All About Tested SAA-C03 Samples

NEW QUESTION 1
A company is migrating its on-premises PostgreSQL database to Amazon Aurora PostgreSQL. The
on-premises database must remain online and accessible during the migration. The Aurora database must remain synchronized with the on-premises database.
Which combination of actions must a solutions architect take to meet these requirements? (Select TWO.)

• A. Create an ongoing replication task.
• B. Create a database backup of the on-premises database
• C. Create an AWS Database Migration Service (AWS DMS) replication server
• D. Convert the database schema by using the AWS Schema Conversion Tool (AWS SCT).
• E. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor the database synchronization

Answer: CD

NEW QUESTION 2
A company is designing an application to run in a VPC on AWS The application consists of Amazon EC2 instances that tun in private subnets as part of an Auto Scaling group The application also includes a Network Load Balancer that extends across public subnets The application stores data in an Amazon RDS OB instance
The company has attached a security group that is named "web-servers' to the EC2 instances. The company has attached a security group that is named "database" to the DB Instance.
How should a solutions architect configure the communication between the EC2 instances and the DB instance?

• A. Configure the "web-servers* security group (o allow access lo the OB instance's current IP addresses Configure the "database" security group to allow access from the current set of IP addresses in use by the EC? instances
• B. Configure the "web-servers" security group to allow access to the "database" security group Configure the "database" security group to allow access from the "web-servers" security group
• C. Configure the "web-servers" security group to allow access to the DB instance's current IP addresses Configure the "database" security group to allow access from the Auto Scaling group
• D. Configure the "web servers" security group to allow access to the "database" security group Configure the "database" security group to allow access from the Auto Scaling group

Answer: C

NEW QUESTION 3
A company has developed a new content-sharing application that runs on Amazon Elastic Container Service (Amazon ECS). The application runs on Amazon Linux Docker tasks that use the Amazon EC2 launch type. The application requires a storage solution that has the following characteristics:
• Accessibility (or multiple ECS tasks through bind mounts
• Resiliency across Availability Zones
• Burstable throughput of up to 3 Gbps
• Ability to be scaled up over time
Which storage solution meets these requirements?

• A. Launch an Amazon FSx for Windows File Server Multi-AZ instanc
• B. Configure the ECS task definitions to mount the Amazon FSx instance volume at launch.
• C. Launch an Amazon Elastic File System (Amazon EFS) instanc
• D. Configure the ECS task definitions to mount the EFS Instance volume at launch.
• E. Create a Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume with Multi-Attach set to enable
• F. Attach the EBS volume to the ECS EC2 instance Configure ECS task definitions to mount the EBS instance volume at launch.
• G. Launch an EC2 instance with several Provisioned IOPS SSD (k>2) Amazon Elastic Block Store (Amazon EBS) volumes attached m a RAID 0 configuratio
• H. Configure the EC2 instance as an NFS storage serve
• I. Configure ECS task definitions to mount the volumes at launch.

Answer: B

NEW QUESTION 4
A company is expecting rapid growth in the near future. A solutions architect needs to configure existing users and grant permissions to new users on AWS The solutions architect has decided to create IAM groups The solutions architect will add the new users to IAM groups based on department
Which additional action is the MOST secure way to grant permissions to the new users?

• A. Apply service control policies (SCPs) to manage access permissions
• B. Create IAM roles that have least privilege permission Attach the roles lo the IAM groups
• C. Create an IAM policy that grants least privilege permission Attach the policy to the IAM groups
• D. Create IAM roles Associate the roles with a permissions boundary that defines the maximum permissions

Answer: C

NEW QUESTION 5
A company has created an image analysis application in which users can upload photos and add photo frames to their images. The users upload images and metadata to indicate which photo frames they want to add to their images. The application uses a single Amazon EC2 instance and Amazon DynamoDB to store the metadata.
The application is becoming more popular, and the number of users is increasing. The company expects the number of concurrent users to vary significantly depending on the time of day and day of week. The company must ensure that the application can scale to meet the needs of the growing user base.
Which solution meats these requirements?

• A. Use AWS Lambda to process the photo
• B. Store the photos and metadata in DynamoDB.
• C. Use Amazon Kinesis Data Firehose to process the photos and to store the photos and metadata.
• D. Use AWS Lambda to process the photo
• E. Store the photos in Amazon S3. Retain DynamoDB to store the metadata.
• F. Increase the number of EC2 instances to thre
• G. Use Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volumes to store the photos and metadata.

Answer: A

NEW QUESTION 6
A company has an application that processes customer of tiers. The company hosts the application on an Amazon EC2 instance that saves the orders to an Amazon Aurora database. Occasionally when traffic Is high, the workload does not process orders fast enough.
What should a solutions architect do to write the orders reliably to the database as quickly as possible?

• A. Increase the instance size of the EC2 instance when baffle Is hig
• B. Write orders to Amazon Simple Notification Service (Amazon SNS) Subscribe the database endpoint to the SNS topic
• C. Write orders to an Amazon Simple Queue Service (Amazon SOS) queue Use EC2 instances in an Auto Scaling group behind an Application Load Balancer to read born the SQS queue and process orders into the database
• D. Write orders to Amazon Simple Notification Service (Amazon SNS). Subscribe the database endpoint to the SNS topi
• E. Use EC2 ^stances in an Auto Scaling group behind an Application Load Balancer to read from the SNS topic.
• F. Write orders to an Amazon Simple Queue Service (Amazon SQS) queue when the EC2 instance reaches CPU threshold limit
• G. Use scheduled scaling of EC2 instances in an Auto Scaling group behind an Application Load Balancer to read from the SQS queue and process orders into the database

Answer: B

NEW QUESTION 7
A company wants to establish connectivity between its on-premlses data center and AWS (or an existing workload. The workload runs on Amazon EC2 Instances in two VPCs In different AWS Regions. The VPCs need to communicate with each other. The company needs to provide connectivity from Its data center to both VPCs. The solution must support a bandwidth of 600 Mbps to the data center.
Which solution will meet these requirements?

• A. Set up an AWS Site-to-Site VPN connection between the data center and one VP
• B. Create a VPC peering connection between the VPCs.
• C. Set up an AWS Site-to-Site VPN connection between the data center and each VP
• D. Create a VPC peering connection between the VPCs.
• E. Set up an AWS Direct Connect connection between the data center and one VP
• F. Create a VPC peering connection between the VPCs.
• G. Create a transit gatewa
• H. Attach both VPCs to the transit gatewa
• I. Create an AWS Slte-to-Site VPN tunnel to the transit gateway.

Answer: B

NEW QUESTION 8
A solutions architect must design a highly available infrastructure for a website. The website is powered by Windows web servers that run on Amazon EC2 instances. The solutions architect must implement a solution that can mitigate a large-scale DDoS attack that originates from thousands of IP addresses. Downtime is not acceptable for the website.
Which actions should the solutions architect take to protect the website from such an attack? (Select TWO.)

• A. Use AWS Shield Advanced to stop the DDoS attack.
• B. Configure Amazon GuardDuty to automatically block the attackers.
• C. Configure the website to use Amazon CloudFront for both static and dynamic content.
• D. Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.
• E. Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization

Answer: AC

NEW QUESTION 9
A solutions architect is designing a customer-facing application for a company. The application's database will have a clearly defined access pattern throughout the year and will have a variable number of reads and writes that depend on the time of year. The company must retain audit records for the database for 7 days. The recovery point objective (RPO) must be less than 5 hours. Which solution meets these requirements?

• A. Use Amazon DynamoDB with auto scaling Use on-demand backups and Amazon DynamoDB Streams
• B. Use Amazon Redshif
• C. Configure concurrency scalin
• D. Activate audit loggin
• E. Perform database snapshots every 4 hours.
• F. Use Amazon RDS with Provisioned IOPS Activate the database auditing parameter Perform database snapshots every 5 hours
• G. Use Amazon Aurora MySQL with auto scalin
• H. Activate the database auditing parameter

Answer: B

NEW QUESTION 10
A company's ecommerce website has unpredictable traffic and uses AWS Lambda functions to directly access a private Amazon RDS for PostgreSQL DB instance. The company wants to maintain predictable database performance and ensure that the Lambda invocations do not overload the database with too many connections.
What should a solutions architect do to meet these requirements?

• A. Point the client driver at an RDS custom endpoint Deploy the Lambda functions inside a VPC
• B. Point the client driver at an RDS proxy endpoint Deploy the Lambda functions inside a VPC
• C. Point the client driver at an RDS custom endpoint Deploy the Lambda functions outside a VPC
• D. Point the client driver at an RDS proxy endpoint Deploy the Lambda functions outside a VPC

Answer: B

NEW QUESTION 11
A company is running a high performance computing (HPC) workload on AWS across many Linux based Amazon EC2 instances. The company needs a shared storage system that is capable of sub-millisecond latencies, hundreds of Gbps of throughput and millions of IOPS. Users will store millions of small files.
Which solution meets these requirements?

• A. Create an Amazon Elastic File System (Amazon EFS) file system Mount me file system on each of the EC2 instances
• B. Create an Amazon S3 bucket Mount the S3 bucket on each of the EC2 instances
• C. Ensure that the EC2 instances ate Amazon Elastic Block Store (Amazon EBS) optimized Mount Provisioned lOPS SSD (io2) EBS volumes with Multi-Attach on each instance
• D. Create an Amazon FSx for Lustre file syste
• E. Mount the file system on each of the EC2 instances

Answer: D

NEW QUESTION 12
A company needs to store its accounting records in Amazon S3. The records must be immediately accessible for 1 year and then must be archived for an additional 9 years. No one at the company, including administrative users and root users, can be able to delete the records during the entire 10- year period. The records must be stored with maximum resiliency.
Which solution will meet these requirements?

• A. Store the records in S3 Glacier for the entire 10-year perio
• B. Use an access control policy to deny deletion of the records for a period of 10 years.
• C. Store the records by using S3 Intelligent-Tierin
• D. Use an IAM policy to deny deletion of the records.After 10 years, change the IAM policy to allow deletion.
• E. Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 yea
• F. Use S3 Object Lock in compliance mode for a period of 10 years.
• G. Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 yea
• H. Use S3 Object Lock in governance mode for a period of 10 years.

Answer: C

NEW QUESTION 13
A company runs a photo processing application mat needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region A solutions architect has noticed an increased cost in data transfer lees and needs to implement a solution to reduce these costs
How can the solutions architect meet this requirement?

• A. Deploy Amazon API Gateway into a public subnet and adjust the route table to route S3 calls through it
• B. Deploy a NAT gateway into a public subnet and attach an endpoint policy that allows access to the S3 buckets
• C. Deploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets
• D. Deploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that allows access to the S3 buckets

Answer: D

NEW QUESTION 14
A company's application integrates with multiple software-as-a-service (SaaS) sources for data collection. The company runs Amazon EC2 instances to receive the data and to upload the data to an Amazon S3 bucket for analysis. The same EC2 instance that receives and uploads the data also sends a notification to the user when an upload is complete. The company has noticed slow application performance and wants to improve the performance as much as possible.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Create an Auto Scaling group so that EC2 instances can scale ou
• B. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
• C. Create an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket.Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
• D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for each SaaS source to send output dat
• E. Configure the S3 bucket as the rule's targe
• F. Create a second EventBridge (CloudWatch Events) rule to send events when the upload to the S3 bucket is complet
• G. Configure an Amazon Simple Notification Service (Amazon SNS) topic as the second rule's target.
• H. Create a Docker container to use instead of an EC2 instanc
• I. Host the containerized application on Amazon Elastic Container Service (Amazon ECS). Configure Amazon CloudWatch Container Insights to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

Answer: B

NEW QUESTION 15
A company hosts a marketing website in an on-premises data center. The website consists of static documents and runs on a single server. An administrator updates the website content infrequently and uses an SFTP client to upload new documents.
The company decides to host its website on AWS and to use Amazon CloudFront. The company's solutions architect creates a CloudFront distribution. The solutions architect must design the most cost-effective and resilient architecture for website hosting to serve as the CloudFront origin.
Which solution will meet these requirements?

• A. Create a virtual server by using Amazon Lightsai
• B. Configure the web server in the Lightsail instance.Upload website content by using an SFTP client.
• C. Create an AWS Auto Scaling group for Amazon EC2 instance
• D. Use an Application Load Balancer.Upload website content by using an SFTP client.
• E. Create a private Amazon S3 bucke
• F. Use an S3 bucket policy to allow access from a CloudFront origin access identity (OAI). Upload website content by using theAWSCLI.
• G. Create a public Amazon S3 bucke
• H. Configure AWS Transfer for SFT
• I. Configure the S3 bucket for website hostin
• J. Upload website content by using the SFTP client.

Answer: D

NEW QUESTION 16
A company is preparing to store confidential data in Amazon S3 For compliance reasons the data must be encrypted at rest Encryption key usage must be logged tor auditing purposes. Keys must be rotated every year.
Which solution meets these requirements and «the MOST operationally efferent?

• A. Server-side encryption with customer-provided keys (SSE-C)
• B. Server-side encryption with Amazon S3 managed keys (SSE-S3)
• C. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation
• D. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automate rotation

Answer: D

Explanation:
https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
When you enable automatic key rotation for a customer managed key, AWS KMS generates new cryptographic material for the KMS key every year. AWS KMS also saves the KMS key's older cryptographic material in perpetuity so it can be used to decrypt data that the KMS key encrypted.
Key rotation in AWS KMS is a cryptographic best practice that is designed to be transparent and easy to use.
AWS KMS supports optional automatic key rotation only for customer managed CMKs. Enable and disable key rotation. Automatic key rotation is disabled by default on customer managed CMKs. When you enable (or re-enable) key rotation, AWS KMS automatically rotates the CMK 365 days after the enable date and every 365 days thereafter.

NEW QUESTION 17
A company hosts an application on AWS Lambda functions mat are invoked by an Amazon API Gateway API The Lambda functions save customer data to an Amazon Aurora MySQL database Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete The result is that customer data Is not recorded for some of the event
A solutions architect needs to design a solution that stores customer data that is created during database upgrades
Which solution will meet these requirements?

• A. Provision an Amazon RDS proxy to sit between the Lambda functions and the database Configure the Lambda functions to connect to the RDS proxy
• B. Increase the run time of me Lambda functions to the maximum Create a retry mechanism in the code that stores the customer data in the database
• C. Persist the customer data to Lambda local storag
• D. Configure new Lambda functions to scan the local storage to save the customer data to the database.
• E. Store the customer data m an Amazon Simple Queue Service (Amazon SOS) FIFO queue Create a new Lambda function that polls the queue and stores the customer data in the database

Answer: C

NEW QUESTION 18
A company is building a containerized application on premises and decides to move the application to AWS. The application will have thousands of users soon after li is deployed. The company Is unsure how to manage the deployment of containers at scale. The company needs to deploy the containerized application in a highly available architecture that minimizes operational overhead.
Which solution will meet these requirements?

• A. Store container images In an Amazon Elastic Container Registry (Amazon ECR) repositor
• B. Use an Amazon Elastic Container Service (Amazon ECS) cluster with the AWS Fargate launch type to run the container
• C. Use target tracking to scale automatically based on demand.
• D. Store container images in an Amazon Elastic Container Registry (Amazon ECR) repositor
• E. Use an Amazon Elastic Container Service (Amazon ECS) cluster with the Amazon EC2 launch type to run the container
• F. Use target tracking to scale automatically based on demand.
• G. Store container images in a repository that runs on an Amazon EC2 instanc
• H. Run the containers on EC2 instances that are spread across multiple Availability Zone
• I. Monitor the average CPU utilization in Amazon CloudWatc
• J. Launch new EC2 instances as needed
• K. Create an Amazon EC2 Amazon Machine Image (AMI) that contains the container image Launch EC2 Instances in an Auto Scaling group across multiple Availability Zone
• L. Use an Amazon CloudWatch alarm to scale out EC2 instances when the average CPU utilization threshold is breached.

Answer: A

NEW QUESTION 19
A gaming company is moving its public scoreboard from a data center to the AWS Cloud. The company uses Amazon EC2 Windows Server instances behind an Application Load Balancer to host its dynamic application. The company needs a highly available storage solution for the application. The application consists of static files and dynamic server-side code.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

• A. Store the static files on Amazon S3. Use Amazon
• B. CloudFront to cache objects at the edge.
• C. Store the static files on Amazon S3. Use Amazon ElastiCache to cache objects at the edge.
• D. Store the server-side code on Amazon Elastic File System (Amazon EFS). Mount the EFS volume on each EC2 instance to share the files.
• E. Store the server-side code on Amazon FSx for Windows File Serve
• F. Mount the FSx for Windows File Server volume on each EC2 instance to share the files.
• G. Store the server-side code on a General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volum
• H. Mount the EBS volume on each EC2 instance to share the files.

Answer: AE

NEW QUESTION 20
A company runs its ecommerce application on AWS. Every new order is published as a message in a RabbitMQ queue that runs on an Amazon EC2 instance in a single Availability Zone. These messages are processed by a different application that runs on a separate EC2 instance. This application stores the details in a PostgreSQL database on another EC2 instance. All the EC2 instances are in the same Availability Zone.
The company needs to redesign its architecture to provide the highest availability with the least operational overhead.
What should a solutions architect do to meet these requirements?

• A. Migrate the queue to a redundant pair (active/standby) of RabbitMQ instances on Amazon M
• B. Create a Multi-AZ Auto Scaling group (or EC2 instances that host the applicatio
• C. Create another Multi-AZAuto Scaling group for EC2 instances that host the PostgreSQL database.
• D. Migrate the queue to a redundant pair (active/standby) of RabbitMQ instances on Amazon M
• E. Create a Multi-AZ Auto Scaling group for EC2 instances that host the applicatio
• F. Migrate the database to run on a Multi-AZ deployment of Amazon RDS for PostgreSQL.
• G. Create a Multi-AZ Auto Scaling group for EC2 instances that host the RabbitMQ queu
• H. Create another Multi-AZ Auto Scaling group for EC2 instances that host the applicatio
• I. Migrate the database to runon a Multi-AZ deployment of Amazon RDS fqjPostgreSQL.
• J. Create a Multi-AZ Auto Scaling group for EC2 instances that host the RabbitMQ queu
• K. Create another Multi-AZ Auto Scaling group for EC2 instances that host the applicatio
• L. Create a third Multi-AZ AutoScaling group for EC2 instances that host the PostgreSQL database.

Answer: C

NEW QUESTION 21
......