Browse SAA Questions
Study all 100 questions at your own pace with detailed explanations
Total: 100 questionsPage: 6 of 10
Question 51 of 100
A user has created an application, which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?
AThe user should attach an IAM role with DynamoDB access to the EC2 instance
BThe user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB
CThe user should create an IAM role, which has EC2 access so that it will allow deploying the application
DThe user should create an IAM user with DynamoDB and EC2 access. Attach the user with the application so that it does not use the root account credentials
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 52 of 100
A customer is hosting their company website on a cluster of web servers that are behind a public-facing load balancer. The customer also uses Amazon Route 53 to manage their public DNS. How should the customer configure the DNS zone apex record to point to the load balancer?
ACreate an A record pointing to the IP address of the load balancer
BCreate a CNAME record pointing to the load balancer DNS name.
CCreate a CNAME record aliased to the load balancer DNS name.
DCreate an A record aliased to the load balancer DNS name
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 53 of 100
Which of the following are true regarding encrypted Amazon Elastic Block Store (EBS) volumes? Choose 2 answers
ASupported on all Amazon EBS volume types
BSnapshots are automatically encrypted
CAvailable to all instance types
DExisting volumes can be encrypted
EShared volumes can be encrypted
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 54 of 100
An application is running on an Amazon EC2 instance in a private subnet. The application needs to read and write data on to Amazon Kinesis Data Streams, and corporate policy requires that this traffic should not go to the internet. How can these requirements be met?
AConfigure a NAT gateway in a public subnet and route all traffic to Amazon Kinesis through the Nat gateway.
BConfigure a Gateway VPC endpoint gateway for Kinesis and route all traffic to Kinesis through the Gateway VPC endpoint.
CConfigure an Interface VPC endpoint interface for Kinesis and route all traffic to Kinesis through the Interface VPC endpoint.
DConfigure an AWS Direct Connect private virtual interface for Kinesis and route all traffic to Kinesis through the virtual interface.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 55 of 100
Your company has moved a legacy application from an on-premise data center to the cloud. The legacy application requires a static IP address hard-coded into the backend, which prevents you from deploying the application with high availability and fault tolerance using the ELB. Which steps would you take to apply high availability and fault tolerance to this application? Choose the 2 correct answers
ADo not migrate the application to the cloud until it can be converted to work with the ELB and Auto Scaling
BEnsure that the instance it's using has an elastic IP address assigned to it
CWrite a custom script that pings the health of the instance, and, if the instance stops responding, switches the elastic IP address to a standby instance
DCreate an AMI of the instance and launch it using Auto Scaling which will deploy the instance again if it becomes unhealthy
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 56 of 100
A Solution Architect is building an application that stores data into Amazon RDS. One table in particular is read heavy and minimal latency is critical. Which of the following would provide the highest level of performance?
AUse Amazon DynamoDB Accelerator
BUse Amazon RDS read replicas
CUse Amazon CloudFront
DUse Amazon ElastiCache
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 57 of 100
You are running a web application with four Amazon EC2 instances across two Availability Zones. The instances are in an Auto Scaling group behind an ELB Classic Load Balancer. A scaling event adds one instance to the group. After the event, you notice that, although all instances are serving traffic, some instances are serving more traffic than others. Which of the following could be the problem?
ACross-zone load balancing is not configured on the ELB Classic Load Balancer
BAccess logs are not enabled on the ELB Classic Load Balancer
CA SSL/TLS certificate has not been deployed on the ELB Classic Load Balancer
DSticky bits is not enabled on the ELB Classic Load Balancer
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 58 of 100
You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration. Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration?
ACreate an ELB to reroute traffic to a failover instance
BCreate a secondary ENI that can be moved to a failover instance
CUse Route53 health checks to fail traffic over to a failover instance
DAssign a secondary private IP address to the primary ENI that can be moved to a failover instance
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 59 of 100
A company is using a spot instance for processing their work loads. They want the spot instance to be stopped and not terminated, in case the spot instances are interrupted. How do you configure for the same? Choose 2
ASpot instance should have a one-time request type
BSpot instance should have a persistent request type
CUse EBS volume with the Spot instances
DUse Instance store volume with the Spot instances
ESpecify it in the launch configuration
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 60 of 100
You have an application running in us-west-2 that requires six Amazon Elastic Compute Cloud (EC2) instances running at all times. With three Availability Zones available in that region (us-west-2a, us-west-2b, and us-west-2c), which of the following deployments provide 100 percent fault tolerance if any single Availability Zone in us-west-2 becomes unavailable? Choose 2 answers
AUs-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances
BUs-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instances
CUs-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances
DUs-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances
EUs-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation