Amazon (SAA-C03) Exam Questions And Answers page 11
A company has deployed an API in a VPC behind an internet-facing Application Load Balancer (ALB). An application that consumes the API as a client is deployed in a second account in private subnets behind a NAT gateway. When requests to the client application increase, the NAT gateway costs are higher than expected. A solutions architect has configured the ALB to be internal.
Which combination of architectural changes will reduce the NAT gateway costs? (Choose two.)
Which combination of architectural changes will reduce the NAT gateway costs? (Choose two.)
Configure an AWS Direct Connect connection between the two VPCs. Access the API using the private address.
Configure a ClassicLink connection for the API into the client VPC. Access the API using the ClassicLink address.
Configure a PrivateLink connection for the API into the client VPC. Access the API using the PrivateLink address.
Configure an AWS Resource Access Manager connection between the two accounts. Access the API using the private address.
Define Performant Architectures
Design Cost-Optimized Architectures
A company has developed a microservices application. It uses a client-facing API with Amazon API Gateway and multiple internal services hosted on Amazon EC2 instances to process user requests. The API is designed to support unpredictable surges in traffic, but internal services may become overwhelmed and unresponsive for a period of time during surges. A solutions architect needs to design a more reliable solution that reduces errors when internal services become unresponsive or unavailable.
Which solution meets these requirements?
Which solution meets these requirements?
Use AWS Auto Scaling to scale up internal services when there is a surge in traffic.
Use different Availability Zones to host internal services. Send a notification to a system administrator when an internal service becomes unresponsive.
Use an Elastic Load Balancer to distribute the traffic between internal services. Configure Amazon CloudWatch metrics to monitor traffic to internal services.
Use Amazon Simple Queue Service (Amazon SQS) to store user requests as they arrive. Change the internal services to retrieve the requests from the queue for processing.
Design Resilient Architectures
A company has developed a new video game as a web application. The application is in a three-tier architecture in a VPC with Amazon RDS for MySQL. In the database layer several players will compete concurrently online. The game s developers want to display a top-10 scoreboard in near-real time and offer the ability to stop and restore the game while preserving the current scores.
What should a solutions architect do to meet these requirements?
What should a solutions architect do to meet these requirements?
Set up an Amazon ElastiCache for Memcached cluster to cache the scores for the web application to display.
Set up an Amazon ElastiCache for Redis cluster to compute and cache the scores for the web application to display.
Place an Amazon CloudFront distribution in front of the web application to cache the scoreboard in a section of the application.
Create a read replica on Amazon RDS for MySQL to run queries to compute the scoreboard and serve the read traffic to the web application.
Design Resilient Architectures
Define Performant Architectures
A company has enabled AWS CloudTrail logs to deliver log files to an Amazon S3 bucket for each of its developer accounts. The company has created a central AWS account for streamlining management and audit reviews. An internal auditor needs to access the CloudTrail logs, yet access needs to be restricted for all developer account users. The solution must be secure and optimized.
How should a solutions architect meet these requirements?
How should a solutions architect meet these requirements?
Configure an AWS Lambda function in each developer account to copy the log files to the central account. Create an IAM role in the central account for the auditor. Attach an IAM policy providing read-only permissions to the bucket.
Configure CloudTrail from each developer account to deliver the log files to an S3 bucket in the central account. Create an IAM user in the central account for the auditor. Attach an IAM policy providing full permissions to the bucket.
Configure CloudTrail from each developer account to deliver the log files to an S3 bucket in the central account. Create an IAM role in the central account for the auditor. Attach an IAM policy providing read-only permissions to the bucket.
Configure an AWS Lambda function in the central account to copy the log files from the S3 bucket in each developer account. Create an IAM user in the central account for the auditor. Attach an IAM policy providing full permissions to the bucket.
Define Performant Architectures
Specify Secure Applications and Architectures
A company has established a new AWS account. The account is newly provisioned and no changed have been made to the default settings. The company is concerned about the security of the AWS account root user.
What should be done to secure the root user?
What should be done to secure the root user?
Create IAM users for daily administrative tasks. Disable the root user.
Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user.
Generate an access key for the root user. Use the access key for daily administration tasks instead of the AWS Management Console.
Provide the root user credentials to the most senior solutions architect. Have the solutions architect use the root user for daily administration tasks.
Specify Secure Applications and Architectures
A company has global users accessing an application deployed in different AWS Regions, exposing public static IP addresses. The users are experiencing poor performance when accessing the application over the internet.
What should a solutions architect recommend to reduce internet latency?
What should a solutions architect recommend to reduce internet latency?
Set up AWS Global Accelerator and add endpoints.
Set up AWS Direct Connect locations in multiple Regions.
Set up an Amazon CloudFront distribution to access an application.
Set up an Amazon Route 53 geoproximity routing policy to route traffic.
Define Performant Architectures
A company has hired a new cloud engineer who should not have access to an Amazon S3 bucket named CompanyConfidential. The cloud engineer must be able to read from and write to an S3 bucket called AdminTools.
Which IAM policy will meet these requirements?
Which IAM policy will meet these requirements?
{
Define Performant Architectures
Specify Secure Applications and Architectures
A company has hired a new cloud engineer who should not have access to an Amazon S3 bucket named CompanyConfidential. The cloud engineer must be able to read from and write to an S3 bucket called AdminTools.
Which IAM policy will meet these requirements?
Which IAM policy will meet these requirements?
{
Define Performant Architectures
Specify Secure Applications and Architectures
A company has hired a solutions architect to design a reliable architecture for its application. The application consists of one Amazon RDS DB instance and two manually provisioned Amazon EC2 instances that run web servers. The EC2 instances are located in a single Availability Zone.
An employee recently deleted the DB instance, and the application was unavailable for 24 hours as a result. The company is concerned with the overall reliability of its environment.
What should the solutions architect do to maximize reliability of the application's infrastructure?
An employee recently deleted the DB instance, and the application was unavailable for 24 hours as a result. The company is concerned with the overall reliability of its environment.
What should the solutions architect do to maximize reliability of the application's infrastructure?
Delete one EC2 instance and enable termination protection on the other EC2 instance. Update the DB instance to be Multi-AZ, and enable deletion protection.
Update the DB instance to be Multi-AZ, and enable deletion protection. Place the EC2 instances behind an Application Load Balancer, and run them in an EC2 Auto Scaling group across multiple Availability Zones.
Create an additional DB instance along with an Amazon API Gateway and an AWS Lambda function. Configure the application to invoke the Lambda function through API Gateway. Have the Lambda function write the data to the two DB instances.
Place the EC2 instances in an EC2 Auto Scaling group that has multiple subnets located in multiple Availability Zones. Use Spot Instances instead of On-Demand Instances. Set up Amazon CloudWatch alarms to monitor the health of the instances. Update the DB instance to be Multi-AZ, and enable deletion protection.
Design Resilient Architectures
A company has implemented one of its microservices on AWS Lambda that accesses an Amazon DynamoDB table named Books. A solutions architect is designing an IAM policy to be attached to the Lambda function's IAM role, giving it access to put, update, and delete items in the Books table. The IAM policy must prevent function from performing any other actions on the Books table or any other.
Which IAM policy would fulfill these needs and provide the LEAST privileged access?
Which IAM policy would fulfill these needs and provide the LEAST privileged access?
Define Performant Architectures
Specify Secure Applications and Architectures
Comments