Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 241:

  A company offers a food delivery service that is growing rapidly. Because of the growth, the company's order processing system is experiencing scaling problems during peak traffic hours. The current architecture includes the following:

  1. A group of Amazon EC2 instances that run in an Amazon EC2 Auto Scaling group to collect orders from the application

  2. Another group of EC2 instances that run in an Amazon EC2 Auto Scaling group to fulfill orders

  The order collection process occurs quickly, but the order fulfillment process can take longer. Data must not be lost because of a scaling event.

  A solutions architect must ensure that the order collection process and the order fulfillment process can both scale properly during peak traffic hours. The solution must optimize utilization of the company's AWS resources.

  Which solution meets these requirements?

  A. Use Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups. Configure each Auto Scaling group's minimum capacity according to peak workload values.
  B. Use Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups. Configure a CloudWatch alarm to invoke an Amazon Simple Notification Service (Amazon SNS) topic that creates additional Auto Scaling groups on demand.
  C. Provision two Amazon Simple Queue Service (Amazon SQS) queues: one for order collection and another for order fulfillment. Configure the EC2 instances to poll their respective queue. Scale the Auto Scaling groups based on notifications that the queues send.
  D. Provision two Amazon Simple Queue Service (Amazon SQS) queues: one for order collection and another for order fulfillment. Configure the EC2 instances to poll their respective queue. Create a metric based on a backlog per instance calculation. Scale the Auto Scaling groups based on this metric.
  D. Provision two Amazon Simple Queue Service (Amazon SQS) queues: one for order collection and another for order fulfillment. Configure the EC2 instances to poll their respective queue. Create a metric based on a backlog per instance calculation. Scale the Auto Scaling groups based on this metric.

• Question 242:

  A company is using a fleet of Amazon EC2 instances to ingest data from on-premises data sources. The data is in JSON format and ingestion rates can be as high as 1 MB/s. When an EC2 instance is rebooted, the data in-flight is lost. The company's data science team wants to query ingested data in near-real time.

  Which solution provides near-real-time data querying that is scalable with minimal data loss?

  A. Publish data to Amazon Kinesis Data Streams, Use Kinesis Data Analytics to query the data.
  B. Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination. Use Amazon Redshift to query the data.
  C. Store ingested data in an EC2 instance store. Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destination. Use Amazon Athena to query the data.
  D. Store ingested data in an Amazon Elastic Block Store (Amazon EBS) volume. Publish data to Amazon ElastiCache for Redis. Subscribe to the Redis channel to query the data.
  A. Publish data to Amazon Kinesis Data Streams, Use Kinesis Data Analytics to query the data.

• Question 243:

  A company has a nightly batch processing routine that analyzes report files that an on-premises file system receives daily through SFTP. The company wants to move the solution to the AWS Cloud. The solution must be highly available and resilient.

  The solution also must minimize operational effort.

  Which solution meets these requirements?

  A. Deploy AWS Transfer for SFTP and an Amazon Elastic File System (Amazon EFS) file system for storage. Use an Amazon EC2 instance in an Auto Scaling group with a scheduled scaling policy to run the batch operation.
  B. Deploy an Amazon EC2 instance that runs Linux and an SFTP service. Use an Amazon Elastic Block Store (Amazon EBS) volume for storage. Use an Auto Scaling group with the minimum number of instances and desired number of instances set to 1.
  C. Deploy an Amazon EC2 instance that runs Linux and an SFTP service. Use an Amazon Elastic File System (Amazon EFS) file system for storage. Use an Auto Scaling group with the minimum number of instances and desired number of instances set to 1.
  D. Deploy AWS Transfer for SFTP and an Amazon S3 bucket for storage. Modify the application to pull the batch files from Amazon S3 to an Amazon EC2 instance for processing. Use an EC2 instance in an Auto Scaling group with a scheduled scaling policy to run the batch operation.
  A. Deploy AWS Transfer for SFTP and an Amazon Elastic File System (Amazon EFS) file system for storage. Use an Amazon EC2 instance in an Auto Scaling group with a scheduled scaling policy to run the batch operation.

• Question 244:

  A developer creates a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The developer reviews the deployment and notices some suspicious traffic to the application. The traffic is malicious and is coming from a single public IP address. A solutions architect must block the public IP address.

  Which solution will meet this requirement?

  A. Create a security group rule to deny all inbound traffic from the suspicious IP address. Associate the security group with the ALB.
  B. Implement Amazon Detective to monitor traffic and to block malicious activity from the internet. Configure Detective to integrate with the ALB.
  C. Implement AWS Resource Access Manager (AWS RAM) to manage traffic rules and to block malicious activity from the internet. Associate AWS RAM with the ALB.
  D. Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.
  D. Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.

  ---

  Explanation

  When an application is fronted by an Application Load Balancer (ALB) and malicious traffic is detected from a specific IP, the correct way to block the IP is by using AWS WAF (Web Application Firewall).

  With AWS WAF, you can create an IP Set to include the offending IP address or range.

  Then create a Web ACL (Access Control List) with a rule set to BLOCK requests from that IP set.

  Finally, associate the Web ACL with the ALB.

  Security groups (Option A) cannot deny specific IPs because they are stateful and allow-only rules.

  Amazon Detective (Option B) is a security analysis and investigation tool; it doesn't block traffic.

  AWS RAM (Option C) is for resource sharing across accounts, not for blocking IPs.

  This approach aligns with AWS's Security Pillar of the Well-Architected Framework and is fully managed, with minimal operational effort.

  References:

  Using AWS WAF with an Application Load Balancer Block IPs with AWS WAF

• Question 245:

  A company provides devices to users. When a device is registered, its ID is added to DynamoDB. A daily job activates devices using two Lambda functions: The Retrieve function lists unregistered device IDs.

  The Retrieve function then calls the Activate function in a loop to register each device.

  The number of activations is increasing, and the company wants to avoid Lambda timeouts without modifying existing functions.

  Which solution will scale appropriately?

  A. Use EventBridge Scheduler to periodically invoke the Retrieve function.
  B. Invoke the Activate function from DynamoDB Streams when a device ID is added.
  C. Use Step Functions to call the Retrieve function and use a Map state to run the Activate function for each ID.
  D. Move the Retrieve function to EC2 for longer processing time.
  C. Use Step Functions to call the Retrieve function and use a Map state to run the Activate function for each ID.

  ---

  Explanation

  AWS Step Functions can orchestrate Lambda executions without modifying the Lambda code, and the Map state is designed to run a Lambda function once per item in a list--perfect for activating many devices in parallel or controlled batches.

  This eliminates the loop inside the Retrieve function and prevents timeouts.

  EventBridge (Option A) only changes the schedule. DynamoDB Streams (Option B) is unrelated to the activation workflow. EC2 (Option D) increases operational overhead.

• Question 246:

  A company runs an application on several Amazon EC2 instances that store persistent data on an Amazon Elastic File System (Amazon EFS) file system. The company needs to replicate the data to another AWS Region by using an AWS managed service solution.

  Which solution will meet these requirements MOST cost-effectively?

  A. Use the EFS-to-EFS backup solution to replicate the data to an EFS file system in another Region.
  B. Run a nightly script to copy data from the EFS file system to an Amazon S3 bucket. Enable S3 Cross-Region Replication on the S3 bucket.
  C. Create a VPC in another Region. Establish a cross-Region VPC peer. Run a nightly rsync to copy data from the original Region to the new Region.
  D. Use AWS Backup to create a backup plan with a rule that takes a daily backup and replicates it to another Region. Assign the EFS file system resource to the backup plan.
  D. Use AWS Backup to create a backup plan with a rule that takes a daily backup and replicates it to another Region. Assign the EFS file system resource to the backup plan.

