A company uses 50 TB of data for reporting. The company wants to move this data from on premises to AWS. A custom application in the company's data center runs a weekly data transformation job. The company plans to pause the application until the data transfer is complete and needs to begin the transfer process as soon as possible. The data center does not have any available network bandwidth for additional workloads. A solutions architect must transfer the data and must configure the transformation job to continue to run in the AWS Cloud.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use AWS DataSync to move the data. Create a custom transformation job by using AWS Glue. B. Order an AWS Snowcone device to move the data. Deploy the transformation application to the device. C. Order an AWS Snowball Edge Storage Optimized device. Copy the data to the device. Create a custom transformation job by using AWS Glue. D. Order an AWS Snowball Edge Storage Optimized device that includes Amazon EC2 compute. Copy the data to the device. Create a new EC2 instance on AWS to run the transformation application.
C. Order an AWS Snowball Edge Storage Optimized device. Copy the data to the device. Create a custom transformation job by using AWS Glue.
Question 22:
A company has a VPC with multiple private subnets that host multiple applications. The applications must not be accessible to the internet. However, the applications need to access multiple AWS services. The applications must not use public IP addresses to access the AWS services.
Which solution will meet these requirements MOST cost-effectively?
A. Configure interface VPC endpoints for the required AWS services. Route traffic from the private subnets through the interface VPC endpoints. B. Deploy a NAT gateway in each private subnet. Route traffic from the private subnets through the NAT gateways. C. Deploy internet gateways in each private subnet. Route traffic from the private subnets through the internet gateways. D. Set up an AWS Direct Connect connection between the private subnets. Route traffic from the private subnets through the Direct Connect connection.
A. Configure interface VPC endpoints for the required AWS services. Route traffic from the private subnets through the interface VPC endpoints.
Explanation
The most cost-effective, secure way for private subnets to access AWS services without public IP addresses is to use VPC endpoints:
Interface endpoints (powered by AWS PrivateLink) for services like S3, DynamoDB, etc.
Traffic stays on the AWS network.
"You can privately connect your VPC to supported AWS services using interface VPC endpoints powered by AWS PrivateLink. Instances in your VPC do not require public IP addresses." -- VPC Endpoints Documentation Why not others:
NAT gateways incur hourly + data transfer costs and use public IPs.
Internet gateways expose traffic to the internet.
Direct Connect is for private on-prem connectivity, not needed here.
Question 23:
A company stores user data in AWS. The data is used continuously with peak usage during business hours. Access patterns vary, with some data not being used for months at a time. A solutions architect must choose a cost-effective solution that maintains the highest level of durability while maintaining high availability.
Which storage solution meets these requirements?
A. Amazon S3 Standard B. Amazon S3 Intelligent-Tiering C. Amazon S3 Glacier Deep Archive D. Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
B. Amazon S3 Intelligent-Tiering
Question 24:
A company runs applications and stores data in multiple AWS accounts. The company uses AWS Organizations to manage all its accounts.
The company needs a solution to efficiently and centrally manage data backups for the AWS services that the company uses. The solution must improve the company's disaster recovery posture. The solution must also protect data backups against accidental deletion or a malicious attack on an AWS account.
Which solution will meet these requirements?
A. Use AWS Backup in each AWS account to store copies of the data backups in additional Availability Zones. B. Use AWS Backup policies in Organizations to store copies of the data backups in additional AWS accounts. C. Use AWS Backup in each AWS account to store copies of the data backups in additional AWS Regions. D. Use AWS Backup policies in Organizations to store copies of the data backups in additional AWS Regions.
B. Use AWS Backup policies in Organizations to store copies of the data backups in additional AWS accounts.
Explanation
The correct answer is B because the company needs to centrally manage backups across multiple AWS accounts, improve disaster recovery posture, and protect backups from accidental deletion or compromise of an AWS account AWS Backup policies in AWS Organizations. provide centralized governance and automation for backup plans across member accounts. By storing copies of backups in additional AWS accounts, the company gains stronger isolation and protection against account-level compromise. Cross-account backup copies are especially important when the requirement includes protection from a malicious attack on an AWS account. If backups remain only in the same account, an attacker with sufficient permissions in that account could potentially alter or delete them. Storing backup copies in a separate account provides administrative separation and strengthens recovery options. This is a recognized AWS best practice for improving cyber resilience and recovery assurance.
Option A is incorrect because copying backups to additional Availability Zones within the same account does not address centralized management across Organizations or protect against malicious actions in that account.
Option C improves regional resilience but still lacks centralized policy-based management and account isolation.
Option D provides centralized policy management and cross-Region resilience, but it does not directly address the requirement to protect against an attack on a single AWS account as effectively as cross-account backup copies.
AWS guidance for enterprise backup strategy emphasizes centralized backup management with AWS Backup and AWS Organizations, plus cross-account copies for stronger protection and recovery.
Therefore, using AWS Backup policies in Organizations to store copies in additional AWS accounts is the best solution.
Question 25:
A company is migrating a data center from its on-premises location to AWS. The company has several legacy applications that are hosted on individual virtual servers. Changes to the application designs cannot be made. Each individual virtual server currently runs as its own EC2 instance. A solutions architect needs to ensure that the applications are reliable and fault tolerant after migration to AWS. The applications will run on Amazon EC2 instances.
Which solution will meet these requirements?
A. Create an Auto Scaling group that has a minimum of one and a maximum of one. Create an Amazon Machine Image (AMI) of each application instance. Use the AMI to create EC2 instances in the Auto Scaling group Configure an Application Load Balancer in front of the Auto Scaling group. B. Use AWS Backup to create an hourly backup of the EC2 instance that hosts each application. Store the backup in Amazon S3 in a separate Availability Zone. Configure a disaster recovery process to restore the EC2 instance for each application from its most recent backup. C. Create an Amazon Machine Image (AMI) of each application instance. Launch two new EC2 instances from the AMI. Place each EC2 instance in a separate Availability Zone. Configure a Network Load Balancer that has the EC2 instances as targets. D. Use AWS Mitigation Hub Refactor Spaces to migrate each application off the EC2 instance. Break down functionality from each application into individual components. Host each application on Amazon Elastic Container Service (Amazon ECS) with an AWS Fargate launch type.
A. Create an Auto Scaling group that has a minimum of one and a maximum of one. Create an Amazon Machine Image (AMI) of each application instance. Use the AMI to create EC2 instances in the Auto Scaling group Configure an Application Load Balancer in front of the Auto Scaling group.
Question 26:
A company has two VPCs that are located in the us-west-2 Region within the same AWS account. The company needs to allow network traffic between these VPCs. Approximately 500 GB of data transfer will occur between the VPCs each month.
What is the MOST cost-effective solution to connect these VPCs?
A. Implement AWS Transit Gateway to connect the VPCs. Update the route tables of each VPC to use the transit gateway for inter-VPC communication. B. Implement an AWS Site-to-Site VPN tunnel between the VPCs. Update the route tables of each VPC to use the VPN tunnel for inter-VPC communication. C. Set up a VPC peering connection between the VPCs. Update the route tables of each VPC to use the VPC peering connection for inter-VPC communication. D. Set up a 1 GB AWS Direct Connect connection between the VPCs. Update the route tables of each VPC to use the Direct Connect connection for inter-VPC communication.
C. Set up a VPC peering connection between the VPCs. Update the route tables of each VPC to use the VPC peering connection for inter-VPC communication.
Question 27:
A company needs to design a hybrid network architecture. The company's workloads are currently stored in the AWS Cloud and in on-premises data centers. The workloads require single-digit latencies to communicate. The company uses an AWS Transit Gateway transit gateway to connect multiple VPCs.
Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)
A. Establish an AWS Site-to-Site VPN connection to each VPC. B. Associate an AWS Direct Connect gateway with the transit gateway that is attached to the VPCs. C. Establish an AWS Site-to-Site VPN connection to an AWS Direct Connect gateway. D. Establish an AWS Direct Connect connection. Create a transit virtual interface (VIF) to a Direct Connect gateway. E. Associate AWS Site-to-Site VPN connections with the transit gateway that is attached to the VPCs.
B. Associate an AWS Direct Connect gateway with the transit gateway that is attached to the VPCs. D. Establish an AWS Direct Connect connection. Create a transit virtual interface (VIF) to a Direct Connect gateway.
Question 28:
A company has an employee web portal. Employees log in to the portal to view payroll details. The company is developing a new system to give employees the ability to upload scanned documents for reimbursement. The company runs a program to extract text-based data from the documents and attach the extracted information to each employee's reimbursement IDs for processing. The employee web portal requires 100% uptime. The document extract program runs infrequently throughout the day on an on-demand basis. The company wants to build a scalable and cost-effective new system that will require minimal changes to the existing web portal. The company does not want to make any code changes.
Which solution will meet these requirements with the LEAST implementation effort?
A. Run Amazon EC2 On-Demand Instances in an Auto Scaling group for the web portal. Use an AWS Lambda function to run the document extract program. Invoke the Lambda function when an employee uploads a new reimbursement document. B. Run Amazon EC2 Spot Instances in an Auto Scaling group for the web portal. Run the document extract program on EC2 Spot Instances. Start document extract program instances when an employee uploads a new reimbursement document. C. Purchase a Savings Plan to run the web portal and the document extract program. Run the web portal and the document extract program in an Auto Scaling group. D. Create an Amazon S3 bucket to host the web portal. Use Amazon API Gateway and an AWS Lambda function for the existing functionalities. Use the Lambda function to run the document extract program. Invoke the Lambda function when the API that is associated with a new document upload is called.
A. Run Amazon EC2 On-Demand Instances in an Auto Scaling group for the web portal. Use an AWS Lambda function to run the document extract program. Invoke the Lambda function when an employee uploads a new reimbursement document.
Question 29:
A company is designing an event-driven order processing system. Each order requires multiple validation steps after the order is created. An idempotent AWS Lambda function performs each validation step. Each validation step is independent from the other validation steps. Individual validation steps need only a subset of the order event information.
The company wants to ensure that each validation step Lambda function has access to only the information from the order event that the function requires. The components of the order processing system should be loosely coupled to accommodate future business changes.
Which solution will meet these requirements?
A. Create an Amazon Simple Queue Service (Amazon SQS) queue for each validation step. Create a new Lambda function to transform the order data to the format that each validation step requires and to publish the messages to the appropriate SQS queues. Subscribe each validation step Lambda function to its corresponding SQS queue. B. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the validation step Lambda functions to the SNS topic. Use message body filtering to send only the required data to each subscribed Lambda function. C. Create an Amazon EventBridge event bus. Create an event rule for each validation step. Configure the input transformer to send only the required data to each target validation step Lambda function. D. Create an Amazon Simple Queue Service (Amazon SQS) queue. Create a new Lambda function to subscribe to the SQS queue and to transform the order data to the format that each validation step requires. Use the new Lambda function to perform synchronous invocations of the validation step Lambda functions in parallel on separate threads.
C. Create an Amazon EventBridge event bus. Create an event rule for each validation step. Configure the input transformer to send only the required data to each target validation step Lambda function.
Question 30:
An ecommerce company hosts its analytics application in the AWS Cloud. The application generates about 300 MB of data each month. The data is stored in JSON format. The company is evaluating a disaster recovery solution to back up the data. The data must be accessible in milliseconds if it is needed, and the data must be kept for 30 days.
Which solution meets these requirements MOST cost-effectively?
A. Amazon OpenSearch Service (Amazon Elasticsearch Service) B. Amazon S3 Glacier C. Amazon S3 Standard D. Amazon RDS for PostgreSQL
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.