A company is running a popular social media website. The website gives users the ability to upload images to share with other users. The company wants to make sure that the images do not contain inappropriate content. The company needs a solution that minimizes development effort.What should a solutions architect do to meet these requirements?
Answer(s): B
Amazon Rekognition provides built-in image moderation with pre-trained content classifiers suitable for user-uploaded images and minimizes development effort; low-confidence predictions can be routed to human review. A) Comprehend is for text, not image content. C) SageMaker requires building/training a model, increasing effort. D) Fargate with a custom model adds unnecessary complexity compared to managed Rekognition. A and C also misalign with image content detection scope or require more customization. B correctly uses a managed service for image moderation with optional human review for uncertain cases.
A company wants to run its critical applications in containers to meet requirements for scalability and availability. The company prefers to focus on maintenance of the critical applications. The company does not want to be responsible for provisioning and managing the underlying infrastructure that runs the containerized workload.What should a solutions architect do to meet these requirements?
Answer(s): C
F) The correct answer is C. Using Amazon ECS on AWS Fargate runs containers without managing underlying servers, aligning with the requirement to avoid provisioning and managing infrastructure.A) ECS on EC2 requires managing EC2 instances and Docker runtime, increasing maintenance.B) ECS on EC2 again delegates to EC2 hosts you must manage, not meeting the no-infrastructure-management goal.D) ECS-optimized AMI on EC2 still requires patching and managing the EC2 instances and OS.
A company hosts more than 300 global websites and applications. The company requires a platform to analyze more than 30 TB of clickstream data each day.What should a solutions architect do to transmit and process the clickstream data?
Answer(s): D
Collecting with Kinesis Data Streams and delivering via Kinesis Data Firehose to an S3 data lake provides scalable, real-time ingest for large-scale clickstream data and seamless loading into Redshift for analytics.A) Data Pipeline is deprecated for new workloads; EMR processing after archiving adds latency and complexity.B) Auto Scaling EC2 approach lacks managed streaming and built-in real-time ingestion; Redshift requires ETL steps not streamlined here.C) CloudFront caching is for content delivery, not durable data capture; Serverless Lambda processing is not suited for 30 TB/day streaming without complex orchestration.D) Correct: end-to-end managed streaming with Kinesis, durable S3 lake, and Redshift analytics.
A company has a website hosted on AWS. The website is behind an Application Load Balancer (ALB) that is configured to handle HTTP and HTTPS separately. The company wants to forward all requests to the website so that the requests will use HTTPS.What should a solutions architect do to meet this requirement?
A) Create a listener rule on the ALB to redirect HTTP traffic to HTTPS.C) Correct because ALB listener rules can perform redirects from HTTP to HTTPS, ensuring all traffic uses TLS without changing clients. This keeps end-to-end encryption and uses the appropriate 301/302 redirect to the HTTPS endpoint.B) Replacing HTTP in the URL is not a built-in ALB capability; ALB cannot modify schemes by string replacement in requests.A) Updating network ACLs to only allow HTTPS disrupts legitimate initial connections and does not guarantee proper TLS termination or redirects at the ALB.D) Replacing with a Network Load Balancer does not provide an application-layer redirect capability to enforce HTTPS and SNI is not relevant to this requirement.
A company is developing a two-tier web application on AWS. The company's developers have deployed the application on an Amazon EC2 instance that connects directly to a backend Amazon RDS database. The company must not hardcode database credentials in the application. The company must also implement a solution to automatically rotate the database credentials on a regular basis.Which solution will meet these requirements with the LEAST operational overhead?
Storing credentials in AWS Secrets Manager with automatic rotation provides secure, centralized credential management and seamless rotation without hardcoding, and EC2 can access the secret via its IAM role.A) Storing in instance metadata is insecure and not designed for credential rotation; updating metadata is not supported for secret rotation.B) Encrypted S3 config files require custom rotation logic and risk of stale applications; not ideal for automatic, centralized rotation.C) CORRECT: Secrets Manager supports automatic rotation and fine-grained IAM access for EC2.D) Parameter Store rotation exists but Secrets Manager offers richer rotation and easier credential management; more suitable for automatic rotation with minimal ops.
