The Secret Of Amazon-Web-Services SAA-C03 Free Practice Questions

NEW QUESTION 1
An online retail company has more than 50 million active customers and receives more than 25,000 orders each day. The company collects purchase data for customers and stores this data in Amazon S3. Additional customer data is stored in Amazon RDS.
The company wants to make all the data available to various teams so that the teams can perform analytics. The solution must provide the ability to manage fine-grained permissions for the data and must minimize operational overhead.
Which solution will meet these requirements?

• A. Migrate the purchase data to write directly to Amazon RD
• B. Use RDS access controls to limit access.
• C. Schedule an AWS Lambda function to periodically copy data from Amazon RDS to Amazon S3. Create an AWS Glue crawle
• D. Use Amazon Athena to query the dat
• E. Use S3 policies to limit access.
• F. Create a data lake by using AWS Lake Formatio
• G. Create an AWS Glue JOBC connection to Amazon RD
• H. Register the S3 bucket in Lake Formatio
• I. Use Lake
• J. Formation access controls to limit acces
• K. Create an Amazon Redshift cluster Schedule an AWS Lambda function to periodically copy data from Amazon S3 and Amazon RDS to Amazon Redshif
• L. Use Amazon Redshift access controls to limit access.

Answer: C

NEW QUESTION 2
A company is experiencing sudden increases in demand. The company needs to provision large Amazon EC2 instances from an Amazon Machine image (AMI) The instances will run m an Auto Scaling group. The company needs a solution that provides minimum initialization latency to meet the demand.
Which solution meets these requirements?

• A. Use the aws ec2 register-image command to create an AMI from a snapshot Use AWS Step Functions to replace the AMI in the Auto Scaling group
• B. Enable Amazon Elastic Block Store (Amazon EBS) fast snapshot restore on a snapshot Provision an AMI by using the snapshot Replace the AMI m the Auto Scaling group with the new AMI
• C. Enable AMI creation and define lifecycle rules in Amazon Data Lifecycle Manager (Amazon DLM) Create an AWS Lambda function that modifies the AMI in the Auto Scaling group
• D. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke AWS Backup lifecycle policies that provision AMIs Configure Auto Scaling group capacity limits as an event source in EventBridge (CloudWatch Events)

Answer: B

NEW QUESTION 3
A company is hosting a website from an Amazon S3 bucket that is configured for public hosting. The company’s security team mandates the usage of secure connections for access to the website. However; HTTP-based URLS and HTTPS-based URLS mist be functional.
What should a solution architect recommend to meet these requirements?

• A. Create an S3 bucket policy to explicitly deny non-HTTPS traffic.
• B. Enable S3 Transfer Acceleratio
• C. Select the HTTPS Only bucket property.
• D. Place thee website behind an Elastic Load Balancer that is configured to redirect HTTP traffic to HTTTPS.
• E. Serve the website through an Amazon CloudFront distribution that is configured to redirect HTTP traffic to HTTPS.

Answer: D

NEW QUESTION 4
A company wants to manage Amazon Machine Images (AMls). The company currently copies AMls to the same AWS Region where the AMls were created. The company needs to design an application that captures AWS API calls and sends alerts whenever the Amazon EC2 Createlmage API operation is called within the company's account
Which solution will meet these requirements with the LEAST operational overhead?

• A. Create an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a Createlmage API call is detected
• B. Configure AWS CloudTrail with an Amazon Simple Notification Sen/ice (Amazon SNS) notification that occurs when updated logs are sent to Amazon S3 Use Amazon Athena to create a new table and to query on Createlmage when an API call is detected
• C. Create an Amazon EventBndge (Amazon CloudWatch Events) rule for the Createlmage API call Configure the target as an Amazon Simple Notification Service (Amazon SNS) topic to send an alert when a Createlmage API call is detected
• D. Configure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs Create an AWS Lambda function to send an alert to an Amazon Simple Notification Service (Amazon SNS) topic when a Createlmage API call is detected

Answer: B

NEW QUESTION 5
A development team runs monthly resource-intensive tests on its general purpose Amazon RDS for MySQL DB instance with Performance Insights enabled. The testing lasts for 48 hours once a month and is the only process that uses the database. The team wants to reduce the cost of running the tests without reducing the compute and memory attributes of the DB instance.
Which solution meets these requirements MOST cost-effectively?

• A. Stop the DB instance when tests are complete
• B. Restart the DB instance when required.
• C. Use an Auto Scaling policy with the DB instance to automatically scale when tests are completed.
• D. Create a snapshot when tests are complete
• E. Terminate the DB instance and restore the snapshot when required.
• F. Modify the DB instance to a low-capacity instance when tests are complete
• G. Modify the DB instance again when required.

Answer: C

NEW QUESTION 6
A company has a stateless asynchronous application that runs in an Apache Hadoop cluster The application is invoked on demand to run extract, transform and load (ETL) jobs several limes a day
A solutions architect needs to migrate this application to the AWS Cloud by designing an Amazon EMR cluster for the workload. The cluster must be available immediately to process jobs.
Which implementation meets these requirements MOST cost-effectively?

• A. Use zonal Reserved Instances for the master nodes and the ewe nodes Use a Spot Fleet lor tire task nodes
• B. Use zonal Reserved Instances for the master nodes Use Spot instances for the core nodes and the task nodes
• C. Use regional Reserved Instances for the master nodes Use a Spot Fleer for the core nodes and the task nodes
• D. Use regional Reserved Instances for the master node
• E. Use On-Demand Capacity Reservations for the core nodes and the task nodes.

Answer: A

NEW QUESTION 7
A company is launching a new application and will display application metrics on an Amazon CloudWatch dashboard. The company’s product manager needs to access this dashboard periodically. The product manager does not have an AWS account. A solution architect must provide access to the product manager by following the principle of least privilege.
Which solution will meet these requirements?

• A. Share the dashboard from the CloudWatch consol
• B. Enter the product manager’s email address, and complete the sharing step
• C. Provide a shareable link for the dashboard to the product manager.
• D. Create an IAM user specifically for the product manage
• E. Attach the CloudWatch Read Only Access managed policy to the use
• F. Share the new login credential with the product manage
• G. Share the browser URL of the correct dashboard with the product manager.
• H. Create an IAM user for the company’s employees, Attach the View Only Access AWS managed policy to the IAM use
• I. Share the new login credentials with the product manage
• J. Ask the product manager to navigate to the CloudWatch console and locate the dashboard by name in the Dashboards section.
• K. Deploy a bastion server in a public subne
• L. When the product manager requires access to the dashboard, start the server and share the RDP credential
• M. On the bastion server, ensure that the browser is configured to open the dashboard URL with cached AWS credentials that have appropriate permissions to view the dashboard.

Answer: A

NEW QUESTION 8
A company has two applications: a sender application that sends messages with payloads to be processed and a processing application intended to receive the messages with payloads. The company wants to implement an AWS service to handle messages between the two applications. The sender application can send about 1.000 messages each hour. The messages may take up to 2 days to be processed. If the messages fail to process, they must be retained so that they do not impact the processing of any remaining messages.
Which solution meets these requirements and is the MOST operationally efficient?

• A. Set up an Amazon EC2 instance running a Redis databas
• B. Configure both applications to use the instanc
• C. Store, process, and delete the messages, respectively.
• D. Use an Amazon Kinesis data stream to receive the messages from the sender applicatio
• E. Integrate the processing application with the Kinesis Client Library (KCL).
• F. Integrate the sender and processor applications with an Amazon Simple Queue Service (Amazon SQS) queu
• G. Configure a dead-letter queue to collect the messages that failed to process.
• H. Subscribe the processing application to an Amazon Simple Notification Service (Amazon SNS) topic to receive notifications to proces
• I. Integrate the sender application to write to the SNS topic.

Answer: C

Explanation:
Explanation
https://aws.amazon.com/blogs/compute/building-loosely-coupled-scalable-c-applications-with-amazon-sqs-and- https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.htm

NEW QUESTION 9
A company that recently started using AWS establishes a Site-to-Site VPN between its on-premises data center and AWS. The company’s security mandate states that traffic originating from on premises should stay within the company’s private IP space when communicating with an Amazon Elastic Container Service (Amazon ECS) cluster that is hosting a sample web application.
Which solution meets this requirement?

• A. Configure a gateway endpoint for Amazon EC
• B. Modify the route table to include an entry pointing to the ECS cluster.
• C. Create a Network Load Balancer and AWS PrivateLink endpoint for Amazon ECS in the same VPC that is hosting the ECS cluster.
• D. Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VP
• E. Connect the two by using VPC peering.
• F. Configure an Amazon Route record with Amazon ECS as the targe
• G. Apply a server certificate to Route 53 from AWS Certificate Manager (ACM) for SSL offloading.

Answer: A

NEW QUESTION 10
A solutions architect is designing a new hybrid architecture to extend a company s on-premises infrastructure to AWS The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails.
What should the solutions architect do to meet these requirements?

• A. Provision an AWS Direct Connect connection to a Region Provision a VPN connection as a backup if the primary Direct Connect connection fails.
• B. Provision a VPN tunnel connection to a Region for private connectivit
• C. Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails.
• D. Provision an AWS Direct Connect connection to a Region Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails.
• E. Provision an AWS Direct Connect connection to a Region Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.

Answer: A

NEW QUESTION 11
A research company runs experiments that are powered by a simulation application and a visualization application. The simulation application runs on Linux and outputs intermediate data to an NFS share every 5 minutes. The visualization application is a Windows desktop application that displays the simulation output and requires an SMB file system.
The company maintains two synchronized tile systems. This strategy is causing data duplication and inefficient resource usage. The company needs to migrate the applications to AWS without making code changes to either application.
Which solution will meet these requirements?

• A. Migrate both applications to AWS Lambda Create an Amazon S3 bucket to exchange data between the applications.
• B. Migrate both applications to Amazon Elastic Container Service (Amazon ECS). Configure Amazon FSx File Gateway for storage.
• C. Migrate the simulation application to Linux Amazon EC2 instance
• D. Migrate the visualization application to Windows EC2 instance
• E. Configure Amazon Simple Queue Service (Amazon SOS) to exchange data between the applications.
• F. Migrate the simulation application to Linux Amazon EC2 instance
• G. Migrate the visualization application to Windows EC2 instance
• H. Configure Amazon FSx for NetApp ONTAP for storage.
• I. B

Answer: E

NEW QUESTION 12
A rapidly growing ecommerce company is running its workloads in a single AWS Region. A solutions architect must create a disaster recovery (DR) strategy that includes a different AWS Region. The company wants its database to be up to date in the DR Region with the least possible latency. The remaining infrastructure in the DR Region needs to run at reduced capacity and must be able to scale up if necessary.
Which solution will meet these requirements with the LOWEST recovery time objective (RTO)?

• A. Use an Amazon Aurora global database with a pilot light deployment.
• B. Use an Amazon Aurora global database with a warm standby deployment.
• C. Use an Amazon RDS Multi-AZ DB instance with a pilot light deployment.
• D. Use an Amazon RDS Multi-AZ DB instance with a warm standby deployment.

Answer: B

NEW QUESTION 13
A company has enabled AWS CloudTrail logs to deliver log files to an Amazon S3 bucket for each of its developer accounts. The company has created a central AWS account for streamlining management and audit reviews An internal auditor needs to access the CloudTrail logs yet access needs to be restricted for all developer account users The solution must be secure and optimized
How should a solutions architect meet these requirements?

• A. Configure an AWS Lambda function m each developer account to copy the log files to the central account Create an IAM role in the central account for the auditor Attach an IAM policy providing read-only permissions to the bucket
• B. Configure CloudTrail from each developer account to deliver the log files to an S3 bucket m the central account Create an IAM user in the central account for the auditor Attach an IAM policy providing full permissions to the bucket
• C. Configure CloudTrail from each developer account to deliver the log files to an S3 bucket in the central account Create an IAM role in the central account for the auditor Attach an IAM policy providingread-only permissions to the bucket
• D. Configure an AWS Lambda function in the central account to copy the log files from the S3 bucket m each developer account Create an IAM user m the central account for the auditor Attach an IAM policy providing full permissions to the bucket

Answer: C

Explanation:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-sharing-logs.html

NEW QUESTION 14
A company that primarily runs its application servers on premises has decided to migrate to AWS. The company wants to minimize its need to scale its Internet Small Computer Systems Interface (iSCSI) storage on premises. The company wants only its recently accessed data to remain stored locally.
Which AWS solution should the company use to meet these requirements?

