Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 541:

  A company's compliance team needs to move its file shares to AWS. The shares run on a Windows Server SMB file share. A self-managed on-premises Active Directory controls access to the files and folders.

  The company wants to use Amazon FSx for Windows File Server as part of the solution. The company must ensure that the on-premises Active Directory groups restrict access to the FSx for Windows File Server SMB compliance shares, folders, and files after the move to AWS. The company has created an FSx for Windows File Server file system.

  Which solution will meet these requirements?

  A. Create an Active Directory Connector to connect to the Active Directory. Map the Active Directory groups to IAM groups to restrict access.
  B. Assign a tag with a Restrict tag key and a Compliance tag value. Map the Active Directory groups to IAM groups to restrict access.
  C. Create an IAM service-linked role that is linked directly to FSx for Windows File Server to restrict access.
  D. Join the file system to the Active Directory to restrict access.
  D. Join the file system to the Active Directory to restrict access.

• Question 542:

  A company is concerned about the security of its public web application due to recent web attacks. The application uses an Application Load Balancer (ALB). A solutions architect must reduce the risk of DDoS attacks against the application.

  What should the solutions architect do to meet this requirement?

  A. Add an Amazon Inspector agent to the ALB.
  B. Configure Amazon Macie to prevent attacks.
  C. Enable AWS Shield Advanced to prevent attacks.
  D. Configure Amazon GuardDuty to monitor the ALB.
  C. Enable AWS Shield Advanced to prevent attacks.

• Question 543:

  A company's infrastructure consists of Amazon EC2 instances and an Amazon RDS DB instance in a single AWS Region.

  The company wants to back up its data in a separate Region.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Use AWS Backup to copy EC2 backups and RDS backups to the separate Region.
  B. Use Amazon Data Lifecycle Manager (Amazon DLM) to copy EC2 backups and RDS backups to the separate Region.
  C. Create Amazon Machine Images (AMIs) of the EC2 instances. Copy the AMIs to the separate Region. Create a read replica for the RDS DB instance in the separate Region.
  D. Create Amazon Elastic Block Store (Amazon EBS) snapshots. Copy the EBS snapshots to the separate Region. Create RDS snapshots. Export the RDS snapshots to Amazon S3. Configure S3 Cross-Region Replication (CRR) to the separate Region.
  A. Use AWS Backup to copy EC2 backups and RDS backups to the separate Region.

• Question 544:

  A company is developing an application using Amazon Aurora MySQL. The team will frequently make schema changes to test new features without affecting production. After testing, changes must be promoted to production with minimal downtime.

  Which solution meets these requirements?

  A. Create a staging Aurora cluster based on the existing cluster. Test schema changes on the staging cluster.
  B. Create a read replica, modify its schema, and then promote it to primary.
  C. Create an Aurora MySQL blue/green deployment. Make schema changes in the staging environment and switch traffic after testing.
  D. Replicate the Aurora database to DynamoDB, apply schema changes, and switch the application to DynamoDB.
  C. Create an Aurora MySQL blue/green deployment. Make schema changes in the staging environment and switch traffic after testing.

  ---

  Explanation

  Aurora blue/green deployments are specifically designed for safe schema changes, zero-downtime updates, and production isolation.

  The staging (green) environment can receive schema changes without affecting production (blue). After validation, you perform a fast, minimally disruptive switchover that updates production.

  Read replicas (Option B) do not allow schema changes. Creating an independent staging cluster (Option

  A. does not provide automated, low-downtime cutover. DynamoDB (Option D) is not compatible with MySQL schemas.

• Question 545:

  A company is migrating an online marketplace application from a mainframe system to an Auto Scaling group of Amazon EC2 instances. The EC2 instances access an Amazon Aurora cluster. The application requires a scalable, persistent caching solution to store the results of in-progress transactions and SQL queries.

  Which solution will meet these requirements?

  A. Use an Amazon ElastiCache (Redis OSS) cluster to serve transaction and query results.
  B. Use an Amazon CloudFront distribution with an Amazon S3 bucket as the origin to cache the transactions. Add an Amazon EC2 instance store volume to the EC2 instances for query result caching.
  C. Use an Amazon ElastiCache (Memcached) cluster to serve transaction and query results.
  D. Use an Amazon ElastiCache (Redis OSS) cluster to cache the transactions. Add an Amazon EC2 instance store volume to the EC2 instances for query result caching.
  A. Use an Amazon ElastiCache (Redis OSS) cluster to serve transaction and query results.

  ---

  Explanation

  Why Option A is Correct:

  ElastiCache for Redis: Provides persistent, scalable caching for in-progress transactions and SQL queries.

  Redis supports data durability and advanced features, making it suitable for transactional workloads.

  Integration with Aurora: Easily integrates with the Aurora cluster to improve query performance.

  Why other options are not correct:

  Option B: CloudFront and S3 are unsuitable for transactional caching. EC2 instance store volumes are ephemeral and lack persistence.

  Option C: Memcached does not offer persistence or advanced transactional support, unlike Redis.

  Option D: Combining Redis with EC2 instance store is unnecessary; Redis alone meets all caching requirements.

  References:

  Amazon ElastiCache:AWS Documentation - ElastiCache

• Question 546:

  A company wants to reduce the cost of its existing three-tier web architecture. The web, application, and database servers are running on Amazon EC2 instances for the development, test, and production environments. The EC2 instances average 30% CPU utilization during peak hours and 10% CPU utilization during non-peak hours. The production EC2 instances run 24 hours a day. The development and test EC2 instances run for at least 8 hours each day. The company plans to implement automation to stop the development and test EC2 instances when they are not in use.

  Which EC2 instance purchasing solution will meet the company's requirements MOST cost-effectively?

  A. Use Spot Instances for the production EC2 instances. Use Reserved Instances for the development and test EC2 instances.
  B. Use Reserved Instances for the production EC2 instances. Use On-Demand Instances for the development and test EC2 instances.
  C. Use Spot blocks for the production EC2 instances. Use Reserved Instances for the development and test EC2 instances.
  D. Use On-Demand Instances for the production EC2 instances. Use Spot blocks for the development and test EC2 instances.
  B. Use Reserved Instances for the production EC2 instances. Use On-Demand Instances for the development and test EC2 instances.

• Question 547:

  A data science team requires storage for nightly log processing. The size and number of logs is unknown and the logs will persist for 24 hours only.

  What is the MOST cost-effective solution?

  A. Amazon S3 Glacier Deep Archive
  B. Amazon S3 Standard
  C. Amazon S3 Intelligent-Tiering
  D. Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
  B. Amazon S3 Standard

  ---

  Explanation

  For logs that are: Written and processed within a short period (24 hours)

  Accessed quickly for compute/analytics

  With unknown object count and size

  Amazon S3 Standard is the most appropriate and cost-effective. Intelligent-Tiering is designed for data stored for longer periods (typically 30+ days) with changing access patterns and charges a per-object monitoring and automation fee that becomes inefficient for very short-lived objects.

  S3 Glacier Deep Archive and S3 One Zone-IA are optimized for long-term archival or infrequently accessed data with retrieval time or availability constraints that are not suitable for nightly active processing.

• Question 548:

  A company is designing the architecture for a new mobile app that uses the AWS Cloud. The company uses organizational units (OUs) in AWS Organizations to manage its accounts. The company wants to tag Amazon EC2 instances with data sensitivity by using values of sensitive and nonsensitive. IAM identities must not be able to delete a tag or create instances without a tag.

  Which combination of steps will meet these requirements? (Choose two.)

