Amazon (SAA-C03) Exam Questions And Answers page 57
A solutions architect at a company is designing the architecture for a two-tiered web application. The web application is composed of an internet-facing Application Load Balancer (ALB) that forwards traffic to an Auto Scaling group of Amazon EC2 instances. The EC2 instances must be able to access a database that runs on Amazon RDS.
The company has requested a defense-in-depth approach to the network layout. The company does not want to rely solely on security groups or network ACLs. Only the minimum resources that are necessary should be routable from the internet.
Which network design should the solutions architect recommend to meet these requirements?
The company has requested a defense-in-depth approach to the network layout. The company does not want to rely solely on security groups or network ACLs. Only the minimum resources that are necessary should be routable from the internet.
Which network design should the solutions architect recommend to meet these requirements?
Place the ALB in public subnets. Place the EC2 instances and RDS database in private subnets.
Place the ALB and EC2 instances in public subnets. Place the RDS database in private subnets.
Place the ALB outside the VPC. Place the EC2 instances and RDS database in private subnets.
Define Performant Architectures
Specify Secure Applications and Architectures
A solutions architect at an ecommerce company wants to back up application log data to Amazon S3. The solutions architect is unsure how frequently the logs will be accessed or which logs will be accessed the most. The company wants to keep costs as low as possible by using the appropriate S3 storage class.
Which S3 storage class should be implemented to meet these requirements?
Which S3 storage class should be implemented to meet these requirements?
S3 Glacier
S3 Intelligent-Tiering
S3 Standard-Infrequent Access (S3 Standard-IA)
S3 One Zone-Infrequent Access (S3 One Zone-IA)
Design Cost-Optimized Architectures
A solutions architect has configured the following IAM policy.
Which action will be allowed by the policy?
Which action will be allowed by the policy?
An AWS Lambda function can be deleted from any network.
An AWS Lambda function can be created from any network.
An AWS Lambda function can be deleted from the 100.220.0.0/20 network.
An AWS Lambda function can be deleted from the 220.100.16.0/20 network.
Specify Secure Applications and Architectures
A solutions architect has configured the following IAM policy.
Which action will be allowed by the policy?
Which action will be allowed by the policy?
An AWS Lambda function can be deleted from any network.
An AWS Lambda function can be created from any network.
An AWS Lambda function can be deleted from the 100.220.0.0/20 network.
An AWS Lambda function can be deleted from the 220.100.16.0/20 network.
Design Resilient Architectures
Specify Secure Applications and Architectures
How to secure AWS account root user access in a new AWS account?
Multiple Choice
A solutions architect has created a new AWS account and must secure AWS account root user access.
Which combination of actions will accomplish this? (Choose two.)
Which combination of actions will accomplish this? (Choose two.)
Ensure the root user uses a strong password.
Enable multi-factor authentication to the root user.
Store root user access keys in an encrypted Amazon S3 bucket.
Add the root user to a group containing administrative permissions.
Apply the required permissions to the root user with an inline policy document.
Specify Secure Applications and Architectures
Design Cost-Optimized Architectures
A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.
A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?
A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?
Deleting IAM users
Deleting directories
Deleting Amazon EC2 instances
Deleting logs from Amazon CloudWatch Logs
Define Performant Architectures
Design Cost-Optimized Architectures
A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.
A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?
A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?
Deleting IAM users
Deleting directories
Deleting Amazon EC2 instances
Deleting logs from Amazon CloudWatch Logs
Define Performant Architectures
Design Cost-Optimized Architectures
A solutions architect is creating a data processing job that runs once daily and can take up to 2 hours to complete. If the job is interrupted, it has to restart from the beginning.
How should the solutions architect address this issue in the MOST cost-effective manner?
How should the solutions architect address this issue in the MOST cost-effective manner?
Create a script that runs locally on an Amazon EC2 Reserved Instance that is triggered by a cron job.
Create an AWS Lambda function triggered by an Amazon EventBridge (Amazon CloudWatch Events) scheduled event.
Use an Amazon Elastic Container Service (Amazon ECS) Fargate task triggered by an Amazon EventBridge (Amazon CloudWatch Events) scheduled event.
Use an Amazon Elastic Container Service (Amazon ECS) task running on Amazon EC2 triggered by an Amazon EventBridge (Amazon CloudWatch Events) scheduled event.
Design Cost-Optimized Architectures
A solutions architect is creating an application that will handle batch processing of large amounts of data. The input data will be held in Amazon S3 and the output data will be stored in a different S3 bucket. For processing, the application will transfer the data over the network between multiple Amazon EC2 instances.
What should the solutions architect do to reduce the overall data transfer costs?
What should the solutions architect do to reduce the overall data transfer costs?
Place all the EC2 instances in an Auto Scaling group.
Place all the EC2 instances in the same AWS Region.
Place all the EC2 instances in the same Availability Zone.
Place all the EC2 instances in private subnets in multiple Availability Zones.
Design Cost-Optimized Architectures
A solutions architect is creating an application. The application will run on Amazon EC2 instances in private subnets across multiple Availability Zones in a VPC. The EC2 instances will frequently access large files that contain confidential information. These files are stored in Amazon S3 buckets for processing. The solutions architect must optimize the network architecture to minimize data transfer costs.
What should the solutions architect do to meet these requirements?
What should the solutions architect do to meet these requirements?
Create a gateway endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the gateway endpoint.
Create a single NAT gateway in a public subnet. In the route tables for the private subnets, add a default route that points to the NAT gateway.
Create an AWS PrivateLink interface endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the interface endpoint.
Create one NAT gateway for each Availability Zone in public subnets. In each of the route tables for the private subnets, add a default route that points to the NAT gateway in the same Availability Zone.
Design Cost-Optimized Architectures
Comments