Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 331:

  An internal product team is deploying a new application to a private VPC in a company's AWS account.

  The application runs on Amazon EC2 instances that are in a security group named App1. The EC2 instances store application data in an Amazon S3 bucket and use AWS Secrets Manager to store application service credentials. The company's security policy prohibits applications in a private VPC from using public IP addresses to communicate.

  Which combination of solutions will meet these requirements? (Choose Two.)

  A. Configure gateway endpoints for Amazon S3 and AWS Secrets Manager.
  B. Configure interface VPC endpoints for Amazon S3 and AWS Secrets Manager.
  C. Add routes to the endpoints in the VPC route table.
  D. Associate the App1 security group with the interface VPC endpoints. Configure a self-referencing security group rule to allow inbound traffic.
  E. Associate the App1 security group with the gateway endpoints. Configure a self-referencing security group rule to allow inbound traffic.
  B. Configure interface VPC endpoints for Amazon S3 and AWS Secrets Manager.
  C. Add routes to the endpoints in the VPC route table.

  ---

  Explanation

  To securely access AWS services like S3 and Secrets Manager from a private VPC without using public IPs, interface VPC endpoints are required. These endpoints are accessible via private IP addresses. For the application to reach these endpoints, appropriate routes must be configured in the route table.

  References:

  AWS Documentation?Interface VPC Endpoints and PrivateLink

• Question 332:

  A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords.

  What should the solutions architect do to accomplish this?

  A. Set an overall password policy for the entire AWS account.
  B. Set a password policy for each IAM user in the AWS account.
  C. Use third-party vendor software to set password requirements.
  D. Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.
  A. Set an overall password policy for the entire AWS account.

• Question 333:

  A company has an aging network-attached storage (NAS) array in its data center. The NAS array presents SMB shares and NFS shares to client workstations. The company does not want to purchase a new NAS array. The company also does not want to incur the cost of renewing the NAS array's support contract.

  Some of the data is accessed frequently, but much of the data is inactive.

  A solutions architect needs to implement a solution that migrates the data to Amazon S3, uses S3 Lifecycle policies, and maintains the same look and feel for the client workstations. The solutions architect has identified AWS Storage Gateway as part of the solution.

  Which type of storage gateway should the solutions architect provision to meet these requirements?

  A. Volume Gateway
  B. Tape Gateway
  C. Amazon FSx File Gateway
  D. Amazon S3 File Gateway
  D. Amazon S3 File Gateway

• Question 334:

  A company hosts a website analytics application on a single Amazon EC2 On-Demand Instance. The analytics application is highly resilient and is designed to run in stateless mode. The company notices that the application is showing signs of performance degradation during busy times and is presenting 5xx errors. The company needs to make the application scale seamlessly.

  Which solution will meet these requirements MOST cost-effectively?

  A. Create an Amazon Machine Image (AMI) of the web application. Use the AMI to launch a second EC2 on-demand Instance. Use an Application Load Balancer to distribute the load across the two EC2 instances.
  B. Create an Amazon Machine Image (AMI) of the web application. Use the AMI to launch a second EC2 on-demand Instance. Use Amazon Route 53 weighted routing to distribute the load across the two EC2 instances.
  C. Create an AWS Lambda function to stop the EC2 instance and change the instance type. Create an Amazon CloudWatch alarm to invoke the Lambda function when CPU utilization is more than 75%.
  D. Create an Amazon Machine Image (AMI) of the web application. Apply the AMI to a launch template. Create an Auto Scaling group that includes the launch template. Configure the launch template to use a Spot Fleet. Attach an Application Load Balancer to the Auto Scaling group.
  D. Create an Amazon Machine Image (AMI) of the web application. Apply the AMI to a launch template. Create an Auto Scaling group that includes the launch template. Configure the launch template to use a Spot Fleet. Attach an Application Load Balancer to the Auto Scaling group.

• Question 335:

  A media company hosts its video processing workload on AWS. The workload uses Amazon EC2 instances in an Auto Scaling group to handle varying levels of demand. The workload stores the original videos and the processed videos in an Amazon S3 bucket. The company wants to ensure that the video processing workload is scalable. The company wants to prevent failed processing attempts because of resource constraints. The architecturemust be able to handle sudden spikes in video uploads without impacting the processing capability.

  Which solution will meet these requirements with the LEAST overhead?

  A. Migrate the workload from Amazon EC2 instances to AWS Lambda functions. Configure an Amazon S3 event notification to invoke the Lambda functions when a new video is uploaded. Configure the Lambda functions to process videos directly and to save processed videos back to the S3 bucket.
  B. Migrate the workload from Amazon EC2 instances to AWS Lambda functions. Use Amazon S3 to invoke an Amazon Simple Notification Service (Amazon SNS) topic when a new video is uploaded. Subscribe the Lambda functions to the SNS topic. Configure the Lambda functions to process the videos asynchronously and to save processed videos back to the S3 bucket.
  C. Configure an Amazon S3 event notification to send a message to an Amazon Simple Queue Service (Amazon SQS) queue when a new video is uploaded. Configure the existing Auto Scaling group to poll the SQS queue, process the videos, and save processed videos back to the S3 bucket.
  D. Configure an Amazon S3 upload trigger to invoke an AWS Step Functions state machine when a new video is uploaded. Configure the state machine to orchestrate the video processing workflow by placing a job message in the Amazon SQS queue. Configure the job message to invoke the EC2 instances to process the videos. Save processed videos back to the S3 bucket.
  C. Configure an Amazon S3 event notification to send a message to an Amazon Simple Queue Service (Amazon SQS) queue when a new video is uploaded. Configure the existing Auto Scaling group to poll the SQS queue, process the videos, and save processed videos back to the S3 bucket.

  ---

  Explanation

  This solution addresses the scalability needs of the workload while preventing failed processing attempts due to resource constraints.

  Amazon S3 event notificationscan be used to trigger a message to an SQS queue whenever a new video is uploaded.

  The existing Auto Scaling group of EC2 instances can poll the SQS queue, ensuring that the EC2 instances only process videos when there is a job in the queue.

  SQS decouplesthe video upload and processing steps, allowing the system to handle sudden spikes in video uploads without overloading EC2 instances.

  The use ofAuto Scalingensures that the EC2 instances can scale in or out based on the demand, maintaining cost efficiency while avoiding processing failures due to insufficient resources.

  References:

  S3 Event Notificationsdetails how to configure notifications for S3 events.

  Amazon SQSis a fully managed message queuing service that decouples components of the system.

  Auto Scaling EC2explains how to manage automatic scaling of EC2 instances based on demand. Why the other options are incorrect:

  Option

  A. AWS Lambda functions: While Lambda can handle some workloads, video processing is often resource-intensive and long-running, making EC2 a more suitable solution. Option

  B. Using SNS with Lambda: Similar to A, Lambda is not ideal for large-scale video processing due to its time and memory limitations. Option

  D. AWS Step Functions: While a valid orchestration solution, this introduces more complexity and overhead compared to the simpler SQS-based solution.

• Question 336:

  A company is developing a social media application that must scale to meet demand spikes and handle ordered processes.

  Which AWS services meet these requirements?

  A. ECS with Fargate, RDS, and SQS for decoupling.
  B. ECS with Fargate, RDS, and SNS for decoupling.
  C. DynamoDB, Lambda, DynamoDB Streams, and Step Functions.
  D. Elastic Beanstalk, RDS, and SNS for decoupling.
  A. ECS with Fargate, RDS, and SQS for decoupling.

  ---

  Explanation

  Option A combines ECS with Fargate for scalability, RDS for relational data, and SQS for decoupling with message ordering (FIFO queues). Option Buses SNS, which does not maintain message order.

  Option C is suitable for serverless workflows but not relational data.

  Option D relies on Elastic Beanstalk, which offers less flexibility for scaling.

• Question 337:

  A company is running a web-based game in two Availability Zones in the us-west-2 Region. The web servers use an Application Load Balancer (ALB) in public subnets. The ALB has an SSL certificate from AWS Certificate Manager (ACM) with a custom domain name. The game is written in JavaScript and runs entirely in a user's web browser.

  The game is increasing in popularity in many countries around the world. The company wants to update the application architecture and optimize costs without compromising performance.

  What should a solutions architect do to meet these requirements?

  A. Use Amazon CloudFront and create a global distribution that points to the ALB. Reuse the existing certificate from ACM for the CloudFront distribution. Use Amazon Route 53 to update the application alias to point to the distribution.
  B. Use AWS CloudFormation to deploy the application stack to AWS Regions near countries where the game is popular. Use ACM to create a new certificate for each application instance. Use Amazon Route 53 with a geolocation routing policy to direct traffic to the local application instance.
  C. Use Amazon S3 and create an S3 bucket in AWS Regions near countries where the game is popular. Deploy the HTML and JavaScript files to each S3 bucket. Use ACM to create a new certificate for each S3 bucket. Use Amazon Route 53 with a geolocation routing policy to direct traffic to the local S3 bucket.
  D. Use Amazon S3 and create an S3 bucket in us-west-2. Deploy the HTML and JavaScript files to the S3 bucket. Use Amazon CloudFront and create a global distribution with the S3 bucket as the origin. Use ACM to create a new certificate for the distribution. Use Amazon Route 53 to update the application alias to point to the distribution.
  D. Use Amazon S3 and create an S3 bucket in us-west-2. Deploy the HTML and JavaScript files to the S3 bucket. Use Amazon CloudFront and create a global distribution with the S3 bucket as the origin. Use ACM to create a new certificate for the distribution. Use Amazon Route 53 to update the application alias to point to the distribution.

  ---

  Explanation

  The correct answer is Option D because the application is written entirely in JavaScript and runs in users' web browsers, which means the workload is essentially a static web application. Static assets such as HTML, JavaScript, CSS, and related files are best hosted on Amazon S3, which provides highly durable and low-cost object storage. Putting Amazon CloudFront in front of the S3 bucket allows the application to be delivered globally through edge locations, which reduces latency for users in many countries while also lowering the load on the origin. This design is more cost-effective than continuing to serve the application from EC2 instances behind an ALB because it eliminates most of the compute and load balancing cost for static content delivery. CloudFront caches the content close to users and can improve performance worldwide without the complexity of deploying full application stacks in multiple Regions.

  Option A is less cost-effective because it still depends on the ALB and EC2 instances as the origin for content that is static. Also, CloudFront requires an ACM certificate in us-east-1 for custom domain names, so reusing the existing certificate from the ALB is not the right assumption.

  Option B introduces significant multi-Region infrastructure cost and management overhead.

  Option C is unnecessarily complex because multiple S3 buckets in multiple Regions are not required when CloudFront can cache globally from a single origin.

  AWS best practices for static web applications recommend Amazon S3 for storage and Amazon CloudFront for global distribution. This approach provides strong performance, simplicity, and cost optimization.

• Question 338:

  A solutions architect needs to implement a solution that can handle up to 5,000 messages per second. The solution must publish messages as events to multiple consumers. The messages are up to 500 KB in size.

  The message consumers need to have the ability to use multiple programming languages to consume the messages with minimal latency. The solution must retain published messages for more than 3 months. The solution must enforce strict ordering of the messages.

  Which solution will meet these requirements?

  A. Publish messages to an Amazon Kinesis Data Streams data stream. Enable enhanced fan-out. Ensure that consumers ingest the data stream by using dedicated throughput.
  B. Publish messages to an Amazon Simple Notification Service (Amazon SNS) topic. Ensure that consumers use an Amazon Simple Queue Service (Amazon SQS) FIFO queue to subscribe to the topic.
  C. Publish messages to Amazon EventBridge. Allow each consumer to create rules to deliver messages to the consumer's own target.
  D. Publish messages to an Amazon Simple Notification Service (Amazon SNS) topic. Ensure that consumers use Amazon Data Firehose to subscribe to the topic.
  A. Publish messages to an Amazon Kinesis Data Streams data stream. Enable enhanced fan-out. Ensure that consumers ingest the data stream by using dedicated throughput.

  ---

  Explanation

  AmazonKinesis Data Streamsis the best choice for this scenario: Message throughput: Kinesis Data Streams supports high throughput with enhanced fan-out and dedicated throughput for consumers.

  Large message size: Supports message sizes up to 1 MB, meeting the 500 KB requirement.

  Message retention: Data streams can retain messages for up to 365 days.

  Strict ordering: Guarantees message ordering within shards.

  Why other options are not correct:

  Option B:While SQS FIFO supports strict ordering, SNS topics do not. SNS also does not natively support message retention or strict ordering across consumers.Does not meet requirements.

  Option C: EventBridge does not provide strict ordering guarantees or message retention beyond 24 hours.Does not meet requirements.

  Option D: SNS topics with Data Firehose are not designed for use cases requiring strict ordering or long message retention.Does not meet requirements.

  References:

  Amazon Kinesis Data Streams:AWS Documentation - Kinesis Data Streams

  AWS Messaging Services Comparison:AWS Documentation - Messaging Services

• Question 339:

  The lead member of a DevOps team creates an AWS account. A DevOps engineer shares the account credentials with a solutions architect through a password manager application.

  The solutions architect needs to secure the root user for the new account.

  Which actions will meet this requirement? (Choose Two.)

  A. Update the root user password to a new, strong password.
  B. Secure the root user account by using a virtual multi-factor authentication (MFA) device.
  C. Create an IAM user for each member of the DevOps team. Assign the AdministratorAccess AWS managed policy to each IAM user.
  D. Create root user access keys. Save the keys as a new parameter in AWS Systems Manager Parameter Store.
  E. Update the IAM role for the root user to ensure the root user can use only approved services.
  A. Update the root user password to a new, strong password.
  B. Secure the root user account by using a virtual multi-factor authentication (MFA) device.

  ---

  Explanation

  Securing the root user account requires setting a strong password and enabling multi-factor authentication (MFA). AWS recommends never sharing the root user credentials, setting up individual IAM users for everyday operations, and always protecting the root user with MFA for maximum security.

  References:

  " AWS recommends securing the root user with a strong password and enabling multi-factor authentication (MFA). Do not use or share root credentials for everyday tasks. "

• Question 340:

  A company's web application consists of an Amazon API Gateway API in front of an AWS Lambda function and an Amazon DynamoDB database. The Lambda function handles the business logic, and the DynamoDB table hosts the data. The application uses Amazon Cognito user pools to identify the individual users of the application. A solutions architect needs to update the application so that only users who have a subscription can access premium content.

  Which solution will meet this requirement with the LEAST operational overhead?

  A. Enable API caching and throttling on the API Gateway API.
  B. Set up AWS WAF on the API Gateway API. Create a rule to filter users who have a subscription.
  C. Apply fine-grained IAM permissions to the premium content in the DynamoDB table.
  D. Implement API usage plans and API keys to limit the access of users who do not have a subscription.
  D. Implement API usage plans and API keys to limit the access of users who do not have a subscription.