Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 1091:

  A company is building a new web-based customer relationship management application. The application will use several Amazon EC2 instances that are backed by Amazon Elastic Block Store (Amazon EBS) volumes behind an Application Load Balancer (ALB). The application will also use an Amazon Aurora database. All data for the application must be encrypted at rest and in transit.

  Which solution will meet these requirements?

  A. Use AWS Key Management Service (AWS KMS) certificates on the ALB to encrypt data in transit. Use AWS Certificate Manager (ACM) to encrypt the EBS volumes and Aurora database storage at rest.
  B. Use the AWS root account to log in to the AWS Management Console. Upload the company's encryption certificates. While in the root account, select the option to turn on encryption for all data at rest and in transit for the account.
  C. Use AWS Key Management Service (AWS KMS) to encrypt the EBS volumes and Aurora database storage at rest. Attach an AWS Certificate Manager (ACM) certificate to the ALB to encrypt data in transit.
  D. Use BitLocker to encrypt all data at rest. Import the company's TLS certificate keys to AWS Key Management Service (AWS KMS) Attach the KMS keys to the ALB to encrypt data in transit.
  C. Use AWS Key Management Service (AWS KMS) to encrypt the EBS volumes and Aurora database storage at rest. Attach an AWS Certificate Manager (ACM) certificate to the ALB to encrypt data in transit.

• Question 1092:

  A company is planning to move its data to an Amazon S3 bucket. The data must be encrypted when it is stored in the S3 bucket. Additionally, the encryption key must be automatically rotated every year.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Move the data to the S3 bucket. Use server-side encryption with Amazon S3 managed encryption keys (SSE- S3). Use the built-in key rotation behavior of SSE-S3 encryption keys.
  B. Create an AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Set the S3 bucket's default encryption behavior to use the customer managed KMS key. Move the data to the S3 bucket.
  C. Create an AWS Key Management Service (AWS KMS) customer managed key. Set the S3 bucket's default encryption behavior to use the customer managed KMS key. Move the data to the S3 bucket. Manually rotate the KMS key every year.
  D. Encrypt the data with customer key material before moving the data to the S3 bucket. Create an AWS Key Management Service (AWS KMS) key without key material. Import the customer key material into the KMS key. Enable automatic key rotation.
  A. Move the data to the S3 bucket. Use server-side encryption with Amazon S3 managed encryption keys (SSE- S3). Use the built-in key rotation behavior of SSE-S3 encryption keys.

• Question 1093:

  A company hosts a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The website serves static content. Website traffic is increasing, and the company is concerned about a potential increase in cost.

  Which solution will address these concerns most cost-effectively?

  A. Create an Amazon CloudFront distribution to cache state files at edge locations
  B. Create an Amazon ElastiCache cluster. Connect the ALB to the ElastiCache cluster to serve cached files
  C. Create an AWS WAF web ACL and associate it with the ALB. Add a rule to the web ACL to cache static files
  D. Create a second ALB in an alternative AWS Region. Route user traffic to the closest Region to minimize data transfer costs
  A. Create an Amazon CloudFront distribution to cache state files at edge locations

• Question 1094:

  A company is designing a new web service that will run on Amazon EC2 instances behind an Elastic Load Balancing (ELB) load balancer. However, many of the web service clients can only reach IP addresses authorized on their firewalls.

  What should a solutions architect recommend to meet the clients' needs?

  A. A Network Load Balancer with an associated Elastic IP address.
  B. An Application Load Balancer with an associated Elastic IP address.
  C. An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address.
  D. An EC2 instance with a public IP address running as a proxy in front of the load balancer.
  A. A Network Load Balancer with an associated Elastic IP address.

• Question 1095:

  A company is developing an application that will run on a production Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The EKS cluster has managed node groups that are provisioned with On-Demand Instances.

  The company needs a dedicated EKS cluster for development work. The company will use the development cluster infrequently to test the resiliency of the application. The EKS cluster must manage all the nodes.

  Which solution will meet these requirements MOST cost-effectively?

  A. Create a managed node group that contains only Spot Instances.
  B. Create two managed node groups. Provision one node group with On-Demand Instances. Provision the second node group with Spot Instances.
  C. Create an Auto Scaling group that has a launch configuration that uses Spot Instances. Configure the user data to add the nodes to the EKS cluster.
  D. Create a managed node group that contains only On-Demand Instances.
  B. Create two managed node groups. Provision one node group with On-Demand Instances. Provision the second node group with Spot Instances.

• Question 1096:

  A company uses an on-premises network-attached storage (NAS) system to provide file shares to its high performance computing (HPC) workloads. The company wants to migrate its latency-sensitive HPC workloads and its storage to the AWS Cloud. The company must be able to provide NFS and SMB multi-protocol access from the file system.

  Which solution will meet these requirements with the LEAST latency? (Choose two.)

  A. Deploy compute optimized EC2 instances into a cluster placement group.
  B. Deploy compute optimized EC2 instances into a partition placement group.
  C. Attach the EC2 instances to an Amazon FSx for Lustre file system.
  D. Attach the EC2 instances to an Amazon FSx for OpenZFS file system.
  E. Attach the EC2 instances to an Amazon FSx for NetApp ONTAP file system.
  A. Deploy compute optimized EC2 instances into a cluster placement group.
  E. Attach the EC2 instances to an Amazon FSx for NetApp ONTAP file system.

• Question 1097:

  A company has a website hosted on AWS. The website is behind an Application Load Balancer (ALB) that is configured to handle HTTP and HTTPS separately. The company wants to forward all requests to the website so that the requests will use HTTPS.

  What should a solutions architect do to meet this requirement?

  A. Update the ALB's network ACL to accept only HTTPS traffic.
  B. Create a rule that replaces the HTTP in the URL with HTTPS.
  C. Create a listener rule on the ALB to redirect HTTP traffic to HTTPS.
  D. Replace the ALB with a Network Load Balancer configured to use Server Name Indication (SNI).
  C. Create a listener rule on the ALB to redirect HTTP traffic to HTTPS.

• Question 1098:

  A company has a Microsoft .NET application that runs on an on-premises Windows Server. The application stores data by using an Oracle Database Standard Edition server. The company is planning a migration to AWS and wants to minimize development changes while moving the application. The AWS application environment should be highly available.

  Which combination of actions should the company take to meet these requirements? (Choose two.)

  A. Refactor the application as serverless with AWS Lambda functions running .NET Core.
  B. Rehost the application in AWS Elastic Beanstalk with the .NET platform in a Multi-AZ deployment.
  C. Replatform the application to run on Amazon EC2 with the Amazon Linux Amazon Machine Image (AMI).
  D. Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Amazon DynamoDB in a Multi-AZ deployment.
  E. Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Oracle on Amazon RDS in a Multi-AZ deployment.
  B. Rehost the application in AWS Elastic Beanstalk with the .NET platform in a Multi-AZ deployment.
  E. Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Oracle on Amazon RDS in a Multi-AZ deployment.

• Question 1099:

  A company runs several custom applications on Amazon EC2 instances. Each team within the company manages its own set of applications and backups. To comply with regulations, the company must be able to report on the status of backups and ensure that backups are encrypted.

  Which solution will meet these requirements with the LEAST effort?

  A. Create an AWS Lambda function that processes AWS Config events. Configure the Lambda function to query AWS Config for backup-related data and to generate daily reports.
  B. Check the backup status of the EC2 instances daily by reviewing the backup configurations in AWS Backup and Amazon Elastic Block Store (Amazon EBS) snapshots.
  C. Use an AWS Lambda function to query Amazon EBS snapshots, Amazon RDS snapshots, and AWS Backup jobs. Configure the Lambda function to process and report on the data. Schedule the function to run daily.
  D. Use AWS Config and AWS Backup Audit Manager to ensure compliance. Review generated reports daily.
  D. Use AWS Config and AWS Backup Audit Manager to ensure compliance. Review generated reports daily.

  ---

  Explanation

  AWS Backup Audit Manager automates auditing and reporting of backup activity and compliance, while AWS Config provides visibility into configuration changes. Together, they provide the simplest, most automated, and compliant backup monitoring solution.

  From AWS Documentation:

  "AWS Backup Audit Manager automatically audits backup activity across AWS resources. You can use predefined or custom frameworks to monitor backup compliance and encryption status." (Source: AWS Backup Audit Manager User Guide)

  Why D is correct: Ensures centralized visibility into all backup jobs.

  Verifies encryption status automatically.

  Generates ready-to-use reports with minimal operational overhead.

  Complies with regulatory requirements for data protection.

  Why others are incorrect:

  Option A & Option C: Custom Lambda automation increases maintenance effort.

  Option B: Manual checking is operationally inefficient and error-prone.

  References:

  AWS Backup Audit Manager User Guide

  AWS Config Documentation?"Compliance and Monitoring"

  AWS Well-Architected Framework?Operational Excellence Pillar

• Question 1100:

  A company has an application that places hundreds of .csv files into an Amazon S3 bucket every hour.

  The files are 1 GB in size. Each time a file is uploaded, the company needs to convert the file to Apache Parquet format and place the output file into an S3 bucket.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Create an AWS Lambda function to download the .csv files, convert the files to Parquet format, and place the output files in an S3 bucket. Invoke the Lambda function for each S3 PUT event.
  B. Create an Apache Spark job to read the .csv files, convert the files to Parquet format, and place the output files in an S3 bucket. Create an AWS Lambda function for each S3 PUT event to invoke the Spark job.
  C. Create an AWS Glue table and an AWS Glue crawler for the S3 bucket where the application places the .csv files. Schedule an AWS Lambda function to periodically use Amazon Athena to query the AWS Glue table, convert the query results into Parquet format, and place the output files into an S3 bucket.
  D. Create an AWS Glue extract, transform, and load (ETL) job to convert the .csv files to Parquet format and place the output files into an S3 bucket. Create an AWS Lambda function for each S3 PUT event to invoke the ETL job.
  D. Create an AWS Glue extract, transform, and load (ETL) job to convert the .csv files to Parquet format and place the output files into an S3 bucket. Create an AWS Lambda function for each S3 PUT event to invoke the ETL job.