in the S3 bucket.

D.      Create an ingestion service on Amazon EC2 instances that are spread across multiple Availability Zones. Configure the service to forward data to an Amazon RDS Multi-AZ database.

Correct Answer: B

Section: (none)

QUESTION 427

A company collects data from thousands of remote devices by using a RESTful web services application that runs on an AmazonEC2 instance. The EC2 instance receives the raw data, transforms the raw data, and stores all the data in an Amazon S3 bucket. The number of remote devices will increase into the millions soon. The company needs a highly scalable solution that minimizes operational overhead.

Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

A.       Use AWS Glue to process the raw data in Amazon S3.

B.       Use Amazon Route 53 to route traffic to different EC2 instances.

C.      Add more EC2 instances to accommodate the increasing amount of incoming data.

D.      Send the raw data to Amazon Simple Queue Service (Amazon SQS). Use EC2 instances to process the data.

E.       Use Amazon API Gateway to send the raw data to an Amazon Kinesis data stream. Configure Amazon Kinesis Data Firehose to use the data stream as a source to deliver the data to Amazon S3.

Correct Answer: AE

Section: (none)

QUESTION 428

A company needs to retain its AWS CloudTrail logs for 3 years. The company is enforcing CloudTrail across a set of AWSaccounts by using AWS Organizations from the parent account. The CloudTrail target S3 bucket is configured with S3 Versioning enabled. An S3 Lifecycle policy is in place to delete current objects after 3 years.

After the fourth year of use of the S3 bucket, the S3 bucket metrics show that the number of objects has continued to rise. However, the number of new CloudTrail logs that are delivered to the S3 bucket has remained consistent.

Which solution will delete objects that are older than 3 years in the MOST cost-effective manner?

A.       Configure the organization centralized CloudTrail trail to expire objects after 3 years.

B.       Configure the S3 Lifecycle policy to delete previous versions as well as current versions.

C.      Create an AWS Lambda function to enumerate and delete objects from Amazon S3 that are older than 3 years.

D.      Configure the parent account as the owner of all objects that are delivered to the S3 bucket.

Correct Answer: B

Section: (none)

QUESTION 429

A company has an API that receives real-time data from a fleet of monitoring devices. The API stores this data in an Amazon RDS DB instance for later analysis. The amount of data that the monitoring devices send to the API fluctuates. During periods of heavytraffic, the API often returns timeout errors.

After an inspection of the logs, the company determines that the database is not capable of processing the volume of write traffic that comes from the API. A solutions architect must minimize the number of connections to the database and must ensure that data is not lost during periods of heavy traffic.

Which solution will meet these requirements?

A.       Increase the size of the DB instance to an instance type that has more available memory.

B.       Modify the DB instance to be a Multi-AZ DB instance. Configure the application to write to all active RDS DB instances.

C.      Modify the API to write incoming data to an Amazon Simple Queue Service (Amazon SQS) queue. Use an AWS Lambda function that Amazon SQS invokes to write data from the queue to the database.

D.      Modify the API to write incoming data to an Amazon Simple Notification Service (Amazon SNS) topic. Use an AWS Lambdafunction that Amazon SNS invokes to write data from the topic to the database.

Correct Answer: C

Section: (none)

QUESTION 430

A company manages its own Amazon EC2 instances that run MySQL databases. The company is manually managing replication and scaling as demand increases or decreases. The company needs a new solution that simplifies the process of adding or removing compute capacity to or from its database tier as needed. The solution also must offer improved performance, scaling, and durability with minimal effort from operations.

Which solution meets these requirements?

A.       Migrate the databases to Amazon Aurora Serverless for Aurora MySQL.

B.       Migrate the databases to Amazon Aurora Serverless for Aurora PostgreSQL.

C.      Combine the databases into one larger MySQL database. Run the larger database on larger EC2 instances.

D.      Create an EC2 Auto Scaling group for the database tier. Migrate the existing databases to the new environment.

Correct Answer: A

Section: (none)

一站式雲端解決方案在等著您，立即註冊 小豬科技！

QUESTION 431

A company is concerned that two NAT instances in use will no longer be able to support the traffic needed for the companyapplication. A solutions architect wants to implement a solution that is highly available, fault tolerant, and automatically scalable.

