aws saa-c02 exam questions and answers
aws saa-c02 real exam questions and answers are given below. saa-c02 dumps are included in the following aws practice questions. We are trying to add aws solution architect exam dumps pdf to download for free. aws solution architect exam questions and answers pdf will shortly be available on netflixsub.com. These aws solution architect certification questions are taken from the previous saa c02 exam that can really help you to crack your exam.
Q.1. You are trying to enable Cross-Region Replication to your S3 bucket but this option is disabled.
Which of the following options is a valid reason for this?
A : The Cross-Region Replication feature is only available for Amazon S3 – RRS.
B : This is a premium feature which is only for AWS Enterprise accounts.
C : In order to use the Cross-Region Replication feature in S3, you need to first enable versioning on the bucket.
D : The Cross-Region Replication feature is only available for Amazon S3 – Infrequent Access.
In order to use the Cross-Region Replication feature in S3, you need to first enable versioning on the bucket.
Q.2. A game company has a requirement of load balancing the incoming TCP traffic at the transport level (Layer 4) to their containerized gaming servers hosted in AWS Fargate. To maintain performance, it should handle millions of requests per second sent by gamers around the globe while maintaining ultra-low latencies.
Which of the following must be implemented in the current architecture to satisfy the new requirement?
A : Launch a new Network Load Balancer.
B : Launch a new microservice in AWS Fargate that acts as a load balancer since using an ALB or NLB with Fargate is not possible.
C : Create a new record in Amazon Route 53 with Weighted Routing policy to load balance the incoming traffic.
D : Launch a new Application Load Balancer.
Launch a new Network Load Balancer.
Q.3. You are instructed by your manager to create a publicly accessible EC2 instance by using an Elastic IP (EIP) address and to give him a report on how much it will cost to use that EIP.
Which of the following statements is correct regarding the pricing of EIP?
A : There is no cost if the instance is terminated and it has only one associated EIP.
B : There is no cost if the instance is running and it has only one associated EIP.
C : There is no cost if the instance is stopped and it has only one associated EIP.
D : There is no cost if the instance is running and it has at least two associated EIP.
There is no cost if the instance is running and it has only one associated EIP.
Q.4. There is a technical requirement by a financial firm that does online credit card processing to have a secure application environment on AWS. They are trying to decide on whether to use KMS or CloudHSM.
Which of the following statements is right when it comes to CloudHSM and KMS?
A : AWS CloudHSM should always be used for any payment transactions.
B : No major difference. They both do the same thing.
C : You should consider using AWS CloudHSM over AWS KMS if you require your keys stored in dedicated, third-party validated hardware security modules under your exclusive control.
D : If you want a managed service for creating and controlling your encryption keys but don’t want or need to operate your own HSM, consider using AWS CloudHSM.
You should consider using AWS CloudHSM over AWS KMS if you require your keys stored in dedicated, third-party validated hardware security modules under your exclusive control.
Q.5. You are working as a Cloud Engineer in a leading technology consulting firm which is using a fleet of Windows-based EC2 instances with IPv4 addresses launched in a private subnet. Several software installed in the EC2 instances are required to be updated via the Internet.
Which of the following services can provide you with a highly available solution to safely allow the instances to fetch the software patches from the Internet but prevent outside network from initiating a connection?
A : Egress-Only Internet Gateway
B : NAT Gateway
C : VPC Endpoint
D : NAT Instance
Q.6. As the Solutions Architect, you have built a photo-sharing site for an entertainment company. The site was hosted using 3 EC2 instances in a single availability zone with a Classic Load Balancer in front to evenly distribute the incoming load.
What should you do to enable your Classic Load Balancer to bind a user’s session to a specific instance?
A : Placement Group
B : Sticky Sessions
C : Security Group
D : Availability Zone
Q.7. A company is planning to deploy a High-Performance Computing (HPC) cluster in its VPC that requires a scalable, high-performance file system. The storage service must be optimized for efficient workload processing, and the data must be accessible via a fast and scalable file system interface. It should also work natively with Amazon S3 that enables you to easily process your S3 data with a high-performance POSIX interface.
Which of the following is the MOST suitable service that you should use for this scenario?
A : Amazon Elastic File System (EFS)
B : Amazon FSx for Lustre
C : Amazon Elastic Block Storage (EBS)
D : Amazon FSx for Windows File Server
Amazon FSx for Lustre
Q.8. A multinational company has been building its new data analytics platform with high-performance computing workloads (HPC) which requires a scalable, POSIX-compliant storage service. The data need to be stored redundantly across multiple AZs and allows concurrent connections from thousands of EC2 instances hosted on multiple Availability Zones.
Which of the following AWS storage service is the most suitable one to use in this scenario?
A : Elastic File System
B : ElastiCache
C : Amazon S3
D : EBS Volumes
Elastic File System
Q.9. You are working as a Solutions Architect for a major accounting firm, and they have a legacy general ledger accounting application that needs to be moved to AWS. However, the legacy application has a dependency on multicast networking.
On this scenario, which of the following options should you consider ensuring the legacy application works in AWS?
A : Create a virtual overlay network running on the OS level of the instance.
B : All of the above.
C : Create all the subnets on another VPC and enable VPC peering.
D : Provision Elastic Network Interfaces between the subnets.
Create a virtual overlay network running on the OS level of the instance.
aws solution architect certification questions
Q.10. Your IT Manager asks you to create a decoupled application whose process includes dependencies on EC2 instances and servers located in your company’s on-premises data center.
Which of these options are you least likely to recommend as part of that process?
A : SQS polling from an EC2 instance using IAM user credentials
B : An SWF workflow
C : Establish a Direct Connect connection from your on-premises network and VPC
D : SQS polling from an EC2 instance deployed with an IAM role
SQS polling from an EC2 instance using IAM user credentials
Q.11. You recently created a brand new IAM User with a default setting using AWS CLI. This is intended to be used to send API requests to your S3, DynamoDB, Lambda, and other AWS resources of your cloud infrastructure.
Which of the following must be done to allow the user to make API calls to your AWS resources?
A : Do nothing as the IAM User is already capable of sending API calls to your AWS resources.
B : Enable Multi-Factor Authentication for the user.
C : Assign an IAM Policy to the user to allow it to send API calls.
D : Create a set of Access Keys for the user and attach the necessary permissions.
Create a set of Access Keys for the user and attach the necessary permissions.
Q.12. You have designed and built a new AWS architecture. After deploying your application to an On-demand EC2 instance, you found that there is an issue in your application when connecting to port 443. After troubleshooting the issue, you added port 443 to the security group of the instance.
How long will it take before the changes are applied to all of the resources in your VPC?
A : It takes exactly one minute for the rules to apply to all availability zones within the AWS region.
B : Roughly around 5-8 minutes for the security rules to propagate.
C : Immediately.
D : Immediately after a reboot of the EC2 instances which belong to that security group.
Q.13. A web application is hosted on a fleet of EC2 instances inside an Auto Scaling Group with a couple of Lambda functions for ad hoc processing. Whenever you release updates to your application every week, there are inconsistencies where some resources are not updated properly. You need a way to group the resources together and deploy the new version of your code consistently among the groups with minimal downtime.
Which among these options should you do to satisfy the given requirement with the least effort?
A : Create OpsWorks recipes that will automatically launch resources containing the latest version of the code.
B : Create CloudFormation templates that have the latest configurations and code in them.
C : Use CodeCommit to publish your code quickly in a private repository and push them to your resources for fast updates.
D : Use deployment groups in CodeDeploy to automate code deployments in a consistent manner.
Use deployment groups in CodeDeploy to automate code deployments in a consistent manner.
Q.14. You have a fleet of running Spot EC2 instances behind an Application Load Balancer. The incoming traffic comes from various users across multiple AWS regions and you would like to have the user’s session shared among your fleet of instances. You are required to set up a distributed session management layer that will provide a scalable and shared data storage for the user sessions.
Which of the following would be the best choice to meet the requirement while still providing sub-millisecond latency for your users?
A : Multi-master DynamoDB
B : Multi-AZ RDS
C : ElastiCache in-memory caching
D : ELB sticky sessions
ElastiCache in-memory caching
Q.15. Your company has developed a financial analytics web application hosted in a Docker container using MEAN (MongoDB, Express.js, AngularJS, and Node.js) stack. You want to easily port that web application to AWS Cloud which can automatically handle all the tasks such as balancing load, auto-scaling, monitoring, and placing your containers across your cluster.
Which of the following services can be used to fulfill this requirement?
A : ECS
B : AWS Elastic Beanstalk
C : OpsWorks
D : AWS CodeDeploy
AWS Elastic Beanstalk
Q.16. A startup is building an AI-based face recognition application in AWS, where they store millions of images in an S3 bucket. As the Solutions Architect, you must ensure that each and every image uploaded to their system is stored without any issues.
What is the correct indication that an object was successfully stored when you put objects in Amazon S3?
A : HTTP 200 result code and MD5 checksum.
