A company has an on-premises application that uses SFTP to collect financial data from multiple vendors.
The company is migrating to the AWS Cloud. The company has created an application that uses Amazon
S3 APIs to upload files from vendors. Some vendors run their systems on legacy applications that do not support S3 APIs. The vendors want to continue to use SFTP-based applications to upload data. The company wants to use managed services for the needs of the vendors that use legacy applications.
Which solution will meet these requirements with the LEAST operational overhead?
A. Create an AWS Database Migration Service (AWS DMS) instance to replicate data from the storage of the vendors that use legacy applications to Amazon S3. Provide the vendors with the credentials to access the AWS DMS instance. B. Create an AWS Transfer Family endpoint for vendors that use legacy applications. C. Configure an Amazon EC2 instance to run an SFTP server. Instruct the vendors that use legacy applications to use the SFTP server to upload data. D. Configure an Amazon S3 File Gateway for vendors that use legacy applications to upload files to an SMB file share.
B. Create an AWS Transfer Family endpoint for vendors that use legacy applications.
Question 682:
A company runs an application on EC2 instances that need access to RDS credentials stored in AWS Secrets Manager.
Which solution meets this requirement?
A. Create an IAM role, and attach the role to each EC2 instance profile. Use an identity-based policy to grant the role access to the secret. B. Create an IAM user, and attach the user to each EC2 instance profile. Use a resource-based policy to grant the user access to the secret. C. Create a resource-based policy for the secret. Use EC2 Instance Connect to access the secret. D. Create an identity-based policy for the secret. Grant direct access to the EC2 instances.
A. Create an IAM role, and attach the role to each EC2 instance profile. Use an identity-based policy to grant the role access to the secret.
Explanation
Option A uses an IAM role attached to the EC2 instance profile, enabling secure and automated access to Secrets Manager. This is the recommended approach.
Option B uses IAM users, which is less secure and harder to manage.
Option C is not practical for accessing secrets programmatically.
Option D violates best practices by granting direct access to the EC2 instance.
Question 683:
A company runs an application that stores and shares photos. Users upload the photos to an Amazon S3 bucket. Every day, users upload approximately 150 photos. The company wants to design a solution that creates a thumbnail of each new photo and stores the thumbnail in a second S3 bucket.
Which solution will meet these requirements MOST cost-effectively?
A. Configure an Amazon EventBridge scheduled rule to invoke a script every minute on a long-running Amazon EMR cluster. Configure the script to generate thumbnails for the photos that do not have thumbnails. Configure the script to upload the thumbnails to the second S3 bucket. B. Configure an Amazon EventBridge scheduled rule to invoke a script every minute on a memory-optimized Amazon EC2 instance that is always on. Configure the script to generate thumbnails for the photos that do not have thumbnails. Configure the script to upload the thumbnails to the second S3 bucket. C. Configure an S3 event notification to invoke an AWS Lambda function each time a user uploads a new photo to the application. Configure the Lambda function to generate a thumbnail and to upload the thumbnail to the second S3 bucket. D. Configure S3 Storage Lens to invoke an AWS Lambda function each time a user uploads a new photo to the application.Configure the Lambda function to generate a thumbnail and to upload the thumbnail to a second S3 bucket.
C. Configure an S3 event notification to invoke an AWS Lambda function each time a user uploads a new photo to the application. Configure the Lambda function to generate a thumbnail and to upload the thumbnail to the second S3 bucket.
Question 684:
A company is designing a web application with an internet-facing Application Load Balancer (ALB). The company needs the ALB to receive HTTPS web traffic from the public internet. The ALB must send only HTTPS traffic to the web application servers hosted on the Amazon EC2 instances on port 443. The ALB must perform a health check of the web application servers over HTTPS on port 8443.
Which combination of configurations of the security group that is associated with the ALB will meet these requirements? (Choose three.)
A. Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443. B. Allow all outbound traffic to 0.0.0.0/0 for port 443. C. Allow HTTPS outbound traffic to the web application instances for port 443. D. Allow HTTPS inbound traffic from the web application instances for port 443. E. Allow HTTPS outbound traffic to the web application instances for the health check on port 8443. F. Allow HTTPS inbound traffic from the web application instances for the health check on port 8443.
A. Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443. C. Allow HTTPS outbound traffic to the web application instances for port 443. E. Allow HTTPS outbound traffic to the web application instances for the health check on port 8443.
Question 685:
A company is migrating its online shopping platform to AWS and wants to adopt a serverless architecture.
The platform has a user profile and preference service that does not have a defined schema. The platform allows user-defined fields.
Profile information is updated several times daily. The company must store profile information in a durable and highly available solution. The solution must capture modifications to profile data for future processing.
Which solution will meet these requirements?
A. Use an Amazon RDS for PostgreSQL instance to store profile data. Use a log stream in Amazon CloudWatch Logs to capture modifications. B. Use an Amazon DynamoDB table to store profile data. Use Amazon DynamoDB Streams to capture modifications. C. Use an Amazon ElastiCache (Redis OSS) cluster to store profile data. Use Amazon Data Firehose to capture modifications. D. Use an Amazon Aurora Serverless v2 cluster to store the profile data. Use a log stream in Amazon CloudWatch Logs to capture modifications.
B. Use an Amazon DynamoDB table to store profile data. Use Amazon DynamoDB Streams to capture modifications.
Explanation
Amazon DynamoDB is a serverless, NoSQL database that is fully managed, highly available, and scales automatically. It is ideal for data without a fixed schema and for use cases where fields can vary by user.
DynamoDB Streams enables the capture of changes to table items in real time, which is ideal for triggering additional processing or workflows on data modifications.
Reference Extract from AWS Documentation /
Study Guide:
" DynamoDB provides a scalable, highly available NoSQL database service for applications requiring flexible schema. DynamoDB Streams captures table activity for processing changes in real time. "
Source: AWS Certified Solutions Architect?Official Study Guide, DynamoDB and Serverless section.
Question 686:
An ecommerce company runs a multi-tier application on AWS. The frontend and backend tiers both run on Amazon EC2 instances. The database tier runs on an Amazon RDS for MySQL DB instance. The backend tier communicates with the RDS DB instance.
The application makes frequent calls to return identical datasets from the database. The frequent calls on the database cause performance slowdowns. A solutions architect must improve the performance of the application backend.
Which solution will meet this requirement?
A. Configure an Amazon Simple Notification Service (Amazon SNS) topic between the EC2 instances and the RDS DB instance. B. Configure an Amazon ElastiCache (Redis OSS) cache. Configure the backend EC2 instances to read from the cache. C. Configure an Amazon DynamoDB Accelerator (DAX) cluster. Configure the backend EC2 instances to read from the cluster. D. Configure Amazon Data Firehose to stream the calls to the database.
B. Configure an Amazon ElastiCache (Redis OSS) cache. Configure the backend EC2 instances to read from the cache.
Explanation
Caching frequently accessed, identical datasets is a well-established way to improve backend application performance by reducing load on the database. Amazon ElastiCache with Redis (open source) offers a fast, in-memory data store to cache query results, reducing latency and database requests.
Option B directly addresses the problem by offloading repeated read requests from the database to the cache.
Option A (SNS) is a messaging service and is unrelated to caching or improving database performance.
Option C (DAX) accelerates DynamoDB but the backend uses RDS MySQL, so DAX is inapplicable.
Option D (Data Firehose) is a data streaming service and does not optimize database read performance.
References:
Caching Best Practices (https://aws.amazon.com/caching/)
Amazon ElastiCache for Redis (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.html)
A company has an ordering application that stores customer information in Amazon RDS for MySQL.
During regular business hours, employees run one-time queries for reporting purposes. Timeouts are occurring during order processing because the reporting queries are taking a long time to run. The company needs to eliminate the timeouts without preventing employees from performing queries.
What should a solutions architect do to meet these requirements?
A. Create a read replica. Move reporting queries to the read replica. B. Create a read replica. Distribute the ordering application to the primary DB instance and the read replica. C. Migrate the ordering application to Amazon DynamoDB with on-demand capacity. D. Schedule the reporting queries for non-peak hours.
A. Create a read replica. Move reporting queries to the read replica.
Question 688:
A company is building a shopping application on AWS. The application offers a catalog that changes once each month and needs to scale with traffic volume. The company wants the lowest possible latency from the application. Data from each user's shopping cart needs to be highly available. User session data must be available even if the user is disconnected and reconnects.
What should a solutions architect do to ensure that the shopping cart data is preserved at all times?
A. Configure an Application Load Balancer to enable the sticky sessions feature (session affinity) for access to the catalog in Amazon Aurora. B. Configure Amazon ElastiCache for Redis to cache catalog data from Amazon DynamoDB and shopping cart data from the user's session. C. Configure Amazon OpenSearch Service to cache catalog data from Amazon DynamoDB and shopping cart data from the user's session. D. Configure an Amazon EC2 instance with Amazon Elastic Block Store (Amazon EBS) storage for the catalog and shopping cart. Configure automated snapshots.
B. Configure Amazon ElastiCache for Redis to cache catalog data from Amazon DynamoDB and shopping cart data from the user's session.
Question 689:
A company built an application with Docker containers and needs to run the application in the AWS Cloud.
The company wants to use a managed service to host the application. The solution must scale in and out appropriately according to demand on the individual container services. The solution also must not result in additional operational overhead or infrastructure to manage.
Which solutions will meet these requirements? (Choose two.)
A. Use Amazon Elastic Container Service (Amazon ECS) with AWS Fargate. B. Use Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Fargate. C. Provision an Amazon API Gateway API. Connect the API to AWS Lambda to run the containers. D. Use Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 worker nodes. E. Use Amazon Elastic Kubernetes Service (Amazon EKS) with Amazon EC2 worker nodes.
A. Use Amazon Elastic Container Service (Amazon ECS) with AWS Fargate. B. Use Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Fargate.
Question 690:
A company is storing sensitive user information in an Amazon S3 bucket. The company wants to provide secure access to this bucket from the application tier running on Amazon EC2 instances inside a VPC.
Which combination of steps should a solutions architect take to accomplish this? (Choose two.)
A. Configure a VPC gateway endpoint for Amazon S3 within the VPC. B. Create a bucket policy to make the objects in the S3 bucket public. C. Create a bucket policy that limits access to only the application tier running in the VPC. D. Create an IAM user with an S3 access policy and copy the IAM credentials to the EC2 instance. E. Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket.
A. Configure a VPC gateway endpoint for Amazon S3 within the VPC. C. Create a bucket policy that limits access to only the application tier running in the VPC.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SAA-C03 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.