A company stores call transcript files on a monthly basis. Users access the files randomly within 1 year of the call, but users access the files infrequently after 1 year. The company wants to optimize its solution by giving users the ability to query and retrieve files that are less than 1-year-old as quickly as possible. A delay in retrieving older files is acceptable.Which solution will meet these requirements MOST cost-effectively?
Answer(s): B
S) B is correct because it keeps <1-year data in fast S3 storage with automatic tiering to Glacier after 1 year, enabling cost-effective access via Athena for rapid queries on current data and Glacier retrieval for older data, matching infrequent access pattern and fast query for recent data.A is incorrect because Glacier Instant Retrieval is optimized for near-immediate access but storing and querying tags directly via Glacier is not a typical cost-effective pattern and wouldn’t leverage Athena for data in S3 and efficient access to recent data.C is incorrect because relying on S3 Standard with per-archive metadata searches and lifecycle to Glacier Instant Retrieval adds unnecessary complexity and higher costs for frequent current access.D is incorrect because Deep Archive is too slow and costly for retrievals within a year; using RDS for metadata adds operational overhead and is not aligned with S3-native querying.
A company has a production workload that runs on 1,000 Amazon EC2 Linux instances. The workload is powered by third-party software. The company needs to patch the third-party software on all EC2 instances as quickly as possible to remediate a critical security vulnerability.What should a solutions architect do to meet these requirements?
Answer(s): D
A) Correct answer is D) Run Command to execute a custom patch script across all EC2 instances. This allows immediate, centralized execution of a third-party patch on 1,000 Linux instances without provisioning maintenance windows or waiting for SSM features that may not natively patch third-party software.B) Patch Manager is for standardized OS patches and approved catalogs; third-party software may not be covered or require a custom patch baseline and inventory, delaying remediation.C) Maintenance windows schedule patches; not suitable for immediate critical remediation and would delay deployment.D) Lambda is not ideal for large-scale, on-demand remote execution across many instances; Run Command is designed for remote command execution at scale.
A company is developing an application that provides order shipping statistics for retrieval by a REST API. The company wants to extract the shipping statistics, organize the data into an easy-to-read HTML format, and send the report to several email addresses at the same time every morning.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
Answer(s): B,D
The correct combination uses a scheduled event to fetch data via Lambda and SES to email formatted HTML. D explains scheduling with EventBridge to invoke Lambda to query the API. B uses SES to format and send the report by email. A is incorrect because Kinesis Firehose is for streaming data delivery, not for generating and emailing formatted reports. C is incorrect because Glue is overkill for simple API queries and not needed to send emails. E is incorrect since SNS as an S3 destination is not a direct email report delivery mechanism and does not cover formatting.
A company wants to migrate its on-premises application to AWS. The application produces output files that vary in size from tens of gigabytes to hundreds of terabytes. The application data must be stored in a standard file system structure. The company wants a solution that scales automatically. is highly available, and requires minimum operational overhead.Which solution will meet these requirements?
Answer(s): C
The correct answer is C.A) ECS with S3 is not a standard file system structure and lacks shared POSIX-style file system semantics across multiple instances, which the requirement for a standard file system expects.B) EKS with EBS provides block storage, not a scalable, shared file system across many instances; also EBS does not natively provide a distributed file system suitable for huge, varying file sizes at scale.C) EC2 in a Multi-AZ ASG with EFS gives a scalable, highly available NFS-like shared POSIX-compliant file system that auto-scales and supports large, varying output sizes with minimal management.D) EC2 with EBS offers block storage, not a shared file system; lacks the native, scalable shared file system capability required for this workload.
A company needs to store its accounting records in Amazon S3. The records must be immediately accessible for 1 year and then must be archived for an additional 9 years. No one at the company, including administrative users and root users, can be able to delete the records during the entire 10-year period. The records must be stored with maximum resiliency.Which solution will meet these requirements?
S) C) is correct because it uses a standard-to-Glacier Deep Archive transition after 1 year via S3 Lifecycle, aligning immediate access for 1 year with archiving for the remaining 9 years, while S3 Object Lock in compliance mode enforces immutable retention for the full 10-year period, meeting the non-delete requirement and maximum resiliency (S3's durability and cross-region replication options can be enabled). A) Glacier alone lacks immediate access for 1 year. B) IAM policy-based deletion denial can be bypassed and doesn’t guarantee immutable retention. D) One Zone-IA reduces durability (single AZ) and governance mode does not guarantee full 10-year immutability.
A company runs multiple Windows workloads on AWS. The company's employees use Windows file shares that are hosted on two Amazon EC2 instances. The file shares synchronize data between themselves and maintain duplicate copies. The company wants a highly available and durable storage solution that preserves how users currently access the files.What should a solutions architect do to meet these requirements?
Extending to Amazon FSx for Windows File Server with Multi-AZ preserves native Windows file shares and access semantics while providing built-in HA, durability, and SMB-compatible shares. It supports Windows ACLs, NTFS permissions, and seamless migration of existing data, meeting stay-on-fileserver behavior.A) S3 with IAM authentication does not preserve Windows file-share semantics or SMB access; lacks native Windows file-share features.B) S3 File Gateway provides object storage access, not native Windows file shares or SMB, so parity with current usage is not maintained.D) EFS offers NFS-based shares, not SMB/Windows-native file shares, so it does not match Windows workload access patterns.
A solutions architect is developing a VPC architecture that includes multiple subnets. The architecture will host applications that use Amazon EC2 instances and Amazon RDS DB instances. The architecture consists of six subnets in two Availability Zones. Each Availability Zone includes a public subnet, a private subnet, and a dedicated subnet for databases. Only EC2 instances that run in the private subnets can have access to the RDS databases.Which solution will meet these requirements?
The correct answer is C. A security group that allows inbound traffic from the security group of private-subnet instances ensures only EC2 in private subnets can reach the RDS DB instances, enforcing the required isolation.A) Creating a route table to exclude public CIDRs does not control EC2-to-RDS access at the database layer; it affects routing, not access control. B) Denying inbound traffic from public-subnet instances via a deny rule is not possible with security groups (they are stateful allowlists only). C) Correct: explicit allow from private-subnet SG to DB SG provides controlled access. D) VPC peering does not apply to intra-VPC subnet communication for this use case and adds unnecessary complexity.
A company has registered its domain name with Amazon Route 53. The company uses Amazon API Gateway in the ca-central-1 Region as a public interface for its backend microservice APIs. Third-party services consume the APIs securely. The company wants to design its API Gateway URL with the company's domain name and corresponding certificate so that the third-party services can use HTTPS.Which solution will meet these requirements?
A) Incorrect. Stage variables cannot overwrite the base API URL to use a custom domain; ACM certificate must be attached at API Gateway custom domain, not via stage variables.B) Incorrect. DNS alias to a Regional API Gateway endpoint is valid, but ACM certificate must be issued and associated via a Custom Domain Name in the same region; cross-region requirement and certificate handling are not satisfied as stated.C) Correct. Use a Regional API Gateway endpoint with a Custom Domain Name and ACM certificate in the same region, attach the certificate to the custom domain, and Route 53 routes traffic to that endpoint, enabling HTTPS with the company domain.D) Incorrect. ACM certificate must be attached to a Custom Domain Name, not directly to APIs; also A records alone to a domain require proper custom domain mapping in API Gateway.
Share your comments for Amazon SAA-C02 exam with other users:
please i need this exam.
i need the dump
i want it bad, even if cs6 maybe retired, i want to learn cs6
i hate comptia with all my heart with their "choose the best" answer format as an argument could be made on every question. they say "the "comptia way", lmao no this right here boys is the comptia way 100%. take it from someone whos failed this exam twice but can configure an entire complex network that these are the questions that are on the test 100% no questions asked. the pbqs are dead on! nice work
very good materials
thanks for your support.
iam impressed with the quality of these dumps. they questions and answers were easy to understand and the xengine app was very helpful to use.
not bad but you question database from isaca
awesome contents
answer to 134 is casb. while data loss prevention is the goal, in order to implement dlp in cloud applications you need to deploy a casb.
are these brain dumps sufficient enough to go write exam after practicing them? or does one need more material this wont be enough?
i did attend the required cources and i need to be sure that i am ready to take the exam, i would ask you please to share the questions, to be sure that i am fit to proceed with taking the exam.
why only give explanations on some, and not all questions and their respective answers?
refresh db knowledge
interested for sap certification
could you please upload practice questions for scr exam ?
please upload free oracle cloud infrastructure 2023 foundations associate exam braindumps
sweating! they are tricky
i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
good practice and well sites.
passed my first exam last week and pass the second exam this morning. thank you sir for all the help and these brian dumps.
does anyone who attended exam csa 8.8, can confirm these questions are really coming ? or these are just for practicing?
kindly share the dumps
very nice content
passed today
hi can you please upload questions
please upload quetions
i passed my exam thanks to this braindumps questions. these questions are valid in us and i highly recommend it!
are they truely latest
questions appear contemporary.
good to prepare in this site
very helpful to crack first attempt
please upload this exam
please upload the c_activate22 dump questions with answer