B : You will receive an SMS from Amazon SNS informing you that the object is successfully stored.
C : Amazon S3 has 99.999999999% durability hence, there is no need to confirm that data was inserted.
D : You will receive an email from Amazon SNS informing you that the object is successfully stored.
HTTP 200 result code and MD5 checksum.
Q.17. You are planning to launch an application that tracks the GPS coordinates of delivery trucks in your country. The coordinates are transmitted from each delivery truck every five seconds. You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. The aggregated data will be analyzed in a separate reporting application.
Which AWS service should you use for this scenario?
A : Amazon Kinesis
B : AWS Data Pipeline
C : Amazon AppStream
D : Amazon Simple Queue Service
Q.18. An application is using a Lambda function to process complex financial data that run for 15 minutes on average. Most invocations were successfully processed. However, you noticed that there are a few terminated invocations throughout the day, which caused data discrepancy in the application.
Which of the following is the most likely cause of this issue?
A : The Lambda function contains a recursive code and has been running for over 15 minutes.
B : The failed Lambda functions have been running for over 15 minutes and reached the maximum execution time.
C : The concurrent execution limit has been reached.
D : The failed Lambda Invocations contain a ServiceException error which means that the AWS Lambda service encountered an internal error.
The failed Lambda functions have been running for over 15 minutes and reached the maximum execution time.
Q.19. You are working for a startup that builds Internet of Things (IOT) devices and monitoring applications. They are using IOT sensors to monitor all data by using Amazon Kinesis configured with default settings. You then send the data to an Amazon S3 bucket after 2 days. When you checked the data in S3, only data for the last day is present and no data is present for the first day.
What is the root cause of this issue?
A : The access of the Kinesis stream to the S3 bucket is insufficient.
B : By default, data records in Kinesis are only accessible for 24 hours from the time they are added to a stream.
C : Amazon S3 bucket has encountered a data loss.
D : Someone has manually deleted the record in Amazon S3.
By default, data records in Kinesis are only accessible for 24 hours from the time they are added to a stream.
Q.20. A multinational manufacturing company has multiple accounts in AWS to separate their various departments such as finance, human resources, engineering and many others. There is a requirement to ensure that certain access to services and actions are properly controlled to comply with the security policy of the company.
As the Solutions Architect, which is the most suitable way to set up the multi-account AWS environment of the company?
A : Use AWS Organizations and Service Control Policies to control services on each account.
B : Set up a common IAM policy that can be applied across all AWS accounts.
C : Connect all departments by setting up a cross-account access to each of the AWS accounts of the company. Create and attach IAM policies to your resources based on their respective departments to control access.
D : Provide access to externally authenticated users via Identity Federation. Set up an IAM role to specify permissions for users from each department whose identity is federated from your organization or a third-party identity provider.
Use AWS Organizations and Service Control Policies to control services on each account.
aws solution architect certification dumps
Q.21. A global medical research company has a molecular imaging system which provides each client with frequently updated images of what is happening inside the human body at the molecular and cellular level. The system is hosted in AWS and the images are hosted in an S3 bucket behind a CloudFront web distribution. There was a new batch of updated images that were uploaded in S3, however, the users were reporting that they were still seeing the old content. You need to control which image will be returned by the system even when the user has another version cached either locally or behind a corporate caching proxy.
Which of the following is the most suitable solution to solve this issue?
A : Add Cache-Control no-cache, no-store, or private directives in the S3 bucket
B : Add a separate cache behavior path for the content and configure a custom object caching with a Minimum TTL of 0
C : Invalidate the files in your CloudFront web distribution
D : Use versioned objects
Use versioned objects
Q.22. You deployed a web application to an EC2 instance that adds a variety of photo effects to a picture uploaded by the users. The application will put the generated photos to an S3 bucket by sending PUT requests to the S3 API.
What is the best option for this scenario considering that you need to have API credentials to be able to send a request to the S3 API?
A : Create a role in IAM. Afterwards, assign this role to a new EC2 instance.
B : Store your API credentials in Amazon Glacier.
C : Encrypt the API credentials and store in any directory of the EC2 instance.
D : Store the API credentials in the root web application directory of the EC2 instance.
Create a role in IAM. Afterwards, assign this role to a new EC2 instance.
Q.23. A tech company is running two production web servers hosted on Reserved EC2 instances with EBS-backed root volumes. These instances have a consistent CPU load of 90%. Traffic is being distributed to these instances by an Elastic Load Balancer. In addition, they also have Multi-AZ RDS MySQL databases for their production, test, and development environments.
What recommendation would you make to reduce cost in this AWS environment without affecting availability and performance of mission-critical systems? Choose the best answer.
A : Consider removing the Elastic Load Balancer
B : Consider using Spot instances instead of reserved EC2 instances
C : Consider using On-demand instances instead of Reserved EC2 instances
D : Consider not using a Multi-AZ RDS deployment for the development and test database
Consider not using a Multi-AZ RDS deployment for the development and test database
Q.24. A Solutions Architect is developing a three-tier cryptocurrency web application for a FinTech startup. The Architect has been instructed to restrict access to the database tier to only accept traffic from the application-tier and deny traffic from other sources. The application-tier is composed of application servers hosted in an Auto Scaling group of EC2 instances.
Which of the following options is the MOST suitable solution to implement in this scenario?
A : Set up the security group of the database tier to allow database traffic from the security group of the application servers.
B : Set up the security group of the database tier to allow database traffic from a specified list of application server IP addresses.
C : Set up the Network ACL of the database subnet to deny all inbound non-database traffic from the subnet of the application-tier.
D : Set up the Network ACL of the database subnet to allow inbound database traffic from the subnet of the application-tier.
Set up the security group of the database tier to allow database traffic from the security group of the application servers.
Q.25. You are a Solutions Architect working for a software development company. You are planning to launch a fleet of EBS-backed EC2 instances and want to automatically assign each instance with a static private IP address which does not change even if the instances are restarted.
What should you do to accomplish this?
A : Launch the instances in the Amazon Virtual Private Cloud (VPC).
B : Launch the instances to multiple Availability Zones.
C : Launch the instances to a single Availability Zone.
D : Launch the instances in a Placement Group.
Launch the instances in EC2-Classic.
Launch the instances in the Amazon Virtual Private Cloud (VPC).
aws solutions architect associate questions dump
Q.26. You are working as a Senior Solutions Architect for a data analytics company which has a VPC for their human resource department, and another VPC located on a different region for their finance department. You need to configure your architecture to allow the finance department to access all resources that are in the human resource department and vice versa.
Which type of networking connection in AWS should you set up to satisfy the above requirement?
A : AWS Cloud Map
B : Inter-Region VPC Peering
C : VPN Connection
D : VPC Endpoint
Inter-Region VPC Peering
Q.27. A company needs to launch a new MySQL RDS database for its new data analytics application. The Solutions Architect needs to ensure that the database-tier must be able to quickly recover from any system crashes.
Which of the below is NOT a recommended practice for RDS?
A : Use MyISAM as the storage engine for MySQL.
B : Use InnoDB as the storage engine for MySQL.
C : Partition your large tables so that file sizes does not exceed the 16 TB limit.
D : Ensure that automated backups are enabled for the RDS
Use MyISAM as the storage engine for MySQL.
Q.28. A startup company wants to launch a fleet of EC2 instances on AWS. Your manager wants to ensure that the Java programming language is installed automatically when the instance is launched.
In which of the below configurations can you achieve this requirement?
A : IAM roles
B : AWS Config
C : EC2Config service
D : User data
Q.29. You are setting up the required compute resources in your VPC for your application which have workloads that require high, sequential read and write access to very large data sets on local storage.
Which of the following instance type is the most suitable one to use in this scenario?
A : Compute Optimized Instances
B : General Purpose Instances
C : Memory Optimized Instances
D : Storage Optimized Instances
Storage Optimized Instances
aws solutions architect associate exam questions
Q.30. You are working for a global news network where you have set up a CloudFront distribution for your web application. However, you noticed that your application’s origin server is being hit for each request instead of the AWS Edge locations, which serve the cached objects. The issue occurs even for the commonly requested objects.
What could be a possible cause of this issue?
A : You did not add an SSL certificate.
B : The Cache-Control max-age directive is set to zero.
C : An object is only cached by Cloudfront once a successful request has been made hence, the objects were not requested before, which is why the request is still directed to the origin server.
D : The file sizes of the cached objects are too large for CloudFront to handle.
The Cache-Control max-age directive is set to zero.
Q.31. You are working as the Solutions Architect for a global technology consultancy firm which has an application that uses multiple EC2 instances located in various AWS regions such as US East (Ohio), US West (N. California), and EU (Ireland). Your manager instructed you to set up a latency-based routing to route incoming traffic for www.techrad.io to all the EC2 instances across all AWS regions.
Which of the following options can satisfy the given requirement?
A : Use Route 53 to distribute the load to the multiple EC2 instances across all AWS Regions.
