Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 1001:

  A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda. The application's traffic recently spiked due to fraudulent requests from botnets.

  Which steps should a solutions architect take to block requests from unauthorized users? (Choose two.)

  A. Create a usage plan with an API key that is shared with genuine users only.
  B. Integrate logic within the Lambda function to ignore the requests from fraudulent IP addresses.
  C. Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out.
  D. Convert the existing public API to a private API. Update the DNS records to redirect users to the new API endpoint.
  E. Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.
  A. Create a usage plan with an API key that is shared with genuine users only.
  C. Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out.

• Question 1002:

  An Amazon EC2 administrator created the following policy associated with an IAM group containing several users:

  

  What is the effect of this policy?

  A. Users can terminate an EC2 instance in any AWS Region except us-east-1.
  B. Users can terminate an EC2 instance with the IP address 10.100.100.1 in the us-east-1 Region.
  C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.
  D. Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.
  C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.

• Question 1003:

  A company has a large dataset for its online advertising business stored in an Amazon RDS for MySQL DB instance in a single Availability Zone. The company wants business reporting queries to run without impacting the write operations to the production DB instance.

  Which solution meets these requirements?

  A. Deploy RDS read replicas to process the business reporting queries.
  B. Scale out the DB instance horizontally by placing it behind an Elastic Load Balancer.
  C. Scale up the DB instance to a larger instance type to handle write operations and queries.
  D. Deploy the DB instance in multiple Availability Zones to process the business reporting queries.
  A. Deploy RDS read replicas to process the business reporting queries.

• Question 1004:

  A telemarketing company is designing its customer call center functionality on AWS. The company needs a solution that provides multiple speaker recognition and generates transcript files. The company wants to query the transcript files to analyze the business patterns. The transcript files must be stored for 7 years for auditing purposes.

  Which solution will meet these requirements?

  A. Use Amazon Rekognition for multiple speaker recognition. Store the transcript files in Amazon S3. Use machine learning models for transcript file analysis.
  B. Use Amazon Transcribe for multiple speaker recognition. Use Amazon Athena for transcript file analysis.
  C. Use Amazon Translate for multiple speaker recognition. Store the transcript files in Amazon Redshift. Use SQL queries for transcript file analysis.
  D. Use Amazon Rekognition for multiple speaker recognition. Store the transcript files in Amazon S3. Use Amazon Textract for transcript file analysis.
  B. Use Amazon Transcribe for multiple speaker recognition. Use Amazon Athena for transcript file analysis.

• Question 1005:

  A company runs a content management system on an Amazon Elastic Container Service (Amazon ECS) cluster. The system allows visitors to provide feedback about the company's products by uploading documents and photos of the products to an Amazon S3 bucket.

  The company has a workflow on AWS that processes uploaded documents to perform sentiment analysis of photos and text. The processing workflow calls multiple AWS services.

  The company needs a solution to automate the processing workflow. The solution must handle any failed uploads.

  Which solution will meet these requirements with the LEAST effort?

  A. Use S3 Event Notifications to publish events to an Amazon Simple Notification Service (Amazon SNS) topic. Deploy a web application on the Amazon ECS cluster to subscribe to the SNS topic and listen for events to orchestrate the processing workflow.
  B. Use S3 Event Notifications to publish events to an Amazon Simple Queue Service (Amazon SQS) queue. Configure long polling. Deploy an Amazon EC2 instance that runs a script to orchestrate the processing workflow.
  C. Use S3 Event Notifications to publish events to an Amazon Simple Queue Service (Amazon SQS) queue. Create an ECS cluster that scales based on the number of messages in the queue. Configure the cluster to orchestrate the processing workflow.
  D. Use S3 Event Notifications to invoke an Amazon EventBridge rule. Configure the rule to initiate an AWS Step Functions workflow that orchestrates the processing workflow.
  D. Use S3 Event Notifications to invoke an Amazon EventBridge rule. Configure the rule to initiate an AWS Step Functions workflow that orchestrates the processing workflow.

  ---

  Explanation

  AWS Step Functions is designed to coordinate multiple AWS services into serverless workflows, handling errors, retries, and complex logic. By configuring Amazon S3 Event Notifications to trigger an Amazon EventBridge rule, you can automatically start a Step Functions workflow when a new object is uploaded to S3. Step Functions can manage retries for failed uploads and orchestrate calls to various AWS services with minimal operational effort.

  AWS Documentation Extract:

  "You can use Amazon EventBridge to initiate AWS Step Functions workflows in response to events from S3 buckets. Step Functions can orchestrate the sequence of AWS service calls and automatically handle retries and errors, making it ideal for automating and managing complex workflows." (Source: AWS Step Functions documentation, Using Step Functions with EventBridge and S3) Other options:

  Option A: Requires manual implementation of orchestration and error handling.

  Option B & Option C: Involve additional infrastructure management and custom logic for workflow orchestration and error handling, increasing operational effort.

  References:

  AWS Certified Solutions Architect?Official Study Guide, Automation and Orchestration Section.

• Question 1006:

  A company runs a MySQL database on a single Amazon EC2 instance.

  The company needs to improve availability of the database to prepare for power outages.

  Which solution will meet this requirement?

  A. Add an Application Load Balancer (ALB) in front of the EC2 instance.
  B. Configure EC2 automatic instance recovery to move the instance to another Availability Zone.
  C. Migrate the MySQL database to Amazon RDS and enable Multi-AZ deployment.
  D. Enable termination protection for the EC2 instance.
  C. Migrate the MySQL database to Amazon RDS and enable Multi-AZ deployment.

  ---

  Explanation

  Amazon RDS Multi-AZ deployment provides automated failover and increased availability for MySQL databases. In case of infrastructure failure or power outage in one Availability Zone, RDS automatically fails over to a standby replica in another AZ, minimizing downtime. This is the AWS-recommended way to achieve high availability for relational databases.

  AWS Documentation Extract:

  " Amazon RDS Multi-AZ deployments provide high availability, failover support, and data redundancy for database instances. In the event of infrastructure failure, Amazon RDS performs an automatic failover to the standby. " (Source: Amazon RDS documentation, High Availability)

  Option A: An ALB does not increase availability for a single database instance.

  Option B: EC2 instance recovery does not move the instance across Availability Zones.

  Option D: Termination protection prevents accidental deletion, not availability issues.

  References:

  AWS Certified Solutions Architect?Official Study Guide, RDS High Availability.

• Question 1007:

  A gaming company is building an application with Voice over IP capabilities. The application will serve traffic to users across the world. The application needs to be highly available with an automated failover across AWS Regions. The company wants to minimize the latency of users without relying on IP address caching on user devices.

  What should a solutions architect do to meet these requirements?

  A. Use AWS Global Accelerator with health checks.
  B. Use Amazon Route 53 with a geolocation routing policy.
  C. Create an Amazon CloudFront distribution that includes multiple origins.
  D. Create an Application Load Balancer that uses path-based routing.
  A. Use AWS Global Accelerator with health checks.

• Question 1008:

  A company stores several petabytes of data across multiple AWS accounts. The company uses AWS Lake Formation to manage its data lake. The company's data science team wants to securely share selective data from its accounts with the company's engineering team for analytical purposes.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Copy the required data to a common account. Create an IAM access role in that account. Grant access by specifying a permission policy that includes users from the engineering team accounts as trusted entities.
  B. Use the Lake Formation permissions Grant command in each account where the data is stored to allow the required engineering team users to access the data.
  C. Use AWS Data Exchange to privately publish the required data to the required engineering team accounts.
  D. Use Lake Formation tag-based access control to authorize and grant cross-account permissions for the required data to the engineering team accounts.
  D. Use Lake Formation tag-based access control to authorize and grant cross-account permissions for the required data to the engineering team accounts.

• Question 1009:

  A solutions architect is designing a customer-facing application for a company. The application's database will have a clearly defined access pattern throughout the year and will have a variable number of reads and writes that depend on the time of year. The company must retain audit records for the database for 7 days.

