Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 261:

  A company runs multiple web applications on Amazon EC2 instances behind a single Application Load Balancer (ALB). The application experiences unpredictable traffic spikes throughout each day. The traffic spikes cause high latency. The unpredictable spikes last less than 3 hours. The company needs a solution to resolve the latency issue caused by traffic spikes.

  Which solution will meet these requirements?

  A. Use EC2 instances in an Auto Scaling group. Configure the ALB and Auto Scaling group to use a target tracking scaling policy.
  B. Use EC2 Reserved Instances in an Auto Scaling group. Configure the Auto Scaling group to use a scheduled scaling policy based on peak traffic hours.
  C. Use EC2 Spot Instances in an Auto Scaling group. Configure the Auto Scaling group to use a scheduled scaling policy based on peak traffic hours.
  D. Use EC2 Reserved Instances in an Auto Scaling group. Replace the ALB with a Network Load Balancer (NLB).
  A. Use EC2 instances in an Auto Scaling group. Configure the ALB and Auto Scaling group to use a target tracking scaling policy.

  ---

  Explanation

  AWS recommends Auto Scaling with dynamic scaling policies to handle unpredictable workload spikes.

  Target tracking scaling policies automatically adjust capacity based on defined metrics such as average CPU utilization or request count per target. This approach ensures applications maintain responsiveness without overprovisioning. Scheduled scaling (options B and C) is only effective when traffic patterns are predictable, which is not the case here. Reserved Instances or Spot Instances also do not address sudden demand changes effectively. Replacing the ALB with an NLB (D) does not solve latency caused by EC2 instance capacity. Therefore, using EC2 instances in an Auto Scaling group with a target tracking scaling policy is the most effective and cost-efficient solution for unpredictable, short-lived traffic spikes.

  References:

  Amazon EC2 Auto Scaling User Guide -- Target tracking scaling policies?AWS Well-Architected Framework -- Performance Efficiency Pillar: Elasticity and scaling

• Question 262:

  A company has multiple VPCs across AWS Regions to support and run workloads that are isolated from workloads in other Regions. Because of a recent application launch requirement, the company's VPCs must communicate with all other VPCs across all Regions.

  Which solution will meet these requirements with the LEAST amount of administrative effort?

  A. Use VPC peering to manage VPC communication in a single Region. Use VPC peering across Regions to manage VPC communications.
  B. Use AWS Direct Connect gateways across all Regions to connect VPCs across regions and manage VPC communications.
  C. Use AWS Transit Gateway to manage VPC communication in a single Region and Transit Gateway peering across Regions to manage VPC communications.
  D. Use AWS PrivateLink across all Regions to connect VPCs across Regions and manage VPC communications
  C. Use AWS Transit Gateway to manage VPC communication in a single Region and Transit Gateway peering across Regions to manage VPC communications.

• Question 263:

  A company is designing a new internal web application in the AWS Cloud. The new application must securely retrieve and store multiple employee usernames and passwords from an AWS managed service.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Store the employee credentials in AWS Systems Manager Parameter Store. Use AWS CloudFormation and the BatchGetSecretValue API to retrieve usernames and passwords from Parameter Store.
  B. Store the employee credentials in AWS Secrets Manager. Use AWS CloudFormation and AWS Batch with the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.
  C. Store the employee credentials in AWS Systems Manager Parameter Store. Use AWS CloudFormation and AWS Batch with the BatchGetSecretValue API to retrieve the usernames and passwords from Parameter Store.
  D. Store the employee credentials in AWS Secrets Manager. Use AWS CloudFormation and the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.
  D. Store the employee credentials in AWS Secrets Manager. Use AWS CloudFormation and the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.

• Question 264:

  A company's ecommerce website has unpredictable traffic and uses AWS Lambda functions to directly access a private Amazon RDS for PostgreSQL DB instance. The company wants to maintain predictable database performance and ensure that the Lambda invocations do not overload the database with too many connections.

  What should a solutions architect do to meet these requirements?

  A. Point the client driver at an RDS custom endpoint. Deploy the Lambda functions inside a VPC.
  B. Point the client driver at an RDS proxy endpoint. Deploy the Lambda functions inside a VPC.
  C. Point the client driver at an RDS custom endpoint. Deploy the Lambda functions outside a VPC.
  D. Point the client driver at an RDS proxy endpoint. Deploy the Lambda functions outside a VPC.
  B. Point the client driver at an RDS proxy endpoint. Deploy the Lambda functions inside a VPC.

• Question 265:

  A company is running several business applications in three separate VPCs within the us-east-1 Region.

  The applications must be able to communicate between VPCs. The applications also must be able to consistently send hundreds of gigabytes of data each day to a latency-sensitive application that runs in a single on-premises data center.

  A solutions architect needs to design a network connectivity solution that maximizes cost-effectiveness.

  Which solution meets these requirements?

  A. Configure three AWS Site-to-Site VPN connections from the data center to AWS. Establish connectivity by configuring one VPN connection for each VPC.
  B. Launch a third-party virtual network appliance in each VPC. Establish an IPsec VPN tunnel between the data center and each virtual appliance.
  C. Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway in us-east-1. Establish connectivity by configuring each VPC to use one of the Direct Connect connections.
  D. Set up one AWS Direct Connect connection from the data center to AWS. Create a transit gateway, and attach each VPC to the transit gateway. Establish connectivity between the Direct Connect connection and the transit gateway.
  D. Set up one AWS Direct Connect connection from the data center to AWS. Create a transit gateway, and attach each VPC to the transit gateway. Establish connectivity between the Direct Connect connection and the transit gateway.

• Question 266:

  A company stores critical data in Amazon DynamoDB tables in the company's AWS account. An IT administrator accidentally deleted a DynamoDB table. The deletion caused a significant loss of data and disrupted the company's operations.

  The company wants to prevent this type of disruption in the future.

  Which solution will meet this requirement with the LEAST operational overhead?

  A. Configure a trail in AWS CloudTrail. Create an Amazon EventBridge rule for delete actions. Create an AWS Lambda function to automatically restore deleted DynamoDB tables.
  B. Create a backup and restore plan for the DynamoDB tables. Recover the DynamoDB tables manually.
  C. Configure deletion protection on the DynamoDB tables.
  D. Enable point-in-time recovery on the DynamoDB tables.
  C. Configure deletion protection on the DynamoDB tables.

• Question 267:

  A mining company is using Amazon S3 as its data lake. The company wants to analyze the data collected by sensors in its mines. A data pipeline is being built to capture data from the sensors, ingest the data into an S3 bucket, and convert the data to Apache Parquet format. The data pipeline must process the data in near-real time. The data will be used for on-demand queries with Amazon Athena.

  Which solution will meet these requirements?

  A. Use Amazon Data Firehose to invoke an AWS Lambda function that converts the data to Parquet format and stores the data in Amazon S3.
  B. Use Amazon Kinesis Data Streams to invoke an AWS Lambda function that converts the data to Parquet format and stores the data in Amazon S3.
  C. Use AWS DataSync to invoke an AWS Lambda function that converts the data to Parquet format and stores the data in Amazon S3.
  D. Use Amazon Simple Queue Service (Amazon SQS) to stream data directly to an AWS Glue job that converts the data to Parquet format and stores the data in Amazon S3.
  A. Use Amazon Data Firehose to invoke an AWS Lambda function that converts the data to Parquet format and stores the data in Amazon S3.

  ---

  Explanation

  Amazon Kinesis Data Firehose (now known as Amazon Data Firehose) supports near-real-time streaming, with built-in support to:

  Invoke AWS Lambda functions for transformation.

  Store data directly into Amazon S3 in desired formats like Apache Parquet.

  "You can use Data Firehose to transform the data before delivering it, by invoking a Lambda function. You can convert to formats such as JSON or Apache Parquet before storing it into S3."

  -- Amazon Data Firehose Developer Guide

  Why not the others?

  Opion B: Kinesis Data Streams requires more operational overhead than Firehose.

  Opion C: DataSync is for file movement--not stream processing.

  Opion D: SQS isn't designed for streaming and transformation pipelines.

  References:

  Amazon Data Firehose Transformations

• Question 268:

  A company wants to use the AWS Cloud to improve its on-premises disaster recovery (DR) configuration.

  The company's core production business application uses Microsoft SQL Server Standard, which runs on a virtual machine (VM). The application has a recovery point objective (RPO) of 30 seconds or fewer and a recovery time objective (RTO) of 60 minutes. The DR solution needs to minimize costs wherever possible.

  Which solution will meet these requirements?

  A. Configure a multi-site active/active setup between the on-premises server and AWS by using Microsoft SQL Server Enterprise with Always On availability groups.
  B. Configure a warm standby Amazon RDS for SQL Server database on AWS. Configure AWS Database Migration Service (AWS DMS) to use change data capture (CDC).
  C. Use AWS Elastic Disaster Recovery configured to replicate disk changes to AWS as a pilot light.
  D. Use third-party backup software to capture backups every night. Store a secondary set of backups in Amazon S3.
  B. Configure a warm standby Amazon RDS for SQL Server database on AWS. Configure AWS Database Migration Service (AWS DMS) to use change data capture (CDC).

• Question 269:

  A company is deploying a new application on Amazon EC2 instances. The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes. The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.

  Which solution will meet this requirement?

  A. Create an IAM role that specifies EBS encryption. Attach the role to the EC2 instances.
  B. Create the EBS volumes as encrypted volumes. Attach the EBS volumes to the EC2 instances.
  C. Create an EC2 instance tag that has a key of Encrypt and a value of True. Tag all instances that require encryption at the EBS level.
  D. Create an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account. Ensure that the key policy is active.
  B. Create the EBS volumes as encrypted volumes. Attach the EBS volumes to the EC2 instances.

• Question 270:

  A company hosts its web application on AWS using seven Amazon EC2 instances. The company requires that the IP addresses of all healthy EC2 instances be returned in response to DNS queries.

  Which policy should be used to meet this requirement?

  A. Simple routing policy
  B. Latency routing policy
  C. Multivalue routing policy
  D. Geolocation routing policy
  C. Multivalue routing policy