Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 851:

  A company has migrated several applications to AWS in the past 3 months. The company wants to know the breakdown of costs for each of these applications. The company wants to receive a regular report that includes this information.

  Which solution will meet these requirements MOST cost-effectively?

  A. Use AWS Budgets to download data for the past 3 months into a .csv file. Look up the desired information.
  B. Load AWS Cost and Usage Reports into an Amazon RDS DB instance. Run SQL queries to get the desired information.
  C. Tag all the AWS resources with a key for cost and a value of the application's name. Activate cost allocation tags. Use Cost Explorerto get the desired information.
  D. Tag all the AWS resources with a key for cost and a value of the application's name. Use the AWS Billing and Cost Management console todownload bills for the past 3 months. Look up the desired information.
  C. Tag all the AWS resources with a key for cost and a value of the application's name. Activate cost allocation tags. Use Cost Explorerto get the desired information.

• Question 852:

  A company wants to migrate its on-premises Oracle database to Amazon Aurora. The company wants to use a secure and encrypted network to transfer the data.

  Which combination of steps will meet these requirements? (Choose Two.)

  A. Use AWS Application Migration Service to migrate the data.
  B. Use AWS Schema Conversion Tool (AWS SCT) and AWS Database Migration Service (AWS DMS) to migrate the data.
  C. Use AWS Direct Connect SiteLink to transfer data from the on-premises environment to AWS.
  D. Use AWS Site-to-Site VPN to establish a connection to transfer the data from the on-premises environment to AWS.
  E. Use AWS App2Container to migrate the data.
  B. Use AWS Schema Conversion Tool (AWS SCT) and AWS Database Migration Service (AWS DMS) to migrate the data.
  D. Use AWS Site-to-Site VPN to establish a connection to transfer the data from the on-premises environment to AWS.

  ---

  Explanation

  To securely migrate an on-premises Oracle database to Amazon Aurora, the following steps are recommended:

  Use AWS

  Schema Conversion Tool (AWS SCT) and AWS Database Migration Service (AWS DMS): AWS SCT helps convert the source database schema to a format compatible with the target database (Aurora).

  AWS DMS facilitates the actual data migration, ensuring minimal downtime and data integrity.

  Use AWS Site-to-Site VPN: Establishing a Site-to-Site VPN connection provides a secure and encrypted tunnel between the on-premises environment and AWS. This ensures that data transferred during the migration is protected against interception and unauthorized access.

  References:

  Migrate an Oracle database to Aurora PostgreSQL using AWS DMS and AWS SCT Step 2: Configure Your Source Database - AWS Documentation

• Question 853:

  A company has an application that customers use to upload images to an Amazon S3 bucket. Each night, the company launches an Amazon EC2 Spot Fleet that processes all the images that the company received that day. The processing for each image takes 2 minutes and requires 512 MB of memory.

  A solutions architect needs to change the application to process the images when the images are uploaded.

  Which change will meet these requirements MOST cost-effectively?

  A. Use S3 Event Notifications to write a message with image details to an Amazon Simple Queue Service (Amazon SQS) queue. Configure an AWS Lambda function to read the messages from the queue and to process the images.
  B. Use S3 Event Notifications to write a message with image details to an Amazon Simple Queue Service (Amazon SQS) queue. Configure an EC2 Reserved Instance to read the messages from the queue and to process the images.
  C. Use S3 Event Notifications to publish a message with image details to an Amazon Simple Notification Service (Amazon SNS) topic. Configure a container instance in Amazon Elastic Container Service (Amazon ECS) to subscribe to the topic and to process the images.
  D. Use S3 Event Notifications to publish a message with image details to an Amazon Simple Notification Service (Amazon SNS) topic. Configure an AWS Elastic Beanstalk application to subscribe to the topic and to process the images.
  A. Use S3 Event Notifications to write a message with image details to an Amazon Simple Queue Service (Amazon SQS) queue. Configure an AWS Lambda function to read the messages from the queue and to process the images.

• Question 854:

  A company will migrate 10 PB of data to Amazon S3 in 6 weeks. The current data center has a 500 Mbps uplink to the internet. Other on-premises applications share the uplink. The company can use 80% of the internet bandwidth for this one-time migration task.

  Which solution will meet these requirements?

  A. Configure AWS DataSync to migrate the data to Amazon S3 and to automatically verify the data.
  B. Use rsync to transfer the data directly to Amazon S3.
  C. Use the AWS CLI and multiple copy processes to send the data directly to Amazon S3.
  D. Order multiple AWS Snowball devices. Copy the data to the devices. Send the devices to AWS to copy the data to Amazon S3.
  D. Order multiple AWS Snowball devices. Copy the data to the devices. Send the devices to AWS to copy the data to Amazon S3.

• Question 855:

  A global ecommerce company runs its critical workloads on AWS. The workloads use an Amazon RDS for PostgreSQL DB instance that is configured for a Multi-AZ deployment. Customers have reported application timeouts when the company undergoes database failovers. The company needs a resilient solution to reduce failover time.

  Which solution will meet these requirements?

  A. Create an Amazon RDS Proxy. Assign the proxy to the DB instance.
  B. Create a read replica for the DB instance. Move the read traffic to the read replica.
  C. Enable Performance Insights. Monitor the CPU load to identify the timeouts.
  D. Take regular automatic snapshots. Copy the automatic snapshots to multiple AWS Regions.
  A. Create an Amazon RDS Proxy. Assign the proxy to the DB instance.

• Question 856:

  A company wants to migrate its on-premises data center to AWS. According to the company's compliance requirements, the company can use only the ap-northeast-3 Region. Company administrators are not permitted to connect VPCs to the internet.

  Which solutions will meet these requirements? (Choose two.)

  A. Use AWS Control Tower to implement data residency guardrails to deny internet access and deny access to all AWS Regions except ap-northeast-3.
  B. Use rules in AWS WAF to prevent internet access. Deny access to all AWS Regions except ap-northeast-3 in the AWS account settings.
  C. Use AWS Organizations to configure service control policies (SCPS) that prevent VPCs from gaining internet access. Deny access to all AWS Regions except ap-northeast-3.
  D. Create an outbound rule for the network ACL in each VPC to deny all traffic from 0.0.0.0/0. Create an IAM policy for each user to prevent the use of any AWS Region other than ap-northeast-3.
  E. Use AWS Config to activate managed rules to detect and alert for internet gateways and to detect and alert for new resources deployed outside of ap-northeast-3.
  A. Use AWS Control Tower to implement data residency guardrails to deny internet access and deny access to all AWS Regions except ap-northeast-3.
  C. Use AWS Organizations to configure service control policies (SCPS) that prevent VPCs from gaining internet access. Deny access to all AWS Regions except ap-northeast-3.

• Question 857:

  An online retail company has more than 50 million active customers and receives more than 25,000 orders each day. The company collects purchase data for customers and stores this data in Amazon S3.

  Additional customer data is stored in Amazon RDS.

  The company wants to make all the data available to various teams so that the teams can perform analytics. The solution must provide the ability to manage fine-grained permissions for the data and must minimize operational overhead.

  Which solution will meet these requirements?

  A. Migrate the purchase data to write directly to Amazon RDS. Use RDS access controls to limit access.
  B. Schedule an AWS Lambda function to periodically copy data from Amazon RDS to Amazon S3. Create an AWS Glue crawler. Use Amazon Athena to query the data. Use S3 policies to limit access.
  C. Create a data lake by using AWS Lake Formation. Create an AWS Glue JDBC connection to Amazon RDS. Register the S3 bucket in Lake Formation. Use Lake Formation access controls to limit access.
  D. Create an Amazon Redshift cluster. Schedule an AWS Lambda function to periodically copy data from Amazon S3 and Amazon RDS to Amazon Redshift. Use Amazon Redshift access controls to limit access.
  C. Create a data lake by using AWS Lake Formation. Create an AWS Glue JDBC connection to Amazon RDS. Register the S3 bucket in Lake Formation. Use Lake Formation access controls to limit access.

• Question 858:

  A company runs production workloads in its AWS account. Multiple teams create and maintain the workloads. The company needs to be able to detect changes in resource configurations. The company needs to capture changes as configuration items without changing or modifying the existing resources.

  Which solution will meet these requirements?

  A. Use AWS Config. Start the configuration recorder for AWS resources to detect changes in resource configurations.
  B. Use AWS CloudFormation. Initiate drift detection to capture changes in resource configurations.
  C. Use Amazon Detective to detect, analyze, and investigate changes in resource configurations.
  D. Use AWS Audit Manager to capture management events and global service events for resource configurations.
  A. Use AWS Config. Start the configuration recorder for AWS resources to detect changes in resource configurations.

  ---

  Explanation

  AWS Config is a service designed to assess, audit, and evaluate the configurations of AWS resources. It continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. By starting a configuration recorder, AWS Config will capture changes to supported resource types as configuration items--without the need to modify any of the existing resources. This provides a full history of configuration changes and is specifically intended for exactly this use case.

  AWS Documentation Extract:

  "AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so you can see how the configurations and relationships change over time." "You can start the configuration recorder, which will record the configuration changes of the supported resources in your AWS account." (Source: AWS Config documentation, What is AWS Config?)

  Other options:

  Option B: CloudFormation drift detection only works for resources created and managed by CloudFormation and requires stacks.

  Option C: Amazon Detective is used for analyzing and investigating security findings, not for resource configuration tracking.

  Option D: AWS Audit Manager is used for automating evidence collection to help with audits, not for tracking resource configurations.

  References:

  AWS Certified Solutions Architect?Official Study Guide, Chapter on Monitoring and Auditing.

• Question 859:

  A social media company is creating a rewards program website for its users. The company gives users points when users create and upload videos to the website. Users redeem their points for gifts or discounts from the company's affiliated partners. A unique ID identifies users. The partners refer to this ID to verify user eligibility for rewards. The partners want to receive notification of user IDs through an HTTP endpoint when the company gives users points. Hundreds of vendors are interested in becoming affiliated partners every day. The company wants to design an architecture that gives the website the ability to add partners rapidly in a scalable way.

  Which solution will meet these requirements with the LEAST implementation effort?

  A. Create an Amazon Timestream database to keep a list of affiliated partners. Implement an AWS Lambda function to read the list. Configure the Lambda function to send user IDs to each partner when the company gives users points.
  B. Create an Amazon Simple Notification Service (Amazon SNS) topic. Choose an endpoint protocol. Subscribe the partners to the topic. Publish user IDs to the topic when the company gives users points.
  C. Create an AWS Step Functions state machine. Create a task for every affiliated partner. Invoke the state machine with user IDs as input when the company gives users points.
  D. Create a data stream in Amazon Kinesis Data Streams. Implement producer and consumer applications. Store a list of affiliated partners in the data stream. Send user IDs when the company gives users points.
  B. Create an Amazon Simple Notification Service (Amazon SNS) topic. Choose an endpoint protocol. Subscribe the partners to the topic. Publish user IDs to the topic when the company gives users points.

• Question 860:

  A company's web application is running on Amazon EC2 instances behind an Application Load Balancer.

  The company recently changed its policy, which now requires the application to be accessed from one specific country only.

  Which configuration will meet this requirement?

  A. Configure the security group for the EC2 instances.
  B. Configure the security group on the Application Load Balancer.
  C. Configure AWS WAF on the Application Load Balancer in a VPC.
  D. Configure the network ACL for the subnet that contains the EC2 instances.
  C. Configure AWS WAF on the Application Load Balancer in a VPC.