November/2020 Latest Braindump2go PT0-001 Exam Dumps with PDF and VCE Free Updated Today! Following are some new PT0-001 Real Exam Questions!
QUESTION 191
You can find XSS vulnerabilities in which of the following?
A. Search fields that echo a search string back to the user
B. HTTP headers
C. Input fields that echo user data
D. All of the above
Answer: D
2020/November Latest Braindump2go 300-730 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 300-730 Real Exam Questions!
QUESTION 48
Refer to the exhibit. Which two commands under the tunnel-group webvpn-attributes result in a Cisco AnyConnect user receiving the AnyConnect prompt in the exhibit? (Choose two.)
A. group-url https://172.16.31.10/General enable
B. group-policy General internal
C. authentication aaa
D. authentication certificate
E. group-alias General enable
Answer: BE
November/2020 Latest Braindump2go 300-725 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 300-725 Real Exam Questions!
QUESTION 41
What are all of the available options for configuring an exception to blocking for referred content?
A. all embedded/referred and all embedded/referred except
B. selected embedded/referred except, all embedded/referred, and selected embedded/referred
C. selected embedded/referred and all embedded/referred except
D. all embedded/referred, selected embedded/referred, and all embedded/referred except
Answer: D
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-7/user_guide/b_WSA_UserGuide_11_7/b_WSA_UserGuide_11_7_chapter_01001.html (procedure)
2020/November Latest Braindump2go 300-720 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 300-720 Real Exam Questions!
QUESTION 44
What is the default behavior of any listener for TLS communication?
A. preferred-verify
B. off
C. preferred
D. required
Answer: B
2020/November Latest Braindump2go 300-715 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 300-715 Real Exam Questions!
QUESTION 70
In which two ways can users and endpoints be classified for TrustSec? (Choose Two.)
A. VLAN
B. SXP
C. dynamic
D. QoS
E. SGACL
Answer: AE
2020/November Latest Braindump2go AZ-900 Exam Dumps with PDF and VCE Free Updated Today! Following are some new AZ-900 Real Exam Questions!
QUESTION 207
You plan to deploy several Azure virtual machines.
You need to control the ports that devices on the internet can use to access the virtual machines.
What should you use?
A. an Azure Active Directory (AzureAD) role
B. an Azure key vault
C. an Azure Active Directory group
D. a network security group (NSG)
Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
November/2020 Latest Braindump2go 300-710 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 300-710 Real Exam Questions!
QUESTION 48
Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)
A. BGPv6
B. ECMP with up to three equal cost paths across multiple interfaces
C. ECMP with up to three equal cost paths across a single interface
D. BGPv4 in transparent firewall mode
E. BGPv4 with nonstop forwarding
Answer: AC
November/2020 Latest Braindump2go XK0-004 Exam Dumps with PDF and VCE Free Updated Today! Following are some new XK0-004 Real Exam Questions!
QUESTION 191
A corporate server security policy states, “Ensure password hashes are not readable by non-administrative users.” The administrator should check the permissions on which of the following files to ensure the server satisfies this policy?
A. /etc/shadow
B. /etc/passwd
C. /etc/group
D. /etc/security/limits.conf
Answer: B
2020/November Latest Braindump2go 350-701 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 350-701 Real Exam Questions!
QUESTION 96
Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?
A. DNS tunneling
B. DNSCrypt
C. DNS security
D. DNSSEC
Answer: A
Explanation:
https://learn-umbrellA.cisco.com/cloud-security/dns-tunneling
2020/November Latest Braindump2go AZ-400 Exam Dumps with PDF and VCE Free Updated Today! Following are some new AZ-400 Real Exam Questions!
QUESTION 241
You have an existing project in Azure DevOps.
You plan to integrate GitHub as the repository for the project.
You need to ensure that Azure Pipelines runs under the Azure Pipelines identity.
Which authentication mechanism should you use?
A. personal access token (PAT)
B. GitHub App
C. Azure Active Directory (Azure AD)
D. OAuth
Answer: B
Explanation:
GitHub App uses the Azure Pipelines identity.
Incorrect Answers:
A: Personal access token and OAuth use your personal GitHub identity.
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/github
November/2020 Latest Braindump2go AZ-303 Exam Dumps with PDF and VCE Free Updated Today! Following are some new AZ-303 Real Exam Questions!
QUESTION 173
You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a container named Container1. The partition key for Container1 is set to /city.
You plan to change the partition key for Container1.
What should you do first?
A. Delete Container1.
B. Create a new Azure Cosmos DB account.
C. Implement the Azure Cosmos DB.NET.SDK.
D. Regenerate the keys for Account1.
Answer: B
Explanation:
The Change Feed Processor and Bulk Executor Library, in Azure Cosmos DB can be leveraged to achieve a live migration of your data from one container to another. This allows you to re-distribute your data to match the desired new partition key scheme, and make the relevant application changes afterwards, thus achieving the effect of “updating your partition key”.
Incorrect Answers:
A: It is not possible to “update” your partition key in an existing container.
Reference:
https://devblogs.microsoft.com/cosmosdb/how-to-change-your-partition-key/
2020/November Latest Braindump2go AZ-204 Exam Dumps with PDF and VCE Free Updated Today! Following are some new AZ-204 Real Exam Questions!
QUESTION 75
You develop a website. You plan to host the website in Azure. You expect the website to experience high traffic volumes after it is published.
You must ensure that the website remains available and responsive while minimizing cost.
You need to deploy the website.
What should you do?
A. Deploy the website to a virtual machine.
Configure the virtual machine to automatically scale when the CPU load is high.
B. Deploy the website to an App Service that uses the Shared service tier.
Configure the App Service plan to automatically scale when the CPU load is high.
C. Deploy the website to a virtual machine.
Configure a Scale Set to increase the virtual machine instance count when the CPU load is high.
D. Deploy the website to an App Service that uses the Standard service tier.
Configure the App Service plan to automatically scale when the CPU load is high.
Answer: D
Explanation:
Windows Azure Web Sites (WAWS) offers 3 modes: Standard, Free, and Shared.
Standard mode carries an enterprise-grade SLA (Service Level Agreement) of 99.9% monthly, even for sites with just one instance.
Standard mode runs on dedicated instances, making it different from the other ways to buy Windows Azure Web Sites.
Incorrect Answers:
B: Shared and Free modes do not offer the scaling flexibility of Standard, and they have some important limits.
Shared mode, just as the name states, also uses shared Compute resources, and also has a CPU limit.
So, while neither Free nor Shared is likely to be the best choice for your production environment due to these limits.
November/2020 Latest Braindump2go AZ-104 Exam Dumps with PDF and VCE Free Updated Today! Following are some new AZ-104 Real Exam Questions!
QUESTION 311
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the [email protected] sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: “Unable to invite user [email protected] – Generic authorization exception.”
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?
A. From the Users blade, modify the External collaboration settings.
B. From the Custom domain names blade, add a custom domain.
C. From the Organizational relationships blade, add an identity provider.
D. From the Roles and administrators blade, assign the Security administrator role to Admin1.
Answer: A
Explanation:
https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Generic-authorization-exception-inviting-Azure-AD-gests/td-p/274742
November/2020 Latest Braindump2go ITILFNDv4 Exam Dumps wirth PDF and VCE Free Updated Today! Following are some new ITILFNDv4 Real Exam Questions!
QUESTION 771
What must always be done before an activity is automated?
A. Check that the activity has already been optimized
B. Check that suitable new technology has been purchased
C. Ensure that DevOps has been successfully implemented
D. Ensure the solution removes the need for human intervention
Answer: A
2020/November Latest Braindump2go SAA-C02 Exam Dumps with PDF and VCE Free Updated Today! Following are some new SAA-C02 Real Exam Questions!
QUESTION 402
A solutions architect is creating a new VPC design. There are two public subnet for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web serves use only HTTPS. The solutions architect has already created a security group for the load Balancer allowing port 443 from 0.0 0.0/0. Company policy requires that each resource has the least access required to still be able to perform its tasks.
Which additional configuration strategy should the solution architect use to meet these requirements?
A. Create a security group far the web servers and allow port 443 from 0.0.0.0/0.
Create a security group tor the MySQL serve’s aid allow port 3306 from the web servers security group.
B. Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0.
Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group
C. Create a security group for the web servers and allow port 443 from the load balancer.
Create a security group tor the MySQL servers and allow port 3306 from the web sewers security group
D. Create a network ACL for the web servers and allow port 443 from the web balancer.
Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.
Answer: C
QUESTION 403
A company runs an application on an Amazon EC2 instance Backed by Amazon Elastic Block Store (Amazon EBS).
The instance needs to be available for 12 hours daily.
The company wants to save costs by making the instance unavailable outside the window required for the application.
However the contents of the instance’s memory must be preserved whenever the instance is unavailable.
What should a solutions architect do lo meet this requirement?
A. Stop the instance outside the application’s availability window.
Start up the Instance again when required.
B. Hibernate tie instance outside the application’s availability window.
Start up the instance again when required.
C. Use Auto Scaling to scale down the instance outside the application’s availability window.
Scale up the instance when required.
D. Terminate the instance outside the application’s availability window.
Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required.
Answer: B
QUESTION 404
A company Is migrating lo the AWS Cloud. A file server is the first workload to migrate.
Users must be able to access the file share using the Server Message Block (SMB) protocol.
Which AWS managed service meets these requirements”
A. Amazon EBS
B. Amazon EC2
C. Amazon FSx
D. Amazon S3
Answer: B
QUESTION 405
A solutions architect needs to design a resilient solution for Windows users’ home directories.
The solution must provide fault tolerance, file-level backup and recovery, and access control, based upon the company’s Active Directory.
Which storage solution meets these requirements?
A. Configure Amazon S3 to store the users’ home directories.
Join Amazon S3 to Active Directory.
B. Configure a Multi-AZ file system with Amazon FSx for Windows File Server.
Join Amazon FSx to Active Directory.
C. Configure Amazon Elastic File System (Amazon EFS) for the users’ home directories.
Configure AWS Single Sign-On with Active Directory.
D. Configure Amazon Elastic Block Store (Amazon EBS) to store the users’ home directories.
Configure AWS Single Sign-On with Active Directory.
Answer: A
QUESTION 406
A company has a legacy application that processes data in two parts.
The second part of the process takes longer than the first, so the company has decided to rewrite the application as two microservices running on Amazon ECS that can scale independently.
How should a solutions architect integrate the microservices?
A. Implement code in microservice 1 to send data to an Amazon S3 bucket.
Use S3 event notifications to invoke microservice 2
B. Implement code in microservice 1 to publish data to an Amazon SNS topic.
Implement code In microservice 2 to subscribe to this topic.
C. Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose.
Implement code in microservice 2 to read from Kinesis Data Firehose.
D. Implement code in microservice 1 to send data to an Amazon SOS queue.
Implement code in microservice 2 to process messages from the queue.
Answer: A
QUESTION 407
A company hosts its application using Amazon Elastic Container Service (Amazon ECS) and wants to ensure high availability.
The company wants to be able (o deploy updates to its application even if nodes in one Availability Zone are not accessible.
The expected request volume for the application is 100 requests per second, and each container task is able to serve at least 60 requests pet second.
The company set up Amazon ECS with a rolling update deployment type with the minimum healthy percent parameter set to 50% and the maximum percent set lo 100%.
Which configuration of tasks and Availability Zones meets these requirements?
A. Deploy the application across two Availability Zones, with one task in each Availability Zone
B. Deploy the application across two Availability Zones, with two tasks in each Availability Zone.
C. Deploy the application across three Availability Zones, with one task in each Availability Zone.
D. Deploy the application across three Availability Zones, with two tasks in each Availability Zone.
Answer: A
QUESTION 408
A web application runs on Amazon EC2 instances behind an Application Load Balancer.
The application allows users to create custom reports of historical weather data.
Generating a report can take up to 5 minutes.
These long-running requests use many of the available incoming connections, making the system unresponsive to other users.
How can a solutions architect make the system more responsive?
A. Use Amazon SOS with AWS Lambda to generate reports.
B. Increase the Idle timeout on the Application Load Balancer to 5 minutes.
C. Update the client-side application code to increase its request timeout to 5 minutes.
D. Publish the reports to Amazon S3 and use Amazon CloudFront for downloading lo the user.
Answer: A
QUESTION 409
A company is planning to use Amazon S3 to store images uploaded by its users.
The images must be encrypted at rest in Amazon S3.
The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys.
What should a solutions architect use to accomplish this?
A. Server-Side Encryption with keys stored in an S3 bucket
B. Server-Side Encryption with Customer-Provided Keys (SSE-C)
C. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
D. Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
Answer: D
QUESTION 410
A company’s application is running on Amazon EC2 instances within an Auto Scaling group behind an Elastic Load Balancer.