B : Use AWS DataSync to distribute the load to the multiple EC2 instances across all AWS Regions.
C : Use an Application Load Balancer to distribute the load to the multiple EC2 instances across all AWS Regions.
D : Use a Network Load Balancer to distribute the load to the multiple EC2 instances across all AWS Regions.
Use Route 53 to distribute the load to the multiple EC2 instances across all AWS Regions.
Q.32. A mobile application stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an OpenID Connect-compatible identity provider.
Which AWS Security Token Service approach to temporary access should you use for this scenario?
A : AWS Identity and Access Management roles
B : Web Identity Federation
C : SAML-based Identity Federation
D : Cross-Account Access
Web Identity Federation
Q.33. An online stock trading system is hosted in AWS and uses an Auto Scaling group of EC2 instances, an RDS database, and an Amazon ElastiCache for Redis. You need to improve the data security of your in-memory data store by requiring the user to enter a password before they are granted permission to execute Redis commands.
Which of the following should you do to meet the above requirement?
A : Authenticate the users using Redis AUTH by creating a new Redis Cluster with both the –transit-encryption-enabled and –auth-token parameters enabled.
B : Enable the in-transit encryption for Redis replication groups.
C : None of the above.
D : Do nothing. This feature is already enabled by default.
Create a new Redis replication group and set the AtRestEncryptionEnabled parameter to true.
Authenticate the users using Redis AUTH by creating a new Redis Cluster with both the –transit-encryption-enabled and –auth-token parameters enabled.
Q.34. You are working as a Solutions Architect in a well-funded financial startup. The CTO instructed you to launch a cryptocurrency mining server on a Reserved EC2 instance in us-east-1 region’s private subnet which is using IPv6. Due to the financial data that the server contains, the system should be secured to avoid any unauthorized access and to meet the regulatory compliance requirements.
In this scenario, which VPC feature allows the EC2 instance to communicate to the Internet but prevents inbound traffic?
A : NAT instances
B : NAT Gateway
C : Internet Gateway
D : Egress-only Internet gateway
Egress-only Internet gateway
Q.35. A top university has recently launched its online learning portal where the students can take e-learning courses from the comforts of their homes. The portal is on a large On-Demand EC2 instance with a single Amazon Aurora database.
How can you improve the availability of your Aurora database to prevent any unnecessary downtime of the online portal?
A : Deploy Aurora to two Auto-Scaling groups of EC2 instances across two Availability Zones with an elastic load balancer which handles load balancing.
B : Enable Hash Joins to improve the database query performance.
C : Use an Asynchronous Key Prefetch in Amazon Aurora to improve the performance of queries that join tables across indexes.
D : Create Amazon Aurora Replicas.
Create Amazon Aurora Replicas.
aws solutions architect associate exam questions saa-c02
Q.36. AWS hosts a variety of public datasets such as satellite imagery, geospatial, or genomic data that you want to use for your web application hosted in Amazon EC2. If you use these datasets, how much will it cost you?
A : A one-time charge of $10.
B : No charge.
C : $10 per month for all datasets.
D : $10 per month for each dataset.
Q.37. You are working as a Solution Architect for a startup in Silicon Valley. Their application architecture is currently set up to store both the access key ID and the secret access key in a plain text file on a custom Amazon Machine Image (AMI). The EC2 instances, which are created by using this AMI, are using the stored access keys to connect to a DynamoDB table.
What should you do to make the current architecture more secure?
A : Put the access keys in Amazon Glacier instead.
B : Do nothing. The architecture is already secure because the access keys are already in the Amazon Machine Image.
C : Put the access keys in an Amazon S3 bucket instead.
D : Remove the stored access keys in the AMI. Create a new IAM role with permissions to access the DynamoDB table and assign it to the EC2 instances.
Remove the stored access keys in the AMI. Create a new IAM role with permissions to access the DynamoDB table and assign it to the EC2 instances.
Q.38. A company would like to archive their old yet confidential corporate files that are infrequently accessed.
Which is the MOST cost-efficient solution in AWS that you should recommend?
A : Amazon Storage Gateway
B : Amazon S3
C : Amazon EBS
D : Amazon Glacier
Q.39. You are working for a startup which develops an AI-based traffic monitoring service. You need to register a new domain called www.techradio-ai.com and set up other DNS entries for the other components of your system in AWS.
Which of the following is not supported by Amazon Route 53?
A : SRV (service locator)
B : SPF (sender policy framework)
C : DNSSEC (Domain Name System Security Extensions)
D : PTR (pointer record)
DNSSEC (Domain Name System Security Extensions)