• Question 247:

  A company is running a multi-tier web application on premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records. The operational overhead of maintaining the infrastructure and capacity planning is limiting the company's growth. A solutions architect must improve the application's infrastructure.

  Which combination of actions should the solutions architect take to accomplish this? (Choose two.)

  A. Migrate the PostgreSQL database to Amazon Aurora.
  B. Migrate the web application to be hosted on Amazon EC2 instances.
  C. Set up an Amazon CloudFront distribution for the web application content.
  D. Set up Amazon ElastiCache between the web application and the PostgreSQL database.
  E. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS).
  A. Migrate the PostgreSQL database to Amazon Aurora.
  E. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS).

• Question 248:

  A hospital wants to create digital copies for its large collection of historical written records. The hospital will continue to add hundreds of new documents each day. The hospital's data team will scan the documents and will upload the documents to the AWS Cloud.

  A solutions architect must implement a solution to analyze the documents, extract the medical information, and store the documents so that an application can run SQL queries on the data. The solution must maximize scalability and operational efficiency.

  Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

  A. Write the document information to an Amazon EC2 instance that runs a MySQL database.
  B. Write the document information to an Amazon S3 bucket. Use Amazon Athena to query the data.
  C. Create an Auto Scaling group of Amazon EC2 instances to run a custom application that processes the scanned files and extracts the medical information.
  D. Create an AWS Lambda function that runs when new documents are uploaded. Use Amazon Rekognition to convert the documents to raw text. Use Amazon Transcribe Medical to detect and extract relevant medical information from the text.
  E. Create an AWS Lambda function that runs when new documents are uploaded. Use Amazon Textract to convert the documents to raw text. Use Amazon Comprehend Medical to detect and extract relevant medical information from the text.
  B. Write the document information to an Amazon S3 bucket. Use Amazon Athena to query the data.
  E. Create an AWS Lambda function that runs when new documents are uploaded. Use Amazon Textract to convert the documents to raw text. Use Amazon Comprehend Medical to detect and extract relevant medical information from the text.

• Question 249:

  A company hosts an ecommerce application that stores all data in a single Amazon RDS for MySQL DB instance that is fully managed by AWS. The company needs to mitigate the risk of a single point of failure.

  Which solution will meet these requirements with the LEAST implementation effort?

  A. Modify the RDS DB instance to use a Multi-AZ deployment. Apply the changes during the next maintenance window.
  B. Migrate the current database to a new Amazon DynamoDB Multi-AZ deployment. Use AWS Database Migration Service (AWS DMS) with a heterogeneous migration strategy to migrate the current RDS DB instance to DynamoDB tables.
  C. Create a new RDS DB instance in a Multi-AZ deployment. Manually restore the data from the existing RDS DB instance from the most recent snapshot.
  D. Configure the DB instance in an Amazon EC2 Auto Scaling group with a minimum group size of three. Use Amazon Route 53 simple routing to distribute requests to all DB instances.
  A. Modify the RDS DB instance to use a Multi-AZ deployment. Apply the changes during the next maintenance window.

• Question 250:

  A company is designing a cloud communications platform that is driven by APIs. The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB). The company uses Amazon API Gateway to provide external users with access to the application through APIs. The company wants to protect the platform against web exploits like SQL injection and also wants to detect and mitigate large, sophisticated DDoS attacks.

  Which combination of solutions provides the MOST protection? (Choose two.)

  A. Use AWS WAF to protect the NLB.
  B. Use AWS Shield Advanced with the NLB.
  C. Use AWS WAF to protect Amazon API Gateway.
  D. Use Amazon GuardDuty with AWS Shield Standard
  E. Use AWS Shield Standard with Amazon API Gateway.
  B. Use AWS Shield Advanced with the NLB.
  C. Use AWS WAF to protect Amazon API Gateway.