AWS Certified Solution Architect Associate - SAA Day01

Q001.

A firm is developing a web application on AWS utilizing containers. At any one moment, the organization needs three instances of the web application to be running. The application must be scalable in order to keep up with demand increases. While management is cost-conscious, they agree that the application should be highly accessible.

What recommendations should a solutions architect make?

A. Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal.

B. Add an execution role to the function with lambda:InvokeFunction as the action and Service:amazonaws.com as the principal.

C. Add a resource-based policy to the function with lambda:’* as the action and Service:events.amazonaws.com as the principal.

D. Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service:events.amazonaws.com as the principal.

A001.

A firm is developing a web application on AWS utilizing containers. At any one moment, the organization needs three instances of the web application to be running. The application must be scalable in order to keep up with demand increases. While management is cost-conscious, they agree that the application should be highly accessible.

What recommendations should a solutions architect make?

A. Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal.

B. Add an execution role to the function with lambda:InvokeFunction as the action and Service:amazonaws.com as the principal.

C. Add a resource-based policy to the function with lambda:’* as the action and Service:events.amazonaws.com as the principal.

D. Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service:events.amazonaws.com as the principal.

• 풀이 : 람다에서 리소스 기반 정책을 활용하면 aws의 리소스를 제어할 수 있다. 이중 events.amazonaws.com 정책을 사용하면 인스턴스를 제어할 수 있다.

https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-use-resource-based.html#lambda-permissions

Q002

A business outsources its marketplace analytics management to a third-party partner. The vendor requires restricted programmatic access to the company’s account’s resources. All necessary policies have been established to ensure acceptable access.

Which new component provides the vendor the MOST SECURE access to the account?

A. Stop the instance outside the application’s availability window. Start up the instance again when required.

B. Hibernate the instance outside the application’s availability window. Start up the instance again when required.

C. Use Auto Scaling to scale down the instance outside the application’s availability window. Scale up the instance when required.

D. Terminate the instance outside the application’s availability window. Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required.

A002

A business outsources its marketplace analytics management to a third-party partner. The vendor requires restricted programmatic access to the company’s account’s resources. All necessary policies have been established to ensure acceptable access.

Which new component provides the vendor the MOST SECURE access to the account?

A. Stop the instance outside the application’s availability window. Start up the instance again when required.

B. Hibernate the instance outside the application’s availability window. Start up the instance again when required.

C. Use Auto Scaling to scale down the instance outside the application’s availability window. Scale up the instance when required.

D. Terminate the instance outside the application’s availability window. Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required.

• 풀이 : 인스턴스를 사용하지 않을 때도 인스턴스 메모리를 보전하기 위해선 Hibernate(최대 절전 모드)로 전환하는 것이다.
• 최대 절전 모드에선 EBS 값, EIP 값만 나오기 때문에 절약 가능

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html https://aws.amazon.com/blogs/aws/new-hibernate-your-ec2-instances/

Q003

A firm seeks to migrate its accounting system from an on-premises data center to an Amazon Web Services (AWS) Region. Data security and an unalterable audit log should be prioritized. All AWS activities must be subjected to compliance audits. Despite the fact that the business has enabled AWS CloudTrail, it want to guarantee that it meets these requirements.

What precautions and security procedures should a solutions architect include to protect and secure CloudTrail? (Choose two.)

A. Create a second S3 bucket in us-east-1. Enable S3 Cross-Region Replication from the existing S3 bucket to the second S3 bucket.

B. Create a cross-origin resource sharing (CORS) configuration of the existing S3 bucket. Specify us-east-1 in the CORS rule’s AllowedOrigin element.

C. Create a second S3 bucket in us-east-1 across multiple Availability Zones. Create an S3 Lifecycle management rule to save photos into the second S3 bucket.

D. Create a second S3 bucket in us-east-1 to store the replicated photos. Configure S3 event notifications on object creation and update events that invoke an AWS Lambda function to copy photos from the existing S3 bucket to the second S3 bucket.