Amazon (SAA-C03) Exam Questions And Answers page 67
A website runs a web application that receives a burst of traffic each day at noon. The users upload new pictures and content daily, but have been complaining of timeouts. The architecture uses Amazon EC2 Auto Scaling groups, and the custom application consistently takes 1 minute to initiate upon boot up before responding to user requests.
How should a solutions architect redesign the architecture to better respond to changing traffic?
How should a solutions architect redesign the architecture to better respond to changing traffic?
Configure AWS ElastiCache for Redis to offload direct requests to the servers.
Configure an Auto Scaling step scaling policy with an instance warmup condition.
Configure Amazon CloudFront to use an Application Load Balancer as the origin.
Design Resilient Architectures
Define Performant Architectures
Management has decided to deploy all AWS VPCs with IPv6 enabled. After some time, a solutions architect tries to launch a new instance and receives an error stating that there is not enough IP address space available in the subnet.
What should the solutions architect do to fix this?
What should the solutions architect do to fix this?
Check to make sure that only IPv6 was used during the VPC creation.
Create a new IPv4 subnet with a larger range, and then launch the instance.
Create a new IPv6-only subnet with a large range, and then launch the instance.
Disable the IPv4 subnet and migrate all instances to IPv6 only. Once that is complete, launch the instance.
Define Performant Architectures
Design Cost-Optimized Architectures
Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the world. The files are stored in an Amazon S3 bucket. A solutions architect has been asked to design an efficient and effective solution.
Which action should the solutions architect take to accomplish this?
Which action should the solutions architect take to accomplish this?
Generate presigned URLs for the files.
Use cross-Region replication to all Regions.
Use the geoproximity feature of Amazon Route 53.
Use Amazon CloudFront with the S3 bucket as its origin.
Define Performant Architectures
The financial application at a company stores monthly reports in an Amazon S3 bucket. The vice president of finance has mandated that all access to these reports be logged and that any modifications to the log files be detected.
Which actions can a solutions architect take to meet these requirements?
Which actions can a solutions architect take to meet these requirements?
Use S3 server access logging on the bucket that houses the reports with the read and write data events and log file validation options enabled.
Use S3 server access logging on the bucket that houses the reports with the read and write management events and log file validation options enabled.
Use AWS CloudTrail to create a new trail. Configure the trail to log read and write data events on the S3 bucket that houses the reports. Log these events to a new bucket, and enable log file validation.
Use AWS CloudTrail to create a new trail. Configure the trail to log read and write management events on the S3 bucket that houses the reports. Log these events to a new bucket, and enable log file validation.
Define Performant Architectures
Specify Secure Applications and Architectures
The following IAM policy is attached to an IAM group. This is the only policy applied to the group.
What are the effective IAM permissions of this policy for group members?
What are the effective IAM permissions of this policy for group members?
Group members are permitted any Amazon EC2 action within the us-east-1 Region. Statements after the Allow permission are not applied.
Group members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA).
Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action.
Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action within the us-east-1 Region.
Specify Secure Applications and Architectures
Design Cost-Optimized Architectures
The following IAM policy is attached to an IAM group. This is the only policy applied to the group.
What are the effective IAM permissions of this policy for group members?
What are the effective IAM permissions of this policy for group members?
Group members are permitted any Amazon EC2 action within the us-east-1 Region. Statements after the Allow permission are not applied.
Group members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA).
Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action.
Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action within the us-east-1 Region.
Specify Secure Applications and Architectures
What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?
Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set.
Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set to private.
Update the bucket policy to deny if the PutObject does not have an aws:SecureTransport header set to true.
Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.
Specify Secure Applications and Architectures
Comments