A company's infrastructure consists of hundreds of Amazon EC2 instances that use Amazon Elastic Block Store (Amazon EBS) storage. A solutions architect must ensure that every EC2 instance can be recovered after a disaster.
What should the solutions architect do to meet this requirement with the LEAST amount of effort?
A. Take a snapshot of the EBS storage that is attached to each EC2 instance. Create an AWS CloudFormation template to launch new EC2 instances from the EBS storage. B. Take a snapshot of the EBS storage that is attached to each EC2 instance. Use AWS Elastic Beanstalk to set the environment based on the EC2 template and attach the EBS storage. C. Use AWS Backup to set up a backup plan for the entire group of EC2 instances. Use the AWS Backup API or the AWS CLI to speed up the restore process for multiple EC2 instances. D. Create an AWS Lambda function to take a snapshot of the EBS storage that is attached to each EC2 instance and copy the Amazon Machine Images (AMIs). Create another Lambda function to perform the restores with the copied AMIs and attach the EBS storage.
C. Use AWS Backup to set up a backup plan for the entire group of EC2 instances. Use the AWS Backup API or the AWS CLI to speed up the restore process for multiple EC2 instances.
Question 222:
A company runs a real-time data ingestion solution on AWS. The solution consists of the most recent version of Amazon Managed Streaming for Apache Kafka (Amazon MSK). The solution is deployed in a VPC in private subnets across three Availability Zones.
A solutions architect needs to redesign the data ingestion solution to be publicly available over the internet.
The data in transit must also be encrypted.
Which solution will meet these requirements with the MOST operational efficiency?
A. Configure public subnets in the existing VPC. Deploy an MSK cluster in the public subnets. Update the MSK cluster security settings to enable mutual TLS authentication. B. Create a new VPC that has public subnets. Deploy an MSK cluster in the public subnets. Update the MSK cluster security settings to enable mutual TLS authentication. C. Deploy an Application Load Balancer (ALB) that uses private subnets. Configure an ALB security group inbound rule to allow inbound traffic from the VPC CIDR block for HTTPS protocol. D. Deploy a Network Load Balancer (NLB) that uses private subnets. Configure an NLB listener for HTTPS communication over the internet.
A. Configure public subnets in the existing VPC. Deploy an MSK cluster in the public subnets. Update the MSK cluster security settings to enable mutual TLS authentication.
Question 223:
A financial company is migrating banking applications to AWS accounts managed through AWS Organizations. The applications store sensitive customer data on Amazon EBS volumes, and the company takes regular snapshots for backups.
The company must implement controls across all accounts to prevent sharing EBS snapshots publicly, with the least operational overhead.
Which solution will meet these requirements?
A. Enable AWS Config rules for each OU to monitor EBS snapshot permissions. B. Enable block public access for EBS snapshots at the organization level. C. Create an IAM policy in the root account that prevents users from modifying snapshot permissions. D. Use AWS CloudTrail to track snapshot permission changes.
B. Enable block public access for EBS snapshots at the organization level.
Explanation
AWS provides EBS Block Public Access at the organization level in AWS Organizations. When enabled, it prevents any EBS snapshot--across all member accounts--from being shared publicly.
This is an organization-wide control implemented centrally, with no need for per-account configuration, monitoring rules, or custom IAM policy enforcement.
AWS Config (Option A) would only detect issues after they occur. IAM restrictions (Option C) are less effective because snapshot permission changes can occur through multiple paths. CloudTrail (Option D) only logs events and does not block public sharing.
Question 224:
A company recently migrated a data warehouse to AWS. The company has an AWS Direct Connect connection to AWS. Company users query the data warehouse by using a visualization tool. The average size of the queries that the data warehouse returns is 50 MB. The average visualization that the visualization tool produces is 500 KB in size. The result sets that the data warehouse returns are not cached.
The company wants to optimize costs for data transfers between the data warehouse and the company.
Which solution will meet this requirement?
A. Host the visualization tool on premises. Connect to the data warehouse directly through the internet. B. Host the visualization tool in the same AWS Region as the data warehouse. Access the visualization tool through the internet. C. Host the visualization tool on premises. Connect to the data warehouse through the Direct Connect connection. D. Host the visualization tool in the same AWS Region as the data warehouse. Access the visualization tool through the Direct Connect connection.
D. Host the visualization tool in the same AWS Region as the data warehouse. Access the visualization tool through the Direct Connect connection.
Explanation
Option A. On-premises tool via internet:Incurs high costs due to large data transfers over the internet.
Option B. AWS Region tool via internet:Does not utilize Direct Connect, leading to potential latency and higher costs.
Option C. On-premises tool via Direct Connect: Adds latency for querying and visualization.
Option D. AWS Region tool via Direct Connect: Reduces latency and leverages Direct Connect for optimized data transfer costs.
References:
AWS Direct Connect
Question 225:
A gaming company wants to launch a new internet-facing application in multiple AWS Regions. The application will use the TCP and UDP protocols for communication. The company needs to provide high availability and minimum latency for global users.
Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)
A. Create internal Network Load Balancers in front of the application in each Region. B. Create external Application Load Balancers in front of the application in each Region. C. Create an AWS Global Accelerator accelerator to route traffic to the load balancers in each Region. D. Configure Amazon Route 53 to use a geolocation routing policy to distribute the traffic. E. Configure Amazon CloudFront to handle the traffic and route requests to the application in each Region
A. Create internal Network Load Balancers in front of the application in each Region. C. Create an AWS Global Accelerator accelerator to route traffic to the load balancers in each Region.
Question 226:
A company wants to protect resources that the company hosts on AWS, including Application Load Balancers and Amazon CloudFront distributions.
The company wants an AWS service that can provide near real-time visibility into attacks on the company's resources. The service must also have a dedicated AWS team to assist with DDoS attacks.
Which AWS service will meet these requirements?
A. AWS WAF B. AWS Shield Standard C. Amazon Macie D. AWS Shield Advanced
D. AWS Shield Advanced
Explanation
AWS Shield Advanced provides:
Advanced DDoS detection and mitigation 24/7 access to the AWS DDoS Response Team (DRT)
Real-time metrics and alerts via CloudWatch
Integrated with CloudFront, ALB, Route 53, and Global Accelerator
"Shield Advanced provides enhanced detection and mitigation for more sophisticated DDoS attacks and gives you access to the AWS DDoS Response Team (DRT)."
-- AWS Shield Advanced Overview
Incorrect Options:
A (AWS WAF): For application-layer filtering only.
Option B (Shield Standard): Basic protection, no DRT or attack visibility.
Option C (Macie): Used for discovering sensitive data in S3, unrelated to DDoS.
Question 227:
An application uses an Amazon RDS MySQL DB instance. The RDS database is becoming low on disk space. A solutions architect wants to increase the disk space without downtime.
Which solution meets these requirements with the LEAST amount of effort?
A. Enable storage autoscaling in RDS B. Increase the RDS database instance size C. Change the RDS database instance storage type to Provisioned IOPS D. Back up the RDS database, increase the storage capacity, restore the database, and stop the previous instance
A. Enable storage autoscaling in RDS
Question 228:
A solutions architect is designing a new hybrid architecture to extend a company's on-premises infrastructure to AWS. The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails.
What should the solutions architect do to meet these requirements?
A. Provision an AWS Direct Connect connection to a Region. Provision a VPN connection as a backup if the primary Direct Connect connection fails. B. Provision a VPN tunnel connection to a Region for private connectivity. Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails. C. Provision an AWS Direct Connect connection to a Region. Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails. D. Provision an AWS Direct Connect connection to a Region. Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.
A. Provision an AWS Direct Connect connection to a Region. Provision a VPN connection as a backup if the primary Direct Connect connection fails.
Question 229:
A company needs to migrate a MySQL database from its on-premises data center to AWS within 2 weeks.
The database is 20 TB in size. The company wants to complete the migration with minimal downtime.
Which solution will migrate the database MOST cost-effectively?
A. Order an AWS Snowball Edge Storage Optimized device. Use AWS Database Migration Service (AWS DMS) with AWS Schema Conversion Tool (AWS SCT) to migrate the database with replication of ongoing changes. Send the Snowball Edge device to AWS to finish the migration and continue the ongoing replication. B. Order an AWS Snowmobile vehicle. Use AWS Database Migration Service (AWS DMS) with AWS Schema Conversion Tool (AWS SCT) to migrate the database with ongoing changes. Send the Snowmobile vehicle back to AWS to finish the migration and continue the ongoing replication. C. Order an AWS Snowball Edge Compute Optimized with GPU device. Use AWS Database Migration Service (AWS DMS) with AWS Schema Conversion Tool (AWS SCT) to migrate the database with ongoing changes. Send the Snowball device to AWS to finish the migration and continue the ongoing replication D. Order a 1 GB dedicated AWS Direct Connect connection to establish a connection with the data center. Use AWS Database Migration Service (AWS DMS) with AWS Schema Conversion Tool (AWS SCT) to migrate the database with replication of ongoing changes.
A. Order an AWS Snowball Edge Storage Optimized device. Use AWS Database Migration Service (AWS DMS) with AWS Schema Conversion Tool (AWS SCT) to migrate the database with replication of ongoing changes. Send the Snowball Edge device to AWS to finish the migration and continue the ongoing replication.
Question 230:
A company stores its data objects in Amazon S3 Standard storage. A solutions architect has found that 75% of the data is rarely accessed after 30 days. The company needs all the data to remain immediately accessible with the same high availability and resiliency, but the company wants to minimize storage costs.
Which storage solution will meet these requirements?
A. Move the data objects to S3 Glacier Deep Archive after 30 days. B. Move the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days. C. Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days. D. Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately.
B. Move the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.