TestkingPass

http://www.testkingpass.com
Reliable test dumps & stable pass king & valid test questions
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

Exam : SAA-C01

Title : AWS Certified Solutions

Architect - Associate

Vendor : Amazon

Version : DEMO

1 from Testkingpass.com.
Get Latest & Valid SAA-C01 Exam's Question and Answers 1
http://www.testkingpass.com/saa-c01-testking-dumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

NO.1 A company is creating a web application that will run on an Amazon EC2 instance.
The application on the instance needs access to an Amazon DynamoDB table for storage.
What should be done to meet these requirements?
A. Create an 1AM role and assign the role to the EC2 instance with permissions to the DynamoDB
table.
B. Create identity federation with permissions to the DynamoDB table.
C. Create an identity provider and assign the identity provider to the EC2 instance with permissions
to the DynamoDB table.
D. Create another AWS account root user with permissions to the DynamoDB table.
Answer: A

NO.2 A popular e-commerce application runs on AWS. The application encounters performance
issues. The database is unable to handle the amount of queries and load during peak times. The
database is running on the RDS Aurora engine on the largest instance size available. What should an
administrator do to improve performance?
A. Convert the database to Amazon Redshift.
B. Convert the database to use EBS Provisioned IOPS.
C. Create one or more read replicas.
D. Create a CloudFront distribution.
Answer: C

NO.3 A company wants to analyze all of its sales information aggregated over the last 12 months.
The company expects there to be over 10TB of data from multiple sources.
What service should be used?
A. Amazon DynamoDB
B. Amazon Redshift
C. Amazon RDS MySQL
D. Amazon Aurora MySQL
Answer: B

NO.4 A Solutions Architect is designing an application that will encrypt all data in an Amazon
Redshift cluster. Which action will encrypt the data at rest?
A. Encrypt the Amazon EBS volumes.
B. Use the AWS KMS Default Customer master key.
C. Place the Redshift cluster in a private subnet.
D. Encrypt the data using SSL/TLS.
Answer: B

NO.5 A company expects its user base to increase five times over one year. Its application is hosted
in one region and uses an Amazon RDS MySQL database, an ELB Application Load Balancer, and
Amazon ECS to host the website and its microservices.
Which design changes should a Solutions Architect recommend to support the expected growth?
(Choose two.)
A. Create RDS read replicas and change the application to use these replicas

2 from Testkingpass.com.
Get Latest & Valid SAA-C01 Exam's Question and Answers 2
http://www.testkingpass.com/saa-c01-testking-dumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

B. Create a dedicated Elastic Load Balancer for each microservice

C. Scale the environment based on real-time AWS CloudTrail logs
D. Use an Amazon Route 53 geolocation routing policy
E. Move static files from ECS to Amazon S3
Answer: A,E

NO.6 A company hosts a website using Amazon API Gateway on the front end. Recently, there has
been heavy traffic on the website and the company wants to control access by allowing
authenticated traffic only.
How should the company limit access to authenticated users only? (Select TWO.)
A. Assign permissions in AWS 1AM to allow users.
B. Allow users that are authenticated through Amazon Cognito.
C. Limit traffic through API Gateway.
D. Deploy AWS KMS to identify users.
E. Allow X.509 certificates to authenticate traffic.
Answer: A,B

NO.7 A company deployed a three-tier web application on Amazon EBS backed Amazon EC2
instances for the web and application tiers, and Amazon RDS for the database tier. The company is
concerned about loss of data in the web and application tiers.
What is the MOST efficient way to prevent data loss?
A. Create a snapshot lifecycle policy that takes periodic snapshots of the Amazon EBS volumes
B. Create an Amazon EBS snapshot using an Amazon CloudWatch Events rule
C. Create an Amazon S3 snapshot policy to back up the Amazon EBS volumes
D. Create an Amazon EFS file system and run a shell script to copy the data
Answer: B

NO.8 An online company wants to conduct real-time sentiment analysis about its products from its
social media channels using SQL.
Which of the following solutions has the LOWEST cost and operational burden?
A. Configure the input stream using Amazon Kinesis Data Streams. Use Amazon Kinesis Data Firehose
to send data to an Amazon Redshift cluster, and then query directly against Amazon Redshift
B. Configure the input stream using Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics
to write SQL queries against the stream.
C. Set up streaming data ingestion application on Amazon EC2 and send the output to Amazon S3
using Kinesis Data Firehose. Use Athena to analyze the data.
D. Set up a streaming data ingestion application on Amazon EC2 and connect it to a Hadoop cluster
for data processing. Send the output to Amazon S3 and use Amazon Athena to analyze the data.
Answer: B

NO.9 A company's website receives 50,000 requests each second, and the company wants to use
multiple applications to analyze the navigation patterns of the users on their website so that the
experience can be personalized.
What can a Solutions Architect use to collect page clicks for the website and process them

3 from Testkingpass.com.
Get Latest & Valid SAA-C01 Exam's Question and Answers 3
http://www.testkingpass.com/saa-c01-testking-dumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

sequentially for each user?

A. AWS CloudTrail trail
B. Amazon SQS standard queue
C. Amazon Kinesis Stream
D. Amazon SQS FIFO queue
Answer: C

NO.10 A Solutions Architect is designing a highly available web application on AWS. The data served
on the website is dynamic and is pulled from Amazon DynamoDB. All users are geographically close
to one another.
How can the Solutions Architect make the application highly available?
A. Host the application on EC2 instances across multiple Availability Zones. Use an Auto Scaling group
coupled with an Application Load Balancer.
B. Host the website data on Amazon S3 and set permissions to enable public read-only access for
users.
C. Host the web server data on Amazon CloudFront and update the objects in the Cloudfront
distribution when they change.
D. Host the application on EC2 instances in a single Availability Zone. Replicate the EC2 instances to a
separate region, and use an Application Load Balancer for high availability.
Answer: A

NO.11 An on-premises database is experiencing significant performance problems when running

SQL queries. With
10 users, the lookups are performing as expected. As the number
of users increases, the lookups take three times longer than expected to return values to an
application.
Which action should a Solutions Architect take to maintain performance as the user count increases?
A. Configure Amazon RDS with additional read replicas.
B. Migrate from MySQL to RDS Microsoft SQL Server.
C. Use Amazon SQS.
D. Deploy Multi-AZ RDS MySQL
Answer: A

NO.12 A company has an application that uses Amazon CloudFront for content that is hosted on an
Amazon S3 bucket. After an unexpected refresh, the users are still seeing old content.
Which step should the Solutions Architect take to ensure that new content is displayed?
A. Create a new cache behavior path with the updated content.
B. Change the TTL value for removing the old objects
C. Perform a cache refresh on the CloudFront distribution that is serving the content.
D. Perform an invalidation on the CloudFront distribution that is serving the content.
Answer: D

NO.13 A customer owns a MySQL database that is accessed by various clients who expect, at most,
100 ms latency on requests. Once a record is stored in the database, it rarely changed. Clients only

4 from Testkingpass.com.
Get Latest & Valid SAA-C01 Exam's Question and Answers 4
http://www.testkingpass.com/saa-c01-testking-dumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

access one record at a time.

Database access has been increasing exponentially due to increased client demand. The resultant
load will soon exceed the capacity of the most expensive hardware available for purchase. The
customer wants to migrate to AWS, and is willing to change database systems.
Which service would alleviate the database load issue and offer virtually unlimited scalability for the
future?
A. Amazon Redshift
B. Amazon DynamoDB
C. AWS Data Pipeline
D. Amazon RDS
Answer: B

NO.14 A team has developed a new web application in an AWS Region that has three Availability
Zones: AZ-a, AZ-b, and AZ-c. This application must be fault tolerant and needs at least six Amazon EC2
instances running at all times. The application must tolerate the loss of connectivity to any single
Availability Zone so that the application can continue to run.
Which configurations will meet these requirements? (Select TWO )
A. AZ-awith two EC2 instances, AZ-b with two EC2 instances, and AZ-c with two EC2 instances.
B. AZ-a with three EC2 instances, AZ-b with three EC2 instances, and AZ-c with no EC2 instances.
C. AZ-a with four EC2 instances, AZ-b with two EC2 instances, and AZ-c with two EC2 instances.
D. AZ-a with six EC2 instances, AZ-b with six EC2 instances, and AZ-c with no EC2 instances.
E. AZ-awith three EC2 instances,AZ-bwith three EC2 instances, andAZ-c with three EC2 instances.
Answer: A,E

NO.15 A customer has an application that is used by enterprise customers outside of AWS.
Some of these customers use legacy firewalls that cannot whitelist by DNS name, but whitelist based
only on IP address. The application is currently deployed in two Availability Zones, with one EC2
instance in each that has Elastic IP addresses. The customer wants to whitelist only two IP addresses,
but the two existing EC2 instances cannot sustain the amount of traffic.
What can a Solutions Architect do to support the customer and allow for more capacity?
(Choose two.)
A. Use Amazon Route 53 with a weighted, round-robin routing policy across the Elastic IP addresses
to resolve one at a time.
B. Create a Network Load Balancer with an interface in each subnet, and assign a static IP address to
each subnet.
C. Switch the two existing EC2 instances for an Auto Scaling group, and register them with the
Network Load Balancer.
D. Add additional EC2 instances with Elastic IP addresses, and register them with Amazon Route 53
E. Create additional EC2 instances and put them on standby. Remap an Elastic IP address to a
standby instance in the event of a failure.
Answer: B,C

NO.16 A Solutions Architect is designing an architecture for a mobile gaming application. The
application is expected to be very popular. The Architect needs to prevent the Amazon RDS MySQL

5 from Testkingpass.com.
Get Latest & Valid SAA-C01 Exam's Question and Answers 5
http://www.testkingpass.com/saa-c01-testking-dumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

database from becoming a bottleneck due to frequently accessed queries.

A. Multi-AZ feature on the RDS MySQL Database
B. ELB Classic Load Balancer in front of the web application tier
C. Amazon ElastiCache in front of the RDS MySQL Database
D. Which service or feature should the Architect add to prevent a bottleneck?
Answer: B

NO.17 A Solutions Architect is designing a web application. The web and application tiers need to
access the Internet, but they cannot be accessed from the Internet.
Which of the following steps is required?
A. Attach an Elastic IP address to each Amazon EC2 instance and add a route from the private subnet
to the public subnet.
B. Launch a NAT gateway in the public subnet and add a route to it from the private subnet.
C. Launch a NAT gateway in the private subnet and deploy a NAT instance in the private subnet.
D. Launch Amazon EC2 instances in the public subnet and change the security group to allow
outbound traffic on port 80.
Answer: B

NO.18 A Solution Architect is designing a two-tier application for maximum security, with a web tier
running on EC2 instances and the data stored in an RDS DB instance. The web tier should accept user
access only through HTTPS connections (port 443) from the Internet, an the data must be encrypted
in transit to and from the database.
What combination of steps will MOST securely meet the stated requirements? (Choose two.)
A. Enforce Transparent Data Encryption (TDE) on the RDS database.
B. Configure the web servers to communicate with RDS by using SSL, and issue certificates to the
web tier EC2 instances.
C. Create a customer master key in AWS KMS and apply it to encrypt the RDS instance.
D. Create a security group for the web tier instances that allows inbound traffic only over port 443.
E. Create a network ACL that allows inbound traffic only over port 443.
Answer: B,D

NO.19 An application runs on Amazon EC2 instances in an Auto Scaling group. When instances are
terminated, the Systems Operations team cannot determine the route cause, because the logs reside
on the terminated instances and are lost.
How can the root cause be determined?
A. Use an Amazon CloudWatch agent to push the logs to Amazon CloudWatch Logs.
B. Use ephemeral volumes to store the log files.
C. Use a scheduled Amazon CloudWatch Event to take regular Amazon EBS snapshots.
D. Use AWS CloudTrail to pull the logs from the Amazon EC2 instances.
Answer: A

NO.20 An application runs on Amazon EC2 instances in multiple Availability Zones (AZs) behind an
Application Load Balancer. The load balancer is in public subnets; the EC2 instances are in private
subnets and must not be accessible from the internet. The EC2 instances must call external services

6 from Testkingpass.com.
Get Latest & Valid SAA-C01 Exam's Question and Answers 6
http://www.testkingpass.com/saa-c01-testking-dumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

on the internet. If one AZ becomes unavailable, the remaining EC2 instances must still be able to call
the external services.
How should these requirements be met?
A. Create a NAT gateway in each AZ. Update the route tables for each private subnet to direct
internet-bound traffic to the NAT gateway.
B. Create a NAT gateway attached to the VPC. Add a route to the gateway to each private subnet
route table.
C. Configure an internet gateway. Add a route to the gateway to each private subnet route table.
D. Create a NAT instance in the private subnet of each AZ. Update the route tables for each private
subnet to direct internet-bound traffic to the NAT instance.
Answer: A

NO.21 An organization is currently hosting a large amount of frequently accessed data consisting of
key-value pairs and semi-structured documents in their data center. They are planning to move this
data to AWS.
Which of one of the following services MOST effectively meets their needs?
A. Amazon Aurora
B. Amazon RDS
C. Amazon DynamoDB
D. Amazon Redshift
Answer: C

NO.22 A customer needs to capture all client connection information from their load balancer every
five minutes. The company wants to use data for analyzing traffic patterns and troubleshooting their
applications. Which of the following options meets the customer requirements?
A. Enable AWS CloudTrail for the load balancer
B. Install the Amazon CloudWatch Logs agent on the load balancer
C. Enable access logs on the load balancer
D. Enable Amazon CloudWatch metrics on the load balancer
Answer: C

NO.23 A company needs to use AWS resources to expand capacity for a website hosted in an
onpremises data center. The AWS resources will include load balancers, Auto Scaling, and Amazon
EC2 instances that will access an on-premises database. Network connectivity has been established,
but no traffic is going to the AWS environment.
How should Amazon Route 53 be configured to distribute load to the AWS environment?
(Select TWO.)
A. Create multiple A records for the EC2 instances.
B. Set up an A record to point the DNS name to the IP address of the load balancer.
C. Set up a weighted routing policy, distributing the workload between the load balancer and the on-
premises environment.
D. Set up a routing policy for failover using the on-premises environment as primary and the load
balancer as secondary.
E. Set up a geolocation routing policy to distribute the workload between the load balancer and the

7 from Testkingpass.com.
Get Latest & Valid SAA-C01 Exam's Question and Answers 7
http://www.testkingpass.com/saa-c01-testking-dumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

on-premises environment.
Answer: B,C

NO.24 An e-commerce application is hosted in AWS. The last time a new product was launched, the
application experienced a performance issue due to an enormous spike in traffic. Management
decided that capacity must be doubled the week after the product is launched.
Which is the MOST efficient way for management to ensure that capacity requirements are met?
A. Add a Scheduled Scaling action.
B. Add a Step Scaling policy.
C. Add a Dynamic Scaling policy.
D. Add Amazon EC2 Spot Instances.
Answer: C

NO.25 A Solutions Architect is designing a solution to monitor weather changes by the minute. The
frontend application is hosted on Amazon EC2 instances. The backend must be scalable to a virtually
unlimited size, and data retrieval must occur with minimal latency.
Which AWS service should the Architect use to store the data and achieve these requirements?
A. Amazon S3
B. Amazon RDS
C. Amazon EBS
D. Amazon DynamoDB
Answer: D

8 from Testkingpass.com.
Get Latest & Valid SAA-C01 Exam's Question and Answers 8
http://www.testkingpass.com/saa-c01-testking-dumps.html