90 likes | 94 Views
SAA-C02 Dumps is now available on Examsforsure.com by the authentic knowledge of Experts on 25% OFF. Coupon code for discount of 25% OFF isu201dEFS25u201d.
E N D
AMAZON AMAZON SPLK-1 SPLK-1 SAA-C02 AMAZON AMAZON AMAZON AMAZON Splunk SPLK-1003 AWS Certified Developer Associate AWS Certified Developer Associate Version: Demo [ Total Questions: 10]
Questions&AnswersPDF Page2 Version:11.0 Question:1 AsolutionsarchitecthascreatedanewAWSaccountandmustsecureAWSaccountrootuseraccess Whichcombinationofactionswillaccomplishthis?(SelectTWO.) A.Ensuretherootuserusesastrongpassword B.Enablemulti-factorauthenticationtotherootuser C.StorerootuseraccesskeysinanencryptedAmazonS3bucket D.Addtherootusertoagroupcontainingadministrativepermissions. E.Applytherequiredpermissionstotherootuserwithaninlinepolicydocument Answer:A,B Explanation: AWSrequiresthatyourpasswordmeettheseconditions: haveaminimumof8charactersandamaximumof128characters includeaminimumofthreeofthefollowingmixofcharactertypes:uppercase,lowercase,numbers,and !@#$%^&*()<>[]{}|_+-=symbols notbeidenticaltoyourAWSaccountnameoremailaddress EnableMFAontheAWSAccountRootUser Ifyoucontinuetousetherootusercredentials,werecommendthatyoufollowthesecuritybestpractice toenablemulti-factorauthentication(MFA) for youraccount. sensitiveoperationsinyouraccount, addinganadditional secureyouraccount.MultipletypesofMFAareavailable https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_change-root.html https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html Becauseyour layerofauthenticationhelpsyoutobetter rootuser canperform Question:2 Acompany'sapplicationrunsonAmazonEC2instancesbehindanApplicationLoadBalancer(ALB)The instancesruninanAmazonEC2AutoScalinggroupacrossmultipleAvailabilityZonesOnthefirstdayof everymonthat midnight theapplicationbecomes calculationbatchexecutesThiscausestheCPUutilizationoftheEC2instancestoimmediatelypeakto 100%.whichdisruptstheapplication Whatshouldasolutionsarchitectrecommendtoensuretheapplicationisabletohandletheworkload andavoiddowntime? muchslower whenthemonth-endfinancial A.ConfigureanAmazonCloudFrontdistributioninfrontoftheALB
Questions&AnswersPDF Page3 B.ConfigureanEC2AutoScalingsimplescalingpolicybasedonCPUutilization C.ConfigureanEC2AutoScalingscheduledscalingpolicybasedonthemonthlyschedule. D.ConfigureAmazonElastiCachetoremovesomeoftheworkloadfromtheEC2instances Answer:C Explanation: ScheduledScalingforAmazonEC2AutoScaling Scheduledscalingallowsyoutosetyourownscalingschedule. thetraffictoyourwebapplicationstartstoincreaseonWednesday,remainshighonThursday,andstarts todecreaseonFriday.Youcanplanyourscalingactionsbasedonthepredictabletrafficpatternsofyour webapplication.Scalingactionsareperformedautomaticallyasafunctionoftimeanddate. https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html Forexample, let'ssaythateveryweek Question:3 Acompanyismigratingfromanon-premisesinfrastructuretotheAWSCloudOneofthecompany's applicationsstoresfilesonaWindowsfileserverfarmthatusesDistributedFileSystemReplication (DFSR)tokeepdatainsyncAsolutionsarchitectneedstoreplacethefileserverfarm Whichserviceshouldthesolutionsarchitectuse? A.AmazonEFS B.AmazonFSx C.AmazonS3 D.AWSStorageGateway Answer: B Explanation: MigratingExistingFilestoAmazonFSxforWindowsFileServerUsingAWSDataSync WerecommendusingAWSDataSynctotransferdatabetweenAmazonFSxforWindowsFileServerfile systems. DataSyncisadatatransferservicethatsimplifies, replicatingdatabetweenon-premisesstoragesystemsandotherAWSstorageservicesovertheinternet orAWSDirectConnect. DataSynccantransferyourfilesystemdataandmetadata,suchasownership, timestamps,andaccesspermissions. Reference: https://docs.aws.amazon.com/fsx/latest/WindowsGuide/migrate-files-to-fsx-datasync.html automates, andacceleratesmovingand Question:4 Acompany'swebsiteisusedtosellproductstothepublicThesiterunsonAmazonEC2instancesinan AutoScalinggroupbehindanApplicationLoadBalancer(ALB) distributionandAWSWAFisbeingusedtoprotectagainstSQLinjectionattacksTheALBistheoriginfor theCloudFrontdistributionArecentreviewofsecuritylogsrevealedanexternalmaliciousIPthatneeds tobeblockedfromaccessingthewebsite Whatshouldasolutionsarchitectdotoprotecttheapplication? ThereisalsoanAmazonCloudFront
