AWS Certified Solutions Architect - Associate SAA-C03 證照考古題

AWS 架構師證照考古題大全20241021

AWS Certified Solutions Architect - Associate SAA-C03

Amazon Web Service（AWS 亞馬遜）全系列考古題，2024年最新題庫，持續更新，全網最完整。AWS 證照含金量高，自我進修、跨足雲端產業必備近期版本更新，隨時追蹤最新趨勢變化。

QUESTION 481

A research laboratory needs to process approximately 8 TB of data. The laboratory requires sub- millisecond latencies and aminimum throughput of 6 GBps for the storage subsystem. Hundreds of Amazon EC2 instances that run Amazon Linux will distribute and process the data.

Which solution will meet the performance requirements?

A.       Create an Amazon FSx for NetApp ONTAP file system. Sat each volume?tiering policy to ALL. Import the raw data into the file system. Mount the fila system on the EC2 instances.

B.       Create an Amazon S3 bucket to store the raw data. Create an Amazon FSx for Lustre file system that uses persistent SSD storage. Select the option to import data from and export data to Amazon S3. Mount the file system on the EC2 instances.

C.      Create an Amazon S3 bucket to store the raw data. Create an Amazon FSx for Lustre file system that uses persistent HDD storage. Select the option to import data from and export data to Amazon S3. Mount the file system on the EC2 instances.

D.      Create an Amazon FSx for NetApp ONTAP file system. Set each volume tiering policy to NONE. Import the raw data into the file system. Mount the file system on the EC2 instances.

Correct Answer: B

Section: (none)

QUESTION 482

A company needs to migrate a legacy application from an on-premises data center to the AWS Cloud because of hardware capacity constraints. The application runs 24 hours a day, 7 days a week. The application database storage continues to grow over time.

What should a solutions architect do to meet these requirements MOST cost-effectively?

A.       Migrate the application layer to Amazon EC2 Spot Instances. Migrate the data storage layer to Amazon S3.

B.       Migrate the application layer to Amazon EC2 Reserved Instances. Migrate the data storage layer to Amazon RDS On-Demand Instances.

C.      Migrate the application layer to Amazon EC2 Reserved Instances. Migrate the data storage layer to Amazon Aurora Reserved Instances.

D.      Migrate the application layer to Amazon EC2 On-Demand Instances. Migrate the data storage layer to Amazon RDS Reserved Instances.

Correct Answer: C

Section: (none)

QUESTION 483

A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon ECS) cluster and is using the Fargate launch type for ECS tasks. The company is monitoring CPU and memory usage because it is expecting hightraffic to the application upon its launch. However, the company wants to reduce costs when utilization decreases.

What should a solutions architect recommend?

A.       Use Amazon EC2 Auto Scaling to scale at certain periods based on previous traffic patterns.

B.       Use an AWS Lambda function to scale Amazon ECS based on metric breaches that trigger an Amazon CloudWatch alarm.

C.      Use Amazon EC2 Auto Scaling with simple scaling policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm.

D.      Use AWS Application Auto Scaling with target tracking policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm.

Correct Answer: D

Section: (none)

QUESTION 484

A company recently created a disaster recovery site in a different AWS Region. The company needs to transfer large amounts ofdata back and forth between NFS file systems in the two Regions on a periodic basis.

Which solution will meet these requirements with the LEAST operational overhead?

A.       Use AWS DataSync.

B.       Use AWS Snowball devices.

C.      Set up an SFTP server on Amazon EC2.

D.      Use AWS Database Migration Service (AWS DMS).

Correct Answer: A

Section: (none)

QUESTION 485

A company wants to run an in-memory database for a latency-sensitive application that runs on Amazon EC2 instances. Theapplication processes more than 100,000 transactions each minute and requires high network throughput. A solutions architectneeds to provide a cost-effective network design that minimizes data transfer charges.

Which solution meets these requirements?

A.       Launch all EC2 instances in the same Availability Zone within the same AWS Region. Specify a placement group with cluster strategy when launching EC2 instances.

B.       Launch all EC2 instances in different Availability Zones within the same AWS Region. Specify a placement group with partition strategy when launching EC2 instances.

C.      Deploy an Auto Scaling group to launch EC2 instances in different Availability Zones based on a network utilization target.

D.      Deploy an Auto Scaling group with a step scaling policy to launch EC2 instances in different Availability Zones.

Correct Answer: A

Section: (none)

您需要的不僅是雲端服務，而是專業支持。了解更多

QUESTION 486

A company that primarily runs its application servers on premises has decided to migrate to AWS. The company wants tominimize its need to scale its Internet Small Computer Systems Interface (iSCSI) storage on premises. The company wants only its recently accessed data to remain stored locally.

Which AWS solution should the company use to meet these requirements?

A.       Amazon S3 File Gateway

B.       AWS Storage Gateway Tape Gateway

C.      AWS Storage Gateway Volume Gateway stored volumes

D.      AWS Storage Gateway Volume Gateway cached volumes

Correct Answer: D

Section: (none)

QUESTION 487

A company has multiple AWS accounts that use consolidated billing. The company runs several active high performance Amazon RDS for Oracle On-Demand DB instances for 90 days. The company finance team has access to AWS Trusted Advisor in the consolidated billing account and all other AWS accounts.

The finance team needs to use the appropriate AWS account to access the Trusted Advisor check recommendations for RDS.The finance team must review the appropriate Trusted Advisor check to reduce RDS costs.

Which combination of steps should the finance team take to meet these requirements? (Choose two.)

A.       Use the Trusted Advisor recommendations from the account where the RDS instances are running.

B.       Use the Trusted Advisor recommendations from the consolidated billing account to see all RDS instance checks at the same time.

C.      Review the Trusted Advisor check for Amazon RDS Reserved Instance Optimization.

D.      Review the Trusted Advisor check for Amazon RDS Idle DB Instances.

E.       Review the Trusted Advisor check for Amazon Redshift Reserved Node Optimization.

Correct Answer: BD

Section: (none)

QUESTION 488

A solutions architect needs to optimize storage costs. The solutions architect must identify any Amazon S3 buckets that are no longer being accessed or are rarely accessed.

Which solution will accomplish this goal with the LEAST operational overhead?

A.       Analyze bucket access patterns by using the S3 Storage Lens dashboard for advanced activity metrics.

B.       Analyze bucket access patterns by using the S3 dashboard in the AWS Management Console.

C.      Turn on the Amazon CloudWatch BucketSizeBytes metric for buckets. Analyze bucket access patterns by using the metrics data with Amazon Athena.

D.      Turn on AWS CloudTrail for S3 object monitoring. Analyze bucket access patterns by using CloudTrail logs that are integrated with Amazon CloudWatch Logs.

Correct Answer: A

Section: (none)

QUESTION 489

A company sells datasets to customers who do research in artificial intelligence and machine learning (AI/ ML). The datasets are large, formatted files that are stored in an Amazon S3 bucket in the us-east-1 Region. The company hosts a web application that the customers use to purchase access to a given dataset. The web application is deployed on multiple Amazon EC2 instances behind an Application Load Balancer. After a purchase is made, customers receive an S3 signed URL that allows access to the files.

The customers are distributed across North America and Europe. The company wants to reduce the cost that is associated with data transfers and wants to maintain or improve performance.

What should a solutions architect do to meet these requirements?

A.       Configure S3 Transfer Acceleration on the existing S3 bucket. Direct customer requests to the S3 Transfer Acceleration endpoint. Continue to use S3 signed URLs for access control.

B.       Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin. Direct customer requests to the CloudFront URL. Switch to CloudFront signed URLs for access control.

C.      Set up a second S3 bucket in the eu-central-1 Region with S3 Cross-Region Replication between the buckets. Directcustomer requests to the closest Region. Continue to use S3 signed URLs for access control.

D.      Modify the web application to enable streaming of the datasets to end users. Configure the web application to readthe data from the existing S3 bucket. Implement access control directly in the application.

Correct Answer: B

Section: (none)

QUESTION 490

A company is using AWS to design a web application that will process insurance quotes. Users will request quotes from the application. Quotes must be separated by quote type, must be responded to within 24 hours, and must not get lost. The solution must maximize operational efficiency and must minimize maintenance.

Which solution meets these requirements?

A.       Create multiple Amazon Kinesis data streams based on the quote type. Configure the web application to send messages to the proper data stream. Configure each backend group of application servers to use the Kinesis Client Library (KCL) to pool messages from its own data stream.

B.       Create an AWS Lambda function and an Amazon Simple Notification Service (Amazon SNS) topic for each quote type.Subscribe the Lambda function to its associated SNS topic. Configure the application to publish requests for quotes to the appropriate SNS topic.

C.      Create a single Amazon Simple Notification Service (Amazon SNS) topic. Subscribe Amazon Simple Queue Service(Amazon SQS) queues to the SNS topic. Configure SNS message filtering to publish messages to the proper SQS queue based on the quote type. Configure each backend application server to use its own SQS queue.

