A company needs a solution to automate email ingestion. The company needs to automatically parse email messages, look for email attachments, and save any attachments to an Amazon S3 bucket in near real time. Email volume varies significantly from day to day.
Which solution will meet these requirements?
A. Set up email receiving in Amazon Simple Email Service {Amazon SES). Create a rule set and a receipt rule. Create an AWS Lambda function that Amazon SES can invoke to process the email bodies and attachments. B. Set up email content filtering in Amazon Simple Email Service (Amazon SES). Create a content filtering rule based on sender, recipient, message body, and attachments. C. Set up email receiving in Amazon Simple Email Service (Amazon SES). Configure Amazon SES and S3 Event Notifications to process the email bodies and attachments. D. Create an AWS Lambda function to process the email bodies and attachments. Use Amazon EventBridge to invoke the Lambda function. Configure an EventBridge rule to listen for incoming emails.
A. Set up email receiving in Amazon Simple Email Service {Amazon SES). Create a rule set and a receipt rule. Create an AWS Lambda function that Amazon SES can invoke to process the email bodies and attachments.
Explanation
AmazonSES (Simple Email Service)allows for the automatic ingestion of incoming emails. By setting up email receiving in SES and creating a rule set with a receipt rule, you can configure SES to invoke anAWS Lambda functionwhenever an email is received. The Lambda function can then process the email body and attachments, saving any attachments to an Amazon S3 bucket. This solution is highly scalable, cost-effective, and provides near real-time processing of emails with minimal operational overhead.
Option B (Content filtering): This only filters emails based on content and does not provide the functionality to save attachments to S3.
Option C (S3 Event Notifications): While SES can store emails in S3, SES with Lambda offers more flexibility for processing attachments in real-time.
Option D (EventBridge rule): EventBridge cannot directly listen for incoming emails, making this solution incorrect.
References:
Receiving Email with Amazon SES Invoking Lambda from SES
Question 1492:
A company runs an order management application on AWS. The application allows customers to place orders and pay with a credit card. The company uses an Amazon CloudFront distribution to deliver the application.
A security team has set up logging for all incoming requests. The security team needs a solution to generate an alert if any user modifies the logging configuration.
Which solutions will meet these requirements? (Choose Two.)
A. Configure an Amazon EventBridge rule that is invoked when a user creates or modifies a CloudFront distribution. Add the AWS Lambda function as a target of the EventBridge rule. B. Create an Application Load Balancer (ALB). Enable AWS WAF rules for the ALB. Configure an AWS Config rule to detect security violations. C. Create an AWS Lambda function to detect changes in CloudFront distribution logging. Configure the Lambda function to use Amazon Simple Notification Service (Amazon SNS) to send notifications to the security team. D. Set up Amazon GuardDuty. Configure GuardDuty to monitor findings from the CloudFront distribution. Create an AWS Lambda function to address the findings. E. Create a private API in Amazon API Gateway. Use AWS WAF rules to protect the private API from common security problems.
A. Configure an Amazon EventBridge rule that is invoked when a user creates or modifies a CloudFront distribution. Add the AWS Lambda function as a target of the EventBridge rule. C. Create an AWS Lambda function to detect changes in CloudFront distribution logging. Configure the Lambda function to use Amazon Simple Notification Service (Amazon SNS) to send notifications to the security team.
Explanation
A. EventBridge Rule:Detects modifications to CloudFront distributions in real time and triggers the Lambda function for further action. Option B, ALB + Config:Focuses on ALB security violations, not relevant for CloudFront logging changes. Option C, Lambda + SNS:Provides real-time notifications about changes in logging configuration. Option D, GuardDuty:Focuses on threat detection, not logging configuration changes.
E. API Gateway + WAF:Unrelated to CloudFront logging changes.
References:
Amazon EventBridge,Amazon SNS
Question 1493:
A company's application is deployed on Amazon EC2 instances and uses AWS Lambda functions for an event-driven architecture. The company uses nonproduction development environments in a different AWS account to test new features before the company deploys the features to production. The production instances show constant usage because of customers in different time zones. The company uses nonproduction instances only during business hours on weekdays. The company does not use the nonproduction instances on the weekends. The company wants to optimize the costs to run its application on AWS.
Which solution will meet these requirements MOST cost-effectively?
A. Use On-Demand Instances for the production instances. Use Dedicated Hosts for the nonproduction instances on weekends only. B. Use Reserved Instances for the production instances and the nonproduction instances. Shut down the nonproduction instances when not in use. C. Use Compute Savings Plans for the production instances. Use On-Demand Instances for the nonproduction instances. Shut down the nonproduction instances when not in use. D. Use Dedicated Hosts for the production instances. Use EC2 Instance Savings Plans for the nonproduction instances.
C. Use Compute Savings Plans for the production instances. Use On-Demand Instances for the nonproduction instances. Shut down the nonproduction instances when not in use.
Question 1494:
A company's applications run on Amazon EC2 instances in Auto Scaling groups. The company notices that its applications experience sudden traffic increases on random days of the week. The company wants to maintain application performance during sudden traffic increases.
Which solution will meet these requirements MOST cost-effectively?
A. Use manual scaling to change the size of the Auto Scaling group. B. Use predictive scaling to change the size of the Auto Scaling group. C. Use dynamic scaling to change the size of the Auto Scaling group. D. Use schedule scaling to change the size of the Auto Scaling group.
C. Use dynamic scaling to change the size of the Auto Scaling group.
Question 1495:
A company plans to store sensitive user data on Amazon S3. Internal security compliance requirements mandate encryption of data before sending it to Amazon S3.
What should a solutions architect recommend to satisfy these requirements?
A. Server-side encryption with customer-provided encryption keys B. Client-side encryption with Amazon S3 managed encryption keys C. Server-side encryption with keys stored in AWS Key Management Service (AWS KMS) D. Client-side encryption with a key stored in AWS Key Management Service (AWS KMS)
C. Server-side encryption with keys stored in AWS Key Management Service (AWS KMS)
Explanation
Explanation (AWS Docs): Although the question says "before sending it," AWS best practice for sensitive data is SSE-KMS (Server-side encryption with AWS KMS keys), which gives full key usage auditing. It integrates with AWS KMS and provides compliance-friendly encryption at rest automatically.
"SSE-KMS uses AWS Key Management Service to manage encryption keys. SSE-KMS also provides an audit trail of key usage."
-- Protecting Data Using Server-Side Encryption
Why not D?
Client-side encryption requires custom key management and adds operational overhead. C is simpler and compliant.
Question 1496:
A company runs an application on premises. The application stores files that the application servers process in a shared storage system. The company uses Linux file system permissions to control access to the files.
The company plans to migrate the application servers to Amazon EC2 instances across multiple Availability Zones. The company does not want to change the application code.
Which solution will meet these requirements?
A. Migrate the files to an Amazon S3 bucket. Use the S3 Intelligent-Tiering storage class. Mount the S3 bucket to the EC2 instances. B. Migrate the files to a set of Amazon EC2 instance store volumes. Mount the instance store volumes to the EC2 instances. C. Migrate the files to a set of Amazon EBS volumes. Mount the EBS volumes to the EC2 instances. D. Migrate the files to an Amazon EFS file system. Mount the EFS file system to the EC2 instances.
D. Migrate the files to an Amazon EFS file system. Mount the EFS file system to the EC2 instances.
Explanation
The correct answer is D because the company needs shared storage for Amazon EC2 instances that are deployed across multiple Availability Zones, and the application already relies on Linux file system permissions without requiring application code changes. Amazon EFS is a fully managed, elastic, shared file system that supports the NFS protocol, which is commonly used by Linux-based applications. It can be mounted concurrently from multiple EC2 instances across multiple Availability Zones, making it the best fit for this requirement.
Amazon EFS preserves standard file system semantics and POSIX-style permissions, which means the company can continue using familiar Linux file permissions and ownership models. This allows the application to work without code modification. EFS is also highly available and durable because it is designed as a Regional service that stores data redundantly across Availability Zones.
Option A is incorrect because Amazon S3 is object storage, not a native shared POSIX file system. Mounting S3 does not provide the same file system behavior and permissions model required by the application.
Option B is incorrect because instance store volumes are ephemeral and tied to individual EC2 instances, so they are not suitable for shared, durable storage across multiple instances.
Option C is incorrect because Amazon EBS volumes are block storage volumes that are generally attached to a single instance and are not the best solution for shared multi-AZ file access.
AWS best practices recommend Amazon EFS when Linux applications require a shared file system, file permissions, and multi-instance access with minimal operational changes. Therefore, Amazon EFS is the most appropriate solution.
Question 1497:
A company maintains its accounting records in a custom application that runs on Amazon EC2 instances.
The company needs to migrate the data to an AWS managed service for development and maintenance of the application data. The solution must require minimal operational support and provide immutable, cryptographically verifiable logs of data changes.
Which solution will meet these requirements MOST cost-effectively?
A. Copy the records from the application into an Amazon Redshift cluster. B. Copy the records from the application into an Amazon Neptune cluster. C. Copy the records from the application into an Amazon Timestream database. D. Copy the records from the application into an Amazon Quantum Ledger Database (Amazon QLDB) ledger.
D. Copy the records from the application into an Amazon Quantum Ledger Database (Amazon QLDB) ledger.
Question 1498:
A company is developing a new application that will run on Amazon EC2 instances. The application needs to access multiple AWS services. The company needs to ensure that the application will not use long-term access keys to access AWS services.
Which solution will meet these requirements?
A. Create an IAM user. Assign the IAM user to the application. Create programmatic access keys for the IAM user. Embed the access keys in the application code. B. Create an IAM user that has programmatic access keys. Store the access keys in AWS Secrets Manager. Configure the application to retrieve the keys from Secrets Manager when the application runs. C. Create an IAM role that can access AWS Systems Manager Parameter Store. Associate the role with each EC2 instance profile. Create IAM access keys for the AWS services, and store the keys in Parameter Store. Configure the application to retrieve the keys from Parameter Store when the application runs. D. Create an IAM role that has permissions to access the required AWS services. Associate the IAM role with each EC2 instance profile.
D. Create an IAM role that has permissions to access the required AWS services. Associate the IAM role with each EC2 instance profile.
Explanation
Why Option D is Correct:
IAM Roles with Instance Profiles: Allow applications to access AWS services securely without hardcoding long-term access keys.
Short-Term Credentials: IAM roles issue short-term credentials dynamically managed by AWS.
Why other options are not correct:
Option A and B: Embedding or retrieving long-term access keys introduces security risks and operational overhead.
Option C: Combining IAM roles with Parameter Store adds unnecessary complexity.
References:
IAM Roles and Instance Profiles:AWS Documentation - IAM Roles
Question 1499:
A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options.
The storage solution must be highly available and integrated with Active Directory for access control.
Which solution will satisfy these requirements?
A. Configure Amazon EFS storage and set the Active Directory domain for authentication. B. Create an SMB file share on an AWS Storage Gateway file gateway in two Availability Zones. C. Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume. D. Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.
D. Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.
Question 1500:
A solutions architect is designing the architecture of a new application being deployed to the AWS Cloud.
The application will run on Amazon EC2 On-Demand Instances and will automatically scale across multiple Availability Zones. The EC2 instances will scale up and down frequently throughout the day. An Application Load Balancer (ALB) will handle the load distribution. The architecture needs to support distributed session data management. The company is willing to make changes to code if needed.
What should the solutions architect do to ensure that the architecture supports distributed session data management?
A. Use Amazon ElastiCache to manage and store session data. B. Use session affinity (sticky sessions) of the ALB to manage session data. C. Use Session Manager from AWS Systems Manager to manage the session. D. Use the GetSessionToken API operation in AWS Security Token Service (AWS STS) to manage the session.
A. Use Amazon ElastiCache to manage and store session data.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.