  A. In Organizations, create a new tag policy that specifies the data sensitivity tag key and the required values. Enforce the tag values for the EC2 instances. Attach the tag policy to the appropriate OU.
  B. In Organizations, create a new service control policy (SCP) that specifies the data sensitivity tag key and the required tag values. Enforce the tag values for the EC2 instances. Attach the SCP to the appropriate OU.
  C. Create a tag policy to deny running instances when a tag key is not specified. Create another tag policy that prevents identities from deleting tags. Attach the tag policies to the appropriate OU.
  D. Create a service control policy (SCP) to deny creating instances when a tag key is not specified. Create another SCP that prevents identities from deleting tags. Attach the SCPs to the appropriate OU.
  E. Create an AWS Config rule to check if EC2 instances use the data sensitivity tag and the specified values. Configure an AWS Lambda function to delete the resource if a noncompliant resource is found.
  A. In Organizations, create a new tag policy that specifies the data sensitivity tag key and the required values. Enforce the tag values for the EC2 instances. Attach the tag policy to the appropriate OU.
  D. Create a service control policy (SCP) to deny creating instances when a tag key is not specified. Create another SCP that prevents identities from deleting tags. Attach the SCPs to the appropriate OU.

• Question 549:

  An ecommerce company runs an application that uses an Amazon DynamoDB table in a single AWS Region. The company wants to deploy the application to a second Region. The company needs to support multi-active replication with low latency reads and writes to the existing DynamoDB table in both Regions.

  Which solution will meet these requirements in the MOST operationally efficient way?

  A. Create a DynamoDB global secondary index (GSI) for the existing table. Create a new table in the second Region. Convert the existing DynamoDB table to a global table. Specify the new table as the secondary table.
  B. Enable Amazon DynamoDB Streams for the existing table. Create a new table in the second Region. Create a new application that uses the DynamoDB Streams Kinesis Adapter and the Amazon Kinesis Client Library (KCL). Configure the new application to read data from the DynamoDB table in the first Region and to write the data to the new table in the second Region.
  C. Convert the existing DynamoDB table to a global table. Choose the appropriate second Region to achieve active-active write capabilities in both Regions.
  D. Enable Amazon DynamoDB Streams for the existing table. Create a new table in the second Region. Create an AWS Lambda function in the first Region that reads data from the table in the first Region and writes the data to the new table in the second Region. Set a DynamoDB stream as the input trigger for the Lambda function.
  C. Convert the existing DynamoDB table to a global table. Choose the appropriate second Region to achieve active-active write capabilities in both Regions.

  ---

  Explanation

  Converting the existing DynamoDB table to aglobal tableprovides active-active replication and low-latency reads and writes in both Regions. DynamoDB global tables are specifically designed for multi-Region and multi-active use cases.

  Option A:GSIs do not provide multi-Region replication or active-active capabilities.

  Option B and D:Using DynamoDB Streams and custom replication is less operationally efficient than global tables and introduces additional complexity.

  AWS Documentation

• Question 550:

  A global company hosts its web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The web application has static data and dynamic data. The company stores its static data in an Amazon S3 bucket. The company wants to improve performance and reduce latency for the static data and dynamic data. The company is using its own domain name registered with Amazon Route 53.

  What should a solutions architect do to meet these requirements?

  A. Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins. Configure Route 53 to route traffic to the CloudFront distribution.
  B. Create an Amazon CloudFront distribution that has the ALB as an origin. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint Configure Route 53 to route traffic to the CloudFront distribution.
  C. Create an Amazon CloudFront distribution that has the S3 bucket as an origin. Create an AWS Global Accelerator standard accelerator that has the ALB and the CloudFront distribution as endpoints. Create a custom domain name that points to the accelerator DNS name. Use the custom domain name as an endpoint for the web application.
  D. Create an Amazon CloudFront distribution that has the ALB as an origin. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint. Create two domain names. Point one domain name to the CloudFront DNS name for dynamic content. Point the other domain name to the accelerator DNS name for static content. Use the domain names as endpoints for the web application.
  A. Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins. Configure Route 53 to route traffic to the CloudFront distribution.