An insurance company runs an application on premises to process contracts. The application processes jobs that are comprised of many tasks. The individual tasks run for up to 5 minutes. Some jobs can take up to 24 hours in total to finish.
If a task fails, the task must be reprocessed.
The company wants to migrate the application to AWS. The company will use Amazon S3 as part of the solution. The company wants to configure jobs to start automatically when a contract is uploaded to an S3 bucket.
Which solution will meet these requirements?
A. Use AWS Lambda functions to process individual tasks. Create a primary Lambda function to handle the overall job processing by calling individual Lambda functions in sequence. Configure the S3 bucket to send an event notification to invoke the primary Lambda function to begin processing. B. Use a state machine in AWS Step Functions to handle the overall contract processing job. Configure the S3 bucket to send an event notification to Amazon EventBridge. Create a rule in Amazon EventBridge to target the state machine. C. Use an AWS Batch job to handle the overall contract processing job. Configure the S3 bucket to send an event notification to initiate the Batch job. D. Use an S3 event notification to notify an Amazon Simple Queue Service (Amazon SQS) queue when a contract is uploaded. Configure an AWS Lambda function to read messages from the queue and to run the contract processing job.
B. Use a state machine in AWS Step Functions to handle the overall contract processing job. Configure the S3 bucket to send an event notification to Amazon EventBridge. Create a rule in Amazon EventBridge to target the state machine.
Explanation
AWS Step Functions supports long-running workflows and error retries, making it ideal for a job composed of many tasks. Integration with EventBridge allows automatic triggering from S3 events. This setup is resilient and supports up to 1- year execution duration.
References:
AWS Documentation?AWS Step Functions with Amazon EventBridge for Long-Running Workflows
Question 1012:
A company is expecting rapid growth in the near future. A solutions architect needs to configure existing users and grant permissions to new users on AWS. The solutions architect has decided to create IAM groups. The solutions architect will add the new users to IAM groups based on department.
Which additional action is the MOST secure way to grant permissions to the new users?
A. Apply service control policies (SCPs) to manage access permissions B. Create IAM roles that have least privilege permission. Attach the roles to the IAM groups C. Create an IAM policy that grants least privilege permission. Attach the policy to the IAM groups D. Create IAM roles. Associate the roles with a permissions boundary that defines the maximum permissions
C. Create an IAM policy that grants least privilege permission. Attach the policy to the IAM groups
Question 1013:
A company stores multiple Amazon Machine Images (AMIs) in an AWS account to launch its Amazon EC2 instances. The AMIs contain critical data and configurations that are necessary for the company's operations. The company wants to implement a solution that will recover accidentally deleted AMIs quickly and efficiently.
Which solution will meet these requirements with the LEAST operational overhead?
A. Create Amazon Elastic Block Store (Amazon EBS) snapshots of the AMIs. Store the snapshots in a separate AWS account. B. Copy all AMIs to another AWS account periodically. C. Create a retention rule in Recycle Bin. D. Upload the AMIs to an Amazon S3 bucket that has Cross-Region Replication.
C. Create a retention rule in Recycle Bin.
Question 1014:
A company hosts its multi-tier applications on AWS. For compliance, governance, auditing, and security, the company must track configuration changes on its AWS resources and record a history of API calls made to these resources.
What should a solutions architect do to meet these requirements?
A. Use AWS CloudTrail to track configuration changes and AWS Config to record API calls. B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls. C. Use AWS Config to track configuration changes and Amazon CloudWatch to record API calls. D. Use AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls.
B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls.
Question 1015:
A company wants to publish a private website for its on-premises employees. The website consists of several HTML pages and image files. The website must be available only through HTTPS and must be available only to on-premises employees. A solutions architect plans to store the website files in an Amazon S3 bucket.
Which solution will meet these requirements?
A. Create an S3 bucket policy to deny access when the source IP address is not the public IP address of the on-premises environment Set up an Amazon Route 53 alias record to point to the S3 bucket. Provide the alias record to the on-premises employees to grant the employees access to the website. B. Create an S3 access point to provide website access. Attach an access point policy to deny access when the source IP address is not the public IP address of the on-premises environment. Provide the S3 access point alias to the on-premises employees to grant the employees access to the website. C. Create an Amazon CloudFront distribution that includes an origin access control (OAC) that is configured for the S3 bucket. Use AWS Certificate Manager for SSL. Use AWS WAF with an IP set rule that allows access for the on-premises IP address. Set up an Amazon Route 53 alias record to point to the CloudFront distribution. D. Create an Amazon CloudFront distribution that includes an origin access control (OAC) that is configured for the S3 bucket. Create a CloudFront signed URL for the objects in the bucket. Set up an Amazon Route 53 alias record to point to the CloudFront distribution. Provide the signed URL to the on-premises employees to grant the employees access to the website.
C. Create an Amazon CloudFront distribution that includes an origin access control (OAC) that is configured for the S3 bucket. Use AWS Certificate Manager for SSL. Use AWS WAF with an IP set rule that allows access for the on-premises IP address. Set up an Amazon Route 53 alias record to point to the CloudFront distribution.
Explanation
This solution usesCloudFrontto serve the website securely over HTTPS usingAWS Certificate Manager (ACM)for SSL certificates.Origin Access Control (OAC)ensures that only CloudFront can access the S3 bucket directly.AWS WAFwith an IP set rule restricts access to the website, allowing only the on-premises IP address.Route 53is used to create an alias record pointing to the CloudFront distribution. This setup ensures secure, private access to the website with low administrative overhead.
Option A and B: S3 bucket policies and access points do not provide HTTPS support, nor do they offer the same level of security as CloudFront with WAF.
Option D: Signed URLs are more suitable for temporary, expiring access rather than a permanent solution for on-premises employees.
References:
Amazon CloudFront with Origin Access Control
Question 1016:
A company runs an HPC workload that uses a 200-TB file system on premises. The company needs to migrate this data to Amazon FSx for Lustre. Internet capacity is 10 Mbps, and all data must be migrated within 30 days.
Which solution will meet this requirement?
A. Use AWS DMS to transfer data into S3 and link FSx for Lustre to the bucket. B. Deploy AWS DataSync on premises and transfer directly into FSx for Lustre. C. Use AWS Storage Gateway Volume Gateway to move data into FSx for Lustre. D. Use an AWS Snowball Edge storage-optimized device to transfer data into S3 and link FSx for Lustre to the bucket.
D. Use an AWS Snowball Edge storage-optimized device to transfer data into S3 and link FSx for Lustre to the bucket.
Explanation
At 10 Mbps, the maximum transferable data in 30 days is far below 200 TB, making any online transfer (Options A, B, C) impossible within the time window.
AWS Snowball Edge storage-optimized devices support high-speed, offline bulk data migration of large datasets. Once the data is delivered to S3, FSx for Lustre can be linked to the S3 bucket to populate the Lustre filesystem. DataSync cannot meet the time constraint over 10 Mbps. Storage Gateway is not designed for large-scale migrations.
Question 1017:
A company hosts an application on Amazon EC2 instances that run in a single Availability Zone. The application is accessible by using the transport layer of the Open Systems Interconnection (OSI) model.
The company needs the application architecture to have high availability.
Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)
A. Configure new EC2 instances in a different Availability Zone. Use Amazon Route 53 to route traffic to all instances. B. Configure a Network Load Balancer in front of the EC2 instances. C. Configure a Network Load Balancer for TCP traffic to the instances. Configure an Application Load Balancer for HTTP and HTTPS traffic to the instances. D. Create an Auto Scaling group for the EC2 instances. Configure the Auto Scaling group to use multiple Availability Zones. Configure the Auto Scaling group to run application health checks on the instances. E. Create an Amazon CloudWatch alarm. Configure the alarm to restart EC2 instances that transition to a stopped state.
B. Configure a Network Load Balancer in front of the EC2 instances. D. Create an Auto Scaling group for the EC2 instances. Configure the Auto Scaling group to use multiple Availability Zones. Configure the Auto Scaling group to run application health checks on the instances.
Question 1018:
A company has AWS Lambda functions that use environment variables. The company does not want its developers to see environment variables in plaintext.
Which solution will meet these requirements?
A. Deploy code to Amazon EC2 instances instead of using Lambda functions. B. Configure SSL encryption on the Lambda functions to use AWS CloudHSM to store and encrypt the environment variables. C. Create a certificate in AWS Certificate Manager (ACM). Configure the Lambda functions to use the certificate to encrypt the environment variables. D. Create an AWS Key Management Service (AWS KMS) key. Enable encryption helpers on the Lambda functions to use the KMS key to store and encrypt the environment variables.
D. Create an AWS Key Management Service (AWS KMS) key. Enable encryption helpers on the Lambda functions to use the KMS key to store and encrypt the environment variables.
Question 1019:
A company recently deployed a new auditing system to centralize information about operating system versions, patching, and installed software for Amazon EC2 instances. A solutions architect must ensure all instances provisioned through EC2 Auto Scaling groups successfully send reports to the auditing system as soon as they are launched and terminated.
Which solution achieves these goals MOST efficiently?
A. Use a scheduled AWS Lambda function and run a script remotely on all EC2 instances to send data to the audit system. B. Use EC2 Auto Scaling lifecycle hooks to run a custom script to send data to the audit system when instances are launched and terminated. C. Use an EC2 Auto Scaling launch configuration to run a custom script through user data to send data to the audit system when instances are launched and terminated. D. Run a custom script on the instance operating system to send data to the audit system. Configure the script to be invoked by the EC2 Auto Scaling group when the instance starts and is terminated.
B. Use EC2 Auto Scaling lifecycle hooks to run a custom script to send data to the audit system when instances are launched and terminated.
Question 1020:
A company has developed a new video game as a web application. The application is in a three-tier architecture in a VPC with Amazon RDS for MySQL in the database layer. Several players will compete concurrently online. The game's developers want to display a top-10 scoreboard in near-real time and offer the ability to stop and restore the game while preserving the current scores.
What should a solutions architect do to meet these requirements?
A. Set up an Amazon ElastiCache for Memcached cluster to cache the scores for the web application to display. B. Set up an Amazon ElastiCache for Redis cluster to compute and cache the scores for the web application to display. C. Place an Amazon CloudFront distribution in front of the web application to cache the scoreboard in a section of the application. D. Create a read replica on Amazon RDS for MySQL to run queries to compute the scoreboard and serve the read traffic to the web application.
B. Set up an Amazon ElastiCache for Redis cluster to compute and cache the scores for the web application to display.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.