Here Is Some Sample Questions
Question No :01
A solutions architect has created a new AWS account and must secure AWS account root user access
Which combination of actions will accomplish this? (Select TWO.)
A. Ensure the root user uses a strong password
B. Enable multi-factor authentication to the root user
C. Store root user access keys in an encrypted Amazon S3 bucket
D. Add the root user to a group containing administrative permissions.
F. Apply the required permissions to the root user with an inline policy document
Answer: A,B
Explanation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
Question: 2
A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) The
instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones On the first day of
every month at midnight the application becomes much slower when the month-end financial
calculation batch executes This causes the CPU utilization of the EC2 instances to immediately peak to
100%. which disrupts the application
What should a solutions architect recommend to ensure the application is able to handle the workload
and avoid downtime?
A. Configure an Amazon CloudFront distribution in front of the ALB
B. Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization
C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
D. Configure Amazon ElastiCache to remove some of the workload from the EC2 instances
Answer: C
Question: 3
A company is migrating from an on-premises infrastructure to the AWS Cloud One of the company's
applications stores files on a Windows file server farm that uses Distributed File System Replication
(DFSR) to keep data in sync A solutions architect needs to replace the file server farm
Which service should the solutions architect use?
A. Amazon EFS
B. Amazon FSx
Visit us athttps://www.examsboost.com/test/saa-c02/
C. Amazon S3
D. AWS Storage Gateway
Answer: B
Explanation:
Reference:
https://docs.aws.amazon.com/fsx/latest/WindowsGuide/migrate-files-to-fsx-datasync.html
Question: 4
A company's website is used to sell products to the public The site runs on Amazon EC2 instances in an
Auto Scaling group behind an Application Load Balancer (ALB) There is also an Amazon CloudFront
distribution and AWS WAF is being used to protect against SQL injection attacks The ALB is the origin for the CloudFront distribution A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website
What should a solutions architect do to protect the application"?
A. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address
B. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address
C. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the
malicious IP address
D. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the
malicious IP address
Answer: B
Explanation:
Reference:
https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-loadbalancers/
Question: 5
A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis An application
on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket. Which action will MOST securely grant the EC2 instance access to the S3 bucket?
A. Attach a resource-based policy to the S3 bucket
B. Create an 1AM user for the application with specific permissions to the S3 bucket
C. Associate an 1AM role with least privilege permissions to the EC2 instance profile
D. Store AWS credentials directly on the EC2 instance for applications on the instance to use for API calls
Answer: C
Moreover:
0 comments:
Post a Comment
Note: only a member of this blog may post a comment.