HomeQuizzes & SurveysAWS Certified Solution Architect-Associate Practice Test 1 AWS Certified Solution Architect-Associate Practice Test 1 Leave a Comment / By user / October 18, 2021 Welcome to your AWS (SAA-C02) Practice Test 1 Exam Instructions The exam comprises of the following types of questions: - Multiple Choice Single Response - Multiple Choice Multiple Response There is no negative marking. Name Email Mobile Number 1. A company has a multi-tier application that runs six front-end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer (ALB). A solutions architect needs to modify the infrastructure to be highly available without modifying the application. Which architecture should the solutions architect choose that provides high availability? A. Create an Auto Scaling group that uses three instances across each of two Regions B. Modify the Auto Scaling group to use three instances across each of two Availability Zones C. Create an Auto Scaling template that can be used to quickly create more instances in another Region D. Change the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier None 2. A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not traverse the internet. What should the solutions architect do to accomplish this? (Select TWO ) A. Create a route table entry for the endpoint B. Create a gateway endpoint for DynamoDB C. Create a new DynamoDB table that uses the endpoint D. Create an ENI for the endpoint in each of the subnets of the VPC E. Create a security group entry in the default security group to provide access 3. A company has been storing analytics data in an Amazon RDS instance for the past few years. The company asked a solutions architect to find a solution that allows users to access this data using an API. The expectation is that the application will experience periods of inactivity but could receive bursts of traffic within seconds. Which solution should the solutions architect suggest? A. Set up an Amazon API Gateway and use Amazon ECS. B. Set up an Amazon API Gateway and use AWS Elastic Beanstalk. C. Set up an Amazon API Gateway and use AWS Lambda functions D. Set up an Amazon API Gateway and use Amazon EC2 with Auto Scaling None 4. A company is managing health records on-premises. The company must keep these records indefinitely, disable any modifications to the records once they are stored, and granularly audit access at all levels. The chief technology officer (CTO) is concerned because there are already millions of records not being used by any application, and the current infrastructure is running out of space. The CTO has requested a solutions architect design a solution to move existing data and support future records. Which services can the solutions architect recommend to meet these requirements'? A. Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with data events. B. Use AWS Storage Gateway to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events. C. Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events D. Use AWS Storage Gateway to move existing data to AWS. Use Amazon Elastic Block Store (Amazon EBS) to store existing and new data. Enable Amazon S3 object lock and enable Amazon S3 server access logging. None 5. An application running in a private subnet accesses an Amazon DynamoDB table. There is a security requirement that the data never leave the AWS network. How should this requirement be met? A. Configure a network ACL on DynamoDB to limit traffic to the private subnet B. Enable DynamoDB encryption at rest using an AWS KMS key C. Add a NAT gateway and configure the route table on the private subnet D. Create a VPC endpoint for DynamoDB and configure the endpoint policy None 6. A Solutions Architect is creating an application running in an Amazon VPC that needs to access AWS Systems Manager Parameter Store. Network security rules prohibit any route table entry with a 0.0.0.0/0 destination. What infrastructure addition will allow access to the AWS service while meeting the requirements? A. VPC peering B. NAT instance C. NAT gateway D. AWS PrivateLink None 7. A solutions architect at an ecommerce company wants to back up application log data to Amazon S3. The solutions architect is unsure how frequently the logs will be accessed or which logs will be accessed the most. The company wants to keep costs as low as possible by using the appropriate S3 storage class. Which S3 storage class should be implemented to meet these requirements? A. S3 Glacier B. S3 Intelligent-Tiering C. S3 Standard-Infrequent Access (S3 Standard-IA) D. S3 One Zone-Infrequent Access (S3 One Zone-IA None 8. A financial services company has a web application that serves users in the United States and Europe. The application consists of a database tier and a web server tier. The database tier consists of a MySQL database hosted in us-east-1 Amazon Route 53 geoproximity routing is used to direct traffic to instances in the closest Region. A performance review of the system reveals that European users are not receiving the same level of query performance as those in the United States. Which changes should be made to the database tier to improve performance? A. Migrate the database to Amazon RDS for MySQL. Configure Multi-AZ in one of the European Regions. B. Migrate the database to Amazon DynamoDB. Use DynamoDB global tables to enable replication to additional Regions. C. Deploy MySQL instances in each Region. Deploy an Application Load Balancer in front of MySQL to reduce the load on the primary instance. D. Migrate the database to an Amazon Aurora global database in MySQL compatibility mode. Configure read replicas in one of the European Regions. None 9. A client needs you to import some existing infrastructure from a dedicated hosting provider to AWS to try and save on the cost of running his current website. He also needs an automated process that manages backups, software patching, automatic failure detection, and recovery. You are aware that his existing set up currently uses an Oracle database. Which of the following AWS databases would be best for accomplishing this task? A. Amazon RDS B. Amazon Redshif C. Amazon SimpleDB D. Amazon ElastiCache None 10. Amazon EC2 provides a ____. It is an HTTP or HTTPS request that uses the HTTP verbs GET or POST. A. web database B. .net framework C. Query API D. C library None 11. Which of the below mentioned options is not available when an instance is launched by Auto Scaling with EC2 Classic? A. Public IP B. Elastic IP C. Private DNS D. Private IP None 12. A company's website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company's website demands globally. The solution should be cost effective, limit the? provisioning of Into and provide the fastest possible response time. Which combination should a solutions architect recommend to meet these requirements? A. Amazon CloudFront and Amazon S3 B. AWS Lambda and Amazon Dynamo C. Application Load Balancer with Amazon EC2 Auto Scaling D. Amazon Route 53 with internal Application Load Balances None 13. A company's packaged application dynamically creates and returns single-use text files in response to user requests. The company is using Amazon CloudFront for distribution, but wants to future reduce data transfer costs. The company modify the application's source code. What should a solution architect do to reduce costs? A. Use Lambda@Edge to compress the files as they are sent to users. B. Enable Amazon S3 Transfer Acceleration to reduce the response times. C. Enable caching on the CloudFront distribution to store generated files at the edge. D. Use Amazon S3 multipart uploads to move the files to Amazon S3 before returning them to users. None 14. A company plans to store sensitive user data on Amazon S3. Internal security compliance requirement mandata encryption of data before sending it to Amazon S3. What should a solution architect recommend to satisfy these requirements? A. Server-side encryption with customer-provided encryption keys B. Client-side encryption with Amazon S3 managed encryption keys C. Server-side encryption with keys stored in AWS key Management Service (AWS KMS) D. Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS) None 15. A company that develops web applications has launched hundreds of Application Load Balancers (ALBs) in multiple Regions. The company wants to create an allow list (or the IPs of all the load balancers on its firewall device. A solutions architect is looking for a one-time, highly available solution to address this request, which will also help reduce the number of IPs that need to be allowed by the firewall. What should the solutions architect recommend to meet these requirements? A. Create a AWS Lambda function to keep track of the IPs for all the ALBs in different Regions Keep refreshing this list. B. Set up a Network Load Balancer (NLB) with Elastic IPs. Register the private IPs of all the ALBs as targets to this NLB. C. Launch AWS Global Accelerator and create endpoints for all the Regions. Register all the ALBs in different Regions to the corresponding endpoints D. Set up an Amazon EC2 instance, assign an Elastic IP to this EC2 instance, and configure the instance as a proxy to forward traffic to all the ALBs. None 16. A company needs a secure connection between its on-premises environment and AWS. This connection does not need high bandwidth and will handle a small amount of traffic. The connection should be set up quickly. What is the MOST cost-effective method to establish this type of connection? A. Implement a client VPN B. Implement AWS Direct Connect C. Implement a bastion host on Amazon EC2 53D D. Implement an AWS Site-to-Site VPN connection. None 17. An application uses an Amazon RDS MySQL DB instance. The RDS database is becoming low on disk space. A solutions architect wants to increase the disk space without downtime. Which solution meets these requirements with the LEAST amount of effort? A. Enable storage auto scaling in RDS. B. Increase the RDS database instance size C. Change the RDS database instance storage type to Provisioned IOPS D. Back up the RDS database, increase the storage capacity, restore the database and stop the previous instance. None 18. A company has several Amazon EC2 instances set up in a private subnet for security reasons. These instances host applications that read and write large amounts of data to and from Amazon S3 regularly. Currently, subnet routing directs all the traffic destined for the internet through a NAT gateway. The company wants to optimize the overall cost without impacting the ability of the application to communicate with Amazon S3 or the outside internet. What should a solutions architect do to optimize costs? A. Create an additional NAT gateway Update the route table to route to the NAT gateway. Update the network ACL to allow S3 traffic B. Create an internet gateway Update the route table to route traffic to the internet gateway. Update the network ACL to allow S3 traffic C. Create a VPC endpoint for Amazon S3 Attach an endpoint policy to the endpoint. Update the route table to direct traffic to the VPC endpoint D. Create an AWS Lambda function outside of the VPC to handle S3 requests. Attach an IAM policy to the EC2 instances, allowing them to invoke the Lambda function. None 19. A company is hosting its static website in an Amazon S3 bucket, which is the origin for Amazon CloudFront. The company has users in the United States, Canada, and Europe and wants to reduce. What should a solutions architect recommend? A. Adjust the CloudFront caching time to live (TTL) from the default to a longer timeframe B. Implement CloudFront events with Lambda@edge to run the website's data processing C. Modify the CloudFront price class to include only the locations of the countries that are served D. Implement a CloudFront Secure Socket Layer (SSL) certificate to push security closer to the locations of the countries that are served None 20. A company has a mobile game that reads most of its metadata from an Amazon RDS DB instances. As the game increased in popularity, developer noticed slowdowns related to the game's metadata load times. Performance metrics Indicate that simply scaling the database will not help. A solutions architect must explore all options that include capabilities for snapshots, replication, and sub-millisecond response times. What should the solutions architect recommend to solve the issues? A. Migrate the database to Amazon Aurora with Aurora Replicas. B. Migrate the database to Amazon DynamoDB with global tables. C. Add an Amazon ElastiCache for Redis layer in front of the database. D. Add an Amazon ElastiCache for Memcached layer in front of the database. None 21. A company maintains a searchable repository of items on its website. The data is stored in an Amazon RDS for MySQL database table that contains over 10 million rows. The database has 2 TB of General Purpose SSD (gp2) storage. There are millions of updates against this data every day through the company's website. The company has noticed some operations are taking 10 seconds or longer, and has determined that the database storage performance is bottleneck. Which solution addresses the performance issues? A. Change the storage type to Provissioned IOPS SSD (io1 B. Change the instance to a memory-optimized instance class C. Change the instance to a burstable performance DB instance class D. Enable Multi-AZ RDS read replicas with MySQL natice asynchronous replication None 22. A company hosts an online shopping application that stores all orders in an Amazon RDS for PostgreSQL Single-AZ DB instance. Management wants to eliminate single points of failure and has asked a solutions architect to recommend an approach to minimize database downtime without requiring any changes to the application code. Which solution meets these requirements? A. Convert the existing database instance to a Multi-AZ deployment by modifying the database instance and specifying the Multi-AZ option. B. Create a new RDS Multi-AZ deployment. Take a snapshot of the current RDS instance and restore the new Multi-AZ deployment with the snapshot. C. Create a read-only replica of the PostgreSQL database in another Availability Zone. Use Amazon Route 53 weighted record sets to distribute requests across the databases. D. Place the RDS for PostgreSQL database in an Amazon EC2 Auto Scaling group with a minimum group size of two. Use Amazon Route 53 weighted record sets to distribute requests across instances. None 23. Company is designing a website that uses an Amazon S3 bucket to store static images. The company wants ail future requests have taster response times while reducing both latency and cost. Which service configuration should a solutions architect recommend? A. Deploy a NAT server in front of Amazon S3 B. Deploy Amazon CloudFront in front of Amazon S3. C. Deploy a Network Load Balancer in front of Amazon S3. D. Configure Auto Scaling to automatically adjust the capacity of the website None 24. A company has a dynamic web application hostes on two Amazon EC2 instances. The company has its own SSL certificate, which is on each instance to perform SSL termination. There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit. What should a solutions architect do to increase the application's performance? A. Create a new SSL certificate using AWS Certificate Manager (ACM). Install the ACM certificate on each instance B. Create an Amazon S3 bucket Migrate the SSL certificate to the S3 bucket. Configure the EC2 instances to reference the bucket for SSL termination. C. Create another EC2 instance as a proxy server. Migrate the SSL certificate to the new instance and configure it to direct connctions to the existing EC2 instances. D. Import the SSL certificate into AWS Crtificate Manager (ACM). Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM. None 25. A company is deploying an application in three AWS Regions using an Application Load Balancer. Amazon Route 53 will be used to distribute traffic between these Regions. Which Route 53 configuration should a solutions architect use to provide the MOST highperforming experience? A. Create an A record with a latency policy B. Create an A record with a geolocation policy C. Create a CNAME record with a failover policy. D. Create a CNAME record with a geoproximity policy None 26. A software vendor is deploying a new software-as-a-service (SaaS) solution that will be utilized by many AWS users. The service is hosted in a VPC behind a Network Load Balancer. The software vendor wants to provide access to this service to users with the least amount of administrative overhead and without exposing the service to the public internet. What should a solutions architect do to accomplish this goal? A. Create a peering VPC connection from each user's VPC to the software vendor s VPC B. Deploy a transit VPC in the software vendor's AWS account. Create a VPN connection with each user account C. Connect the service in the VPC with an AWS PrivateLink endpoint. Have users subscribe to the endpoint. D. Deploy a transit VPC in the software vendor's AWS account. Create an AWS Direct Connect connection with each user account. None 27. A company is experiencing growth as demand for its product has increased. The company's existing purchasing application is slow when traffic spikes. The application is a monolithic three tier application that uses synchronous transactions and sometimes sees bottlenecks in the application tier. A solutions architect needs to design a solution that can meet required application response times while accounting for traffic volume spikes. Which solution will meet these requirements? A. Vertically scale the application instance using a larger Amazon EC2 instance size B. Scale the application's persistence layer horizontally by introducing Oracle RAC on AWS C. Scale the web and application tiers horizontally using Auto Scaling groups and an Application Load Balancer D. Decouple the application and data tiers using Amazon Simple Queue Service (Amazon SQS) with asynchronous AWS Lambda calls. None 28. A company is migrating a Linux-based web server group to AWS. The web servers must access files in a shared file store for some content to meet the migration date, minimal changes can be made. What should a solutions architect do to meet these requirements? A. Create an Amazon S3 Standard bucket with access to the web server. B. Configure an Amazon CloudFront distribution with an Amazon S3 bucket as the origin. C. Create an Amazon Elastic File System (Amazon EFS) volume and mount it on all web servers. D. Configure Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS SSD (io1) volumes and mount them on all web servers. None 29. A company is planning to migrate a legacy application to AWS. The application currently uses NFS to communicate to an on-premises storage solution to store application data. The application cannot be modified to use any other communication protocols other than NFS for this purpose. Which storage solution should a solutions architect recommend for use after the migrations? A. AWS DataSync B. Amazon Elastic Block