  The recovery point objective (RPO) must be less than 5 hours.

  Which solution meets these requirements?

  A. Use Amazon DynamoDB with auto scaling. Use on-demand backups and Amazon DynamoDB Streams.
  B. Use Amazon Redshift. Configure concurrency scaling. Activate audit logging. Perform database snapshots every 4 hours.
  C. Use Amazon RDS with Provisioned IOPS. Activate the database auditing parameter. Perform database snapshots every 5 hours.
  D. Use Amazon Aurora MySQL with auto scaling. Activate the database auditing parameter.
  D. Use Amazon Aurora MySQL with auto scaling. Activate the database auditing parameter.

  ---

  Explanation

  Amazon Aurora MySQL provides:

  Continuous, incremental backups to Amazon S3 with point-in-time recovery (PITR), allowing recovery to any point within the retention window (typically up to 35 days). This easily achieves an RPO of less than 5 hours, often down to seconds.

  Support for database auditing parameters so audit logs can be retained and managed (for example, in database logs or external log services) to meet the 7-day audit requirement.

  Auto scaling (via read replicas, Aurora Serverless v2, or capacity management) to handle variable read / write demand throughout the year with minimal operational overhead.

  Why others are less suitable:

  Option A: DynamoDB is NoSQL and does not directly satisfy typical relational database + SQL audit requirements; Streams also only retain 24 hours, not 7 days, and on-demand backups do not inherently give an RPO < 5 hours without frequent scheduling.

  Option B: Amazon Redshift is a data warehouse, not a primary transactional application database.

  Option C: Snapshots every 5 hours give an RPO of up to 5 hours, not less than 5 hours, and rely on discrete snapshot points rather than continuous PITR.

• Question 1010:

  An online food delivery company wants to optimize its storage costs. The company has been collecting operational data for the last 10 years in a data lake that was built on Amazon S3 by using a Standard storage class. The company does not keep data that is older than 7 years. A solutions architect frequently uses data from the past 6 months for reporting and runs queries on data from the last 2 years about once a month. Data that is more than 2 years old is rarely accessed and is only used for audit purposes.

  Which combination of solutions will optimize the company's storage costs? (Choose Two.)

  A. Create an S3 Lifecycle configuration rule to transition data that is older than 6 months to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create another S3 Lifecycle configuration rule to transition data that is older than 2 years to the S3 Glacier Deep Archive storage class.
  B. Create an S3 Lifecycle configuration rule to transition data that is older than 6 months to the S3 One Zone-Infrequent Access (S3 One Zone-IA) storage class. Create another S3 Lifecycle configuration rule to transition data that is older than 2 years to the S3 Glacier Flexible Retrieval storage class.
  C. Use the S3 Intelligent-Tiering storage class to store data instead of the S3 Standard storage class.
  D. Create an S3 Lifecycle expiration rule to delete data that is older than 7 years.
  E. Create an S3 Lifecycle configuration rule to transition data that is older than 7 years to the S3 Glacier Deep Archive storage class.
  A. Create an S3 Lifecycle configuration rule to transition data that is older than 6 months to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create another S3 Lifecycle configuration rule to transition data that is older than 2 years to the S3 Glacier Deep Archive storage class.
  D. Create an S3 Lifecycle expiration rule to delete data that is older than 7 years.

  ---

  Explanation

  To optimize costs for long-term data storage, AWS recommends using S3 Lifecycle policies to automate transitions across storage classes and ultimately expire old data.

  S3 Standard-IA is suited for data that is accessed less frequently but requires millisecond retrieval times. It is ideal for 6-month-old data still used in monthly reports.

  S3 Glacier Deep Archive is the lowest-cost option, designed for data accessed once or twice a year, such as regulatory audits -- perfect for 2+ year-old data.

  Lifecycle expiration rules allow S3 to automatically delete objects older than 7 years, aligning with the business retention policy.

  These transitions are cost-effective and fully automated, aligning with the Cost Optimization pillar in the AWS Well-Architected Framework. # Reference:

  S3 Storage Class Comparison Lifecycle Management