What should the solutions architect recommend?

A.       Remove the two NAT instances and replace them with two NAT gateways in the same Availability Zone.

B.       Use Auto Scaling groups with Network Load Balancers for the NAT instances in different Availability Zones.

C.      Remove the two NAT instances and replace them with two NAT gateways in different Availability Zones.

D.      Replace the two NAT instances with Spot Instances in different Availability Zones and deploy a Network Load Balancer.

Correct Answer: C

Section: (none)

QUESTION 432

An application runs on an Amazon EC2 instance that has an Elastic IP address in VPC A. The application requires access to a database in VPC B. Both VPCs are in the same AWS account.

Which solution will provide the required access MOST securely?

A.       Create a DB instance security group that allows all traffic from the public IP address of the application server in VPC A.

B.       Configure a VPC peering connection between VPC A and VPC B.

C.      Make the DB instance publicly accessible. Assign a public IP address to the DB instance.

D.      Launch an EC2 instance with an Elastic IP address into VPC B. Proxy all requests through the new EC2 instance.

Correct Answer: B

Section: (none)

QUESTION 433

A company runs demonstration environments for its customers on Amazon EC2 instances. Each environment is isolated in its ownVPC. The company operations team needs to be notified when RDP or SSH access to an environment has been established.

A.       Configure Amazon CloudWatch Application Insights to create AWS Systems Manager OpsItems when RDP or SSH access is detected.

B.       Configure the EC2 instances with an IAM instance profile that has an IAM role with the AmazonSSMManagedInstanceCore policy attached.

C.      Publish VPC flow logs to Amazon CloudWatch Logs. Create required metric filters. Create an Amazon CloudWatch metric alarm with a notification action for when the alarm is in the ALARM state.

D.      Configure an Amazon EventBridge rule to listen for events of type EC2 Instance State-change Notification. Configurean Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the operations team to the topic.

Correct Answer: C

Section: (none)

QUESTION 434

A solutions architect has created a new AWS account and must secure AWS account root user access. Which combination of actions will accomplish this? (Choose two.)

A.       Ensure the root user uses a strong password.

B.       Enable multi-factor authentication to the root user.

C.      Store root user access keys in an encrypted Amazon S3 bucket.

D.      Add the root user to a group containing administrative permissions.

E.       Apply the required permissions to the root user with an inline policy document.

Correct Answer: AB

Section: (none)

QUESTION 435

A company is moving its on-premises Oracle database to Amazon Aurora PostgreSQL. The database has several applications thatwrite to the same tables. The applications need to be migrated one by one with a month in between each migration. Management has expressed concerns that the database has a high number of reads and writes. The data must be kept in sync across both databases throughout the migration.

What should a solutions architect recommend?

A.       Use AWS DataSync for the initial migration. Use AWS Database Migration Service (AWS DMS) to create a change data capture (CDC) replication task and a table mapping to select all tables.

B.       Use AWS DataSync for the initial migration. Use AWS Database Migration Service (AWS DMS) to create a full load pluschange data capture (CDC) replication task and a table mapping to select all tables.

C.      Use the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a memory optimizedreplication instance. Create a full load plus change data capture (CDC) replication task and a table mapping to select all tables.

D.      Use the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a compute optimizedreplication instance. Create a full load plus change data capture (CDC) replication task and a table mapping to select the largest tables.

Correct Answer: C

Section: (none)

您的最佳雲端夥伴就在這裡，點擊這裡 了解我們的服務。

QUESTION 436

A company has a three-tier application for image sharing. The application uses an Amazon EC2 instance for the front-end layer,another EC2 instance for the application layer, and a third EC2 instance for a MySQL database. A solutions architect must design a scalable and highly available solution that requires the least

amount of change to the application. Which solution meets theserequirements?

A.       Use Amazon S3 to host the front-end layer. Use AWS Lambda functions for the application layer. Move the database to an Amazon DynamoDB table. Use Amazon S3 to store and serve users?images.

B.       Use load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end layer and the application layer. Movethe database to an Amazon RDS DB instance with multiple read replicas to serve users?images.

C.      Use Amazon S3 to host the front-end layer. Use a fleet of EC2 instances in an Auto Scaling group for the application layer. Move the database to a memory optimized instance type to store and serve users ?images.

D.      Use load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end layer and the application layer. Move thedatabase to an Amazon RDS Multi-AZ DB instance. Use Amazon S3 to store and serve users?images.

Correct Answer: D

Section: (none)

QUESTION 437

An application running on an Amazon EC2 instance in VPC-A needs to access files in another EC2 instance in VPC-B. BothVPCs are in separate AWS accounts. The network administrator needs to design a solution to configure secure access to EC2 instance in VPC-B from VPC-A. The connectivity should not have a single point of failure or bandwidth concerns.

Which solution will meet these requirements?

A.       Set up a VPC peering connection between VPC-A and VPC-B.

B.       Set up VPC gateway endpoints for the EC2 instance running in VPC-B.

C.      Attach a virtual private gateway to VPC-B and set up routing from VPC-A.

D.      Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-A.

Correct Answer: A

Section: (none)

QUESTION 438

A company wants to experiment with individual AWS accounts for its engineer team. The company wants to be notified as soon as the Amazon EC2 instance usage for a given month exceeds a specific threshold for each account.

What should a solutions architect do to meet this requirement MOST cost-effectively?

A.       Use Cost Explorer to create a daily report of costs by service. Filter the report by EC2 instances. Configure Cost Explorerto send an Amazon Simple Email Service (Amazon SES) notification when a threshold is exceeded.

B.       Use Cost Explorer to create a monthly report of costs by service. Filter the report by EC2 instances. Configure CostExplorer to send an Amazon Simple Email Service (Amazon SES) notification when a threshold is exceeded.

C.      Use AWS Budgets to create a cost budget for each account. Set the period to monthly. Set the scope to EC2 instances. Set an alert threshold for the budget. Configure an Amazon Simple Notification Service (Amazon SNS) topic to receive a notification when a threshold is exceeded.

D.      Use AWS Cost and Usage Reports to create a report with hourly granularity. Integrate the report data with Amazon Athena. Use Amazon EventBridge to schedule an Athena query. Configure an Amazon Simple Notification Service (Amazon SNS)topic to receive a notification when a threshold is exceeded.

Correct Answer: C

Section: (none)

QUESTION 439

A company previously migrated its data warehouse solution to AWS. The company also has an AWS Direct

Connect connection. Corporate office users query the data warehouse using a visualization tool. The average size of a queryreturned by the data warehouse is 50 MB and each webpage sent by the visualization tool is approximately 500 KB. Result setsreturned by the data warehouse are not cached.

Which solution provides the LOWEST data transfer egress cost for the company?

A.       Host the visualization tool on premises and query the data warehouse directly over the internet.

B.       Host the visualization tool in the same AWS Region as the data warehouse. Access it over the internet.

C.      Host the visualization tool on premises and query the data warehouse directly over a Direct Connect connection at a location in the same AWS Region.

D.      Host the visualization tool in the same AWS Region as the data warehouse and access it over a Direct Connect connection at a location in the same Region.

Correct Answer: D

Section: (none)

QUESTION 440

An online learning company is migrating to the AWS Cloud. The company maintains its student records in a PostgreSQL database. The company needs a solution in which its data is available and online across multiple AWS Regions at all times.

Which solution will meet these requirements with the LEAST amount of operational overhead?

A.       Migrate the PostgreSQL database to a PostgreSQL cluster on Amazon EC2 instances.

B.       Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance with the Multi-AZ feature turned on.

C.      Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. Create a read replica in another Region.

D.      Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. Set up DB snapshots to be copied to another Region.

Correct Answer: C

Section: (none)

小豬科技讓雲端管理變得輕鬆，立即註冊 搶先體驗！