Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 272 discussion

D. EFS -> NFS

D is correct.

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

I think that B : FSX.

New Question - A solution architect is designing a new workload in which AWS lambda function will access an amazon DynamoDB table. what is most secure means of granting the lambda function access to the DynamoDB table ? A. Create a IAM role with necessary permissions to access the DynamoDB. Assign the role to lambda function. B. Create Dynamo username and password and give them to developer to use in the lambda function. C. Create an IAM user and create access and secret keys for the user. Give the user necessary permissions to access DynamoDB table D. Create a IAM role allowing access from AWS Lamba

This is D 101%

D indeed

NEW QUESTION A company is deploying an application that processes large quantities of data in batches as needed. The company plans to use Amazon EC2 instances for the workload. The network architecture must support a highly scalable solution and prevent groups of nodes from sharing the same underlying hardware. Which combination of network solutions will meet these requirements? (Select TWO.) A. Create Capacity Reservations for the EC2 instances to run in a placement group. B. Run the EC2 instances in a spread placement group. C. Run the EC2 instances in a cluster placement group. D. Place the EC2 instances in an EC2 Auto Scaling group. E. Run the EC2 instances in a partition placement group.

NEW QUESTION A company has several web servers that need to frequently access a common Amazon RDS MySQL Multi-AZ DB instance. The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently. Which solution meets these requirements? A. Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager. B. Store the database user credentials in AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter. C. Store the database user credentials in a secure Amazon S3 bucket. Grant the necessary IAM permissions to allow the web servers to retrieve credentials and access the database. D. Store the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system. The web server should be able to decrypt the files and access the database.

NEW QUESTION A solutions architect is designing an architecture that includes web, application, and database tiers. The web tier must be capable of auto scaling. The solutions architect has decided to separate each tier into its own subnets. The design includes two public subnets and four private subnets. The security team requires that tiers be able to communicate with each other only when there is a business need and that all other network traffic be blocked. What should the solutions architect do to meet these requirements? A. Create an Amazon Guard Duty source/destination rule set to control communication. B. Create one security group for all tiers to limit traffic to only the required source and destinations. C. Create specific security groups for each tier to limit traffic to only the required source and destinations. D. Create network ACLs in all six subnets to limit traffic to the sources and destinations required for the application to function.

287. A solutions architect is designing a new API using Amazon API Gateway that will receive requests from users. The volume of requests is highly variable; several hours can pass without receiving a single request. The data processing will take place asynchronously, but should be completed within a few seconds after a request is made. Which compute service should the solutions architect have the API invoke to deliver the requirements at the lowest cost? A. An AWS Glue job B. An AWS Lambda function C. A containerized service hosted in Amazon Elastic Kubernetes Service (Amazon EKS) D. A containerized service hosted in Amazon ECS with Amazon EC2

A company has created a multi-tier application for its ecommerce website. The website uses an Application Load Balancer that resides in the public subnets, a web tier in the public subnets, and a MySQL cluster hosted on Amazon EC2 instances in the private subnets. The MySQL database needs to retrieve product catalog and pricing information that is hosted on the internet by a third-party provider. A solutions architect must devices a strategy that maximizes security without increasing operational overhead. What should the solutions architect do to meet these requirements? A. Deploy a NAT instance in the VPC. Route all the internet-based traffic through the NAT instance. B. Deploy a NAT gateway in the public subnets. Modify the private subnet route table to direct all internet-bound traffic to the NAT gateway. C. Configure an internet gateway and attach it to the VPC. Modify the private subnet route table to direct internet-bound traffic to the internet gateway. D. Configure a virtual private gateway and attach it to the VPC. Modify the private subnet route table to direct internet-bound traffic to the virtual private gateway.

A solutions architect is designing the cloud architecture for a company that needs to host hundreds of machine learning models for its users. During startup, the models need to load up to 10 GB of data from Amazon S3 into memory, but they do not need disk access. Most of the models are used sporadically, but the users expect all of them to be highly available and accessible with low latency. Which solution meets the requirements and is MOST cost-effective? A. Deploy models as AWS Lambda functions behind an Amazon API Gateway for each model. B. Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind an Application Load Balancer for each model. C. Deploy models as AWS Lambda functions behind a single Amazon API Gateway with path-based routing where one path corresponds to each model. D. Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind a single Application Load Balancer with path-based routing where one path corresponds to each model.

A company has an ecommerce application that stores data in an on-premises SQL database. The company has decided to migrate this database to AWS. However, as part of the migration, the company wants to find a way to attain sub-millisecond responses to common read requests. A solutions architect knows that the increase in speed is paramount and that a small percentage of stale data returned in the database reads is acceptable. What should the solutions architect recommend? A. Build Amazon RDS read replicas. B. Build the database as a larger instance type. C. Build a database cache using Amazon ElastiCache. D. Build a database cache using Amazon Elasticsearch Service (Amazon ES).

A company is developing an ecommerce application that will consist of a load-balanced front end, a container-based application, and a relational database. A solutions architect needs to create a highly available solution that operates with as little manual intervention as possible. Which solutions meet these requirements? (Choose two.) A. Create an Amazon RDS DB instance in Multi-AZ mode. B. Create an Amazon RDS DB instance and one or more replicas in another Availability Zone. C. Create an Amazon EC2 instance-based Docker cluster to handle the dynamic application load. D. Create an Amazon Elastic Container Service (Amazon ECS) cluster with a Fargate launch type to handle the dynamic application load. E. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type to handle the dynamic application load.

Q-131 A company is using a fleet of Amazon EC2 instances to ingest data from on-premises data sources. The data is in JSON format and ingestion rates can be as high as 1 MB/s. When an EC2 instance is rebooted, the data in-flight is lost. The company's data science team wants to query ingested data in near-real time. Which solution provides near-real-time data querying that is scalable with minimal data loss? A. Publish data to Amazon Kinesis Data Streams. Use Kinesis Data Analytics to query the data. B. Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination. Use Amazon Redshift to query the data. C. Store ingested data in an EC2 instance store. Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destination. Use Amazon Athena to query the data. D. Store ingested data in an Amazon Elastic Block Store (Amazon EBS) volume. Publish data to Amazon ElastiCache for Redis. Subscribe to the Redis channel to query the data.

Q-130 A company has an on-premises MySQL database used by the global sales team with infrequent access patterns. The sales team requires the database to have minimal downtime. A database administrator wants to migrate this database to AWS without selecting a particular instance type in anticipation of more users in the future. Which service should a solutions architect recommend? A. Amazon Aurora MySQL B. Amazon Aurora Serverless for MySQL C. Amazon Redshift Spectrum D. Amazon RDS for MySQL