• Home
  • Articles
  • [UPDATED 2024] Read AWS-Solutions-Associate Study Guide Cover to Cover as Literally [Q265-Q286]

[UPDATED 2024] Read AWS-Solutions-Associate Study Guide Cover to Cover as Literally [Q265-Q286]

Share

[UPDATED 2024] Read AWS-Solutions-Associate Study Guide Cover to Cover as Literally

100% Real & Accurate AWS-Solutions-Associate Questions and Answers with Free and Fast Updates

NEW QUESTION # 265
A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.

  • A. Associate an IAM role with least privilege permissions lo the EC2 instance profile D Store AWS a credential directly on the EC2 instance for applications on the instance to use for API calls
  • B. Attach a resource-based policy lo the S3 bucket
  • C. Create an IAM user for the application with specific permissions to the S3 bucket

Answer: A


NEW QUESTION # 266
An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances. When Auto Scaling needs to terminate an EC2 instance by default, AutoScaling will:
Choose 2 answers

  • A. Send an SNS notification, if configured to do so.
  • B. Terminate an instance in the AZ which currently has 2 running EC2 instances.
  • C. Randomly select one of the 3 AZs, and then terminate an instance in that AZ.
  • D. Allow at least five minutes for Windows/Linux shutdown scripts to complete, before terminating the instance.
  • E. Terminate the instance with the least active network connections. If multiple instances meet this criterion, one will be randomly selected.

Answer: A,E


NEW QUESTION # 267
A company runs a video processing platform. Files are uploaded by users who connect to a web server, which stores them on an Amazon EFS share. This web server is running on a single Amazon EC2 instance. A different group of instances, running in an Auto Scaling group, scans the EFS share directory structure for new files to process and generates new videos (thumbnails, different resolution, compression, etc.) according to the instructions file, which is uploaded along with the video files. A different application running on a group of instances managed by an Auto Scaling group processes the video files and then deletes them from the EFS share. The results are stored in an S3 bucket. Links to the processed video files are emailed to the customer.
The company has recently discovered that as they add more instances to the Auto Scaling Group, many files are processed twice, so image processing speed is not improved. The maximum size of these video files is
2GB.
What should the Solutions Architect do to improve reliability and reduce the redundant processing of video files?

  • A. Set up a cron job on the web server instance to synchronize the contents of the EFS share into Amazon S3.
    Trigger an AWS Lambda function every time a file is uploaded to process the video file and store the results in Amazon S3. Using Amazon CloudWatch Events, trigger an Amazon SES job to send an email to the customer containing the link to the processed file.
  • B. Modify the web application to upload the video files directly to Amazon S3. Use Amazon CloudWatch Events to trigger an AWS Lambda function every time a file is uploaded, and have this Lambda function put a message into an Amazon SQS queue. Modify the video processing application to read from SQS queue for new files and use the queue depth metric to scale instances in the video processing Auto Scaling group.
  • C. Rewrite the web application to run directly from Amazon S3 and use Amazon API Gateway to upload the video files to an S3 bucket. Use an S3 trigger to run an AWS Lambda function each time a file is uploaded to process and store new video files in a different bucket. Using CloudWatch Events, trigger an SES job to send an email to the customer containing the link to the processed file.
  • D. Rewrite the web application to run from Amazon S3 and upload the video files to an S3 bucket. Each time a new file is uploaded, trigger an AWS Lambda function to put a message in an SQS queue containing the link and the instructions. Modify the video processing application to read from the SQS queue and the S3 bucket. Use the queue depth metric to adjust the size of the Auto Scaling group for video processing instances.

Answer: A


NEW QUESTION # 268
A company is implementing a new business application The application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage A solutions architect needs to ensure that the EC?
instances can access the S3 bucket
What should the solutions architect do to moot this requirement?

  • A. Create an IAM policy that grants access to the S3 bucket Attach the policy to the EC2 Instances
  • B. Create an IAM group that grants access to the S3 bucket Attach the group to the EC2 instances
  • C. Create an IAM role that grants access to the S3 bucket. Attach the role to the EC2 Instances.
  • D. Create an IAM user that grants access to the S3 bucket Attach the user account to the EC2 Instances

Answer: B


NEW QUESTION # 269
Can I encrypt connections between my application and my DB Instance using SSL?

  • A. No
  • B. Only in VPC
  • C. Yes
  • D. Only in certain regions

Answer: C


NEW QUESTION # 270
A company has hired a solutions architect to design a reliable architecture for its application The application consists of one Amazon RDS DB instance and two manually provisioned Amazon EC2 instances that run web servers The EC2 instances are located in a single Availability Zone An employee recently deleted the DB instance and the application was unavailable for 24 hours as a result The company is concerned with the overall reliability of its environment What should the solutions architect do to maximize reliability of the application's infrastructure?

  • A. Place the EC2 instances in an EC2 Auto Scaling group that has multiple subnets located in multiple Availability Zones Use Spot Instances instead of On-Demand instances Set up Amazon CloudWatch alarms to monitor the health of the instances Update the DB instance to be Multi-AZ and enable deletion protection
  • B. Delete one EC2 instance and enable termination protection on the other EC2 instance Update the DB instance to be Muto-AZ and enable deletion protection
  • C. Create an additional DB instance along with an Amazon API Gateway and an AWS Lambda function Configure the application to invoke the Lambda function through API Gateway Have the Lambda function write the data to the two DB instances
  • D. Update the DB instance to be Multiple-AZ and enable deletion protection Place the EC2 instances behind an Application Load Balancer and run them m an EC2 Auto Seating group across multiple Availability Zones

Answer: D


NEW QUESTION # 271
Which of the following are characteristics of Amazon VPC subnets? Choose 2 answers

  • A. Instances in a private subnet can communicate with the Internet only if they have an Elastic IP.
  • B. CIDR block mask of/25 is the smallest range supported.
  • C. Each subnet spans at least 2 Availability Zones to provide a high-availability environment.
  • D. By default, all subnets can route between each other, whether they are private or public.
  • E. Each subnet maps to a single Availability Zone.

Answer: A,E


NEW QUESTION # 272
You are designing a personal document-archiving solution for your global enterprise with thousands of employee. Each employee has potentially gigabytes of data to be backed up in this archiving solution.
The solution will be exposed to the employees as an application, where they can just drag and drop their files to the archiving system. Employees can retrieve their archives through a web interface.
The corporate network has high bandwidth AWS Direct Connect connectivity to AWS. You have a regulatory requirement that all data needs to be encrypted before being uploaded to the cloud.
How do you implement this in a highly available and cost-efficient way?

  • A. Mange encryption keys in a Hardware Security Module (HSM) appliance on-premises serve r with sufficient storage to temporarily store, encrypt, and upload files directly into Amazon Glacier.
  • B. Manage encryption keys on-premises in an encrypted relational database. Set up an on-premises server with sufficient storage to temporarily store files, and then upload them to Amazon S3, providing a client-side master key.
  • C. Manage encryption keys in Amazon Key Management Service (KMS), upload to Amazon Simple Storage Service (S3) with client-side encryption using a KMS customer master key ID, and configure Amazon S3 lifecycle policies to store each object using the Amazon Glacier storage tier.
  • D. Manage encryption keys in an AWS CloudHSM appliance. Encrypt files prior to uploading on the employee desktop, and then upload directly into Amazon Glacier.

Answer: C


NEW QUESTION # 273
The AWS CloudHSM service defines a resource known as a high-availability (HA) ________________, which is a virtual partition that represents a group of partitions, typically distributed between several physical HSMs for high-availability.

  • A. partition group
  • B. proxy group
  • C. relational group
  • D. functional group

Answer: A

Explanation:
The AWS CloudHSM service defines a resource known as a high-availability (HA) partition group, which is a virtual partition that represents a group of partitions, typically distributed between several physical
HSMs for high-availability.
Reference: http://docs.aws.amazon.com/cloudhsm/latest/userguide/configuring-ha.html


NEW QUESTION # 274
A company Is reviewing Its AWS Cloud deployment to ensure its data is not accessed by anyone without appropriate authorization. A solutions architect is tasked with identifying all open Amazon S3 buckets and recording any S3 bucket configuration changes.
What should the solutions architect do to accomplish this?

  • A. Write a script using an AWS SDK to generate a bucket report
  • B. Enable AWS Config service with the appropriate rules
  • C. Enable AWS Trusted Advisor with the appropriate checks.
  • D. Enable Amazon S3 server access logging and configure Amazon CloudWatch Events.

Answer: B


NEW QUESTION # 275
A company has a production workload that is spread across different AWS accounts in various AWS Regions.
The company uses AWS Cost Explorer to continuously monitor costs and usage. The company wants to receive notifications when the cost and usage spending of the workload is unusual.
Which combination of steps will meet these requirements? (Select TWO.)

  • A. In the AWS accounts where the production workload is running, create a Cost and Usage Report by using Cost Anomaly Detection in the AWS Cost Management console.
  • B. In ys AWS accounts where the production workload is running, create a linked account monitor by using AWS Cost Anomaly Detection in the AWS Cost Management console
  • C. In the AWS accounts where the production workload is running, create a linked account budget by using Cost Explorer in the AWS Cost Management console
  • D. Create a subscription with the required threshold and notify the company by using weekly summaries.
  • E. Create a report and send email messages to notify the company on a weekly basis.

Answer: B,D

Explanation:
Explanation
AWS Cost Anomaly Detection allows you to create monitors that track the cost and usage of your AWS resources and alert you when there is an unusual spending pattern. You can create monitors based on different dimensions, such as AWS services, accounts, tags, or cost categories. You can also create alert subscriptions that notify you by email or Amazon SNS when an anomaly is detected. You can specify the threshold and frequency of the alerts, and choose to receive weekly summaries of your anomalies.
Reference URLs:
1 https://aws.amazon.com/aws-cost-management/aws-cost-anomaly-detection/
2 https://docs.aws.amazon.com/cost-management/latest/userguide/getting-started-ad.html
3 https://docs.aws.amazon.com/cost-management/latest/userguide/manage-ad.html


NEW QUESTION # 276
An organization is undergoing a security audit. The auditor wants to view the AWS VPC configurations as the organization has hosted all the applications in the AWS VPC. The auditor is from a remote place and wants to have access to AWS to view all the VPC records.
How can the organization meet the expectations of the auditor without compromising on the security of their AWS infrastructure?

  • A. The organization should create an IAM user with VPC full access but set a condition that will not allow to modify anything if the request is from any IP other than the organization's data center.
  • B. Create an IAM role which will have read only access to all EC2 services including VPC and assign that role to the auditor.
  • C. The organization should not accept the request as sharing the credentials means compromising on security.
  • D. Create an IAM user who will have read only access to the AWS VPC and share those credentials with the auditor.

Answer: D

Explanation:
Explanation
Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. The user can create subnets as per the requirement within a VPC. The VPC also works with IAM and the organization can create IAM users who have access to various VPC services. If an auditor wants to have access to the AWS VPC to verify the rules, the organization should be careful before sharing any data which can allow making updates to the AWS infrastructure. In this scenario it is recommended that the organization creates an IAM user who will have read only access to the VPC. Share the above mentioned credentials with the auditor as it cannot harm the organization. The sample policy is given below:
{
"Effect":"Allow", "Action": [ "ec2:DescribeVpcs", "ec2:DescribeSubnets",
"ec2: DescribeInternetGateways", "ec2:DescribeCustomerGateways", "ec2:DescribeVpnGateways",
"ec2:DescribeVpnConnections", "ec2:DescribeRouteTables", "ec2:DescribeAddresses",
"ec2:DescribeSecurityGroups", "ec2:DescribeNetworkAcls", "ec2:DescribeDhcpOptions",
"ec2:DescribeTags", "ec2:DescribeInstances"
],
"Resource":"*"
}
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_IAM.html


NEW QUESTION # 277
A security engineer determined that an existing application retrieves credentials to an Amazon RDS for MySQL database from an encrypted file in Amazon S3. For the next version of the application, the security engineer wants to implement the following application design changes to improve security:
* The database must use strong, randomly generated passwords stored in a secure AWS managed service.
* The application resources must be deployed through AWS CloudFormation.
* The application must rotate credentials for the database every 90 days.
A solutions architect will generate a CloudFormation template to deploy the application.
Which resources specified in the CloudFormation template will meet the security engineer's requirements with the LEAST amount of operational overhead?

  • A. Generate the database password as a secret resource using AWS Secrets Manager. Create an AWS Lambda function resource to rotate the database password. Specify a Secrets Manager RotationSchedule resource to rotate the database password every 90 days.
  • B. Generate the database password as a SecureString parameter type using AWS Systems Manager Parameter Store. Create an AWS Lambda function resource to rotate the database password. Specify a Parameter Store RotationSchedule resource to rotate the database password every 90 days.
  • C. Generate the database password as a secret resource using AWS Secrets Manager. Create an AWS Lambda function resource to rotate the database password. Create an Amazon EventBridge scheduled rule resource to trigger the Lambda function password rotation every 90 days.
  • D. Generate the database password as a SecureString parameter type using AWS Systems Manager Parameter Store. Specify an AWS AppSync DataSource resource to automatically rotate the database password every 90 days.

Answer: C


NEW QUESTION # 278
A company has an Amazon EC2 deployment that has the following architecture:
An application tier that contains 8 m4.xlarge instances

A Classic Load Balancer

Amazon S3 as a persistent data store

After one of the EC2 instances fails, users report very slow processing of their requests. A Solutions Architect must recommend design changes to maximize system reliability. The solution must minimize costs.
What should the Solution Architect recommend?

  • A. Migrate the existing EC2 instances to a serverless deployment using AWS Lambda functions
  • B. Replace the application tier with m4.large instances in an Auto Scaling group
  • C. Change the Classic Load Balancer to an Application Load Balancer
  • D. Replace the application tier with 4 m4.2xlarge instances

Answer: C


NEW QUESTION # 279
If a provisioned IOPS volume of 4iGB is created, what are the possible correct values for IOPS for the volume in order for it to be created?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C


NEW QUESTION # 280
An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time.
What is the MOST secure way to do this?

  • A. Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multifactor authentication.
  • B. Upload the file to Amazon WorkDocs and share the public link with the vendor.
  • C. Enable public read on the S3 object and provide the link to the vendor.
  • D. Generate a presigned URL and have the vendor download the log file before it expires.

Answer: D

Explanation:
Explanation
Share an object with others
All objects by default are private. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a presigned URL, using their own security credentials, to grant time-limited permission to download the objects.
When you create a presigned URL for your object, you must provide your security credentials, specify a bucket name, an object key, specify the HTTP method (GET to download the object) and expiration date and time. The presigned URLs are valid only for the specified duration.
Anyone who receives the presigned URL can then access the object. For example, if you have a video in your bucket and both the bucket and the object are private, you can share the video with others by generating a presigned URL.
https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html


NEW QUESTION # 281
A company wants to create an audio version of its product manual. The product manual contains custom product names and abbreviations. The product manual is divided into sections Which solution will meet these requirements with the LEAST operational overhead?

  • A. Use Amazon Textract Build custom Speech Synthesis Markup Language (SSML) for the product names and abbreviations Use the StartDocumentTextDetection API operation for each section of the product manual
  • B. Use Amazon Polly Build custom lexicons for the product names and abbreviations Use the StartSpeechSynthesJsTaskAPl operation for each section of the product manual
  • C. Use Amazon Polly Build custom Speech Synthesis Markup Language (SSML) for the product names and abbreviations Use the StartDocumentTextDetection API operation for each section of the product manual
  • D. Use Amazon Textract Build custom lexicons for the product names and abbreviations Use the StartTranscriptionJob API operation for each section of the product manual

Answer: B


NEW QUESTION # 282
A company is using a content management system that runs on a single Amazon EC2 instance. The EC2 instance contains both the web server and the database software. The company must make its website platform highly available and must enable the website to scale to meet user demand What should a solutions architect recommend to meet these requirements?

  • A. Migrate the database to an Amazon Aurora instance with a read replica in the same Availability Zone as the existing EC2 instance Manually launch another EC2 instance in the same Availability Zone Configure an Application Load Balancer and set the two EC2 instances as targets
  • B. Move the database to a separate EC2 instance and schedule backups to Amazon S3 Create an Amazon Machine Image (AMI > from the original EC2 instance Configure an Application Load Balancer in two Availability Zones Attach an Auto Scaling group that uses the AMI across two Availability Zones
  • C. Move the database to Amazon RDS, and enable automatic backups Manually launch another EC2 instance in the same Availability Zone Configure an Application Load Balancer in the Availability Zone and set the two instances as targets
  • D. Move the database to Amazon Aurora with a read replica in another Availability Zone Create an Amazon Machine Image (AMI) from the EC2 instance Configure an Application Load Balancer in two Availability Zones Attach an Auto Scaling group that uses the AMI across two Availability Zones

Answer: D


NEW QUESTION # 283
A media company has deployed a multi-tier architecture on AWS. Web servers are deployed in two Availability Zones using an Auto Scaling group with a default Auto Scaling termination policy.
The web servers' Auto Scaling group currently has 15 instances running.
Which instance will be terminated first during a scale-in operation?

  • A. The instance in the Availability Zone that has most instances.
  • B. The oldest instance in the group.
  • C. The instance with the oldest launch configuration.
  • D. The instance closest to the next billing hour.

