Amazon Amazon Certifications SAA-C03 Questions & Answers

• Question 521:

  A company is building a new dynamic ordering website. The company wants to minimize server maintenance and patching. The website must be highly available and must scale read and write capacity as quickly as possible to meet changes in user demand.

  Which solution will meet these requirements?

  A. Host static content in Amazon S3 Host dynamic content by using Amazon API Gateway and AWS Lambda Use Amazon DynamoDB with on-demand capacity for the database Configure Amazon CloudFront to deliver the website content

  B. Host static content in Amazon S3 Host dynamic content by using Amazon API Gateway and AWS Lambda Use Amazon Aurora with Aurora Auto Scaling for the database Configure Amazon CloudFront to deliver the website content

  C. Host al the website content on Amazon EC2 instances Create an Auto Scaling group to scale the EC2 Instances Use an Application Load Balancer to distribute traffic Use Amazon DynamoDB with provisioned write capacity for the database

  D. Host at the website content on Amazon EC2 instances Create an Auto Scaling group to scale the EC2 instances Use an Application Load Balancer to distribute traffic Use Amazon Aurora with Aurora Auto Scaling for the database

  Correct Answer: A

  Minimize maintenance and Patching = Serverless S3, DynamoDB are serverless

• Question 522:

  A company plans to use Amazon ElastiCache for its multi-tier web application. A solutions architect creates a Cache VPC for the ElastiCache cluster and an App VPC for the application's Amazon EC2 instances. Both VPCs are in the us-east1 Region.

  The solutions architect must implement a solution to provide the application's EC2 instances with access to the ElastiCache cluster.

  Which solution will meet these requirements MOST cost-effectively?

  A. Create a peering connection between the VPCs. Add a route table entry for the peering connection in both VPCs. Configure an inbound rule for the ElastiCache cluster's security group to allow inbound connection from the application's security group.

  B. Create a Transit VPC. Update the VPC route tables in the Cache VPC and the App VPC to route traffic through the Transit VPC. Configure an inbound rule for the ElastiCache cluster's security group to allow inbound connection from the application's security group.

  C. Create a peering connection between the VPCs. Add a route table entry for the peering connection in both VPCs. Configure an inbound rule for the peering connection's security group to allow inbound connection from the application's security group.

  D. Create a Transit VPC. Update the VPC route tables in the Cache VPC and the App VPC to route traffic through the Transit VPC. Configure an inbound rule for the Transit VPC's security group to allow inbound connection from the application's security group.

  Correct Answer: A

  Creating a peering connection between the VPCs allows the application's EC2 instances to communicate with the ElastiCache cluster directly and efficiently. This is the most cost-effective solution as it does not involve creating additional resources such as a Transit VPC, and it does not incur additional costs for traffic passing through the Transit VPC. Additionally, it is also more secure as it allows you to configure a more restrictive security group rule to allow inbound connection from only the application's security group.

• Question 523:

  A solutions architect is implementing a document review application using an Amazon S3 bucket for storage. The solution must prevent accidental deletion of the documents and ensure that all versions of the documents are available. Users must be able to download, modify, and upload documents.

  Which combination of actions should be taken to meet these requirements? (Choose two.)

  A. Enable a read-only bucket ACL.

  B. Enable versioning on the bucket.

  C. Attach an IAM policy to the bucket.

  D. Enable MFA Delete on the bucket.

  E. Encrypt the bucket using AWS KMS.

  Correct Answer: BD

• Question 524:

  A company has a three-tier application on AWS that ingests sensor data from its users' devices The traffic flows through a Network Load Balancer (NLB) then to Amazon EC2 instances for the web tier and finally to EC2 instances for the application tier The application tier makes calls to a database

  What should a solutions architect do to improve the security of the data in transit?

  A. Configure a TLS listener Deploy the server certrficate on the NLB

  B. Configure AWS Shield Advanced Enable AWS WAF on the NLB

  C. Change the load balancer to an Application Load Balancer (ALB) Enable AWS WAF on the ALB

  D. Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances by using AWS Key Management Service (AWS KMS)

  Correct Answer: A

  The best option to improve the security of the data in transit is to configure a TLS listener and deploy the server certificate on the NLB. This will ensure that the data is encrypted and secure as it travels through the network. Additionally, you could also configure AWS Shield Advanced and enable AWS WAF on the NLB to further protect the network from malicious attacks. Alternatively, you could also change the load balancer to an Application Load Balancer (ALB) and enable AWS WAF on the ALB. Finally, you could also encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances by using AWS Key Management Service (AWS KMS). You must specify an SSL certificate for a TLS listener. The load balancer uses the certificate to terminate the connection and decrypt requests from clients before routing them to targets. https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-listener.html

• Question 525:

  A company wants to implement a disaster recovery plan for its primary on-premises file storage volume. The file storage volume is mounted from an Internet Small Computer Systems Interface (iSCSI) device on a local storage server. The file storage volume holds hundreds of terabytes (TB) of data.

  The company wants to ensure that end users retain immediate access to all file types from the on-premises systems without experiencing latency.

  Which solution will meet these requirements with the LEAST amount of change to the company's existing infrastructure?

  A. Provision an Amazon S3 File Gateway as a virtual machine (VM) that is hosted on premises. Set the local cache to 10 TB. Modify existing applications to access the files through the NFS protocol. To recover from a disaster, provision an Amazon EC2 instance and mount the S3 bucket that contains the files.

  B. Provision an AWS Storage Gateway tape gateway. Use a data backup solution to back up all existing data to a virtual tape library. Configure the data backup solution to run nightly after the initial backup is complete. To recover from a disaster, provision an Amazon EC2 instance and restore the data to an Amazon Elastic Block Store (Amazon EBS) volume from the volumes in the virtual tape library.

  C. Provision an AWS Storage Gateway Volume Gateway cached volume. Set the local cache to 10 TB. Mount the Volume Gateway cached volume to the existing file server by using iSCSI. and copy all files to the storage volume. Configure scheduled snapshots of the storage volume. To recover from a disaster, restore a snapshot to an Amazon Elastic Block Store (Amazon EBS) volume and attach the EBS volume to an Amazon EC2 instance.

  D. Provision an AWS Storage Gateway Volume Gateway stored volume with the same amount of disk space as the existing file storage volume. Mount the Volume Gateway stored volume to the existing file server by using iSCSI, and copy all files to the storage volume. Configure scheduled snapshots of the storage volume. To recover from a disaster, restore a snapshot to an Amazon Elastic Block Store (Amazon EBS) volume and attach the EBS volume to an Amazon EC2 instance.

  Correct Answer: D

  Stored Volume Gateway will retain ALL data locally whereas Cached Volume Gateway retains frequently accessed data locally

• Question 526:

  A company's security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently. What should a solutions architect do to meet these requirements when configuring the logs?

  A. Use Amazon CloudWatch as the target. Set the CloudWatch log group with an expiration of 90 days

  B. Use Amazon Kinesis as the target. Configure the Kinesis stream to always retain the logs for 90 days.

  C. Use AWS CloudTrail as the target. Configure CloudTrail to save to an Amazon S3 bucket, and enable S3 Intelligent-Tiering.

  D. Use Amazon S3 as the target. Enable an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days.

  Correct Answer: D

  By using Amazon S3 as the target for the VPC Flow Logs, the logs can be easily stored and accessed by the security team. Enabling an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days will automatically move the logs to a storage class that is optimized for infrequent access, reducing the storage costs for the company. The security team will still be able to access the logs as needed, even after they have been transitioned to S3 Standard-IA, but the storage cost will be optimized.

  https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3

• Question 527:

  A company runs an internal browser-based application The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales up to 20 instances during work hours but scales down to 2 instances overnight Staff are complaining that the application is very slow when the day begins although it runs well by mid-morning.

  How should the scaling be changed to address the staff complaints and keep costs to a minimum'?

  A. Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens

  B. Implement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period.

  C. Implement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period.

  D. Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens

  Correct Answer: C

  This option will scale up capacity faster in the morning to improve performance, but will still allow capacity to scale down during off hours. It achieves this as follows:

  A target tracking action scales based on a CPU utilization target. By triggering at a lower CPU threshold in the morning, the Auto Scaling group will start scaling up sooner as traffic ramps up, launching instances before utilization gets too high

  and impacts performance.

  Decreasing the cooldown period allows Auto Scaling to scale more aggressively, launching more instances faster until the target is reached. This speeds up the ramp-up of capacity. However, unlike a scheduled action to set a fixed minimum/

  maximum capacity, with target tracking the group can still scale down during off hours based on demand. This helps minimize costs.

• Question 528:

  A company uses a 100 GB Amazon RDS for Microsoft SQL Server Single-AZ DB instance in the us-east-1 Region to store customer transactions. The company needs high availability and automate recovery for the DB instance.

  The companu must also run reports on the RDS database several times a year. The report process causes transactions to take longer than usual to post to the customer` accounts.

  Which combination of steps will meet these requirements? (Select TWO.)

  A. Modify the DB instance from a Single-AZ DB instance to a Multi-AZ deployment.

  B. Take a snapshot of the current DB instance. Restore the snapshot to a new RDS deployment in another Availability Zone.

  C. Create a read replica of the DB instance in a different Availability Zone. Point All requests for reports to the read replica.

  D. Migrate the database to RDS Custom.

  E. Use RDS Proxy to limit reporting requests to the maintenance window.

  Correct Answer: AC

  https://medium.com/awesome-cloud/aws-difference-between-multi-az-and-read-replicas-in-amazon-rds-60fe848ef53a

• Question 529:

  A company hosts its web application on AWS using seven Amazon EC2 instances. The company requires that the IP addresses of all healthy EC2 instances be returned in response to DNS queries. Which policy should be used to meet this requirement?

  A. Simple routing policy

  B. Latency routing policy

  C. Multivalue routing policy

  D. Geolocation routing policy

  Correct Answer: C

  Use a multivalue answer routing policy to help distribute DNS responses across multiple resources. For example, use multivalue answer routing when you want to associate your routing records with a Route 53 health check. For example, use multivalue answer routing when you need to return multiple values for a DNS query and route traffic to multiple IP addresses.

  https://aws.amazon.com/premiumsupport/knowledge-center/multivalue-versus-simple-policies/

• Question 530:

  A company has a web application with sporadic usage patterns There is heavy usage at the beginning of each month moderate usage at the start of each week and unpredictable usage during the week The application consists of a web server and a MySQL database server running inside the data center The company would like to move the application to the AWS Cloud and needs to select a cost-effective database platform that will not require database modifications

  Which solution will meet these requirements?

  A. Amazon DynamoDB

  B. Amazon RDS for MySQL

  C. MySQL-compatible Amazon Aurora Serverless

  D. MySQL deployed on Amazon EC2 in an Auto Scaling group

  Correct Answer: C

  Since we have sporadic and unpredictable usage for DB, Aurora Serverless would be fit more cost-efficient for this case scenario than RDS MySQL. https://www.techtarget.com/searchcloudcomputing/answer/When-should-I-use-Amazon-RDS-vs-Aurora-Serverless