An entertainment company is using Amazon DynamoDB to store media metadata. The application is read intensive and experiencing delays. The company does not have staff to handle additional operational overhead and needs to improve the performance efficiency of DynamoDB without reconfiguring the application.What should a solutions architect recommend to meet this requirement?
Answer(s): B
DA) Incorrect: ElastiCache adds a caching layer but requires application or integration changes unless using a compatible data access pattern; DAX is purpose-built for DynamoDB with seamless integration.B) Correct: DynamoDB Accelerator (DAX) provides in-memory caching for DynamoDB with zero code changes and transparent reads, reducing latency for read-heavy workloads.C) Incorrect: Global tables offer multi-region replication for availability and write/read scalability, not latency optimization for a single-region read-heavy workload; it doesn’t address read latency via caching.D) Incorrect: ElastiCache for Memcached with Auto Discovery is a generic cache, but requires more integration effort and does not offer DynamoDB-specific seamless read-path acceleration like DAX.
A company’s infrastructure consists of Amazon EC2 instances and an Amazon RDS DB instance in a single AWS Region. The company wants to back up its data in a separate Region.Which solution will meet these requirements with the LEAST operational overhead?
Answer(s): A
AWS Backup provides centralized, automated cross-region backups for both EC2 (AMI/volume data via backup vaults) and RDS with minimal operator effort, meeting the requirement with least overhead. A) consolidates backup scheduling, lifecycle policies, and cross-region replication in one service across EC2 and RDS.B) DLM only covers EC2 backups; it does not natively manage RDS backups cross-region at the same operational level, increasing complexity.C) AMIs plus cross-region copy require manual consistency for RDS and the read replica approach does not provide equivalent cross-region RDS backup coverage or automated lifecycle.D) EBS snapshots and RDS snapshots with CRR adds multiple steps and monitoring, increasing operational overhead without an integrated cross-region backup solution.
A solutions architect needs to securely store a database user name and password that an application uses to access an Amazon RDS DB instance. The application that accesses the database runs on an Amazon EC2 instance. The solutions architect wants to create a secure parameter in AWS Systems Manager Parameter Store.What should the solutions architect do to meet this requirement?
A) Correct. Attach an IAM role to the EC2 instance that grants read access to the Parameter Store parameter and allows decrypt via the KMS key used to encrypt the parameter. This enables the application to securely retrieve the SecureString value at runtime without embedding credentials.B) Incorrect. IAM policies grant permissions, but the secure practice is to use an instance IAM role attached to EC2 for credential retrieval; a policy alone on the instance is insufficient unless it’s attached to a role.C) Incorrect. Parameter Store access is controlled via IAM roles/policies, not a trust relationship between the parameter and the EC2 instance; trust policies do not apply to Parameter Store.D) Incorrect. Trust relationships are between principals for assuming roles; Systems Manager or DB instance do not require a trust with the EC2 instance for Parameter Store access.
A company is designing a cloud communications platform that is driven by APIs. The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB). The company uses Amazon API Gateway to provide external users with access to the application through APIs. The company wants to protect the platform against web exploits like SQL injection and also wants to detect and mitigate large, sophisticated DDoS attacks.Which combination of solutions provides the MOST protection? (Choose two.)
Answer(s): B,C
AWS Shield Advanced with the NLB provides enhanced DDoS protection and DDoS cost protection; AWS WAF on API Gateway protects against web exploits like SQLi and can be tied to API Gateway for external API access, giving both web ACL filtering and protection for API endpoints. A) WAF on NLB is not supported (WAF integrates with CloudFront, ALB, and API Gateway, not NLB). C) WAF on API Gateway is valid for filtering API requests. D) GuardDuty is a threat-detection service, not a DDoS mitigation or web ACL protection. E) Shield Standard lacks advanced protections and is insufficient for API Gateway-specific WAF rules. Correct: B and C.
A company has a legacy data processing application that runs on Amazon EC2 instances. Data is processed sequentially, but the order of results does not matter. The application uses a monolithic architecture. The only way that the company can scale the application to meet increased demand is to increase the size of the instances.The company’s developers have decided to rewrite the application to use a microservices architecture on Amazon Elastic Container Service (Amazon ECS).What should a solutions architect recommend for communication between the microservices?
A) SQS is appropriate for decoupled, asynchronous communication between microservices with asynchronous processing and fault tolerance; producers send messages to the queue and consumers poll/consume, enabling scalable, independent processing.B) SNS delivers pub/sub notifications but is best for fan-out to multiple subscribers and real-time alerts, not for buffered, reliable work queues required by sequential processing with independent workers.C) Lambda-based pass-through adds invocation overhead and tight coupling; not suitable for long-running, scalable microservice workflows or backpressure handling.D) DynamoDB Streams provide event data, but using a database-centric queue introduces complexity and coupling; SQS is the standard managed queue for decoupled microservices.
A company wants to migrate its MySQL database from on premises to AWS. The company recently experienced a database outage that significantly impacted the business. To ensure this does not happen again, the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes.Which solution meets these requirements?
S) B) is correct because RDS MySQL with Multi-AZ provides synchronous replication to a standby in a separate Availability Zone, delivering high availability and data durability with automatic failover during outages, minimizing data loss.A) Synchronous replication to three nodes in three AZs is not how RDS implements Multi-AZ; RDS provides one primary and one synchronous standby per Multi-AZ deployment, not three active nodes.C) Read replicas are asynchronous and intended for offloading reads; they do not provide synchronous data protection for failover or data durability in a single-Region scenario.D) EC2-based replication introduces complexity and lacks managed Multi-AZ failover and automatic recovery guarantees.
A company is building a new dynamic ordering website. The company wants to minimize server maintenance and patching. The website must be highly available and must scale read and write capacity as quickly as possible to meet changes in user demand.Which solution will meet these requirements?
The correct answer is A. It minimizes maintenance and patching by using serverless components (API Gateway, Lambda) for dynamic logic, on-demand DynamoDB eliminates capacity planning and provisioning, and CloudFront provides caching and global delivery for high availability and fast scaling.B is incorrect because Aurora Auto Scaling adds database management complexity and is not as seamless as DynamoDB for serverless, on-demand workloads. C and D rely on EC2 and Auto Scaling, which increase maintenance (patching, OS updates) and do not natively scale read/write with minimal admin effort like DynamoDB. DynamoDB (on-demand) offers immediate scalability and low operational overhead for dynamic workloads.
A company has an AWS account used for software engineering. The AWS account has access to the company’s on-premises data center through a pair of AWS Direct Connect connections. All non-VPC traffic routes to the virtual private gateway.A development team recently created an AWS Lambda function through the console. The development team needs to allow the function to access a database that runs in a private subnet in the company’s data center.Which solution will meet these requirements?
A) Lambda must be associated with the VPC and use security groups to access resources in the on-premises network through Direct Connect. Placing the function in the VPC enables its ENIs to use private subnets and route to on-prem via the existing Direct Connect connection and VGW.B is incorrect because a VPN connection is unnecessary when Direct Connect already provides private connectivity; Lambda access should use the VPC routing, not a separate VPN.C is incorrect because Direct Connect route tables are for VPC on-prem traffic, but Lambda functions require VPC placement and ENIs to access private subnets, not manual route edits.D is incorrect because Elastic IPs apply to EC2; Lambda requires VPC ENIs for private network access, not outbound IP binding through an EIP.
Share your comments for Amazon SAA-C02 exam with other users:
q.189 - answers are incorrect.
awesome job in getting these questions
i cant find aws certified practitioner clf-c01 exam in aws website but i found aws certified practitioner clf-c02 exam. can everyone please verify the difference between the two clf-c01 and clf-c02? thank you
grazie mille. i got a satisfactory mark in my exam test today because of this exam dumps. sorry for my english.
some of the answers are incorrect. need to be reviewed.
so far so good
i am really liking it
thanks good stuff
need dump c_tadm_23
next time i will write a full review
first time using this site
please sent me oracle 1z0-1105-22 pdf
very helpful
good info about oml
very useful to practice
this website is very helpful.
good content
so challenging
17 should be d ,for morequery its scale out
nice question
yes.
good mateial
good practice exam
impressivre qustion
questions seem helpful
question 21 answer is alerts
am preparing for exam
good one thanks
only got thru 5 questions, need more to evaluate
q26 should be b
the aaa triad in information security is authentication, accounting and authorisation so the answer should be d 1, 3 and 5.
need to attend this
these are free brain dumps i understand, how can one get free pdf