Answer: A


NEW QUESTION # 284
A company is running an ecommerce application on Amazon EC2 The application consists of a stateless web tier that requires a minimum of 10 instances, and a peak of 250 instances to support the application's usage The application requires 50 instances 80% of the time Which solution should be used to minimize costs?

  • A. Purchase On-Demand Instances to cover 40 instances Use Spot Instances to cover the remaining instances
  • B. Purchase Reserved Instances to cover 250 instances
  • C. Purchase Reserved Instances to cover 50 instances Use On-Demand and Spot Instances to cover the remaining instances
  • D. Purchase Reserved Instances to cover 80 instances Use Spot Instances to cover the remaining instances

Answer: C

Explanation:
Explanation
Reserved Instances
Having 50 EC2 RIs provide a discounted hourly rate and an optional capacity reservation for EC2 instances.
AWS Billing automatically applies your RI's discounted rate when attributes of EC2 instance usage match attributes of an active RI.
If an Availability Zone is specified, EC2 reserves capacity matching the attributes of the RI. The capacity reservation of an RI is automatically utilized by running instances matching these attributes.
You can also choose to forego the capacity reservation and purchase an RI that is scoped to a region. RIs that are scoped to a region automatically apply the RI's discount to instance usage across AZs and instance sizes in a region, making it easier for you to take advantage of the RI's discounted rate.
On-Demand Instance
On-Demand instances let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. This frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs.
The pricing below includes the cost to run private and public AMIs on the specified operating system ("Windows Usage" prices apply to Windows Server 2003 R2, 2008, 2008 R2, 2012, 2012 R2, 2016, and
2019). Amazon also provides you with additional instances for Amazon EC2 running Microsoft Windows with SQL Server, Amazon EC2 running SUSE Linux Enterprise Server, Amazon EC2 running Red Hat Enterprise Linux and Amazon EC2 running IBM that are priced differently.
Spot Instances
A Spot Instance is an unused EC2 instance that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs significantly. The hourly price for a Spot Instance is called a Spot price. The Spot price of each instance type in each Availability Zone is set by Amazon EC2, and adjusted gradually based on the long-term supply of and demand for Spot Instances. Your Spot Instance runs whenever capacity is available and the maximum price per hour for your request exceeds the Spot price.
https://aws.amazon.com/ec2/pricing/reserved-instances/
https://aws.amazon.com/ec2/pricing/on-dem
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/us instances.html


NEW QUESTION # 285
A Solutions Architect has been given the following requirements for a company's VPC:
1 The solution is a two-tiered application with a web tier and a database tier.
2 All web traffic to the environment must be directed from the Internet to an Application Load Balancer.
3 The web servers and the databases should not obtain public IP addresses or be directly accessible from the public Internet.
4 Because of security requirements, databases may not share a route table or subnet with any other service.
5 The environment must be highly available within the same VPC for all services.
What is the minimum number of subnets that the Solutions Architect will need based on these requirements and best practices?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C

Explanation:
Explanation
https://aws.amazon.com/premiumsupport/knowledge-center/public-load-balancer-private-ec2/


NEW QUESTION # 286
......


How to book the AWS Solutions Associate

To apply for the AWS Solutions Associate, You have to follow these steps:

  • Step 1: Go to the AWS-Solutions-associate-Professional Official Site
  • Step 2: Read the instruction Carefully
  • Step 3: Follow the given steps
  • Step 4: Apply for the AWS-Solutions-associate-Professional Exam

The AWS Certified Solutions Architect - Associate (SAA-C02) exam is a rigorous and challenging certification exam that tests the candidate’s ability to design and deploy scalable and highly available systems on the AWS platform. Passing AWS-Solutions-Associate exam demonstrates the candidate’s expertise in AWS services and their functionalities, making them a valuable asset to any organization looking to adopt cloud technology.

 

Reliable Study Materials for AWS-Solutions-Associate Exam Success For Sure: https://www.practicetorrent.com/AWS-Solutions-Associate-practice-exam-torrent.html

Get Unlimited Access to AWS-Solutions-Associate Certification Exam Cert Guide: https://drive.google.com/open?id=1GqzEKyScHVtyp7NwxjUiPUugLyTQL7gv

Related Articles

more
Amazon AWS-Solutions-Associate Certification Practice Exam

Get the high score and achieve the certification with our latest practice torrent. The complete exam prep torrent contains the questions & answers which are related to the actual test. You can pass your actual test at first attempt.

Tags

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 PracticeTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy