A company is using a loosely coupled serverless architecture on AWS. The architecture consists of multiple web applications and APIs distributed across multiple teams. The company uses AWS Control Tower to provision AWS accounts.
The company's development teams use AWS CloudFormation.
The company wants to improve trace monitoring and gain insight into how individual services in application stacks are performing.
Which solution will meet these requirements?
A. Enable AWS CloudTrail across all accounts by using AWS Control Tower. B. Enable AWS X-Ray across all accounts by using AWS Control Tower. C. Enable Amazon CloudWatch in the CloudFormation templates. D. Enable AWS X-Ray in the CloudFormation templates.
D. Enable AWS X-Ray in the CloudFormation templates.
Explanation
AWS X-Ray is the AWS service designed for distributed tracing, giving end-to-end visibility into how requests flow through microservices, APIs, and serverless components. It provides service maps, latency breakdowns, and performance insight per service, which is exactly what is required.
To use X-Ray effectively, each application stack must be instrumented. For infrastructure deployed through AWS CloudFormation, best practice is to enable and configure X-Ray in the CloudFormation templates (for Lambda, API Gateway, ECS, etc.). That way, all teams and stacks have consistent tracing enabled as part of their IaC.
Control Tower (Option B) cannot "turn on" X-Ray tracing inside applications; it only helps with account setup and guardrails.
CloudTrail (Option A) is for audit logging of API calls, not performance tracing.
CloudWatch (Option C) provides metrics and logs, but not request-level distributed tracing across multiple services.
Question 92:
A company is developing a new machine learning (ML) model solution on AWS. The models are developed as independent microservices that fetch approximately 1 GB of model data from Amazon S3 at startup and load the data into memory. Users access the models through an asynchronous API. Users can send a request or a batch of requests and specify where the results should be sent. The company provides models to hundreds of users. The usage patterns for the models are irregular. Some models could be unused for days or weeks. Other models could receive batches of thousands of requests at a time.
Which design should a solutions architect recommend to meet these requirements?
A. Direct the requests from the API to a Network Load Balancer (NLB). Deploy the models as AWS Lambda functions that are invoked by the NLB. B. Direct the requests from the API to an Application Load Balancer (ALB). Deploy the models as Amazon Elastic Container Service (Amazon ECS) services that read from an Amazon Simple Queue Service (Amazon SQS) queue. Use AWS App Mesh to scale the instances of the ECS cluster based on the SQS queue size. C. Direct the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue. Deploy the models as AWS Lambda functions that are invoked by SQS events. Use AWS Auto Scaling to increase the number of vCPUs for the Lambda functions based on the SQS queue size. D. Direct the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue. Deploy the models as Amazon Elastic Container Service (Amazon ECS) services that read from the queue. Enable AWS Auto Scaling on Amazon ECS for both the cluster and copies of the service based on the queue size.
D. Direct the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue. Deploy the models as Amazon Elastic Container Service (Amazon ECS) services that read from the queue. Enable AWS Auto Scaling on Amazon ECS for both the cluster and copies of the service based on the queue size.
Question 93:
A company is deploying a new public web application to AWS. The application will run behind an Application Load Balancer (ALB). The application needs to be encrypted at the edge with an SSL/TLS certificate that is issued by an external certificate authority (CA). The certificate must be rotated each year before the certificate expires.
What should a solutions architect do to meet these requirements?
A. Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate. B. Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Import the key material from the certificate. Apply the certificate to the ALUse the managed renewal feature to automatically rotate the certificate. C. Use AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root CA. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate. D. Use AWS Certificate Manager (ACM) to import an SSL/TLS certificate. Apply the certificate to the ALB. Use Amazon EventBridge (Amazon CloudWatch Events) to send a notification when the certificate is nearing expiration. Rotate the certificate manually.
D. Use AWS Certificate Manager (ACM) to import an SSL/TLS certificate. Apply the certificate to the ALB. Use Amazon EventBridge (Amazon CloudWatch Events) to send a notification when the certificate is nearing expiration. Rotate the certificate manually.
Question 94:
A company has applications that run on Amazon EC2 instances in a VPC. One of the applications needs to call the Amazon S3 API to store and read objects. According to the company's security regulations, no traffic from the applications is allowed to travel across the internet.
Which solution will meet these requirements?
A. Configure an S3 gateway endpoint. B. Create an S3 bucket in a private subnet. C. Create an S3 bucket in the same AWS Region as the EC2 instances. D. Configure a NAT gateway in the same subnet as the EC2 instances.
A. Configure an S3 gateway endpoint.
Question 95:
An ecommerce application uses a PostgreSQL database that runs on an Amazon EC2 instance. During a monthly sales event, database usage increases and causes database connection issues for the application. The traffic is unpredictable for subsequent monthly sales events, which impacts the sales forecast. The company needs to maintain performance when there is an unpredictable increase in traffic.
Which solution resolves this issue in the MOST cost-effective way?
A. Migrate the PostgreSQL database to Amazon Aurora Serverless v2. B. Enable auto scaling for the PostgreSQL database on the EC2 instance to accommodate increased usage. C. Migrate the PostgreSQL database to Amazon RDS for PostgreSQL with a larger instance type. D. Migrate the PostgreSQL database to Amazon Redshift to accommodate increased usage.
A. Migrate the PostgreSQL database to Amazon Aurora Serverless v2.
Question 96:
A global video streaming company uses Amazon CloudFront as a content distribution network (CDN). The company wants to roll out content in a phased manner across multiple countries. The company needs to ensure that viewers who are outside the countries to which the company rolls out content are not able to view the content.
Which solution will meet these requirements?
A. Add geographic restrictions to the content in CloudFront by using an allow list. Set up a custom error message. B. Set up a new URL tor restricted content. Authorize access by using a signed URL and cookies. Set up a custom error message. C. Encrypt the data for the content that the company distributes. Set up a custom error message. D. Create a new URL for restricted content. Set up a time-restricted access policy for signed URLs.
A. Add geographic restrictions to the content in CloudFront by using an allow list. Set up a custom error message.
Question 97:
A company is building a serverless application to process ecommerce orders. The application must handle bursts of traffic and process orders asynchronously in the order received.
Which solution will meet these requirements?
A. Use Amazon SNS with AWS Lambda. B. Use Amazon SQS FIFO with AWS Lambda. C. Use Amazon SQS standard with AWS Batch. D. Use Amazon SNS with AWS Batch.
B. Use Amazon SQS FIFO with AWS Lambda.
Explanation
The key requirements are asynchronous processing, high availability, burst handling, and strict message ordering. Amazon SQS FIFO queues are specifically designed to guarantee exactly-once processing and ordered message delivery, making them ideal for transactional workflows like ecommerce order processing.
Option B meets all requirements. SQS FIFO preserves the order of messages within a message group and scales automatically to absorb traffic spikes. Integrating SQS FIFO with AWS Lambda enables serverless, event-driven processing with automatic scaling and no infrastructure management. Lambda processes messages as they arrive while maintaining order guarantees.
Option A (SNS) does not guarantee ordering and is designed for fan-out messaging.
Option C (SQS standard) scales well but does not preserve order.
Option D introduces unnecessary batch infrastructure and increased latency.
Therefore, Option B is the best solution because it combines ordered delivery, resilience, elasticity, and serverless compute, ensuring reliable and scalable order processing.
Question 98:
A company is moving a legacy data processing application to the AWS Cloud. The application needs to run on Amazon EC2 instances behind an Application Load Balancer (ALB). The application must handle incoming traffic spikes and continue to work in the event of an application fault in one Availability Zone.
The company requires that a Web Application Firewall (WAF) must be attached to the ALB.
Which solution will meet these requirements?
A. Deploy the application to EC2 instances in an Auto Scaling group that is in a single Availability Zone. Use an ALB to distribute traffic. Use AWS WAF. B. Deploy the application to EC2 instances in an Auto Scaling group across multiple Availability Zones. Use an ALB to distribute traffic. Use AWS WAF. C. Deploy the application to EC2 instances in Auto Scaling groups across multiple AWS Regions. Use Route 53 latency routing. Attach AWS WAF to Route 53. D. Deploy the application to EC2 instances in an Auto Scaling group across multiple Availability Zones. Use a Network Load Balancer (NLB). Use AWS WAF.
B. Deploy the application to EC2 instances in an Auto Scaling group across multiple Availability Zones. Use an ALB to distribute traffic. Use AWS WAF.
Explanation
This design includes:
ALB: Supports AWS WAF integration.
Auto Scaling Group: Automatically scales based on load.
Multi-AZ Deployment: Increases resiliency and availability.
AWS WAF: Can be attached to ALB for application-layer protection.
"ALB is integrated with AWS WAF. You can deploy your EC2 instances in an Auto Scaling group across multiple Availability Zones to ensure high availability."
-- High Availability with Auto Scaling and ALB
Why not others?
Option A: Single AZ = not resilient
Option C: AWS WAF cannot attach to Route 53
Option D: NLB is not supported by AWS WAF
References:
AWS WAF Supported Services
Auto Scaling with Load Balancers
Question 99:
A company runs its databases on Amazon RDS for PostgreSQL. The company wants a secure solution to manage the master user password by rotating the password every 30 days.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use Amazon EventBridge to schedule a custom AWS Lambda function to rotate the password every 30 days. B. Use the modify-db-instance command in the AWS CLI to change the password. C. Integrate AWS Secrets Manager with Amazon RDS for PostgreSQL to automate password rotation. D. Integrate AWS Systems Manager Parameter Store with Amazon RDS for PostgreSQL to automate password rotation.
C. Integrate AWS Secrets Manager with Amazon RDS for PostgreSQL to automate password rotation.
Question 100:
Question: A machine learning (ML) team is building an application that uses data that is in an Amazon S3 bucket. The ML team needs a storage solution for its model training workflow on AWS. The ML team requires high-performance storage that supports frequent access to training datasets. The storage solution must integrate natively with Amazon S3.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use Amazon Elastic Block Store (Amazon EBS) volumes to provide high-performance storage. Use AWS DataSync to migrate data from the S3 bucket to EBS volumes. B. Use Amazon EC2 ML instances to provide high-performance storage. Store training data on Amazon EBS volumes. Use the S3 Copy API to copy data from the S3 bucket to EBS volumes. C. Use Amazon FSx for Lustre to provide high-performance storage. Store training datasets in Amazon S3 Standard storage. D. Use Amazon EMR to provide high-performance storage. Store training datasets in Amazon S3 Glacier Instant Retrieval storage.
C. Use Amazon FSx for Lustre to provide high-performance storage. Store training datasets in Amazon S3 Standard storage.
Explanation
Amazon FSx for Lustre is a high-performance file system optimized for fast processing of workloads such as machine learning, high-performance computing (HPC), and video processing. It integrates natively with Amazon S3, allowing you to:
Access S3 Data: FSx for Lustre can be linked to an S3 bucket, presenting S3 objects as files in the file system.
High Performance: It provides sub-millisecond latencies, high throughput, and millions of IOPS, which are ideal for ML workloads.Amazon Web Services, Inc.
Minimal Operational Overhead: Being a fully managed service, it reduces the complexity of setting up and managing high-performance file systems.
References:
Amazon FSx for Lustre?High-Performance File System Integrated with S3Amazon Web Services, Inc.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.