A company is deploying a new public web application to AWS. The application will run behind an Application Load Balancer (ALB). The application needs to be encrypted at the edge with an SSL/TLS certificate that is issued by an external certificate authority (CA). The certificate must be rotated each year before the certificate expires.What should a solutions architect do to meet these requirements?
ACM certificates cannot be imported; ACMs public certificates are issued only by ACM or public CAs managed by ACM. The correct approach is to import a externally issued certificate into ACM for use with the ALB and manually rotate before expiration, since ACM does not automatically rotate externally issued certificates. A) Incorrect because ACM cannot auto-rotate externally issued certificates. B) Incorrect because you cannot import key material to ACM-certified certificates for automatic rotation; ACM manages keys for public certificates. C) Incorrect because ACM Private CA issues privately trusted certificates, but automatic rotation still isn’t automatic for externally issued public certs and adds unnecessary complexity. D) Correct: import external certificate, attach to ALB, and set alerts for manual rotation before expiry.
A company runs its infrastructure on AWS and has a registered base of 700,000 users for its document management application. The company intends to create a product that converts large .pdf files to .jpg image files. The .pdf files average 5 MB in size. The company needs to store the original files and the converted files. A solutions architect must design a scalable solution to accommodate demand that will grow rapidly over time.Which solution meets these requirements MOST cost-effectively?
Answer(s): A
A) This serverless approach leverages S3 storage, event-driven Lambda processing, and on-demand scaling with virtually unlimited concurrency, minimizing cost for variable load and large file processing. S3 PUT events trigger Lambda to convert and store JPEGs back in S3, avoiding EC2, EBS, or managed servers.B) DynamoDB is a NoSQL database, not suitable for storing large binary files or for file processing pipelines without additional services; using DynamoDB Streams with Lambda does not address file storage or processing efficiently.C) Elastic Beanstalk with EC2 and EBS is scalable but requires managing servers and storage; ongoing costs are higher than a serverless solution for sporadic or growing demand.D) EB with EFS still incurs EC2 management and higher storage costs; mixing EFS with EBS storage is inconsistent and less cost-effective for this use case.
A company has more than 5 TB of file data on Windows file servers that run on premises. Users and applications interact with the data each day.The company is moving its Windows workloads to AWS. As the company continues this process, the company requires access to AWS and on-premises file storage with minimum latency. The company needs a solution that minimizes operational overhead and requires no significant changes to the existing file access patterns. The company uses an AWS Site-to-Site VPN connection for connectivity to AWS.What should a solutions architect do to meet these requirements?
The correct answer D is right because it provides a low-latency, seamless hybrid NAS solution: FSx for Windows File Server on AWS for cloud workloads and an FSx File Gateway on premises to access data locally, preserving on-premises access patterns with minimal changes and centralized management over VPN. A) would require moving all data to managed Windows shares in AWS, increasing cutover risk and latency for on-prem users. B) and C) rely on S3, which is object storage with higher latency for file semantics and insufficient OS-level file share semantics without gateways for on-prem access. D preserves NAS compatibility and hybrid performance.
Share your comments for Amazon SAA-C02 exam with other users:
q:37 c is correct
q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???
explained answers
plan to take theaws certified developer - associate dva-c02 in the next few weeks
very helpfull
good questions
help to practice csa exam
nice tip and well documented
i need the exam
please upload
prepping for fsc exam
pd1 with great experience
@t it seems like azure service bus message quesues could be the best solution
helpful to check your understanding.
question 128 the answer should be static not auto
more comments here
great support to appear for exams
useful dumps
making progress
q31 answer should be d i think
is this real?
q10: c and f are also true. q11: this is outdated. you no longer need ownership on a pipe to operate it
good questions with simple explanation
admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s
very inciting
question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;
it look like real one
i am taking oracle fcc certification test next two days, pls share question dumps
i need dumps
its time to comptia sec+
question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).
helpful content
oracle 19c is complex db
helpful for practice