[November-2021]Braindump2go CLF-C01 PDF and VCE CLF-C01 949Q Free Offered[Q195-Q225]

November/2021 Latest Braindump2go CLF-C01 Exam Dumps with PDF and VCE Free Updated Today! Following are some new CLF-C01 Real Exam Questions!

QUESTION 195
An ecommerce company has Amazon EC2 instances running as web servers. There is a predictable pattern of peak traffic load that occurs two times each day, always at the same time. The EC2 instances are idle for the remainder of the day. What is the MOST cost-effective way to manage these resources while maintaining fault tolerance?

A. Use an Auto Scaling group to scale resources in and out based on demand.
B. Purchase Reserved Instances to ensure peak capacity at all times.
C. Write a cron job to stop the EC2 instances when the traffic demand is low.
D. Write a script to vertically scale the EC2 instances during peak traffic demand.

Answer: A

Read more

[October-2021]Exam Pass 100%!Braindump2go SAA-C02 PDF Dumps SAA-C02 711Q Instant Download[Q724-Q745]

October/2021 Latest Braindump2go SAA-C02 Exam Dumps with PDF and VCE Free Updated Today! Following are some new SAA-C02 Real Exam Questions!

QUESTION 724
A company is building a new furniture inventory application. The company has deployed the application on a fleet of Amazon EC2 instances across multiple Availability Zones. The EC2 instances run behind an Application Load Balancer (ALB) in their VPC.
A solutions architect has observed that incoming traffic seems to favor one EC2 instance resulting in latency for some requests.
What should the solutions architect do to resolve this issue?

A. Disable session affinity (sticky sessions) on the ALB
B. Replace the ALB with a Network Load Balancer
C. increase the number of EC2 instances in each Availability Zone
D. Adjust the frequency of the health checks on the ALB’s target group

Answer: B

Read more

[October-2021]MLS-C01 Dumps MLS-C01 181Q Instant Download in Braindump2go[Q158-Q171]

October/2021 Latest Braindump2go MLS-C01 Exam Dumps with PDF and VCE Free Updated Today! Following are some new MLS-C01 Real Exam Questions!

QUESTION 158
A company needs to quickly make sense of a large amount of data and gain insight from it. The data is in different formats, the schemas change frequently, and new data sources are added regularly. The company wants to use AWS services to explore multiple data sources, suggest schemas, and enrich and transform the data. The solution should require the least possible coding effort for the data flows and the least possible infrastructure management.
Which combination of AWS services will meet these requirements?

A. Amazon EMR for data discovery, enrichment, and transformation
Amazon Athena for querying and analyzing the results in Amazon S3 using standard SQL
Amazon QuickSight for reporting and getting insights
B. Amazon Kinesis Data Analytics for data ingestion
Amazon EMR for data discovery, enrichment, and transformation
Amazon Redshift for querying and analyzing the results in Amazon S3
C. AWS Glue for data discovery, enrichment, and transformation
Amazon Athena for querying and analyzing the results in Amazon S3 using standard SQL
Amazon QuickSight for reporting and getting insights
D. AWS Data Pipeline for data transfer
AWS Step Functions for orchestrating AWS Lambda jobs for data discovery, enrichment, and transformation
Amazon Athena for querying and analyzing the results in Amazon S3 using standard SQL
Amazon QuickSight for reporting and getting insights

Answer: A

Read more

[September-2021]Braindump2go Free SOA-C02 157Q SOA-C02 Dumps Get[Q120-Q143]

September/2021 Latest Braindump2go SOA-C02 Exam Dumps with PDF and VCE Free Updated Today! Following are some new SOA-C02 Real Exam Questions!

QUESTION 120
A SysOps administrator is troubleshooting connection timeouts to an Amazon EC2 instance that has a public IP address. The instance has a private IP address of 172.31.16.139. When the SysOps administrator tries to ping the instance’s public IP address from the remote IP address 203.0.113.12, the response is “request timed out.” The flow logs contain the following information:

What is one cause of the problem?

A. Inbound security group deny rule
B. Outbound security group deny rule
C. Network ACL inbound rules
D. Network ACL outbound rules

Answer: D

Read more

[June-2021]AWS-SysOps Dumps PDF and VCE(Full Version)AWS-SysOps 983Q Download in Braindump2go[Q967-Q983]

June/2021 Latest Braindump2go AWS-SysOps Exam Dumps with PDF and VCE Free Updated Today! Following are some new AWS-SysOps Real Exam Questions!

QUESTION 967
A company runs a multi-tier web application with two Amazon EC2 instances in one Availability Zone in the us-east-1 Region. A SysOps administrator must migrate one of the EC2 instances to a new Availability Zone.
Which solution will accomplish this?

A. Copy the EC2 instance to a different Availability Zone.
Terminate the original instance.
B. Create an Amazon Machine Image (AMI) from the EC2 instance and launch it in a different Availability Zone.
Terminate the original instance.
C. Move the EC2 instance to a different Availability Zone using the AWS CLI.
D. Stop the EC2 instance, modify the Availability Zone, and start the instance.

Answer: B

Read more

[June-2021]SAA-C02 VCE Dumps Free Download in Braindump2go[Q654-Q669]

June/2021 Latest Braindump2go SAA-C02 Exam Dumps with PDF and VCE Free Updated Following are some new SAA-C02 Real Exam Questions!

QUESTION 654
A company is building a web-based application running on Amazon EC2 instances in multiple Availability Zones. The web application will provide access to a repository of text documents totaling about 900 TB in size. The company anticipates that the web application will experience periods of high demand. A solutions architect must ensure that the storage component for the text documents can scale to meet the demand of the application at all times. The company is concerned about the overall cost of the solution.
Which storage solution meets these requirements MOST cost-effectively?

A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elasticsearch Service (Amazon ES)
D. Amazon S3

Answer: C

Read more

[April-2021]Valid AWS-SysOps PDF Exam Dumps Free Download in Braindump2go[Q953-Q966]

April/2021 Latest Braindump2go AWS-SysOps Exam Dumps with PDF and VCE Free Updated Today! Foloowing are some new AWS-SysOps Real Exam Questions!

QUESTION 953
A company is migrating its exchange server from its on-premises location to a VPC in the AWS Cloud. Users working from home connect using a secure, encrypted channel over the internet to the exchange server. However, after the migration to AWS, users are having trouble receiving email.
The VPC flow log records display the following.

A. SMTP traffic from the network interface was blocked by an outbound network ACL
B. SMTP traffic from the network interface was blocked by an outbound security group
C. SMTP traffic to the network interface was blocked by an inbound network ACL
D. SMTP traffic to the network interface was blocked by an inbound security group

Answer: A

QUESTION 954
A SysOps administrator is configuring an application on AWS to be used over the internet by departments in other countries. For remote locations, the company requires a static public IP address to be explicitly allowed as a target for outgoing internet traffic. How should the SysOps administrator deploy the application to meet this requirement?

A. Deploy the application on an Amazon Elastic Container Service (Amazon ECS) cluster Configure an AWS App Mesh service mesh.
B. Deploy the application as AWS Lambda functions behind an Application Load Balancer
C. Deploy the application on Amazon EC2 instances behind an internet-facing Network Load Balancer
D. Deploy the application on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster behind an Amazon API Gateway

Answer: C

QUESTION 955
A SysOps administrator needs to register targets for a Network Load Balancer (NL8) using IP addresses. Which prerequisite should the SysOps administrator validate to perform this task?

A. Ensure the NLB listener security policy is set to ELBSecuntyPohcy-TLS-1-2-Ext-2018-06, ELBSecuntyPolicy-FS-1-2-Res-2019-08 or ELBSecuntyPolicy-TLS-1-0-2015-04
B. Ensure the heath check setting on the NLB for the Matcher configuration is between 200 and 399
C. Ensure the targets are within any of these CIDR blocks: 10.0.0.0/8 (RFC I918)r 100.64.0.0/10 (RFC 6598): 172.16.0.0/12 (RFC 1918), or 192.168.0.0/16 (RFC 1918).
D. Ensure the NLB is exposed as an endpoint service before registering the targets using IP addresses

Answer: A

QUESTION 956
A SysOps administrator must deploy a company’s infrastructure as code (laC). The administrator needs to write a single template that can be reused for multiple environments in a safe, repeatable manner.
How should the administrator meet this requirement by using AWS Cloud Formation?

A. Use duplicate resource definitions for each environment selected based on conditions
B. Use nested stacks to provision the resources
C. Use parameter references and mappings for resource attributes
D. Use AWS Cloud Formation StackSets to provision the resources

Answer: B

QUESTION 957
Which type routing protocol operates by exchanging the entire routing information?

A. exterior gateway protocols
B. link-state protocols
C. distance-vector protocols
D. Path-vector protocols

Answer: B

QUESTION 958
Which component of an Ethernet frame is used to notify a host that traffic is coming?

A. Type field
B. preamable
C. Data field
D. start of frame delimiter

Answer: B

QUESTION 959
Which command must be present in a Cisco device configuration to enable the device to resolve an FQDN?

A. ip domain-name
B. ip domain-lookup
C. ip host
D. ip name-server

Answer: B

QUESTION 960
A company has an application that is hosted on two Amazon EC2 instances in different Availability Zones. Both instances contain data that is critical for the company’s business. Backups need to be retained for 7 days and need to be updated every 12 hours.
Which solution will meet these requirements with the LEAST amount of effort?

A. Use an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to create snapshots of the Amazon Elastic Block Store (Amazon EBS) volumes.
B. Use Amazon Data Lifecycle Manager (Amazon DLM) to create a snapshot lifecycle policy for both instances.
C. Create a batch job to generate automated snapshots of the Amazon Elastic Block Store (Amazon EBS) volumes.
D. Create an AWS Lambda function to copy the data to Amazon S3 Glacier.

Answer: A
Explanation:
https://docs.aws.amazon.com/eventbridge/latest/userguide/take-scheduled-snapshot.html

QUESTION 961
A SysOps administrator is re-architecting an application. The SysOps administrator has moved the database from a public subnet, where the database used a public endpoint, into a private subnet to restrict access from the public network. After this change, an AWS Lambda function that requires read access to the database cannot connect to the database. The SysOps administrator must resolve this issue without compromising security.
Which solution meets these requirements?

A. Create an AWS PrivateLink interface endpoint for the Lambda function. Connect to the database using its private endpoint.
B. Connect the Lambda function to the database VPC. Connect to the database using its private endpoint.
C. Attach an IAM role to the Lambda function with read permissions to the database.
D. Move the database to a public subnet. Use security groups for secure access.

Answer: D
Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

QUESTION 962
A company that hosts a multi-tier ecommerce web application on AWS has been alerted to suspicious application traffic. The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB). After examining the instance logs, a SysOps administrator determines that the suspicious traffic is an attempted SQL injection attack.
What should the SysOps administrator do to prevent similar attacks?

A. Create an Amazon CloudFront distribution with the ALB as the origin. Enable AWS Shield Advanced to protect from SQL injection attacks at edge locations.
B. Create an AWS WAF web ACL, and configure a SQL injection rule to add to the web ACL. Associate the WAF web ACL with the ALB.
C. Enable Amazon GuardDuty. Use Amazon EventBridge (Amazon CloudWatch Events) to trigger an AWS Lambda function every time GuardDuty detects SQL injection.
D. Install Amazon Inspector on the EC2 instances, and configure a rules package. Use the findings reports to identify and block SQL injection attacks.

Answer: A

QUESTION 963
An Amazon EC2 instance has a secondary Amazon Elastic Block Store (EBS) volume attached that contains sensitive data. A new company policy requires the secondary volume to be encrypted at rest.
Which solution will meet this requirement?

A. Create a snapshot of the volume. Create a new volume from the snapshot with the Encrypted parameter set to true. Detach the original volume and attach the new volume to the instance.
B. Create an encrypted Amazon Machine Image (AMI) of the EC2 instance. Launch a new instance with the encrypted AMI. Terminate the original instance.
C. Stop the EC2 instance. Encrypt the volume with AWS CloudHSM. Start the instance and verify encryption.
D. Stop the EC2 instance. Modify the instance properties and set the Encrypted parameter to true. Start the instance and verify encryption.

Answer: A

QUESTION 964
A SysOps administrator recently launched an application consisting of web servers running on Amazon EC2 instances, an Amazon ElastiCache cluster communicating on port 6379, and an Amazon RDS for PostgreSQL DB instance communicating on port 5432. The web servers are in the security group web-sg, the ElastiCache cluster is in the security group cache-sg, and the DB instance is in the security group database-sg.
The application fails on start, with the error message “Unable to connect to the database”.
The rules in web-sg are as follows.

Which change should the SysOps administrator make to web-sg to correct the issue without compromising security?

A. Add a new inbound rule:
database-sg TCP 5432
B. Add a new outbound rule:
database-sg TCP 5432
C. Add a new outbound rule:
0.0.0.0/0 All Traffic 0-65535
D. Change the outbound rule to:
cache-sg TCP 5432

Answer: A

QUESTION 965
A kernel patch for AWS Linux has been released, and systems need to be updated to the new version. A SysOps administrator must apply an in-place update to an existing Amazon EC2 instance without replacing the instance.
How should the SysOps administrator apply the new software version to the instance?

A. Add the instance to a patch group and patch baseline containing the desired patch by using AWS Systems Manager Patch Manager.
B. Develop a new version of the instance’s Amazon Machine Image (AMI). Apply that new AMI to the instance.
C. Develop a new user data script containing the patch. Configure the instance with the new script.
D. Run commands on the instance remotely using the AWS CLI.

Answer: A

QUESTION 966
A company needs to implement a system for object-based storage in a write-once, read-many (WORM) model. Objects cannot be deleted or changed after they are stored, even by an AWS account root user or administrators.
Which solution will meet these requirements?

A. Set up Amazon S3 Cross-Region Replication and run daily updates.
B. Set up Amazon S3 Object Lock in governance mode with S3 Versioning enabled.
C. Set up Amazon S3 Object Lock in compliance mode with S3 Versioning enabled.
D. Set up an Amazon S3 Lifecycle policy to move the objects to Amazon S3 Glacier.

Answer: B
Explanation:
https://aws.amazon.com/blogs/storage/protecting-data-with-amazon-s3-object-lock/


Resources From:

1.2021 Latest Braindump2go AWS-SysOps Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/aws-sysops.html

2.2021 Latest Braindump2go AWS-SysOps PDF and AWS-SysOps VCE Dumps Free Share:
https://drive.google.com/drive/folders/1-kckNIRM9eMaU2urIinqFqegqkOXzZ8e?usp=sharing

3.2021 Free Braindump2go AWS-SysOps Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/AWS-SysOps-PDF-Dumps(953-966).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!

[March-2021]Free DVA-C01 DVA-C01 679 DVA-C01 Exam Dumps PDF and VCE Braindump2go Offer[Q658-Q679]

2021/March Latest Braindump2go AWS-Developer-Associate Exam Dumps with PDF and VCE Free Updated Today! Following are some new AWS-Developer-Associate Real Exam Questions!

QUESTION 658
A developer is building an application that runs behind an application Load Balancer (ALB).
The application is configured as the origin for an Amazon CloudFront distribution.
Users will log in to the application using their social media accounts.
How can the developer authenticate and authorize users?

A. Validate the user by inspecting the tokens using AWS Lambda authorizers on the ALB
B. Configure the ALB to use Amazon Cognito as one of the authentication providers
C. Configure Cloudfron to use Amazon Cognito as one of the authentication providers
D. Authorize the users by calling the Amazon Cognito API in the AWS Lambda authorizer on the ALB

Answer: C

Read more

[2020-November-New]Braindump2go SAA-C02 Free Dumps Download[Q402-Q425]

2020/November Latest Braindump2go SAA-C02 Exam Dumps with PDF and VCE Free Updated Today! Following are some new SAA-C02 Real Exam Questions!

QUESTION 402
A solutions architect is creating a new VPC design. There are two public subnet for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web serves use only HTTPS. The solutions architect has already created a security group for the load Balancer allowing port 443 from 0.0 0.0/0. Company policy requires that each resource has the least access required to still be able to perform its tasks.
Which additional configuration strategy should the solution architect use to meet these requirements?

A. Create a security group far the web servers and allow port 443 from 0.0.0.0/0.
Create a security group tor the MySQL serve’s aid allow port 3306 from the web servers security group.
B. Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0.
Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group
C. Create a security group for the web servers and allow port 443 from the load balancer.
Create a security group tor the MySQL servers and allow port 3306 from the web sewers security group
D. Create a network ACL for the web servers and allow port 443 from the web balancer.
Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.

Answer: C

QUESTION 403
A company runs an application on an Amazon EC2 instance Backed by Amazon Elastic Block Store (Amazon EBS).
The instance needs to be available for 12 hours daily.
The company wants to save costs by making the instance unavailable outside the window required for the application.
However the contents of the instance’s memory must be preserved whenever the instance is unavailable.
What should a solutions architect do lo meet this requirement?

A. Stop the instance outside the application’s availability window.
Start up the Instance again when required.
B. Hibernate tie instance outside the application’s availability window.
Start up the instance again when required.
C. Use Auto Scaling to scale down the instance outside the application’s availability window.
Scale up the instance when required.
D. Terminate the instance outside the application’s availability window.
Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required.

Answer: B

QUESTION 404
A company Is migrating lo the AWS Cloud. A file server is the first workload to migrate.
Users must be able to access the file share using the Server Message Block (SMB) protocol.
Which AWS managed service meets these requirements”

A. Amazon EBS
B. Amazon EC2
C. Amazon FSx
D. Amazon S3

Answer: B

QUESTION 405
A solutions architect needs to design a resilient solution for Windows users’ home directories.
The solution must provide fault tolerance, file-level backup and recovery, and access control, based upon the company’s Active Directory.
Which storage solution meets these requirements?

A. Configure Amazon S3 to store the users’ home directories.
Join Amazon S3 to Active Directory.
B. Configure a Multi-AZ file system with Amazon FSx for Windows File Server.
Join Amazon FSx to Active Directory.
C. Configure Amazon Elastic File System (Amazon EFS) for the users’ home directories.
Configure AWS Single Sign-On with Active Directory.
D. Configure Amazon Elastic Block Store (Amazon EBS) to store the users’ home directories.
Configure AWS Single Sign-On with Active Directory.

Answer: A

QUESTION 406
A company has a legacy application that processes data in two parts.
The second part of the process takes longer than the first, so the company has decided to rewrite the application as two microservices running on Amazon ECS that can scale independently.
How should a solutions architect integrate the microservices?

A. Implement code in microservice 1 to send data to an Amazon S3 bucket.
Use S3 event notifications to invoke microservice 2
B. Implement code in microservice 1 to publish data to an Amazon SNS topic.
Implement code In microservice 2 to subscribe to this topic.
C. Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose.
Implement code in microservice 2 to read from Kinesis Data Firehose.
D. Implement code in microservice 1 to send data to an Amazon SOS queue.
Implement code in microservice 2 to process messages from the queue.

Answer: A

QUESTION 407
A company hosts its application using Amazon Elastic Container Service (Amazon ECS) and wants to ensure high availability.
The company wants to be able (o deploy updates to its application even if nodes in one Availability Zone are not accessible.
The expected request volume for the application is 100 requests per second, and each container task is able to serve at least 60 requests pet second.
The company set up Amazon ECS with a rolling update deployment type with the minimum healthy percent parameter set to 50% and the maximum percent set lo 100%.
Which configuration of tasks and Availability Zones meets these requirements?

A. Deploy the application across two Availability Zones, with one task in each Availability Zone
B. Deploy the application across two Availability Zones, with two tasks in each Availability Zone.
C. Deploy the application across three Availability Zones, with one task in each Availability Zone.
D. Deploy the application across three Availability Zones, with two tasks in each Availability Zone.

Answer: A

QUESTION 408
A web application runs on Amazon EC2 instances behind an Application Load Balancer.
The application allows users to create custom reports of historical weather data.
Generating a report can take up to 5 minutes.
These long-running requests use many of the available incoming connections, making the system unresponsive to other users.
How can a solutions architect make the system more responsive?

A. Use Amazon SOS with AWS Lambda to generate reports.
B. Increase the Idle timeout on the Application Load Balancer to 5 minutes.
C. Update the client-side application code to increase its request timeout to 5 minutes.
D. Publish the reports to Amazon S3 and use Amazon CloudFront for downloading lo the user.

Answer: A

QUESTION 409
A company is planning to use Amazon S3 to store images uploaded by its users.
The images must be encrypted at rest in Amazon S3.
The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys.
What should a solutions architect use to accomplish this?

A. Server-Side Encryption with keys stored in an S3 bucket
B. Server-Side Encryption with Customer-Provided Keys (SSE-C)
C. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
D. Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)

Answer: D

QUESTION 410
A company’s application is running on Amazon EC2 instances within an Auto Scaling group behind an Elastic Load Balancer.
Based on the application’s history, the company anticipates a spike in traffic during a holiday each year.
A solutions architect must design a strategy to ensure that the Auto Scaling group proactively increases capacity lo minimize any performance impact on application users.
Which solution will meet these requirements?

A. Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization exceeds 90%.
B. Create a recurring scheduled action to scale up the Auto Scaling group before the expected period of peak demand.
C. Increase the minimum and maximum number of EC2 instances in the Auto Scaling group during the peak demand period.
D. Configure an Amazon Simple Notification Service (Amazon SNS) notification to send alerts when there ate autoscaling:EC2_INSTANCE_LAUNCH events.