Store (Amazon EBS) C. Amazon Elastic File System (Amazon EFS) D. Amazon EMR File System (Amazon EMRFS) None 30. As part of budget planning, management wants a report of AWS billed items listed by user. The data will be used to create department budgets. A solutions architect needs to determine the most effective way to obtain this report information. Which solution meets these requirements? A. Run a query with Amazon Athena to generate the report. B. Create a report in Cost Explorer and download the report. C. Access the bill details from the billing dashboard and download the bill. D. Modify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES). None 31. A company is preparing to deploy a data lake on AWS. A solutions architect must define the encryption strategy for data at rest in Amazon S3. The company's security policy states. - Keys must be rotated every 90 days. - Strict separation of duties between key users and key administrators must be implemented. - Auditing key usage must be possible. What should the solutions architect recommend? A. Server-side encryption with AWS KMS managed keys (SSE-KMS) with customer managed customer master keys (CMKs). B. Server-side encryption with AWS KMS managed keys (SSE-KMS) with AWS managed customer master keys (CMKS). C. Server-side encryption with Amazon S3 managed keys (SSE-S3) with customer managed customer master keys (CMKS) D. Server-side encryption with Amazon S3 managed keys (SSE-S3) with AWS managed customer master keys (CMKs). None 32. A company is using a fleet of Amazon EC2 instances to ingest data from on-premises data sources. The data is in JSON format and ingestion rates can be as high as 1 MB/s. When an EC2 instance is rebooted, the data in-flight is lost. The company's data science team wants to query ingested data near-real time. Which solution provides near-real-time data querying that is scalable with minimal data loss? A. Publish data to Amazon Kinesis Data Streams. Use Kinesis Data Analytics to query the data. B. Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination. Use Amazon Redshift to query the data. C. Store ingested data in an EC2 instance store. Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destination. Use Amazon Athena to query the data. D. Store ingested data in an Amazon Elastic Block Store (Amazon EBS) volume. None 33. A company is developing an ecommerce application that will consist of a load-balanced front end, a container-based application, and a relational database. A solutions architect needs to create a highly available solution that operates with as little manual intervention as possible. Which solutions meet these requirements? (Choose two.) A. Create an Amazon RDS DB instance in Multi-AZ mode. B. Create an Amazon RDS DB instance and one or more replicas in another Availability Zone. C. Create an Amazon EC2 instance-based Docker cluster to handle the dynamic application load D. Create an Amazon Elastic Container Service (Amazon ECS) cluster with a Fargate launch type to handle the dynamic application load. E. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type to handle the dynamic application load. 34. A company hosts its application in the AWS Cloud. The application runs on Amazon EC2 instances behind an Elastic Load Balancer in an Auto Scaling group and with an Amazon DynamoDB table. The company wants to ensure the application can be made available in another AWS Region with minimal downtime. What should a solutions architect do to meet these requirements with the LEAST amount of downtime? A. Create an Auto Scaling group and a load balancer in the disaster recovery Region. Configure the DynamoDB table as a global table. Configure DNS failover to point to the new disaster recovery Region's load balancer B. Create an AWS CloudFormation template to create EC2 instances, load balancers, and DynamoDB tables to be executed when needed. Configure DNS failover to point to the new disaster recovery Region's load balancer. C. Create an AWS CloudFormation template to create EC2 instances and a load balancer to be executed when needed. Configure the DynamoDB table as a global table. Configure DNS failover to point to the new disaster recovery Region's load balancer. D. Create an Auto Scaling group and load balancer in the disaster recovery Region. Configure the DynamoDB table as a global table. Create an Amazon CloudWatch alarm to trigger and AWS Lambda function that updates Amazon Route 53 pointing to the disaster recovery load balancer. None 35. A company is developing a mobile game that streams score updates to a backend processor and then posts results on a leaderboard. A solutions architect needs to design a solution that can handle large traffic spikes, process the mobile game updates in order of receipt, and store the processed updates in a highly available database. The company also wants to minimize the management overhead required to maintain the solution. What should the solutions architect do to meet these requirements? A. Push score updates to Amazon Kinesis Data Streams. Process the updates in Kinesis Data Streams with AWS Lambda. Store the processed updates in Amazon DynamoDB. B. Push score updates to Amazon Kinesis Data Streams. Process the updates with a fleet of Amazon EC2 instances set up for Auto Scaling. Store the processed updates in Amazon Redshift. C. Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe an AWS Lambda function to the SNS topic to process the updates. Store the processed updates in a SQL database running on Amazon EC2. D. Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue. Use a fleet of Amazon EC2 instances with Auto Scaling to process the updates in the SOS queue. Store the processed updates in an Amazon RDS Multi-AZ DB instance. None 36. A solutions architect is designing a solution that requires frequent updates to a website that is hosted on Amazon S3 with versioning enabled. For compliance reasons, the older versions of the objects will not be accessed frequently and will need to be deleted after 2 years. What should the solutions architect recommend to meet these requirements at the LOWEST cost? A. Use S3 batch operations to replace object tags. Expire the objects based on the modified tags B. Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier. Expire the objects after 2 years C. Enable S3 Event Notifications on the bucket that sends older objects to the Amazon Simple Queue Service (Amazon SQS) queue for further processing. D. Replicate older object versions to a new bucket. Use an S3 Lifecycle policy to expire the objects in the new bucket after 2 years. None 37. A company has deployed a multiplayer game for mobile devices. The game requires live location tracking of players based on latitude and longitude. The data store for the game must support rapid updates and retrieval of locations. The game uses an Amazon RDS for PostgreSQL DB instance with read replicas to store the location data. During peak usage periods, the database is unable to maintain the performance that is needed for reading and writing updates. The game's user base is increasing rapidly. What should a solutions architect do to improve the performance of the data tier? A. Take a snapshot of the existing DB instance. Restore the snapshot with Multi-AZ enabled. B. Migrate from Amazon RDS to Amazon Elasticsearch Service (Amazon ES) with Kibana C. Deploy Amazon DynamoDB Accelerator (DAX) in front of the existing DB instance. Modify the game to use DAX. D. Deploy an Amazon ElastiCache for Redis cluster in front of the existing DB instance. Modify the game to use Redis. None 38. A company needs to store data for 6 years. The company will need to have immediate and highly available access to the data at any point in time, but will not require frequent access. What lifecycle action should be taken to meet these requirements while reducing costs? A. Transition objects from Amazon S3 Standard to Amazon S3 Standard Infrequent Access (S3 Standard IA) B. Transition objects to expire after 5 years C. Transition objects from Amazon S3 Standard to Amazon S3 One Zone-Infrequent Access (S3 One Zone IA) D. Transition objects from Amazon S3 Standard to the Amazon S3 Glacier None 39. A company is building a cloud storage and sharing application for photos. Users can upload photos from their computers and mobile phones to be stored durably in the cloud. After photos are uploaded, most are shared and downloaded frequently for the first 40-90 days. The photos are generally accessed less often after 90 days but some photos maintain a high access rate. The application initially stores photos n Amazon S3 Standard. A solutions architect needs to reduce the application's operational costs without sacrificing user experience or data durability. Which strategy should the solutions architect use to meet these requirements MOST cost-effectively A. Define an S3 Lifecycle rule to transition objects to S3 Intelligent-Tiering immediately B. Define an S3 Lifecycle rule to transition objects from S3 Standard to S3 Glacier after 90 days C. Define an S3 Lifecycle rule to transition objects from S3 Standard to S3 Standard Infrequent Access (S3 Standard-IA) after 65 day D. Define an S3 Lifecycle rule to transition objects from S3 Standard to S3 One Zone-Infrequent Access (S3 One zone-IA) after 90 days None 40. A company wants to migrate its 1PB on-premises image repository to AWS. The images will be used by a serverless web application Images stored in the repository are rarely accessed, but they must be immediately available. Additionally, the images must be encrypted at rest and protected from accidental deletion. Which solution meets these requirements? A. Implement client-side encryption and store the images in an Amazon S3 Glacier vault Set a vault lock to prevent accidental deletion B. Store the images in an Amazon S3 bucket in the S3 Standard-Infrequent Access (S3 StandardIA) storage class Enable versioning: default encryption, and MFA Delete on the S3 bucket C. Store the images in an Amazon FSx for Windows File Server file share Configure the Amazon FSx file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share Use NTFS permission sets on the images to prevent accidental deletion D. Store the images in an Amazon Elastic File System (Amazon EFS) file share in the Infrequent Access storage class. Configure the EFS file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share Use NFS permission set on the images to prevent accidental deletion. None 41. A company is building a RESTful serverless web application on AWS by using Amazon API Gateway and AWS Lambda. The users of this web application will be geographically disturbed, and the company wants to reduce the latency of API requests to these users. Which type of endpoint should a solutions architect use to meet these requirements? A. Private endpoint B. Regional endpoint C. Interface VPC endpoint D. Edge-optimized endpoint None 42. A company finds that, as its use of Amazon EC2 instances grows us Amazon Elasti Block Store (Amazon EDS) storage costs are increasing faster man expected. Which EBS management practices would help reduce costs? (Select TWO. ) A. Convert the EBS volumes to an EC2 instance store. B. Monitor and enforce that the DetetionOn termination attribute is set to true for all EBS volumes, unless persistence requirements dictate otherwise. C. Purchase an EC2 Instance Savings Plan for an EBS volumes that are serving persistent business requirements D. For EBS volumes needed for retention purposes that are not being actively used, take a snapshot and terminate the instance and volume. E. Convert the existing EBS volumes to EBS Provisio ed IOPS SSD (io1). 43. A company needs to use its on-premises LDAP directory service to authenticate its users to the AWS Management Console. The directory service is not compatible with Security Assertion Markup Language (SAML) Which solution meets these requirements? A. Enable AWS Single Sign-On between AWS and the on-premises LDAP B. Create an 1AM policy mat uses AWS credentials and integrate the policy into LDAP C. Set up a process that rotates the IAM credentials whenever LDAP credentials are update D. Develop an on-premises custom identity broker application of process mat uses AWS Security Token Service (AWS STS) to get short-lived credentials None 44. A company has an AWS account used for software engineering. The AWS account has access to the company's on-premises data center through a pair of AWS Direct Connect connections All non-VPC traffic routes to the virtual private gateway. A development team recently created an AWS Lambada function through the console. The development team needs to allow the function to access a database that runs in a private subnet in the company's data center. Which solution will meet these requirements A. Configure the Lambda function to run in the VPC with the appropriate security group. B. Set up a VPN connection from AWS to the data center. Route the traffic from the Lambda function through the VPN C. Update the route tables in the VPC to allow the Lambda function to access the on-premises data center through direct connect. D. Create an Elastic IP address. Configure the Lambda function to send traffic through the Elastic IP address without an elastic network interface. None 45. A company is using AWS Organizations with two AWS accounts: Logistics and Sales. The Logistics account operates an Amazon Redshift cluster. The Sales account includes Amazon EC2 instances. The Sales account needs to access the Logistics account's Amazon Redshift cluster.What should a solutions architect recommend to meet this requirement MOST cost-effectively? A. Set up VPC sharing with the Logistics account as the owner and the Sales account as the participant to transfer the data. B. Create an AWS Lambda function in the Logistics account to transfer data to the Amazon EC2 instances in the Sales account. C. Create a snapshot of the Amazon Redshift cluster, and share the snapshot with the Sales account. In the Sales account, restore the cluster by using the snapshot ID that is shared by the Logistics account. D. Run COPY commands to load data from Amazon Redshift into Amazon S3 buckets in the Logistics account. Grant permissions to the Sales account to access the S3 buckets of the Logistics account None 1 out of 45 Time's upTime is Up!
