Amazon (SAA-C03) Exam Questions And Answers page 44
A company uses Amazon Redshift for its data warehouse. The company wants to ensure high durability for its data in case of any component failure.
What should a solutions architect recommend?
What should a solutions architect recommend?
Enable cross-Region snapshots.
Increase the data retention period.
Deploy Amazon Redshift in Multi-AZ.
Design Resilient Architectures
A company uses Amazon S3 as its object storage solution. The company has thousands of S3 buckets it uses to store data. Some of the S3 buckets have data that is accessed less frequently than others. A solutions architect found that lifecycle policies are not consistently implemented or are implemented partially, resulting in data being stored in high-cost storage.
Which solution will lower costs without compromising the availability of objects?
Which solution will lower costs without compromising the availability of objects?
Use S3 ACLs.
Use Amazon Elastic Block Store (Amazon EBS) automated snapshots.
Use S3 Intelligent-Tiering storage.
Use S3 One Zone-Infrequent Access (S3 One Zone-IA).
Design Cost-Optimized Architectures
A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.
What should a solutions architect do to secure the audit documents?
What should a solutions architect do to secure the audit documents?
Enable the versioning and MFA Delete features on the S3 bucket.
Enable multi-factor authentication (MFA) on the IAM user credentials for each audit team IAM user account.
Add an S3 Lifecycle policy to the audit team s IAM user accounts to deny the s3:DeleteObject action during audit dates.
Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit team IAM user accounts from accessing the KMS key.
Specify Secure Applications and Architectures
A company uses an Amazon S3 bucket to store static images for its website. The company configured permissions to allow access to Amazon S3 objects by privileged users only.
What should a solutions architect do to protect against data loss? (Choose two.)
What should a solutions architect do to protect against data loss? (Choose two.)
Enable versioning on the S3 bucket.
Enable access logging on the S3 bucket.
Enable server-side encryption on the S3 bucket.
Configure an S3 lifecycle rule to transition objects to Amazon S3 Glacier.
Use MFA Delete to require multi-factor authentication to delete an object.
Design Resilient Architectures
Define Performant Architectures
A company uses Application Load Balancers (ALBs) in different AWS Regions. The ALBs receive inconsistent traffic that can spike and drop throughout the year. The company s networking team needs to allow the IP addresses of the ALBs in the on-premises firewall to enable connectivity.
Which solution is the MOST scalable with minimal configuration changes?
Which solution is the MOST scalable with minimal configuration changes?
Write an AWS Lambda script to get the IP addresses of the ALBs in different Regions. Update the on-premises firewall s rule to allow the IP addresses of the ALBs.
Migrate all ALBs in different Regions to the Network Load Balancer (NLBs). Update the on-premises firewall s rule to allow the Elastic IP addresses of all the NLBs.
Launch AWS Global Accelerator. Register the ALBs in different Regions to the accelerator. Update the on-premises firewall s rule to allow static IP addresses associated with the accelerator.
Launch a Network Load Balancer (NLB) in one Region. Register the private IP addresses of the ALBs in different Regions with the NLB. Update the on-premises firewall s rule to allow the Elastic IP address attached to the NLB.
Design Resilient Architectures
Define Performant Architectures
A company uses AWS Organizations to manage multiple AWS accounts for different departments. The management account has an Amazon S3 bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations.
Which solution meets these requirements with the LEAST amount of operational overhead?
Which solution meets these requirements with the LEAST amount of operational overhead?
Add the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy.
Create an organizational unit (OU) for each department. Add the aws:PrincipalOrgPaths global condition key to the S3 bucket policy.
Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization events. Update the S3 bucket policy accordingly.
Tag each user that needs access to the S3 bucket. Add the aws:PrincipalTag global condition key to the S3 bucket policy.
Design Resilient Architectures
Define Performant Architectures
A company uses AWS to run all components of its three-tier application. The company wants to automatically detect any potential security breaches within the environment. The company wants to track any findings and notify administrators if a potential breach occurs.
Which solution meets these requirements?
Which solution meets these requirements?
Set up AWS WAF to evaluate suspicious web traffic. Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.
Set up AWS Shield to evaluate suspicious web traffic. Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.
Deploy Amazon Inspector to monitor the environment and generate findings in Amazon CloudWatch. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email.
Deploy Amazon GuardDuty to monitor the environment and generate findings in Amazon CloudWatch. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email.
Specify Secure Applications and Architectures
A company uses on-premises servers to host its applications. The company is running out of storage capacity. The applications use both block storage and NFS storage. The company needs a high-performing solution that supports local caching without re-architecting its existing applications.
Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)
Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)
Mount Amazon S3 as a file system to the on-premises servers.
Deploy an AWS Storage Gateway file gateway to replace NFS storage.
Deploy AWS Snowball Edge to provision NFS mounts to on-premises servers.
Deploy an AWS Storage Gateway volume gateway to replace the block storage.
Deploy Amazon Elastic Fife System (Amazon EFS) volumes and mount them to on-premises servers.
Design Resilient Architectures
Define Performant Architectures
A company wants a storage option that enables its data science team to analyze its data on premises and in the AWS Cloud. The team needs to be able to run statistical analyses by using the data on premises and by using a fleet of Amazon EC2 instances across multiple Availability Zones.
What should a solutions architect do to meet these requirements?
What should a solutions architect do to meet these requirements?
Use an AWS Storage Gateway tape gateway to copy the on-premises files into Amazon S3.
Use an AWS Storage Gateway volume gateway to copy the on-premises files into Amazon S3.
Use an AWS Storage Gateway file gateway to copy the on-premises files to Amazon Elastic Block Store (Amazon EBS).
Attach an Amazon Elastic File System (Amazon EFS) file system to the on-premises servers. Copy the files to Amazon EFS.
Design Resilient Architectures
Define Performant Architectures
A company wants to automate the security assessment of its Amazon EC2 instances. The company needs to validate and demonstrate that security and compliance standards are being followed throughout the development process.
What should a solutions architect do to meet these requirements?
What should a solutions architect do to meet these requirements?
Use Amazon Macie to automatically discover, classify and protect the EC2 instances.
Use Amazon GuardDuty to publish Amazon Simple Notification Service (Amazon SNS) notifications.
Use Amazon Inspector with Amazon CloudWatch to publish Amazon Simple Notification Service (Amazon SNS) notifications
Use Amazon EventBridge (Amazon CloudWatch Events) to detect and react to changes in the status of AWS Trusted Advisor checks.
Specify Secure Applications and Architectures
Comments