A solutions architect is storing sensitive data generated by an application in Amazon S3. The solutions architect wants to encrypt the data at rest. A company policy requires an audit trail of when the AWS KMS key was used and by whom.
Which encryption option will meet these requirements?
A. Server-side encryption with Amazon S3 managed keys (SSE-S3) B. Server-side encryption with AWS KMS managed keys (SSE-KMS) C. Server-side encryption with customer-provided keys (SSE-C) D. Server-side encryption with self-managed keys
B. Server-side encryption with AWS KMS managed keys (SSE-KMS)
Explanation
SSE-KMS (Server-side encryption with AWS Key Management Service) not only encrypts data at rest but also integrates with AWS CloudTrail to provide detailed logs of key usage -- meeting the audit requirement.
"SSE-KMS provides the ability to audit key usage to see who used the key and when, via AWS CloudTrail."
-- Amazon S3 Encryption Documentation
Benefits:
Encryption with customer-managed or AWS-managed KMS keys
Audit trails of key usage events
Fine-grained access control
Incorrect Options:
Option A: SSE-S3 does not support auditing of key usage.
Option C: SSE-C does not integrate with CloudTrail or KMS.
Using SSE-KMS with S3 AWS KMS Logging with CloudTrail
Question 1162:
A company is building a new furniture inventory application. The company has deployed the application on a fleet ofAmazon EC2 instances across multiple Availability Zones. The EC2 instances run behind an Application Load Balancer (ALB) in their VPC.
A solutions architect has observed that incoming traffic seems to favor one EC2 instance, resulting in latency for some requests.
What should the solutions architect do to resolve this issue?
A. Disable session affinity (sticky sessions) on the ALB B. Replace the ALB with a Network Load Balancer C. Increase the number of EC2 instances in each Availability Zone D. Adjust the frequency of the health checks on the ALB's target group
A. Disable session affinity (sticky sessions) on the ALB
Question 1163:
A solutions architect is designing the cloud architecture for a new stateless application that will be deployed on AWS. The solutions architect created an Amazon Machine Image (AMI) and launch template for the application. Based on the number of jobs that need to be processed, the processing must run in parallel while adding and removing application Amazon EC2 instances as needed. The application must be loosely coupled. The job items must be durably stored.
Which solution will meet these requirements?
A. Create an Amazon Simple Notification Service (Amazon SNS) topic to send the jobs that need to be processed. Create an Auto Scaling group by using the launch template with the scaling policy set to add and remove EC2 instances based on CPU usage. B. Create an Amazon Simple Queue Service (Amazon SQS) queue to hold the jobs that need to be processed. Create an Auto Scaling group by using the launch template with the scaling policy set to add and remove EC2 instances based on network usage. C. Create an Amazon Simple Queue Service (Amazon SQS) queue to hold the jobs that need to be processed. Create an Auto Scaling group by using the launch template with the scaling policy set to add and remove EC2 instances based on the number of items in the SQS queue. D. Create an Amazon Simple Notification Service (Amazon SNS) topic to send the jobs that need to be processed. Create an Auto Scaling group by using the launch template with the scaling policy set to add and remove EC2 instances based on the number of messages published to the SNS topic.
C. Create an Amazon Simple Queue Service (Amazon SQS) queue to hold the jobs that need to be processed. Create an Auto Scaling group by using the launch template with the scaling policy set to add and remove EC2 instances based on the number of items in the SQS queue.
Question 1164:
A company is planning to deploy its application on an Amazon Aurora PostgreSQL Serverless v2 cluster.
The application will receive large amounts of traffic. The company wants to optimize the storage performance of the cluster as the load on the application increases.
Which solution will meet these requirements MOST cost-effectively?
A. Configure the cluster to use the Aurora Standard storage configuration. B. Configure the cluster storage type as Provisioned IOPS. C. Configure the cluster storage type as General Purpose. D. Configure the cluster to use the Aurora I/O-Optimized storage configuration.
D. Configure the cluster to use the Aurora I/O-Optimized storage configuration.
Question 1165:
A company needs to ingest and analyze telemetry data from vehicles at scale for machine learning and reporting.
Which solution will meet these requirements?
A. Use Amazon Timestream for LiveAnalytics to store data points. Grant Amazon SageMaker permission to access the data. Use Amazon QuickSight to visualize the data. B. Use Amazon DynamoDB to store data points. Use DynamoDB Connector to ingest data into Amazon EMR for processing. Use Amazon QuickSight to visualize the data. C. Use Amazon Neptune to store data points. Use Amazon Kinesis Data Streams to ingest data into a Lambda function for processing. Use Amazon QuickSight to visualize the data. D. Use Amazon Timestream for LiveAnalytics to store data points. Grant Amazon SageMaker permission to access the data. Use Amazon Athena to visualize the data.
A. Use Amazon Timestream for LiveAnalytics to store data points. Grant Amazon SageMaker permission to access the data. Use Amazon QuickSight to visualize the data.
Explanation
Amazon Timestreamis purpose-built for storing and analyzing time-series data like telemetry.
Option A leverages Timestream, SageMaker for ML, and QuickSight for visualization, meeting all requirements with minimal complexity.
Option B involves more complex DynamoDB-EMR integration.
Option C uses Neptune, which is designed for graph databases, not telemetry data.
Option D incorrectly uses Athena for visualization instead of QuickSight.
Question 1166:
A solutions architect needs to design a new microservice for a company's application. Clients must be able to call an HTTPS endpoint to reach the microservice. The microservice also must use AWS Identity and Access Management (IAM) to authenticate calls. The solutions architect will write the logic for this microservice by using a single AWS Lambda function that is written in Go 1.x.
Which solution will deploy the function in the MOST operationally efficient way?
A. Create an Amazon API Gateway REST API. Configure the method to use the Lambda function. Enable IAM authentication on the API. B. Create a Lambda function URL for the function. Specify AWS_IAM as the authentication type. C. Create an Amazon CloudFront distribution. Deploy the function to Lambda@Edge. Integrate IAM authentication logic into the Lambda@Edge function. D. Create an Amazon CloudFront distribution. Deploy the function to CloudFront Functions. Specify AWS_IAM as the authentication type.
A. Create an Amazon API Gateway REST API. Configure the method to use the Lambda function. Enable IAM authentication on the API.
Question 1167:
A company has two AWS accounts: Production and Development. The company needs to push code changes in the Development account to the Production account. In the alpha phase, only two senior developers on the development team need access to the Production account. In the beta phase, more developers will need access to perform testing.
Which solution will meet these requirements?
A. Create two policy documents by using the AWS Management Console in each account. Assign the policy to developers who need access. B. Create an IAM role in the Development account. Grant the IAM role access to the Production account. Allow developers to assume the role. C. Create an IAM role in the Production account. Define a trust policy that specifies the Development account. Allow developers to assume the role. D. Create an IAM group in the Production account. Add the group as a principal in a trust policy that specifies the Production account. Add developers to the group.
C. Create an IAM role in the Production account. Define a trust policy that specifies the Development account. Allow developers to assume the role.
Question 1168:
A company is developing a new mobile app. The company must implement proper traffic filtering to protect its Application Load Balancer (ALB) against common application-level attacks, such as cross-site scripting or SQL injection. The company has minimal infrastructure and operational staff. The company needs to reduce its share of the responsibility in managing, updating, and securing servers for its AWS environment.
What should a solutions architect recommend to meet these requirements?
A. Configure AWS WAF rules and associate them with the ALB. B. Deploy the application using Amazon S3 with public hosting enabled. C. Deploy AWS Shield Advanced and add the ALB as a protected resource. D. Create a new ALB that directs traffic to an Amazon EC2 instance running a third-party firewall, which then passes the traffic to the current ALB.
A. Configure AWS WAF rules and associate them with the ALB.
Question 1169:
A transaction-processing company has weekly batch jobs that run on Amazon EC2 instances in an Auto Scaling group. Transaction volume varies, but CPU utilization is always at least 60% during the batch runs.
Capacity must be provisioned 30 minutes before the jobs begin.
Engineers currently scale the Auto Scaling group manually. The company needs an automated solution but cannot allocate time to analyze scaling trends.
Which solution will meet these requirements with the least operational overhead?
A. Create a dynamic scaling policy based on CPU utilization at 60%. B. Create a scheduled scaling policy. Set desired, minimum, and maximum capacity. Set recurrence weekly. Set the start time to 30 minutes before the jobs run. C. Create a predictive scaling policy that forecasts CPU usage and pre-launches instances 30 minutes before the jobs run. D. Create an EventBridge rule that invokes a Lambda function when CPU reaches 60%. The Lambda function increases the Auto Scaling group size by 20%.
C. Create a predictive scaling policy that forecasts CPU usage and pre-launches instances 30 minutes before the jobs run.
Explanation
Predictive scaling automatically analyzes historical workload patterns, forecasts future capacity needs, and launches instances ahead of time. AWS documentation states that predictive scaling is designed for workloads with recurring, cyclical patterns--such as scheduled weekly batch jobs.
It also supports " pre-launching " capacity before peak demand. This eliminates manual trend analysis and delivers the lowest operational overhead.
Scheduled scaling (Option B) works but requires manual calculation of capacity numbers and updating if patterns change. Predictive scaling removes this burden entirely.
Question 1170:
A social media company wants to store its database of user profiles, relationships, and interactions in the AWS Cloud. The company needs an application to monitor any changes in the database. The application needs to analyze the relationships between the data entities and to provide recommendations to users.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use Amazon Neptune to store the information. Use Amazon Kinesis Data Streams to process changes in the database. B. Use Amazon Neptune to store the information. Use Neptune Streams to process changes in the database. C. Use Amazon Quantum Ledger Database (Amazon QLDB) to store the information. Use Amazon Kinesis Data Streams to process changes in the database. D. Use Amazon Quantum Ledger Database (Amazon QLDB) to store the information. Use Neptune Streams to process changes in the database.
B. Use Amazon Neptune to store the information. Use Neptune Streams to process changes in the database.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.