Amazon SAA-C03 Online Practice Questions and Exam Preparation

Amazon SAA-C03 Online Questions & Answers

• Question 941:

  A company hosts a web application on an on-premises server that processes incoming requests.

  Processing time for each request varies from 5 minutes to 20 minutes. The number of requests is growing.

  The company wants to move the application to AWS. The company wants to update the architecture to scale automatically.

  Which solution will meet these requirements?

  A. Convert the application to a microservices architecture that uses containers. Use Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type to run the containerized web application. Configure Service Auto Scaling. Use an Application Load Balancer to distribute incoming requests.
  B. Create an Amazon EC2 instance that has sufficient CPU and RAM capacity to run the application. Create metrics to track usage. Create alarms to notify the company when usage exceeds a specified threshold. Replace the EC2 instance with a larger instance size in the same family when usage is too high.
  C. Refactor the web application to use multiple AWS Lambda functions. Use an Amazon API Gateway REST API as an entry point to the Lambda functions.
  D. Refactor the web application to use a single AWS Lambda function. Use an Amazon API Gateway HTTP API as an entry point to the Lambda function.
  A. Convert the application to a microservices architecture that uses containers. Use Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type to run the containerized web application. Configure Service Auto Scaling. Use an Application Load Balancer to distribute incoming requests.

  ---

  Explanation

  AWS Fargate runs containers without managing servers, and ECS Service Auto Scaling adjusts the number of tasks based on demand. Behind an Application Load Balancer, ECS services elastically scale out to handle concurrent long-running requests. This fits workloads with processing times of 5?0 minutes per request. Lambda (C, D) has a maximum 15-minute timeout, so a portion of requests would fail or require complex refactoring and orchestration.

  Option B relies on vertical scaling and manual intervention, leaving capacity idle and failing to scale automatically with spikes. By containerizing the app and running it on ECS with Fargate, the company gains automatic scaling, isolation per task, and no instance management, ensuring reliable throughput as request volume grows while keeping operations minimal.

• Question 942:

  A company provides an API to its users that automates inquiries for tax computations based on item prices. The company experiences a larger number of inquiries during the holiday season only that cause slower response times. A solutions architect needs to design a solution that is scalable and elastic.

  What should the solutions architect do to accomplish this?

  A. Provide an API hosted on an Amazon EC2 instance. The EC2 instance performs the required computations when the API request is made.
  B. Design a REST API using Amazon API Gateway that accepts the item names. API Gateway passes item names to AWS Lambda for tax computations.
  C. Create an Application Load Balancer that has two Amazon EC2 instances behind it. The EC2 instances will compute the tax on the received item names.
  D. Design a REST API using Amazon API Gateway that connects with an API hosted on an Amazon EC2 instance. API Gateway accepts and passes the item names to the EC2 instance for tax computations.
  B. Design a REST API using Amazon API Gateway that accepts the item names. API Gateway passes item names to AWS Lambda for tax computations.

• Question 943:

  A company manages a data lake in an Amazon S3 bucket that numerous applications access. The S3 bucket contains a unique prefix for each application. The company wants to restrict each application to its specific prefix and to have granular control of the objects under each prefix.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Create dedicated S3 access points and access point policies for each application.
  B. Create an S3 Batch Operations job to set the ACL permissions for each object in the S3 bucket.
  C. Replicate the objects in the S3 bucket to new S3 buckets for each application. Create replication rules by prefix.
  D. Replicate the objects in the S3 bucket to new S3 buckets for each application. Create dedicated S3 access points for each application.
  A. Create dedicated S3 access points and access point policies for each application.

• Question 944:

  A company is creating a new application that will store a large amount of data. The data will be analyzed hourly and will be modified by several Amazon EC2 Linux instances that are deployed across multiple Availability Zones. The needed amount of storage space will continue to grow for the next 6 months.

  Which storage solution should a solutions architect recommend to meet these requirements?

  A. Store the data in Amazon S3 Glacier. Update the S3 Glacier vault policy to allow access to the application instances.
  B. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume on the application instances.
  C. Store the data in an Amazon Elastic File System (Amazon EFS) file system. Mount the file system on the application instances.
  D. Store the data in an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume shared between the application instances.
  C. Store the data in an Amazon Elastic File System (Amazon EFS) file system. Mount the file system on the application instances.

• Question 945:

  A developer used the AWS SDK to create an application that aggregates and produces log records for 10 services. The application delivers data to an Amazon Kinesis Data Streams stream.

  Each record contains a log message with a service name, creation timestamp, and other log information.

  The stream has 15 shards in provisioned capacity mode. The stream uses service name as the partition key.

  The developer notices that when all the services are producing logs, ProvisionedThroughputExceededException errors occur during PutRecord requests. The stream metrics show that the write capacity the applications use is below the provisioned capacity.

  How should the developer resolve this issue?

  A. Change the capacity mode from provisioned to on-demand.
  B. Double the number of shards until the throttling errors stop occurring.
  C. Change the partition key from service name to creation timestamp.
  D. Use a separate Kinesis stream for each service to generate the logs.
  C. Change the partition key from service name to creation timestamp.

