An ecommerce company runs its application on AWS. The application uses an Amazon Aurora PostgreSQL cluster in Multi-AZ mode for the underlying database. During a recent promotional campaign, the application experienced heavy read load and write load. Users experienced timeout issues when they attempted to access the application.
A solutions architect needs to make the application architecture more scalable and highly available.
Which solution will meet these requirements with the LEAST downtime?
A. Create an Amazon EventBridge rule that has the Aurora cluster as a source. Create an AWS Lambda function to log the state change events of the Aurora cluster. Add the Lambda function as a target for the EventBridge rule. Add additional reader nodes to fail over to. B. Modify the Aurora cluster and activate the zero-downtime restart (ZDR) feature. Use Database Activity Streams on the cluster to track the cluster status. C. Add additional reader instances to the Aurora cluster. Create an Amazon RDS Proxy target group for the Aurora cluster. D. Create an Amazon ElastiCache for Redis cache. Replicate data from the Aurora cluster to Redis by using AWS Database Migration Service (AWS DMS) with a write-around approach.
C. Add additional reader instances to the Aurora cluster. Create an Amazon RDS Proxy target group for the Aurora cluster.
Question 392:
A company runs an application on Amazon EC2 instances. The instances need to access an Amazon RDS database by using specific credentials. The company uses AWS Secrets Manager to contain the credentials the EC2 instances must use.
Which solution will meet this requirement?
A. Create an IAM role, and attach the role to each EC2 instance profile. Use an identity-based policy to grant the new IAM role access to the secret that contains the database credentials. B. Create an IAM user, and attach the user to each EC2 instance profile. Use a resource-based policy to grant the new IAM user access to the secret that contains the database credentials. C. Create a resource-based policy for the secret that contains the database credentials. Use EC2 Instance Connect to access the secret. D. Create an identity-based policy for the secret that contains the database credentials. Grant direct access to the EC2 instances.
A. Create an IAM role, and attach the role to each EC2 instance profile. Use an identity-based policy to grant the new IAM role access to the secret that contains the database credentials.
Explanation
IAM Role: Attaching an IAM role to an EC2 instance profile is a secure way to manage permissions without embedding credentials.
AWS Secrets Manager: Grants controlled access to database credentials and automatically rotates secrets if configured.
Identity-Based Policy: Ensures the IAM role only has access to specific secrets, enhancing security.
AWS Secrets Manager Documentation
Question 393:
A company recently migrated its web application to the AWS Cloud. The company uses an Amazon EC2 instance to run multiple processes to host the application. The processes include an Apache web server that serves static content. The Apache web server makes requests to a PHP application that uses a local Redis server for user sessions.
The company wants to redesign the architecture to be highly available and to use AWS managed solutions.
Which solution will meet these requirements?
A. Use AWS Elastic Beanstalk to host the static content and the PHP application. Configure Elastic Beanstalk to deploy its EC2 instance into a public subnet. Assign a public IP address. B. Use AWS Lambda to host the static content and the PHP application. Use an Amazon API Gateway REST API to proxy requests to the Lambda function. Set the API Gateway CORS configuration to respond to the domain name. Configure Amazon ElastiCache for Redis to handle session information. C. Keep the backend code on the EC2 instance. Create an Amazon ElastiCache for Redis cluster that has Multi-AZ enabled. Configure the ElastiCache for Redis cluster in cluster mode. Copy the frontend resources to Amazon S3. Configure the backend code to reference the EC2 instance. D. Configure an Amazon CloudFront distribution with an Amazon S3 endpoint to an S3 bucket that is configured to host the static content. Configure an Application Load Balancer that targets an Amazon Elastic Container Service (Amazon ECS) service that runs AWS Fargate tasks for the PHP application. Configure the PHP application to use an Amazon ElastiCache for Redis cluster that runs in multiple Availability Zones.
D. Configure an Amazon CloudFront distribution with an Amazon S3 endpoint to an S3 bucket that is configured to host the static content. Configure an Application Load Balancer that targets an Amazon Elastic Container Service (Amazon ECS) service that runs AWS Fargate tasks for the PHP application. Configure the PHP application to use an Amazon ElastiCache for Redis cluster that runs in multiple Availability Zones.
Question 394:
A company runs a high-traffic web application that has a three-tier architecture consisting of a web layer, an application layer, and a database layer. The web layer and application layer run on Amazon EC2 instances behind an Application Load Balancer (ALB). The application layer is stateless and supports automatic scaling. The database layer uses Amazon RDS for MySQL in a Multi-AZ configuration and relies on a relational architecture.
The company is preparing for a large marketing event that is expected to drive a sharp increase in read traffic. The company must ensure that the application remains highly available and responsive under load.
The company wants to scale the application's architecture components but does not want to modify the application.
Which combination of solutions will meet these requirements? (Choose Three.)
A. Deploy an Amazon CloudFront distribution. Specify the web layer as the origin. B. Enable automatic scaling for EC2 instances in the application layer. C. Migrate the database to Amazon Aurora. Configure Aurora Auto Scaling and Aurora Replicas. D. Set up an Amazon ElastiCache (Redis OSS) cluster in front of the database. E. Replace the ALB with a Network Load Balancer (NLB). F. Migrate the database to an Amazon DynamoDB table.
A. Deploy an Amazon CloudFront distribution. Specify the web layer as the origin. B. Enable automatic scaling for EC2 instances in the application layer. C. Migrate the database to Amazon Aurora. Configure Aurora Auto Scaling and Aurora Replicas.
Explanation
The correct answers are Option A, Option B, and Option C because the company needs to handle a sharp increase in read traffic, maintain high availability, and avoid application changes. These three options improve scaling at different layers of the architecture while remaining aligned with the current application design.
Option A: Amazon CloudFront helps reduce load on the web tier by caching content closer to users at edge locations. This improves responsiveness and reduces the number of requests that must reach the origin web servers during the marketing event. It is a common way to scale web traffic without changing the application.
Option B: Auto Scaling for the application layer is also appropriate because the application layer is already described as stateless and supports automatic scaling.
Adding or removing EC2 instances based on demand helps the application remain responsive under high load.
Option C: Amazon Aurora with Aurora Replicas and Aurora Auto Scaling is the best way to scale the relational database layer for read-heavy workloads. Aurora Replicas can offload read traffic from the writer instance, and Aurora Auto Scaling can automatically adjust replica capacity based on demand. This preserves the relational architecture while improving read scalability and availability.
Option D can reduce database read pressure, but adding ElastiCache effectively requires the application to use the cache, which conflicts with the requirement to avoid modifying the application.
Option E is incorrect because replacing the ALB with an NLB does not solve the application's scaling or read-traffic bottlenecks.
Option F is incorrect because migrating from a relational database to DynamoDB would require a major redesign, so the best combination is CloudFront Auto Scaling for the stateless application tier,, and Aurora with read scaling features.
Question 395:
A company hosts a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The website serves static content. Website traffic is increasing. The company wants to minimize the website hosting costs.
Which solution will meet these requirements?
A. Move the website to an Amazon S3 bucket. Configure an Amazon CloudFront distribution for the S3 bucket. B. Move the website to an Amazon S3 bucket. Configure an Amazon ElastiCache cluster for the S3 bucket. C. Move the website to AWS Amplify. Configure an ALB to resolve to the Amplify website. D. Move the website to AWS Amplify. Configure EC2 instances to cache the website.
A. Move the website to an Amazon S3 bucket. Configure an Amazon CloudFront distribution for the S3 bucket.
Question 396:
A company runs game applications on AWS. The company needs to collect, visualize, and analyze telemetry data from the company's game servers. The company wants to gain insights into the behavior, performance, and health of game servers in near real time.
Which solution will meet these requirements?
A. Use Amazon Kinesis Data Streams to collect telemetry data. Use Amazon Managed Service for Apache Flink to process the data in near real time and publish custom metrics to Amazon CloudWatch. Use Amazon CloudWatch to create dashboards and alarms from the custom metrics. B. Use Amazon Data Firehose to collect, process, and store telemetry data in near real time. Use AWS Glue to extract, transform, and load (ETL) data from Firehose into required formats for analysis. Use Amazon QuickSight to visualize and analyze the data. C. Use Amazon Kinesis Data Streams to collect, process, and store telemetry data. Use Amazon EMR to process the data in near real time into required formats for analysis. Use Amazon Athena to analyze and visualize the data. D. Use Amazon DynamoDB Streams to collect and store telemetry data. Configure DynamoDB Streams to invoke AWS Lambda functions to process the data in near real time. Use Amazon Managed Grafana to visualize and analyze the data.
A. Use Amazon Kinesis Data Streams to collect telemetry data. Use Amazon Managed Service for Apache Flink to process the data in near real time and publish custom metrics to Amazon CloudWatch. Use Amazon CloudWatch to create dashboards and alarms from the custom metrics.
Explanation
Amazon Kinesis Data Streams is designed for low-latency ingestion of streaming data. Combined with Amazon Managed Service for Apache Flink, telemetry can be processed and aggregated in near real time.
Processed metrics can be sent to Amazon CloudWatch, which natively supports creating dashboards, metrics visualization, and alarms. Firehose (B) is primarily for batch ingestion and delivery, not real-time analytics. EMR with Athena (C) introduces more complexity and is better for large-scale offline analytics.
DynamoDB Streams (D) is not a fit because telemetry data is not stored in DynamoDB. Therefore, option A provides the most suitable and real-time analytics pipeline for telemetry data.
References:
Amazon Kinesis Data Streams Developer Guide -- Real-time data ingestion?Amazon Managed Service for Apache Flink Developer Guide -- Real-time stream processing
Question 397:
A company uses AWS Organizations to manage multiple AWS accounts. The company needs a secure, event-driven architecture in which specific Amazon SNS topics in Account A can publish messages to specific Amazon SQS queues in Account B.
Which solution meets these requirements while maintaining least privilege?
A. Create a new IAM role in Account A that can publish to any SQS queue. Share the role ARN with Account B. Configure SNS topics to publish to any queue. Encrypt the queue with an AWS KMS key. C. Modify the SQS queue policies in Account B to allow only specific SNS topic ARNs from Account A to publish messages. Ensure the SNS topics have publish permissions for the specific queue ARN. D. Create a shared IAM role across both accounts with permission to publish to all SQS queues. Enable cross-account access.
C. Modify the SQS queue policies in Account B to allow only specific SNS topic ARNs from Account A to publish messages. Ensure the SNS topics have publish permissions for the specific queue ARN.
Explanation
AWS documentation states that the correct and least-privilege method for cross-account SNS-to-SQS integration is: Add specific SNS topic ARNs to the SQS queue policy.
Allow only those topics to publish messages to the queue.
Ensure SNS has permission to publish to the specific queue ARN.
This ensures strict scoping and adheres to least privilege.
Options A and D grant overly broad permissions. Option B allows publishing to any queue, which violates least privilege.
Question 398:
A company is using an Application Load Balancer (ALB) to present its application to the internet. The company finds abnormal traffic access patterns across the application. A solutions architect needs to improve visibility into the infrastructure to help the company understand these abnormalities better.
What is the MOST operationally efficient solution that meets these requirements?
A. Create a table in Amazon Athena for AWS CloudTrail logs. Create a query for the relevant information. B. Enable ALB access logging to Amazon S3. Create a table in Amazon Athena, and query the logs. C. Enable ALB access logging to Amazon S3. Open each file in a text editor, and search each line for the relevant information. D. Use Amazon EMR on a dedicated Amazon EC2 instance to directly query the ALB to acquire traffic access log information.
B. Enable ALB access logging to Amazon S3. Create a table in Amazon Athena, and query the logs.
Question 399:
A company seeks a storage solution for its application. The solution must be highly available and scalable.
The solution also must function as a file system be mountable by multiple Linux instances in AWS and on premises through native protocols, and have no minimum size requirements. The company has set up a Site-to-Site VPN for access from its on-premises network to its VPC.
Which storage solution meets these requirements?
A. Amazon FSx Multi-AZ deployments B. Amazon Elastic Block Store (Amazon EBS) Multi-Attach volumes C. Amazon Elastic File System (Amazon EFS) with multiple mount targets D. Amazon Elastic File System (Amazon EFS) with a single mount target and multiple access points
C. Amazon Elastic File System (Amazon EFS) with multiple mount targets
Question 400:
A company migrated a MySQL database from the company's on-premises data center to an Amazon RDS for MySQL DB instance. The company sized the RDS DB instance to meet the company's average daily workload. Once a month, the database performs slowly when the company runs queries for a report. The company wants to have the ability to run reports and maintain the performance of the daily workloads.
Which solution will meet these requirements?
A. Create a read replica of the database. Direct the queries to the read replica. B. Create a backup of the database. Restore the backup to another DB instance. Direct the queries to the new database. C. Export the data to Amazon S3. Use Amazon Athena to query the S3 bucket. D. Resize the DB instance to accommodate the additional workload.
A. Create a read replica of the database. Direct the queries to the read replica.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.