← Back to exam page

AWS-Certified-Solutions-Architect-Associate-SAA-C02 AWS Certified Solutions Architect - Associate (SAA-C02)

Loading demo links...

Showing 7–9 of 20 questions

Question 7

A solutions architect has created a new AWS account and must secure AWS account root user access.

Which combination of actions will accomplish this? (Choose two.)

Select all that apply, then click Submit answer.

  • Ensure the root user uses a strong password.

  • Enable multi-factor authentication to the root user.

  • Store root user access keys in an encrypted Amazon S3 bucket.

  • Add the root user to a group containing administrative permissions.

  • Apply the required permissions to the root user with an inline policy document.
Question 8

A company runs its two-tier ecommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2 instances require internet access to complete payment processing of orders through a third-party web service. The application must be highly available.

Which combination of configuration options will meet these requirements? (Choose two.)

Select all that apply, then click Submit answer.

  • Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.

  • Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.

  • Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones. Deploy an RDS Multi-AZ DB instance in private subnets.

  • Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnet.

  • Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets.
Question 9

A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3. These files are encrypted using AWS Key Management Service Customer Master Keys (AWS KMS CMKs). A solutions architect needs to design a solution that will ensure the required permissions are set correctly.

Which combination of actions accomplish this? (Choose two.)

Select all that apply, then click Submit answer.

  • Attach the kms:decrypt permission to the Lambda function’s resource policy.

  • Grant the decrypt permission for the Lambda IAM role in the KMS key’s policy.

  • Grant the decrypt permission for the Lambda resource policy in the KMS key’s policy.

  • Create a new IAM policy with the kms:decrypt permission and attach the policy to the Lambda function.

  • Create a new IAM role with the kms:decrypt permission and attach the execution role to the Lambda function.