Questions&AnswersPDF Page4 A.ModifythenetworkACLontheCloudFrontdistributiontoaddadenyruleforthemaliciousIPaddress B.ModifytheconfigurationofAWSWAFtoaddanIPmatchconditiontoblockthemaliciousIPaddress C. ModifythenetworkACLfortheEC2instancesinthetargetgroupsbehindtheALBtodenythe maliciousIPaddress D. ModifythesecuritygroupsfortheEC2instancesinthetargetgroupsbehindtheALBtodenythe maliciousIPaddress Answer: B Explanation: Reference: https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-loadbalancers/ https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html IfyouwanttoalloworblockwebrequestsbasedontheIPaddressesthattherequestsoriginatefrom, createoneormoreIPmatchconditions. AnIPmatchconditionlistsupto10,000IPaddressesorIP addressrangesthatyourrequestsoriginatefrom.Laterintheprocess,whenyoucreateawebACL,you specifywhethertoalloworblockrequestsfromthoseIPaddresses. AWSWebApplicationFirewall (WAF) –Helps application-layerexploitsthatcanaffectavailabilityorconsumeexcessiveresources.Asyoucanseein mypost(New–AWSWAF),WAFallowsyoutouseaccesscontrollists(ACLs),rules,andconditionsthat defineacceptableorunacceptablerequestsorIPaddresses.Youcanselectivelyallowordenyaccessto specificpartsofyourwebapplicationandyoucanalsoguardagainstvariousSQLinjectionattacks.We launchedWAFwithsupportforAmazonCloudFront https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/ toprotect your webapplications fromcommon Question:5 AmarketingcompanyisstoringCSVfilesinanAmazonS3bucketforstatisticalanalysisAnapplicationon anAmazonEC2instanceneedspermissiontoefficientlyprocesstheCSVdatastoredintheS3bucket. WhichactionwillMOSTsecurelygranttheEC2instanceaccesstotheS3bucket? A.Attacharesource-basedpolicytotheS3bucket B.Createan1AMuserfortheapplicationwithspecificpermissionstotheS3bucket C.Associatean1AMrolewithleastprivilegepermissionstotheEC2instanceprofile D.StoreAWScredentialsdirectlyontheEC2instanceforapplicationsontheinstancetouseforAPIcalls Answer:C Question:6 AsolutionsarchitectisdesigningasolutionwhereuserswillDedirectedtoabackupstaticerrorpageit theprimarywebsiteisunavailableTheprimarywebsite'sDNSrecordsarehostedinAmazonRoute53 wheretheirdomainispointingtoanApplicationLoadBalancer(ALB)
Questions&AnswersPDF Page5 Whichconfigurationshouldthesolutionsarchitectusetomeetthecompany'sneedswhileminimizing changesandinfrastructureoverhead? A.PointaRoute53aliasrecordtoanAmazonCloudFrontdistributionwiththeALBasoneofitsorigins Then,createcustomerrorpagesforthedistribution B. SetupaRoute53active-passivefailoverconfigurationDirecttraffictoastaticerrorpagehosted withinanAmazonS3bucketwhenRoute53healthchecksdeterminethattheALBendpointisunhealthy C.UpdatetheRoute53recordtousealatency-basedroutingpolicyAddthebackupstaticerrorpage hostedwithinanAmazonS3buckettotherecordsothetrafficissenttothemostresponsiveendpoints D. SetupaRoute53active-activeconfigurationwiththeALBandanAmazonEC2instancehostinga staticerrorpageasendpointsRoute53willonlysendrequeststotheinstanceifthehealthchecksfailfor theALB Answer:B Explanation: Active-passivefailover Useanactive-passivefailoverconfigurationwhenyouwantaprimaryresourceorgroupofresourcesto beavailablethemajorityofthetimeandyouwantasecondaryresourceorgroupofresourcestobeon