Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 381:

  A company has data collection sensors at different locations. The data collection sensors stream a high volume of data to the company. The company wants to design a platform on AWS to ingest and process high-volume streaming data. The solution must be scalable and support data collection in near real time.

  The company must store the data in Amazon S3 for future reporting.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Use Amazon Kinesis Data Firehose to deliver streaming data to Amazon S3.
  B. Use AWS Glue to deliver streaming data to Amazon S3.
  C. Use AWS Lambda to deliver streaming data and store the data to Amazon S3.
  D. Use AWS Database Migration Service (AWS DMS) to deliver streaming data to Amazon S3.
  A. Use Amazon Kinesis Data Firehose to deliver streaming data to Amazon S3.

• Question 382:

  An analytics application runs on multiple Amazon EC2 Linux instances that use Amazon Elastic File System (Amazon EFS) Standard storage. The files vary in size and access frequency. The company accesses the files infrequently after 30 days. However, users sometimes request older files to generate reports.

  The company wants to reduce storage costs for files that are accessed infrequently. The company also wants throughput to adjust based on the size of the file system. The company wants to use the TransitionToIA Amazon EFS lifecycle policy to transition files to Infrequent Access (IA) storage after 30 days.

  Which solution will meet these requirements?

  A. Configure files to transition back to Standard storage when a user accesses the files again. Specify the provisioned throughput mode.
  B. Specify the provisioned throughput mode only.
  C. Configure files to transition back to Standard storage when a user accesses the files again. Specify the bursting throughput mode.
  D. Specify the bursting throughput mode only.
  C. Configure files to transition back to Standard storage when a user accesses the files again. Specify the bursting throughput mode.

  ---

  Explanation

  Amazon EFS allows automatic transitions to Infrequent Access (IA) and back to Standard when accessed again using the lifecycle policy.

  By specifying the bursting throughput mode, throughput scales automatically with file system size.

  "With EFS Lifecycle Management, you can automatically move files to EFS Infrequent Access storage and automatically return them to Standard storage when accessed."

  "The Bursting Throughput mode scales with your file system size."

  -- Amazon EFS Lifecycle Management

  This option matches all requirements:

  Auto transition to IA after 30 days.

  Auto transition back to Standard on access.

  Bursting throughput for scaling with file system size.

• Question 383:

  A law firm needs to make hundreds of files readable for the general public. The law firm must prevent members of the public from modifying or deleting the files before a specified future date.

  Which solution will meet these requirements MOST securely?

  A. Upload the files to an Amazon S3 bucket that is configured for static website hosting. Grant read-only IAM permissions to any AWS principals that access the S3 bucket until the specified date.
  B. Create a new Amazon S3 bucket. Enable S3 Versioning. Use S3 Object Lock and set a retention period based on the specified date. Create an Amazon CloudFront distribution to serve content from the bucket. Use an S3 bucket policy to restrict access to the CloudFront origin access control (OAC).
  C. Create a new Amazon S3 bucket. Enable S3 Versioning. Configure an event trigger to run an AWS Lambda function if a user modifies or deletes an object. Configure the Lambda function to replace the modified or deleted objects with the original versions of the objects from a private S3 bucket.
  D. Upload the files to an Amazon S3 bucket that is configured for static website hosting. Select the folder that contains the files. Use S3 Object Lock with a retention period based on the specified date. Grant read-only IAM permissions to any AWS principals that access the S3 bucket.
  B. Create a new Amazon S3 bucket. Enable S3 Versioning. Use S3 Object Lock and set a retention period based on the specified date. Create an Amazon CloudFront distribution to serve content from the bucket. Use an S3 bucket policy to restrict access to the CloudFront origin access control (OAC).

  ---

  Explanation

  S3 Object Lock: Enables Write Once Read Many (WORM) protection for data, preventing objects from being deleted or modified for a set retention period.

  S3 Versioning: Helps maintain object versions and ensures a recovery path for accidental overwrites.

  CloudFront Distribution: Ensures secure and efficient public access by serving content through an edge-optimized delivery network while protecting S3 data with OAC.

  Bucket Policy for OAC: Restricts public access to only the CloudFront origin, ensuring maximum security.

  Amazon S3 Object Lock Documentation

• Question 384:

  A retail company has several businesses. The IT team for each business manages its own AWS account.

  Each team account is part of an organization in AWS Organizations. Each team monitors its product inventory levels in an Amazon DynamoDB table in the team's own AWS account. The company is deploying a central inventory reporting application into a shared AWS account. The application must be able to read items from all the teams' DynamoDB tables.

  Which authentication option will meet these requirements MOST securely?

  A. Integrate DynamoDB with AWS Secrets Manager in the inventory application account. Configure the application to use the correct secret from Secrets Manager to authenticate and read the DynamoDB table. Schedule secret rotation for every 30 days.
  B. In every business account, create an IAM user that has programmatic access. Configure the application to use the correct IAM user access key ID and secret access key to authenticate and read the DynamoDB table. Manually rotate IAM access keys every 30 days.
  C. In every business account, create an IAM role named BU_ROLE with a policy that gives the role access to the DynamoDB table and a trust policy to trust a specific role in the inventory application account. In the inventory account, create a role named APP_ROLE that allows access to the STS AssumeRole API operation. Configure the application to use APP_ROLE and assume the crossaccount role BU_ROLE to read the DynamoDB table.
  D. Integrate DynamoDB with AWS Certificate Manager (ACM). Generate identity certificates to authenticate DynamoDB. Configure the application to use the correct certificate to authenticate and read the DynamoDB table.
  C. In every business account, create an IAM role named BU_ROLE with a policy that gives the role access to the DynamoDB table and a trust policy to trust a specific role in the inventory application account. In the inventory account, create a role named APP_ROLE that allows access to the STS AssumeRole API operation. Configure the application to use APP_ROLE and assume the crossaccount role BU_ROLE to read the DynamoDB table.

• Question 385:

  A company has an on-premises business application that generates hundreds of files each day. These files are stored on an SMB file share and require a low-latency connection to the application servers. A new company policy states all application-generated files must be copied to AWS. There is already a VPN connection to AWS. The application development team does not have time to make the necessary code modifications to move the application to AWS.

  Which service should a solutions architect recommend to allow the application to copy files to AWS?

  A. Amazon Elastic File System (Amazon EFS)
  B. Amazon FSx for Windows File Server
  C. AWS Snowball
  D. AWS Storage Gateway
  D. AWS Storage Gateway

• Question 386:

  A company wants to share accounting data with an external auditor. The data is stored in an Amazon RDS DB instance that resides in a private subnet. The auditor has its own AWS account and requires its own copy of the database.

  What is the MOST secure way for the company to share the database with the auditor?

  A. Create a read replica of the database. Configure IAM standard database authentication to grant the auditor access.
  B. Export the database contents to text files. Store the files in an Amazon S3 bucket. Create a new IAM user for the auditor. Grant the user access to the S3 bucket.
  C. Copy a snapshot of the database to an Amazon S3 bucket. Create an IAM user. Share the user's keys with the auditor to grant access to the object in the S3 bucket.
  D. Create an encrypted snapshot of the database. Share the snapshot with the auditor. Allow access to the AWS Key Management Service (AWS KMS) encryption key.
  D. Create an encrypted snapshot of the database. Share the snapshot with the auditor. Allow access to the AWS Key Management Service (AWS KMS) encryption key.

• Question 387:

  A company runs a payment processing system in the AWS Cloud Sometimes when a payment fails because of insufficient funds or technical issues, users attempt to resubmit the payment. Sometimes payment resubmissions invoke multiple payment messages for the same payment ID.

  A solutions architect needs to ensure that the payment processing system receives payment messages that have the same payment ID sequentially, according to when the messages were generated. The processing system must process the messages in the order in which the messages are received. The solution must retain all payment messages for 10 days for analytics.

  Which solutions will meet these requirements? (Choose Two.)

  A. Write the payment messages to an Amazon DynamoDB table that uses the payment ID as the partition key.
  B. Write the payment messages to an Amazon Kinesis data stream that uses the payment ID as the partition key.
  C. Write the payment messages to an Amazon ElastiCache for Memcached cluster that uses the payment ID as the key
  D. Write the payment messages to an Amazon Simple Queue Service (Amazon SQS) queue. Set the message attribute to use the payment ID.
  E. Write the payment messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue Set the message group to use the payment ID.
  B. Write the payment messages to an Amazon Kinesis data stream that uses the payment ID as the partition key.
  E. Write the payment messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue Set the message group to use the payment ID.

  ---

  Explanation

  BothAmazon KinesisandSQS FIFOqueues ensure the sequential processing of messages. By using the payment ID as the partition key in Kinesis or as the message group in the SQS FIFOqueue, messages are processed in order. Both solutions also allow for long-term retention (up to 10 days) of messages, making them suitable for this payment processing use case.

  Option A (DynamoDB): DynamoDB does not guarantee message ordering for real-time processing.

  Option C (ElastiCache): ElastiCache is for caching, not suitable for sequential message processing.

  Option D (Standard SQS queue): A standard SQS queue does not guarantee ordering of messages.

  References:

  Amazon Kinesis

  Amazon SQS FIFO Queues

• Question 388:

  A company needs to optimize the cost of its Amazon EC2 instances. The company also needs to change the type and family of its EC2 instances every 2-3 months.

  What should the company do to meet these requirements?

  A. Purchase Partial Upfront Reserved Instances for a 3-year term.
  B. Purchase a No Upfront Compute Savings Plan for a 1-year term.
  C. Purchase All Upfront Reserved Instances for a 1-year term.
  D. Purchase an All Upfront EC2 Instance Savings Plan for a 1-year term.
  B. Purchase a No Upfront Compute Savings Plan for a 1-year term.

• Question 389:

  A company's application integrates with multiple software-as-a-service (SaaS) sources for data collection.

  The company runs Amazon EC2 instances to receive the data and to upload the data to an Amazon S3 bucket for analysis. The same EC2 instance that receives and uploads the data also sends a notification to the user when an upload is complete. The company has noticed slow application performance and wants to improve the performance as much as possible.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Create an Auto Scaling group so that EC2 instances can scale out. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
  B. Create an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
  C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for each SaaS source to send output data. Configure the S3 bucket as the rule's target. Create a second EventBridge (Cloud Watch Events) rule to send events when the upload to the S3 bucket is complete. Configure an Amazon Simple Notification Service (Amazon SNS) topic as the second rule's target.
  D. Create a Docker container to use instead of an EC2 instance. Host the containerized application on Amazon Elastic Container Service (Amazon ECS). Configure Amazon CloudWatch Container Insights to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
  B. Create an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

• Question 390:

  A company needs a secure connection between its on-premises environment and AWS. This connection does not need high bandwidth and will handle a small amount of traffic. The connection should be set up quickly.

  What is the MOST cost-effective method to establish this type of connection?

  A. Implement a client VPN.
  B. Implement AWS Direct Connect.
  C. Implement a bastion host on Amazon EC2.
  D. Implement an AWS Site-to-Site VPN connection.
  D. Implement an AWS Site-to-Site VPN connection.