Amazon Amazon Certifications SAA-C03 Questions & Answers

• Question 731:

  A solutions architect is implementing a complex Java application with a MySQL database. The Java application must be deployed on Apache Tomcat and must be highly available.

  What should the solutions architect do to meet these requirements?

  A. Deploy the application in AWS Lambda. Configure an Amazon API Gateway API to connect with the Lambda functions.

  B. Deploy the application by using AWS Elastic Beanstalk. Configure a load-balanced environment and a rolling deployment policy.

  C. Migrate the database to Amazon ElastiCache. Configure the ElastiCache security group to allow access from the application.

  D. Launch an Amazon EC2 instance. Install a MySQL server on the EC2 instance. Configure the application on the server. Create an AMI. Use the AMI to create a launch template with an Auto Scaling group.

  Correct Answer: B

  AWS Elastic Beanstalk provides an easy and quick way to deploy, manage, and scale applications. It supports a variety of platforms, including Java and Apache Tomcat. By using Elastic Beanstalk, the solutions architect can upload the Java application and configure the environment to run Apache Tomcat.

• Question 732:

  A company uses high block storage capacity to runs its workloads on premises. The company's daily peak input and output transactions per second are not more than 15,000 IOPS. The company wants to migrate the workloads to Amazon EC2 and to provision disk performance independent of storage capacity.

  Which Amazon Elastic Block Store (Amazon EBS) volume type will meet these requirements MOST cost-effectively?

  A. GP2 volume type

  B. io2 volume type

  C. GP3 volume type

  D. io1 volume type

  Correct Answer: C

  The GP3 (General Purpose SSD) volume type in Amazon Elastic Block Store (EBS) is the most cost-effective option for the given requirements. GP3 volumes offer a balance of price and performance and are suitable for a wide range of workloads, including those with moderate I/O needs.

  GP3 volumes allow you to provision performance independently from storage capacity, which means you can adjust the baseline performance (measured in IOPS) and throughput (measured in MiB/s) separately from the volume size. This flexibility allows you to optimize your costs while meeting the workload requirements.

  In this case, since the company's daily peak input and output transactions per second are not more than 15,000 IOPS, GP3 volumes provide a suitable and cost-effective option for their workloads.

• Question 733:

  A company needs to store data from its healthcare application. The application's data frequently changes. A new regulation requires audit access at all levels of the stored data.

  The company hosts the application on an on-premises infrastructure that is running out of storage capacity. A solutions architect must securely migrate the existing data to AWS while satisfying the new regulation.

  Which solution will meet these requirements?

  A. Use AWS DataSync to move the existing data to Amazon S3. Use AWS CloudTrail to log data events.

  B. Use AWS Snowcone to move the existing data to Amazon S3. Use AWS CloudTrail to log management events.

  C. Use Amazon S3 Transfer Acceleration to move the existing data to Amazon S3. Use AWS CloudTrail to log data events.

  D. Use AWS Storage Gateway to move the existing data to Amazon S3. Use AWS CloudTrail to log management events.

  Correct Answer: A

  AWS DataSync is a service designed specifically for securely and efficiently transferring large amounts of data between on-premises storage systems and AWS services like Amazon S3. It provides a reliable and optimized way to migrate data while maintaining data integrity.

  AWS CloudTrail, on the other hand, is a service that logs and monitors management events in your AWS account. While it can capture data events for certain services, its primary focus is on tracking management actions like API calls and configuration changes.

  Therefore, using AWS DataSync to transfer the existing data to Amazon S3 and leveraging AWS CloudTrail to log data events aligns with the requirement of securely migrating the data and ensuring audit access at all levels, as specified by the new regulation.

• Question 734:

  A solutions architect wants to use the following JSON text as an identity-based policy to grant specific permissions:

  

  Which IAM principals can the solutions architect attach this policy to? (Choose two.)

