Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 1421:

  A company has a transaction-processing application that is backed by an Amazon RDS MySQL database.

  When the load on the application increases, a large number of database connections are opened and closed frequently, which causes latency for the database transactions.

  A solutions architect determines that the root cause of the latency is poor connection handling by the application. The solutions architect cannot modify the application code. The solutions architect needs to manage database connections to improve the database performance during periods of high load.

  Which solution will meet these requirements?

  A. Upgrade the database instance to a larger instance type to handle a large number of database connections.
  B. Configure Amazon RDS storage autoscaling to dynamically increase the provisioned IOPS.
  C. Use Amazon RDS Proxy to pool and share database connections.
  D. Convert the database instance to a Multi-AZ deployment.
  C. Use Amazon RDS Proxy to pool and share database connections.

  ---

  Explanation

  Amazon RDS Proxy is a fully managed database proxy for RDS that makes applications more scalable, more resilient to database failures, and more secure. RDS Proxy pools and shares database connections, allowing applications to open and close connections as needed without overwhelming the database. This is the recommended solution when the application cannot be modified to use connection pooling itself.

  AWS Documentation Extract:

  " Amazon RDS Proxy helps manage database connections to improve application scalability and performance. It pools connections and shares them among application clients, which can mitigate issues caused by opening and closing many database connections. " (Source: Amazon RDS Proxy documentation)

  Option A: Upgrading the instance does not solve connection inefficiency and can be cost-ineffective.

  Option B: Increasing IOPS only helps if storage is a bottleneck, not if connections are the issue.

  Option D: Multi-AZ improves availability, not connection management.

  References:

  AWS Certified Solutions Architect?Official Study Guide, RDS Performance and Proxy.

• Question 1422:

  A company runs multiple Amazon EC2 Linux instances in a VPC across two Availability Zones. The instances host applications that use a hierarchical directory structure. The applications need to read and write rapidly and concurrently to shared storage.

  What should a solutions architect do to meet these requirements?

  A. Create an Amazon S3 bucket. Allow access from all the EC2 instances in the VPC.
  B. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system from each EC2 instance.
  C. Create a file system on a Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume. Attach the EBS volume to all the EC2 instances.
  D. Create file systems on Amazon Elastic Block Store (Amazon EBS) volumes that are attached to each EC2 instance. Synchronize the EBS volumes across the different EC2 instances.
  B. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system from each EC2 instance.

• Question 1423:

  A company uses AWS and sells access to copyrighted images. The company's global customer base needs to be able to access these images quickly. The company must deny access to users from specific countries. The company wants to minimize costs as much as possible.

  Which solution will meet these requirements?

  A. Use Amazon S3 to store the images. Turn on multi-factor authentication (MFA) and public bucket access. Provide customers with a link to the S3 bucket.
  B. Use Amazon S3 to store the images. Create an IAM user for each customer. Add the users to a group that has permission to access the S3 bucket.
  C. Use Amazon EC2 instances that are behind Application Load Balancers (ALBs) to store the images. Deploy the instances only in the countries the company services. Provide customers with links to the ALBs for their specific country's instances.
  D. Use Amazon S3 to store the images. Use Amazon CloudFront to distribute the images with geographic restrictions. Provide a signed URL for each customer to access the data in CloudFront.
  D. Use Amazon S3 to store the images. Use Amazon CloudFront to distribute the images with geographic restrictions. Provide a signed URL for each customer to access the data in CloudFront.

• Question 1424:

  A company hosts dozens of multi-tier applications on AWS. The presentation layer and logic layer run on Amazon EC2 Linux instances that use Amazon EBS volumes.

  The company needs a solution to ensure that operating system vulnerabilities are not introduced to the EC2 instances when the company deploys new features. The company uses custom AMIs to deploy EC2 instances in an Auto Scaling group. The solution must scale to handle all the applications that the company hosts.

  Which solution will meet these requirements?

  A. Use Amazon Inspector to patch operating system vulnerabilities. Invoke Amazon Inspector when a new AMI is deployed.
  B. Use AWS Backup to back up the EBS volume of each updated instance. Use the EBS backup volumes to create new AMIs. Use the existing Auto Scaling group to deploy the new AMIs.
  C. Use AWS Systems Manager Patch Manager to patch operating system vulnerabilities in the custom AMIs.
  D. Use EC2 Image Builder to create new AMIs when the company deploys new features. Include the update-linux component in the build components of the new AMIs. Use the existing Auto Scaling group to deploy the new AMIs.
  D. Use EC2 Image Builder to create new AMIs when the company deploys new features. Include the update-linux component in the build components of the new AMIs. Use the existing Auto Scaling group to deploy the new AMIs.

  ---

  Explanation

  EC2 Image Builder is the AWS-managed service specifically designed to automate the creation, patching, hardening, and testing of AMIs.

  For this scenario, best practice is to:

  Use EC2 Image Builder pipelines to generate new golden AMIs whenever features are deployed or on a schedule.

  Include build components such as update-linux to automatically apply OS security patches and updates during image creation.

  Deploy the new AMIs through existing Auto Scaling groups, ensuring that every newly launched instance is already patched and compliant.

  This approach:

  Prevents OS vulnerabilities from being introduced at deployment time.

  Scales across dozens of applications because AMI pipelines are reusable and automated.

  Minimizes manual effort and reduces drift between instances.

  Amazon Inspector (Option A) identifies vulnerabilities but does not itself patch AMIs.

  AWS Backup (Option B) is for data protection, not vulnerability management.

  Patch Manager (Option C) patches running instances, but the requirement is to ensure vulnerabilities are not introduced with new AMIs; golden image pipelines with EC2 Image Builder are the recommended solution.

• Question 1425:

  A company is migrating a legacy application from an on-premises data center to AWS. The application relies on hundreds of cron jobs that run between 1 and 20 minutes on different recurring schedules throughout the day.

  The company wants a solution to schedule and run the cron jobs on AWS with minimal refactoring. The solution must support running the cron jobs in response to an event in the future.

  Which solution will meet these requirements?

  A. Create a container image for the cron jobs. Use Amazon EventBridge Scheduler to create a recurring schedule. Run the cron job tasks as AWS Lambda functions.
  B. Create a container image for the cron jobs. Use AWS Batch on Amazon Elastic Container Service (Amazon ECS) with a scheduling policy to run the cron jobs.
  C. Create a container image for the cron jobs. Use Amazon EventBridge Scheduler to create a recurring schedule. Run the cron job tasks on AWS Fargate.
  D. Create a container image for the cron jobs. Create a workflow in AWS Step Functions that uses a Wait state to run the cron jobs at a specified time. Use the RunTask action to run the cron job tasks on AWS Fargate.
  C. Create a container image for the cron jobs. Use Amazon EventBridge Scheduler to create a recurring schedule. Run the cron job tasks on AWS Fargate.

• Question 1426:

  A company hosts its static website by using Amazon S3. The company wants to add a contact form to its webpage. The contact form will have dynamic server-side components for users to input their name, email address, phone number, and user message. The company anticipates that there will be fewer than 100 site visits each month.

  Which solution will meet these requirements MOST cost-effectively?

  A. Host a dynamic contact form page in Amazon Elastic Container Service (Amazon ECS). Set up Amazon Simple Email Service (Amazon SES) to connect to any third-party email provider.
  B. Create an Amazon API Gateway endpoint with an AWS Lambda backend that makes a call to Amazon Simple Email Service (Amazon SES).
  C. Convert the static webpage to dynamic by deploying Amazon Lightsail. Use client-side scripting to build the contact form. Integrate the form with Amazon WorkMail.
  D. Create a t2.micro Amazon EC2 instance. Deploy a LAMP (Linux, Apache, MySQL, PHP/Perl/Python) stack to host the webpage. Use client-side scripting to build the contact form. Integrate the form with Amazon WorkMail.
  B. Create an Amazon API Gateway endpoint with an AWS Lambda backend that makes a call to Amazon Simple Email Service (Amazon SES).

• Question 1427:

  A company hosts a web application on multiple Amazon EC2 instances. The EC2 instances are in an Auto Scaling group that scales in response to user demand. The company wants to optimize cost savings without making a long-term commitment.

  Which EC2 instance purchasing option should a solutions architect recommend to meet these requirements?

  A. Dedicated Instances only
  B. On-Demand Instances only
  C. A mix of On-Demand Instances and Spot Instances
  D. A mix of On-Demand Instances and Reserved Instances
  C. A mix of On-Demand Instances and Spot Instances

• Question 1428:

  A company wants to migrate its three-tier application from on premises to AWS. The web tier and the application tier are running on third-party virtual machines (VMs). The database tier is running on MySQL.

  The company needs to migrate the application by making the fewest possible changes to the architecture.

  The company also needs a database solution that can restore data to a specific point in time.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Migrate the web tier and the application tier to Amazon EC2 instances in private subnets. Migrate the database tier to Amazon RDS for MySQL in private subnets.
  B. Migrate the web tier to Amazon EC2 instances in public subnets. Migrate the application tier to EC2 instances in private subnets. Migrate the database tier to Amazon Aurora MySQL in private subnets.
  C. Migrate the web tier to Amazon EC2 instances in public subnets. Migrate the application tier to EC2 instances in private subnets. Migrate the database tier to Amazon RDS for MySQL in private subnets.
  D. Migrate the web tier and the application tier to Amazon EC2 instances in public subnets. Migrate the database tier to Amazon Aurora MySQL in public subnets.
  B. Migrate the web tier to Amazon EC2 instances in public subnets. Migrate the application tier to EC2 instances in private subnets. Migrate the database tier to Amazon Aurora MySQL in private subnets.

• Question 1429:

  A company is required to use cryptographic keys in its on-premises key manager. The key manager is outside of the AWS Cloud because of regulatory and compliance requirements. The company wants to manage encryption and decryption by using cryptographic keys that are retained outside of the AWS Cloud and that support a variety of external key managers from different vendors.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Use AWS CloudHSM key store backed by a CloudHSM cluster.
  B. Use an AWS Key Management Service (AWS KMS) external key store backed by an external key manager.
  C. Use the default AWS Key Management Service (AWS KMS) managed key store.
  D. Use a custom key store backed by an AWS CloudHSM cluster.
  B. Use an AWS Key Management Service (AWS KMS) external key store backed by an external key manager.

• Question 1430:

  A company has a single AWS account that contains resources belonging to several teams. The company needs to identify the costs associated with each team. The company wants to use a tag named CostCenter to identify resources that belong to each team.

  Which solutions will meet these requirements? (Choose Two.)

  A. Tag all resources that belong to each team with the user-defined CostCenter tag.
  B. Create a tag for each team, and set the value to CostCenter.
  C. Activate the CostCenter tag to track cost allocation.
  D. Configure AWS Billing and Cost Management to send monthly invoices to the company through email messages.
  E. Set up consolidated billing in the existing AWS account.
  A. Tag all resources that belong to each team with the user-defined CostCenter tag.
  C. Activate the CostCenter tag to track cost allocation.

  ---

  Explanation

  To track costs associated with different teams within a single AWS account, the company should implement user-defined cost allocation tags.

  Tagging Resources with CostCenter: Assign the CostCenter tag to all resources, specifying the appropriate value for each team. This practice enables the organization to categorize and track AWS costs effectively. Activating the CostCenter Tag: After tagging resources, activate the CostCenter tag in the AWS Billing and Cost Management console. Activation is necessary for the tags to appear in cost allocation reports and AWS Cost Explorer.

  By following these steps, the company can generate detailed billing reports that break down costs by team, facilitating better cost management and accountability.

  References:

  Organizing and tracking costs using AWS cost allocation tags Activating user-defined cost allocation tags