A company uses Salesforce. The company needs to load existing data and ongoing data changes from Salesforce to Amazon Redshift for analysis. The company does not want the data to travel over the public internet.
Which solution will meet these requirements with the LEAST development effort?
A. Establish a VPN connection from the VPC to Salesforce. Use AWS Glue DataBrew to transfer data. B. Establish an AWS Direct Connect connection from the VPC to Salesforce. Use AWS Glue DataBrew to transfer data. C. Create an AWS PrivateLink connection in the VPC to Salesforce. Use Amazon AppFlow to transfer data. D. Create a VPC peering connection to Salesforce. Use Amazon AppFlow to transfer data.
C. Create an AWS PrivateLink connection in the VPC to Salesforce. Use Amazon AppFlow to transfer data.
Question 1102:
A company hosts a web application on Amazon EC2 instances that are part of an Auto Scaling group behind an Application Load Balancer (ALB). The application experiences spikes in requests that come through the ALB throughout each day. The traffic spikes last between 15 and 20 minutes.
The company needs a solution that uses a standard or custom metric to scale the EC2 instances based on the number of requests that come from the ALB.
Which solution will meet these requirements MOST cost-effectively?
A. Configure an Amazon CloudWatch alarm to monitor the ALB RequestCount metric. Configure a simple scaling policy to scale the EC2 instances in response to the metric. B. Configure a predictive scaling policy based on the ALB RequestCount metric to scale the EC2 instances. C. Configure an Amazon CloudWatch alarm to monitor the ALB UnhealthyHostCount metric. Configure a target tracking policy to scale the EC2 instances in response to the metric. D. Create an Amazon CloudWatch alarm to monitor a user-defined metric for GET requests. Configure a target tracking policy threshold to scale the EC2 instances.
D. Create an Amazon CloudWatch alarm to monitor a user-defined metric for GET requests. Configure a target tracking policy threshold to scale the EC2 instances.
Explanation
For short, frequent daily spikes (15?0 minutes), the most cost-effective scaling behavior typically comes from target tracking scaling driven by a request-based metric, because it continuously adjusts capacity to maintain a chosen target value rather than adding/removing capacity in coarse steps. Option D uses a custom CloudWatch metric representing the number of GET requests (sourced from ALB access logs, application instrumentation, or request counting logic) and applies target tracking so the Auto Scaling group scales out and in proportionally to demand. This helps avoid both under-provisioning (bad performance during spikes) and over-provisioning (wasted cost between spikes), which is exactly what cost-optimized elasticity aims for.
Option A (simple scaling) is usually less cost-efficient for bursty traffic because it relies on fixed adjustments and alarm thresholds, often with cooldowns. With 15?0 minute spikes, simple scaling can react too slowly, overshoot, or oscillate, leaving extra instances running after the spike or failing to ramp fast enough at the start.
Option B (predictive scaling) is intended for regular, forecastable demand patterns, but it's not always the most cost-effective choice for repeated short spikes because it can pre-scale conservatively and may require more historical data and tuning; it is often paired with dynamic scaling anyway.
Option C uses UnhealthyHostCount, which is a health signal--not a demand signal--and scaling on unhealthy hosts can increase cost without addressing request volume; it may also mask underlying application issues rather than scaling to meet load. Because the requirement explicitly allows standard or custom metrics and focuses on scaling based on request volume, D best matches a cost-efficient, responsive approach that directly tracks incoming workload.
Question 1103:
A company is developing a new online gaming application. The application will run on Amazon EC2 instances in multiple AWS Regions and will have a high number of globally distributed users. A solutions architect must design the application to optimize network latency for the users.
Which actions should the solutions architect take to meet these requirements? (Choose Two.)
A. Configure AWS Global Accelerator. Create Regional endpoint groups in each Region where an EC2 fleet is hosted. B. Create a content delivery network (CDN) by using Amazon CloudFront. Enable caching for static and dynamic content, and specify a high expiration period. C. Integrate AWS Client VPN into the application. Instruct users to select which Region is closest to them after they launch the application. Establish a VPN connection to that Region. D. Create an Amazon Route 53 weighted routing policy. Configure the routing policy to give the highest weight to the EC2 instances in the Region that has the largest number of users. E. Configure an Amazon API Gateway endpoint in each Region where an EC2 fleet is hosted. Instruct users to select which Region is closest to them after they launch the application. Use the API Gateway endpoint that is closest to them.
A. Configure AWS Global Accelerator. Create Regional endpoint groups in each Region where an EC2 fleet is hosted. B. Create a content delivery network (CDN) by using Amazon CloudFront. Enable caching for static and dynamic content, and specify a high expiration period.
Explanation
AWS Global Accelerator reduces latency by directing users to the optimal Regional endpoint based on global network health and proximity. Amazon CloudFront caches static and dynamic content at edge locations for ultra-low latency access worldwide, improving performance and reducing server load.
References:
AWS Documentation?AWS Global Accelerator and Amazon CloudFront for Latency Optimization
Question 1104:
A company runs an internet-facing web application on AWS and uses Amazon Route 53 with a public hosted zone.
The company wants to log DNS response codes to support future root cause analysis.
Which solution will meet these requirements?
A. Use Route 53 to configure query logging. B. Use AWS CloudTrail to record all Route 53 queries. C. Use Amazon CloudWatch metrics for Route 53. D. Use AWS Trusted Advisor for root cause analysis.
A. Use Route 53 to configure query logging.
Explanation
To capture DNS query and response data, including response codes, Amazon Route 53 provides query logging, which is the most precise and AWS-supported solution for this requirement. Option A enables Route 53 query logging, which records detailed information about DNS queries, such as the queried domain, record type, source IP, and DNS response code. These logs are delivered to Amazon CloudWatch Logs, where administrators can search, analyze, and retain them for forensic investigation and root cause analysis.
Option B is incorrect because AWS CloudTrail records API calls to AWS services, not DNS query traffic.
Option C provides aggregated metrics (such as query counts and health checks) but does not include per-query response codes.
Option D offers best-practice recommendations but does not collect or analyze DNS query data.
Therefore, A is the correct solution because Route 53 query logging provides the detailed, low-level DNS visibility required for troubleshooting and operational analysis.
Question 1105:
A company runs a three-tier web application in a VPC on AWS. The company deployed an Application Load Balancer (ALB) in a public subnet. The web tier and application tier Amazon EC2 instances are deployed in a private subnet. The company uses a self-managed MySQL database that runs on EC2 instances in an isolated private subnet for the database tier. The company wants a mechanism that will give a DevOps team the ability to use SSH to access all the servers.
The company also wants to have a centrally managed log of all connections made to the servers.
Which combination of solutions will meet these requirements with the MOST operational efficiency? (Choose Two.)
A. Create a bastion host in the public subnet. Configure security groups in the public, private, and isolated subnets to allow SSH access. B. Create an interface VPC endpoint for AWS Systems Manager Session Manager. Attach the endpoint to the VPC. C. Create an IAM policy that grants access to AWS Systems Manager Session Manager. Attach the IAM policy to the EC2 instances. D. Create a gateway VPC endpoint for AWS Systems Manager Session Manager. Attach the endpoint to the VPC. E. Attach an AmazonSSMManagedInstanceCore AWS managed IAM policy to all the EC2 instance roles.
B. Create an interface VPC endpoint for AWS Systems Manager Session Manager. Attach the endpoint to the VPC. E. Attach an AmazonSSMManagedInstanceCore AWS managed IAM policy to all the EC2 instance roles.
Explanation
AWS Systems Manager Session Manager allows secure, auditable SSH-like access to EC2 instances without the need to open SSH ports or manage bastion hosts. For this to work in a private subnet, an interface VPC endpoint is required (not a gateway endpoint).
The EC2 instances must have the AmazonSSMManagedInstanceCore policy attached to their IAM roles to allow Systems Manager operations.
With Session Manager, all session activity can be logged centrally to Amazon CloudWatch Logs or S3, satisfying the audit requirement and improving operational efficiency over manual SSH and bastion configurations.
Question 1106:
A company runs a container application by using Amazon Elastic Kubernetes Service (Amazon EKS). The application includes microservices that manage customers and place orders. The company needs to route incoming requests to the appropriate microservices.
Which solution will meet this requirement MOST cost-effectively?
A. Use the AWS Load Balancer Controller to provision a Network Load Balancer. B. Use the AWS Load Balancer Controller to provision an Application Load Balancer. C. Use an AWS Lambda function to connect the requests to Amazon EKS. D. Use Amazon API Gateway to connect the requests to Amazon EKS.
B. Use the AWS Load Balancer Controller to provision an Application Load Balancer.
Question 1107:
A company hosts a data lake on Amazon S3. The data lake ingests data in Apache Parquet format from various data sources. The company uses multiple transformation steps to prepare the ingested data. The steps include filtering of anomalies, normalizing of data to standard date and time values, and generation of aggregates for analyses.
The company must store the transformed data in S3 buckets that data analysts access. The company needs a prebuilt solution for data transformation that does not require code. The solution must provide data lineage and data profiling.
The company needs to share the data transformation steps with employees throughout the company.
Which solution will meet these requirements?
A. Configure an AWS Glue Studio visual canvas to transform the data. Share the transformation steps with employees by using AWS Glue jobs. B. Configure Amazon EMR Serverless to transform the data. Share the transformation steps with employees by using EMR Serverless jobs. C. Configure AWS Glue DataBrew to transform the data. Share the transformation steps with employees by using DataBrew recipes. D. Create Amazon Athena tables for the data. Write Athena SQL queries to transform the data. Share the Athena SQL queries with employees.
C. Configure AWS Glue DataBrew to transform the data. Share the transformation steps with employees by using DataBrew recipes.
Question 1108:
A media company stores customer-uploaded videos in an Amazon S3 bucket with the Standard storage class. The company wants to create an S3 Lifecycle configuration. The company will set the maximum retention time to 7 days. However, the configuration must delete any video that is more than 1 TB in size after 48 hours.
Which solution will meet these requirements?
A. Create a single S3 Lifecycle configuration that has two rules. Configure the first rule to expire objects after 48 hours with a filter of ObjectSizeGreaterThan and a value of 1 TB. Configure the second rule to expire objects after 7 days. B. Create two S3 Lifecycle configurations. Include a rule in the first configuration to expire objects after 48 hours by using a Prefix filter of LargeFiles. Include a rule in the second configuration to expire objects after 7 days. C. Create a single S3 Lifecycle configuration that has two rules. Configure the first rule to expire objects after 48 hours. Configure the second rule to expire objects after 7 days. D. Create two S3 Lifecycle configurations. Include a rule in the first configuration to expire objects after 48 hours. Include a rule in the second configuration to expire objects after 7 days by using a filter of ObjectSizeLessThan and a value of 1 TB.
A. Create a single S3 Lifecycle configuration that has two rules. Configure the first rule to expire objects after 48 hours with a filter of ObjectSizeGreaterThan and a value of 1 TB. Configure the second rule to expire objects after 7 days.
Explanation
Amazon S3 supports one Lifecycle configuration per bucket that can contain multiple rules. Lifecycle rules can include filters, including object size filters: ObjectSizeGreaterThan and ObjectSizeLessThan. You can combine rules so that one targets large objects and another provides a default expiration. Here, configure Rule 1 with a size filter ObjectSizeGreaterThan = 1 TB and Expiration = 2 days (48 hours) to purge very large videos early. Configure Rule 2 with Expiration = 7 days without a size filter to serve as a catch-all maximum retention for all objects.
Options B and D are invalid because S3 does not allow multiple Lifecycle configurations per bucket.
Option C cannot distinguish large files; it would delete all files at the same schedule without honoring the 48-hour policy for > 1 TB objects. This single configuration with two rules meets both retention targets with minimal overhead and full S3- native capability.
Question 1109:
A company has a data ingestion workflow that consists of the following:
1. An Amazon Simple Notification Service (Amazon SNS) topic for notifications about new data deliveries
2. An AWS Lambda function to process the data and record metadata
The company observes that the ingestion workflow fails occasionally because of network connectivity issues. When such a failure occurs, the Lambda function does not ingest the corresponding data unless the company manually reruns the job.
Which combination of actions should a solutions architect take to ensure that the Lambda function ingests all data in the future? (Choose two.)
A. Deploy the Lambda function in multiple Availability Zones. B. Create an Amazon Simple Queue Service (Amazon SQS) queue, and subscribe it to the SNS topic. C. Increase the CPU and memory that are allocated to the Lambda function. D. Increase provisioned throughput for the Lambda function. E. Modify the Lambda function to read from an Amazon Simple Queue Service (Amazon SQS) queue.
B. Create an Amazon Simple Queue Service (Amazon SQS) queue, and subscribe it to the SNS topic. E. Modify the Lambda function to read from an Amazon Simple Queue Service (Amazon SQS) queue.
Question 1110:
A company recently migrated its web application to AWS by rehosting the application on Amazon EC2 instances in a single AWS Region. The company wants to redesign its application architecture to be highly available and fault tolerant.
Traffic must reach all running EC2 instances randomly.
Which combination of steps should the company take to meet these requirements? (Choose two.)
A. Create an Amazon Route 53 failover routing policy. B. Create an Amazon Route 53 weighted routing policy. C. Create an Amazon Route 53 multivalue answer routing policy. D. Launch three EC2 instances: two instances in one Availability Zone and one instance in another Availability Zone. E. Launch four EC2 instances: two instances in one Availability Zone and two instances in another Availability Zone.
C. Create an Amazon Route 53 multivalue answer routing policy. E. Launch four EC2 instances: two instances in one Availability Zone and two instances in another Availability Zone.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.