  A. Role

  B. Group

  C. Organization

  D. Amazon Elastic Container Service (Amazon ECS) resource

  E. Amazon EC2 resource

  Correct Answer: AB

  identity-based policy used for role and group

• Question 735:

  A company is running a custom application on Amazon EC2 On-Demand Instances. The application has frontend nodes that need to run 24 hours a day, 7 days a week and backend nodes that need to run only for a short time based on

  workload. The number of backend nodes varies during the day.

  The company needs to scale out and scale in more instances based on workload.

  Which solution will meet these requirements MOST cost-effectively?

  A. Use Reserved Instances for the frontend nodes. Use AWS Fargate for the backend nodes.

  B. Use Reserved Instances for the frontend nodes. Use Spot Instances for the backend nodes.

  C. Use Spot Instances for the frontend nodes. Use Reserved Instances for the backend nodes.

  D. Use Spot Instances for the frontend nodes. Use AWS Fargate for the backend nodes.

  Correct Answer: B

  short time = SPOT

• Question 736:

  A company runs a highly available SFTP service. The SFTP service uses two Amazon EC2 Linux instances that run with elastic IP addresses to accept traffic from trusted IP sources on the internet. The SFTP service is backed by shared storage that is attached to the instances. User accounts are created and managed as Linux users in the SFTP servers.

  The company wants a serverless option that provides high IOPS performance and highly configurable security. The company also wants to maintain control over user permissions.

  Which solution will meet these requirements?

  A. Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume. Create an AWS Transfer Family SFTP service with a public endpoint that allows only trusted IP addresses. Attach the EBS volume to the SFTP service endpoint. Grant users access to the SFTP service.

  B. Create an encrypted Amazon Elastic File System (Amazon EFS) volume. Create an AWS Transfer Family SFTP service with elastic IP addresses and a VPC endpoint that has internet-facing access. Attach a security group to the endpoint that allows only trusted IP addresses. Attach the EFS volume to the SFTP service endpoint. Grant users access to the SFTP service.

  C. Create an Amazon S3 bucket with default encryption enabled. Create an AWS Transfer Family SFTP service with a public endpoint that allows only trusted IP addresses. Attach the S3 bucket to the SFTP service endpoint. Grant users access to the SFTP service.

  D. Create an Amazon S3 bucket with default encryption enabled. Create an AWS Transfer Family SFTP service with a VPC endpoint that has internal access in a private subnet. Attach a security group that allows only trusted IP addresses. Attach the S3 bucket to the SFTP service endpoint. Grant users access to the SFTP service.

  Correct Answer: B

  EFS is serverless. There is no reference in S3 about IOPS

• Question 737:

  A company is developing a new machine learning (ML) model solution on AWS. The models are developed as independent microservices that fetch approximately 1 GB of model data from Amazon S3 at startup and load the data into memory. Users access the models through an asynchronous API. Users can send a request or a batch of requests and specify where the results should be sent.

  The company provides models to hundreds of users. The usage patterns for the models are irregular. Some models could be unused for days or weeks. Other models could receive batches of thousands of requests at a time.

  Which design should a solutions architect recommend to meet these requirements?

  A. Direct the requests from the API to a Network Load Balancer (NLB). Deploy the models as AWS Lambda functions that are invoked by the NLB.

  B. Direct the requests from the API to an Application Load Balancer (ALB). Deploy the models as Amazon Elastic Container Service (Amazon ECS) services that read from an Amazon Simple Queue Service (Amazon SQS) queue. Use AWS App Mesh to scale the instances of the ECS cluster based on the SQS queue size.

  C. Direct the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue. Deploy the models as AWS Lambda functions that are invoked by SQS events. Use AWS Auto Scaling to increase the number of vCPUs for the Lambda functions based on the SQS queue size.

  D. Direct the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue. Deploy the models as Amazon Elastic Container Service (Amazon ECS) services that read from the queue. Enable AWS Auto Scaling on Amazon ECS for both the cluster and copies of the service based on the queue size.

  Correct Answer: D

  asynchronous=SQS, microservices=ECS.

  Use AWS Auto Scaling to adjust the number of ECS services.

• Question 738:

  A company wants to use an Amazon RDS for PostgreSQL DB cluster to simplify time-consuming database administrative tasks for production database workloads. The company wants to ensure that its database is highly available and will provide automatic failover support in most scenarios in less than 40 seconds. The company wants to offload reads off of the primary instance and keep costs as low as possible.

  Which solution will meet these requirements?

  A. Use an Amazon RDS Multi-AZ DB instance deployment. Create one read replica and point the read workload to the read replica.

  B. Use an Amazon RDS Multi-AZ DB duster deployment Create two read replicas and point the read workload to the read replicas.

  C. Use an Amazon RDS Multi-AZ DB instance deployment. Point the read workload to the secondary instances in the Multi-AZ pair.

  D. Use an Amazon RDS Multi-AZ DB cluster deployment Point the read workload to the reader endpoint.

  Correct Answer: D

  The company wants high availability, automatic failover support in less than 40 seconds, read offloading from the primary instance, and cost-effectiveness. Answer D is the best choice for several reasons:

  1.

  Amazon RDS Multi-AZ deployments provide high availability and automatic failover support.

  2.

  In a Multi-AZ DB cluster, Amazon RDS automatically provisions and maintains a standby in a different Availability Zone. If a failure occurs, Amazon RDS performs an automatic failover to the standby, minimizing downtime.

  3.

  The "Reader endpoint" for an Amazon RDS DB cluster provides load-balancing support for read-only connections to the DB cluster. Directing read traffic to the reader endpoint helps in offloading read operations from the primary instance.

• Question 739:

  A company's facility has badge readers at every entrance throughout the building. When badges are scanned, the readers send a message over HTTPS to indicate who attempted to access that particular entrance. A solutions architect must design a system to process these messages from the sensors. The solution must be highly available, and the results must be made available for the company's security team to analyze. Which system architecture should the solutions architect recommend?

  A. Launch an Amazon EC2 instance to serve as the HTTPS endpoint and to process the messages Configure the EC2 instance to save the results to an Amazon S3 bucket.

  B. Create an HTTPS endpoint in Amazon API Gateway. Configure the API Gateway endpoint to invoke an AWS Lambda function to process the messages and save the results to an Amazon DynamoDB table.

  C. Use Amazon Route 53 to direct incoming sensor messages to an AWS Lambda function. Configure the Lambda function to process the messages and save the results to an Amazon DynamoDB table.

  D. Create a gateway VPC endpoint for Amazon S3. Configure a Site-to-Site VPN connection from the facility network to the VPC so that sensor data can be written directly to an S3 bucket by way of the VPC endpoint.

  Correct Answer: B

  Deploy Amazon API Gateway as an HTTPS endpoint and AWS Lambda to process and save the messages to an Amazon DynamoDB table. This option provides a highly available and scalable solution that can easily handle large amounts of data. It also integrates with other AWS services, making it easier to analyze and visualize the data for the security team.

• Question 740:

  A company is developing a new mobile app. The company must implement proper traffic filtering to protect its Application Load Balancer (ALB) against common application-level attacks, such as cross-site scripting or SQL injection. The company has minimal infrastructure and operational staff. The company needs to reduce its share of the responsibility in managing, updating, and securing servers for its AWS environment.

  What should a solutions architect recommend to meet these requirements?

  A. Configure AWS WAF rules and associate them with the ALB.

  B. Deploy the application using Amazon S3 with public hosting enabled.

  C. Deploy AWS Shield Advanced and add the ALB as a protected resource.

  D. Create a new ALB that directs traffic to an Amazon EC2 instance running a third-party firewall, which then passes the traffic to the current ALB.

  Correct Answer: A

  A solutions architect should recommend option A, which is to configure AWS WAF rules and associate them with the ALB. This will allow the company to apply traffic filtering at the application layer, which is necessary for protecting the ALB against common application-level attacks such as cross-site scripting or SQL injection. AWS WAF is a managed service that makes it easy to protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. The company can easily manage and update the rules to ensure the security of its application.