A company needs to store its accounting records in Amazon S3. The records must be immediately accessible for 1 year and then must be archived for an additional 9 years. No one at the company, including administrative users and root users, can be able to delete the records during the entire 10-year period. The records must be stored with maximum resiliency.
Which solution will meet these requirements?
A. Store the records in S3 Glacier for the entire 10-year period. Use an access control policy to deny deletion of the records for a period of 10 years. B. Store the records by using S3 Intelligent-Tiering. Use an IAM policy to deny deletion of the records. After 10 years, change the IAM policy to allow deletion. C. Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years. D. Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 year. Use S3 Object Lock in governance mode for a period of 10 years.
C. Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years.
Question 1262:
A company wants to use an AWS CloudFormation stack for its application in a test environment. The company stores the CloudFormation template in an Amazon S3 bucket that blocks public access. The company wants to grant CloudFormation access to the template in the S3 bucket based on specific user requests to create the test environment. The solution must follow security best practices.
Which solution will meet these requirements?
A. Create a gateway VPC endpoint for Amazon S3. Configure the CloudFormation stack to use the S3 object URL. B. Create an Amazon API Gateway REST API that has the S3 bucket as the target. Configure the CloudFormation stack to use the API Gateway URL. C. Create a presigned URL for the template object. Configure the CloudFormation stack to use the presigned URL. D. Allow public access to the template object in the S3 bucket. Block the public access after the test environment is created.
C. Create a presigned URL for the template object. Configure the CloudFormation stack to use the presigned URL.
Question 1263:
A company wants to re-architect a large-scale web application to a serverless microservices architecture.
The application uses Amazon EC2 instances and is written in Python.
The company selected one component of the web application to test as a microservice. The component supports hundreds of requests per second. The company wants to create and test the microservice on an AWS solution that supports Python. The solution must also scale automatically and require minimal infrastructure and minimal operational support.
Which solution will meet these requirements?
A. Use a Spot Fleet with Auto Scaling of EC2 instances that run the most recent Amazon Linux operating system. B. Use an AWS Elastic Beanstalk web server environment that has high availability configured. C. Use Amazon Elastic Kubernetes Service (Amazon EKS). Launch Auto Scaling groups of self-managed EC2 instances. D. Use an AWS Lambda function that runs custom-developed code.
D. Use an AWS Lambda function that runs custom-developed code.
Explanation
Option D is the best answer because AWS Lambda is a serverless compute service that runs code without provisioning or managing servers, which directly aligns with the requirement for minimal infrastructure and minimal operational support. Lambda supports Python runtimes, so the team can deploy the selected component as a microservice using the same language. For workloads with hundreds of requests per second, Lambda is designed to handle request-driven execution and automatically scales by running more concurrent instances of the function in response to incoming traffic, without the customer needing to presize or manage capacity. The other options introduce significantly more operational responsibility.
Option A still requires managing EC2 instances (AMI lifecycle, patching, capacity planning, scaling policies) and Spot interruptions can add complexity for a web microservice test.
Option B (Elastic Beanstalk) reduces some management overhead but still relies on underlying instances and environment management (platform updates, scaling configuration, health monitoring), and it is not a serverless model.
Option C (EKS with self-managed nodes) has the highest operational burden here: cluster and node management, scaling node groups, patching, and Kubernetes operations--this conflicts with "minimal operational support."
Lambda fits the serverless microservices goal: deploy code as small independent services, integrate with other managed services (commonly API-driven invocation patterns), and rely on AWS-managed scaling and availability mechanisms rather than administering fleets or clusters.
Question 1264:
A company runs several applications on Amazon EC2 instances. The company stores configuration files in an Amazon S3 bucket. A solutions architect must provide the company's applications with access to the configuration files. The solutions architect must follow AWS best practices for security.
Which solution will meet these requirements?
A. Use the AWS account root user access keys. B. Use the AWS access key ID and the EC2 secret access key. C. Use an IAM role to grant the necessary permissions to the applications. D. Activate multi-factor authentication (MFA) and versioning on the S3 bucket.
C. Use an IAM role to grant the necessary permissions to the applications.
Explanation
The best security practice when providing EC2 instances access to AWS services (like S3) is to use an IAM role with an instance profile. This avoids hardcoding secrets and enables automatic credential rotation. "We strongly recommend that you use IAM roles for applications that run on Amazon EC2 instances to securely access AWS services." -- IAM Roles for Amazon EC2 Benefits: No manual credentials Temporary and automatically rotated keys Least privilege access via IAM policies
Incorrect Options:
Option A: Root user access is not to be used for programmatic access.
Option B: Storing secret keys is insecure and discouraged.
Option D: MFA/versioning improves object protection, not access control.
References:
Best Practices for IAM Using IAM Roles with EC2
Question 1265:
A company hosts a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run Amazon Linux in an Auto Scaling group. Each instance stores product manuals on Amazon
EBS volumes.
New instances often start with outdated data and may take up to 30 minutes to download updates. The company needs a solution ensuring all instances always have up-to-date product manuals, can scale rapidly, and does not require application code changes.
Which solution will meet these requirements?
A. Store the product manuals on instance store volumes attached to each EC2 instance. B. Store the product manuals in an Amazon S3 bucket. Configure EC2 instances to download updates from the bucket. C. Store the product manuals in an Amazon EFS file system. Mount the EFS volume on the EC2 instances. D. Store the product manuals in an S3 bucket using S3 Standard-IA. Configure EC2 instances to download updates from S3.
C. Store the product manuals in an Amazon EFS file system. Mount the EFS volume on the EC2 instances.
Explanation
Amazon EFS provides a shared, fully managed, POSIX-compliant file system that can be mounted by all EC2 instances. Any update made to the file system is immediately visible to all instances, ensuring every new instance has the latest product manuals without delay.
EFS automatically scales storage and throughput, meeting high-demand conditions with no application changes required.
S3 requires instances to download files locally, causing delay and stale data issues (Options B and D).
Instance store volumes (Option A) are ephemeral and not shared, making them unsuitable for consistent data distribution.
Question 1266:
A company runs a web application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The application stores data in an Amazon Aurora MySQL DB cluster.
The company needs to create a disaster recovery (DR) solution. The acceptable recovery time for the DR solution is up to 30 minutes. The DR solution does not need to support customer usage when the primary infrastructure is healthy.
Which solution will meet these requirements?
A. Deploy the DR infrastructure in a second AWS Region with an ALB and an Auto Scaling group. Set the desired capacity and maximum capacity of the Auto Scaling group to a minimum value. Convert the Aurora MySQL DB cluster to an Aurora global database. Configure Amazon Route 53 for an active-passive failover with ALB endpoints. B. Deploy the DR infrastructure in a second AWS Region with an ALUpdate the Auto Scaling group to include EC2 instances from the second Region. Use Amazon Route 53 to configure active-active failover. Convert the Aurora MySQL DB cluster to an Aurora global database. C. Back up the Aurora MySQL DB cluster data by using AWS Backup. Deploy the DR infrastructure in a second AWS Region with an ALB. Update the Auto Scaling group to include EC2 instances from the second Region. Use Amazon Route 53 to configure active-active failover. Create an Aurora MySQL DB cluster in the second Region Restore the data from the backup. D. Back up the infrastructure configuration by using AWS Backup. Use the backup to create the required infrastructure in a second AWS Region. Set the Auto Scaling group desired capacity to zero. Use Amazon Route 53 to configure active-passive failover. Convert the Aurora MySQL DB cluster to an Aurora global database.
A. Deploy the DR infrastructure in a second AWS Region with an ALB and an Auto Scaling group. Set the desired capacity and maximum capacity of the Auto Scaling group to a minimum value. Convert the Aurora MySQL DB cluster to an Aurora global database. Configure Amazon Route 53 for an active-passive failover with ALB endpoints.
Question 1267:
A company has an application that processes information from documents that users upload. When a user uploads a new document to an Amazon S3 bucket, an AWS Lambda function is invoked. The Lambda function processes information from the documents.
The company discovers that the application did not process many recently uploaded documents. The company wants to ensure that the application processes each document with retries if there is an error during the first attempt to process the document.
Which solution will meet these requirements?
A. Create an Amazon API Gateway REST API that has a proxy integration to the Lambda function. Update the application to send requests to the REST API. B. Configure a replication policy on the S3 bucket to stage the documents in another S3 bucket that an AWS Batch job processes on a daily schedule. C. Deploy an Application Load Balancer in front of the Lambda function that processes the documents. D. Configure an Amazon Simple Queue Service (Amazon SQS) queue as an event source for the Lambda function. Configure an S3 event notification on the S3 bucket to send new document upload events to the SQS queue.
D. Configure an Amazon Simple Queue Service (Amazon SQS) queue as an event source for the Lambda function. Configure an S3 event notification on the S3 bucket to send new document upload events to the SQS queue.
Explanation
Using SQS as a buffer between S3 and the Lambda function ensures durability and allows for retries in case of processing failures. Messages in the queue can be retried by Lambda, and failed processing can be directed to a dead-letter queue for further inspection. This guarantees reliable and scalable message-driven processing.
References:
AWS Documentation-Using Amazon SQS as Lambda Event Source with S3 Trigger
Question 1268:
A company uses AWS to run its workloads. The company uses AWS Organizations to manage its accounts. The company needs to identify which departments are responsible for specific costs.
New accounts are constantly created in the Organizations account structure. The Organizations continuous integration and continuous delivery (CI/CD) framework already adds the populated department tag to the AWS resources. The company wants to use an AWS Cost Explorer report to identify the service costs by department from all AWS accounts.
Which combination of steps will meet these requirements with the MOST operational efficiency? (Choose Two.)
A. Activate the aws:createdBy cost allocation tag and the department cost allocation tag in the management account. B. Create a new cost and usage report in Cost Explorer. Group by the department cost allocation tag. Apply a filter to see all linked accounts and services. C. Activate only the department cost allocation tag in the management account. D. Create a new cost and usage report in Cost Explorer. Group by the department cost allocation tag without any other filters. E. Activate only the aws:createdBy cost allocation tag in the management account.
C. Activate only the department cost allocation tag in the management account. D. Create a new cost and usage report in Cost Explorer. Group by the department cost allocation tag without any other filters.
Explanation
To track costs by department, you must activate the custom department tag as a cost allocation tag in the AWS Organizations management account. Once activated, Cost Explorer and cost and usage reports can group costs by this tag for all linked accounts. The most operationally efficient way is to activate only the relevant department tag and create a cost and usage report grouped by that tag.
AWS Documentation Extract:
"To use a tag for cost allocation, you must activate it in the AWS Billing and Cost Management console.
After activation, you can use the tag to group costs in Cost Explorer and reports." (Source: AWS Cost Management documentation)
Option A, Option E: aws:createdBy is not related to department cost grouping and is unnecessary.
Option B: Applying extra filters is optional;
Option D is more direct and operationally efficient.
References:
AWS Certified Solutions Architect?Official Study Guide, Cost Allocation and Tagging.
Question 1269:
A company wants to store a large amount of data as objects for analytics and long-term archiving.
Resources from outside AWS need to access the data. The external resources need to access the data with unpredictable frequency.
However, the external resource must have immediate access when necessary.
The company needs a cost-optimized solution that provides high durability and data security.
Which solution will meet these requirements?
A. Store the data in Amazon S3 Standard. Apply S3 Lifecycle policies to transition older data to S3 Glacier Deep Archive. B. Store the data in Amazon S3 Intelligent-Tiering. C. Store the data in Amazon S3 Glacier Flexible Retrieval. Use expedited retrieval to provide immediate access when necessary. D. Store the data in Amazon Elastic File System (Amazon EFS) Infrequent Access (IA). Use lifecycle policies to archive older files.
B. Store the data in Amazon S3 Intelligent-Tiering.
Explanation
Amazon S3 Intelligent-Tiering is designed for data with unknown or changing access patterns. It automatically moves data between frequent and infrequent access tiers based on usage. This tier offers immediate access to all objects, regardless of which tier they are stored in, while optimizing storage costs.
S3 Intelligent-Tiering also provides the same high durability, availability, and security as other S3 storage classes and supports access from external resources using standard S3 APIs. Lifecycle policies and Glacier classes are more suitable for archival when infrequent access is predictable, but retrieval from Glacier classes is not immediate and incurs extra charges and delays.
Reference Extract from AWS Documentation /
Study Guide: " S3 Intelligent-Tiering is designed to optimize costs by automatically moving data between two access tiers when access patterns change. Data is always available and immediately accessible, making it ideal for unknown or unpredictable access patterns. "
A company needs to accommodate traffic for a web application that the company hosts on AWS, especially during peak usage hours. The application uses Amazon EC2 instances as web servers, an Amazon RDS DB instance for database operations, and an Amazon S3 bucket to store transaction documents. The application struggles to scale effectively and experiences performance issues.
The company wants to improve the scalability of the application and prevent future performance issues.
The company also wants to improve global access speeds to the transaction documents for the company's global users.
A. Place the EC2 instances in Auto Scaling groups to scale appropriately during peak usage hours. Use Amazon RDS read replicas to improve database read performance. Deploy an Amazon CloudFront distribution that uses Amazon S3 as the origin. B. Increase the size of the EC2 instances to provide more compute capacity. Use Amazon ElastiCache to reduce database read loads. Use AWS Global Accelerator to optimize the delivery of the transaction documents that are in the S3 bucket. C. Transition workloads from the EC2 instances to AWS Lambda functions to scale in response to the usage peaks. Migrate the database to an Amazon Aurora global database to provide cross-Region reads. Use AWS Global Accelerator to deliver the transaction documents that are in the S3 bucket. D. Convert the application architecture to use Amazon Elastic Container Service (Amazon ECS) containers. Configure a Multi-AZ deployment of Amazon RDS to support database operations. Replicate the transaction documents that are in the S3 bucket across multiple AWS Regions.
A. Place the EC2 instances in Auto Scaling groups to scale appropriately during peak usage hours. Use Amazon RDS read replicas to improve database read performance. Deploy an Amazon CloudFront distribution that uses Amazon S3 as the origin.
Explanation
This question focuses on improving scalability and global access performance.
Auto Scaling groups enable EC2 instances to scale dynamically in response to demand, ensuring availability during peak hours without manual intervention. Amazon RDS read replicas offload read traffic, improving read throughput and reducing latency on the primary database instance. Deploying Amazon CloudFront with S3 as origin accelerates delivery of static transaction documents globally by caching content at edge locations, reducing latency for users worldwide.
Option B focuses on vertical scaling (larger instances) and caching with ElastiCache, but it does not address global content delivery optimally. AWS Global Accelerator accelerates network traffic but is better suited for accelerating TCP and UDP traffic; CloudFront is generally preferred for HTTP content delivery.
Option C migrates workloads to Lambda and Aurora global databases, which is an advanced and potentially costly redesign that may not be necessary.
Option D suggests moving to ECS and multi-AZ RDS but does not address global content delivery efficiently.
Therefore, option A uses proven scalability and caching best practices aligned with AWS Well-Architected Framework pillars for performance and operational excellence.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.