standbyincaseall theprimaryresourcesbecomeunavailable. includesonlythehealthyprimaryresources.Ifalltheprimaryresourcesareunhealthy,Route53begins toincludeonlythehealthysecondaryresourcesinresponsetoDNSqueries. Tocreateanactive-passivefailoverconfigurationwithoneprimaryrecordandonesecondaryrecord,you justcreatetherecordsandspecifyFailoverfortheroutingpolicy.Whentheprimaryresourceishealthy, Route53respondstoDNSqueriesusingtheprimaryrecord.Whentheprimaryresourceisunhealthy, Route53respondstoDNSqueriesusingthesecondaryrecord. HowAmazonRoute53avertscascadingfailures Asafirstdefenseagainstcascadingfailures, eachrequestroutingalgorithm(suchasweightedand failover)hasamodeoflastresort.Inthisspecialmode,whenallrecordsareconsideredunhealthy,the Route53algorithmrevertstoconsideringallrecordshealthy. Forexample, if all instancesof anapplication, onseveral hosts, arerejectinghealthcheckrequests, Route53DNSserverswillchooseanansweranywayandreturnitratherthanreturningnoDNSanswer orreturninganNXDOMAIN(non-existentdomain)response.Anapplicationcanrespondtousersbutstill failhealthchecks,sothisprovidessomeprotectionagainstmisconfiguration. Similarly,ifanapplicationisoverloaded,andoneoutofthreeendpointsfailsitshealthchecks,sothat it'sexcludedfromRoute53DNSresponses,Route53distributesresponsesbetweenthetworemaining endpoints.Iftheremainingendpointsareunabletohandletheadditional revertstodistributingrequeststoallthreeendpoints. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-types.html https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-problems.html Whenrespondingtoqueries, Route53 loadandtheyfail,Route53 Question:7 AsolutionsarchitectisdesigningthecloudarchitectureforanewapplicationbeingdeployedonAWS Theprocessshouldruninparallelwhileaddingandremovingapplicationnodesasneededbasedonthe numberof jobstobeprocessedTheprocessorapplicationisstatelessThesolutionsarchitectmust ensurethattheapplicationislooselycoupledandthejobitemsaredurablystored
Questions&AnswersPDF Page6 Whichdesignshouldthesolutionsarchitectuse? A.CreateanAmazonSNStopictosendthejobsthatneedtobeprocessedCreateanAmazonMachine Image(AMI)thatconsistsoftheprocessorapplicationCreatealaunchconfigurationthatusestheAMI CreateanAutoScalinggroupusingthelaunchconfigurationSetthescalingpolicyfortheAutoScaling grouptoaddandremovenodesbasedonCPUusage B.CreateanAmazonSQSqueuetoholdthejobsthatneedtobeprocessedCreateanAmazonMachine Image(AMI)thatconsistsoftheprocessorapplicationCreatealaunchconfigurationthatusestheAMI CreateanAutoScalinggroupusingthelaunchconfigurationSetthescalingpolicyfortheAutoScaling grouptoaddandremovenodesbasedonnetworkusage C.CreateanAmazonSQSqueuetoholdthejobsthatneedstobeprocessedCreateanAmazonMachine Image(AMI) thatconsistsof theprocessorapplicationCreatealaunchtemplatethatusestheAMI CreateanAutoScalinggroupusingthelaunchtemplateSetthescalingpolicyfortheAutoScalinggroup toaddandremovenodesbasedonthenumberofitemsintheSQSqueue D.CreateanAmazonSNStopictosendthejobsthatneedtobeprocessedCreateanAmazonMachine Image(AMI) thatconsistsof theprocessorapplicationCreatealaunchtemplatethatusestheAMI CreateanAutoScalinggroupusingthelaunchtemplateSetthescalingpolicyfortheAutoScalinggroup toaddandremovenodesbasedonthenumberofmessagespublishedtotheSNStopic. Answer: C Explanation: AmazonSimpleQueueService AmazonSimpleQueueService(SQS)isafullymanagedmessagequeuingservicethatenablesyouto decoupleandscalemicroservices, distributedsystems, andserverlessapplications.SQSeliminatesthe complexityandoverheadassociatedwithmanagingandoperatingmessageorientedmiddleware, empowersdeveloperstofocusondifferentiatingwork. messagesbetweensoftwarecomponentsatanyvolume, servicestobeavailable. Get startedwithSQSinminutesusingtheAWSconsole, InterfaceorSDKofyourchoice,andthreesimplecommands. SQSofferstwotypesof messagequeues. Standardqueuesoffer ordering, andat-least-oncedelivery. SQSFIFOqueuesaredesignedtoguaranteethatmessagesare processedexactlyonce,intheexactorderthattheyaresent. ScalingBasedonAmazonSQS TherearesomescenarioswhereyoumightthinkaboutscalinginresponsetoactivityinanAmazonSQS queue. Forexample, supposethatyouhaveawebappthatletsusersuploadimagesandusethem online.Inthisscenario,eachimagerequiresresizingandencodingbeforeitcanbepublished.Theapp runsonEC2instancesinanAutoScalinggroup,andit'sconfiguredtohandleyourtypicaluploadrates. Unhealthyinstancesareterminatedandreplacedtomaintaincurrentinstancelevelsatall appplacestherawbitmapdataoftheimagesinanSQSqueueforprocessing.Itprocessestheimages andthenpublishestheprocessedimageswheretheycanbeviewedbyusers.Thearchitectureforthis scenarioworkswellifthenumberofimageuploadsdoesn'tvaryovertime.Butifthenumberofuploads changesovertime,youmightconsiderusingdynamicscalingtoscalethecapacityofyourAutoScaling group. https://aws.amazon.com/sqs/#:~:text=Amazon%20SQS%20leverages%20the%20AWS,queues%20provid e%20nearly%20unlimited%20throughput. https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqs-queue.html and UsingSQS, youcansend, withoutlosingmessagesorrequiringother store, andreceive CommandLine maximumthroughput, best-effort times. The
Questions&AnswersPDF Page8 Question:8 AcompanyhasalegacyapplicationthatprocessesdataintwopartsThesecondpartoftheprocesstakes longerthanthefirst, sothecompanyhasdecidedtorewritetheapplicationastwomicroservices runningonAmazonECSthatcanscaleindependently. Howshouldasolutionsarchitectintegratethemicroservices? A.Implementcodeinmicroservice1tosenddatatoanAmazonS3bucket.UseS3eventnotificationsto invokemicroservice2. B. Implement codeinmicroservice1topublishdatatoanAmazonSNStopicImplement microservice2tosubscribetothistopic C.Implementcodeinmicroservice1tosenddatatoAmazonKinesisDataFirehose.Implementcodein microservice2toreadfromKinesisDataFirehose. D. Implement codeinmicroservice1tosenddatatoanAmazonSQSqueueImplement microservice2toprocessmessagesfromthequeue codein codein Answer:D Explanation: OrchestrateQueue-basedMicroservices Inthistutorial, youwill learnhowtouseAWSStepFunctionsandAmazonSQStodesignandruna serverless workflowthat orchestrates amessagequeue-basedmicroservice. serverlessorchestrationservicethat letsyoueasilycoordinatemultipleAWSservicesintoflexible workflowsthatareeasytodebugandeasytochange. applicationcomponentstocommunicateinthecloud. Thistutorial will simulateinventoryverificationrequestsfromincomingordersinane-commerce applicationaspartof anorderprocessingworkflow. requeststoaqueueonSQS.AnAWSLambdafunctionwillactasyourinventorymicroservicethatusesa queuetobufferrequests.Whenitretrievesarequest,itwillcheckinventoryandthenreturntheresult toStepFunctions. WhenataskinStepFunctionsisconfiguredthisway,itiscalledacallbackpattern. Callbackpatternsallowyoutointegrateasynchronoustasksinyourworkflow, verificationmicroserviceofthistutorial. StepFunctions is a AmazonSQSistheAWSservicethatallows StepFunctionswill sendinventoryverification suchastheinventory https://aws.amazon.com/getting-started/hands-on/orchestrate-microservices-with-message-queues-on-
Questions&AnswersPDF Page9 step-functions/ Question:9 AsolutionsarchitectatanecommercecompanywantstobackupapplicationlogdatatoAmazonS3The solutionsarchitectisunsurehowfrequentlythelogswillbeaccessedorwhichlogswillbeaccessedthe mostThecompanywantstokeepcostsaslowaspossiblebyusingtheappropriateS3storageclass. WhichS3storageclassshouldbeimplementedtomeettheserequirements? A.S3Glacier B.S3Intelligent-Tiering C.S3Standard-InfrequentAccess(S3Standard-IA) D.S3OneZone-InfrequentAccess(S3OneZone-IA) Answer:B Explanation: S3Intelligent-Tiering S3Intelligent-TieringisanewAmazonS3storageclassdesignedforcustomerswhowanttooptimize storagecosts automatically whendataaccess operationaloverhead.S3Intelligent-Tieringisthefirstcloudobjectstorageclassthatdeliversautomatic costsavingsbymovingdatabetweentwoaccesstiers—frequentaccessandinfrequentaccess—when accesspatternschange,andisidealfordatawithunknownorchangingaccesspatterns. S3Intelligent-Tieringstoresobjectsintwoaccesstiers:onetierthatisoptimizedforfrequentaccessand anotherlower-costtierthatisoptimizedforinfrequentaccess. automationfeeperobject,S3Intelligent-Tieringmonitorsaccesspatternsandmovesobjectsthathave notbeenaccessedfor30consecutivedaystotheinfrequentaccesstier.TherearenoretrievalfeesinS3 Intelligent-Tiering.Ifanobjectintheinfrequentaccesstierisaccessedlater,itisautomaticallymoved backtothefrequentaccesstier. Noadditional tieringfeesapplywhenobjectsaremovedbetween accesstierswithintheS3Intelligent-Tieringstorageclass. availabilityand99.999999999%durability, andoffers performanceofS3Standard. https://aws.amazon.com/about-aws/whats-new/2018/11/s3-intelligent-tiering/ patterns change, without performanceimpact or Forasmall monthlymonitoringand S3Intelligent-Tieringisdesignedfor99.9% thesamelowlatencyandhighthroughput Question:10 Asecurityteamwantstolimitaccesstospecificservicesoractionsinalloftheteam'sAWSaccounts.All accountsbelongtoalargeorganizationinAWSOrganizationsThesolutionmustbescalableandthere mustbeasinglepointwherepermissionscanbemaintained. Whatshouldasolutionsarchitectdotoaccomplishthis? A.CreateanACLtoprovideaccesstotheservicesoractions. B.Createasecuritygrouptoallowaccountsandattachittousergroups C.Createcross-accountrolesineachaccounttodenyaccesstotheservicesoractions. D.Createaservicecontrolpolicyintherootorganizationalunittodenyaccesstotheservicesoractions
Questions&AnswersPDF Page10 Answer: D Explanation: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html. ServiceControlPolicyconcepts SCPsoffercentralaccesscontrolsforallIAMentitiesinyouraccounts.Youcanusethemtoenforcethe permissionsyouwanteveryoneinyourbusinesstofollow. morefreedomtomanagetheirownpermissionsbecauseyouknowtheycanonlyoperatewithinthe boundariesyoudefine. YoucreateandapplySCPs throughAWSOrganizations. Organizationsautomaticallycreatesaroot,whichformstheparentcontainerforalltheaccountsinyour organization.Insidetheroot,youcangroupaccountsinyourorganizationintoorganizationalunits(OUs) tosimplifymanagementoftheseaccounts.YoucancreatemultipleOUswithinasingleorganization,and youcancreateOUswithinotherOUstoformahierarchical organizationroot,OUs,andindividualaccounts.SCPsattachedtotherootandOUsapplytoallOUsand accountsinsideofthem. SCPsusetheAWSIdentityandAccessManagement(IAM)policylanguage;however,theydonotgrant permissions.SCPsenableyousetpermissionguardrailsbydefiningthemaximumavailablepermissions forIAMentitiesinanaccount. IfaSCPdeniesanactionforanaccount, accountcantakethataction, eveniftheirIAMpermissionsallowthemtodoso. SCPsapplytoallIAMentitiesintheaccount,whichincludeallusers,roles,andtheaccountrootuser. https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-to-set-permission- guardrails-across-accounts-in-your-aws- organization/#:~:text=Central%20security%20administrators%20use%20service,users%20and%20roles) %20adhere%20to.&text=Now%2C%20using%20SCPs%2C%20you%20can,your%20organization%20or%2 0organizational%20unit. UsingSCPs, youcangiveyourdevelopers Whenyoucreateanorganization, AWS structure. YoucanattachSCPstothe noneoftheentitiesinthe Theguardrailssetin https://www.examsforsure.com/amazon/saa-c02-dumps.html