Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 181:

  A company uses AWS Systems Manager for routine management and patching of Amazon EC2 instances.

  The EC2 instances are in an IP address type target group behind an Application Load Balancer (ALB).

  New security protocols require the company to remove EC2 instances from service during a patch. When the company attempts to follow the security protocol during the next patch, the company receives errors during the patching window.

  Which combination of solutions will resolve the errors? (Choose two.)

  A. Change the target type of the target group from IP address type to instance type.
  B. Continue to use the existing Systems Manager document without changes because it is already optimized to handle instances that are in an IP address type target group behind an ALB.
  C. Implement the AWSEC2-PatchLoadBalanacerInstance Systems Manager Automation document to manage the patching process.
  D. Use Systems Manager Maintenance Windows to automatically remove the instances from service to patch the instances.
  E. Configure Systems Manager State Manager to remove the instances from service and manage the patching schedule. Use ALB health checks to re-route traffic.
  C. Implement the AWSEC2-PatchLoadBalanacerInstance Systems Manager Automation document to manage the patching process.
  D. Use Systems Manager Maintenance Windows to automatically remove the instances from service to patch the instances.

• Question 182:

  A company uses AWS Lambda functions in a private subnet in a VPC to run application logic. The Lambda functions must not have access to the public internet. Additionally, all data communication must remain within the private network. As part of a new requirement, the application logic needs access to an Amazon DynamoDB table.

  What is the MOST secure way to meet this new requirement?

  A. Provision the DynamoDB table inside the same VPC that contains the Lambda functions.
  B. Create a gateway VPC endpoint for DynamoDB to provide access to the table.
  C. Use a network ACL to only allow access to the DynamoDB table from the VPC.
  D. Use a security group to only allow access to the DynamoDB table from the VPC.
  B. Create a gateway VPC endpoint for DynamoDB to provide access to the table.

  ---

  Explanation

  You cannot "place" DynamoDB inside a VPC. Instead, you use a VPC endpoint.

  A Gateway VPC Endpoint for DynamoDB enables private connectivity between your VPC and DynamoDB without traversing the public internet.

  "Use a gateway VPC endpoint to privately connect your VPC to DynamoDB without requiring an internet gateway or NAT."

  -- Gateway VPC Endpoints

• Question 183:

  A company needs the ability to analyze the log files of its proprietary application. The logs are stored in JSON format in an Amazon S3 bucket. Queries will be simple and will run on-demand. A solutions architect needs to perform the analysis with minimal changes to the existing architecture.

  What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?

  A. Use Amazon Redshift to load all the content into one place and run the SQL queries as needed.
  B. Use Amazon CloudWatch Logs to store the logs. Run SQL queries as needed from the Amazon CloudWatch console.
  C. Use Amazon Athena directly with Amazon S3 to run the queries as needed.
  D. Use AWS Glue to catalog the logs. Use a transient Apache Spark cluster on Amazon EMR to run the SQL queries as needed.
  C. Use Amazon Athena directly with Amazon S3 to run the queries as needed.

• Question 184:

  A company is building a RESTful serverless web application on AWS by using Amazon API Gateway and AWS Lambda. The users of this web application will be geographically distributed, and the company wants to reduce the latency of API requests to these users.

  Which type of endpoint should a solutions architect use to meet these requirements?

  A. Private endpoint
  B. Regional endpoint
  C. Interface VPC endpoint
  D. Edge-optimized endpoint
  D. Edge-optimized endpoint

• Question 185:

  A company sells datasets to customers who do research in artificial intelligence and machine learning (AI/ ML). The datasets are large, formatted files that are stored in an Amazon S3 bucket in the us-east-1 Region. The company hosts a web application that the customers use to purchase access to a given dataset. The web application is deployed on multiple Amazon EC2 instances behind an Application Load Balancer. After a purchase is made, customers receive an S3 signed URL that allows access to the files.

  The customers are distributed across North America and Europe. The company wants to reduce the cost that is associated with data transfers and wants to maintain or improve performance.

  What should a solutions architect do to meet these requirements?

  A. Configure S3 Transfer Acceleration on the existing S3 bucket. Direct customer requests to the S3 Transfer Acceleration endpoint. Continue to use S3 signed URLs for access control.
  B. Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin. Direct customer requests to the CloudFront URL. Switch to CloudFront signed URLs for access control.
  C. Set up a second S3 bucket in the eu-central-1 Region with S3 Cross-Region Replication between the buckets. Direct customer requests to the closest Region. Continue to use S3 signed URLs for access control.
  D. Modify the web application to enable streaming of the datasets to end users. Configure the web application to read the data from the existing S3 bucket. Implement access control directly in the application.
  B. Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin. Direct customer requests to the CloudFront URL. Switch to CloudFront signed URLs for access control.

• Question 186:

  A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application. The media files must be resilient to the loss of an Availability Zone. Some files are accessed frequently while other files are rarely accessed in an unpredictable pattern. The solutions architect must minimize the costs of storing and retrieving the media files.

  Which storage option meets these requirements?

  A. S3 Standard
  B. S3 Intelligent-Tiering
  C. S3 Standard-Infrequent Access (S3 Standard-IA)
  D. S3 One Zone-Infrequent Access (S3 One Zone-IA)
  B. S3 Intelligent-Tiering

• Question 187:

  A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of jobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely coupled and the job items are durably stored.

  Which design should the solutions architect use?

  A. Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch configuration that uses the AMI. Create an Auto Scaling group using the launch configuration. Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage.
  B. Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch configuration that uses the AMI. Create an Auto Scaling group using the launch configuration. Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage.
  C. Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue.
  D. Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic.
  C. Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue.

• Question 188:

  A solutions architect must design a database solution for a high-traffic ecommerce web application. The database stores customer profiles and shopping cart information. The database must support a peak load of several million requests each second and deliver responses in milliseconds. The operational overhead for managing and scaling the database must be minimized.

  Which database solution should the solutions architect recommend?

  A. Amazon Aurora
  B. Amazon DynamoDB
  C. Amazon RDS
  D. Amazon Redshift
  B. Amazon DynamoDB

  ---

  Explanation

  Comprehensive and Detailed Explanation (from AWS Solutions Architect documentation):

  Amazon DynamoDB is a fully managed NoSQL database engineered for extremely high throughput and millisecond-level response times at any scale. It can automatically scale to support millions of requests per second and requires no management of infrastructure, storage provisioning, or server maintenance.

  AWS documentation specifically highlights DynamoDB as the optimal solution for ecommerce workloads that require consistent low-latency performance, massive scalability, and near-zero operational overhead.

  Aurora and RDS cannot support millions of requests per second, and Redshift is a data warehouse not intended for transactional workloads.

• Question 189:

  A company needs to grant a team of developers access to the company's AWS resources. The company must maintain a high level of security for the resources.

  The company requires an access control solution that will prevent unauthorized access to the sensitive data.

  Which solution will meet these requirements?

  A. Share the IAM user credentials for each development team member with the rest of the team to simplify access management and to streamline development workflows.
  B. Define IAM roles that have fine-grained permissions based on the principle of least privilege. Assign an IAM role to each developer.
  C. Create IAM access keys to grant programmatic access to AWS resources. Allow only developers to interact with AWS resources through API calls by using the access keys.
  D. Create an AWS Cognito user pool. Grant developers access to AWS resources by using the user pool.
  B. Define IAM roles that have fine-grained permissions based on the principle of least privilege. Assign an IAM role to each developer.

• Question 190:

  A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing, 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore.

  Which set of services should a solutions architect recommend to meet these requirements?

  A. Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage
  B. Amazon EBS for maximum performance, Amazon EFS for durable data storage, and Amazon S3 Glacier for archival storage
  C. Amazon EC2 instance store for maximum performance, Amazon EFS for durable data storage, and Amazon S3 for archival storage
  D. Amazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage
  D. Amazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage