1 / 9

Easily Pass SAA-C02 Dumps | 25% OFF | Limited Time Offer!

SAA-C02 Dumps is now available on Examsforsure.com by the authentic knowledge of Experts on 25% OFF. Coupon code for discount of 25% OFF isu201dEFS25u201d.

aaronwhiteman001
Download Presentation

Easily Pass SAA-C02 Dumps | 25% OFF | Limited Time Offer!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AMAZON AMAZON SPLK-1 SPLK-1 SAA-C02 AMAZON AMAZON AMAZON AMAZON Splunk SPLK-1003 AWS Certified Developer Associate AWS Certified Developer Associate Version: Demo [ Total Questions: 10]

  2. Questions&AnswersPDF Page2 Version:11.0 Question:1 AsolutionsarchitecthascreatedanewAWSaccountandmustsecureAWSaccountrootuseraccess Whichcombinationofactionswillaccomplishthis?(SelectTWO.) A.Ensuretherootuserusesastrongpassword B.Enablemulti-factorauthenticationtotherootuser C.StorerootuseraccesskeysinanencryptedAmazonS3bucket D.Addtherootusertoagroupcontainingadministrativepermissions. E.Applytherequiredpermissionstotherootuserwithaninlinepolicydocument Answer:A,B Explanation: AWSrequiresthatyourpasswordmeettheseconditions: haveaminimumof8charactersandamaximumof128characters includeaminimumofthreeofthefollowingmixofcharactertypes:uppercase,lowercase,numbers,and !@#$%^&*()<>[]{}|_+-=symbols notbeidenticaltoyourAWSaccountnameoremailaddress EnableMFAontheAWSAccountRootUser Ifyoucontinuetousetherootusercredentials,werecommendthatyoufollowthesecuritybestpractice toenablemulti-factorauthentication(MFA) for youraccount. sensitiveoperationsinyouraccount, addinganadditional secureyouraccount.MultipletypesofMFAareavailable https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_change-root.html https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html Becauseyour layerofauthenticationhelpsyoutobetter rootuser canperform Question:2 Acompany'sapplicationrunsonAmazonEC2instancesbehindanApplicationLoadBalancer(ALB)The instancesruninanAmazonEC2AutoScalinggroupacrossmultipleAvailabilityZonesOnthefirstdayof everymonthat midnight theapplicationbecomes calculationbatchexecutesThiscausestheCPUutilizationoftheEC2instancestoimmediatelypeakto 100%.whichdisruptstheapplication Whatshouldasolutionsarchitectrecommendtoensuretheapplicationisabletohandletheworkload andavoiddowntime? muchslower whenthemonth-endfinancial A.ConfigureanAmazonCloudFrontdistributioninfrontoftheALB

  3. Questions&AnswersPDF Page3 B.ConfigureanEC2AutoScalingsimplescalingpolicybasedonCPUutilization C.ConfigureanEC2AutoScalingscheduledscalingpolicybasedonthemonthlyschedule. D.ConfigureAmazonElastiCachetoremovesomeoftheworkloadfromtheEC2instances Answer:C Explanation: ScheduledScalingforAmazonEC2AutoScaling Scheduledscalingallowsyoutosetyourownscalingschedule. thetraffictoyourwebapplicationstartstoincreaseonWednesday,remainshighonThursday,andstarts todecreaseonFriday.Youcanplanyourscalingactionsbasedonthepredictabletrafficpatternsofyour webapplication.Scalingactionsareperformedautomaticallyasafunctionoftimeanddate. https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html Forexample, let'ssaythateveryweek Question:3 Acompanyismigratingfromanon-premisesinfrastructuretotheAWSCloudOneofthecompany's applicationsstoresfilesonaWindowsfileserverfarmthatusesDistributedFileSystemReplication (DFSR)tokeepdatainsyncAsolutionsarchitectneedstoreplacethefileserverfarm Whichserviceshouldthesolutionsarchitectuse? A.AmazonEFS B.AmazonFSx C.AmazonS3 D.AWSStorageGateway Answer: B Explanation: MigratingExistingFilestoAmazonFSxforWindowsFileServerUsingAWSDataSync WerecommendusingAWSDataSynctotransferdatabetweenAmazonFSxforWindowsFileServerfile systems. DataSyncisadatatransferservicethatsimplifies, replicatingdatabetweenon-premisesstoragesystemsandotherAWSstorageservicesovertheinternet orAWSDirectConnect. DataSynccantransferyourfilesystemdataandmetadata,suchasownership, timestamps,andaccesspermissions. Reference: https://docs.aws.amazon.com/fsx/latest/WindowsGuide/migrate-files-to-fsx-datasync.html automates, andacceleratesmovingand Question:4 Acompany'swebsiteisusedtosellproductstothepublicThesiterunsonAmazonEC2instancesinan AutoScalinggroupbehindanApplicationLoadBalancer(ALB) distributionandAWSWAFisbeingusedtoprotectagainstSQLinjectionattacksTheALBistheoriginfor theCloudFrontdistributionArecentreviewofsecuritylogsrevealedanexternalmaliciousIPthatneeds tobeblockedfromaccessingthewebsite Whatshouldasolutionsarchitectdotoprotecttheapplication? ThereisalsoanAmazonCloudFront

  4. Questions&AnswersPDF Page4 A.ModifythenetworkACLontheCloudFrontdistributiontoaddadenyruleforthemaliciousIPaddress B.ModifytheconfigurationofAWSWAFtoaddanIPmatchconditiontoblockthemaliciousIPaddress C. ModifythenetworkACLfortheEC2instancesinthetargetgroupsbehindtheALBtodenythe maliciousIPaddress D. ModifythesecuritygroupsfortheEC2instancesinthetargetgroupsbehindtheALBtodenythe maliciousIPaddress Answer: B Explanation: Reference: https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-loadbalancers/ https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html IfyouwanttoalloworblockwebrequestsbasedontheIPaddressesthattherequestsoriginatefrom, createoneormoreIPmatchconditions. AnIPmatchconditionlistsupto10,000IPaddressesorIP addressrangesthatyourrequestsoriginatefrom.Laterintheprocess,whenyoucreateawebACL,you specifywhethertoalloworblockrequestsfromthoseIPaddresses. AWSWebApplicationFirewall (WAF) –Helps application-layerexploitsthatcanaffectavailabilityorconsumeexcessiveresources.Asyoucanseein mypost(New–AWSWAF),WAFallowsyoutouseaccesscontrollists(ACLs),rules,andconditionsthat defineacceptableorunacceptablerequestsorIPaddresses.Youcanselectivelyallowordenyaccessto specificpartsofyourwebapplicationandyoucanalsoguardagainstvariousSQLinjectionattacks.We launchedWAFwithsupportforAmazonCloudFront https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/ toprotect your webapplications fromcommon Question:5 AmarketingcompanyisstoringCSVfilesinanAmazonS3bucketforstatisticalanalysisAnapplicationon anAmazonEC2instanceneedspermissiontoefficientlyprocesstheCSVdatastoredintheS3bucket. WhichactionwillMOSTsecurelygranttheEC2instanceaccesstotheS3bucket? A.Attacharesource-basedpolicytotheS3bucket B.Createan1AMuserfortheapplicationwithspecificpermissionstotheS3bucket C.Associatean1AMrolewithleastprivilegepermissionstotheEC2instanceprofile D.StoreAWScredentialsdirectlyontheEC2instanceforapplicationsontheinstancetouseforAPIcalls Answer:C Question:6 AsolutionsarchitectisdesigningasolutionwhereuserswillDedirectedtoabackupstaticerrorpageit theprimarywebsiteisunavailableTheprimarywebsite'sDNSrecordsarehostedinAmazonRoute53 wheretheirdomainispointingtoanApplicationLoadBalancer(ALB)

  5. Questions&AnswersPDF Page5 Whichconfigurationshouldthesolutionsarchitectusetomeetthecompany'sneedswhileminimizing changesandinfrastructureoverhead? A.PointaRoute53aliasrecordtoanAmazonCloudFrontdistributionwiththeALBasoneofitsorigins Then,createcustomerrorpagesforthedistribution B. SetupaRoute53active-passivefailoverconfigurationDirecttraffictoastaticerrorpagehosted withinanAmazonS3bucketwhenRoute53healthchecksdeterminethattheALBendpointisunhealthy C.UpdatetheRoute53recordtousealatency-basedroutingpolicyAddthebackupstaticerrorpage hostedwithinanAmazonS3buckettotherecordsothetrafficissenttothemostresponsiveendpoints D. SetupaRoute53active-activeconfigurationwiththeALBandanAmazonEC2instancehostinga staticerrorpageasendpointsRoute53willonlysendrequeststotheinstanceifthehealthchecksfailfor theALB Answer:B Explanation: Active-passivefailover Useanactive-passivefailoverconfigurationwhenyouwantaprimaryresourceorgroupofresourcesto beavailablethemajorityofthetimeandyouwantasecondaryresourceorgroupofresourcestobeon standbyincaseall theprimaryresourcesbecomeunavailable. includesonlythehealthyprimaryresources.Ifalltheprimaryresourcesareunhealthy,Route53begins toincludeonlythehealthysecondaryresourcesinresponsetoDNSqueries. Tocreateanactive-passivefailoverconfigurationwithoneprimaryrecordandonesecondaryrecord,you justcreatetherecordsandspecifyFailoverfortheroutingpolicy.Whentheprimaryresourceishealthy, Route53respondstoDNSqueriesusingtheprimaryrecord.Whentheprimaryresourceisunhealthy, Route53respondstoDNSqueriesusingthesecondaryrecord. HowAmazonRoute53avertscascadingfailures Asafirstdefenseagainstcascadingfailures, eachrequestroutingalgorithm(suchasweightedand failover)hasamodeoflastresort.Inthisspecialmode,whenallrecordsareconsideredunhealthy,the Route53algorithmrevertstoconsideringallrecordshealthy. Forexample, if all instancesof anapplication, onseveral hosts, arerejectinghealthcheckrequests, Route53DNSserverswillchooseanansweranywayandreturnitratherthanreturningnoDNSanswer orreturninganNXDOMAIN(non-existentdomain)response.Anapplicationcanrespondtousersbutstill failhealthchecks,sothisprovidessomeprotectionagainstmisconfiguration. Similarly,ifanapplicationisoverloaded,andoneoutofthreeendpointsfailsitshealthchecks,sothat it'sexcludedfromRoute53DNSresponses,Route53distributesresponsesbetweenthetworemaining endpoints.Iftheremainingendpointsareunabletohandletheadditional revertstodistributingrequeststoallthreeendpoints. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-types.html https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-problems.html Whenrespondingtoqueries, Route53 loadandtheyfail,Route53 Question:7 AsolutionsarchitectisdesigningthecloudarchitectureforanewapplicationbeingdeployedonAWS Theprocessshouldruninparallelwhileaddingandremovingapplicationnodesasneededbasedonthe numberof jobstobeprocessedTheprocessorapplicationisstatelessThesolutionsarchitectmust ensurethattheapplicationislooselycoupledandthejobitemsaredurablystored

  6. Questions&AnswersPDF Page6 Whichdesignshouldthesolutionsarchitectuse? A.CreateanAmazonSNStopictosendthejobsthatneedtobeprocessedCreateanAmazonMachine Image(AMI)thatconsistsoftheprocessorapplicationCreatealaunchconfigurationthatusestheAMI CreateanAutoScalinggroupusingthelaunchconfigurationSetthescalingpolicyfortheAutoScaling grouptoaddandremovenodesbasedonCPUusage B.CreateanAmazonSQSqueuetoholdthejobsthatneedtobeprocessedCreateanAmazonMachine Image(AMI)thatconsistsoftheprocessorapplicationCreatealaunchconfigurationthatusestheAMI CreateanAutoScalinggroupusingthelaunchconfigurationSetthescalingpolicyfortheAutoScaling grouptoaddandremovenodesbasedonnetworkusage C.CreateanAmazonSQSqueuetoholdthejobsthatneedstobeprocessedCreateanAmazonMachine Image(AMI) thatconsistsof theprocessorapplicationCreatealaunchtemplatethatusestheAMI CreateanAutoScalinggroupusingthelaunchtemplateSetthescalingpolicyfortheAutoScalinggroup toaddandremovenodesbasedonthenumberofitemsintheSQSqueue D.CreateanAmazonSNStopictosendthejobsthatneedtobeprocessedCreateanAmazonMachine Image(AMI) thatconsistsof theprocessorapplicationCreatealaunchtemplatethatusestheAMI CreateanAutoScalinggroupusingthelaunchtemplateSetthescalingpolicyfortheAutoScalinggroup toaddandremovenodesbasedonthenumberofmessagespublishedtotheSNStopic. Answer: C Explanation: AmazonSimpleQueueService AmazonSimpleQueueService(SQS)isafullymanagedmessagequeuingservicethatenablesyouto decoupleandscalemicroservices, distributedsystems, andserverlessapplications.SQSeliminatesthe complexityandoverheadassociatedwithmanagingandoperatingmessageorientedmiddleware, empowersdeveloperstofocusondifferentiatingwork. messagesbetweensoftwarecomponentsatanyvolume, servicestobeavailable. Get startedwithSQSinminutesusingtheAWSconsole, InterfaceorSDKofyourchoice,andthreesimplecommands. SQSofferstwotypesof messagequeues. Standardqueuesoffer ordering, andat-least-oncedelivery. SQSFIFOqueuesaredesignedtoguaranteethatmessagesare processedexactlyonce,intheexactorderthattheyaresent. ScalingBasedonAmazonSQS TherearesomescenarioswhereyoumightthinkaboutscalinginresponsetoactivityinanAmazonSQS queue. Forexample, supposethatyouhaveawebappthatletsusersuploadimagesandusethem online.Inthisscenario,eachimagerequiresresizingandencodingbeforeitcanbepublished.Theapp runsonEC2instancesinanAutoScalinggroup,andit'sconfiguredtohandleyourtypicaluploadrates. Unhealthyinstancesareterminatedandreplacedtomaintaincurrentinstancelevelsatall appplacestherawbitmapdataoftheimagesinanSQSqueueforprocessing.Itprocessestheimages andthenpublishestheprocessedimageswheretheycanbeviewedbyusers.Thearchitectureforthis scenarioworkswellifthenumberofimageuploadsdoesn'tvaryovertime.Butifthenumberofuploads changesovertime,youmightconsiderusingdynamicscalingtoscalethecapacityofyourAutoScaling group. https://aws.amazon.com/sqs/#:~:text=Amazon%20SQS%20leverages%20the%20AWS,queues%20provid e%20nearly%20unlimited%20throughput. https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqs-queue.html and UsingSQS, youcansend, withoutlosingmessagesorrequiringother store, andreceive CommandLine maximumthroughput, best-effort times. The

  7. Questions&AnswersPDF Page8 Question:8 AcompanyhasalegacyapplicationthatprocessesdataintwopartsThesecondpartoftheprocesstakes longerthanthefirst, sothecompanyhasdecidedtorewritetheapplicationastwomicroservices runningonAmazonECSthatcanscaleindependently. Howshouldasolutionsarchitectintegratethemicroservices? A.Implementcodeinmicroservice1tosenddatatoanAmazonS3bucket.UseS3eventnotificationsto invokemicroservice2. B. Implement codeinmicroservice1topublishdatatoanAmazonSNStopicImplement microservice2tosubscribetothistopic C.Implementcodeinmicroservice1tosenddatatoAmazonKinesisDataFirehose.Implementcodein microservice2toreadfromKinesisDataFirehose. D. Implement codeinmicroservice1tosenddatatoanAmazonSQSqueueImplement microservice2toprocessmessagesfromthequeue codein codein Answer:D Explanation: OrchestrateQueue-basedMicroservices Inthistutorial, youwill learnhowtouseAWSStepFunctionsandAmazonSQStodesignandruna serverless workflowthat orchestrates amessagequeue-basedmicroservice. serverlessorchestrationservicethat letsyoueasilycoordinatemultipleAWSservicesintoflexible workflowsthatareeasytodebugandeasytochange. applicationcomponentstocommunicateinthecloud. Thistutorial will simulateinventoryverificationrequestsfromincomingordersinane-commerce applicationaspartof anorderprocessingworkflow. requeststoaqueueonSQS.AnAWSLambdafunctionwillactasyourinventorymicroservicethatusesa queuetobufferrequests.Whenitretrievesarequest,itwillcheckinventoryandthenreturntheresult toStepFunctions. WhenataskinStepFunctionsisconfiguredthisway,itiscalledacallbackpattern. Callbackpatternsallowyoutointegrateasynchronoustasksinyourworkflow, verificationmicroserviceofthistutorial. StepFunctions is a AmazonSQSistheAWSservicethatallows StepFunctionswill sendinventoryverification suchastheinventory https://aws.amazon.com/getting-started/hands-on/orchestrate-microservices-with-message-queues-on-

  8. Questions&AnswersPDF Page9 step-functions/ Question:9 AsolutionsarchitectatanecommercecompanywantstobackupapplicationlogdatatoAmazonS3The solutionsarchitectisunsurehowfrequentlythelogswillbeaccessedorwhichlogswillbeaccessedthe mostThecompanywantstokeepcostsaslowaspossiblebyusingtheappropriateS3storageclass. WhichS3storageclassshouldbeimplementedtomeettheserequirements? A.S3Glacier B.S3Intelligent-Tiering C.S3Standard-InfrequentAccess(S3Standard-IA) D.S3OneZone-InfrequentAccess(S3OneZone-IA) Answer:B Explanation: S3Intelligent-Tiering S3Intelligent-TieringisanewAmazonS3storageclassdesignedforcustomerswhowanttooptimize storagecosts automatically whendataaccess operationaloverhead.S3Intelligent-Tieringisthefirstcloudobjectstorageclassthatdeliversautomatic costsavingsbymovingdatabetweentwoaccesstiers—frequentaccessandinfrequentaccess—when accesspatternschange,andisidealfordatawithunknownorchangingaccesspatterns. S3Intelligent-Tieringstoresobjectsintwoaccesstiers:onetierthatisoptimizedforfrequentaccessand anotherlower-costtierthatisoptimizedforinfrequentaccess. automationfeeperobject,S3Intelligent-Tieringmonitorsaccesspatternsandmovesobjectsthathave notbeenaccessedfor30consecutivedaystotheinfrequentaccesstier.TherearenoretrievalfeesinS3 Intelligent-Tiering.Ifanobjectintheinfrequentaccesstierisaccessedlater,itisautomaticallymoved backtothefrequentaccesstier. Noadditional tieringfeesapplywhenobjectsaremovedbetween accesstierswithintheS3Intelligent-Tieringstorageclass. availabilityand99.999999999%durability, andoffers performanceofS3Standard. https://aws.amazon.com/about-aws/whats-new/2018/11/s3-intelligent-tiering/ patterns change, without performanceimpact or Forasmall monthlymonitoringand S3Intelligent-Tieringisdesignedfor99.9% thesamelowlatencyandhighthroughput Question:10 Asecurityteamwantstolimitaccesstospecificservicesoractionsinalloftheteam'sAWSaccounts.All accountsbelongtoalargeorganizationinAWSOrganizationsThesolutionmustbescalableandthere mustbeasinglepointwherepermissionscanbemaintained. Whatshouldasolutionsarchitectdotoaccomplishthis? A.CreateanACLtoprovideaccesstotheservicesoractions. B.Createasecuritygrouptoallowaccountsandattachittousergroups C.Createcross-accountrolesineachaccounttodenyaccesstotheservicesoractions. D.Createaservicecontrolpolicyintherootorganizationalunittodenyaccesstotheservicesoractions

  9. Questions&AnswersPDF Page10 Answer: D Explanation: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html. ServiceControlPolicyconcepts SCPsoffercentralaccesscontrolsforallIAMentitiesinyouraccounts.Youcanusethemtoenforcethe permissionsyouwanteveryoneinyourbusinesstofollow. morefreedomtomanagetheirownpermissionsbecauseyouknowtheycanonlyoperatewithinthe boundariesyoudefine. YoucreateandapplySCPs throughAWSOrganizations. Organizationsautomaticallycreatesaroot,whichformstheparentcontainerforalltheaccountsinyour organization.Insidetheroot,youcangroupaccountsinyourorganizationintoorganizationalunits(OUs) tosimplifymanagementoftheseaccounts.YoucancreatemultipleOUswithinasingleorganization,and youcancreateOUswithinotherOUstoformahierarchical organizationroot,OUs,andindividualaccounts.SCPsattachedtotherootandOUsapplytoallOUsand accountsinsideofthem. SCPsusetheAWSIdentityandAccessManagement(IAM)policylanguage;however,theydonotgrant permissions.SCPsenableyousetpermissionguardrailsbydefiningthemaximumavailablepermissions forIAMentitiesinanaccount. IfaSCPdeniesanactionforanaccount, accountcantakethataction, eveniftheirIAMpermissionsallowthemtodoso. SCPsapplytoallIAMentitiesintheaccount,whichincludeallusers,roles,andtheaccountrootuser. https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-to-set-permission- guardrails-across-accounts-in-your-aws- organization/#:~:text=Central%20security%20administrators%20use%20service,users%20and%20roles) %20adhere%20to.&text=Now%2C%20using%20SCPs%2C%20you%20can,your%20organization%20or%2 0organizational%20unit. UsingSCPs, youcangiveyourdevelopers Whenyoucreateanorganization, AWS structure. YoucanattachSCPstothe noneoftheentitiesinthe Theguardrailssetin https://www.examsforsure.com/amazon/saa-c02-dumps.html

More Related