A gaming company has a web application that displays game scores. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The application stores data in an Amazon RDS for MySQL database.
Users are experiencing long delays and interruptions caused by degraded database read performance.
The company wants to improve the user experience.
Which solution will meet this requirement?
A. Use an Amazon ElastiCache (Redis OSS) cache in front of the database. B. Use Amazon RDS Proxy between the application and the database. C. Migrate the application from EC2 instances to AWS Lambda functions. D. Use an Amazon Aurora Global Database to create multiple read replicas across multiple AWS Regions.
A. Use an Amazon ElastiCache (Redis OSS) cache in front of the database.
Explanation
ElastiCache provides an in-memory cache layer for frequently accessed queries, reducing latency and offloading read pressure from the database.
"You can improve database performance by caching frequently accessed data using Amazon ElastiCache."
-- ElastiCache Overview
Question 1332:
A company is moving data from an on-premises data center to the AWS Cloud. The company must store all its data in an Amazon S3 bucket. To comply with regulations, the company must also ensure that the data will be protected against overwriting indefinitely.
Which solution will ensure that the data in the S3 bucket cannot be overwritten?
A. Enable versioning for the S3 bucket. Use server-side encryption with Amazon S3 managed keys (SSE- S3) to protect the data. B. Disable versioning for the S3 bucket. Configure S3 Object Lock for the S3 bucket with a retention period of 1 year. C. Enable versioning for the S3 bucket. Configure S3 Object Lock for the S3 bucket with a legal hold. D. Configure S3 Storage Lens for the S3 bucket. Use server-side encryption with customer-provided keys (SSE-C) to protect the data.
A. Enable versioning for the S3 bucket. Use server-side encryption with Amazon S3 managed keys (SSE- S3) to protect the data.
Explanation
Versioning in S3 preserves every version of every object -- preventing permanent overwrites. This ensures compliance where data cannot be overwritten or lost.
SSE-S3 ensures server-side encryption.
"When you enable versioning, Amazon S3 stores every version of every object. With versioning, you can preserve, retrieve, and restore every version of every object stored in an S3 bucket."
-- S3 Versioning
This satisfies regulatory requirements for protecting data from overwriting indefinitely.
Incorrect Options:
Option B: Object Lock with retention period is time-bound, not indefinite.
Option C: Legal hold blocks deletion but doesn't directly prevent overwriting.
Option D: Storage Lens is analytics, not protection.
Question 1333:
A company is running a critical business application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances run in an Auto Scaling group and access an Amazon RDS DB instance. The design did not pass an operational review because the EC2 instances and the DB instance are all located in a single Availability Zone. A solutions architect must update the design to use a second Availability Zone.
Which solution will make the application highly available?
A. Provision a subnet in each Availability Zone. Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones. Configure the DB instance with connections to each network. B. Provision two subnets that extend across both Availability Zones. Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones. Configure the DB instance with connections to each network. C. Provision a subnet in each Availability Zone. Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones. Configure the DB instance for Multi-AZ deployment. D. Provision a subnet that extends across both Availability Zones. Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones. Configure the DB instance for Multi-AZ deployment.
C. Provision a subnet in each Availability Zone. Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones. Configure the DB instance for Multi-AZ deployment.
Question 1334:
A company is designing a serverless application to process a large number of events within an AWS account. The application saves the events to a data warehouse for further analysis. The application sends incoming events to an Amazon SQS queue. Traffic between the application and the SQS queue must not use public IP addresses.
Which solution will meet these requirements?
A. Create a VPC endpoint for Amazon SQS. Set the queue policy to deny all access except from the VPC endpoint. B. Configure server-side encryption with SQS-managed keys (SSE-SQS). C. Configure AWS Security Token Service (AWS STS) to generate temporary credentials for resources that access the queue. D. Configure VPC Flow Logs to detect SQS traffic that leaves the VPC.
A. Create a VPC endpoint for Amazon SQS. Set the queue policy to deny all access except from the VPC endpoint.
Explanation
Amazon SQS supports Interface VPC endpoints (AWS PrivateLink), enabling private connectivity from your VPC to SQS without using public IPs, traversing the public Internet, or requiring NAT/IGW. You can restrict access by attaching a queue resource policy that allows only the specific VPC endpoint and denies all other principals/paths, enforcing that all traffic stays on the AWS network. SSE-SQS (B) encrypts data at rest but does not influence network pathing. STS temporary credentials (C) handle authentication/ authorization, not routing. VPC Flow Logs (D) are monitoring/visibility and do not prevent public egress.
Creating an SQS VPC endpoint and tightening the queue policy satisfies the requirement of no public IP usage while maintaining secure, private access from serverless components in VPC subnets.
References:
Amazon SQS -- VPC endpoints (PrivateLink) and endpoint policies
Amazon SQS queue policies and condition keys
Security best practices for private access.
Question 1335:
A company uses a general-purpose instance class Amazon RDS for MySQL DB instance in a Multi-AZ configuration. The finance team runs SQL queries to generate reports. Customers experience performance issues during report generation.
A solutions architect needs to minimize the effect of the reporting job on the DB instance.
Which solution will meet these requirements?
A. Create a proxy in Amazon RDS Proxy. Update the reporting job to query the proxy endpoint. B. Update the RDS DB instance configuration to use three Availability Zones. C. Add an RDS read replica. Update the reporting job to query the replica endpoint. D. Change the RDS configuration to a memory-optimized instance class.
C. Add an RDS read replica. Update the reporting job to query the replica endpoint.
Explanation
The performance issue occurs because reporting queries compete with production traffic on the same primary database instance. The best-practice AWS solution is to offload read-heavy workloads to a separate database endpoint.
Option C adds an Amazon RDS read replica, which asynchronously replicates data from the primary instance. By redirecting reporting queries to the replica endpoint, the primary database can focus on transactional workloads, significantly improving application performance and customer experience.
Read replicas are specifically designed for this use case: scaling read capacity and isolating reporting or analytics queries. This solution requires minimal changes to the reporting job (endpoint update only) and avoids overprovisioning the primary database.
Option A (RDS Proxy) improves connection management but does not reduce query load or isolate reporting traffic.
Option B is invalid because Multi-AZ does not scale reads and is not configurable across three AZs for a single instance.
Option D increases instance size but does not address the underlying contention between workloads and increases cost unnecessarily.
Therefore, C is the most efficient and scalable solution to minimize reporting impact while maintaining high performance and availability.
Question 1336:
A company stores data in a centralized S3 bucket in Account A. It needs to grant Account B access to this bucket. Both accounts belong to the company.
Which solution meets this requirement?
B. Enable cross-Region replication between accounts. C. Use CloudFront with signed URLs to grant access. D. Create a bucket policy granting Account B access to the bucket in Account
D. Create a bucket policy granting Account B access to the bucket in Account
Explanation
The recommended and simplest method for granting cross-account access to an S3 bucket is to use a bucket policy that grants permission to the other AWS account.
This provides direct, controlled, IAM-based access without duplication of data or use of distribution mechanisms like CloudFront.
Transfer Acceleration and replication are unrelated to permissions.
Question 1337:
A company needs to retain its AWS CloudTrail logs for 3 years. The company is enforcing CloudTrail across a set of AWS accounts by using AWS Organizations from the parent account. The CloudTrail target
S3 bucket is configured with S3 Versioning enabled. An S3 Lifecycle policy is in place to delete current objects after 3 years. After the fourth year of use of the S3 bucket, the S3 bucket metrics show that the number of objects has continued to rise. However, the number of new CloudTrail logs that are delivered to the S3 bucket has remained consistent.
Which solution will delete objects that are older than 3 years in the MOST cost-effective manner?
A. Configure the organization's centralized CloudTrail trail to expire objects after 3 years. B. Configure the S3 Lifecycle policy to delete previous versions as well as current versions. C. Create an AWS Lambda function to enumerate and delete objects from Amazon S3 that are older than 3 years. D. Configure the parent account as the owner of all objects that are delivered to the S3 bucket.
B. Configure the S3 Lifecycle policy to delete previous versions as well as current versions.
Question 1338:
A company operates a data lake in Amazon S3 that stores large datasets in multiple formats. The company has an application that retrieves and processes subsets of data from multiple objects in the data lake based on filtering criteria. For each data query, the application currently downloads the entire S3 object and performs transformations. The current process requires a large amount of transformation time.
The company wants a solution that will give the application the ability to query and filter directly on S3 objects without downloading the objects.
Which solution will meet these requirements?
A. Use Amazon Athena to query and filter the objects in Amazon S3. B. Use Amazon EMR to process and filter the objects. C. Use Amazon API Gateway to create an API to retrieve filtered results from Amazon S3. D. Use Amazon ElastiCache (Valkey) to cache the objects.
A. Use Amazon Athena to query and filter the objects in Amazon S3.
Explanation
The best solution to query and filter S3 data directly without downloading the full object is to use Amazon Athena.
Amazon Athena is an interactive query service that lets you use SQL to analyze structured, semi-structured, and unstructured data directly in Amazon S3, without needing to move or transform the data.
It supports formats like CSV, JSON, ORC, Parquet, and Avro and integrates with AWS Glue Data Catalog for schema management.
Athena is serverless, meaning there's no infrastructure to manage, and it's billed per query, which keeps it cost-effective.
Option B (EMR) is heavier and requires managing a cluster.
Option C (API Gateway) is not suited for querying S3 datasets.
Option D (ElastiCache) is a memory store, not a query engine.
References:
What is Amazon Athena?
Question 1339:
A company runs multiple Windows workloads on AWS. The company's employees use Windows file shares that are hosted on two Amazon EC2 instances. The file shares synchronize data between themselves and maintain duplicate copies.
The company wants a highly available and durable storage solution that preserves how users currently access the files.
What should a solutions architect do to meet these requirements?
A. Migrate all the data to Amazon S3. Set up IAM authentication for users to access files. B. Set up an Amazon S3 File Gateway. Mount the S3 File Gateway on the existing EC2 instances. C. Extend the file share environment to Amazon FSx for Windows File Server with a Multi-AZ configuration. Migrate all the data to FSx for Windows File Server. D. Extend the file share environment to Amazon Elastic File System (Amazon EFS) with a Multi-AZ configuration. Migrate all the data to Amazon EFS.
C. Extend the file share environment to Amazon FSx for Windows File Server with a Multi-AZ configuration. Migrate all the data to FSx for Windows File Server.
Question 1340:
A company hosts a three-tier ecommerce application on a fleet of Amazon EC2 instances. The instances run in an Auto Scaling group behind an Application Load Balancer (ALB). All ecommerce data is stored in an Amazon RDS for MariaDB Multi-AZ DB instance.
The company wants to optimize customer session management during transactions. The application must store session data durably.
Which solutions will meet these requirements? (Choose two.)
A. Turn on the sticky sessions feature (session affinity) on the ALB. B. Use an Amazon DynamoDB table to store customer session information. C. Deploy an Amazon Cognito user pool to manage user session information. D. Deploy an Amazon ElastiCache for Redis cluster to store customer session information. E. Use AWS Systems Manager Application Manager in the application to manage user session information.
A. Turn on the sticky sessions feature (session affinity) on the ALB. D. Deploy an Amazon ElastiCache for Redis cluster to store customer session information.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.