100% Valid and Newest Version AWS-Solution-Architect-Associate Questions & Answers shared by Certleader

https://www.certleader.com/AWS-Solution-Architect-Associate-dumps.html (166 Q&As)

AWS-Solution-Architect-Associate Dumps

AWS Certified Solutions Architect - Associate (SAA-C02)

https://www.certleader.com/AWS-Solution-Architect-Associate-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AWS-Solution-Architect-Associate Questions & Answers shared by Certleader
https://www.certleader.com/AWS-Solution-Architect-Associate-dumps.html (166 Q&As)

NEW QUESTION 1
Does DynamoDB support in-place atomic updates?

A. Yes
B. No
C. It does support in-place non-atomic updates
D. It is not defined

Answer: A

Explanation:
DynamoDB supports in-place atomic updates.
Reference:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/\NorkingWithItems.htmI#Working WithItems.AtomicCounters

NEW QUESTION 2
Much of your company's data does not need to be accessed often, and can take several hours for retrieval time, so it's stored on Amazon Glacier. However
someone within your organization has expressed concerns that his data is more sensitive than the other data, and is wondering whether the high
level of encryption that he knows is on S3 is also used on the much cheaper Glacier service. Which of the following statements would be most applicable in
regards to this concern?

A. There is no encryption on Amazon Glacier, that's why it is cheaper.

B. Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3 but you can change it to AES-256 if you are willing
to pay more.
C. Amazon Glacier automatically encrypts the data using AES-256, the same as Amazon S3.
D. Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3.

Answer: C

Explanation:
Like Amazon S3, the Amazon Glacier service provides low-cost, secure, and durable storage. But where S3 is designed for rapid retrieval, Glacier is meant to be
used as an archival service for data that is not accessed often, and for which retrieval times of several hours are suitable.
Amazon Glacier automatically encrypts the data using AES-256 and stores it durably in an immutable form. Amazon Glacier is designed to provide average annual
durability of 99.999999999% for an archive. It stores each archive in multiple facilities and multiple devices. Unlike traditional systems which can require laborious
data verification and manual repair, Glacier performs regular, systematic data integrity checks, and is built to be automatically self-healing.
Reference: http://d0.awsstatic.com/whitepapers/Security/AWS%20Security%20Whitepaper.pdf

NEW QUESTION 3
You need to set up a complex network infrastructure for your organization that will be reasonably easy to deploy, replicate, control, and track changes on. Which
AWS service would be best to use to help you accomplish this?

A. AWS Import/Export
B. AWS CIoudFormation
C. Amazon Route 53
D. Amazon CIoudWatch

Answer: B

Explanation:
AWS CIoudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those
resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon
EC2 instances or Amazon RDS DB instances), and AWS CIoudFormation takes care of provisioning and configuring those resources for you. You don't need to
indMdually create and configure AWS resources
and figure out what's dependent on what. AWS CIoudFormation handles all of that.
Reference: http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/WeIcome.htmI

NEW QUESTION 4
You have multiple VPN connections and want to provide secure communication between sites using the AWS VPN CIoudHub. Which statement is the most
accurate in describing what you must do to set this up correctly?

A. Create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs)
B. Create a virtual private gateway with multiple customer gateways, each with a unique set of keys
C. Create a virtual public gateway with multiple customer gateways, each with a unique Private subnet
D. Create a virtual private gateway with multiple customer gateways, each with unique subnet id

Answer: A

Explanation:
If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CIoudHub. The VPN CIoudHub operates on a
simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet
connections who'd like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectMty between these remote offices.
To use the AWS VPN CIoudHub, you must create a virtual private gateway with multiple customer
gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs). Customer gateways advertise the appropriate routes (BGP
prefixes) over their VPN connections. These routing advertisements are received and re-advertised to each BGP peer, enabling each site to send data to and
receive data from the other sites. The routes for each spoke must have unique ASNs and the sites must not have overlapping IP ranges. Each site can also send
and receive data from the VPC as if they were using a standard VPN connection.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPN_CIoudHub.htmI

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AWS-Solution-Architect-Associate Questions & Answers shared by Certleader
https://www.certleader.com/AWS-Solution-Architect-Associate-dumps.html (166 Q&As)

NEW QUESTION 5
You're trying to delete an SSL certificate from the IAM certificate store, and you're getting the message "Certificate: <certificate-id> is being used by CIoudFront."
Which of the following statements is probably the reason why you are getting this error?

A. Before you can delete an SSL certificate, you need to either rotate SSL certificates or revert from using a custom SSL certificate to using the default CIoudFront
certificate.
B. You can't delete SSL certificates . You need to request it from AWS.
C. Before you can delete an SSL certificate, you need to set up the appropriate access level in IAM
D. Before you can delete an SSL certificate you need to set up https on your serve

Answer: A

Explanation:
CIoudFront is a web service that speeds up distribution of your static and dynamic web content, for example, .htmI, .css, .php, and image files, to end users.
Every CIoudFront web distribution must be associated either with the default CIoudFront certificate or with a custom SSL certificate. Before you can delete an SSL
certificate, you need to either rotate SSL certificates (replace the current custom SSL certificate with another custom SSL certificate) or revert from using a custom
SSL certificate to using the default CIoudFront certificate.
Reference: http://docs.aws.amazon.com/AmazonCIoudFront/latest/Deve|operGuide/Troubleshooting.htm|

NEW QUESTION 6
You have been asked to build AWS infrastructure for disaster recovery for your local applications and within that you should use an AWS Storage Gateway as part
of the solution. Which of the following best describes the function of an AWS Storage Gateway?

A. Accelerates transferring large amounts of data between the AWS cloud and portable storage devices .
B. A web service that speeds up distribution of your static and dynamic web content.
C. Connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between your on-premises IT environment
and AWS's storage infrastructure.
D. Is a storage service optimized for infrequently used data, or "cold data."

Answer: C

Explanation:
AWS Storage Gateway connects an on-premises software appliance with cloud-based storage to provide seamless integration with data security features between
your on-premises IT environment and the Amazon Web Services (AWS) storage infrastructure. You can use the service to store data in the AWS cloud for scalable
and cost-effective storage that helps maintain data security. AWS Storage Gateway offers both volume-based and tape-based storage solutions:
Volume gateways Gateway-cached volumes Gateway-stored volumes
Gateway-virtual tape library (VTL)
Reference:
http://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_disasterrecovery_07.pdf

NEW QUESTION 7
AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. In
addition to supporting IAM user policies, some services support resource-based permissions. Which of the following services are supported by
resource-based permissions?

A. Amazon SNS, and Amazon SQS and AWS Direct Connect.

B. Amazon S3 and Amazon SQS and Amazon EIastiCache.
C. Amazon S3, Amazon SNS, Amazon SQS, Amazon Glacier and Amazon EBS.
D. Amazon Glacier, Amazon SNS, and Amazon CIoudWatch

Answer: C

Explanation:
In addition to supporting IAM user policies, some services support resource-based permissions, which let you attach policies to the service's resources instead of
to IAM users or groups. Resource-based permissions are supported by Amazon S3, Amazon SNS, Amazon SQS, Amazon Glacier and Amazon EBS.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SpecificProducts.htm|

NEW QUESTION 8
In the most recent company meeting, your CEO focused on the fact that everyone in the organization needs to make sure that all of the infrastructure that is built is
truly scalable. Which of the following statements is incorrect in reference to scalable architecture?

A. A scalable service is capable of handling heterogeneity.

B. A scalable service is resilient.
C. A scalable architecture won't be cost effective as it grows.
D. Increasing resources results in a proportional increase in performanc

Answer: C

Explanation:
In AWS it is critical to build a scalable architecture in order to take advantage of a scalable infrastructure. The cloud is designed to provide conceptually infinite
scalability. However, you cannot leverage all that scalability in infrastructure if your architecture is not scalable. Both have to work together. You will have to identify
the monolithic components and bottlenecks in your architecture, identify the areas where you cannot leverage the on-demand provisioning capabilities in your
architecture, and work to refactor your application, in order to leverage the scalable infrastructure and take advantage of the cloud.
Characteristics of a truly scalable application:
Increasing resources results in a proportional increase in performance A scalable service is capable of handling heterogeneity
A scalable service is operationally efficient A scalable service is resilient
A scalable service should become more cost effective when it grows (Cost per unit reduces as the number of units increases)
Reference: http://media.amazonwebservices.com/AWS_CIoud_Best_Practices.pdf

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AWS-Solution-Architect-Associate Questions & Answers shared by Certleader
https://www.certleader.com/AWS-Solution-Architect-Associate-dumps.html (166 Q&As)

NEW QUESTION 9
A corporate web application is deployed within an Amazon Virtual Private Cloud (VPC) and is connected to the corporate data center via an IPsec VPN. The
application must authenticate against the on-premises LDAP server. After authentication, each logged-in user can only access an Amazon Simple Storage Space
(53) keyspace specific to that user.
Which two approaches can satisfy these objectives? (Choose 2 answers)

A. Develop an identity broker that authenticates against IAM security Token service to assume a Lam role in order to get temporary AWS security credentials The
application calls the identity broker to get AWS temporary security credentials with access to the appropriate 53 bucket.
B. The application authenticates against LDAP and retrieves the name of an IAM role associated with the use
C. The application then ca Ils the IAM Security Token Service to assume that IAM role The application can use the temporary credentials to access the appropriate
53 bucket.
D. Develop an identity broker that authenticates against LDAP and then calls IAM Security To ken Service to get IAM federated user credentials The application
calls the identity broker to get IAM federated user credentials with access to the appropriate 53 bucket.
E. The application authenticates against LDAP the application then calls the AWS identity and Access Management (IAM) Security service to log in to IAM using
the LDAP credentials the application can use the IAM temporary credentials to access the appropriate 53 bucket.
F. The application authenticates against IAM Security Token Service using the LDAP credentials the application uses those temporary AWS security credentials to
access the appropriate 53 bucket.