  ---

  Explanation

  Using " service name " as the partition key results in uneven data distribution. Some shards may become hot due to excessive logs from certain services, leading to throttling errors. Changing the partition key to " creation timestamp " ensures a more even distribution of records across shards.

  Incorrect Options Analysis:

  Option A: On-demand capacity mode eliminates throughput management but is more expensive and does not address the root cause.

  Option B: Adding more shards does not solve the issue if the partition key still creates hot shards.

  Option D: Using separate streams increases complexity and is unnecessary.

  References:

  Kinesis Data Streams Partition Key Best Practices

• Question 946:

  A company's marketing data is uploaded from multiple sources to an Amazon S3 bucket. A series of data preparation jobs aggregate the data for reporting. The data preparation jobs need to run at regular intervals in parallel. A few jobs need to run in a specific order later.

  The company wants to remove the operational overhead of job error handling, retry logic, and state management.

  Which solution will meet these requirements?

  A. Use an AWS Lambda function to process the data as soon as the data is uploaded to the S3 bucket. Invoke other Lambda functions at regularly scheduled intervals.
  B. Use Amazon Athena to process the data. Use Amazon EventBridge Scheduler to invoke Athena on a regular internal.
  C. Use AWS Glue DataBrew to process the data. Use an AWS Step Functions state machine to run the DataBrew data preparation jobs.
  D. Use AWS Data Pipeline to process the data. Schedule Data Pipeline to process the data once at midnight.
  C. Use AWS Glue DataBrew to process the data. Use an AWS Step Functions state machine to run the DataBrew data preparation jobs.

• Question 947:

  A company hosts a multi-tier web application that uses an Amazon Aurora MySQL DB cluster for storage.

  The application tier is hosted on Amazon EC2 instances. The company's IT security guidelines mandate that the database credentials be encrypted and rotated every 14 days.

  What should a solutions architect do to meet this requirement with the LEAST operational effort?

  A. Create a new AWS Key Management Service (AWS KMS) encryption key. Use AWS Secrets Manager to create a new secret that uses the KMS key with the appropriate credentials. Associate the secret with the Aurora DB cluster. Configure a custom rotation period of 14 days.
  B. Create two parameters in AWS Systems Manager Parameter Store: one for the user name as a string parameter and one that uses the SecureString type for the password. Select AWS Key Management Service (AWS KMS) encryption for the password parameter, and load these parameters in the application tier. Implement an AWS Lambda function that rotates the password every 14 days.
  C. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system in all EC2 instances of the application tier. Restrict the access to the file on the file system so that the application can read the file and that only super users can modify the file. Implement an AWS Lambda function that rotates the key in Aurora every 14 days and writes new credentials into the file.
  D. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon S3 bucket that the application uses to load the credentials. Download the file to the application regularly to ensure that the correct credentials are used. Implement an AWS Lambda function that rotates the Aurora credentials every 14 days and uploads these credentials to the file in the S3 bucket.
  A. Create a new AWS Key Management Service (AWS KMS) encryption key. Use AWS Secrets Manager to create a new secret that uses the KMS key with the appropriate credentials. Associate the secret with the Aurora DB cluster. Configure a custom rotation period of 14 days.

• Question 948:

  A company uses high block storage capacity to runs its workloads on premises. The company's daily peak input and output transactions per second are not more than 15,000 IOPS. The company wants to migrate the workloads to Amazon EC2 and to provision disk performance independent of storage capacity.

  Which Amazon Elastic Block Store (Amazon EBS) volume type will meet these requirements MOST cost-effectively?

  A. GP2 volume type
  B. io2 volume type
  C. GP3 volume type
  D. io1 volume type
  C. GP3 volume type

• Question 949:

  A company wants to configure its Amazon CloudFront distribution to use SSL/TLS certificates. The company does not want to use the default domain name for the distribution. Instead, the company wants to use a different domain name for the distribution.

  Which solution will deploy the certificate without incurring any additional costs?

  A. Request an Amazon issued private certificate from AWS Certificate Manager (ACM) in the us-east-1 Region.
  B. Request an Amazon issued private certificate from AWS Certificate Manager (ACM) in the us-west-1 Region.
  C. Request an Amazon issued public certificate from AWS Certificate Manager (ACM) in the us-east-1 Region.
  D. Request an Amazon issued public certificate from AWS Certificate Manager (ACM) in the us-west-1 Region.
  C. Request an Amazon issued public certificate from AWS Certificate Manager (ACM) in the us-east-1 Region.

• Question 950:

  A company has deployed a Java Spring Boot application as a pod that runs on Amazon Elastic Kubernetes Service (Amazon EKS) in private subnets. The application needs to write data to an Amazon DynamoDB table. A solutions architect must ensure that the application can interact with the DynamoDB table without exposing traffic to the internet.

  Which combination of steps should the solutions architect take to accomplish this goal? (Choose two.)

  A. Attach an IAM role that has sufficient privileges to the EKS pod.
  B. Attach an IAM user that has sufficient privileges to the EKS pod.
  C. Allow outbound connectivity to the DynamoDB table through the private subnets' network ACLs.
  D. Create a VPC endpoint for DynamoDB.
  E. Embed the access keys in the Java Spring Boot code.
  A. Attach an IAM role that has sufficient privileges to the EKS pod.
  D. Create a VPC endpoint for DynamoDB.