Based on the application’s history, the company anticipates a spike in traffic during a holiday each year.
A solutions architect must design a strategy to ensure that the Auto Scaling group proactively increases capacity lo minimize any performance impact on application users.
Which solution will meet these requirements?
A. Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization exceeds 90%.
B. Create a recurring scheduled action to scale up the Auto Scaling group before the expected period of peak demand.
C. Increase the minimum and maximum number of EC2 instances in the Auto Scaling group during the peak demand period.
D. Configure an Amazon Simple Notification Service (Amazon SNS) notification to send alerts when there ate autoscaling:EC2_INSTANCE_LAUNCH events.
Answer: B
QUESTION 411
A website runs a web application that receives a burst of traffic each day at noon.
The users upload new pictures and content daily, but have been complaining of timeouts.
The architecture uses Amazon EC2 Auto Seating groups, and the custom application consistently takes 1 minute to initiate upon boot up before responding to user requests
How should a solutions architect redesign the architecture to better respond to changing traffic?
A. Configure a Network Load Balancer with a slow start configuration.
B. Configure AWS ElastiCache for Redis to offload direct requests to the servers
C. Configure an Auto Scaling step scaling policy with an instance warmup condition.
D. Configure Amazon CloudFront to use an Application Load Balancer as the origin.
Answer: B
QUESTION 412
A solutions architect needs to design a managed storage solution for a company’s application that includes high-performance machine learning.
This application runs on AWS Fargate. and the connected storage needs to have concurrent access to files and deliver high performance.
Which storage option should the solutions architect recommend?
A. Create an Amazon S3 bucket for the application and establish an 1AM role for Fargate to communicate with Amazon S3.
B. Create an Amazon FSx for Lustre file share and establish an 1AM role that allows Fargate to communicate with FSx for Lustre
C. Create an Amazon Elastic File System (Amazon EFS> file share and establish an 1AM role that allows Fargate to communicate with Amazon EFS.
D. Create an Amazon Elastic Block Store (Amazon EBS) volume for the application and establish an 1AM role that allows Fargate to communicate with Amazon EBS.
Answer: B
QUESTION 413
A company Is launching an ecommerce website on AWS.
This website is built with a three-tier architecture that includes a MySQL database.
In a Multi-AZ deployment of Amazon Aurora MySQL.
The website application must be highly available and will initially be launched in an AWS Region with three Availability Zones.
The application produces a metric that describes the load the application experiences.
Which solution meets these requirements?
A. Configure an Application Load Balancer (ALB( with Amazon EC2 Auto Scaling behind the ALB with scheduled scaling
B. Configure an Application Load Balancer (ALB) and Amazon EC2 Auto Scaling behind the ALB with a simple scaling policy.
C. Configure a Network Load Balancer (NLB) and launch a Spot Fleet with Amazon EC2 Auto Scaling behind the NL8.
D. Configure an Application Load Balancer (ALB) and Amazon EC2 Auto Scaling behind the ALB with a target tracking scaling policy.
Answer: B
QUESTION 414
A company Is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in Amazon RDS MySQL Multi-AZ DB instances.
The EC2 instances are in public subnets, and the RDS DB instances are in private subnets.
The security team has mandated that the DB instances be secured against web-based attacks.
What should a solutions architect recommend?
A. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer.
Configure the EC2 instance iptables rules to drop suspicious web traffic.
Create a security group for the DB instances.
Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
B. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer.
Move DB instances to the same subnets that EC2 instances are located in.
Create a security group for the DB instances.
Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer.
Use AWS WAF to monitor inbound web traffic for threats.
Create a security group for the web application servers and a security group for the DB instances.
Configure the RDS security group to only allow port 3306 inbound from the web application server security group.
D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer.
Use AWS WAF to monitor inbound web traffic for threats.
Configure the Auto Scaling group lo automatically create new DB instances under heavy traffic.
Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.
Answer: D
QUESTION 415
A start-up company has a web application based in the us-east-1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones.
As the company’s user base grows in the us-west-1 Region, it needs 3 solution with low latency and high availability.
What should a solutions architect do to accomplish this?
A. Provision EC2 instances in us-west-1.
Switch me Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing.
B. Provision EC2 instances and an Application Load Balancer in us-west-1.
Make the load balancer distribute the traffic based on the location of the request
C. Provision EC2 instances and configure an Application Load Balancer in us-west-1.
Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.
D. Provision EC2 Instances and configure an Application Load Balancer in us-wesl-1.
Configure Amazon Route 53 with a weighted routing policy.
Create alias records in Route 53 that point to the Application Load Balancer
Answer: C
Explanation:
https://aws.amazon.com/global-accelerator/faqs/
QUESTION 416
A company has a custom application running on an Amazon EC2 instance that:
– Reads a large amount of data from Amazon S3
– Performs a multi-stage analysis.
– Writes the results to Amazon DynamoDB.
The application writes a significant number of large, temporary files during the multi-stage analysis.
The process performance depends on the temporary storage performance.
What would be the fastest storage option for holding the temporary files?
A. Multiple Amazon S3 buckets with Transfer Acceleration for storage
B. Multiple Amazon EBS drives with Provisioned IOPS and EBS optimization.
C. Multiple Amazon EFS volumes using the Network File System version 4.1 (NFSv4.1) protocol.
D. Multiple instance store volumes with software RAID 0
Answer: D
QUESTION 417
A company built a food ordering application that captures user data and stores it for future analysis.
The application’s static front end is deployed on an Amazon EC? instance.
The front-end application sends the requests to the backend application running on separate EC2 instance.
The backend application then stores the data in Amazon RDS.
What should a solutions architect do to decouple the architecture and make it scalable?
A. Use Amazon S3 to serve the front-end application, which sends requests to Amazon EC2 to execute the backend application.
The backend application will process and store the data in Amazon RDS.
B. Use Amazon S3 to serve the front-end application and write requests to an Amazon Simple Notification Service (Amazon SNS) topic.
Subscribe Amazon EC2 instances to the HTTP/HTTPS endpoint o( the topic, and process and store the data in Amazon RDS.
C. Use an EC2 instance lo serve the front end and write requests to an Amazon SOS queue.
Place the backend Instance in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.
D. Use Amazon S3 to serve the static front-end application and send requests lo Amazon API Gateway which writes the requests to an Amazon SQS queue.
Place the backend instances in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.
Answer: D
QUESTION 418
A company has an on-premises application that collects data and stores it to an on-premises NFS server.
The company recently set up a 10 Gbps AWS Direct Connect connection.
The company is running out of storage capacity on premises.
The company needs to migrate the application data from on premises to the AWS Cloud while maintaining low-latency access to the data from the on- premises application.
What should a solutions architect do to meet these requirements?
A. Deploy AWS Storage Gateway for the application data, and use the file gateway to store the data in Amazon S3.
Connect the on-premises application servers to the file gateway using NFS.
B. Attach an Amazon Elastic File System (Amazon EFS) file system to the NFS server, and copy the application data to the EFS file system.
Then connect the on-premises application to Amazon EFS.
C. Configure AWS Storage Gateway as a volume gateway.
Make the application data available to the on-premises application from the NFS server and with Amazon Elastic Block Store (Amazon EBS) snapshots.
D. Create an AWS DataSync agent with the NFS server as the source location and an Amazon Elastic File System (Amazon EFS) file system as the destination for application data transfer.
Connect the on- premises application to the EFS file system.
Answer: A
QUESTION 419
A company wants to migrate a high performance computing (HPC) application and data from on- premises to the AWS Cloud.
The company uses tiered storage on-premises with hoi high-performance parallel storage to support the application during periodic runs of the application, and more economical cold storage to hold the data when the application is not actively running.
Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Select TWO)
A. Amazon S3 for cold data storage
B. Amazon EFS for cold data storage
C. Amazon S3 for high-performance parallel storage
D. Amazon FSx for clustre tor high-performance parallel storage
E. Amazon FSx for Windows for high-performance parallel storage
Answer: AD
Explanation:
https://aws.amazon.com/fsx/lustre/
Amazon FSx for Lustre makes it easy and cost effective to launch and run the world’s most popular high-performance file system. Use it for workloads where speed matters, such as machine learning, high performance computing (HPC), video processing, and financial modeling.
QUESTION 420
A software vendor is deploying a new software-as-a-service (SaaS) solution that will be utilized by many AWS users.
The service is hosted in a VPC behind a Network Load Balancer.
The software vendor wants to provide access to this service to users with the least amount of administrative overhead and without exposing the service to the public internet.
What should a solutions architect do to accomplish this goal?
A. Create a peering VPC connection from each user’s VPC to the software vendor s VPC.
B. Deploy a transit VPC in the software vendor’s AWS account.
Create a VPN connection with each user account
C. Connect the service in the VPC with an AWS PrivateLink endpoint.
Have users subscribe to the endpoint.
D. Deploy a transit VPC in the software vendor’s AWS account.
Create an AWS Direct Connect connection with each user account.
Answer: C
QUESTION 421
A company uses Amazon S3 to store its confidential audit documents.
The S3 bucket uses bucket policies to restrict access to audit team 1AM user credentials according to the principle of least privilege.
Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.
What should a solutions architect do to secure the audit documents?
A. Enable the versioning and MFA Delete features on the S3 bucket
B. Enable multi-factor authentication (MFA) on the 1AM user credentials for each audit team 1AM user account.
C. Add an S3 Lifecycle policy to the audit team’s 1AM user accounts to deny the s3:DeleteOb|ect action during audit dates.
D. Use AWS Key Management Service (AWS KMS> to encrypt the S3 bucket and restrict audit team 1AM user accounts from accessing the KMS key.
Answer: A
QUESTION 422
A solutions architect is helping a developer design a new ecommerce shopping cart application using AWS services.
The developer is unsure of the current database schema and expects to make changes as the ecommerce site grows.
The solution needs to be highly resilient and capable of automatically scaling read and write capacity.
Which database solution meets these requirements?
A. Amazon Aurora PostgreSQL
B. Amazon DynamoDB with on-demand enabled
C. Amazon DynamoDB with DynamoDB Streams enabled
D. Amazon SQS and Amazon Aurora PostgreSQL
Answer: B
QUESTION 423
A company Is seeing access requests by some suspicious IP addresses.
The security team discovers the requests are horn different IP addresses under the same CIDR range.
What should a solutions architect recommend to the team?
A. Add a rule in the inbound table of the security group to deny the traffic from that CIDR range.
B. Add a rule In the outbound table of the security group to deny the traffic from that CIDR range
C. Add a deny rule in the Inbound table of the network ACL with a lower rule number than other rules.
D. Add a deny rule in the outbound table of the network ACL with a tower rule number than other rules.
Answer: C
QUESTION 424
A company wants to run a hybrid workload for data processing.
The data needs to be accessed by on-premises applications for local data processing using an NFS protocol, and must also be accessible from the AWS Cloud for further analytics and batch processing.
Which solution will meet these requirements?
A. Use an AWS Storage Gateway fife gateway to provide file storage to AWS.
Then perform analytics on the data in the AWS Cloud.
B. Use an AWS Storage Gateway tape gateway to copy the backup of the local data to AWS.
Then perform analytics on this data in the AWS Cloud.
C. Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AWS.
D. Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS Cloud, then perform analytics on this data in the cloud.
Answer: C
Explanation:
https://docs.aws.amazon.com/storagegateway/latest/userguide/WhatIsStorageGateway.html
QUESTION 425
A solutions architect is designing a solution that requires frequent updates to a website that is hosted on Amazon S3 with versioning enabled.
For compliance reasons, older versions of the objects will not be accessed frequently and will need to be deleted after 2 years.
What should the solutions architect recommend to meet these requirements at the LOWEST cost?
A. Use S3 batch operations to replace object tags.
Expire the objects based on the modified tags
B. Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier.
Expire the objects after 2 years
C. Enable S3 Event Notifications on the bucket that sends older objects to the Amazon Simple Queue Service (Amazon SOS) queue for further processing.
D. Replicate older object versions to a new bucket.
Use an S3 Lifecycle policy to expire the objects In the new bucket after 2 years
Answer: B
Resources From:
1.2020 Latest Braindump2go SAA-C02 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/saa-c02.html
2.2020 Latest Braindump2go SAA-C02 PDF and SAA-C02 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1_5IK3H_eM74C6AKwU7sKaLn1rrn8xTfm?usp=sharing
3.2020 Free Braindump2go SAA-C02 PDF Download:
https://www.braindump2go.com/free-online-pdf/SAA-C02-Dumps(416-430).pdf
https://www.braindump2go.com/free-online-pdf/SAA-C02-PDF-Dumps(402-415).pdf
https://www.braindump2go.com/free-online-pdf/SAA-C02-VCE-Dumps(431-445).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!