• A. Amazon S3 File Gateway
• B. AWS Storage Gateway Tape Gateway
• C. AWS Storage Gateway Volume Gateway stored volumes
• D. AWS Storage Gateway Volume Gateway cachea volumes

Answer: D

NEW QUESTION 15
A company hosts an application on AWS. The application uses AWS Lambda functions and stores data in Amazon DynamoDB tables. The Lambda functions are connected to a VPC that does not have internet access.
The traffic to access DynamoDB must not travel across the internet. The application must have write access to only specific DynamoDB tables.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

• A. Attach a VPC endpoint policy for DynamoDB to allow write access to only the specific DynamoDB tables.
• B. Attach a security group to the interface VPC endpoint to allow write access to only the specific DynamoDB tables.
• C. Create a resource-based 1AM policy to grant write access to only the specific DynamoDB table
• D. Attach the policy to the DynamoDB tables.
• E. Create a gateway VPC endpoint for DynamoDB that is associated with the Lambda VP
• F. Ensure that the Lambda execution role can access the gateway VPC endpoint.
• G. Create an interface VPC endpoint for DynamoDB that is associated with the Lambda VP
• H. Ensure that the Lambda execution role can access the interface VPC endpoint.

Answer: AD

NEW QUESTION 16
A company is hosting a static website on Amazon S3 and is using Amazon Route 53 for DNS. The website is experiencing increased demand from around the world. The company must decrease latency for users who access the website.
Which solution meets these requirements MOST cost-effectively?

• A. Replicate the S3 bucket that contains the website to all AWS Region
• B. Add Route 53 geolocation routing entries.
• C. Provision accelerators in AWS Global Accelerato
• D. Associate the supplied IP addresses with the S3 bucke
• E. Edit the Route 53 entries to point to the IP addresses of the accelerators.
• F. Add an Amazon CloudFront distribution in front of the S3 bucke
• G. Edit the Route 53 entries to point to the CloudFront distribution.
• H. Enable S3 Transfer Acceleration on the bucke
• I. Edit the Route 53 entries to point to the new endpoint.

Answer: C

NEW QUESTION 17
A solution architect is creating a new Amazon CloudFront distribution for an application Some of Ine information submitted by users is sensitive. The application uses HTTPS but needs another layer" of security The sensitive information should be protected throughout the entire application stack end access to the information should be restricted to certain applications
Which action should the solutions architect take?

• A. Configure a CloudFront signed URL
• B. Configure a CloudFront signed cookie.
• C. Configure a CloudFront field-level encryption profile
• D. Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy

Answer: C

NEW QUESTION 18
A company wants to use Amazon S3 for the secondary copy of itdataset. The company would rarely need to access this copy. The storage solution’s
cost should be minimal.
Which storage solution meets these requirements?

• A. S3 Standard
• B. S3 Intelligent-Tiering
• C. S3 Standard-Infrequent Access (S3 Standard-IA)
• D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: C

NEW QUESTION 19
An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without connectivity to the internet.
Which solution will provide private network connectivity to Amazon S3?

• A. Create a gateway VPC endpoint to the S3 bucket.
• B. Stream the logs to Amazon CloudWatch Log
• C. Export the logs to the S3 bucket.
• D. Create an instance profile on Amazon EC2 to allow S3 access.
• E. Create an Amazon API Gateway API with a private link to access the S3 endpoint.

Answer: A

NEW QUESTION 20
A company's web application resizes uploaded images lot users The application stores the original images and the resized images in Amazon S3 The company needs lo minimize the storage costs tor all the images Original images ate viewed frequently. and resized images are viewed infrequently after they are created Both types of images need to be immediately available
Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.) A. Store the original images In S3 Standard.

• A. Store the resized images in S3 Standard
• B. Store the original images in S3 Glacier
• C. Store the resized Images In S3 Glacier
• D. Store the resized Images In S3 One Zone-Infrequent Access (S3 One Zone-IA).

Answer: AD

NEW QUESTION 21
......