Amazon (SAA-C03) Exam Questions And Answers page 52
A mobile gaming company runs application servers on Amazon EC2 instances. The servers receive updates from players every 15 minutes. The mobile game creates a JSON object of the progress made in the game since the last update, and sends the JSON object to an Application Load Balancer. As the mobile game is played, game updates are being lost. The company wants to create a durable way to get the updates in older.
What should a solutions architect recommend to decouple the system?
What should a solutions architect recommend to decouple the system?
Use Amazon Kinesis Data Firehose to capture the data and store the JSON object in Amazon S3.
Use Amazon Simple Queue Service (Amazon SQS) FIFO queues to capture the data and EC2 instances to process the messages in the queue.
Use Amazon Simple Notification Service (Amazon SNS) to capture the data and EC2 instances to process the messages sent to the Application Load Balancer.
Design Resilient Architectures
Define Performant Architectures
A monolithic application was recently migrated to AWS and is now running on a single Amazon EC2 instance. Due to application limitations, it is not possible to use automatic scaling to scale out the application. The chief technology officer (CTO) wants an automated solution to restore the EC2 instance in the unlikely event the underlying hardware fails.
What would allow for automatic recovery of the EC2 instance as quickly as possible?
What would allow for automatic recovery of the EC2 instance as quickly as possible?
Configure an Amazon CloudWatch alarm that triggers the recovery of the EC2 instance if it becomes impaired.
Configure an Amazon CloudWatch alarm to trigger an SNS message that alerts the CTO when the EC2 instance is impaired.
Configure AWS CloudTrail to monitor the health of the EC2 instance, and if it becomes impaired, trigger instance recovery.
Configure an Amazon EventBridge event to trigger an AWS Lambda function once an hour that checks the health of the EC2 instance and triggers instance recovery if the EC2 instance is unhealthy.
Define Performant Architectures
Specify Secure Applications and Architectures
An administrator of a large company wants to monitor for and prevent any cryptocurrency-related attacks on the company s AWS accounts.
Which AWS service can the administrator use to protect the company against attacks?
Which AWS service can the administrator use to protect the company against attacks?
Amazon Cognito
Amazon GuardDuty
Amazon Inspector
Amazon Macie
Specify Secure Applications and Architectures
An Amazon EC2 administrator created the following policy associated with an IAM group containing several users:
What is the effect of this policy?
What is the effect of this policy?
Users can terminate an EC2 instance in any AWS Region except us-east-1.
Users can terminate an EC2 instance with the IP address 10.100.100.1 in the us-east-1 Region.
Users can terminate an EC2 instance in the us-east-1 Region when the user s source IP is 10.100.100.254.
Users cannot terminate an EC2 instance in the us-east-1 Region when the user s source IP is 10.100.100.254.
Define Performant Architectures
Specify Secure Applications and Architectures
An Amazon EC2 administrator created the following policy associated with an IAM group containing several users:
What is the effect of this policy?
What is the effect of this policy?
Users can terminate an EC2 instance in any AWS Region except us-east-1.
Users can terminate an EC2 instance with the IP address 10.100.100.1 in the us-east-1 Region.
Users can terminate an EC2 instance in the us-east-1 Region when the user s source IP is 10.100.100.254.
Users cannot terminate an EC2 instance in the us-east-1 Region when the user s source IP is 10.100.100.254.
Design Resilient Architectures
Specify Secure Applications and Architectures
An Amazon EC2 instance is located in a private subnet in a new VPC. This subnet does not have outbound internet access, but the EC2 instance needs the ability to download monthly security updates from an outside vendor.
What should a solutions architect do to meet these requirements?
What should a solutions architect do to meet these requirements?
Create an internet gateway, and attach it to the VPC. Configure the private subnet route table to use the internet gateway as the default route.
Create a NAT gateway, and place it in a public subnet. Configure the private subnet route table to use the NAT gateway as the default route.
Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the NAT instance as the default route.
Create an internet gateway, and attach it to the VPC. Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the internet gateway as the default route.
Specify Secure Applications and Architectures
An application allows users at a company s headquarters to access product data. The product data is stored in an Amazon RDS MySQL DB instance. The operations team has isolated an application performance slowdown and wants to separate read traffic from write traffic. A solutions architect needs to optimize the application s performance quickly.
What should the solutions architect recommend?
What should the solutions architect recommend?
Change the existing database to a Multi-AZ deployment. Serve the read requests from the primary Availability Zone.
Change the existing database to a Multi-AZ deployment. Serve the read requests from the secondary Availability Zone.
Create read replicas for the database. Configure the read replicas with half of the compute and storage resources as the source database.
Create read replicas for the database. Configure the read replicas with the same compute and storage resources as the source database.
Define Performant Architectures
An application calls a service run by a vendor. The vendor charges based on the number of calls. The finance department needs to know the number of calls that are made to the service to validate the billing statements.
How can a solutions architect design a system to durably store the number of calls without requiring changes to the application?
How can a solutions architect design a system to durably store the number of calls without requiring changes to the application?
Call the service through an internet gateway.
Decouple the application from the service with an Amazon Simple Queue Service (Amazon SQS) queue.
Publish a custom Amazon CloudWatch metric that counts calls to the service.
Call the service through a VPC peering connection.
Design Resilient Architectures
An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time.
What is the MOST secure way to do this?
What is the MOST secure way to do this?
Enable public read on the S3 object and provide the link to the vendor.
Upload the file to Amazon WorkDocs and share the public link with the vendor.
Generate a presigned URL and have the vendor download the log file before it expires.
Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multi-factor authentication.
Define Performant Architectures
Specify Secure Applications and Architectures
An application is running on Amazon EC2 instances. Sensitive information required for the application is stored in an Amazon S3 bucket. The bucket needs to be protected from internet access while only allowing services within the VPC access to the bucket.
Which combination of actions should solutions archived take to accomplish this? (Choose two.)
Which combination of actions should solutions archived take to accomplish this? (Choose two.)
Apply a bucket policy to restrict access to the S3 endpoint.
Add an S3 ACL to the bucket that has sensitive information.
Restrict users using the IAM policy to use the specific bucket.
Create a VPC endpoint for Amazon S3.
Enable server access logging on the bucket.
Define Performant Architectures
Specify Secure Applications and Architectures
Comments