D.      Create multiple Amazon Kinesis Data Firehose delivery streams based on the quote type to deliver data streams to anAmazon OpenSearch Service cluster. Configure the application to send messages to the proper delivery stream. Configure each backend group of application servers to search for the messages from OpenSearch Service and process them accordingly.

Correct Answer: C

Section: (none)

立即註冊小豬科技，點擊這裡 輕鬆進入雲端世界！

QUESTION 491

A company has an application that runs on several Amazon EC2 instances. Each EC2 instance has multiple Amazon Elastic Block Store (Amazon EBS) data volumes attached to it. The application EC2 instance configuration and data need to be backedup nightly. The application also needs to be recoverable in a different AWS Region.

Which solution will meet these requirements in the MOST operationally efficient way?

A.       Write an AWS Lambda function that schedules nightly snapshots of the application EBS volumes and copies the snapshots to a different Region.

B.       Create a backup plan by using AWS Backup to perform nightly backups. Copy the backups to another Region. Add the application EC2 instances as resources.

C.      Create a backup plan by using AWS Backup to perform nightly backups. Copy the backups to another Region. Add the application EBS volumes as resources.

D.      Write an AWS Lambda function that schedules nightly snapshots of the application's EBS volumes and copies the snapshots to a different Availability Zone.

Correct Answer: B

Section: (none)

QUESTION 492

A company is building a mobile app on AWS. The company wants to expand its reach to millions of users. The company needs to build a platform so that authorized users can watch the company content on their mobile devices.

What should a solutions architect recommend to meet these requirements?

A.       Publish content to a public Amazon S3 bucket. Use AWS Key Management Service (AWS KMS) keys to stream content.

B.       Set up IPsec VPN between the mobile app and the AWS environment to stream content.

C.      Use Amazon CloudFront. Provide signed URLs to stream content.

D.      Set up AWS Client VPN between the mobile app and the AWS environment to stream content.

Correct Answer: C

Section: (none)

QUESTION 493

A company has an on-premises MySQL database used by the global sales team with infrequent access patterns. The salesteam requires the database to have minimal downtime. A database administrator wants to migrate this database to AWS withoutselecting a particular instance type in anticipation of more users in the future.

Which service should a solutions architect recommend?

A.       Amazon Aurora MySQL

B.       Amazon Aurora Serverless for MySQL

C.      Amazon Redshift Spectrum

D.      Amazon RDS for MySQL

Correct Answer: B

Section: (none)

QUESTION 494

A company experienced a breach that affected several applications in its on-premises data center. The attacker took advantageof vulnerabilities in the custom applications that were running on the servers. The company is now migrating its applications to run on Amazon EC2 instances. The company wants to implement a solution that actively scans for vulnerabilities on the EC2 instances and sends a report that details the findings.

Which solution will meet these requirements?

A.       Deploy AWS Shield to scan the EC2 instances for vulnerabilities. Create an AWS Lambda function to log any findings to AWS CloudTrail.

B.       Deploy Amazon Macie and AWS Lambda functions to scan the EC2 instances for vulnerabilities. Log any findings to AWS CloudTrail.

C.      Turn on Amazon GuardDuty. Deploy the GuardDuty agents to the EC2 instances. Configure an AWS Lambda function to automate the generation and distribution of reports that detail the findings.

D.      Turn on Amazon Inspector. Deploy the Amazon Inspector agent to the EC2 instances. Configure an AWS Lambdafunction to automate the generation and distribution of reports that detail the findings.

Correct Answer: D

Section: (none)

QUESTION 495

A company uses an Amazon EC2 instance to run a script to poll for and process messages in an Amazon Simple Queue Service (Amazon SQS) queue. The company wants to reduce operational costs while maintaining its ability to process a growing number of messages that are added to the queue.

What should a solutions architect recommend to meet these requirements?

A.       Increase the size of the EC2 instance to process messages faster.

B.       Use Amazon EventBridge to turn off the EC2 instance when the instance is underutilized.

C.      Migrate the script on the EC2 instance to an AWS Lambda function with the appropriate runtime.

D.      Use AWS Systems Manager Run Command to run the script on demand.

Correct Answer: C

Section: (none)

您值得擁有最好的支援，立即聯絡 我們的專員！

QUESTION 496

A company recently migrated its entire IT environment to the AWS Cloud. The company discovers that users are provisioningoversized Amazon EC2 instances and modifying security group rules without using the appropriate change control process. A solutions architect must devise a strategy to track and audit these inventory and configuration changes.

Which actions should the solutions architect take to meet these requirements? (Choose two.)

A.       Enable AWS CloudTrail and use it for auditing.

B.       Use data lifecycle policies for the Amazon EC2 instances.

C.      Enable AWS Trusted Advisor and reference the security dashboard.

D.      Enable AWS Config and create rules for auditing and compliance purposes.

E.       Restore previous resource configurations with an AWS CloudFormation template.

Correct Answer: AD

Section: (none)

QUESTION 497

A company has hundreds of Amazon EC2 Linux-based instances in the AWS Cloud. Systems administrators have used shared SSH keys to manage the instances. After a recent audit, the company security team is mandating the removal of allshared keys. A solutions architect must design a solution that provides secure access to the EC2 instances.

Which solution will meet this requirement with the LEAST amount of administrative overhead?

A.       Use AWS Systems Manager Session Manager to connect to the EC2 instances.

B.       Use AWS Security Token Service (AWS STS) to generate one-time SSH keys on demand.

C.      Allow shared SSH access to a set of bastion instances. Configure all other instances to allow only SSH access from the bastion instances.

D.      Use an Amazon Cognito custom authorizer to authenticate users. Invoke an AWS Lambda function to generate a temporary SSH key.

Correct Answer: A

Section: (none)

QUESTION 498

A company is using a fleet of Amazon EC2 instances to ingest data from on-premises data sources. The data is in JSON formatand ingestion rates can be as high as 1 MB/s. When an EC2 instance is rebooted, the data in-flight is lost. The company data science team wants to query ingested data in near-real time.

Which solution provides near-real-time data querying that is scalable with minimal data loss?

A.       Publish data to Amazon Kinesis Data Streams, Use Kinesis Data Analytics to query the data.

B.       Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination. Use Amazon Redshift to query the data.

C.      Store ingested data in an EC2 instance store. Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destination. Use Amazon Athena to query the data.

D.      Store ingested data in an Amazon Elastic Block Store (Amazon EBS) volume. Publish data to Amazon ElastiCache for Redis. Subscribe to the Redis channel to query the data.

Correct Answer: A

Section: (none)

QUESTION 499

What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?

A.       Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set.

B.       Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set to private.

C.      Update the bucket policy to deny if the PutObject does not have an aws:SecureTransport header set to true.

D.      Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.

Correct Answer: D

Section: (none)

QUESTION 500

A solutions architect is designing a multi-tier application for a company. The application's users upload images from a mobiledevice. The application generates a thumbnail of each image and returns a message to the user to confirm that the image was uploaded successfully.

The thumbnail generation can take up to 60 seconds, but the company wants to provide a faster response time to its users tonotify them that the original image was received. The solutions architect must design the application to asynchronously dispatch requests to the different application tiers.

What should the solutions architect do to meet these requirements?

A.       Write a custom AWS Lambda function to generate the thumbnail and alert the user. Use the image upload process as an event source to invoke the Lambda function.

B.       Create an AWS Step Functions workflow. Configure Step Functions to handle the orchestration between the application tiers and alert the user when thumbnail generation is complete.

C.      Create an Amazon Simple Queue Service (Amazon SQS) message queue. As images are uploaded, place a message on the SQS queue for thumbnail generation. Alert the user through an application message that the image was received.

D.      Create Amazon Simple Notification Service (Amazon SNS) notification topics and subscriptions. Use one subscription withthe application to generate the thumbnail after the image upload is complete. Use a second subscription to message the user's mobile app by way of a push notification after thumbnail generation is complete.

Correct Answer: C

Section: (none)

雲端不再遙不可及，了解更多 小豬科技如何讓它更貼近您！

QUESTION 501

A company facility has badge readers at every entrance throughout the building. When badges are scanned, the readers senda message over HTTPS to indicate who attempted to access that particular entrance.

A solutions architect must design a system to process these messages from the sensors. The solution must be highly available, and the results must be made available for the company security team to analyze.

Which system architecture should the solutions architect recommend?

A.       Launch an Amazon EC2 instance to serve as the HTTPS endpoint and to process the messages. Configure the EC2 instance to save the results to an Amazon S3 bucket.

B.       Create an HTTPS endpoint in Amazon API Gateway. Configure the API Gateway endpoint to invoke an AWS Lambdafunction to process the messages and save the results to an Amazon DynamoDB table.

C.      Use Amazon Route 53 to direct incoming sensor messages to an AWS Lambda function. Configure the Lambda function to process the messages and save the results to an Amazon DynamoDB table.

D.      Create a gateway VPC endpoint for Amazon S3. Configure a Site-to-Site VPN connection from the facility network to theVPC so that sensor data can be written directly to an S3 bucket by way of the VPC endpoint.

Correct Answer: B

Section: (none)

QUESTION 502

An image hosting company uploads its large assets to Amazon S3 Standard buckets. The company uses multipart upload inparallel by using S3 APIs and overwrites if the same object is uploaded again. For the first 30 days after upload, the objectswill be accessed frequently. The objects will be used less frequently after 30 days, but the access patterns for each object willbe inconsistent. The company must optimize its S3 storage costs while maintaining high availability and resiliency of storedassets. Which combination of actions should a solutions architect recommend to meet these requirements? (Choose two.)

A.       Move assets to S3 Intelligent-Tiering after 30 days.

B.       Configure an S3 Lifecycle policy to clean up incomplete multipart uploads.

C.      Configure an S3 Lifecycle policy to clean up expired object delete markers.

D.      Move assets to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

E.       Move assets to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.

Correct Answer: AB

Section: (none)

QUESTION 503

A company is hosting a three-tier ecommerce application in the AWS Cloud. The company hosts the website on Amazon S3and integrates the website with an API that handles sales requests. The company hosts the API on three Amazon EC2 instances behind an Application Load Balancer (ALB). The API consists of static and dynamic front-end content along withbackend workers that process sales requests asynchronously.

The company is expecting a significant and sudden increase in the number of sales requests during events for the launch of new products.

What should a solutions architect recommend to ensure that all the requests are processed successfully?

A.       Add an Amazon CloudFront distribution for the dynamic content. Increase the number of EC2 instances to handle the increase in traffic.

B.       Add an Amazon CloudFront distribution for the static content. Place the EC2 instances in an Auto Scaling group to launch new instances based on network traffic.

C.      Add an Amazon CloudFront distribution for the dynamic content. Add an Amazon ElastiCache instance in front of the ALB to reduce traffic for the API to handle.

D.      Add an Amazon CloudFront distribution for the static content. Add an Amazon Simple Queue Service (Amazon SQS)queue to receive requests from the website for later processing by the EC2 instances.

Correct Answer: D

Section: (none)

QUESTION 504

A security audit reveals that Amazon EC2 instances are not being patched regularly. A solutions architect needs to provide asolution that will run regular security scans across a large fleet of EC2 instances. The solution should also patch the EC2instances on a regular schedule and provide a report of each instance patch status.

Which solution will meet these requirements?

A.       Set up Amazon Macie to scan the EC2 instances for software vulnerabilities. Set up a cron job on each EC2 instance to patch the instance on a regular schedule.

B.       Turn on Amazon GuardDuty in the account. Configure GuardDuty to scan the EC2 instances for software vulnerabilities.Set up AWS Systems Manager Session Manager to patch the EC2 instances on a regular schedule.

C.      Set up Amazon Detective to scan the EC2 instances for software vulnerabilities. Set up an Amazon EventBridge scheduled rule to patch the EC2 instances on a regular schedule.

D.      Turn on Amazon Inspector in the account. Configure Amazon Inspector to scan the EC2 instances for softwarevulnerabilities. Set up AWS Systems Manager Patch Manager to patch the EC2 instances on a regular schedule.

Correct Answer: D

Section: (none)

QUESTION 505

A company is planning to store data on Amazon RDS DB instances. The company must encrypt the data at rest.

What should a solutions architect do to meet this requirement?

A.       Create a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances.

B.       Create an encryption key. Store the key in AWS Secrets Manager. Use the key to encrypt the DB instances.

C.      Generate a certificate in AWS Certificate Manager (ACM). Enable SSL/TLS on the DB instances by using the certificate.

D.      Generate a certificate in AWS Identity and Access Management (IAM). Enable SSL/TLS on the DB instances by using the certificate.

Correct Answer: A

Section: (none)

想要迅速部署雲端服務？立即註冊 小豬科技，開啟您的雲端之旅！

QUESTION 506

A company must migrate 20 TB of data from a data center to the AWS Cloud within 30 days. The company network bandwidth is limited to 15 Mbps and cannot exceed 70% utilization.

What should a solutions architect do to meet these requirements?

A.       Use AWS Snowball.

B.       Use AWS DataSync.

C.      Use a secure VPN connection.

D.      Use Amazon S3 Transfer Acceleration.

Correct Answer: A

Section: (none)

QUESTION 507

A company application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in anAmazon EC2 Auto Scaling group across multiple Availability Zones. On the first day of every month at midnight, the applicationbecomes much slower when the month-end financial calculation batch runs. This causes the CPU utilization of the EC2 instances to immediately peak to 100%, which disrupts the application.

What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?

A.       Configure an Amazon CloudFront distribution in front of the ALB.

B.       Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization.

C.      Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.

D.      Configure Amazon ElastiCache to remove some of the workload from the EC2 instances.

Correct Answer: C

Section: (none)

QUESTION 508

A company is experiencing sudden increases in demand. The company needs to provision large Amazon EC2 instances from an Amazon Machine Image (AMI). The instances will run in an Auto Scaling group. The company needs a solution that provides minimum initialization latency to meet the demand.

Which solution meets these requirements?

A.       Use the aws ec2 register-image command to create an AMI from a snapshot. Use AWS Step Functions to replace the AMI in the Auto Scaling group.

B.       Enable Amazon Elastic Block Store (Amazon EBS) fast snapshot restore on a snapshot. Provision an AMI by using the snapshot. Replace the AMI in the Auto Scaling group with the new AMI.

C.      Enable AMI creation and define lifecycle rules in Amazon Data Lifecycle Manager (Amazon DLM). Create an AWS Lambda function that modifies the AMI in the Auto Scaling group.

D.      Use Amazon EventBridge to invoke AWS Backup lifecycle policies that provision AMIs. Configure Auto Scaling group capacity limits as an event source in EventBridge.

Correct Answer: B

Section: (none)

QUESTION 509

A company hosts a multi-tier web application that uses an Amazon Aurora MySQL DB cluster for storage. The application tier ishosted on Amazon EC2 instances. The company IT security guidelines mandate that the database credentials be encrypted and rotated every 14 days.

What should a solutions architect do to meet this requirement with the LEAST operational effort?

A.       Create a new AWS Key Management Service (AWS KMS) encryption key. Use AWS Secrets Manager to create a newsecret that uses the KMS key with the appropriate credentials. Associate the secret with the Aurora DB cluster. Configure a custom rotation period of 14 days.

B.       Create two parameters in AWS Systems Manager Parameter Store: one for the user name as a string parameter and one that uses the SecureString type for the password. Select AWS Key Management Service (AWS KMS) encryption for the password parameter, and load these parameters in the application tier. Implement an AWS Lambda function that rotates the password every 14 days.

C.      Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon Elastic FileSystem (Amazon EFS) file system. Mount the EFS file system in all EC2 instances of the application tier. Restrict the access to the file on the file system so that the application can read the file and that only super users can modify the file. Implement an AWS Lambda function that rotates the key in Aurora every 14 days and writes new credentials into the file.

D.      Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon S3 bucketthat the application uses to load the credentials. Download the file to the application regularly to ensure that the correct credentials are used. Implement an AWS Lambda function that rotates the Aurora credentials every 14 days and uploadsthese credentials to the file in the S3 bucket.

Correct Answer: A

Section: (none)

QUESTION 510

A company has deployed a web application on AWS. The company hosts the backend database on Amazon RDS for MySQL with a primary DB instance and five read replicas to support scaling needs. The read replicas must lag no more than 1 secondbehind the primary DB instance. The database routinely runs scheduled stored procedures.

As traffic on the website increases, the replicas experience additional lag during periods of peak load. A solutions architect must reduce the replication lag as much as possible. The solutions architect must minimize changes to the application code and must minimize ongoing operational overhead.

Which solution will meet these requirements?

A.       Migrate the database to Amazon Aurora MySQL. Replace the read replicas with Aurora Replicas, and configure Aurora Auto Scaling. Replace the stored procedures with Aurora MySQL native functions.

B.       Deploy an Amazon ElastiCache for Redis cluster in front of the database. Modify the application to check the cache beforethe application queries the database. Replace the stored procedures with AWS Lambda functions.

C.      Migrate the database to a MySQL database that runs on Amazon EC2 instances. Choose large, compute optimizedEC2 instances for all replica nodes. Maintain the stored procedures on the EC2 instances.

D.      Migrate the database to Amazon DynamoDB. Provision a large number of read capacity units (RCUs) to support the required throughput, and configure on-demand capacity scaling. Replace the stored procedures with DynamoDB streams.

Correct Answer: A

Section: (none)

對服務有疑問？立即聯絡 小豬科技，專員幫您解答。

QUESTION 511

A company has a custom application with embedded credentials that retrieves information from an Amazon RDS MySQL DB instance. Management says the application must be made more secure with the least amount of programming effort.

What should a solutions architect do to meet these requirements?

A.       Use AWS Key Management Service (AWS KMS) to create keys. Configure the application to load the database credentials from AWS KMS. Enable automatic key rotation.

B.       Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Create an AWS Lambda function that rotates the credentials in Secret Manager.

C.      Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Secrets Manager.

D.      Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Systems Manager Parameter Store. Configure the application to load the database credentials from Parameter Store. Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Parameter Store.

Correct Answer: C

Section: (none)

QUESTION 512

A company has an Amazon S3 data lake that is governed by AWS Lake Formation. The company wants to create a visualizationin Amazon QuickSight by joining the data in the data lake with operational data that is stored in an Amazon Aurora MySQL database. The company wants to enforce column-level authorization so that the company marketing team can access only a subset of columns in the database.

Which solution will meet these requirements with the LEAST operational overhead?

A.       Use Amazon EMR to ingest the data directly from the database to the QuickSight SPICE engine. Include only the required columns.

B.       Use AWS Glue Studio to ingest the data from the database to the S3 data lake. Attach an IAM policy to the QuickSight users to enforce column-level access control. Use Amazon S3 as the data source in QuickSight.

C.      Use AWS Glue Elastic Views to create a materialized view for the database in Amazon S3. Create an S3 bucket policy toenforce column-level access control for the QuickSight users. Use Amazon S3 as the data source in QuickSight.

D.      Use a Lake Formation blueprint to ingest the data from the database to the S3 data lake. Use Lake Formation to enforcecolumn-level access control for the QuickSight users. Use Amazon Athena as the data source in QuickSight.

Correct Answer: D

Section: (none)

QUESTION 513

A transaction processing company has weekly scripted batch jobs that run on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group. The number of transactions can vary, but the baseline CPU utilization that is noted on each run is at least 60%. The company needs to provision the capacity 30 minutes before the jobs run.

Currently, engineers complete this task by manually modifying the Auto Scaling group parameters. The company does not havethe resources to analyze the required capacity trends for the Auto Scaling group counts. The company needs an automated way to modify the Auto Scaling group desired capacity.

Which solution will meet these requirements with the LEAST operational overhead?

A.       Create a dynamic scaling policy for the Auto Scaling group. Configure the policy to scale based on the CPU utilization metric. Set the target value for the metric to 60%.

B.       Create a scheduled scaling policy for the Auto Scaling group. Set the appropriate desired capacity, minimum capacity, and maximum capacity. Set the recurrence to weekly. Set the start time to 30 minutes before the batch jobs run.

C.      Create a predictive scaling policy for the Auto Scaling group. Configure the policy to scale based on forecast. Set the scaling metric to CPU utilization. Set the target value for the metric to 60%. In the policy, set the instances to pre-launch 30 minutes before the jobs run.

D.      Create an Amazon EventBridge event to invoke an AWS Lambda function when the CPU utilization metric value for theAuto Scaling group reaches 60%. Configure the Lambda function to increase the Auto Scaling group desired capacity and maximum capacity by 20%.

Correct Answer: C

Section: (none)

QUESTION 514

A company has a Java application that uses Amazon Simple Queue Service (Amazon SQS) to parse messages. Theapplication cannot parse messages that are larger than 256 KB in size. The company wants to implement a solution to give theapplication the ability to parse messages as large as 50 MB.

Which solution will meet these requirements with the FEWEST changes to the code?

A.       Use the Amazon SQS Extended Client Library for Java to host messages that are larger than 256 KB in Amazon S3.

B.       Use Amazon EventBridge to post large messages from the application instead of Amazon SQS.

C.      Change the limit in Amazon SQS to handle messages that are larger than 256 KB.

D.      Store messages that are larger than 256 KB in Amazon Elastic File System (Amazon EFS). Configure Amazon SQS to reference this location in the messages.

Correct Answer: A

Section: (none)

QUESTION 515

A company wants to restrict access to the content of one of its main web applications and to protect the content by using authorization techniques available on AWS. The company wants to implement a serverless architecture and an authentication solution for fewer than 100 users. The solution needs to integrate with the main web application and serve web content globally.The solution must also scale as the company's user base grows while providing the lowest login latency possible.

Which solution will meet these requirements MOST cost-effectively?

A.       Use Amazon Cognito for authentication. Use Lambda@Edge for authorization. Use Amazon CloudFront to serve the web application globally.

