• Home
  • Articles
  • Check Real Amazon AWS-Solutions-Associate Exam Question for Free (2025) [Q214-Q230]

Check Real Amazon AWS-Solutions-Associate Exam Question for Free (2025) [Q214-Q230]

Share

Check Real Amazon AWS-Solutions-Associate Exam Question for Free (2025)

Get Ready to Boost your Prepare for your AWS-Solutions-Associate Exam with 1095 Questions


The AWS Certified Solutions Architect - Associate (SAA-C02) certification is highly valued in the IT industry, as it demonstrates that the holder has the skills and knowledge required to design and deploy scalable and highly available solutions on AWS. AWS Certified Solutions Architect - Associate (SAA-C02) certification is suitable for professionals working in roles such as solutions architects, cloud architects, cloud engineers, and developers who want to advance their careers in cloud computing.


The AWS Certified Solutions Architect - Associate (SAA-C02) exam is designed to test individuals' knowledge and skills in designing, deploying, and managing applications on the Amazon Web Services (AWS) platform. AWS Certified Solutions Architect - Associate (SAA-C02) certification is ideal for professionals who want to advance their careers in cloud computing and demonstrate their expertise in working with AWS. It is one of the most popular and recognized certifications in the cloud computing industry.

 

NEW QUESTION # 214
A client reports that they want see an audit log of any changes made to AWS resources in their account.
What can the client do to achieve this?

  • A. Use Amazon CloudWatch Events to parse logs
  • B. Use AWS OpsWorks to manage their resources
  • C. Enable AWS CloudTrail logs to be delivered to an Amazon S3 bucket
  • D. Set up Amazon CloudWatch monitors on services they own

Answer: C


NEW QUESTION # 215
A company has migrated several applications to AWS in the past 3 months. The company wants to know the breakdown of costs for each of these applications. The company wants to receive a regular report that includes this information.
Which solution will meet these requirements MOST cost-effectively?

  • A. Tag all the AWS resources with a key for cost and a value of the application's name. Activate cost allocation tags. Use Cost Explorer to get the desired information.
  • B. Load AWS Cost and Usage Reports into an Amazon RDS DB instance. Run SQL queries to get the desired information.
  • C. Use AWS Budgets to download data for the past 3 months into a csv file. Look up the desired information.
  • D. Tag all the AWS resources with a key for cost and a value of the application's name. Use the AWS Billing and Cost Management console to download bills for the past 3 months. Look up the desired information.

Answer: A


NEW QUESTION # 216
A company is running a critical business application on Amazon EC2 instances behind an Application Load Balancer The EC2 instances run in an Auto Scaling group and access an Amazon RDS DB instance The design did not pass an operational review because the EC2 instances and the DB instance are all located in a single Availability Zone A solutions architect must update the design to use a second Availability Zone Which solution will make the application highly available?

  • A. Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones Configure the DB instance for Multi-AZ deployment
  • B. Provision a subnet that extends across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones Configure the DB instance for Multi-AZ deployment
  • C. Provision two subnets that extend across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones Configure the DB instance with connections to each network
  • D. Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones Configure the DB instance with connections to each network

Answer: A

Explanation:
https://aws.amazon.com/vpc/faqs/#:~:text=Can%20a%20subnet%20span%20Availability,within%20a%20single


NEW QUESTION # 217
A company wants to use Amazon S3 for the secondary copy of its on-premises dataset. The company would rarely need to access this copy. The storage solution's cost should be minimal.
Which storage solution meets these requirements?

  • A. S3 Standard-Infrequent Access (S3 Standard-IA)
  • B. S3 Standard
  • C. S3 Intelligent-Tiering
  • D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: D

Explanation:
Explanation
S3 One Zone-IA is a storage class that is designed for data that is accessed less frequently, but requires rapid access when needed. Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA. This storage class meets the requirements of the company because it provides a low-cost solution for the secondary copy of its on-premises dataset that would rarely need to be accessed. The other storage classes are either more expensive or not suitable for infrequently accessed data.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html


NEW QUESTION # 218
A company stores confidential data in an Amazon Aurora PostgreSQL database in the ap-southeast-3 Region The database is encrypted with an AWS Key Management Service (AWS KMS) customer managed key The company was recently acquired and must securely share a backup of the database with the acquiring company's AWS account in ap-southeast-3.
What should a solutions architect do to meet these requirements?

  • A. Create a database snapshot Download the database snapshot Upload the database snapshot to an Amazon S3 bucket Update the S3 bucket policy to allow access from the acquiring company's AWS account
  • B. Create a database snapshot that uses a different AWS managed KMS key Add the acquiring company's AWS account to the KMS key alias. Share the snapshot with the acquiring company's AWS account.
  • C. Create a database snapshot Copy the snapshot to a new unencrypted snapshot Share the new snapshot with the acquiring company's AWS account
  • D. Create a database snapshot Add the acquiring company's AWS account to the KMS key policy Share the snapshot with the acquiring company's AWS account

Answer: D

Explanation:
Explanation
https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html There's no need to create another custom AWS KMS key.
https://aws.amazon.com/premiumsupport/knowledge-center/aurora-share-encrypted-snapshot/ Give target account access to the custom AWS KMS key within the source account 1. Log in to the source account, and go to the AWS KMS console in the same Region as the DB cluster snapshot. 2. Select Customer-managed keys from the navigation pane. 3. Select your custom AWS KMS key (ALREADY CREATED) 4. From the Other AWS accounts section, select Add another AWS account, and then enter the AWS account number of your target account. Then: Copy and share the DB cluster snapshot


NEW QUESTION # 219
A/An _____ acts as a firewall that controls the traffic allowed to reach one or more instances.

  • A. ACL
  • B. IAM
  • C. security group
  • D. Private IP Addresses

Answer: C


NEW QUESTION # 220
A customer is deployi ng an SSL enabled web application to AWS and would like to implement a
separation of roles between the EC2 service administrators that are entitled to login to instances as well
as making API calls and the security officers
Who will maintain and have exclusive access to the application X.509 certificate that contains the private key.

  • A. Upload the certificate on an S3 bucket owned by the security officers and accessible only by EC2 Role of the web servers.
  • B. Configure the web servers to retrieve the certificate upon boot from an CloudHSM is managed by the security officers.
  • C. Configure system permissions on the web servers to restrict access to the certificate only to the authority security officers
  • D. Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.

Answer: D


NEW QUESTION # 221
A company selves a dynamic website from a flee! of Amazon EC2 instances behind an Application Load Balancer (ALB) The website needs to support multiple languages to serve customers around the world The website's architecture is running in the us-west-1 Region and is exhibiting high request latency tor users that are located in other parts of the world The website needs to serve requests quickly and efficiently regardless of a user's location However the company does not want to recreate the existing architecture across multiple Regions What should a solutions architect do to meet these requirements?

  • A. Create an Amazon API Gateway API that is integrated with the ALB Configure the API to use the HTTP integration type Set up an API Gateway stage to enable the API cache based on the Accept- Language request header
  • B. Replace the existing architecture with a website that is served from an Amazon S3 bucket Configure an Amazon CloudFront distribution with the S3 bucket as the origin Set the cache behavior settings to cache based on the Accept-Language request header
  • C. Launch an EC2 instance in each additional Region and configure NGINX to act as a cache server for that Region Put all the EC2 instances and the ALB behind an Amazon Route 53 record set with a geolocation routing policy
  • D. Configure an Amazon CloudFront distribution with the ALB as the origin Set the cache behavior settings to cache based on the Accept-Language request header

Answer: D

Explanation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html Configuring caching based on the language of the viewer: If you want CloudFront to cache different versions of your objects based on the language specified in the request, configure CloudFront to forward the Accept-Language header to your origin.


NEW QUESTION # 222
An environment has an Auto Scaling group across two Availability Zones referred to as AZ-a and AZ-b and a default termination policy AZ-a has four Amazon EC2 instances and AZ-b has three EC2 instances None of the instances is protected from a scale-n How will Auto Scaling proceed 4 there is a scale-in event?

  • A. Auto Scaling terminates the instance with the closest next billing hour of all instances
  • B. Auto Scaling terminates tie instance wilt the oldest launch configuration of all instances
  • C. Auto Seating selects an instance to terminate randomly
  • D. Auto Scaling selects the Availability Zone with four EC2 instances and then continues to evaluate

Answer: A


NEW QUESTION # 223
A company plans to store sensitive user data on Amazon S3. Internal security compliance requirement mandata encryption of data before sending it to Amazon S3.
What should a solution architect recommend to satisfy these requirements?

  • A. Client-side encryption with Amazon S3 managed encryption keys
  • B. Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS)
  • C. Server-side encryption with customer-provided encryption keys
  • D. Server-side encryption with keys stored in AWS key Management Service (AWS KMS)

Answer: C


NEW QUESTION # 224
The DNS provider that hosts a company's domain name records is experiencing outages that cause service disruption for a website running on AWS. The company needs to migrate to a more resilient managed DNS service and wants the service to run on AWS.
What should a solutions architect do to rapidly migrate the DNS hosting service?

  • A. Create an Amazon Route 53 public hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider
  • B. Create an Amazon Route 53 Resolver inbound endpomt in the VPC. Specify the IP addresses that the provider's DNS will forward DNS queries to. Configure the provider's DNS to forward DNS queries for the domain to the IP addresses that are specified in the inbound endpoint.
  • C. Create an Amazon Route 53 private hosted zone for the domain name Import the zone file containing the domain records hosted by the previous provider.
  • D. Create a Simple AD directory in AWS. Enable zone transfer between the DNS provider and AWS Directory Service for Microsoft Active Directory for the domain records.

Answer: A

Explanation:
To migrate the DNS hosting service to a more resilient managed DNS service on AWS, the company should use Amazon Route 53, which is a highly available and scalable cloud DNS web service. Route 53 can host public DNS records for the company's domain name and provide reliable and secure DNS resolution. To rapidly migrate the DNS hosting service, the company should create a public hosted zone for the domain name in Route 53, which is a container for the domain's DNS records. Then, the company should import the zone file containing the domain records hosted by the previous provider, which is a text file that defines the DNS records for the domain. This way, the company can quickly transfer the existing DNS records to Route 53 without manually creating them. After importing the zone file, the company should update the domain registrar to use the name servers that Route 53 assigns to the hosted zone. This will ensure that DNS queries for the domain name are routed to Route 53 and resolved by the imported records.


NEW QUESTION # 225
True or False: Without lAM, you cannot control the tasks a particular user or system can do and what AWS resources they might use.

  • A. FALSE
  • B. TRUE

Answer: A


NEW QUESTION # 226
A company is deploying an application that processes streaming data in near-real time The company plans to use Amazon EC2 instances for the workload The network architecture must be configurable to provide the lowest possible latency between nodes Which combination of network solutions will meet these requirements? (Select TWO)

  • A. Attach multiple elastic network interfaces to each EC2 instance
  • B. Run the EC2 instances in a cluster placement group
  • C. Group the EC2 instances in separate accounts
  • D. Enable and configure enhanced networking on each EC2 instance
  • E. Use Amazon Elastic Block Store (Amazon EBS) optimized instance types.

Answer: B,D

Explanation:
These options are the most suitable ways to configure the network architecture to provide the lowest possible latency between nodes. Option A enables and configures enhanced networking on each EC2 instance, which is a feature that improves the network performance of the instance by providing higher bandwidth, lower latency, and lower jitter. Enhanced networking uses single root I/O virtualization (SR-IOV) or Elastic Fabric Adapter (EFA) to provide direct access to the network hardware. You can enable and configure enhanced networking by choosing a supported instance type and a compatible operating system, and installing the required drivers. Option C runs the EC2 instances in a cluster placement group, which is a logical grouping of instanceswithin a single Availability Zone that are placed close together on the same underlying hardware.
Cluster placement groups provide the lowest network latency and the highest network throughput among the placement group options. You can run the EC2 instances in a cluster placement group by creating a placement group and launching the instances into it.
Option B is not suitable because grouping the EC2 instances in separate accounts does not provide the lowest possible latency between nodes. Separate accounts are used to isolate and organize resources for different purposes, such as security, billing, or compliance. However, they do not affect the network performance or proximity of the instances. Moreover, grouping the EC2 instances in separate accounts would incur additional costs and complexity, and it would require setting up cross-account networking and permissions.
Option D is not suitable because attaching multiple elastic network interfaces to each EC2 instance does not provide the lowest possible latency between nodes. Elastic network interfaces are virtual network interfaces that can be attached to EC2 instances to provide additional network capabilities, such as multiple IP addresses, multiple subnets, or enhanced security. However, they do not affect the network performance or proximity of the instances. Moreover, attaching multiple elastic network interfaces to each EC2 instance would consume additional resources and limit the instance type choices.
Option E is not suitable because using Amazon EBS optimized instance types does not provide the lowest possible latency between nodes. Amazon EBS optimized instance types are instances that provide dedicated bandwidth for Amazon EBS volumes, which are block storage volumes that can be attached to EC2 instances.
EBS optimized instance types improve the performance and consistency of the EBS volumes, but they do not affect the network performance or proximity of the instances. Moreover, using EBS optimized instance types would incur additional costs and may not be necessary for the streaming data workload. References:
Enhanced networking on Linux
Placement groups
Elastic network interfaces
Amazon EBS-optimized instances


NEW QUESTION # 227
A company has an application hosted on Amazon EC2 instances in two VPCs across different AWS Regions.
To communicate with each other, the instances use the internet for connectivity. The security team wants to ensure that no communication between the instances happens over the internet.
What should a solutions architect do to accomplish this?

  • A. Create a VPC peering connection and update the route table of the EC2 instances' subnet.
  • B. Create a VPC endpoint and update the route table of the EC2 instances' subnet.
  • C. Create a NAT gateway and update the route table of the EC2 instances' subnet.
  • D. Create a VPN connection and update the route table of the EC2 instances' subnet.

Answer: A


NEW QUESTION # 228
An analytics company uses Amazon VPC to run its multi-tier services. The company wants to use RESTful APIs to offer a web analytics service to millions of users. Users must be verified by using an authentication service to access the APIs.
Which solution will meet these requirements with the MOST operational efficiency?

  • A. Configure an AWS Lambda function to handle user authentication. Implement Amazon API Gateway REST APIs with a Lambda authorizer.
  • B. Configure an Amazon Cognito identity pool for user authentication. Implement Amazon API Gateway HTTP APIs with a Cognito authorizer.
  • C. Configure an IAM user to handle user authentication. Implement Amazon API Gateway HTTP APIs with an IAM authorizer.
  • D. Configure an Amazon Cognito user pool for user authentication. Implement Amazon API Gateway REST APIs with a Cognito authorizer.

Answer: D

Explanation:
This solution will meet the requirements with the most operational efficiency because:
Amazon Cognito user pools provide a secure and scalable user directory that can store and manage user profiles, and handle user sign-up, sign-in, and access control. User pools can also integrate with social identity providers and enterprise identity providers via SAML or OIDC. User pools can issue JSON Web Tokens (JWTs) that can be used to authenticate users and authorize API requests.
Amazon API Gateway REST APIs enable you to create and deploy APIs that expose your backend services to your clients. REST APIs support multiple authorization mechanisms, including Cognito user pools, IAM, Lambda, and custom authorizers. A Cognito authorizer is a type of Lambda authorizer that uses a Cognito user pool as the identity source. When a client makes a request to a REST API method that is configured with a Cognito authorizer, API Gateway verifies the JWTs that are issued by the user pool and grants access based on the token's claims and the authorizer's configuration.
By using Cognito user pools and API Gateway REST APIs with a Cognito authorizer, you can achieve a high level of security, scalability, and performance for your web analytics service. You can also leverage the built- in features of Cognito and API Gateway, such as user management, token validation, caching, throttling, and monitoring, without having to implement them yourself. This reduces the operational overhead and complexity of your solution.
References:
Amazon Cognito User Pools
Amazon API Gateway REST APIs
Use API Gateway Lambda authorizers


NEW QUESTION # 229
Making your snapshot public shares all snapshot data with everyone.
Can the snapshots with AWS Marketplace product codes be made public?

  • A. No
  • B. Yes

Answer: A


NEW QUESTION # 230
......

Use Free AWS-Solutions-Associate Exam Questions that Stimulates Actual EXAM : https://www.free4dump.com/AWS-Solutions-Associate-braindumps-torrent.html

Get 100% Real AWS-Solutions-Associate Free Online Practice Test: https://drive.google.com/open?id=19h_oXzdsqohhA7FypBJ2-JU7fIVZXMf_

Related Articles

more
Amazon AWS-Solutions-Associate Certification Practice Exam