Answer: BC

NEW QUESTION 10
You are designing a photo sharing mobile app the application will store all pictures in a single Amazon 53 bucket.
Users will upload pictures from their mobile device directly to Amazon 53 and will be able to view and download their own pictures directly from Amazon 53.
You want to configure security to handle potentially millions of users in the most secure manner possible. What should your server-side application do when a new
user registers on the photo sharing mobile application?

A. Create a set of long-term credentials using AWS Security Token Service with appropriate permissions Store these credentials in the mobile app and use them to
access Amazon 53.
B. Record the user's Information in Amazon RDS and create a role in IAM with appropriate permission
C. When the user uses their mobile app create temporary credentials using the AWS Security Token Service 'Assume Role' function Store these credentials in the
mobile app's memory and use them to access Amazon 53 Generate new credentials the next time the user runs the mobile app.
D. Record the user's Information In Amazon DynamoD
E. When the user uses their mobile app create temporary credentials using AWS Security Token Service with appropriate permissions Store these credentials in
the mobile app's memory and use them to access Amazon 53 Generate new credentials the next time the user runs the mobile app.
F. Create IAM use
G. Assign appropriate permissions to the IAM user Generate an access key and secret key for the IAM user, store them in the mobile app and use these
credentials to access Amazon 53.
H. Create an IAM use
I. Update the bucket policy with appropriate permissions for the IAM user Generate an access Key and secret Key for the IAM user, store them In the mobile app
and use these credentials to access Amazon 53.

Answer: B

NEW QUESTION 11
When you view the block device mapping for your instance, you can see only the EBS volumes, not the instance store volumes.

A. Depends on the instance type

B. FALSE
C. Depends on whether you use API call
D. TRUE

Answer: D

NEW QUESTION 12
What will be the status of the snapshot until the snapshot is complete.

A. running
B. working
C. progressing
D. pending

Answer: D

NEW QUESTION 13
Can a 'user' be associated with multiple AWS accounts?

A. No
B. Yes

Answer: A

NEW QUESTION 14
What happens to the 1/0 operations while you take a database snapshot?

A. 1/0 operations to the database are suspended for a few minutes while the backup is in progress.
B. 1/0 operations to the database are sent to a Replica (if available) for a few minutes while the backup is in progress.
C. 1/0 operations will be functioning normally
D. 1/0 operations to the database are suspended for an hour while the backup is in progress

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AWS-Solution-Architect-Associate Questions & Answers shared by Certleader
https://www.certleader.com/AWS-Solution-Architect-Associate-dumps.html (166 Q&As)

Answer: A

NEW QUESTION 15
Does Route 53 support MX Records?

A. Yes.
B. It supports CNAME records, but not MX records.
C. No
D. Only Primary MX record
E. Secondary MX records are not supporte

Answer: A

NEW QUESTION 16
REST or Query requests are HTIP or HTIPS requests that use an HTIP verb (such as GET or POST) and a parameter named Action or Operation that specifies
the API you are calling.

A. FALSE
B. TRUE

Answer: A

NEW QUESTION 17
Does Amazon Route 53 support NS Records?

A. Yes, it supports Name Service records.

B. No
C. It supports only MX records.
D. Yes, it supports Name Sewer record

Answer: D

NEW QUESTION 18
The SQL Server _ feature is an efficient means of copying data from a source database to your DB Instance. It writes the data that you specify to a data file, such
as an ASCII file.

A. bulk copy
B. group copy
C. dual copy
D. mass copy

Answer: A

NEW QUESTION 19
Which of the following are t rue regarding AWS CIoudTraiI? Choose 3 answers

A. CIoudTraiI is enabled globally

B. CIoudTraiI is enabled by default
C. CIoudTraiI is enabled on a per-region basis
D. CIoudTraiI is enabled on a per-service basis.
E. Logs can be delivered to a single Amazon 53 bucket for aggregation.
F. CIoudTraiI is enabled for all available services within a region.
G. Logs can only be processed and delivered to the region in which they are generate

Answer: CDE

Explanation:
Reference: http://aws.amazon.com/c|oudtraiI/faqs/

NEW QUESTION 20
A company is deploying a two-tier, highly available web application to AWS. Which service provides
durable storage for static content while utilizing lower Overall CPU resources for the web tier?

A. Amazon EBS volume

B. Amazon 53
C. Amazon EC2 instance store
D. Amazon RD5 instance

Answer: B

NEW QUESTION 21
......

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AWS-Solution-Architect-Associate Questions & Answers shared by Certleader
https://www.certleader.com/AWS-Solution-Architect-Associate-dumps.html (166 Q&As)

Thank You for Trying Our Product

* 100% Pass or Money Back

All our products come with a 90-day Money Back Guarantee.
* One year free update
You can enjoy free update one year. 24x7 online support.
* Trusted by Millions
We currently serve more than 30,000,000 customers.
* Shop Securely
All transactions are protected by VeriSign!

100% Pass Your AWS-Solution-Architect-Associate Exam with Our Prep Materials Via below:

https://www.certleader.com/AWS-Solution-Architect-Associate-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

Powered by TCPDF (www.tcpdf.org)