Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 671:

  An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without connectivity to the internet.

  Which solution will provide private network connectivity to Amazon S3?

  A. Create a gateway VPC endpoint to the S3 bucket.
  B. Stream the logs to Amazon CloudWatch Logs. Export the logs to the S3 bucket.
  C. Create an instance profile on Amazon EC2 to allow S3 access.
  D. Create an Amazon API Gateway API with a private link to access the S3 endpoint.
  A. Create a gateway VPC endpoint to the S3 bucket.

• Question 672:

  A company is designing a new multi-tier web application that consists of the following components:

  1. Web and application servers that run on Amazon EC2 instances as part of Auto Scaling groups

  2. An Amazon RDS DB instance for data storage

  A solutions architect needs to limit access to the application servers so that only the web servers can access them.

  Which solution will meet these requirements?

  A. Deploy AWS PrivateLink in front of the application servers. Configure the network ACL to allow only the web servers to access the application servers.
  B. Deploy a VPC endpoint in front of the application servers. Configure the security group to allow only the web servers to access the application servers.
  C. Deploy a Network Load Balancer with a target group that contains the application servers' Auto Scaling group. Configure the network ACL to allow only the web servers to access the application servers.
  D. Deploy an Application Load Balancer with a target group that contains the application servers' Auto Scaling group. Configure the security group to allow only the web servers to access the application servers.
  D. Deploy an Application Load Balancer with a target group that contains the application servers' Auto Scaling group. Configure the security group to allow only the web servers to access the application servers.

• Question 673:

  A company runs a fleet of web servers using an Amazon RDS for PostgreSQL DB instance. After a routine compliance check, the company sets a standard that requires a recovery point objective (RPO) of less than 1 second for all its production databases.

  Which solution meets these requirements?

  A. Enable a Multi-AZ deployment for the DB instance.
  B. Enable auto scaling for the DB instance in one Availability Zone.
  C. Configure the DB instance in one Availability Zone, and create multiple read replicas in a separate Availability Zone.
  D. Configure the DB instance in one Availability Zone, and configure AWS Database Migration Service (AWS DMS) change data capture (CDC) tasks.
  A. Enable a Multi-AZ deployment for the DB instance.

• Question 674:

  A company needs a solution to process customer orders from a global ecommerce platform. The solution must automatically start processing new orders immediately and must maintain a history of all order processing attempts.

  Which solution will meet these requirements in the MOST cost-effective way?

  A. Create an Amazon EventBridge rule that invokes an AWS Lambda function once every minute to check for new orders. Configure the Lambda function to process orders and store results in Amazon Aurora.
  B. Create an Amazon EventBridge event pattern that monitors the ecommerce platform's order events. Configure an EventBridge rule to invoke an AWS Lambda function when the platform receives a new order. Configure the function to store the results in Amazon DynamoDB.
  C. Use an Amazon EC2 instance to poll the ecommerce platform for new orders. Configure the instance to invoke an AWS Lambda function to process new orders. Configure the function to log results to Amazon CloudWatch.
  D. Use an Amazon SQS queue to invoke an AWS Lambda function when the platform receives a new order. Configure the function to process batches of orders and to store results in an Amazon EFS file system.
  B. Create an Amazon EventBridge event pattern that monitors the ecommerce platform's order events. Configure an EventBridge rule to invoke an AWS Lambda function when the platform receives a new order. Configure the function to store the results in Amazon DynamoDB.

  ---

  Explanation

  The correct answer is B because the company needs order processing to begin immediately when new orders arrive and also needs a history of all order processing attempts in the most cost-effective way.

  Amazon EventBridge is a serverless event bus that can respond to events as they occur, which makes it a strong fit for near real-time order processing. By using an EventBridge event pattern and a rule that invokes AWS Lambda when a new order event is received, the solution avoids polling and processes orders only when there is actual work to perform.

  This event-driven design is more cost-effective than running scheduled checks or maintaining EC2 instances. AWS Lambda provides fully managed compute with automatic scaling and charges based on actual execution time. Amazon DynamoDB is a highly scalable and fully managed NoSQL database that is well suited for storing order-processing results and maintaining a durable history of processing attempts with low operational overhead.

  Option A is incorrect because invoking Lambda every minute to check for new orders is a polling model, which introduces delay and unnecessary invocations.

  Option C is incorrect because using an EC2 instance to poll for events creates higher operational cost and overhead.

  Option D is less appropriate because Amazon EFS is not the best storage choice for durable event history or structured tracking of order-processing attempts.

  AWS architectural guidance favors event-driven, serverless patterns for asynchronous order processing when immediate response, scalability, and low cost are required. Therefore, EventBridge + Lambda +

  DynamoDB is the best solution.

• Question 675:

  A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that is located in the same AWS account.

  Which solution will meet these requirements in the MOST secure manner?

  A. Apply an S3 bucket policy that grants read access to the S3 bucket.
  B. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to the S3 bucket.
  C. Embed an access key and a secret key in the Lambda function's code to grant the required IAM permissions for read access to the S3 bucket.
  D. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to all S3 buckets in the account.
  B. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to the S3 bucket.

• Question 676:

  A retail company uses a regional Amazon API Gateway API for its public REST APIs. The API Gateway endpoint is a custom domain name that points to an Amazon Route 53 alias record. A solutions architect needs to create a solution that has minimal effects on customers and minimal data loss to release the new version of APIs.

  Which solution will meet these requirements?

  A. Create a canary release deployment stage for API Gateway. Deploy the latest API version. Point an appropriate percentage of traffic to the canary stage. After API verification, promote the canary stage to the production stage.
  B. Create a new API Gateway endpoint with a new version of the API in OpenAPI YAML file format. Use the import-to-update operation in merge mode into the API in API Gateway. Deploy the new version of the API to the production stage.
  C. Create a new API Gateway endpoint with a new version of the API in OpenAPI JSON file format. Use the import-to-update operation in overwrite mode into the API in API Gateway. Deploy the new version of the API to the production stage.
  D. Create a new API Gateway endpoint with new versions of the API definitions. Create a custom domain name for the new API Gateway API. Point the Route 53 alias record to the new API Gateway API custom domain name.
  A. Create a canary release deployment stage for API Gateway. Deploy the latest API version. Point an appropriate percentage of traffic to the canary stage. After API verification, promote the canary stage to the production stage.

• Question 677:

  A company uses a single Amazon S3 bucket to store data that multiple business applications must access.

  The company hosts the applications on Amazon EC2 Windows instances that are in a VPC. The company configured a bucket policy for the S3 bucket to grant the applications access to the bucket.

  The company continually adds more business applications to the environment. As the number of business applications increases, the policy document becomes more difficult to manage. The S3 bucket policy document will soon reach its policy size quota. The company needs a solution to scale its architecture to handle more business applications.

  Which solution will meet these requirements in the MOST operationally efficient way?

  A. Migrate the data from the S3 bucket to an Amazon Elastic File System (Amazon EFS) volume. Ensure that all application owners configure their applications to use the EFS volume.
  B. Deploy an AWS Storage Gateway appliance for each application. Reconfigure the applications to use a dedicated Storage Gateway appliance to access the S3 objects instead of accessing the objects directly.
  C. Create a new S3 bucket for each application. Configure S3 replication to keep the new buckets synchronized with the original S3 bucket. Instruct application owners to use their respective S3 buckets.
  D. Create an S3 access point for each application. Instruct application owners to use their respective S3 access points.
  D. Create an S3 access point for each application. Instruct application owners to use their respective S3 access points.

  ---

  Explanation

  Amazon S3 Access Points simplify managing data access for shared datasets in S3 by allowing the creation of distinct access policies for different applications or users. Each access point has its own policy and can be managed independently. This method avoids overloading a single bucket policy and helps remain within policy size limits. Option D provides a scalable and operationally efficient solution by offloading individual access controls from a central bucket policy to individually managed access points, which is ideal for environments with many consuming applications.

• Question 678:

  A media publishing company is building an application on AWS to give users the ability to print their own books. The application frontend runs on a Docker container.

  The amount of incoming orders varies significantly. The incoming orders can temporarily exceed the throughput of the company's book printing machines. Order-processing payloads are up to 4 MB in size.

  The company needs to develop a solution that can scale to handle incoming orders.

  Which solution will meet this requirement?

  A. Use Amazon Simple Queue Service (Amazon SQS) to queue incoming orders. Create an AWS Lambda@Edge function to process orders. Deploy the frontend application on Amazon Elastic Kubernetes Service (Amazon EKS).
  B. Use Amazon Simple Notification Service (Amazon SNS) to queue incoming orders. Create an AWS Lambda function to process orders. Deploy the frontend application on AWS Fargate.
  C. Use Amazon Simple Queue Service (Amazon SQS) to queue incoming orders. Create an AWS Lambda function to process orders. Deploy the frontend application on Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type.
  D. Use Amazon Simple Notification Service (Amazon SNS) to queue incoming orders. Create an AWS Lambda@Edge function to process orders. Deploy the frontend application on Amazon EC2 instances.
  C. Use Amazon Simple Queue Service (Amazon SQS) to queue incoming orders. Create an AWS Lambda function to process orders. Deploy the frontend application on Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type.

  ---

  Explanation

  The workload is bursting and must be able to buffer more orders than the printers can process. The best practice for this is a durable, scalable queue: Amazon SQS.

  SQS decouples the frontend from the backend and can handle large, spiky volumes of messages.

  AWS Lambda is a good fit for processing messages from SQS because it scales automatically with queue depth and requires no server management.

  Deploying the frontend in Docker on Amazon ECS with Fargate provides a fully managed, auto-scaling container environment without managing EC2 instances.

  Why others are not correct:

  Option A and Option D: SNS is a pub/sub service, not a queue; it does not provide durable back-pressure buffering when the printers are slower than incoming requests. Lambda@Edge is for CloudFront edge processing, not back-end order processing.

  Option B: Same SNS issue--no durable queue semantics and not ideal for workload that must be buffered and retried.

• Question 679:

  A solutions architect is designing the architecture for a web application that has a frontend and a backend.

  The backend services must receive data from the frontend services for processing. The frontend must manage access to the application by using API keys. The backend must scale without affecting the frontend.

  Which solution will meet these requirements?

  A. Deploy an Amazon API Gateway HTTP API as the frontend to direct traffic to an Amazon Simple Queue Service (Amazon SQS) queue. Use AWS Lambda functions as the backend to read from the queue.
  B. Deploy an Amazon API Gateway REST API as the frontend to direct traffic to an Amazon Simple Queue Service (Amazon SQS) queue. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate as the backend to read from the queue.
  C. Deploy an Amazon API Gateway REST API as the frontend to direct traffic to an Amazon Simple Notification Service (Amazon SNS) topic. Use AWS Lambda functions as the backend. Subscribe the Lambda functions to the topic.
  D. Deploy an Amazon API Gateway HTTP API as the frontend to direct traffic to an Amazon Simple Notification Service (Amazon SNS) topic. Use Amazon Elastic Kubernetes Service (Amazon EKS) on AWS Fargate as the backend. Subscribe Amazon EKS to the topic.
  A. Deploy an Amazon API Gateway HTTP API as the frontend to direct traffic to an Amazon Simple Queue Service (Amazon SQS) queue. Use AWS Lambda functions as the backend to read from the queue.

  ---

  Explanation

  Using API Gateway with API keys provides secure access control. Amazon SQS allows asynchronous decoupling between frontend and backend, ensuring that backend processing can scale independently.

  AWS Lambda reading from SQS ensures scalable, event-driven processing with minimal operational management.

  This architecture is resilient and decoupled.

  References:

  AWS Well-Architected?Decoupling and Microservices, API Gateway with SQS and Lambda Integration

• Question 680:

  A company needs to optimize its Amazon S3 storage costs for an application that generates many files that cannot be recreated. Each file is approximately 5 MB and is stored in Amazon S3 Standard storage.

  The company must store the files for 4 years before the files can be deleted. The files must be immediately accessible. The files are frequently accessed in the first 30 days of object creation, but they are rarely accessed after the first 30 days.

  Which solution will meet these requirements MOST cost-effectively?

  A. Create an S3 Lifecycle policy to move the files to S3 Glacier Instant Retrieval 30 days after object creation. Delete the files 4 years after object creation.
  B. Create an S3 Lifecycle policy to move the files to S3 One Zone-Infrequent Access (S3 One Zone-IA) 30 days after object creation. Delete the files 4 years after object creation.
  C. Create an S3 Lifecycle policy to move the files to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days after object creation. Delete the files 4 years after object creation.
  D. Create an S3 Lifecycle policy to move the files to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days after object creation. Move the files to S3 Glacier Flexible Retrieval 4 years after object creation.
  A. Create an S3 Lifecycle policy to move the files to S3 Glacier Instant Retrieval 30 days after object creation. Delete the files 4 years after object creation.