B.       Use AWS Directory Service for Microsoft Active Directory for authentication. Use AWS Lambda for authorization. Use an Application Load Balancer to serve the web application globally.

C.      Use Amazon Cognito for authentication. Use AWS Lambda for authorization. Use Amazon S3 Transfer Acceleration to serve the web application globally.

D.      Use AWS Directory Service for Microsoft Active Directory for authentication. Use Lambda@Edge for authorization. Use AWS Elastic Beanstalk to serve the web application globally.

Correct Answer: A

Section: (none)

一站式雲端解決方案在等著您，立即註冊 小豬科技！

QUESTION 516

A company has an aging network-attached storage (NAS) array in its data center. The NAS array presents SMB shares and NFS shares to client workstations. The company does not want to purchase a new NAS array. The company also does not wantto incur the cost of renewing the NAS array support contract. Some of the data is accessed frequently, but much of the data is inactive.

A solutions architect needs to implement a solution that migrates the data to Amazon S3, uses S3 Lifecycle policies, and maintains the same look and feel for the client workstations. The solutions architect has identified AWS Storage Gateway as part of the solution.

Which type of storage gateway should the solutions architect provision to meet these requirements?

A.       Volume Gateway

B.       Tape Gateway

C.      Amazon FSx File Gateway

D.      Amazon S3 File Gateway

Correct Answer: D

Section: (none)

QUESTION 517

A company has an application that is running on Amazon EC2 instances. A solutions architect has standardized the company ona particular instance family and various instance sizes based on the current

needs of the company.

The company wants to maximize cost savings for the application over the next 3 years. The company needs to be able to change the instance family and sizes in the next 6 months based on application popularity and usage.

Which solution will meet these requirements MOST cost-effectively?

A.       Compute Savings Plan

B.       EC2 Instance Savings Plan

C.      Zonal Reserved Instances

D.      Standard Reserved Instances

Correct Answer: A

Section: (none)

QUESTION 518

A company collects data from a large number of participants who use wearable devices. The company stores the data in an Amazon DynamoDB table and uses applications to analyze the data. The data workload is constant and predictable. Thecompany wants to stay at or below its forecasted budget for DynamoDB.

Which solution will meet these requirements MOST cost-effectively?

A.       Use provisioned mode and DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA). Reserve capacity for the forecasted workload.

B.       Use provisioned mode. Specify the read capacity units (RCUs) and write capacity units (WCUs).

C.      Use on-demand mode. Set the read capacity units (RCUs) and write capacity units (WCUs) high enough to accommodate changes in the workload.

D.      Use on-demand mode. Specify the read capacity units (RCUs) and write capacity units (WCUs) with reserved capacity.

Correct Answer: B

Section: (none)

QUESTION 519

A company uses a 100 GB Amazon RDS for Microsoft SQL Server Single-AZ DB instance in the us-east-1 Region to storecustomer transactions. The company needs high availability and automatic recovery for the DB instance.

The company must also run reports on the RDS database several times a year. The report process causes transactions to take longer than usual to post to the customers?accounts. The company needs a solution that will improve the performance of the report process.

Which combination of steps will meet these requirements? (Choose two.)

A.       Modify the DB instance from a Single-AZ DB instance to a Multi-AZ deployment.

B.       Take a snapshot of the current DB instance. Restore the snapshot to a new RDS deployment in another Availability Zone.

C.      Create a read replica of the DB instance in a different Availability Zone. Point all requests for reports to the read replica.

D.      Migrate the database to RDS Custom.

E.       Use RDS Proxy to limit reporting requests to the maintenance window.

Correct Answer: AC

Section: (none)

QUESTION 520

A company is moving its data management application to AWS. The company wants to transition to an event-drivenarchitecture. The architecture needs to be more distributed and to use serverless concepts while performing the differentaspects of the workflow. The company also wants to minimize operational overhead.

Which solution will meet these requirements?

A.       Build out the workflow in AWS Glue. Use AWS Glue to invoke AWS Lambda functions to process the workflow steps.

B.       Build out the workflow in AWS Step Functions. Deploy the application on Amazon EC2 instances. Use Step Functions to invoke the workflow steps on the EC2 instances.

C.      Build out the workflow in Amazon EventBridge. Use EventBridge to invoke AWS Lambda functions on a schedule to process the workflow steps.

D.      Build out the workflow in AWS Step Functions. Use Step Functions to create a state machine. Use the state machine to invoke AWS Lambda functions to process the workflow steps.

Correct Answer: D

Section: (none)

讓小豬科技專員為您提供量身訂製的解決方案，立即聯絡