Amazon (SAA-C03) Exam Questions And Answers page 46
A company wants to migrate a high performance computing (HPC) application and data from on-premises to the AWS Cloud. The company uses tiered storage on premises with hot high-performance parallel storage to support the application during periodic runs of the application, and more economical cold storage to hold the data when the application is not actively running.
Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Choose two.)
Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Choose two.)
Amazon Elastic File System (Amazon EFS) for cold data storage
Amazon S3 for high-performance parallel storage
Amazon FSx for Lustre for high-performance parallel storage
Amazon FSx for Windows for high-performance parallel storage
Design Resilient Architectures
Define Performant Architectures
A company wants to migrate a high performance computing (HPC) application and data from on-premises to the AWS Cloud. The company uses tiered storage on premises with hot high-performance parallel storage to support the application during periodic runs of the application, and more economical cold storage to hold the data when the application is not actively running.
Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Choose two.)
Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Choose two.)
Amazon S3 for cold data storage
Amazon EFS for cold data storage
Amazon S3 for high-performance parallel storage
Amazon FSx for Lustre for high-performance parallel storage
Amazon FSx for Windows for high-performance parallel storage
Design Resilient Architectures
Define Performant Architectures
A company wants to migrate a workload to AWS. The chief information security officer requires that all data be encrypted at rest when stored in the cloud. The company wants complete control of encryption key lifecycle management.
The company must be able to immediately remove the key material and audit key usage independently of AWS CloudTrail. The chosen services should integrate with other storage services that will be used on AWS.
Which services satisfies these security requirements?
The company must be able to immediately remove the key material and audit key usage independently of AWS CloudTrail. The chosen services should integrate with other storage services that will be used on AWS.
Which services satisfies these security requirements?
AWS CloudHSM with the CloudHSM client
AWS Key Management Service (AWS KMS) with AWS CloudHSM
AWS Key Management Service (AWS KMS) with an external key material origin
AWS Key Management Service (AWS KMS) with AWS managed customer master keys (CMKs)
Specify Secure Applications and Architectures
Design Cost-Optimized Architectures
A company wants to migrate its 1 PB on-premises image repository to AWS. The images will be used by a serverless web application images stored in the repository are rarely accessed, but they must be immediately available. Additionally, the images must be encrypted at rest and protected from accidental deletion.
Which solution meets these requirements?
Which solution meets these requirements?
Implement client-side encryption and store the images in an Amazon S3 Glacier vault. Set a vault lock to prevent accidental deletion.
Store the images in an Amazon S3 bucket in the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Enable versioning, default encryption, and MFA Delete on the S3 bucket.
Store the images in an Amazon FSx for Windows File Server file share. Configure the Amazon FSx file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share. Use NTFS permission sets on the images to prevent accidental deletion.
Store the Images in an Amazon Elastic File System (Amazon EFS) file share in the Infrequent Access storage class. Configure the EFS file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share. Use NFS permission sets on the images to prevent accidental deletion.
Specify Secure Applications and Architectures
Design Cost-Optimized Architectures
A company wants to migrate its accounting system from an on-premises data center to the AWS Cloud in a single AWS Region. Data security and an immutable audit log are the top priorities. The company must monitor all AWS activities for compliance auditing. The company has enabled AWS CloudTrail but wants to make sure it meets these requirements.
Which actions should a solutions architect take to protect and secure CloudTrail? (Choose two.)
Which actions should a solutions architect take to protect and secure CloudTrail? (Choose two.)
Enable CloudTrail log file validation.
Install the CloudTrail Processing Library.
Enable logging of Insights events in CloudTrail.
Enable custom logging from the on-premises resources.
Create an AWS Config rule to monitor whether CloudTrail is configured to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS).
Specify Secure Applications and Architectures
Design Cost-Optimized Architectures
A company wants to migrate its MySQL database from on premises to AWS. The company recently experienced a database outage that significantly impacted the business. To ensure this does not happen again, the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes.
Which solution meets these requirements?
Which solution meets these requirements?
Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones.
Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data.
Create an Amazon RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data.
Create an Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance.
Design Resilient Architectures
Define Performant Architectures
A company wants to migrate its web application to AWS. The legacy web application consists of a web tier, an application tier, and a MySQL database. The re-architected application must consist of technologies that do not require the administration team to manage instances or clusters.
Which combination of services should a solutions architect include in the overall architecture? (Choose two.)
Which combination of services should a solutions architect include in the overall architecture? (Choose two.)
Amazon Elasticsearch Service (Amazon ES)
Amazon RDS for MySQL
AWS Fargate
Amazon Aurora Serverless
Amazon EC2 Spot Instances
Define Performant Architectures
Specify Secure Applications and Architectures
A company wants to monitor its AWS costs for financial review. The cloud operations team is designing an architecture in the AWS Organizations management account to query AWS Cost and Usage Reports for all member accounts. The team must run this query once a month and provide a detailed analysis of the bill.
Which solution is the MOST scalable and cost-effective way to meet these requirements?
Which solution is the MOST scalable and cost-effective way to meet these requirements?
Enable Cost and Usage Reports in the management account. Deliver reports to Amazon Kinesis. Use Amazon EMR for analysis.
Enable Cost and Usage Reports in the management account. Deliver the reports to Amazon S3. Use Amazon Athena for analysis.
Enable Cost and Usage Reports for member accounts. Deliver the reports to Amazon S3. Use Amazon Redshift for analysis.
Enable Cost and Usage Reports for member accounts. Deliver the reports to Amazon Kinesis. Use Amazon QuickSight for analysis.
Design Cost-Optimized Architectures
A company wants to move a multi-tiered application from on premises to the AWS Cloud to improve the application s performance. The application consists of application tiers that communicate with each other by way of RESTful services. Transactions are dropped when one tier becomes overloaded. A solutions architect must design a solution that resolves these issues and modernizes the application.
Which solution meets these requirements and is the MOST operationally efficient?
Which solution meets these requirements and is the MOST operationally efficient?
Use Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer. Use Amazon Simple Queue Service (Amazon SQS) as the communication layer between application services.
Use Amazon CloudWatch metrics to analyze the application performance history to determine the server s peak utilization during the performance failures. Increase the size of the application server s Amazon EC2 instances to meet the peak requirements.
Use Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group. Use Amazon CloudWatch to monitor the SNS queue length and scale up and down as required.
Use Amazon Simple Queue Service (Amazon SQS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group. Use Amazon CloudWatch to monitor the SQS queue length and scale up when communication failures are detected.
Design Resilient Architectures
Define Performant Architectures
A company wants to move from many standalone AWS accounts to a consolidated, multi-account architecture. The company plans to create many new AWS accounts for different business units. The company needs to authenticate access to these AWS accounts by using a centralized corporate directory service.
Which combination of actions should a solutions architect recommend to meet these requirements? (Choose two.)
Which combination of actions should a solutions architect recommend to meet these requirements? (Choose two.)
Create a new organization in AWS Organizations with all features turned on. Create the new AWS accounts in the organization.
Set up an Amazon Cognito identity pool. Configure AWS Single Sign-On to accept Amazon Cognito authentication.
Configure a service control policy (SCP) to manage the AWS accounts. Add AWS Single Sign-On to AWS Directory Service.
Create a new organization in AWS Organizations. Configure the organization s authentication mechanism to use AWS Directory Service directly.
Set up AWS Single Sign-On (AWS SSO) in the organization. Configure AWS SSO, and integrate it with the company's corporate directory service.
Define Performant Architectures
Specify Secure Applications and Architectures
Comments