A company is building an application on AWS. The application uses multiple AWS Lambda functions to retrieve sensitive data from a single Amazon S3 bucket for processing. The company must ensure that only authorized Lambda functions can access the data. The solution must comply with the principle of least privilege.
Which solution will meet these requirements?
A. Grant full S3 bucket access to all Lambda functions through a shared IAM role. B. Configure the Lambda functions to run within a VPC. Configure a bucket policy to grant access based on the Lambda functions' VPC endpoint IP addresses. C. Create individual IAM roles for each Lambda function. Grant the IAM roles access to the S3 bucket. Assign each IAM role as the Lambda execution role for its corresponding Lambda function. D. Configure a bucket policy granting access to the Lambda functions based on their function ARNs.
C. Create individual IAM roles for each Lambda function. Grant the IAM roles access to the S3 bucket. Assign each IAM role as the Lambda execution role for its corresponding Lambda function.
Question 1142:
An insurance company wants to migrate an application that calculates insurance premiums to AWS. The company must run calculations immediately when a customer submits information through the application.
The application usually takes 10 seconds to process a calculation.
Which solution will meet this requirement?
A. Set up an Amazon API Gateway HTTP API to receive the data. Use an AWS Lambda function to process the data immediately. B. Upload the customer data to an Amazon S3 bucket. Start an Amazon EC2 Spot Instance to process every data upload. C. Set up AWS Transfer Family to receive the customer data. Configure an Amazon EKS job to process the customer data on a schedule. D. Upload the data to an Amazon S3 bucket. Invoke an AWS Batch job to process every customer data upload.
A. Set up an Amazon API Gateway HTTP API to receive the data. Use an AWS Lambda function to process the data immediately.
Explanation
The critical requirement is immediate processing upon customer submission, with a typical compute duration of about 10 seconds. This is an ideal fit for a synchronous, request-driven, serverless pattern: API Gateway + AWS Lambda. API Gateway provides a managed HTTPS front door for the application, handles request validation/throttling if needed, and integrates directly with Lambda. Lambda is designed for short-lived computations, scales automatically with request volume, and can complete 10-second tasks well within typical Lambda execution limits.
Option A therefore meets the requirement with low latency and minimal operational overhead. When a customer submits data, API Gateway invokes the Lambda function immediately, and the function returns the calculated premium response. This preserves an interactive user experience and avoids provisioning or managing servers. It also handles bursts gracefully because Lambda concurrency can scale quickly, and API Gateway can absorb high request rates.
Option B is unsuitable because launching a Spot instance per upload introduces significant startup latency (instance launch time) and is not reliable due to Spot interruptions.
Option C and D are not "immediate": Transfer Family is for file transfers, and scheduled EKS jobs or Batch jobs introduce queuing and scheduling delays. While Batch can be event-driven, it is typically used for longer-running or batch-oriented workloads and still has job-start overhead compared to Lambda.
Therefore, A best matches the requirements for immediate execution, scalability, and low operational burden while maintaining responsive performance for customers.
Question 1143:
An ecommerce company runs a multi-tier application on AWS. The frontend and backend tiers run on Amazon EC2 instances. The database tier runs on an Amazon RDS for MySQL DB instance. The application makes frequent calls to return identical datasets from the database. These frequent calls cause performance slowdowns. A solutions architect must improve the performance of the application backend.
Which solution will meet this requirement?
A. Configure an Amazon Simple Notification Service (Amazon SNS) topic between the EC2 instances and the RDS DB instance. B. Configure an Amazon ElastiCache (Redis OSS) cache. Configure the backend EC2 instances to read from the cache. C. Configure an Amazon DynamoDB Accelerator (DAX) cluster. Configure the backend EC2 instances to read from the cluster. D. Configure Amazon Data Firehose to stream the calls to the database.
B. Configure an Amazon ElastiCache (Redis OSS) cache. Configure the backend EC2 instances to read from the cache.
Explanation
The key issue is repeated reads of identical data from an RDS MySQL database, which leads to unnecessary database load and degraded performance. The AWS-recommended solution for this pattern is to introduce an in-memory cache between the application and the database.
Amazon ElastiCache (Redis OSS) is purpose-built for caching frequently accessed data with microsecond-level latency. By caching identical query results, the backend EC2 instances can serve responses directly from memory instead of repeatedly querying the database. This significantly reduces read pressure on the RDS instance and improves overall application performance and scalability.
Option B is correct because Redis integrates cleanly with EC2-based applications and supports advanced caching patterns such as key expiration, eviction policies, and fine-grained control over cached objects.
This approach also improves resilience during traffic spikes by offloading work from the database.
Option A is incorrect because SNS is a messaging service and does not cache or accelerate database queries.
Option C is incorrect because DynamoDB Accelerator (DAX) works only with DynamoDB tables, not Amazon RDS.
Option D is designed for streaming data ingestion and analytics, not for optimizing synchronous database access.
Therefore, B is the correct solution because it addresses the root cause of the performance problem by caching repeated database reads, following AWS best practices for high-performing application architectures.
Question 1144:
A company has an application that generates a large number of files, each approximately 5 MB in size.
The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be deleted. Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days.
Which storage solution is MOST cost-effective?
A. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Glacier 30 days from object creation. Delete the files 4 years after object creation. B. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) 30 days from object creation. Delete the files 4 years after object creation. C. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation. Delete the files 4 years after object creation. D. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation. Move the files to S3 Glacier 4 years after object creation.
C. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation. Delete the files 4 years after object creation.
Question 1145:
A company is building a new application that uses serverless architecture. The architecture will consist of an Amazon API Gateway REST API and AWS Lambda functions to manage incoming requests.
The company wants to add a service that can send messages received from the API Gateway REST API to multiple target Lambda functions for processing. The service must offer message filtering that gives the target Lambda functions the ability to receive only the messages the functions need.
Which solution will meet these requirements with the LEAST operational overhead?
A. Send the requests from the API Gateway REST API to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe Amazon Simple Queue Service (Amazon SQS) queues to the SNS topic. Configure the target Lambda functions to poll the different SQS queues. B. Send the requests from the API Gateway REST API to Amazon EventBridge. Configure EventBridge to invoke the target Lambda functions. C. Send the requests from the API Gateway REST API to Amazon Managed Streaming for Apache Kafka (Amazon MSK). Configure Amazon MSK to publish the messages to the target Lambda functions. D. Send the requests from the API Gateway REST API to multiple Amazon Simple Queue Service (Amazon SQS) queues. Configure the target Lambda functions to poll the different SQS queues.
A. Send the requests from the API Gateway REST API to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe Amazon Simple Queue Service (Amazon SQS) queues to the SNS topic. Configure the target Lambda functions to poll the different SQS queues.
Question 1146:
A company runs its production workload on Amazon EC2 instances with Amazon Elastic Block Store (Amazon EBS) volumes. A solutions architect needs to analyze the current EBS volume cost and to recommend optimizations. The recommendations need to include estimated monthly saving opportunities.
Which solution will meet these requirements?
A. Use Amazon Inspector reporting to generate EBS volume recommendations for optimization. B. Use AWS Systems Manager reporting to determine EBS volume recommendations for optimization. C. Use Amazon CloudWatch metrics reporting to determine EBS volume recommendations for optimization. D. Use AWS Compute Optimizer to generate EBS volume recommendations for optimization.
D. Use AWS Compute Optimizer to generate EBS volume recommendations for optimization.
Question 1147:
A company provides an API interface to customers so the customers can retrieve their financial information. he company expects a larger number of requests during peak usage times of the year.
The company requires the API to respond consistently with low latency to ensure customer satisfaction.
The company needs to provide a compute host for the API.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use an Application Load Balancer and Amazon Elastic Container Service (Amazon ECS). B. Use Amazon API Gateway and AWS Lambda functions with provisioned concurrency. C. Use an Application Load Balancer and an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. D. Use Amazon API Gateway and AWS Lambda functions with reserved concurrency.
B. Use Amazon API Gateway and AWS Lambda functions with provisioned concurrency.
Question 1148:
A company is planning to deploy a business-critical application in the AWS Cloud. The application requires durable storage with consistent, low-latency performance.
Which type of storage should a solutions architect recommend to meet these requirements?
A. Instance store volume B. Amazon ElastiCache for Memcached cluster C. Provisioned IOPS SSD Amazon Elastic Block Store (Amazon EBS) volume D. Throughput Optimized HDD Amazon Elastic Block Store (Amazon EBS) volume
C. Provisioned IOPS SSD Amazon Elastic Block Store (Amazon EBS) volume
Question 1149:
A global company operates in multiple AWS Regions to meet data residency requirements. The company uses AWS Organizations to manage its accounts. The company wants to restrict IAM roles and access to specific Regions to prevent accidental data operations across geographic boundaries.
Which solution will meet these requirements?
A. Configure a service control policy (SCP) to deny the ec2:RunInstances action in non-compliant Regions. B. Configure IAM policies by using the aws:RequestedRegion condition. C. Configure IAM role trust policies that use the aws:SourceIp condition. D. Configure AWS Config to detect unwanted access across Regions.
B. Configure IAM policies by using the aws:RequestedRegion condition.
Explanation
The requirement is to restrict actions by Region to prevent accidental cross-Region operations that could violate data residency rules. The most direct and flexible way to enforce Region-based restrictions in AWS is to use IAM condition keys, specifically aws:RequestedRegion, in identity-based policies (and commonly in permission boundaries or SCPs when managing an organization).
Option B is correct because it applies Region constraints at authorization time. By adding conditions that allow actions only when aws:RequestedRegion matches an approved list (or denies when it matches disallowed Regions), the company can prevent users and roles from creating, modifying, or accessing resources in the wrong Region. This approach is broad and can be applied across many services, not just EC2, making it suitable for enforcing data residency boundaries across a multi-Region footprint.
Option A is too narrow because it restricts only ec2:RunInstances. Data residency concerns typically apply to many services (S3, RDS, DynamoDB, KMS, etc.), and limiting only EC2 does not prevent accidental data operations elsewhere. Option C controls where requests come from (source IP), not which Region is targeted. Option D (AWS Config) is detective, not preventative; it can alert after noncompliant actions occur, which does not meet the requirement to prevent accidental operations.
Therefore, B best meets the requirement by enforcing Region-level guardrails through IAM authorization conditions, helping ensure workloads remain within approved geographic boundaries.
Question 1150:
A company receives data transfers from a small number of external clients that use SFTP software on an Amazon EC2 instance. The clients use an SFTP client to upload data. The clients use SSH keys for authentication. Every hour, an automated script transfers new uploads to an Amazon S3 bucket for processing.
The company wants to move the transfer process to an AWS managed service and to reduce the time required to start data processing. The company wants to retain the existing user management and SSH key generation process. The solution must not require clients to make significant changes to their existing processes.
Which solution will meet these requirements?
A. Reconfigure the script that runs on the EC2 instance to run every 15 minutes. Create an S3 Event Notifications rule for all new object creation events. Set an Amazon Simple Notification Service (Amazon SNS) topic as the destination. B. Create an AWS Transfer Family SFTP server that uses the existing S3 bucket as a target. Use service-managed users to enable authentication. C. Require clients to add the AWS DataSync agent into their local environments. Create an IAM user for each client that has permission to upload data to the target S3 bucket. D. Create an AWS Transfer Family SFTP connector that has permission to access the target S3 bucket for each client. Store credentials in AWS Systems Manager. Create an IAM role to allow the SFTP connector to securely use the credentials.
B. Create an AWS Transfer Family SFTP server that uses the existing S3 bucket as a target. Use service-managed users to enable authentication.
Explanation
AWS Transfer Family (SFTP) allows clients to use standard SFTP clients and SSH keys without changes.
By enabling service-managed users, clients can continue uploading files with their existing tools.
The service delivers the files directly into S3, reducing latency between upload and processing. This removes the need for EC2, custom scripts, and periodic transfers. It fully meets the requirement for a managed solution with minimal disruption to client processes.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.