Browse SAA Questions
Study all 100 questions at your own pace with detailed explanations
Total: 100 questionsPage: 3 of 10
Question 21 of 100
You have an EC2 Instance in a particular region. This EC2 Instance has a preconfigured software running on it. You have been requested to create a disaster recovery solution in case the instance in the region fails. Which of the following is the best solution?
ACreate a duplicate EC2 Instance in another AZ. Keep it in the shutdown state. When required, bring it back up.
BBackup the EBS data volume. If the instance fails, bring up a new EC2 instance and attach the volume.
CStore the EC2 data on S3. If the instance fails, bring up a new EC2 instance and restore the data from S3.
DCreate an AMI of the EC2 Instance and copy it to another region.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 22 of 100
Which of the following best describes what "bastion hosts" are?
ABastion hosts are instances that sit within your private subnet and are typically accessed using SSH or RDP. Once remote connectivity has been established with the bastion host, it then acts as a ‘jump’ server, allowing you to use SSH or RDP to log into other instances (within public subnets) deeper within your network.
BBastion hosts are instances that sit within your private subnet and are typically accessed using SSH or RDP. Once remote connectivity has been established with the bastion host, it then acts as a 'jump' server, allowing you to use HTTPS to log into other instances (within public subnets) deeper within your network.
CBastion hosts are instances that sit within your public subnet and are typically accessed using SSH or RDP. Once remote connectivity has been established with the bastion host, it then acts as a ‘jump’ server, allowing you to use HTTPS to log into other instances (within private subnets) deeper within your network.
DBastion hosts are instances that sit within your public subnet and are typically accessed using SSH or RDP. Once remote connectivity has been established with a bastion host, it then acts as a ‘jump’ server, allowing you to use SSH or RDP to log into other instances (within private subnets) deeper within your network.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 23 of 100
A Company requires that the sources, destination, and protocol of all IP packets be recorded when traversing a private subnet. What is the MOST secure and reliable method of accomplishing this goal?
ACreate VPC flow logs on the subnet
BEnable source destination check on private Amazon EC2 instances.
CEnable AWS CloudTrail logging and specify an Amazon S3 bucket for storing log files.
DCreate an Amazon CloudWatch logs to capture packet information.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 24 of 100
A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI. The security team has mandated a more secure solution. Which solution will meet the security team’s mandate?
APut the access key in an S3 bucket and retrieve the access key on boot from the instance.
BPass the access key to the instances through instance user data.
CObtain the access key from a key server launched in a private subnet.
DCreate an IAM role with permissions to access the table and launch all instances with the new role.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 25 of 100
An organization runs an online voting system for a television program. During broadcast, hundreds of thousands of votes are submitted within minutes and sent to a front-end fleet of auto-scaled Amazon EC2 instances. The EC2 instances push the votes to an RDBMS database. The database is unable to keep up with the front-end connection request. What is the MOST efficient and cost-effective way of ensuring that votes are processed in a timely manner?
AEach front-end node should send votes to an Amazon SQS queue. Provision worker instances to read the SQS queue and process message information into the RDBMS database.
BAs the load on the database increases, horizontally-scale the RDBMS database with additional memory-optimized instances. When voting has ended, scale down the additional instances.
CRe-provision the RDBMS database with larger, memory-optimized instances. When voting end, re-provision the back-end database with smaller instances.
DSend votes from each front-end node to Amazon DynamoDB. Provision worker instances to process the votes in DynamoDB into the RDBMS database.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 26 of 100
An application currently writes a large number of records to a DynamoDB table in one region. There is a requirement for a secondary application to retrieve new records written to the DynamoDB table every 2 hours and process the updates accordingly. Which of the following is an ideal way to ensure that the secondary application gets the relevant changes from the DynamoDB table?
AInsert a timestamp for each record and then scan the entire table for the timestamp as per the last 2 hours.
BCreate another DynamoDB table with the records modified in the last 2 hours.
CUse DynamoDB Streams to monitor the changes in the DynamoDB table.
DTransfer records to S3 which were modified in the last 2 hours.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 27 of 100
A customer wants to leverage Amazon Simple Storage Service (S3) and Amazon Glacier as part of their backup and archive infrastructure. The customer plans to use third-party software to support this integration. Which approach will limit the access of the third party software to only the Amazon S3 bucket named “company-backup”?
AA custom bucket policy limited to the Amazon S3 API in the Amazon Glacier archive “company-backup”
BA custom bucket policy limited to the Amazon S3 API in “company-backup”
CA custom IAM user policy limited to the Amazon S3 API for the Amazon Glacier archive “company-backup”.
DA custom IAM user policy limited to the Amazon S3 API in “company-backup”.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 28 of 100
Your company has a set of EC2 Instances that access data objects stored in an S3 bucket. Your IT Security department is concerned about the security of this architecture and wants you to implement the following: 1) Ensure that the EC2 Instance securely accesses the data objects stored in the S3 bucket 2) Prevent accidental deletion of objects Which of the following would help fulfill the requirements of the IT Security department in a cost-effective way? Choose 2 answers
ACreate an IAM user and ensure the EC2 Instances use the IAM user credentials to access the data in the bucket.
BCreate an IAM Role and ensure the EC2 Instances use the IAM Role to access the data in the bucket.
CUse S3 Cross-Region Replication to replicate the objects so that the integrity of data is maintained.
DUse a S3 bucket policy that prevents accidental deletions
EConfigure S3 to use versioning and enable Multi-Factor Authentication (MFA) protected access
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 29 of 100
A company is planning to use Docker containers and necessary container orchestration tools for their long term batch processing requirements. There is a requirement for batch processing for both critical and non-critical data. Which of the following is the best implementation step for this requirement, to ensure that cost is effectively managed?
AUse Kubernetes for container orchestration and Reserved instances for all underlying instances.
BUse ECS orchestration and Reserved Instances for all underlying instances.
CUse Docker for container orchestration and a combination of Spot and Reserved Instances for the underlying instances.
DUse ECS for container orchestration and a combination of Spot and Reserved Instances for the underlying instances.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 30 of 100
Company sales people upload their sales figures daily. A Solutions Architect needs a durable storage solution for these documents that also protects against users accidentally deleting important documents. Which action will protect against unintended user actions?
AStore data in an EBS volume and create snapshots once a week.
BStore data in an S3 bucket and enable versioning.
CStore data in two S3 buckets in different AWS regions.
DStore data on EC2 instance storage.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation