Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 621:

  A company has multiple AWS accounts that use consolidated billing. The company runs several active high performance Amazon RDS for Oracle On-Demand DB instances for 90 days. The company's finance team has access to AWS Trusted Advisor in the consolidated billing account and all other AWS accounts.

  The finance team needs to use the appropriate AWS account to access the Trusted Advisor check recommendations for RDS. The finance team must review the appropriate Trusted Advisor check to reduce RDS costs.

  Which combination of steps should the finance team take to meet these requirements? (Choose two.)

  A. Use the Trusted Advisor recommendations from the account where the RDS instances are running.
  B. Use the Trusted Advisor recommendations from the consolidated billing account to see all RDS instance checks at the same time.
  C. Review the Trusted Advisor check for Amazon RDS Reserved Instance Optimization.
  D. Review the Trusted Advisor check for Amazon RDS Idle DB Instances.
  E. Review the Trusted Advisor check for Amazon Redshift Reserved Node Optimization.
  B. Use the Trusted Advisor recommendations from the consolidated billing account to see all RDS instance checks at the same time.
  D. Review the Trusted Advisor check for Amazon RDS Idle DB Instances.

• Question 622:

  A research laboratory needs to process approximately 8 TB of data. The laboratory requires sub-millisecond latencies and a minimum throughput of 6 GBps for the storage subsystem. Hundreds of Amazon EC2 instances that run Amazon Linux will distribute and process the data.

  Which solution will meet the performance requirements?

  A. Create an Amazon FSx for NetApp ONTAP file system. Sat each volume' tiering policy to ALL. Import the raw data into the file system. Mount the fila system on the EC2 instances.
  B. Create an Amazon S3 bucket to store the raw data. Create an Amazon FSx for Lustre file system that uses persistent SSD storage. Select the option to import data from and export data to Amazon S3. Mount the file system on the EC2 instances.
  C. Create an Amazon S3 bucket to store the raw data. Create an Amazon FSx for Lustre file system that uses persistent HDD storage. Select the option to import data from and export data to Amazon S3. Mount the file system on the EC2 instances.
  D. Create an Amazon FSx for NetApp ONTAP file system. Set each volume's tiering policy to NONE. Import the raw data into the file system. Mount the file system on the EC2 instances.
  B. Create an Amazon S3 bucket to store the raw data. Create an Amazon FSx for Lustre file system that uses persistent SSD storage. Select the option to import data from and export data to Amazon S3. Mount the file system on the EC2 instances.

• Question 623:

  An entertainment company is using Amazon DynamoDB to store media metadata. The application is read intensive and experiencing delays. The company does not have staff to handle additional operational overhead and needs to improve the performance efficiency of DynamoDB without reconfiguring the application.

  What should a solutions architect recommend to meet this requirement?

  A. Use Amazon ElastiCache for Redis.
  B. Use Amazon DynamoDB Accelerator (DAX).
  C. Replicate data by using DynamoDB global tables.
  D. Use Amazon ElastiCache for Memcached with Auto Discovery enabled.
  B. Use Amazon DynamoDB Accelerator (DAX).

• Question 624:

  A company runs a Microsoft Windows SMB file share on-premises to support an application. The company wants to migrate the application to AWS. The company wants to share storage across multiple Amazon

  EC2 instances.

  Which solutions will meet these requirements with the LEAST operational overhead? (Choose Two.)

  A. Create an Amazon Elastic File System (Amazon EFS) file system with elastic throughput.
  B. Create an Amazon FSx for NetApp ONTAP file system.
  C. Use Amazon Elastic Block Store (Amazon EBS) to create a self-managed Windows file share on the instances.
  D. Create an Amazon FSx for Windows File Server file system.
  E. Create an Amazon FSx for OpenZFS file system.
  A. Create an Amazon Elastic File System (Amazon EFS) file system with elastic throughput.
  D. Create an Amazon FSx for Windows File Server file system.

  ---

  Explanation

  Option A. Amazon EFS:Provides a scalable, shared file storage solution with minimal operational overhead. It's ideal for Linux-based workloads.

  Option B. Amazon FSx for NetApp ONTAP:More suited for workloads requiring NetApp-specific features.

  Option C. Amazon EBS:Requires manual management of file shares, which increases operational overhead.

  Option D. Amazon FSx for Windows File Server:Best suited for Windows SMB workloads with low operational overhead.

  Option E. Amazon FSx for OpenZFS:Better for Linux and Unix-based workloads.

  References:

  Amazon EFS,Amazon FSx

• Question 625:

  A company uses AWS Organizations to manage multiple AWS accounts. Each department in the company has its own AWS account. A security team needs to implement centralized governance and control to enforce security best practices across all accounts. The team wants to have control over which AWS services each account can use. The team needs to restrict access to sensitive resources based on IP addresses or geographic regions. The root user must be protected with multi-factor authentication (MFA) across all accounts.

  Which solution will meet these requirements?

  A. Use AWS Identity and Access Management (IAM) to manage IAM users and IAM roles in each account. Implement MFA for the root user in each account. Enforce service restrictions by using AWS managed prefix lists.
  B. Use AWS Control Tower to establish a multi-account environment. Use service control policies (SCPs) to enforce service restrictions in AWS Organizations. Configure MFA for the root user across all accounts.
  C. Use AWS Systems Manager to enforce service restrictions across multiple accounts. Use IAM policies to enforce MFA for the root user across all accounts.
  D. Use AWS IAM Identity Center to manage user access and to enforce service restrictions by using permissions boundaries in each account.
  B. Use AWS Control Tower to establish a multi-account environment. Use service control policies (SCPs) to enforce service restrictions in AWS Organizations. Configure MFA for the root user across all accounts.

  ---

  Explanation

  AWS Control Tower provides a straightforward way to set up and govern a secure, multi-account AWS environment based on AWS best practices. It automates the setup of a baseline environment, or landing zone, that includes:

  Service Control Policies (SCPs): These are used to manage permissions across AWS Organizations, allowing you to set permission guardrails. SCPs can restrict access to specific AWS services and actions, helping enforce security best practices.

  Multi-Factor Authentication (MFA): AWS Control Tower can enforce MFA for the root user across all accounts, enhancing security.

  Centralized Governance: It offers centralized logging and monitoring, making it easier to manage and audit multiple AWS accounts.

  References:

  AWS Control Tower User Guide

  Service Control Policies

  Root user best practices for your AWS account

• Question 626:

  A company is building a three-tier application on AWS. The presentation tier will serve a static website.

  The logic tier is a containerized application. This application will store data in a relational database. The company wants to simplify deployment and to reduce operational costs.

  Which solution will meet these requirements?

  A. Use Amazon S3 to host static content. Use Amazon Elastic Container Service (Amazon ECS) with AWS Fargate for compute power. Use a managed Amazon RDS cluster for the database.
  B. Use Amazon CloudFront to host static content. Use Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 for compute power. Use a managed Amazon RDS cluster for the database.
  C. Use Amazon S3 to host static content. Use Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Fargate for compute power. Use a managed Amazon RDS cluster for the database.
  D. Use Amazon EC2 Reserved Instances to host static content. Use Amazon Elastic Kubernetes Service (Amazon EKS) with Amazon EC2 for compute power. Use a managed Amazon RDS cluster for the database.
  A. Use Amazon S3 to host static content. Use Amazon Elastic Container Service (Amazon ECS) with AWS Fargate for compute power. Use a managed Amazon RDS cluster for the database.

• Question 627:

  A company created a new organization in AWS Organizations. The organization has multiple accounts for the company's development teams. The development team members use AWS IAM Identity Center (AWS Single Sign-On) to access the accounts. For each of the company's applications, the development teams must use a predefined application name to tag resources that are created.

  A solutions architect needs to design a solution that gives the development team the ability to create resources only if the application name tag has an approved value.

  Which solution will meet these requirements?

  A. Create an IAM group that has a conditional Allow policy that requires the application name tag to be specified for resources to be created.
  B. Create a cross-account role that has a Deny policy for any resource that has the application name tag.
  C. Create a resource group in AWS Resource Groups to validate that the tags are applied to all resources in all accounts.
  D. Create a tag policy in Organizations that has a list of allowed application names.
  D. Create a tag policy in Organizations that has a list of allowed application names.

• Question 628:

  An ecommerce company wants to launch a one-deal-a-day website on AWS. Each day will feature exactly one product on sale for a period of 24 hours. The company wants to be able to handle millions of requests each hour with millisecond latency during peak hours.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Use Amazon S3 to host the full website in different S3 buckets. Add Amazon CloudFront distributions. Set the S3 buckets as origins for the distributions. Store the order data in Amazon S3.
  B. Deploy the full website on Amazon EC2 instances that run in Auto Scaling groups across multiple Availability Zones. Add an Application Load Balancer (ALB) to distribute the website traffic. Add another ALB for the backend APIs. Store the data in Amazon RDS for MySQL.
  C. Migrate the full application to run in containers. Host the containers on Amazon Elastic Kubernetes Service (Amazon EKS). Use the Kubernetes Cluster Autoscaler to increase and decrease the number of pods to process bursts in traffic. Store the data in Amazon RDS for MySQL.
  D. Use an Amazon S3 bucket to host the website's static content. Deploy an Amazon CloudFront distribution. Set the S3 bucket as the origin. Use Amazon API Gateway and AWS Lambda functions for the backend APIs. Store the data in Amazon DynamoDB.
  D. Use an Amazon S3 bucket to host the website's static content. Deploy an Amazon CloudFront distribution. Set the S3 bucket as the origin. Use Amazon API Gateway and AWS Lambda functions for the backend APIs. Store the data in Amazon DynamoDB.

• Question 629:

  A company wants to migrate an on-premises data center to AWS. The data center hosts a storage server that stores data in an NFS-based file system. The storage server holds 200 GB of data. The company needs to migrate the data without interruption to existing services. Multiple resources in AWS must be able to access the data by using the NFS protocol.

  Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

  A. Create an Amazon FSx for Lustre file system.
  B. Create an Amazon Elastic File System (Amazon EFS) file system.
  C. Create an Amazon S3 bucket to receive the data.
  D. Manually use an operating system copy command to push the data into the AWS destination.
  E. Install an AWS DataSync agent in the on-premises data center. Use a DataSync task between the on-premises location and AWS.
  B. Create an Amazon Elastic File System (Amazon EFS) file system.
  E. Install an AWS DataSync agent in the on-premises data center. Use a DataSync task between the on-premises location and AWS.

• Question 630:

  A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3.

  How can a solutions architect ensure that the application has permission to access Amazon S3?

  A. Update the S3 role in AWS IAM to allow read/write access from Amazon ECS, and then relaunch the container.
  B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition.
  C. Create a security group that allows access from Amazon ECS to Amazon S3, and update the launch configuration used by the ECS cluster.
  D. Create an IAM user with S3 permissions, and then relaunch the Amazon EC2 instances for the ECS cluster while logged in as this account.
  B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition.