Amazon Amazon Certifications SAA-C03 Questions & Answers

• Question 711:

  A company has hired a solutions architect to design a reliable architecture for its application. The application consists of one Amazon RDS DB instance and two manually provisioned Amazon EC2 instances that run web servers. The EC2

  instances are located in a single Availability Zone.

  An employee recently deleted the DB instance, and the application was unavailable for 24 hours as a result. The company is concerned with the overall reliability of its environment.

  What should the solutions architect do to maximize reliability of the application's infrastructure?

  A. Delete one EC2 instance and enable termination protection on the other EC2 instance. Update the DB instance to be Multi-AZ, and enable deletion protection.

  B. Update the DB instance to be Multi-AZ, and enable deletion protection. Place the EC2 instances behind an Application Load Balancer, and run them in an EC2 Auto Scaling group across multiple Availability Zones.

  C. Create an additional DB instance along with an Amazon API Gateway and an AWS Lambda function. Configure the application to invoke the Lambda function through API Gateway. Have the Lambda function write the data to the two DB instances.

  D. Place the EC2 instances in an EC2 Auto Scaling group that has multiple subnets located in multiple Availability Zones. Use Spot Instances instead of On-Demand Instances. Set up Amazon CloudWatch alarms to monitor the health of the instances Update the DB instance to be Multi-AZ, and enable deletion protection.

  Correct Answer: B

  HA ensured by DB in Mutli-AZ and EC2 in AG

• Question 712:

  A company is storing 700 terabytes of data on a large network-attached storage (NAS) system in its corporate data center. The company has a hybrid environment with a 10 Gbps AWS Direct Connect connection.

  After an audit from a regulator, the company has 90 days to move the data to the cloud. The company needs to move the data efficiently and without disruption. The company still needs to be able to access and update the data during the transfer window.

  Which solution will meet these requirements?

  A. Create an AWS DataSync agent in the corporate data center. Create a data transfer task Start the transfer to an Amazon S3 bucket.

  B. Back up the data to AWS Snowball Edge Storage Optimized devices. Ship the devices to an AWS data center. Mount a target Amazon S3 bucket on the on-premises file system.

  C. Use rsync to copy the data directly from local storage to a designated Amazon S3 bucket over the Direct Connect connection.

  D. Back up the data on tapes. Ship the tapes to an AWS data center. Mount a target Amazon S3 bucket on the on-premises file system.

  Correct Answer: A

  By leveraging AWS DataSync in combination with AWS Direct Connect, the company can efficiently and securely transfer its 700 terabytes of data to an Amazon S3 bucket without disruption. The solution allows continued access and updates to the data during the transfer window, ensuring business continuity throughout the migration process.

• Question 713:

  A company stores data in PDF format in an Amazon S3 bucket. The company must follow a legal requirement to retain all new and existing data in Amazon S3 for 7 years. Which solution will meet these requirements with the LEAST operational overhead?

  A. Turn on the S3 Versioning feature for the S3 bucket. Configure S3 Lifecycle to delete the data after 7 years. Configure multi-factor authentication (MFA) delete for all S3 objects.

  B. Turn on S3 Object Lock with governance retention mode for the S3 bucket. Set the retention period to expire after 7 years. Recopy all existing objects to bring the existing data into compliance.

  C. Turn on S3 Object Lock with compliance retention mode for the S3 bucket. Set the retention period to expire after 7 years. Recopy all existing objects to bring the existing data into compliance.

  D. Turn on S3 Object Lock with compliance retention mode for the S3 bucket. Set the retention period to expire after 7 years. Use S3 Batch Operations to bring the existing data into compliance.

  Correct Answer: D

  You need AWS Batch to re-apply certain config to files that were already in S3, like encryption

• Question 714:

  A company has a stateless web application that runs on AWS Lambda functions that are invoked by Amazon API Gateway. The company wants to deploy the application across multiple AWS Regions to provide Regional failover capabilities. What should a solutions architect do to route traffic to multiple Regions?

  A. Create Amazon Route 53 health checks for each Region. Use an active-active failover configuration.

  B. Create an Amazon CloudFront distribution with an origin for each Region. Use CloudFront health checks to route traffic.

  C. Create a transit gateway. Attach the transit gateway to the API Gateway endpoint in each Region. Configure the transit gateway to route requests.

  D. Create an Application Load Balancer in the primary Region. Set the target group to point to the API Gateway endpoint hostnames in each Region.

  Correct Answer: A

  To route traffic to multiple AWS Regions and provide regional failover capabilities for a stateless web application running on AWS Lambda functions invoked by Amazon API Gateway, you can use Amazon Route 53 with an active-active failover configuration.

  By creating Amazon Route 53 health checks for each Region and configuring an active-active failover configuration, Route 53 can monitor the health of the endpoints in each Region and route traffic to healthy endpoints. In the event of a failure in one Region, Route 53 automatically routes traffic to the healthy endpoints in other Regions.

  This setup ensures high availability and failover capabilities for your web application across multiple AWS Regions.

• Question 715:

  A company hosts a multi-tier web application on Amazon Linux Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The company observes that the Auto Scaling group launches more On-Demand Instances when the application's end users access high volumes of static web content. The company wants to optimize cost.

  What should a solutions architect do to redesign the application MOST cost-effectively?

  A. Update the Auto Scaling group to use Reserved Instances instead of On-Demand Instances.

  B. Update the Auto Scaling group to scale by launching Spot Instances instead of On-Demand Instances.

  C. Create an Amazon CloudFront distribution to host the static web contents from an Amazon S3 bucket.

  D. Create an AWS Lambda function behind an Amazon API Gateway API to host the static website contents.

  Correct Answer: C

  Static Web Content = S3 Always.

  CloudFront = Closer to the users locations since it will cache in the Edge nodes.

• Question 716:

  A company stores several petabytes of data across multiple AWS accounts. The company uses AWS Lake Formation to manage its data lake. The company's data science team wants to securely share selective data from its accounts with the company's engineering team for analytical purposes.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Copy the required data to a common account. Create an IAM access role in that account. Grant access by specifying a permission policy that includes users from the engineering team accounts as trusted entities.

  B. Use the Lake Formation permissions Grant command in each account where the data is stored to allow the required engineering team users to access the data.

  C. Use AWS Data Exchange to privately publish the required data to the required engineering team accounts.

  D. Use Lake Formation tag-based access control to authorize and grant cross-account permissions for the required data to the engineering team accounts.

  Correct Answer: D

  By utilizing Lake Formation's tag-based access control, you can define tags and tag-based policies to grant selective access to the required data for the engineering team accounts. This approach allows you to control access at a granular level without the need to copy or move the data to a common account or manage permissions individually in each account. It provides a centralized and scalable solution for securely sharing data across accounts with minimal operational overhead.

• Question 717:

  A company wants to host a scalable web application on AWS. The application will be accessed by users from different geographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost-effective solution to minimize upload and download latency and maximize performance.

  What should a solutions architect do to accomplish this?

  A. Use Amazon S3 with Transfer Acceleration to host the application.

  B. Use Amazon S3 with CacheControl headers to host the application.

  C. Use Amazon EC2 with Auto Scaling and Amazon CloudFront to host the application.

  D. Use Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the application.

  Correct Answer: A

  Amazon S3 (Simple Storage Service) is a highly scalable object storage service provided by AWS. It allows you to store and retrieve any amount of data from anywhere on the web. With Amazon S3, you can host static websites, store and deliver large media files, and manage data for backup and restore.

  Transfer Acceleration is a feature of Amazon S3 that utilizes the AWS global infrastructure to accelerate file transfers to and from Amazon S3. It uses optimized network paths and parallelization techniques to speed up data transfer, especially for large files and over long distances.

  By using Amazon S3 with Transfer Acceleration, the web application can benefit from faster upload and download speeds, reducing latency and improving overall performance for users in different geographic regions. This solution is cost-effective as it leverages the existing Amazon S3 infrastructure and eliminates the need for additional compute resources.

• Question 718:

  A company operates an ecommerce website on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. The site is experiencing performance issues related to a high request rate from illegitimate external systems with changing IP addresses. The security team is worried about potential DDoS attacks against the website. The company must block the illegitimate incoming requests in a way that has a minimal impact on legitimate users.

  What should a solutions architect recommend?

  A. Deploy Amazon Inspector and associate it with the ALB.

  B. Deploy AWS WAF, associate it with the ALB, and configure a rate-limiting rule.

  C. Deploy rules to the network ACLs associated with the ALB to block the incomingtraffic.

  D. Deploy Amazon GuardDuty and enable rate-limiting protection when configuring GuardDuty.

  Correct Answer: B

  AWS WAF (Web Application Firewall) is a service that provides protection for web applications against common web exploits. By associating AWS WAF with the Application Load Balancer (ALB), you can inspect incoming traffic and define rules to allow or block requests based on various criteria.

• Question 719:

  A company wants to share accounting data with an external auditor. The data is stored in an Amazon RDS DB instance that resides in a private subnet. The auditor has its own AWS account and requires its own copy of the database.

  What is the MOST secure way for the company to share the database with the auditor?

  A. Create a read replica of the database. Configure IAM standard database authentication to grant the auditor access.

  B. Export the database contents to text files. Store the files in an Amazon S3 bucket. Create a new IAM user for the auditor. Grant the user access to the S3 bucket.

  C. Copy a snapshot of the database to an Amazon S3 bucket. Create an IAM user. Share the user's keys with the auditor to grant access to the object in the S3 bucket.

  D. Create an encrypted snapshot of the database. Share the snapshot with the auditor. Allow access to the AWS Key Management Service (AWS KMS) encryption key.

  Correct Answer: D

  Option D (Creating an encrypted snapshot of the database, sharing the snapshot, and allowing access to the AWS Key Management Service encryption key) is generally considered a better option for sharing the database with the auditor in terms of security and control.

• Question 720:

  A company used an Amazon RDS for MySQL DB instance during application testing. Before terminating the DB instance at the end of the test cycle, a solutions architect created two backups. The solutions architect created the first backup by

  using the mysqldump utility to create a database dump. The solutions architect created the second backup by enabling the final DB snapshot option on RDS termination.

  The company is now planning for a new test cycle and wants to create a new DB instance from the most recent backup. The company has chosen a MySQL-compatible edition ofAmazon Aurora to host the DB instance.

  Which solutions will create the new DB instance? (Choose two.)

  A. Import the RDS snapshot directly into Aurora.

  B. Upload the RDS snapshot to Amazon S3. Then import the RDS snapshot into Aurora.

  C. Upload the database dump to Amazon S3. Then import the database dump into Aurora.

  D. Use AWS Database Migration Service (AWS DMS) to import the RDS snapshot into Aurora.

  E. Upload the database dump to Amazon S3. Then use AWS Database Migration Service (AWS DMS) to import the database dump into Aurora.

  Correct Answer: AC

  Migrating data from MySQL by using an Amazon S3 bucket

  You can copy the full and incremental backup files from your source MySQL version 5.7 database to an Amazon S3 bucket, and then restore an Amazon Aurora MySQL DB cluster from those files.

  This option can be considerably faster than migrating data using mysqldump, because using mysqldump replays all of the commands to recreate the schema and data from your source database in your new Aurora MySQL DB cluster.

  By copying your source MySQL data files, Aurora MySQL can immediately use those files as the data for an Aurora MySQL DB cluster.

  https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Migrating.ExtMySQL.html