Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 251:

  A company is migrating from a monolithic architecture for a web application that is hosted on Amazon EC2 to a serverless microservices architecture. The company wants to use AWS services that support an event-driven, loosely coupled architecture.

  The company wants to use the publish/subscribe (pub/sub) pattern.

  Which solution will meet these requirements MOST cost-effectively?

  A. Configure an Amazon API Gateway REST API to invoke an AWS Lambda function that publishes events to an Amazon Simple Queue Service (Amazon SQS) queue. Configure one or more subscribers to read events from the SQS queue.
  B. Configure an Amazon API Gateway REST API to invoke an AWS Lambda function that publishes events to an Amazon Simple Notification Service (Amazon SNS) topic. Configure one or more subscribers to receive events from the SNS topic.
  C. Configure an Amazon API Gateway WebSocket API to write to a data stream in Amazon Kinesis Data Streams with enhanced fan-out. Configure one or more subscribers to receive events from the data stream.
  D. Configure an Amazon API Gateway HTTP API to invoke an AWS Lambda function that publishes events to an Amazon Simple Notification Service (Amazon SNS) topic. Configure one or more subscribers to receive events from the topic.
  D. Configure an Amazon API Gateway HTTP API to invoke an AWS Lambda function that publishes events to an Amazon Simple Notification Service (Amazon SNS) topic. Configure one or more subscribers to receive events from the topic.

• Question 252:

  The following IAM policy is attached to an IAM group. This is the only policy applied to the group.

  

  What are the effective IAM permissions of this policy for group members?

  A. Group members are permitted any Amazon EC2 action within the us-east-1 Region. Statements after the Allow permission are not applied.
  B. Group members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA).
  C. Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action.
  D. Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action within the us-east-1 Region.
  D. Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action within the us-east-1 Region.

• Question 253:

  A company is running a custom application on Amazon EC2 On-Demand Instances. The application has frontend nodes that need to run 24 hours a day, 7 days a week and backend nodes that need to run only for a short time based on workload.

  The number of backend nodes varies during the day.

  The company needs to scale out and scale in more instances based on workload.

  Which solution will meet these requirements MOST cost-effectively?

  A. Use Reserved Instances for the frontend nodes. Use AWS Fargate for the backend nodes.
  B. Use Reserved Instances for the frontend nodes. Use Spot Instances for the backend nodes.
  C. Use Spot Instances for the frontend nodes. Use Reserved Instances for the backend nodes.
  D. Use Spot Instances for the frontend nodes. Use AWS Fargate for the backend nodes.
  B. Use Reserved Instances for the frontend nodes. Use Spot Instances for the backend nodes.

• Question 254:

  A startup company is hosting a website for its customers on an Amazon EC2 instance. The website consists of a stateless Python application and a MySQL database. The website serves only a small amount of traffic. The company is concerned about the reliability of the instance and needs to migrate to a highly available architecture. The company cannot modify the application code.

  Which combination of actions should a solutions architect take to achieve high availability for the website? (Choose two.)

  A. Provision an internet gateway in each Availability Zone in use.
  B. Migrate the database to an Amazon RDS for MySQL Multi-AZ DB instance.
  C. Migrate the database to Amazon DynamoDB, and enable DynamoDB auto scaling.
  D. Use AWS DataSync to synchronize the database data across multiple EC2 instances.
  E. Create an Application Load Balancer to distribute traffic to an Auto Scaling group of EC2 instances that are distributed across two Availability Zones.
  B. Migrate the database to an Amazon RDS for MySQL Multi-AZ DB instance.
  E. Create an Application Load Balancer to distribute traffic to an Auto Scaling group of EC2 instances that are distributed across two Availability Zones.

• Question 255:

  A solutions architect is using an AWS CloudFormation template to deploy a three-tier web application. The web application consists of a web tier and an application tier that stores and retrieves user data in Amazon DynamoDB tables. The web and application tiers are hosted on Amazon EC2 instances, and the database tier is not publicly accessible. The application EC2 instances need to access the DynamoDB tables without exposing API credentials in the template.

  What should the solutions architect do to meet these requirements?

  A. Create an IAM role to read the DynamoDB tables. Associate the role with the application instances by referencing an instance profile.
  B. Create an IAM role that has the required permissions to read and write from the DynamoDB tables. Add the role to the EC2 instance profile, and associate the instance profile with the application instances.
  C. Use the parameter section in the AWS CloudFormation template to have the user input access and secret keys from an already-created IAM user that has the required permissions to read and write from the DynamoDB tables.
  D. Create an IAM user in the AWS CloudFormation template that has the required permissions to read and write from the DynamoDB tables. Use the GetAtt function to retrieve the access and secret keys, and pass them to the application instances through the user data.
  B. Create an IAM role that has the required permissions to read and write from the DynamoDB tables. Add the role to the EC2 instance profile, and associate the instance profile with the application instances.

• Question 256:

  A shipping company wants to run a Kubernetes container-based web application in disconnected mode while the company's ships are in transit at sea. The application must provide local users with high availability.

  Which solution will meet these requirements?

  A. Use AWS Snowball Edge as the primary and secondary sites.
  B. Use AWS Snowball Edge as the primary site, and use an AWS Local Zone as the secondary site.
  C. Use AWS Snowball Edge as the primary site, and use an AWS Outposts server as the secondary site.
  D. Use AWS Snowball Edge as the primary site, and use an AWS Wavelength Zone as the secondary site.
  A. Use AWS Snowball Edge as the primary and secondary sites.

  ---

  Explanation

  When operating in disconnected or limited-connectivity environments, such as ships at sea, AWS recommends using AWS Snowball Edge devices to host local compute and storage workloads. Snowball Edge supports Amazon EC2 instances and AWS IoT Greengrass, and can run Amazon EKS Anywhere for local Kubernetes cluster deployments.

  Why Option A is correct:

  Snowball Edge provides local compute and storage even without internet connectivity.

  Multiple Snowball Edge devices can be clustered together for high availability and failover.

  Fully self-contained environment suitable for ships or field operations.

  Why the others are incorrect:

  Option B, Option C, Option D require network connectivity to AWS Regions or Zones (Local Zone, Outposts, Wavelength), which is not available at sea. These options cannot operate fully disconnected.

  References:

  AWS Snow Family Developer Guide?"Running Compute Applications on AWS Snowball Edge"

  AWS Well-Architected Framework?Resilience Pillar

  AWS Architecture Blog?"Edge Computing with Snow Family"

• Question 257:

  A company is building a web application that serves a content management system. The content management system runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances run in an Auto Scaling group across multiple Availability Zones. Users are constantly adding and updating files, blogs, and other website assets in the content management system.

  A solutions architect must implement a solution in which all the EC2 instances share up-to-date website content with the least possible lag time.

  Which solution meets these requirements?

  A. Update the EC2 user data in the Auto Scaling group lifecycle policy to copy the website assets from the EC2 instance that was launched most recently. Configure the ALB to make changes to the website assets only in the newest EC2 instance.
  B. Copy the website assets to an Amazon Elastic File System (Amazon EFS) file system. Configure each EC2 instance to mount the EFS file system locally. Configure the website hosting application to reference the website assets that are stored in the EFS file system.
  C. Copy the website assets to an Amazon S3 bucket. Ensure that each EC2 instance downloads the website assets from the S3 bucket to the attached Amazon Elastic Block Store (Amazon EBS) volume. Run the S3 sync command once each hour to keep files up to date.
  D. Restore an Amazon Elastic Block Store (Amazon EBS) snapshot with the website assets. Attach the EBS snapshot as a secondary EBS volume when a new EC2 instance is launched. Configure the website hosting application to reference the website assets that are stored in the secondary EBS volume.
  B. Copy the website assets to an Amazon Elastic File System (Amazon EFS) file system. Configure each EC2 instance to mount the EFS file system locally. Configure the website hosting application to reference the website assets that are stored in the EFS file system.

• Question 258:

  A company uses Amazon RDS for PostgreSQL databases for its data tier. The company must implement password rotation for the databases.

  Which solution meets this requirement with the LEAST operational overhead?

  A. Store the password in AWS Secrets Manager. Enable automatic rotation on the secret.
  B. Store the password in AWS Systems Manager Parameter Store. Enable automatic rotation on the parameter.
  C. Store the password in AWS Systems Manager Parameter Store. Write an AWS Lambda function that rotates the password.
  D. Store the password in AWS Key Management Service (AWS KMS). Enable automatic rotation on the AWS KMS key.
  A. Store the password in AWS Secrets Manager. Enable automatic rotation on the secret.

• Question 259:

  A company has multiple AWS accounts for development work. Some staff consistently use oversized Amazon EC2 instances, which causes the company to exceed the yearly budget for the development accounts. The company wants to centrally restrict the creation of AWS resources in these accounts.

  Which solution will meet these requirements with the LEAST development effort?

  A. Develop AWS Systems Manager templates that use an approved EC2 creation process. Use the approved Systems Manager templates to provision EC2 instances.
  B. Use AWS Organizations to organize the accounts into organizational units (OUs). Define and attach a service control policy (SCP) to control the usage of EC2 instance types.
  C. Configure an Amazon EventBridge rule that invokes an AWS Lambda function when an EC2 instance is created. Stop disallowed EC2 instance types.
  D. Set up AWS Service Catalog products for the staff to create the allowed EC2 instance types. Ensure that staff can deploy EC2 instances only by using the Service Catalog products.
  B. Use AWS Organizations to organize the accounts into organizational units (OUs). Define and attach a service control policy (SCP) to control the usage of EC2 instance types.

• Question 260:

  A company has an ecommerce checkout workflow that writes an order to a database and calls a service to process the payment. Users are experiencing timeouts during the checkout process. When users resubmit the checkout form, multiple unique orders are created for the same desired transaction.

  How should a solutions architect refactor this workflow to prevent the creation of multiple orders?

  A. Configure the web application to send an order message to Amazon Kinesis Data Firehose. Set the payment service to retrieve the message from Kinesis Data Firehose and process the order.
  B. Create a rule in AWS CloudTrail to invoke an AWS Lambda function based on the logged application path request. Use Lambda to query the database, call the payment service, and pass in the order information.
  C. Store the order in the database. Send a message that includes the order number to Amazon Simple Notification Service (Amazon SNS). Set the payment service to poll Amazon SNS, retrieve the message, and process the order.
  D. Store the order in the database. Send a message that includes the order number to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the payment service to retrieve the message and process the order. Delete the message from the queue.
  D. Store the order in the database. Send a message that includes the order number to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the payment service to retrieve the message and process the order. Delete the message from the queue.