A company is preparing to deploy a new serverless workload. A solutions architect must use the principle of least privilege to configure permissions that will be used to run an AWS Lambda function. An Amazon EventBridge (Amazon CloudWatch Events) rule will invoke the function.Which solution meets these requirements?
Answer(s): D
EventBridge should be allowed to invoke the Lambda function via a resource-based policy granting lambda:InvokeFunction to the events.amazonaws.com principal.A) Incorrect: granting a Lambda execution role with lambda:InvokeFunction to * principal is not valid for a function invocation by EventBridge and risks broad, unintended access; use a resource-based policy for cross-service invocation.B) Incorrect: associating the function’s execution role does not grant EventBridge permission to invoke; invocation must be allowed by a resource-based policy.C) Incorrect: resource-based policy with lambda:* on events.amazonaws.com is overly broad and violates least privilege; restrict to InvokeFunction.D) Correct: resource-based policy limiting to lambda:InvokeFunction for events.amazonaws.com grants only required permission for EventBridge to invoke the function.
A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year.Which solution meets these requirements and is the MOST operationally efficient?
The correct answer is D. SSE-KMS with automatic rotation meets at-rest encryption, enables detailed usage logging via AWS CloudTrail for KMS key usage, and provides automatic annual key rotation to satisfy rotation requirements with minimal operational overhead.A is SSE-C: client-side keys not logged by AWS and does not integrate with AWS KMS auditing; not suitable for centralized auditing.B is SSE-S3: uses S3-managed keys; lacks customer-controlled key rotation auditing and detailed KMS usage logs.C uses SSE-KMS but requires manual rotation, increasing operational overhead and potential misconfigurations.
A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours. The company wants to use these data points in its existing analytics platform. A solutions architect must determine the most viable multi-tier option to support this architecture. The data points must be accessible from the REST API.Which action meets these requirements for storing and retrieving location data?
Answer(s): B
A) Correct answer: B) API Gateway with Lambda enables a REST API front end (REST API) that can ingest and route location data to a scalable backend, such as a data store or streaming service, fitting a multi-tier architecture and real-time data capture for analytics.B) Incorrect: A) Athena with S3 is analytics-driven and not a REST API front end; data is queried, not ingested via a REST endpoint. C) Incorrect: QuickSight with Redshift is for visualization and data warehousing, not data collection through a REST API. D) Incorrect: API Gateway with Kinesis Data Analytics could ingest via API, but Kinesis Analytics is for stream processing, whereas the typical pattern here emphasizes data capture and storage for analytics via a backend data store.
A company has an automobile sales website that stores its listings in a database on Amazon RDS. When an automobile is sold, the listing needs to be removed from the website and the data must be sent to multiple target systems.Which design should a solutions architect recommend?
Answer(s): A
A) The correct option uses an event-driven pattern: RDS updates trigger a Lambda that enqueues a standard SQS queue, allowing multiple targets to independently poll and process the deletion data, decoupling systems and ensuring reliable delivery. B) FIFO queue is unnecessary unless strict ordering and exactly-once processing are required; complex deduplication and throughput limits may complicate processing. C) RDS event notifications are limited and fan-out via SNS then Lambda adds extra hops and potential delay; not as direct for decoupled, scalable consumption. D) SNS to multiple SQS queues adds unnecessary fan-out and management; standard SQS from Lambda provides simpler consumption by targets.
A company needs to store data in Amazon S3 and must prevent the data from being changed. The company wants new objects that are uploaded to Amazon S3 to remain unchangeable for a nonspecific amount of time until the company decides to modify the objects. Only specific users in the company's AWS account can have the ability 10 delete the objects.What should a solutions architect do to meet these requirements?
S3 Object Lock with versioning and a legal hold ensures objects cannot be deleted or overwritten until the hold is released, while granting delete permissions only to specific users via IAM. This satisfies immutability for new uploads and controlled deletion.A) S3 Glacier vault with WORM is incorrect because Glacier vaults are for archival storage with different retention mechanisms and not directly integrated with per-object delete permissions in S3. B) S3 Object Lock with governance mode and a 100-year retention makes objects immutable by default but does not specify per-user delete permission scopes via IAM; legal hold is needed for flexible deletion control. C) CloudTrail logging and restore from backups do not prevent deletion or modification; they only provide audit and recovery, not enforce immutability. D) Correct: enables Object Lock, versioning, and legal holds with targeted IAM permission for deletes.
A social media company allows users to upload images to its website. The website runs on Amazon EC2 instances. During upload requests, the website resizes the images to a standard size and stores the resized images in Amazon S3. Users are experiencing slow upload requests to the website.The company needs to reduce coupling within the application and improve website performance. A solutions architect must design the most operationally efficient process for image uploads.Which combination of actions should the solutions architect take to meet these requirements? (Choose two.)
Answer(s): B,D
The correct combination B and D enables decoupling and improves performance: B lets the web server upload originals directly to S3, reducing EC2 processing and network load on the app server. D uses S3 Event Notifications to trigger a Lambda function to resize, providing automatic, scalable image processing without maintaining servers. A is incorrect because Glacier is cold storage and not suitable for active uploads. C is plausible but introduces complexity with presigned URLs and browser-side uploads, which can complicate validation and security and may not reduce server load as effectively. E is incorrect because a scheduled resize cannot respond promptly to new uploads.
A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The company wants this application to be highly available with low operational complexity.Which architecture offers the HIGHEST availability?
Amazon MQ with active/standby across two AZs plus an Auto Scaling group for consumer EC2 instances across two AZs and Multi-AZ RDS provide built-in high availability for broker, compute, and database with fault tolerance and automatic recovery, reducing operational complexity.A) Requires manual broker and DB replication across AZs; higher complexity and potential single points. B) Adds MQ and consumer but still relies on EC2 MySQL; no managed DB high availability, increasing ops. C) Adds Multi-AZ RDS but keeps manual EC2 MySQL; partial HA and more management of DB. D) Provides fully managed, HA architecture across layers with Auto Scaling and Multi-AZ RDS, minimizing maintenance and ensuring failover.
A company hosts a containerized web application on a fleet of on-premises servers that process incoming requests. The number of requests is growing quickly. The on-premises servers cannot handle the increased number of requests. The company wants to move the application to AWS with minimum code changes and minimum development effort.Which solution will meet these requirements with the LEAST operational overhead?
AWS Fargate with ECS and Service Auto Scaling minimizes operational overhead by running containerized workloads without managing servers, while an Application Load Balancer elastically distributes traffic.A) Correct: Fargate eliminates server provisioning and management; ECS handles container orchestration; Auto Scaling adapts to demand; ALB provides Layer 7 routing for HTTP(S).B) Requires managing EC2 instances and capacity planning; more maintenance than Fargate; scaling must be handled at OS/container level.C) Lambda introduces new code and stateless function approach; not optimal for long-running containerized web apps or existing architecture; API Gateway adds management overhead.D) HPC clusters are inappropriate for web request scaling; intended for compute-heavy batch workloads; high operational overhead.
Share your comments for Amazon SAA-C02 exam with other users:
nice questions
Thanks for the practice questions they helped me a lot.
Passed this exam today. All questions are valid and this is not something you can find in ChatGPT.
i need to pass exam for VMware 2V0-11.25
Great questions.
great dumps to practice for the exam
How reliable and relevant are these questions?? also i can see the last update here was January and definitely new questions would have emerged.
Can I trust to this source?
can you please provide the CBDA latest test preparation
This is the best and only way of passing this exam as it is extremely hard. Good questions and valid dump.
Can I use this dumps when I am taking the exam? I mean does somebody look what tabs or windows I have opened ?
Finally got a change to write this exam and pass it! Valid and accurate!
Upload this exam please!
Thank you for providing these questions. It helped me a lot with passing my exam.
my first attempt
very explainable
i think answer of q 462 is variance analysis
hi i need see questions
best study material for exam
very interesting repository
american history 1
good level of questions
i need this dump kindly upload it
do we need c# coding to be az204 certified
excellent topics covered
are these really financial cloud questions and answers, seems these are basic admin question and answers
are these comments real
please upload the latest dumps
a company runs its workloads on premises. the company wants to forecast the cost of running a large application on aws. which aws service or tool can the company use to obtain this information? pricing calculator ... the aws pricing calculator is primarily used for estimating future costs
looks interesting
thanks! that’s amazing
the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.
q 14 should be dmz sever1 and notepad.exe why does note pad have a 443 connection
question # 108, correct answers are business growth and risk reduction.