Amazon Amazon Certifications SAA-C03 Questions & Answers

• Question 981:

  A company's website uses an Amazon EC2 instance store for its catalog of items. The company wants to make sure that the catalog is highly available and that the catalog is stored in a durable location. What should a solutions architect do to meet these requirements?

  A. Move the catalog to Amazon ElastiCache for Redis.

  B. Deploy a larger EC2 instance with a larger instance store.

  C. Move the catalog from the instance store to Amazon S3 Glacier Deep Archive.

  D. Move the catalog to an Amazon Elastic File System (Amazon EFS) file system.

  Correct Answer: D

• Question 982:

  A company observes an increase in Amazon EC2 costs in its most recent bill The billing team notices unwanted vertical scaling of instance types for a couple of EC2 instances A solutions architect needs to create a graph comparing the last 2 months of EC2 costs and perform an in-depth analysis to identify the root cause of the vertical scaling

  How should the solutions architect generate the information with the LEAST operational overhead?

  A. Use AWS Budgets to create a budget report and compare EC2 costs based on instance types

  B. Use Cost Explorer's granular filtering feature to perform an in-depth analysis of EC2 costs based on instance types

  C. Use graphs from the AWS Billing and Cost Management dashboard to compare EC2 costs based on instance types for the last 2 months

  D. Use AWS Cost and Usage Reports to create a report and send it to an Amazon S3 bucket Use Amazon QuickSight with Amazon S3 as a source to generate an interactive graph based on instance types.

  Correct Answer: B

  AWS Cost Explorer is a tool that enables you to view and analyze your costs and usage. You can explore your usage and costs using the main graph, the Cost Explorer cost and usage reports, or the Cost Explorer RI reports. You can view data for up to the last 12 months, forecast how much you're likely to spend for the next 12 months, and get recommendations for what Reserved Instances to purchase. You can use Cost Explorer to identify areas that need further inquiry and see trends that you can use to understand your costs. https://docs.aws.amazon.com/cost-management/latest/userguide/ce-what-is.html

• Question 983:

  A company recently migrated to AWS and wants to implement a solution to protect the traffic that flows in and out of the production VPC. The company had an inspection server in its on-premises data center. The inspection server performed specific operations such as traffic flow inspection and traffic filtering. The company wants to have the same functionalities in the AWS Cloud.

  Which solution will meet these requirements?

  A. Use Amazon GuardDuty for traffic inspection and traffic filtering in the production VPC

  B. Use Traffic Mirroring to mirror traffic from the production VPC for traffic inspection and filtering.

  C. Use AWS Network Firewall to create the required rules for traffic inspection and traffic filtering for the production VPC.

  D. Use AWS Firewall Manager to create the required rules for traffic inspection and traffic filtering for the production VPC.

  Correct Answer: C

  AWS Network Firewall supports both inspection and filtering as required

• Question 984:

  A company's HTTP application is behind a Network Load Balancer (NLB). The NLB's target group is configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web service.

  The company notices that the NLB is not detecting HTTP errors for the application. These errors require a manual restart of the EC2 instances that run the web service. The company needs to improve the application's availability without

  writing custom scripts or code.

  What should a solutions architect do to meet these requirements?

  A. Enable HTTP health checks on the NLB. supplying the URL of the company's application.

  B. Add a cron job to the EC2 instances to check the local application's logs once each minute. If HTTP errors are detected, the application will restart.

  C. Replace the NLB with an Application Load Balancer. Enable HTTP health checks by supplying the URL of the company's application. Configure an Auto Scaling action to replace unhealthy instances.

  D. Create an Amazon Cloud Watch alarm that monitors the UnhealthyHostCount metric for the NLB. Configure an Auto Scaling action to replace unhealthy instances when the alarm is in the ALARM state.

  Correct Answer: C

• Question 985:

  A company is developing an application that provides order shipping statistics for retrieval by a REST API. The company wants to extract the shipping statistics, organize the data into an easy-to-read HTML format, and send the report to several email addresses at the same time every morning.

  Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

  A. Configure the application to send the data to Amazon Kinesis Data Firehose.

  B. Use Amazon Simple Email Service (Amazon SES) to format the data and to send the report by email.

  C. Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that invokes an AWS Glue job to query the application's API for the data.

  D. Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that invokes an AWS Lambda function to query the application's API for the data.

  E. Store the application data in Amazon S3. Create an Amazon Simple Notification Service (Amazon SNS) topic as an S3 event destination to send the report by

  Correct Answer: BD

  You can use SES to format the report in HTML. https://docs.aws.amazon.com/ses/latest/dg/send-email-formatted.html

• Question 986:

  A company is deploying a new public web application to AWS. The application will run behind an Application Load Balancer (ALB). The application needs to be encrypted at the edge with an SSL/TLS certificate that is issued by an external certificate authority (CA). The certificate must be rotated each year before the certificate expires.

  What should a solutions architect do to meet these requirements?

  A. Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.

  B. Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Import the key material from the certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.

  C. Use AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root CA. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.

  D. Use AWS Certificate Manager (ACM) to import an SSL/TLS certificate. Apply the certificate to the ALB. Use Amazon EventBridge (Amazon CloudWatch Events) to send a notification when the certificate is nearing expiration. Rotate the certificate manually.

  Correct Answer: D

  It's a third-party certificate, hence AWS cannot manage renewal automatically. The closest thing you can do is to send a notification to renew the 3rd party certificate.

• Question 987:

  A company wants to migrate its on-premises application to AWS. The application produces output files that vary in size from tens of gigabytes to hundreds of terabytes The application data must be stored in a standard file system structure The company wants a solution that scales automatically, is highly available, and requires minimum operational overhead.

  Which solution will meet these requirements?

  A. Migrate the application to run as containers on Amazon Elastic Container Service (Amazon ECS) Use Amazon S3 for storage

  B. Migrate the application to run as containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use Amazon Elastic Block Store (Amazon EBS) for storage

  C. Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling group. Use Amazon Elastic File System (Amazon EFS) for storage.

  D. Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling group. Use Amazon Elastic Block Store (Amazon EBS) for storage.

  Correct Answer: C

  EFS is a standard file system, it scales automatically and is highly available.

• Question 988:

  A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.

  B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.

  C. Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.

  D. Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.

  Correct Answer: B

  https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html

• Question 989:

  A company hosts an application on AWS Lambda functions mat are invoked by an Amazon API Gateway API The Lambda functions save customer data to an Amazon Aurora MySQL database Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete The result is that customer data Is not recorded for some of the event

  A solutions architect needs to design a solution that stores customer data that is created during database upgrades

  Which solution will meet these requirements?

  A. Provision an Amazon RDS proxy to sit between the Lambda functions and the database Configure the Lambda functions to connect to the RDS proxy

  B. Increase the run time of me Lambda functions to the maximum Create a retry mechanism in the code that stores the customer data in the database

  C. Persist the customer data to Lambda local storage. Configure new Lambda functions to scan the local storage to save the customer data to the database.

  D. Store the customer data m an Amazon Simple Queue Service (Amazon SOS) FIFO queue Create a new Lambda function that polls the queue and stores the customer data in the database

  Correct Answer: D

  https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.html

• Question 990:

  An Amazon EC2 administrator created the following policy associated with an IAM group containing several users What is the effect of this policy?

  

  A. Users can terminate an EC2 instance in any AWS Region except us-east-1.

  B. Users can terminate an EC2 instance with the IP address 10 100 100 1 in the us-east-1 Region

  C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.

  D. Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100 100 254

  Correct Answer: C

  as the policy prevents anyone from doing any EC2 action on any region except us-east-1 and allows only users with source ip 10.100.100.0/24 to terminate instances. So user with source ip 10.100.100.254 can terminate instances in us-east1 region.