Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 741:

  A company is designing a shared storage solution for a gaming application that is hosted in the AWS Cloud. The company needs the ability to use SMB clients to access data. The solution must be fully managed.

  Which AWS solution meets these requirements?

  A. Create an AWS DataSync task that shares the data as a mountable file system. Mount the file system to the application server.
  B. Create an Amazon EC2 Windows instance. Install and configure a Windows file share role on the instance. Connect the application server to the file share.
  C. Create an Amazon FSx for Windows File Server file system. Attach the file system to the origin server. Connect the application server to the file system.
  D. Create an Amazon S3 bucket. Assign an IAM role to the application to grant access to the S3 bucket. Mount the S3 bucket to the application server.
  C. Create an Amazon FSx for Windows File Server file system. Attach the file system to the origin server. Connect the application server to the file system.

• Question 742:

  A company is implementing a shared storage solution for a gaming application that is hosted in the AWS Cloud. The company needs the ability to use Lustre clients to access data. The solution must be fully managed.

  Which solution meets these requirements?

  A. Create an AWS DataSync task that shares the data as a mountable file system. Mount the file system to the application server.
  B. Create an AWS Storage Gateway file gateway. Create a file share that uses the required client protocol. Connect the application server to the file share.
  C. Create an Amazon Elastic File System (Amazon EFS) file system, and configure it to support Lustre. Attach the file system to the origin server. Connect the application server to the file system.
  D. Create an Amazon FSx for Lustre file system. Attach the file system to the origin server. Connect the application server to the file system.
  D. Create an Amazon FSx for Lustre file system. Attach the file system to the origin server. Connect the application server to the file system.

• Question 743:

  A company needs a solution to back up and protect critical AWS resources. The company needs to regularly take backups of several Amazon EC2 instances and Amazon RDS for PostgreSQL databases.

  To ensure high resiliency, the company must have the ability to validate and restore backups.

  Which solution meets the requirement with LEAST operational overhead?

  A. Use AWS Backup to create a backup schedule for the resources. Use AWS Backup to create a restoration testing plan for the required resources.
  B. Take snapshots of the EC2 instances and RDS DB instances. Create AWS Batch jobs to validate and restore the snapshots.
  C. Create a custom AWS Lambda function to take snapshots of the EC2 instances and RDS DB instances. Create a second Lambda function to restore the snapshots periodically to validate the backups.
  D. Take snapshots of the EC2 instances and RDS DB instances. Create an AWS Lambda function to restore the snapshots periodically to validate the backups.
  A. Use AWS Backup to create a backup schedule for the resources. Use AWS Backup to create a restoration testing plan for the required resources.

  ---

  Explanation

  AWS Backup is a fully managed backup service designed to centralize and automate data protection across AWS services including EC2 and RDS. It allows users to define backup schedules (backup plans) and automatically create and retain backups. AWS Backup also offers restore testing plans, allowing users to automate the validation of backups by restoring them in a controlled manner. This service is built to minimize operational overhead by removing the need to manage custom scripts, manual processes, or additional orchestration services. This aligns with AWS best practices for resilience, automation, and operational excellence.

  Reference Extract from AWS Documentation /

  Study Guide:

  " AWS Backup enables you to centralize and automate data protection across AWS services. You can create backup plans, schedule backups, and set lifecycle policies. AWS Backup also enables restore testing to verify your backup integrity, with minimal manual intervention. "

  Source: AWS Certified Solutions Architect?Official Study Guide, Resiliency and Disaster Recovery section;

  AWS Backup User Guide.

• Question 744:

  A company runs an application in a VPC with public and private subnets. The VPC extends across multiple Availability Zones. The application runs on Amazon EC2 instances in private subnets. The application uses an Amazon Simple Queue Service (Amazon SQS) queue.

  A solutions architect needs to design a secure solution to establish a connection between the EC2 instances and the SQS queue.

  Which solution will meet these requirements?

  A. Implement an interface VPC endpoint for Amazon SQS. Configure the endpoint to use the private subnets. Add to the endpoint a security group that has an inbound access rule that allows traffic from the EC2 instances that are in the private subnets.
  B. Implement an interface VPC endpoint for Amazon SQS. Configure the endpoint to use the public subnets. Attach to the interface endpoint a VPC endpoint policy that allows access from the EC2 instances that are in the private subnets.
  C. Implement an interface VPC endpoint for Amazon SQS. Configure the endpoint to use the public subnets. Attach an Amazon SQS access policy to the interface VPC endpoint that allows requests from only a specified VPC endpoint.
  D. Implement a gateway endpoint for Amazon SQS. Add a NAT gateway to the private subnets. Attach an IAM role to the EC2 instances that allows access to the SQS queue.
  A. Implement an interface VPC endpoint for Amazon SQS. Configure the endpoint to use the private subnets. Add to the endpoint a security group that has an inbound access rule that allows traffic from the EC2 instances that are in the private subnets.

• Question 745:

  A company is creating a prototype of an ecommerce website on AWS. The website consists of an Application Load Balancer, an Auto Scaling group of Amazon EC2 instances for web servers, and an Amazon RDS for MySQL DB instance that runs with the Single-AZ configuration. The website is slow to respond during searches of the product catalog. The product catalog is a group of tables in the MySQL database that the company does not update frequently. A solutions architect has determined that the CPU utilization on the DB instance is high when product catalog searches occur.

  What should the solutions architect recommend to improve the performance of the website during searches of the product catalog?

  A. Migrate the product catalog to an Amazon Redshift database. Use the COPY command to load the product catalog tables.
  B. Implement an Amazon ElastiCache for Redis cluster to cache the product catalog. Use lazy loading to populate the cache.
  C. Add an additional scaling policy to the Auto Scaling group to launch additional EC2 instances when database response is slow.
  D. Turn on the Multi-AZ configuration for the DB instance. Configure the EC2 instances to throttle the product catalog queries that are sent to the database.
  B. Implement an Amazon ElastiCache for Redis cluster to cache the product catalog. Use lazy loading to populate the cache.

• Question 746:

  A company has a VPC with multiple private subnets that host multiple applications. The applications must not be accessible from the internet. However, the applications need to access multiple AWS services. The applications must not use public IP addresses to access the AWS services.

  Which solution will meet these requirements?

  A. Configure interface VPC endpoints for the required AWS services. Route traffic from the private subnets through the interface VPC endpoints.
  B. Deploy a NAT gateway in each private subnet. Route traffic from the private subnets through the NAT gateways.
  C. Deploy internet gateways in each private subnet. Route traffic from the private subnets through the internet gateways.
  D. Set up an AWS Direct Connect connection between the private subnets. Route traffic from the private subnets through the Direct Connect connection.
  A. Configure interface VPC endpoints for the required AWS services. Route traffic from the private subnets through the interface VPC endpoints.

  ---

  Explanation

  AWS VPC endpoints (interface and gateway) allow private connectivity from VPC resources to AWS services without requiring public IP addresses or internet gateways. This ensures applications remain isolated in private subnets while securely accessing AWS services. NAT gateways (B) would allow internet access, which does not meet the security requirement. Internet gateways (C) directly expose traffic to the internet, which violates the isolation requirement. Direct Connect (D) connects on-premises environments to AWS but does not provide service access from private subnets. Therefore, option A -- using interface VPC endpoints -- is the correct solution.

  References:

  Amazon VPC User Guide -- VPC endpoints (interface and gateway)?AWS Well-Architected Framework -- Security Pillar: Network isolation and private connectivity

• Question 747:

  A solutions architect configured a VPC that has a small range of IP addresses. The number of Amazon EC2 instances that are in the VPC is increasing, and there is an insufficient number of IP addresses for future workloads.

  Which solution resolves this issue with the LEAST operational overhead?

  A. Add an additional IPv4 CIDR block to increase the number of IP addresses and create additional subnets in the VPC. Create new resources in the new subnets by using the new CIDR.
  B. Create a second VPC with additional subnets. Use a peering connection to connect the second VPC with the first VPC Update the routes and create new resources in the subnets of the second VPC.
  C. Use AWS Transit Gateway to add a transit gateway and connect a second VPC with the first VPUpdate the routes of the transit gateway and VPCs. Create new resources in the subnets of the second VPC.
  D. Create a second VPC. Create a Site-to-Site VPN connection between the first VPC and the second VPC by using a VPN-hosted solution on Amazon EC2 and a virtual private gateway. Update the route between VPCs to the traffic through the VPN. Create new resources in the subnets of the second VPC.
  A. Add an additional IPv4 CIDR block to increase the number of IP addresses and create additional subnets in the VPC. Create new resources in the new subnets by using the new CIDR.

• Question 748:

  A company hosts an application in a private subnet. The company has already integrated the application with Amazon Cognito. The company uses an Amazon Cognito user pool to authenticate users.

  The company needs to modify the application so the application can securely store user documents in an Amazon S3 bucket.

  Which combination of steps will securely integrate Amazon S3 with the application? (Choose two.)

  A. Create an Amazon Cognito identity pool to generate secure Amazon S3 access tokens for users when they successfully log in.
  B. Use the existing Amazon Cognito user pool to generate Amazon S3 access tokens for users when they successfully log in.
  C. Create an Amazon S3 VPC endpoint in the same VPC where the company hosts the application.
  D. Create a NAT gateway in the VPC where the company hosts the application. Assign a policy to the S3 bucket to deny any request that is not initiated from Amazon Cognito.
  E. Attach a policy to the S3 bucket that allows access only from the users' IP addresses.
  A. Create an Amazon Cognito identity pool to generate secure Amazon S3 access tokens for users when they successfully log in.
  C. Create an Amazon S3 VPC endpoint in the same VPC where the company hosts the application.

• Question 749:

  A company is storing 700 terabytes of data on a large network-attached storage (NAS) system in its corporate data center. The company has a hybrid environment with a 10 Gbps AWS Direct Connect connection. After an audit from a regulator, the company has 90 days to move the data to the cloud. The company needs to move the data efficiently and without disruption. The company still needs to be able to access and update the data during the transfer window.

  Which solution will meet these requirements?

  A. Create an AWS DataSync agent in the corporate data center. Create a data transfer task Start the transfer to an Amazon S3 bucket.
  B. Back up the data to AWS Snowball Edge Storage Optimized devices. Ship the devices to an AWS data center. Mount a target Amazon S3 bucket on the on-premises file system.
  C. Use rsync to copy the data directly from local storage to a designated Amazon S3 bucket over the Direct Connect connection.
  D. Back up the data on tapes. Ship the tapes to an AWS data center. Mount a target Amazon S3 bucket on the on-premises file system.
  A. Create an AWS DataSync agent in the corporate data center. Create a data transfer task Start the transfer to an Amazon S3 bucket.

• Question 750:

  A company regularly uploads GB-sized files to Amazon S3. After the company uploads the files, the company uses a fleet of Amazon EC2 Spot Instances to transcode the file format. The company needs to scale throughput when the company uploads data from the on-premises data center to Amazon S3 and when the company downloads data from Amazon S3 to the EC2 instances.

  Which solutions will meet these requirements? (Choose two.)

  A. Use the S3 bucket access point instead of accessing the S3 bucket directly.
  B. Upload the files into multiple S3 buckets.
  C. Use S3 multipart uploads.
  D. Fetch multiple byte-ranges of an object in parallel.
  E. Add a random prefix to each object when uploading the files.
  C. Use S3 multipart uploads.
  D. Fetch multiple byte-ranges of an object in parallel.