Instant Access Amazon.SAA-C02.v2023-08-21.q655 Actual Practice Test Engine for Free (Page 8)

40%off

SAA-C02 Premium Dumps

Latest SAA-C02 Exam Premium Dumps provide by TrainingQuiz.com to help you Passing SAA-C02 Exam! TrainingQuiz.com offers the updated SAA-C02 exam dumps, the TrainingQuiz.com SAA-C02 exam questions has been updated to correct Answer. Get the latest TrainingQuiz.com SAA-C02 pdf dumps with Exam Engine here:

(726 Q&As Dumps, 40%OFF Special Discount: DumpsDB)

Question 31

A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining standard security controls.
Because the individual developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified.
Which action meets these requirements?

A.Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled.
B.Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the master account.
C.Create a service control policy (SCP) the prohibits changes to CloudTrail, and attach it the developer accounts.
D.Create an IAM policy that prohibits changes to CloudTrail, and attach it to the root user.

Question 32

A group requires permissions list an Amazon S3 bucket and delete objects from that bucket. An administrator has created the following IAM policy to provide access to the bucket and applied that policy to the group. The group is not able to delete objects in the bucket.
The company follows least-privilege access rules.

Which statement should a solutions architect add to the policy to correct bucket access?

Question 33

A company is seeing access requests by some suspicious IP addresses. The security team discovers the requests are from different IP addresses under the same CIDR range. What should a solutions architect recommend to the team?

A.Add a rule in the inbound table of the security to deny the traffic from that CIDR range.
B.Add a rule in the outbound table of the security group to deny the traffic from that CIDR range.
C.Add a deny rule in the inbound table of the network ACL with a lower number than other rules.
D.Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules.

Question 34

A restaurant reservation application needs to access a waiting list. When a customer tries to reserve a table, and none are available, the customer application will put the user on the waiting list, and the application will notify the customer when a table becomes free. The waiting list must preserve the order in which customers were added to the waiting list.
Which service should the solutions architect recommend to store this waiting list?

A.Amazon Simple Notification Service (Amazon SNS)
B.A standard queue in Amazon Simple Queue Service (Amazon SQS)
C.A FIFO queue in Amazon Simple Queue Service (Amazon SQS)
D.AWS Step Functions invoking AWS Lambda functions

Question 35

A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.
What should a solutions architect do to secure the audit documents?

A.Enable the versioning and MFA Delete features on the S3 bucket.
B.Enable multi-factor authentication (MFA) on the IAM user credentials for each audit team IAM user account.
C.Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3:DeleteObject action during audit dates.
D.Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit team IAN user accounts from accessing the KMS key.