ExamGecko
Home / Amazon / SAA-C03 / List of questions
Ask Question

Amazon SAA-C03 Practice Test - Questions Answers, Page 11

List of questions

Question 101

Report
Export
Collapse

A solutions architect is designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability. An internet gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon EC2 instances to download software updates. What should the solutions architect do to enable Internet access for the private subnets?

Create three NAT gateways, one for each public subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT gateway in its AZ.
Create three NAT gateways, one for each public subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT gateway in its AZ.
Create three NAT instances, one for each private subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ.
Create three NAT instances, one for each private subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ.
Create a second internet gateway on one of the private subnets. Update the route table for the private subnets that forward non-VPC traffic to the private internet gateway.
Create a second internet gateway on one of the private subnets. Update the route table for the private subnets that forward non-VPC traffic to the private internet gateway.
Create an egress-only internet gateway on one of the public subnets. Update the route table for the private subnets that forward non-VPC traffic to the egress- only internet gateway.
Create an egress-only internet gateway on one of the public subnets. Update the route table for the private subnets that forward non-VPC traffic to the egress- only internet gateway.
Suggested answer: A

Explanation:

https://aws.amazon.com/about-aws/whats-new/2018/03/introducing-amazon-vpc-nat-gateway-inthe- aws-govcloud-usregion/#:~: text=NAT%20Gateway%20is%20a%20highly,instances%20in%20a%20private%20subnet. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html

asked 16/09/2024
WONG CHUN KIT WONG CHUN KIT
28 questions

Question 102

Report
Export
Collapse

A company wants to migrate an on-premises data center to AWS. The data canter hosts an SFTP server that stores its data on an NFS-based file system. The server holds 200 GB of data that needs to be transferred. The server must be hosted on an Amazon EC2 instance that uses an Amazon Elastic File System (Amazon EFS) file system When combination of steps should a solutions architect take to automate this task? (Select TWO )

Launch the EC2 instance into the same Avalability Zone as the EFS fie system
Launch the EC2 instance into the same Avalability Zone as the EFS fie system
install an AWS DataSync agent m the on-premises data center
install an AWS DataSync agent m the on-premises data center
Create a secondary Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instance tor the data
Create a secondary Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instance tor the data
Manually use an operating system copy command to push the data to the EC2 instance
Manually use an operating system copy command to push the data to the EC2 instance
Use AWS DataSync to create a suitable location configuration for the onprermises SFTP server
Use AWS DataSync to create a suitable location configuration for the onprermises SFTP server
Suggested answer: B, E

Explanation:

AWS DataSync is an online data movement and discovery service that simplifies data migration and helps users quickly, easily, and securely move their file or object data to, from, and between AWS


asked 16/09/2024
Yusuf Sivrikaya
39 questions

Question 103

Report
Export
Collapse

A company has an AWS Glue extract. transform, and load (ETL) job that runs every day at the same time. The job processes XML data that is in an Amazon S3 bucket. New data is added to the S3 bucket every day. A solutions architect notices that AWS Glue is processing all the data during each run. What should the solutions architect do to prevent AWS Glue from reprocessing old data?

Edit the job to use job bookmarks.
Edit the job to use job bookmarks.
Edit the job to delete data after the data is processed
Edit the job to delete data after the data is processed
Edit the job by setting the NumberOfWorkers field to 1.
Edit the job by setting the NumberOfWorkers field to 1.
Use a FindMatches machine learning (ML) transform.
Use a FindMatches machine learning (ML) transform.
Suggested answer: A

Explanation:


asked 16/09/2024
EDUARDO LEE
38 questions

Question 104

Report
Export
Collapse

A solutions architect must design a highly available infrastructure for a website. The website is powered by Windows web servers that run on Amazon EC2 instances. The solutions architect must implement a solution that can mitigate a large-scale DDoS attack that originates from thousands of IP addresses. Downtime is not acceptable for the website. Which actions should the solutions architect take to protect the website from such an attack? (Select TWO.)

Use AWS Shield Advanced to stop the DDoS attack.
Use AWS Shield Advanced to stop the DDoS attack.
Configure Amazon GuardDuty to automatically block the attackers.
Configure Amazon GuardDuty to automatically block the attackers.
Configure the website to use Amazon CloudFront for both static and dynamic content.
Configure the website to use Amazon CloudFront for both static and dynamic content.
Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.
Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.
Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization
Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization
Suggested answer: A, C

Explanation:

https://aws.amazon.com/cloudfron

asked 16/09/2024
lakshmi govindu
43 questions

Question 105

Report
Export
Collapse

A company is preparing to deploy a new serverless workload. A solutions architect must use the principle of least privilege to configure permissions that will be used to run an AWS Lambda function. An Amazon EventBridge (Amazon CloudWatch Events) rule will invoke the function.

Which solution meets these requirements?

Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal.
Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal.
Add an execution role to the function with lambda:InvokeFunction as the action and Service:amazonaws.com as the principal.
Add an execution role to the function with lambda:InvokeFunction as the action and Service:amazonaws.com as the principal.
Add a resource-based policy to the function with lambda:'* as the action and Service:events.amazonaws.com as the principal.
Add a resource-based policy to the function with lambda:'* as the action and Service:events.amazonaws.com as the principal.
Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service:events.amazonaws.com as the principal.
Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service:events.amazonaws.com as the principal.
Suggested answer: D

Explanation:

https://docs.aws.amazon.com/eventbridge/latest/userguide/resource-based-policieseventbridge. html#lambda-permissions

asked 16/09/2024
Dylan Brons
35 questions

Question 106

Report
Export
Collapse

A company is preparing to store confidential data in Amazon S3 For compliance reasons the data must be encrypted at rest Encryption key usage must be logged tor auditing purposes. Keys must be rotated every year. Which solution meets these requirements and «the MOST operationally efferent?

Server-side encryption with customer-provided keys (SSE-C)
Server-side encryption with customer-provided keys (SSE-C)
Server-side encryption with Amazon S3 managed keys (SSE-S3)
Server-side encryption with Amazon S3 managed keys (SSE-S3)
Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation
Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation
Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automate rotation
Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automate rotation
Suggested answer: D

Explanation:

https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html When you enable automatic key rotation for a customer managed key, AWS KMS generates new cryptographic material for the KMS key every year. AWS KMS also saves the KMS key's older cryptographic material in perpetuity so it can be used to decrypt data that the KMS key encrypted. Key rotation in AWS KMS is a cryptographic best practice that is designed to be transparent and easy to use. AWS KMS supports optional automatic key rotation only for customer managed CMKs. Enable and disable key rotation. Automatic key rotation is disabled by default on customer managed CMKs.

When you enable (or re-enable) key rotation, AWS KMS automatically rotates the CMK 365 days after the enable date and every 365 days thereafter.

asked 16/09/2024
Jack de Cort
42 questions

Question 107

Report
Export
Collapse

A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours The company wants to use these data points in its existing analytics platform A solutions architect must determine the most viable multi-tier option to support this architecture The data points must be accessible from the REST API. Which action meets these requirements for storing and retrieving location data?

Use Amazon Athena with Amazon S3
Use Amazon Athena with Amazon S3
Use Amazon API Gateway with AWS Lambda
Use Amazon API Gateway with AWS Lambda
Use Amazon QuickSight with Amazon Redshift.
Use Amazon QuickSight with Amazon Redshift.
Use Amazon API Gateway with Amazon Kinesis Data Analytics
Use Amazon API Gateway with Amazon Kinesis Data Analytics
Suggested answer: B

Explanation:


asked 16/09/2024
megat ilham
35 questions

Question 108

Report
Export
Collapse

A company has an automobile sales website that stores its listings in a database on Amazon RDS When an automobile is sold the listing needs to be removed from the website and the data must be sent to multiple target systems. Which design should a solutions architect recommend?

Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS> queue for the targets to consume
Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS> queue for the targets to consume
Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume
Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume
Subscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics Use AWS Lambda functions to update the targets
Subscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics Use AWS Lambda functions to update the targets
Subscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues Use AWS Lambda functions to update the targets
Subscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues Use AWS Lambda functions to update the targets
Suggested answer: D

Explanation:

https://docs.aws.amazon.com/lambda/latest/dg/services-rds.html

https://docs.aws.amazon.com/lambda/latest/dg/with-sns.html

asked 16/09/2024
Roberto Garavaglia
45 questions

Question 109

Report
Export
Collapse

A company needs to store data in Amazon S3 and must prevent the data from being changed. The company wants new objects that are uploaded to Amazon S3 to remain unchangeable for a nonspecific amount of time until the company decides to modify the objects. Only specific users in the company’s AWS account can have the ability to delete the objects. What should a solutions architect do to meet these requirements?

Create an S3 Glacier vault Apply a write-once, read-many (WORM) vault lock policy to the objects
Create an S3 Glacier vault Apply a write-once, read-many (WORM) vault lock policy to the objects
Create an S3 bucket with S3 Object Lock enabled Enable versioning Set a retention period of 100 years Use governance mode as the S3 bucket's default retention mode for new objects
Create an S3 bucket with S3 Object Lock enabled Enable versioning Set a retention period of 100 years Use governance mode as the S3 bucket's default retention mode for new objects
Create an S3 bucket Use AWS CloudTrail to (rack any S3 API events that modify the objects Upon notification, restore the modified objects from any backup versions that the company has
Create an S3 bucket Use AWS CloudTrail to (rack any S3 API events that modify the objects Upon notification, restore the modified objects from any backup versions that the company has
Create an S3 bucket with S3 Object Lock enabled Enable versioning Add a legal hold to the objects Add the s3 PutObjectLegalHold permission to the IAM policies of users who need to delete the objects
Create an S3 bucket with S3 Object Lock enabled Enable versioning Add a legal hold to the objects Add the s3 PutObjectLegalHold permission to the IAM policies of users who need to delete the objects
Suggested answer: D

Explanation:

"The Object Lock legal hold operation enables you to place a legal hold on an object version. Like setting a retention period, a legal hold prevents an object version from being overwritten or deleted.However, a legal hold doesn't have an associated retention period and remains in effect untilremoved." https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-legal-hold.html

asked 16/09/2024
Andrey Markov
33 questions

Question 110

Report
Export
Collapse

A social media company allows users to upload images to its website. The website runs on Amazon EC2 instances. During upload requests, the website resizes the images to a standard size and stores the resized images in Amazon S3. Users are experiencing slow upload requests to the website.

The company needs to reduce coupling within the application and improve website performance. A solutions architect must design the most operationally efficient process for image uploads. Which combination of actions should the solutions architect take to meet these requirements?

(Choose two.)

Configure the application to upload images to S3 Glacier.
Configure the application to upload images to S3 Glacier.
Configure the web server to upload the original images to Amazon S3.
Configure the web server to upload the original images to Amazon S3.
Configure the application to upload images directly from each user's browser to Amazon S3 through the use of a presigned URL.
Configure the application to upload images directly from each user's browser to Amazon S3 through the use of a presigned URL.
Configure S3 Event Notifications to invoke an AWS Lambda function when an image is uploaded.Use the function to resize the image
Configure S3 Event Notifications to invoke an AWS Lambda function when an image is uploaded.Use the function to resize the image
Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function on a schedule to resize uploaded images.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function on a schedule to resize uploaded images.
Suggested answer: C, D

Explanation:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/PresignedUrlUploadObject.html

asked 16/09/2024
Nagarajapandian T
27 questions
Total 1.002 questions
Go to page: of 101
Search

Related questions