Question 1

The www.tutorialsdojonews.com website is using the WordPress platform that runs on a fleet of Amazon EC2 instances behind an application load balancer to deliver news around the globe. There are a lot of customers complaining about the slow loading time of the website. The solutions architect has created a CloudFront distribution and set the ALB as the origin to improve the read performance. After several days, the IT Security team reported that the setup is not secure and it should enable end-to-end HTTPS connections from the user's browser to the origin via CloudFront.

Which of the following options should the solutions architect implement to satisfy the above requirements?

Options :

A : Use a self-signed certificate in both the origin and CloudFront.

B : Configure the CloudFront distribution to redirect HTTP to HTTPS protocol. Generate a new SSL certificate on AWS Certificate Manager and use it as the CloudFront distribution and origin certificate.

C : Configure CloudFront to use its default certificate. Configure the CloudFront distribution to redirect HTTP to HTTPS protocol. For the origin, generate a new SSL certificate on AWS Certificate Manager.

D : Use third-party CA certificate on both the origin and CloudFront.

Answer: B

Question 2

A company is collecting a large amount of data from a fleet of loT devices. Data is stored as Optimized Row

Columnar (ORC) files in the Hadoop Distributed File System (HDFS) on a persistent Amazon EMR cluster.

The company's data analytics team queries the data by using SQL in Apache Presto deployed on the same

EMR cluster Queries scan large amounts of data always run for less than 15 minutes, and run only between 5

PM and 10 PM.

The company is concerned about the high cost associated with the current solution A solutions architect must

propose the most cost-effective solution that will allow SQL data queries.

Which solution will meet these requirements?

Options :

A : Store data m Amazon S3 Use Amazon Redshift Spectrum to query data.

B : Store data m Amazon S3 Use the AWS Glue Data Catalog and Amazon Athena to query data.

C : Store data in EMR File System (EMRFS). Use Presto n Amazon EMR to query data.

D : Store data in Amazon Redshift Use Amazon Redshift to query data

Answer: B

Question 3

A company runs a Python script on an Amazon EC2 instance to process data. The script runs every

10 minutes. The script ingests files from an Amazon S3 bucket and processes the files. On average, the script

takes approximately 5 minutes to process each file The script will not reprocess a file that the script has

already processed.

The company reviewed Amazon CloudWatch metrics and noticed that the EC2 instance is idle for

approximately 40% of the time because of the file processing speed. The company wants to make the

workload highly available and scalable. The company also wants to reduce long-term management overhead.

Which solution will meet these requirements MOST cost-effectively?

Options :

A :

Migrate the data processing script to an AWS Lambda function. Use an S3 event notification to invoke

the Lambda function to process the objects when the company uploads the objects.

B :

Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure Amazon S3 to send event

notifications to the SQS queue. Create an EC2 Auto Scaling group with a minimum size of one instance.

Update the data processing script to poll the SQS queue. Process the S3 objects that the SQS message

identifies.

C :

Migrate the data processing script to a container image. Run the data processing container on an EC2

instance. Configure the container to poll the S3 bucket for new objects and to process the resulting

objects.

D :

Migrate the data processing script to a container image that runs on Amazon Elastic Container Service

(Amazon ECS) on AWS Fargate. Create an AWS Lambda function that calls the Fargate RunTaskAPI

operation when the container processes the file. Use an S3 event notification to invoke the Lambda

function.

Answer: A

Question 4

A company is migrating a legacy application from an on-premises data center to AWS. The application uses

MangeDB as a key-value database According to the company's technical guidelines, all Amazon EC2

instances must be hosted in a private subnet without an internet connection In addition, all connectivity

between applications and databases must be encrypted. The database must be able to scale based on demand

Which solution will meet these requirements?

Options :

A :

Create new Amazon DocumentDB (with MangeDB compatibility) tables for the application with

Provisioned IOPS volumes Use the instance endpoint to connect to Amazon DocumentDB

B :

Create new Amazon DynamoDB tables for the application with on-demand capacity Use a gateway

VPC endpoint for DynamoDB to connect lo the DynamoDB tables

C :

Create new Amazon DynamoDB tables for the application with on-demand capacity Use an interface

VPC endpoint for DynamoDB to connect to the DynamoDB tables

D :

Create new Amazon DocumentDB (with MangeDB compatibility) tables for the application with

Provisioned IOPS volumes Use the cluster endpoint to connect to Amazon DocumentDB

Answer: C

Question 5

A leading financial company is planning to launch its MERN (MongoDB, Express, React, Node.js) application with an Amazon RDS MariaDB database to serve its clients worldwide. The application will run on both on-premises servers as well as Reserved EC2 instances. To comply with the company's strict security policy, the database credentials must be encrypted both at rest and in transit. These credentials will be used by the application servers to connect to the database. The Solutions Architect is tasked to manage all of the aspects of the application architecture and production deployment.

How should the Architect automate the deployment process of the application in the MOST secure manner?

Options :

A : Upload the database credentials with a Secure String data type in AWS Systems Manager Parameter Store. Install the AWS SSM agent on all servers. Set up a new IAM role that enables access and decryption of the database credentials from SSM Parameter Store. Attach this IAM policy to the instance profile for CodeDeploy-managed EC2 instances. Associate the same policy as well to the on-premises instances. Using AWS CodeDeploy, launch the application packages to the Amazon EC2 instances and on-premises servers.

B : Upload the database credentials with a Secure String data type in AWS Systems Manager Parameter Store. Install the AWS SSM agent on all servers. Set up a new IAM role that enables access and decryption of the database credentials from SSM Parameter Store. Associate this role to all on-premises servers and EC2 instances. Use Elastic Beanstalk to host and manage the application on both on-premises servers and EC2 instances. Deploy the succeeding application revisions to AWS and on-premises servers using Elastic Beanstalk.

C : Upload the database credentials with key rotation in AWS Secrets Manager. Install the AWS SSM agent on all servers. Set up a new IAM role that enables access and decryption of the database credentials from SSM Parameter Store. Associate this role to all on-premises servers and EC2 instances. Use Elastic Beanstalk to host and manage the application on both on-premises servers and EC2 instances. Deploy the succeeding application revisions to AWS and on-premises servers using Elastic Beanstalk.

D : Upload the database credentials with a Secure String data type in AWS Systems Manager Parameter Store. Install the AWS SSM agent on all servers. Set up a new IAM role that enables access and decryption of the database credentials from SSM Parameter Store. Associate this role to the EC2 instances. Create an IAM Service Role that will be associated with the on-premises servers. Deploy the application packages to the EC2 instances and on-premises servers using AWS CodeDeploy.

Answer: D

Higher Test Marks with Free Online SAP-C02 Exam Practice

Buying Options: