Amazon Amazon Certifications SAA-C03 Questions & Answers

• Question 581:

  A company's application runs on AWS. The application stores large documents in an Amazon S3 bucket that uses the S3 Standard-infrequent Access (S3 Standerd-IA) storage class. The company will continue paying to store the data but wants to save on its total S3 costs. The company wants authorized external users to have the ability to access the documents in milliseconds.

  Which solution will meet these requirements MOST cost-effectively?

  A. Configure the S3 bucket to be a Requester Pays bucket

  B. Change the storage tier to S3 Standard for all existing and future objects.

  C. Turn on S3 Transfer Acceleration tor the S3 Docket

  D. Use Amazon CloudFront to handle all the requests to the S3 bucket

  Correct Answer: D

• Question 582:

  A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods tor IAM user passwords

  What should the solutions architect do to accomplish this?

  A. Set an overall password policy for the entire AWS account

  B. Set a password policy for each IAM user in the AWS account

  C. Use third-party vendor software to set password requirements

  D. Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements

  Correct Answer: A

  To accomplish this, the solutions architect should set an overall password policy for the entire AWS account. This policy will apply to all IAM users in the account, including new users.

• Question 583:

  A company is developing a marketing communications service that targets mobile app users. The company needs to send confirmation messages with Short Message Service (SMS) to its users. The users must be able to reply to the SMS messages. The company must store the responses for a year for analysis.

  What should a solutions architect do to meet these requirements?

  A. Create an Amazon Connect contact flow to send the SMS messages. Use AWS Lambda to process the responses.

  B. Build an Amazon Pinpoint journey. Configure Amazon Pinpoint to send events to an Amazon Kinesis data stream for analysis and archiving.

  C. Use Amazon Simple Queue Service (Amazon SQS) to distribute the SMS messages. Use AWS Lambda to process the responses.

  D. Create an Amazon Simple Notification Service (Amazon SNS) FIFO topic. Subscribe an Amazon Kinesis data stream to the SNS topic for analysis and archiving.

  Correct Answer: B

  https://aws.amazon.com/pinpoint/product-details/sms/

  Two-Way Messaging:

  Receive SMS messages from your customers and reply back to them in a chat-like interactive experience. With Amazon Pinpoint, you can create automatic responses when customers send you messages that contain certain keywords. You

  can even use Amazon Lex to create conversational bots. A majority of mobile phone users read incoming SMS messages almost immediately after receiving them. If you need to be able to provide your customers with urgent or important

  information, SMS messaging may be the right solution for you. You can use Amazon Pinpoint to create targeted groups of customers, and then send them campaign-based messages. You can also use Amazon Pinpoint to send direct

  messages, such as appointment confirmations, order updates, and one-time passwords.

• Question 584:

  A company is designing a cloud communications platform that is driven by APIs. The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB). The company uses Amazon API Gateway to provide external

  users with access to the application through APIs. The company wants to protect the platform against web exploits like SQL injection and also wants to detect and mitigate large, sophisticated DDoS attacks.

  Which combination of solutions provides the MOST protection? (Select TWO.)

  A. Use AWS WAF to protect the NLB.

  B. Use AWS Shield Advanced with the NLB.

  C. Use AWS WAF to protect Amazon API Gateway.

  D. Use Amazon GuardDuty with AWS Shield Standard.

  E. Use AWS Shield Standard with Amazon API Gateway.

  Correct Answer: BC

  AWS Shield Advanced provides expanded DDoS attack protection for your Amazon EC2 instances, Elastic Load Balancing load balancers, CloudFront distributions, Route 53 hosted zones, and AWS Global Accelerator standard accelerators.

  AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to your protected web application resources. You can protect the following resource types:

  1.

  Amazon CloudFront distribution

  2.

  Amazon API Gateway REST API

  3.

  Application Load Balancer

  4.

  AWS AppSync GraphQL API

  5.

  Amazon Cognito user pool

  https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html

• Question 585:

  A company is migrating a Linux-based web server group to AWS. The web servers must access files in a shared file store for some content. The company must not make any changes to the application.

  What should a solutions architect do to meet these requirements?

  A. Create an Amazon S3 Standard bucket with access to the web servers.

  B. Configure an Amazon CloudFront distribution with an Amazon S3 bucket as the origin.

  C. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system on all web servers.

  D. Configure a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume to all web servers.

  Correct Answer: C

  This solution satisfies the needs in the following ways:

  1.

  EFS provides a fully managed elastic network file system that can be mounted on multiple EC2 instances concurrently.

  2.

  The EFS file system appears as a standard file system mount on the Linux web servers, requiring no application changes. The servers can access shared files as if they were on local storage.

  3.

  EFS is highly available, durable, and scalable, providing a robust shared storage solution.

• Question 586:

  A company is planning to migrate a commercial off-the-shelf application from is on-premises data center to AWS. The software has a software licensing model using sockets and cores with predictable capacity and uptime requirements. The company wants to use its existing licenses, which were purchased earlier this year.

  Which Amazon EC2 pricing option is the MOST cost-effective?

  A. Dedicated Reserved Hosts

  B. Dedicated On-Demand Hosts

  C. Dedicated Reserved Instances

  D. Dedicated On-Oemand Instances

  Correct Answer: A

  Dedicated Host Reservations provide a billing discount compared to running On-Demand Dedicated Hosts. Reservations are available in three payment options.

  https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html

• Question 587:

  A company has an application that places hundreds of .csv files into an Amazon S3 bucket every hour. The files are 1 GB in size. Each time a file is uploaded, the company needs to convert the file to Apache Parquet format and place the output file into an S3 bucket.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Create an AWS Lambda function to download the .csv files, convert the files to Parquet format, and place the output files in an S3 bucket. Invoke the Lambda function for each S3 PUT event.

  B. Create an Apache Spark job to read the .csv files, convert the files to Parquet format, and place the output files in an S3 bucket. Create an AWS Lambda function for each S3 PUT event to invoke the Spark job.

  C. Create an AWS Glue table and an AWS Glue crawler for the S3 bucket where the application places the .csv files. Schedule an AWS Lambda function to periodically use Amazon Athena to query the AWS Glue table, convert the query results into Parquet format, and place the output files into an S3 bucket.

  D. Create an AWS Glue extract, transform, and load (ETL) job to convert the .csv files to Parquet format and place the output files into an S3 bucket. Create an AWS Lambda function for each S3 PUT event to invoke the ETL job.

  Correct Answer: D

  https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/three-aws-glue-etl-job-types-for-converting-data-to-apache-parquet.html

• Question 588:

  A retail company uses a regional Amazon API Gateway API for its public REST APIs. The API Gateway endpoint is a custom domain name that points to an Amazon Route 53 alias record. A solutions architect needs to create a solution that has minimal effects on customers and minimal data loss to release the new version of APIs.

  Which solution will meet these requirements?

  A. Create a canary release deployment stage for API Gateway. Deploy the latest API version. Point an appropriate percentage of traffic to the canary stage. After API verification, promote the canary stage to the production stage.

  B. Create a new API Gateway endpoint with a new version of the API in OpenAPI YAML file format. Use the import-to-update operation in merge mode into the API in API Gateway. Deploy the new version of the API to the production stage.

  C. Create a new API Gateway endpoint with a new version of the API in OpenAPI JSON file format. Use the import-to-update operation in overwrite mode into the API in API Gateway. Deploy the new version of the API to the production stage.

  D. Create a new API Gateway endpoint with new versions of the API definitions. Create a custom domain name for the new API Gateway API. Point the Route 53 alias record to the new API Gateway API custom domain name.

  Correct Answer: A

  keyword: "latest versions on an api"

  Canary release is a software development strategy in which a "new version of an API" (as well as other software) is deployed for testing purposes.

• Question 589:

  A company deploys an appliation on five Amazon EC2 instances. An Applicatin Load Balancer (ALB) distributes traffic to the instances by using a target group. The average CPU usage on each of the insatances is below 10% most of the time. With occasional surges to 65%.

  A solution architect needs to implement a solution to automate the scalability of the application. The solution must optimize the cost of the architecture and must ensure that the application has enough CPU resources when surges occur.

  Which solution will meet these requirements?

  A. Create an Amazon CloudWatch alarm that enters the ALARM state when the CPUUtilization metric is less than 20%. Create an AWS Lambda function that the CloudWatch alarm invokes to terminate one of the EC2 instances in the ALB target group.

  B. Create an EC2 Auto Scaling. Select the exisiting ALB as the load balancer and the existing target group as the target group. Set a target tracking scaling policy that is based on the ASGAverageCPUUtilization metric. Set the minimum instances to 2, the desired capacity to 3, the desired capacity to 3, the maximum instances to 6, and the target value to 50%. And the EC2 instances to the Auto Scaling group.

  C. Create an EC2 Auto Scaling. Select the exisiting ALB as the load balancer and the existing target group. Set the minimum instances to 2, the desired capacity to 3, and the maximum instances to 6 Add the EC2 instances to the Scaling group.

  D. Create two Amazon CloudWatch alarms. Configure the first CloudWatch alarm to enter the ALARM satet when the average CPUTUilization metric is below 20%. Configure the seconnd CloudWatch alarm to enter the ALARM state when the average CPUUtilization metric is aboove 50%. Configure the alarms to publish to an Amazon Simple Notification Service (Amazon SNS) topic to send an email message. After receiving the message, log in to decrease or increase the number of EC2 instances that are running

  Correct Answer: B

  1.

  An Auto Scaling group will automatically scale the EC2 instances to match changes in demand. This optimizes cost by only running as many instances as needed.

  2.

  A target tracking scaling policy monitors the ASGAverageCPUUtilization metric and scales to keep the average CPU around the 50% target value. This ensures there are enough resources during CPU surges.

  3.

  The ALB and target group are reused, so the application architecture does not change. The Auto Scaling group is associated to the existing load balancer setup.

  4.

  A minimum of 2 and maximum of 6 instances provides the ability to scale between 3 and 6 instances as needed based on demand.

  5.

  Costs are optimized by starting with only 3 instances (the desired capacity) and scaling up as needed. When CPU usage drops, instances are terminated to match the desired capacity.

• Question 590:

  A company wants to use the AWS Cloud to improve its on-premises disaster recovery (DR) configuration. The company's core production business application uses Microsoft SQL Server Standard, which runs on a virtual machine (VM). The

  application has a recovery point objective (RPO) of 30 seconds or fewer and a recovery time objective (RTO) of 60 minutes. The DR solution needs to minimize costs wherever possible.

  Which solution will meet these requirements?

  A. Configure a multi-site active/active setup between the on-premises server and AWS by using Microsoft SQL Server Enterprise with Always On availability groups.

  B. Configure a warm standby Amazon RDS for SQL Server database on AWS. Configure AWS Database Migration Service (AWS DMS) to use change data capture (CDC).

  C. Use AWS Elastic Disaster Recovery configured to replicate disk changes to AWS as a pilot light.

  D. Use third-party backup software to capture backups every night. Store a secondary set of backups in Amazon S3.

  Correct Answer: C