Getting ready AWS Certified Solutions Architect – Associate SAA-C02 dumps online resources is the most effective way to eliminate the SAA-C02 exam anxiety.
Pass4itSure SAA-C02 dumps are a perfect choice. The latest SAA-C02 dumps are ready to help you eliminate all stress anxiety.
Update SAA-C02 dumps: https://www.pass4itsure.com/saa-c02.html Contains 980 practice exam questions and answers for your preparation.
With our free Amazon SAA-C02 dumps questions, you can check your readiness:
1. A company is planning to migrate 40 servers hosted on-premises in VMware to the AWS Cloud. The migration process must be implemented with minimal downtime. The company also wants to test the servers before the cutover date. Which solution meets these requirements?
A. Deploy the AWS DataSync agent into the on-premises environment. Use DataSync to migrate the servers.
B. Deploy an AWS Snowball device connected by way of RJ45 to the on-premises network. Use Snowball to migrate the servers.
C. Deploy an AWS Database Migration Service (AWS DMS) replication instance into AWS. Use AWS DMS to migrate the servers.
D. Deploy the AWS Server Migration Service (AWS SMS) connector into the on-premises environment. Use AWS SMS to migrate the servers.
Correct Answer: A
2. A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not traverse the internet What should the solutions architect do to accomplish this? (Select TWO )
A. Create a route table entry for the endpoint
B. Create a gateway endpoint for DynamoDB
C. Create a new DynamoDB table that uses the endpoint
D. Create an ENI for the endpoint in each of the subnets of the VPC
E. Create a security group entry in the default security group to provide access
Correct Answer: AB
A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service.
Traffic between your VPC and the other service does not leave the Amazon network. Gateway endpoints A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service. The following AWS services are supported: Amazon S3 DynamoDB https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html
3. A company needs to ingest and handle large amounts of streaming data that its application generates. The application runs on Amazon EC2 instances and sends data to Amazon Kinesis Data Streams, which are configured with default settings. Every other day, the application consumes the data and writes the data to an Amazon S3 bucket for business intelligence (BI) processing.
The company observes that Amazon S3 is not receiving all the data that the application sends to Kinesis Data Streams. What should a solutions architect do to resolve this issue?
A. Update the Kinesis Data Streams default settings by modifying the data retention period.
B. Update the application to use the Kinesis Producer Library (KPL) to send the data to Kinesis Data Streams.
C. Update the number of Kinesis shards to handle the throughput of the data that is sent to Kinesis Data Streams.
D. Turn on S3 Versioning within the S3 bucket to preserve every version of every object that is ingested in the S3 bucket.
Correct Answer: C
4. A company has an image processing workload running on Amazon Elastic Container Service (Amazon ECS) in two private subnets. Each private subnet uses a NAT instance for internet access.
All images are stored in Amazon S3 buckets The company is concerned about the data transfer costs between Amazon ECS and Amazon S3. What should a solutions architect do to reduce costs?
A. Configure a NAT gateway to replace the NAT instances.
B. Configure a gateway endpoint for traffic destined to Amazon S3.
C. Configure an interface endpoint for traffic destined to Amazon S3
D. Configure Amazon CloudFront for the S3 bucket storing the images
Correct Answer: C
5. A user owns a MySQL database that is accessed by various clients who expect, at most, 100 ms latency on requests. Once a record is stored in the database, it is rarely changed. Clients only access one record at a time. Database access has been increasing exponentially due to increased client demand.
The resultant load will soon exceed the capacity of the most expensive hardware available for purchase. The user wants to migrate to AWS and is willing to change database systems. Which service would alleviate the database load issue and offer virtually unlimited scalability for the future?
A. Amazon RDS
B. Amazon DynamoDB
C. Amazon Redshift
D. AWS Data Pipeline
Correct Answer: B
6. A company that recently started using AWS establishes a Site-to-Site VPN between its on-premises data center and AWS. The company\’s security mandate states that traffic originating from on-premises should stay within the company\’s private IP space when communicating with an Amazon Elastic Container Service (Amazon ECS) cluster that is hosting a sample web application.
Which solution meets this requirement?
A. Configure a gateway endpoint for Amazon ECS. Modify the routing table to include an entry point to the ECS cluster.
B. Create a Network Load Balancer and AWS PrivateLink endpoint for Amazon ECS in the same VPC that is hosting the ECS cluster.
C. Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VPC. Connect the two VPCs by using VPC peering.
D. Configure an Amazon Route 53 record with Amazon ECS as the target. Apply a server certificate to Route 53 from AWS Certificate Manager (ACM) for SSL offloading.
Correct Answer: C
7. A company fails an AWS security review conducted by a third party. The review finds that some of the company\’s methods to access the Amazon EMR API are not secure Developers are using AWS Cloud9, and access keys are connecting to the Amazon EMR API through the public internet Which combination of steps should the company take to MOST improve its security\’\’ (Select TWO)
A. Set up a VPC peering connection to the Amazon EMR API
B. Set up VPC endpoints to connect to the Amazon EMR API
C. Set up a NAT gateway to connect to the Amazon EMR API.
D. Set up 1 AM roles to be used to connect to the Amazon EMR API
E. Set up each developer with AWS Secrets Manager to store access keys
Correct Answer: BD
8. A company needs to use its on-premises LDAP directory service to authenticate its users to the AWS Management Console. The directory service is not compatible with Security Assertion Markup Language (SAML) Which solution meets these requirements?
A. Enable AWS Single Sign-On between AWS and the on-premises LDAP
B. Create a 1 AM policy mat that uses AWS credentials and integrates the policy into LDAP
C. Set up a process that rotates the IAM credentials whenever LDAP credentials are updated.
D. Develop an on-premises custom identity broker application of process mat that uses AWS Security Token Service (AWS STS) to get short-lived credentials
Correct Answer: A
9. A company hosts a multi-tier web application that uses an Amazon Aurora MySQL DB cluster for storage. The application tier is hosted on Amazon EC2 instances. The company\’s IT security guidelines mandate that the database credentials be encrypted and rotated every 14 days.
What should a solutions architect do to meet this requirement with the LEAST operational effort?
A. Create a new AWS Key Management Service (AWS KMS) encryption key. Use AWS Secrets Manager to create a new secret that uses the KMS key with the appropriate credentials. Associate the secret with the Aurora DB cluster. Configure a custom rotation period of 14 days.
B. Create two parameters in AWS Systems Manager Parameter Store: one for the user name as a string parameter and one that uses the SecureString type for the password. Select AWS Key Management Service (AWS KMS) encryption for the password parameter, and load these parameters in the application tier. Implement an AWS Lambda function that rotates the password every 14 days.
C. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system in all EC2 instances of the application tier. Restrict the access to the file on the file system so that the application can read the file and that only superusers can modify the file. Implement an AWS Lambda function that rotates the key in Aurora every 14 days and writes new credentials into the file.
D. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon S3 bucket that the application uses to load the credentials. Download the file to the application regularly to ensure that the correct credentials are used. Implement an AWS Lambda function that rotates the Aurora credentials every 14 days and uploads these credentials to the file in the S3 bucket.
Correct Answer: A
10. A company is building a mobile app on AWS. The company wants to expand its reach to millions of users The company needs to build a platform so that authorized users can watch the company\’s content on their mobile devices. What should a solutions architect recommend to meet these requirements?
A. Publish content to a public Amazon S3 bucket. Use AWS Key Management Service (AWS KMS) keys to stream content.
B. Set up IPsec VPN between the mobile app and the AWS environment to stream content
C. Use Amazon CloudFront Provide signed URLs to stream content.
D. Set up AWS Client VPN between the mobile app and the AWS environment to stream content.
Correct Answer: C
11. A company\’s website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company\’s website demands globally. The solution should be cost-effective, limit the? provisioning of Into and providing the fastest possible response time.
Which combination should a solutions architect recommend to meet these requirements?
A. Amazon CloudFront and Amazon S3
B. AWS Lambda and Amazon Dynamo
C. Application Load Balancer with Amazon EC2 Auto Scaling
D. Amazon Route 53 with internal Application Load Balances
Correct Answer: A
12. A company runs a containerized application on a Kubernetes cluster in an on-premises data center. The company is using a MongoDB database for data storage. The company wants to migrate some of these environments to AWS, but no code changes or deployment method changes are possible at this time.
The company needs a solution that minimizes operational overhead. Which solution meets these requirements?
A. Use Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 worker nodes for computing and MongoDB on EC2 for data storage.
B. Use Amazon Elastic Container Service (Amazon ECS) with AWS Fargate for computing and Amazon DynamoDB for data storage.
C. Use Amazon Elastic Kubernetes Service (Amazon EKS) with Amazon EC2 worker nodes for computing and Amazon DynamoDB for data storage.
D. Use Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Fargate for computing and Amazon DocumentDB (with MongoDB compatibility) for data storage.
Correct Answer: C
13. A company manages a data lake in an Amazon S3 bucket that numerous applications share. The S3 bucket contains unique folders with a prefix for each application.
The company wants to restrict each application to its specific folder and have more granular control of the objects in each folder. Which solution met these requirements with the LEAST amount of effort?
A. Create dedicated S3 access points and access point policies for each application.
B. Create anS3 Batch Operations job to set the ACL permissions for each object in the S3 bucket.
C. Update theS3 S3 bucket policy to grant access to each application based on its specific folder in the S3 bucket.
D. Replicate the objects in the S3 bucket to new S3 buckets for each application. Create replication rules by the prefix.
Correct Answer: D
For more, free Amazon certification exam questions, visit www.examdemosimulation.com
You can check the quality and usefulness of your products by downloading the free Amazon SAA-C02 PDF:
latest google drive: https://drive.google.com/file/d/1MmNCPbz8Pf49FcYS4qYkCffkcQpxshc2/view?usp=sharing
Come and get SAA-C02 dumps: https://www.pass4itsure.com/saa-c02.html SAA-C02 dumps PDF, SAA-C02 dumps VCE, pass your AWS Certified Associate exam on the first try.