Answer: B

QUESTION 411
A website runs a web application that receives a burst of traffic each day at noon.
The users upload new pictures and content daily, but have been complaining of timeouts.
The architecture uses Amazon EC2 Auto Seating groups, and the custom application consistently takes 1 minute to initiate upon boot up before responding to user requests
How should a solutions architect redesign the architecture to better respond to changing traffic?

A. Configure a Network Load Balancer with a slow start configuration.
B. Configure AWS ElastiCache for Redis to offload direct requests to the servers
C. Configure an Auto Scaling step scaling policy with an instance warmup condition.
D. Configure Amazon CloudFront to use an Application Load Balancer as the origin.

Answer: B

QUESTION 412
A solutions architect needs to design a managed storage solution for a company’s application that includes high-performance machine learning.
This application runs on AWS Fargate. and the connected storage needs to have concurrent access to files and deliver high performance.
Which storage option should the solutions architect recommend?

A. Create an Amazon S3 bucket for the application and establish an 1AM role for Fargate to communicate with Amazon S3.
B. Create an Amazon FSx for Lustre file share and establish an 1AM role that allows Fargate to communicate with FSx for Lustre
C. Create an Amazon Elastic File System (Amazon EFS> file share and establish an 1AM role that allows Fargate to communicate with Amazon EFS.
D. Create an Amazon Elastic Block Store (Amazon EBS) volume for the application and establish an 1AM role that allows Fargate to communicate with Amazon EBS.

Answer: B

QUESTION 413
A company Is launching an ecommerce website on AWS.
This website is built with a three-tier architecture that includes a MySQL database.
In a Multi-AZ deployment of Amazon Aurora MySQL.
The website application must be highly available and will initially be launched in an AWS Region with three Availability Zones.
The application produces a metric that describes the load the application experiences.
Which solution meets these requirements?

A. Configure an Application Load Balancer (ALB( with Amazon EC2 Auto Scaling behind the ALB with scheduled scaling
B. Configure an Application Load Balancer (ALB) and Amazon EC2 Auto Scaling behind the ALB with a simple scaling policy.
C. Configure a Network Load Balancer (NLB) and launch a Spot Fleet with Amazon EC2 Auto Scaling behind the NL8.
D. Configure an Application Load Balancer (ALB) and Amazon EC2 Auto Scaling behind the ALB with a target tracking scaling policy.

Answer: B

QUESTION 414
A company Is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in Amazon RDS MySQL Multi-AZ DB instances.
The EC2 instances are in public subnets, and the RDS DB instances are in private subnets.
The security team has mandated that the DB instances be secured against web-based attacks.
What should a solutions architect recommend?

A. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer.
Configure the EC2 instance iptables rules to drop suspicious web traffic.
Create a security group for the DB instances.
Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
B. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer.
Move DB instances to the same subnets that EC2 instances are located in.
Create a security group for the DB instances.
Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer.
Use AWS WAF to monitor inbound web traffic for threats.
Create a security group for the web application servers and a security group for the DB instances.
Configure the RDS security group to only allow port 3306 inbound from the web application server security group.
D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer.
Use AWS WAF to monitor inbound web traffic for threats.
Configure the Auto Scaling group lo automatically create new DB instances under heavy traffic.
Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.

Answer: D

QUESTION 415
A start-up company has a web application based in the us-east-1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones.
As the company’s user base grows in the us-west-1 Region, it needs 3 solution with low latency and high availability.
What should a solutions architect do to accomplish this?

A. Provision EC2 instances in us-west-1.
Switch me Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing.
B. Provision EC2 instances and an Application Load Balancer in us-west-1.
Make the load balancer distribute the traffic based on the location of the request
C. Provision EC2 instances and configure an Application Load Balancer in us-west-1.
Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.
D. Provision EC2 Instances and configure an Application Load Balancer in us-wesl-1.
Configure Amazon Route 53 with a weighted routing policy.
Create alias records in Route 53 that point to the Application Load Balancer

Answer: C
Explanation:
https://aws.amazon.com/global-accelerator/faqs/

QUESTION 416
A company has a custom application running on an Amazon EC2 instance that:
– Reads a large amount of data from Amazon S3
– Performs a multi-stage analysis.
– Writes the results to Amazon DynamoDB.
The application writes a significant number of large, temporary files during the multi-stage analysis.
The process performance depends on the temporary storage performance.
What would be the fastest storage option for holding the temporary files?

A. Multiple Amazon S3 buckets with Transfer Acceleration for storage
B. Multiple Amazon EBS drives with Provisioned IOPS and EBS optimization.
C. Multiple Amazon EFS volumes using the Network File System version 4.1 (NFSv4.1) protocol.
D. Multiple instance store volumes with software RAID 0

Answer: D

QUESTION 417
A company built a food ordering application that captures user data and stores it for future analysis.
The application’s static front end is deployed on an Amazon EC? instance.
The front-end application sends the requests to the backend application running on separate EC2 instance.
The backend application then stores the data in Amazon RDS.
What should a solutions architect do to decouple the architecture and make it scalable?

A. Use Amazon S3 to serve the front-end application, which sends requests to Amazon EC2 to execute the backend application.
The backend application will process and store the data in Amazon RDS.
B. Use Amazon S3 to serve the front-end application and write requests to an Amazon Simple Notification Service (Amazon SNS) topic.
Subscribe Amazon EC2 instances to the HTTP/HTTPS endpoint o( the topic, and process and store the data in Amazon RDS.
C. Use an EC2 instance lo serve the front end and write requests to an Amazon SOS queue.
Place the backend Instance in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.
D. Use Amazon S3 to serve the static front-end application and send requests lo Amazon API Gateway which writes the requests to an Amazon SQS queue.
Place the backend instances in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.

Answer: D

QUESTION 418
A company has an on-premises application that collects data and stores it to an on-premises NFS server.
The company recently set up a 10 Gbps AWS Direct Connect connection.
The company is running out of storage capacity on premises.
The company needs to migrate the application data from on premises to the AWS Cloud while maintaining low-latency access to the data from the on- premises application.
What should a solutions architect do to meet these requirements?

A. Deploy AWS Storage Gateway for the application data, and use the file gateway to store the data in Amazon S3.
Connect the on-premises application servers to the file gateway using NFS.
B. Attach an Amazon Elastic File System (Amazon EFS) file system to the NFS server, and copy the application data to the EFS file system.
Then connect the on-premises application to Amazon EFS.
C. Configure AWS Storage Gateway as a volume gateway.
Make the application data available to the on-premises application from the NFS server and with Amazon Elastic Block Store (Amazon EBS) snapshots.
D. Create an AWS DataSync agent with the NFS server as the source location and an Amazon Elastic File System (Amazon EFS) file system as the destination for application data transfer.
Connect the on- premises application to the EFS file system.

Answer: A

QUESTION 419
A company wants to migrate a high performance computing (HPC) application and data from on- premises to the AWS Cloud.
The company uses tiered storage on-premises with hoi high-performance parallel storage to support the application during periodic runs of the application, and more economical cold storage to hold the data when the application is not actively running.
Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Select TWO)

A. Amazon S3 for cold data storage
B. Amazon EFS for cold data storage
C. Amazon S3 for high-performance parallel storage
D. Amazon FSx for clustre tor high-performance parallel storage
E. Amazon FSx for Windows for high-performance parallel storage

Answer: AD
Explanation:
https://aws.amazon.com/fsx/lustre/
Amazon FSx for Lustre makes it easy and cost effective to launch and run the world’s most popular high-performance file system. Use it for workloads where speed matters, such as machine learning, high performance computing (HPC), video processing, and financial modeling.

QUESTION 420
A software vendor is deploying a new software-as-a-service (SaaS) solution that will be utilized by many AWS users.
The service is hosted in a VPC behind a Network Load Balancer.
The software vendor wants to provide access to this service to users with the least amount of administrative overhead and without exposing the service to the public internet.
What should a solutions architect do to accomplish this goal?

A. Create a peering VPC connection from each user’s VPC to the software vendor s VPC.
B. Deploy a transit VPC in the software vendor’s AWS account.
Create a VPN connection with each user account
C. Connect the service in the VPC with an AWS PrivateLink endpoint.
Have users subscribe to the endpoint.
D. Deploy a transit VPC in the software vendor’s AWS account.
Create an AWS Direct Connect connection with each user account.

Answer: C

QUESTION 421
A company uses Amazon S3 to store its confidential audit documents.
The S3 bucket uses bucket policies to restrict access to audit team 1AM user credentials according to the principle of least privilege.
Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.
What should a solutions architect do to secure the audit documents?

A. Enable the versioning and MFA Delete features on the S3 bucket
B. Enable multi-factor authentication (MFA) on the 1AM user credentials for each audit team 1AM user account.
C. Add an S3 Lifecycle policy to the audit team’s 1AM user accounts to deny the s3:DeleteOb|ect action during audit dates.
D. Use AWS Key Management Service (AWS KMS> to encrypt the S3 bucket and restrict audit team 1AM user accounts from accessing the KMS key.

Answer: A

QUESTION 422
A solutions architect is helping a developer design a new ecommerce shopping cart application using AWS services.
The developer is unsure of the current database schema and expects to make changes as the ecommerce site grows.
The solution needs to be highly resilient and capable of automatically scaling read and write capacity.
Which database solution meets these requirements?

A. Amazon Aurora PostgreSQL
B. Amazon DynamoDB with on-demand enabled
C. Amazon DynamoDB with DynamoDB Streams enabled
D. Amazon SQS and Amazon Aurora PostgreSQL

Answer: B

QUESTION 423
A company Is seeing access requests by some suspicious IP addresses.
The security team discovers the requests are horn different IP addresses under the same CIDR range.
What should a solutions architect recommend to the team?

A. Add a rule in the inbound table of the security group to deny the traffic from that CIDR range.
B. Add a rule In the outbound table of the security group to deny the traffic from that CIDR range
C. Add a deny rule in the Inbound table of the network ACL with a lower rule number than other rules.
D. Add a deny rule in the outbound table of the network ACL with a tower rule number than other rules.

Answer: C

QUESTION 424
A company wants to run a hybrid workload for data processing.
The data needs to be accessed by on-premises applications for local data processing using an NFS protocol, and must also be accessible from the AWS Cloud for further analytics and batch processing.
Which solution will meet these requirements?

A. Use an AWS Storage Gateway fife gateway to provide file storage to AWS.
Then perform analytics on the data in the AWS Cloud.
B. Use an AWS Storage Gateway tape gateway to copy the backup of the local data to AWS.
Then perform analytics on this data in the AWS Cloud.
C. Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AWS.
D. Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS Cloud, then perform analytics on this data in the cloud.

Answer: C
Explanation:
https://docs.aws.amazon.com/storagegateway/latest/userguide/WhatIsStorageGateway.html

QUESTION 425
A solutions architect is designing a solution that requires frequent updates to a website that is hosted on Amazon S3 with versioning enabled.
For compliance reasons, older versions of the objects will not be accessed frequently and will need to be deleted after 2 years.
What should the solutions architect recommend to meet these requirements at the LOWEST cost?

A. Use S3 batch operations to replace object tags.
Expire the objects based on the modified tags
B. Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier.
Expire the objects after 2 years
C. Enable S3 Event Notifications on the bucket that sends older objects to the Amazon Simple Queue Service (Amazon SOS) queue for further processing.
D. Replicate older object versions to a new bucket.
Use an S3 Lifecycle policy to expire the objects In the new bucket after 2 years

Answer: B


Resources From:

1.2020 Latest Braindump2go SAA-C02 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/saa-c02.html

2.2020 Latest Braindump2go SAA-C02 PDF and SAA-C02 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1_5IK3H_eM74C6AKwU7sKaLn1rrn8xTfm?usp=sharing

3.2020 Free Braindump2go SAA-C02 PDF Download:
https://www.braindump2go.com/free-online-pdf/SAA-C02-Dumps(416-430).pdf
https://www.braindump2go.com/free-online-pdf/SAA-C02-PDF-Dumps(402-415).pdf
https://www.braindump2go.com/free-online-pdf/SAA-C02-VCE-Dumps(431-445).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!

[November-2020]MLS-C01 Dumps PDF Free Download in Braindump2go[Q82-Q102]

November/2020 Latest Braindump2go MLS-C01 Exam Dumps with PDF and VCE Free Updated Today! Following are some new MLS-C01 Real Exam Questions!

QUESTION 82
A Data Scientist is building a model to predict customer churn using a dataset of 100 continuous numerical features. The Marketing team has not provided any insight about which features are relevant for churn prediction. The Marketing team wants to interpret the model and see the direct impact of relevant features on the model outcome. While training a logistic regression model, the Data Scientist observes that there is a wide gap between the training and validation set accuracy.
Which methods can the Data Scientist use to improve the model performance and satisfy the Marketing team’s needs? (Choose two.)

A. Add L1 regularization to the classifier
B. Add features to the dataset
C. Perform recursive feature elimination
D. Perform t-distributed stochastic neighbor embedding (t-SNE)
E. Perform linear discriminant analysis

Answer: BE

Read more

1 2 3 4 5