ExamGecko
Login
Home / Amazon / SAA-C03 / List of questions
Ask Question

Amazon SAA-C03 Practice Test - Questions Answers, Page 55

List of questions

Question 541

Report
Export
Collapse

A company runs a three-tier application in two AWS Regions. The web tier, the application tier, and the database tier run on Amazon EC2 instances. The company uses Amazon RDS for Microsoft SQL Server Enterprise for the database tier The database tier is experiencing high load when weekly and monthly reports are run. The company wants to reduce the load on the database tier.

Which solution will meet these requirements with the LEAST administrative effort?

Create read replicas. Configure the reports to use the new read replicas.
Create read replicas. Configure the reports to use the new read replicas.
Convert the RDS database to Amazon DynamoDB_ Configure the reports to use DynamoDB
Convert the RDS database to Amazon DynamoDB_ Configure the reports to use DynamoDB
Modify the existing RDS DB instances by selecting a larger instance size.
Modify the existing RDS DB instances by selecting a larger instance size.
Modify the existing ROS DB instances and put the instances into an Auto Scaling group.
Modify the existing ROS DB instances and put the instances into an Auto Scaling group.
Suggested answer: A

Explanation:

it allows the company to create read replicas of its RDS database and reduce the load on the database tier. By creating read replicas, the company can offload read traffic from the primary database instance to one or more replicas. By configuring the reports to use the new read replicas, the company can improve performance and availability of its database tier. Reference:

Working with Read Replicas

Read Replicas for Amazon RDS for SQL Server

asked 16/09/2024
Miguel Triebel
36 questions

Question 542

Report
Export
Collapse

A company runs a website that stores images of historical events. Website users need the ability to search and view images based on the year that the event in the image occurred. On average, users request each image only once or twice a year The company wants a highly available solution to store and deliver the images to users.

Which solution will meet these requirements MOST cost-effectively?

Store images in Amazon Elastic Block Store (Amazon EBS). Use a web server that runs on Amazon EC2.
Store images in Amazon Elastic Block Store (Amazon EBS). Use a web server that runs on Amazon EC2.
Store images in Amazon Elastic File System (Amazon EFS). Use a web server that runs on Amazon EC2.
Store images in Amazon Elastic File System (Amazon EFS). Use a web server that runs on Amazon EC2.
Store images in Amazon S3 Standard. use S3 Standard to directly deliver images by using a static website.
Store images in Amazon S3 Standard. use S3 Standard to directly deliver images by using a static website.
Store images in Amazon S3 Standard-InfrequentAccess (S3 Standard-IA). use S3 Standard-IA to directly deliver images by using a static website.
Store images in Amazon S3 Standard-InfrequentAccess (S3 Standard-IA). use S3 Standard-IA to directly deliver images by using a static website.
Suggested answer: C

Explanation:

it allows the company to store and deliver images to users in a highly available and cost-effective way. By storing images in Amazon S3 Standard, the company can use a durable, scalable, and secure object storage service that offers high availability and performance. By using S3 Standard to directly deliver images by using a static website, the company can avoid running web servers and reduce operational overhead. S3 Standard also offers low storage pricing and free data transfer within AWS Regions. Reference:

Amazon S3 Storage Classes

Hosting a Static Website on Amazon S3


asked 16/09/2024
Raed Alshehri
50 questions

Question 543

Report
Export
Collapse

A solutions architect needs to review a company's Amazon S3 buckets to discover personally identifiable information (Pll). The company stores the Pll data in the us-east-I Region and us-west-2 Region.

Which solution will meet these requirements with the LEAST operational overhead?

Configure Amazon Macie in each Region. Create a job to analyze the data that is in Amazon S3_
Configure Amazon Macie in each Region. Create a job to analyze the data that is in Amazon S3_
Configure AWS Security Hub for all Regions. Create an AWS Config rule to analyze the data that is in Amazon S3_
Configure AWS Security Hub for all Regions. Create an AWS Config rule to analyze the data that is in Amazon S3_
Configure Amazon Inspector to analyze the data that IS in Amazon S3.
Configure Amazon Inspector to analyze the data that IS in Amazon S3.
Configure Amazon GuardDuty to analyze the data that is in Amazon S3.
Configure Amazon GuardDuty to analyze the data that is in Amazon S3.
Suggested answer: A

Explanation:

it allows the solutions architect to review the S3 buckets to discover personally identifiable information (Pll) with the least operational overhead. Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect sensitive data in AWS. Amazon Macie can analyze data in S3 buckets across multiple regions and provide insights into the type, location, and level of sensitivity of the data. Reference:

Amazon Macie

Analyzing data with Amazon Macie

asked 16/09/2024
Cesar Paredes
33 questions

Question 544

Report
Export
Collapse

A company is building an ecommerce application and needs to store sensitive customer information.

The company needs to give customers the ability to complete purchase transactions on the website.

The company also needs to ensure that sensitive customer data is protected, even from database administrators.

Which solution meets these requirements?

Store sensitive data in an Amazon Elastic Block Store (Amazon EBS) volume. Use EBS encryption to encrypt the data. Use an IAM instance role to restrict access.
Store sensitive data in an Amazon Elastic Block Store (Amazon EBS) volume. Use EBS encryption to encrypt the data. Use an IAM instance role to restrict access.
Store sensitive data in Amazon RDS for MySQL. Use AWS Key Management Service (AWS KMS) client-side encryption to encrypt the data.
Store sensitive data in Amazon RDS for MySQL. Use AWS Key Management Service (AWS KMS) client-side encryption to encrypt the data.
Store sensitive data in Amazon S3. Use AWS Key Management Service (AWS KMS) server-side encryption to encrypt the data. Use S3 bucket policies to restrict access.
Store sensitive data in Amazon S3. Use AWS Key Management Service (AWS KMS) server-side encryption to encrypt the data. Use S3 bucket policies to restrict access.
Store sensitive data in Amazon FSx for Windows Server. Mount the file share on application servers. Use Windows file permissions to restrict access.
Store sensitive data in Amazon FSx for Windows Server. Mount the file share on application servers. Use Windows file permissions to restrict access.
Suggested answer: B

Explanation:

it allows the company to store sensitive customer information in a managed AWS service and give customers the ability to complete purchase transactions on the website. By using AWS Key Management Service (AWS KMS) client-side encryption, the company can encrypt the data before sending it to Amazon RDS for MySQL. This ensures that sensitive customer data is protected, even from database administrators, as only the application has access to the encryption keys. Reference:

Using Encryption with Amazon RDS for MySQL

Encrypting Amazon RDS Resources

asked 16/09/2024
KHALID ALSHAHRANI
46 questions

Question 545

Report
Export
Collapse

A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not travel across the internet.

Which combination of steps should the solutions architect take to meet this requirement? (Choose two.)

Create a route table entry for the endpoint.
Create a route table entry for the endpoint.
Create a gateway endpoint for DynamoDB.
Create a gateway endpoint for DynamoDB.
Create an interface endpoint for Amazon EC2.
Create an interface endpoint for Amazon EC2.
Create an elastic network interface for the endpoint in each of the subnets of the VPC.
Create an elastic network interface for the endpoint in each of the subnets of the VPC.
Create a security group entry in the endpoint's security group to provide access.
Create a security group entry in the endpoint's security group to provide access.
Suggested answer: B, E

Explanation:

B and E are the correct answers because they allow the solutions architect to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not travel across the internet. By creating a gateway endpoint for DynamoDB, the solutions architect can enable private connectivity between the VPC and DynamoDB. By creating a security group entry in the endpoint's security group to provide access, the solutions architect can control which EC2 instances can communicate with DynamoDB through the endpoint. Reference:

Gateway Endpoints Controlling Access to Services with VPC Endpoints

asked 16/09/2024
D Chauhan
38 questions

Question 546

Report
Export
Collapse

A company has a service that reads and writes large amounts of data from an Amazon S3 bucket in the same AWS Region. The service is deployed on Amazon EC2 instances within the private subnet of a VPC. The service communicates with Amazon S3 over a NAT gateway in the public subnet.

However, the company wants a solution that will reduce the data output costs.

Which solution will meet these requirements MOST cost-effectively?

Provision a dedicated EC2 NAT instance in the public subnet. Configure the route table for the private subnet to use the elastic network interface of this instance as the destination for all S3 traffic.
Provision a dedicated EC2 NAT instance in the public subnet. Configure the route table for the private subnet to use the elastic network interface of this instance as the destination for all S3 traffic.
Provision a dedicated EC2 NAT instance in the private subnet. Configure the route table for the public subnet to use the elastic network interface of this instance as the destination for all S3 traffic.
Provision a dedicated EC2 NAT instance in the private subnet. Configure the route table for the public subnet to use the elastic network interface of this instance as the destination for all S3 traffic.
Provision a VPC gateway endpoint. Configure the route table for the private subnet to use the gateway endpoint as the route for all S3 traffic.
Provision a VPC gateway endpoint. Configure the route table for the private subnet to use the gateway endpoint as the route for all S3 traffic.
Provision a second NAT gateway. Configure the route table for the private subnet to use this NAT gateway as the destination for all S3 traffic.
Provision a second NAT gateway. Configure the route table for the private subnet to use this NAT gateway as the destination for all S3 traffic.
Suggested answer: C

Explanation:

it allows the company to reduce the data output costs for accessing Amazon S3 from Amazon EC2 instances in a VPC. By provisioning a VPC gateway endpoint, the company can enable private connectivity between the VPC and S3. By configuring the route table for the private subnet to use the gateway endpoint as the route for all S3 traffic, the company can avoid using a NAT gateway, which charges for data processing and data transfer. Reference:

VPC Endpoints for Amazon S3

VPC Endpoints Pricing

asked 16/09/2024
Ackim Sanuka
28 questions

Question 547

Report
Export
Collapse

A company runs multiple Amazon EC2 Linux instances in a VPC across two Availability Zones. The instances host applications that use a hierarchical directory structure. The applications need to read and write rapidly and concurrently to shared storage.

What should a solutions architect do to meet these requirements?

Create an Amazon S3 bucket. Allow access from all the EC2 instances in the VPC.
Create an Amazon S3 bucket. Allow access from all the EC2 instances in the VPC.
Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system from each EC2 instance.
Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system from each EC2 instance.
Create a file system on a Provisioned IOPS SSD (102) Amazon Elastic Block Store (Amazon EBS) volume. Attach the EBS volume to all the EC2 instances.
Create a file system on a Provisioned IOPS SSD (102) Amazon Elastic Block Store (Amazon EBS) volume. Attach the EBS volume to all the EC2 instances.
Create file systems on Amazon Elastic Block Store (Amazon EBS) volumes that are attached to each EC2 instance. Synchromze the EBS volumes across the different EC2 instances.
Create file systems on Amazon Elastic Block Store (Amazon EBS) volumes that are attached to each EC2 instance. Synchromze the EBS volumes across the different EC2 instances.
Suggested answer: B

Explanation:

it allows the EC2 instances to read and write rapidly and concurrently to shared storage across two

Availability Zones. Amazon EFS provides a scalable, elastic, and highly available file system that can be mounted from multiple EC2 instances. Amazon EFS supports high levels of throughput and IOPS, and consistent low latencies. Amazon EFS also supports NFSv4 lock upgrading and downgrading, which enables high levels of concurrency. Reference:

Amazon EFS Features

Using Amazon EFS with Amazon EC2

asked 16/09/2024
Dennis Bruyn
39 questions

Question 548

Report
Export
Collapse

A company is using AWS Key Management Service (AWS KMS) keys to encrypt AWS Lambda environment variables. A solutions architect needs to ensure that the required permissions are in place to decrypt and use the environment variables.

Which steps must the solutions architect take to implement the correct permissions? (Choose two.)

Add AWS KMS permissions in the Lambda resource policy.
Add AWS KMS permissions in the Lambda resource policy.
Add AWS KMS permissions in the Lambda execution role.
Add AWS KMS permissions in the Lambda execution role.
Add AWS KMS permissions in the Lambda function policy.
Add AWS KMS permissions in the Lambda function policy.
Allow the Lambda execution role in the AWS KMS key policy.
Allow the Lambda execution role in the AWS KMS key policy.
Allow the Lambda resource policy in the AWS KMS key policy.
Allow the Lambda resource policy in the AWS KMS key policy.
Suggested answer: B, D

Explanation:

B and D are the correct answers because they ensure that the Lambda execution role has the permissions to decrypt and use the environment variables, and that the AWS KMS key policy allows the Lambda execution role to use the key. The Lambda execution role is an IAM role that grants the Lambda function permission to access AWS resources, such as AWS KMS. The AWS KMS key policy is a resource-based policy that controls access to the key. By adding AWS KMS permissions in the Lambda execution role and allowing the Lambda execution role in the AWS KMS key policy, the solutions architect can implement the correct permissions for encrypting and decrypting environment variables. Reference:

AWS Lambda Execution Role

Using AWS KMS keys in AWS Lambda

asked 16/09/2024
gokulakrishna S B
37 questions

Question 549

Report
Export
Collapse

A company wants to use an AWS CloudFormatlon stack for its application in a test environment. The company stores the CloudFormation template in an Amazon S3 bucket that blocks public access. The company wants to grant CloudFormation access to the template in the S3 bucket based on specific user requests to create the test environment The solution must follow security best practices.

Which solution will meet these requirements?

Create a gateway VPC endpoint for Amazon S3. Configure the CloudFormation stack to use the S3 object URL
Create a gateway VPC endpoint for Amazon S3. Configure the CloudFormation stack to use the S3 object URL
Create an Amazon API Gateway REST API that has the S3 bucket as the target. Configure the CloudFormat10n stack to use the API Gateway URL _
Create an Amazon API Gateway REST API that has the S3 bucket as the target. Configure the CloudFormat10n stack to use the API Gateway URL _
Create a presigned URL for the template object_ Configure the CloudFormation stack to use the presigned URL.
Create a presigned URL for the template object_ Configure the CloudFormation stack to use the presigned URL.
Allow public access to the template object in the S3 bucket. Block the public access after the test environment is created
Allow public access to the template object in the S3 bucket. Block the public access after the test environment is created
Suggested answer: C

Explanation:

it allows CloudFormation to access the template in the S3 bucket without granting public access or creating additional resources. A presigned URL is a URL that is signed with the access key of an IAM user or role that has permission to access the object. The presigned URL can be used by anyone who receives it, but it expires after a specified time. By creating a presigned URL for the template object and configuring the CloudFormation stack to use it, the company can grant CloudFormation access to the template based on specific user requests and follow security best practices. Reference:

Using Amazon S3 Presigned URLs

Using Amazon S3 Buckets

asked 16/09/2024
Arpita Pattnayak
50 questions

Question 550

Report
Export
Collapse

A company runs an application on AWS. The application receives inconsistent amounts of usage. The application uses AWS Direct Connect to connect to an on-premises MySQL-compatible database. The on-premises database consistently uses a minimum of 2 GiB of memory.

The company wants to migrate the on-premises database to a managed AWS service. The company wants to use auto scaling capabilities to manage unexpected workload increases.

Which solution will meet these requirements with the LEAST administrative overhead?

Provision an Amazon DynamoDB database with default read and write capacity settings.
Provision an Amazon DynamoDB database with default read and write capacity settings.
Provision an Amazon Aurora database with a minimum capacity of 1 Aurora capacity unit (ACU).
Provision an Amazon Aurora database with a minimum capacity of 1 Aurora capacity unit (ACU).
Provision an Amazon Aurora Serverless v2 database with a minimum capacity of 1 Aurora capacity unit (ACU).
Provision an Amazon Aurora Serverless v2 database with a minimum capacity of 1 Aurora capacity unit (ACU).
Provision an Amazon RDS for MySQL database with 2 GiB of memory.
Provision an Amazon RDS for MySQL database with 2 GiB of memory.
Suggested answer: C

Explanation:

it allows the company to migrate the on-premises database to a managed AWS service that supports auto scaling capabilities and has the least administrative overhead. Amazon Aurora Serverless v2 is a configuration of Amazon Aurora that automatically scales compute capacity based on workload demand. It can scale from hundreds to hundreds of thousands of transactions in a fraction of a second. Amazon Aurora Serverless v2 also supports MySQL-compatible databases and AWS Direct Connect connectivity. Reference:

Amazon Aurora Serverless v2 Connecting to an Amazon Aurora DB Cluster

asked 16/09/2024
Ferran Ortega Torrabadell
36 questions
Total 1.002 questions
Go to page: of 101
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company hosts a web application on multiple Amazon EC2 instances The EC2 instances are in an Auto Scaling group that scales in response to user demand The company wants to optimize cost savings without making a long-term commitment Which EC2 instance purchasing option should a solutions architect recommend to meet these requirements'?
A solutions architect is developing a multiple-subnet VPC architecture. The solution will consist of six subnets in two Availability Zones. The subnets are defined as public, private and dedicated for databases. Only the Amazon EC2 instances running in the private subnets should be able to access a database. Which solution meets these requirements?
A company stores data in an on-premises Oracle relational database. The company needs to make the data available in Amazon Aurora PostgreSQL for analysis The company uses an AWS Site-to-Site VPN connection to connect its on-premises network to AWS. The company must capture the changes that occur to the source database during the migration to Aurora PostgreSQL. Which solution will meet these requirements?
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs to share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses a customer managed customer master key (CMK) to encrypt EBS volume snapshots. What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?
A company is implementing a new application on AWS. The company will run the application on multiple Amazon EC2 instances across multiple Availability Zones within multiple AWS Regions. The application will be available through the internet. Users will access the application from around the world. The company wants to ensure that each user who accesses the application is sent to the EC2 instances that are closest to the user's location. Which solution will meet these requirements?
A development team uses multiple AWS accounts for its development, staging, and production environments. Team members have been launching large Amazon EC2 instances that are underutilized. A solutions architect must prevent large instances from being launched in all accounts. How can the solutions architect meet this requirement with the LEAST operational overhead?
A company stores customer data in a multitenant Amazon S3 bucket. Each customer's data is stored in a prefix that is unique to the customer. The company needs to migrate data for specific customers to a new. dedicated S3 bucket that is in the same AWS Region as the source bucket. The company must preserve object metadata such as creation date and version IDs. After the migration is finished, the company must delete the source data for the migrated customers from the original multitenant S3 bucket. Which combination of solutions will meet these requirements with the LEAST overhead? (Select THREE.)
A company hosts its multi-tier, public web application in the AWS Cloud. The web application runs on Amazon EC2 instances, and its database runs on Amazon RDS. The company is anticipating a large increase in sales during an upcoming holiday weekend. A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes. What should the solutions architect do to meet this requirement?
A company uses high concurrency AWS Lambda functions to process a constantly increasing number of messages in a message queue during marketing events. The Lambda functions use CPU intensive code to process the messages. The company wants to reduce the compute costs and to maintain service latency for its customers. Which solution will meet these requirements?
A solutions architect needs to connect a company's corporate network to its VPC to allow on-premises access to its AWS resources. The solution must provide encryption of all traffic between the corporate network and the VPC at the network layer and the session layer. The solution also must provide security controls to prevent unrestricted access between AWS and the on-premises systems. Which solution meets these requirements?