A company manages AWS accounts in AWS Organizations. AWS IAM Identity Center (AWS Single Sign-On) and AWS Control Tower are configured for the accounts. The company wants to manage multiple user permissions across all the accounts. The permissions will be used by multiple IAM users and must be split between the developer and administrator teams. Each team requires different permissions. The company wants a solution that includes new users that are hired on both teams.
Which solution will meet these requirements with the LEAST operational overhead?
A. Create individual users in IAM Identity Center for each account. Create separate developer and administrator groups in IAM Identity Center. Assign the users to the appropriate groups. Create a custom IAM policy for each group to set fine-grained permissions. B. Create individual users in IAM Identity Center for each account. Create separate developer and administrator groups in IAM Identity Center. Assign the users to the appropriate groups. Attach AWS managed IAM policies to each user as needed for fine-grained permissions. C. Create individual users in IAM Identity Center. Create new developer and administrator groups in IAM Identity Center. Create new permission sets that include the appropriate IAM policies for each group. Assign the new groups to the appropriate accounts. Assign the new permission sets to the new groups. When new users are hired, add them to the appropriate group. D. Create individual users in IAM Identity Center. Create new permission sets that include the appropriate IAM policies for each user. Assign the users to the appropriate accounts. Grant additional IAM permissions to the users from within specific accounts. When new users are hired, add them to IAM Identity Center and assign them to the accounts.
C. Create individual users in IAM Identity Center. Create new developer and administrator groups in IAM Identity Center. Create new permission sets that include the appropriate IAM policies for each group. Assign the new groups to the appropriate accounts. Assign the new permission sets to the new groups. When new users are hired, add them to the appropriate group.
Question 1212:
A company is designing an advertisement distribution application to run on AWS. The company wants to deploy the application as a container to Amazon Elastic Container Service (Amazon ECS). Advertisements must be displayed to users around the world with low latency. The company needs to optimize data transfer costs.
Which solution will meet these requirements?
A. Deploy the application in a single AWS Region. Use an Application Load Balancer (ALB) to distribute traffic. Create an Amazon CloudFront distribution, and set the ALB as the origin. B. Deploy the application in multiple AWS Regions. Create an Application Load Balancer (ALB) in each Region. Use Amazon Route 53 with a latency-based weighted routing policy to distribute traffic to the ALBs. C. Deploy the application in multiple AWS Regions. Create an Application Load Balancer (ALB) in each Region. Create a transit gateway in each Region. Route traffic between the ALBs and Amazon ECS through the transit gateways. D. Deploy the application in a single AWS Region. Use an Application Load Balancer (ALB) to distribute traffic. Create an accelerator in AWS Global Accelerator. Associate the accelerator with the ALB.
A. Deploy the application in a single AWS Region. Use an Application Load Balancer (ALB) to distribute traffic. Create an Amazon CloudFront distribution, and set the ALB as the origin.
Explanation
Using Amazon CloudFront in front of an ALB in a single region is a cost-effective way to deliver content with low latency across the globe. CloudFront caches content closer to the users, reducing the load on backend servers and minimizing data transfer costs by serving cached content from edge locations.
Compared to Global Accelerator, CloudFront is significantly more cost-optimized for static and dynamic content delivery. Multi-region deployments increase infrastructure and transfer costs, which violates the optimization goal. Therefore, option A provides the best mix of performance and cost efficiency.
Question 1213:
A company wants to migrate an application to AWS. The application runs on Docker containers behind an Application Load Balancer (ALB). The application stores data in a PostgreSQL database. The cloud-based solution must use AWS WAF to inspect all application traffic. The application experiences most traffic on weekdays. There is significantly less traffic on weekends.
Which solution will meet these requirements in the MOST cost-effective way?
A. Use a Network Load Balancer (NLB). Create a web access control list (web ACL) in AWS WAF that includes the necessary rules. Attach the web ACL to the NLB. Run the application on Amazon Elastic Container Service (Amazon ECS). Use Amazon RDS for PostgreSQL as the database. B. Create a web access control list (web ACL) in AWS WAF that includes the necessary rules. Attach the web ACL to the ALB. Run the application on Amazon Elastic Kubernetes Service (Amazon EKS). Use Amazon RDS for PostgreSQL as the database. C. Create a web access control list (web ACL) in AWS WAF that includes the necessary rules. Attach the web ACL to the ALB. Run the application on Amazon Elastic Container Service (Amazon ECS). Use Amazon Aurora Serverless as the database. D. Use a Network Load Balancer (NLB). Create a web access control list (web ACL) in AWS WAF that has the necessary rules. Attach the web ACL to the NLB. Run the application on Amazon Elastic Container Service (Amazon ECS). Use Amazon Aurora Serverless as the database.
C. Create a web access control list (web ACL) in AWS WAF that includes the necessary rules. Attach the web ACL to the ALB. Run the application on Amazon Elastic Container Service (Amazon ECS). Use Amazon Aurora Serverless as the database.
Explanation
Using an Application Load Balancer (ALB) allows for integration with AWS WAF to inspect all incoming traffic. Running the application on Amazon ECS provides a scalable and managed container orchestration service. Utilizing Amazon Aurora Serverless for the PostgreSQL database offers automatic scaling based on application demand, which is cost-effective for workloads with variable traffic patterns, such as higher traffic on weekdays and lower traffic on weekends.
References:
Optimizing cost savings: The advantage of Amazon Aurora over self-managed open-source databases
Question 1214:
A company has a custom application with embedded credentials that retrieves information from a database in an Amazon RDS for MySQL DB cluster. The company needs to make the application more secure with minimal programming effort.
The company has created credentials on the RDS for MySQL database for the application user.
Which solution will meet these requirements?
A. Store the credentials in AWS Key Management Service (AWS KMS). Create keys in AWS KMS. Configure the application to load the database credentials from AWS KMS. Enable automatic key rotation B. Store the credentials in encrypted local storage. Configure the application to load the database credentials from the local storage. Set up a credentials rotation schedule by creating a cron job. C. Store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Set up a credentials rotation schedule by creating an AWS Lambda function for Secrets Manager. D. Store the credentials in AWS Systems Manager Parameter Store. Configure the application to load the database credentials from Parameter Store. Set up a credentials rotation schedule in the RDS for MySQL database by using Parameter Store.
C. Store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Set up a credentials rotation schedule by creating an AWS Lambda function for Secrets Manager.
Question 1215:
A company is designing a new Amazon Elastic Kubernetes Service (Amazon EKS) deployment to host multi-tenant applications that use a single cluster. The company wants to ensure that each pod has its own hosted environment. The environments must not share CPU, memory, storage, or elastic network interfaces.
Which solution will meet these requirements?
A. Use Amazon EC2 instances to host self-managed Kubernetes clusters. Use taints and tolerations to enforce isolation boundaries. B. Use Amazon EKS with AWS Fargate. Use Fargate to manage resources and to enforce isolation boundaries. C. Use Amazon EKS and self-managed node groups. Use taints and tolerations to enforce isolation boundaries. D. Use Amazon EKS and managed node groups. Use taints and tolerations to enforce isolation boundaries.
B. Use Amazon EKS with AWS Fargate. Use Fargate to manage resources and to enforce isolation boundaries.
Explanation
AWS Fargate provides per-pod isolation for CPU, memory, storage, and networking, making it ideal for multi-tenant use cases.
Question 1216:
A company is redesigning a static website. The company needs a solution to host the new website in the company's AWS account. The solution must be secure and scalable.
Which combination of solutions will meet these requirements? (Choose Three.)
A. Configure an Amazon CloudFront distribution. Set the Amazon S3 bucket as the origin. B. Associate an AWS Certificate Manager (ACM) TLS certificate to the Amazon CloudFront distribution. C. Enable static website hosting for the Amazon S3 bucket. D. Create an Amazon S3 bucket to store the static website content. E. Export the website's SSL/TLS certificate from AWS Certificate Manager (ACM) to the root of the Amazon S3 bucket. F. Turn off Block Public Access for the Amazon S3 bucket.
A. Configure an Amazon CloudFront distribution. Set the Amazon S3 bucket as the origin. B. Associate an AWS Certificate Manager (ACM) TLS certificate to the Amazon CloudFront distribution. D. Create an Amazon S3 bucket to store the static website content.
Question 1217:
A company runs a production database on Amazon RDS for MySQL. The company wants to upgrade the database version for security compliance reasons. Because the database contains critical data, the company wants a quick solution to upgrade and test functionality without losing any data.
Which solution will meet these requirements with the LEAST operational overhead?
A. Create an RDS manual snapshot. Upgrade to the new version of Amazon RDS for MySQL. B. Use native backup and restore. Restore the data to the upgraded new version of Amazon RDS for MySQL. C. Use AWS Database Migration Service (AWS DMS) to replicate the data to the upgraded new version of Amazon RDS for MySQL. D. Use Amazon RDS Blue/Green Deployments to deploy and test production changes.
D. Use Amazon RDS Blue/Green Deployments to deploy and test production changes.
Question 1218:
A company is building a web application. The company needs a load balancing solution that supports HTTPS header-based routing. The company's security team also requires a rules-based method of blocking specific incoming requests to decrease the effects of malicious activity.
Which solution will meet these requirements?
A. Create an Application Load Balancer (ALB). Configure an HTTPS listener with mutual TLS enabled. B. Create an Application Load Balancer (ALB). Integrate the ALB with AWS WAF. Configure the security team's required rules. C. Create an Application Load Balancer (ALB). Integrate the ALB with AWS Config. Apply custom rules to all ALB resources. D. Create a Network Load Balancer (NLB). Configure AWS Network Firewall with the security team's required rules.
B. Create an Application Load Balancer (ALB). Integrate the ALB with AWS WAF. Configure the security team's required rules.
Explanation
Application Load Balancer (ALB) supports HTTP/HTTPS layer 7 routing, including header-based routing, path-based routing, and host-based routing.
AWS WAF is designed to provide rules-based filtering (block, allow, count) of HTTP(S) requests to protect applications from common exploits and malicious traffic.
ALB integrates directly with AWS WAF, so you can attach a web ACL with custom rules defined by the security team to block specific patterns while still using header-based routing.
Why the others are not correct:
Option A: Mutual TLS adds client certificate authentication but does not provide rules-based blocking or WAF-style inspection.
Option C: AWS Config is for configuration compliance and auditing, not request filtering.
Option D: NLB operates at layer 4 (TCP/UDP); it does not support HTTP header-based routing.
Question 1219:
A company runs an application that uses Docker containers in an on-premises data center. The application runs on a container host that stores persistent data files in a local volume. Container instances use the stored persistent data.
The company wants to migrate the application to fully managed AWS services.
Which solution will meet these requirements?
A. Use Amazon Elastic Kubernetes Service (Amazon EKS) with self-managed nodes. Attach an Amazon Elastic Block Store (Amazon EBS) volume to an Amazon EC2 instance. Mount the EBS volume on the containers to provide persistent storage. B. Use Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type. Create an Amazon Elastic File System (Amazon EFS) volume. Mount the EFS volume on the containers to provide persistent storage. C. Use Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type. Create an Amazon DynamoDB table. Configure the application to use the DynamoDB table for persistent storage. D. Use Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type. Create an Amazon Elastic File System (Amazon EFS) volume. Mount the EFS volume on the containers to provide persistent storage.
B. Use Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type. Create an Amazon Elastic File System (Amazon EFS) volume. Mount the EFS volume on the containers to provide persistent storage.
Explanation
The company wants to move from an on-premises Docker environment to fully managed AWS services with persistent storage. The best fit is:
Amazon ECS with AWS Fargate launch type: This is a serverless container orchestration solution where AWS manages the underlying infrastructure, removing the need to manage EC2 or Kubernetes nodes.
Amazon EFS (Elastic File System): This is a fully managed, scalable, and shared file system for use with ECS tasks. It supports persistent storage for containers, replacing the local volumes used on-premises.
This combination (ECS + Fargate + EFS) is fully managed and requires no manual server maintenance.
Option A uses EKS with self-managed nodes, which is not fully managed.
Option C (DynamoDB) is for structured key-value storage, not for persistent file storage.
Option D uses ECS with EC2 launch type, which is not serverless and requires managing instances.
References:
Using Amazon ECS with AWS Fargate Mounting EFS volumes in ECS tasks
Question 1220:
A company needs to collect streaming data from several sources and store the data in the AWS Cloud.
The dataset is heavily structured, but analysts need to perform several complex SQL queries and need consistent performance. Some of the data is queried more frequently than the rest. The company wants a solution that meets its performance requirements in a cost-effective manner.
Which solution meets these requirements?
A. Use Amazon Managed Streaming for Apache Kafka (Amazon MSK) to ingest the data to save it to Amazon S3. Use Amazon Athena to perform SQL queries over the ingested data. B. Use Amazon Managed Streaming for Apache Kafka (Amazon MSK) to ingest the data to save it to Amazon Redshift. Enable Amazon Redshift workload management (WLM) to prioritize workloads. C. Use Amazon Data Firehose to ingest the data to save it to Amazon Redshift. Enable Amazon Redshift workload management (WLM) to prioritize workloads. D. Use Amazon Data Firehose to ingest the data to save it to Amazon S3. Load frequently queried data to Amazon Redshift using the COPY command. Use Amazon Redshift Spectrum for less frequently queried data.
D. Use Amazon Data Firehose to ingest the data to save it to Amazon S3. Load frequently queried data to Amazon Redshift using the COPY command. Use Amazon Redshift Spectrum for less frequently queried data.
Explanation
The most cost-effective way to provide consistent SQL query performance on a heavily structured dataset, where some data is accessed more frequently, is to use Amazon Redshift as your main data warehouse for hot data and Amazon Redshift Spectrum to query cold data that remains in S3. With this approach, frequently queried data is loaded into Redshift for fast, consistent querying, while infrequently accessed data is left in S3 and accessed on demand via Spectrum, avoiding unnecessary data warehousing costs.
Amazon Kinesis Data Firehose provides an easy and scalable way to ingest streaming data directly to both
S3 and Redshift.
AWS Documentation Extract:
" Amazon Redshift Spectrum allows you to run queries against exabytes of data in Amazon S3 without loading or transforming the data. Load hot data into Redshift for fast access and query cold data in S3 with Spectrum, optimizing both cost and performance. " (Source: Amazon Redshift documentation, Spectrum)
Option A: Athena is good for ad hoc queries but not for consistent, high-performance SQL workloads.
Option B, Option C: Loading all data into Redshift is not cost-effective if some data is infrequently accessed.
References:
AWS Certified Solutions Architect?Official Study Guide, Data Warehousing and Analytics.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.