ExamGecko
Search Search Login
Home Home / Amazon / SAA-C03

Amazon SAA-C03 Practice Test - Questions Answers, Page 19

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A solutions architect is developing a multiple-subnet VPC architecture. The solution will consist of six subnets in two Availability Zones. The subnets are defined as public, private and dedicated for databases. Only the Amazon EC2 instances running in the private subnets should be able to access a database. Which solution meets these requirements?
A company creates operations data and stores the data in an Amazon S3 bucket for the company's annual audit, an external consultant needs to access an annual report that is stored in the S3 bucket. The external consultant needs to access the report for 7 days. The company must implement a solution to allow the external consultant access to only the report. Which solution will meet these requirements with the MOST operational efficiency?
A company stores data in an on-premises Oracle relational database. The company needs to make the data available in Amazon Aurora PostgreSQL for analysis The company uses an AWS Site-to-Site VPN connection to connect its on-premises network to AWS. The company must capture the changes that occur to the source database during the migration to Aurora PostgreSQL. Which solution will meet these requirements?
A development team uses multiple AWS accounts for its development, staging, and production environments. Team members have been launching large Amazon EC2 instances that are underutilized. A solutions architect must prevent large instances from being launched in all accounts. How can the solutions architect meet this requirement with the LEAST operational overhead?
A company hosts its multi-tier, public web application in the AWS Cloud. The web application runs on Amazon EC2 instances, and its database runs on Amazon RDS. The company is anticipating a large increase in sales during an upcoming holiday weekend. A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes. What should the solutions architect do to meet this requirement?
A company is implementing a new application on AWS. The company will run the application on multiple Amazon EC2 instances across multiple Availability Zones within multiple AWS Regions. The application will be available through the internet. Users will access the application from around the world. The company wants to ensure that each user who accesses the application is sent to the EC2 instances that are closest to the user's location. Which solution will meet these requirements?
A company stores customer data in a multitenant Amazon S3 bucket. Each customer's data is stored in a prefix that is unique to the customer. The company needs to migrate data for specific customers to a new. dedicated S3 bucket that is in the same AWS Region as the source bucket. The company must preserve object metadata such as creation date and version IDs. After the migration is finished, the company must delete the source data for the migrated customers from the original multitenant S3 bucket. Which combination of solutions will meet these requirements with the LEAST overhead? (Select THREE.)
A company hosts a web application on multiple Amazon EC2 instances The EC2 instances are in an Auto Scaling group that scales in response to user demand The company wants to optimize cost savings without making a long-term commitment Which EC2 instance purchasing option should a solutions architect recommend to meet these requirements'?
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs to share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses a customer managed customer master key (CMK) to encrypt EBS volume snapshots. What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?
A financial services company plans to launch a new application on AWS to handle sensitive financial transactions. The company will deploy the application on Amazon EC2 instances. The company will use Amazon RDS for MySQL as the database. The company's security policies mandate that data must be encrypted at rest and in transit. Which solution will meet these requirements with the LEAST operational overhead?

Question 181

Report
Export
Collapse

An entertainment company is using Amazon DynamoDB to store media metadat a. The application is read intensive and experiencing delays. The company does not have staff to handle additional operational overhead and needs to improve the performance efficiency of DynamoDB without reconfiguring the application.

What should a solutions architect recommend to meet this requirement?

A.
Use Amazon ElastiCache for Redis.
A.
Use Amazon ElastiCache for Redis.
Answers
B.
Use Amazon DynamoDB Accelerator (DAX).
B.
Use Amazon DynamoDB Accelerator (DAX).
Answers
C.
Replicate data by using DynamoDB global tables.
C.
Replicate data by using DynamoDB global tables.
Answers
D.
Use Amazon ElastiCache for Memcached with Auto Discovery enabled.
D.
Use Amazon ElastiCache for Memcached with Auto Discovery enabled.
Answers
Suggested answer: B

Explanation:

https://aws.amazon.com/dynamodb/dax/

Question 182

Report
Export
Collapse

A security team wants to limit access to specific services or actions in all of the team's AWS accounts.

All accounts belong to a large organization in AWS Organizations. The solution must be scalable and there must be a single point where permissions can be maintained.

What should a solutions architect do to accomplish this?

A.
Create an ACL to provide access to the services or actions.
A.
Create an ACL to provide access to the services or actions.
Answers
B.
Create a security group to allow accounts and attach it to user groups.
B.
Create a security group to allow accounts and attach it to user groups.
Answers
C.
Create cross-account roles in each account to deny access to the services or actions.
C.
Create cross-account roles in each account to deny access to the services or actions.
Answers
D.
Create a service control policy in the root organizational unit to deny access to the services or actions.
D.
Create a service control policy in the root organizational unit to deny access to the services or actions.
Answers
Suggested answer: D

Explanation:

Service control policies (SCPs) are one type of policy that you can use to manage your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization's access control guidelines. See https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html.

Question 183

Report
Export
Collapse

A company is concerned about the security of its public web application due to recent web attacks.

The application uses an Application Load Balancer (ALB). A solutions architect must reduce the risk of DDoS attacks against the application. What should the solutions architect do to meet this requirement?

A.
Add an Amazon Inspector agent to the ALB.
A.
Add an Amazon Inspector agent to the ALB.
Answers
B.
Configure Amazon Macie to prevent attacks.
B.
Configure Amazon Macie to prevent attacks.
Answers
C.
Enable AWS Shield Advanced to prevent attacks.
C.
Enable AWS Shield Advanced to prevent attacks.
Answers
D.
Configure Amazon GuardDuty to monitor the ALB.
D.
Configure Amazon GuardDuty to monitor the ALB.
Answers
Suggested answer: C

Question 184

Report
Export
Collapse

A company runs a production application on a fleet of Amazon EC2 instances. The application reads the data from an Amazon SQS queue and processes the messages in parallel. The message volume is unpredictable and often has intermittent traffic. This application should continually process messages without any downtime.

Which solution meets these requirements MOST cost-effectively?

A.
Use Spot Instances exclusively to handle the maximum capacity required.
A.
Use Spot Instances exclusively to handle the maximum capacity required.
Answers
B.
Use Reserved Instances exclusively to handle the maximum capacity required.
B.
Use Reserved Instances exclusively to handle the maximum capacity required.
Answers
C.
Use Reserved Instances for the baseline capacity and use Spot Instances to handle additional capacity.
C.
Use Reserved Instances for the baseline capacity and use Spot Instances to handle additional capacity.
Answers
D.
Use Reserved Instances for the baseline capacity and use On-Demand Instances to handle additional capacity.
D.
Use Reserved Instances for the baseline capacity and use On-Demand Instances to handle additional capacity.
Answers
Suggested answer: D

Explanation:

We recommend that you use On-Demand Instances for applications with short-term, irregular workloads that cannot be interrupted. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html

Question 185

Report
Export
Collapse

A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company's security policy requires that all website traffic be inspected by AWS WAR How should the solutions architect comply with these requirements?

A.
Configure an S3 bucket policy lo accept requests coming from the AWS WAF Amazon Resource Name (ARN) only.
A.
Configure an S3 bucket policy lo accept requests coming from the AWS WAF Amazon Resource Name (ARN) only.
Answers
B.
Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin.
B.
Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin.
Answers
C.
Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only.Associate AWS WAF to CloudFront.
C.
Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only.Associate AWS WAF to CloudFront.
Answers
D.
Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket. Enable AWS WAF on the distribution.
D.
Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket. Enable AWS WAF on the distribution.
Answers
Suggested answer: D

Explanation:

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-contentrestricting-access-to-s3.html

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-webawswaf.html

Question 186

Report
Export
Collapse

A company wants to manage Amazon Machine Images (AMIs). The company currently copies AMIs to the same AWS Region where the AMIs were created. The company needs to design an application that captures AWS API calls and sends alerts whenever the Amazon EC2 Createlmage API operation is called within the company's account. Which solution will meet these requirements with the LEAST operational overhead?

A.
Create an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a Createlmage API call is detected.
A.
Create an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a Createlmage API call is detected.
Answers
B.
Configure AWS CloudTrail with an Amazon Simple Notification Service {Amazon SNS) notification that occurs when updated logs are sent to Amazon S3. Use Amazon Athena to create a new table and to query on Createlmage when an API call is detected.
B.
Configure AWS CloudTrail with an Amazon Simple Notification Service {Amazon SNS) notification that occurs when updated logs are sent to Amazon S3. Use Amazon Athena to create a new table and to query on Createlmage when an API call is detected.
Answers
C.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the Createlmage API call.Configure the target as an Amazon Simple Notification Service (Amazon SNS) topic to send an alert when a Createlmage API call is detected.
C.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the Createlmage API call.Configure the target as an Amazon Simple Notification Service (Amazon SNS) topic to send an alert when a Createlmage API call is detected.
Answers
D.
Configure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs. Create an AWS Lambda function to send an alert to an Amazon Simple Notification Service (Amazon SNS) topic when a Createlmage API call is detected.
D.
Configure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs. Create an AWS Lambda function to send an alert to an Amazon Simple Notification Service (Amazon SNS) topic when a Createlmage API call is detected.
Answers
Suggested answer: C

Explanation:


Question 187

Report
Export
Collapse

An online retail company has more than 50 million active customers and receives more than 25,000 orders each day. The company collects purchase data for customers and stores this data in Amazon S3. Additional customer data is stored in Amazon RDS.

The company wants to make all the data available to various teams so that the teams can perform analytics. The solution must provide the ability to manage fine-grained permissions for the data and must minimize operational overhead. Which solution will meet these requirements?

A.
Migrate the purchase data to write directly to Amazon RDS. Use RDS access controls to limit access.
A.
Migrate the purchase data to write directly to Amazon RDS. Use RDS access controls to limit access.
Answers
B.
Schedule an AWS Lambda function to periodically copy data from Amazon RDS to Amazon S3.Create an AWS Glue crawler. Use Amazon Athena to query the data. Use S3 policies to limit access.
B.
Schedule an AWS Lambda function to periodically copy data from Amazon RDS to Amazon S3.Create an AWS Glue crawler. Use Amazon Athena to query the data. Use S3 policies to limit access.
Answers
C.
Create a data lake by using AWS Lake Formation. Create an AWS Glue JDBC connection to Amazon RDS. Register (he S3 bucket in Lake Formation. Use Lake Formation access controls to limit access.
C.
Create a data lake by using AWS Lake Formation. Create an AWS Glue JDBC connection to Amazon RDS. Register (he S3 bucket in Lake Formation. Use Lake Formation access controls to limit access.
Answers
D.
Create an Amazon Redshift cluster. Schedule an AWS Lambda function to periodically copy data from Amazon S3 and Amazon RDS to Amazon Redshift. Use Amazon Redshift access controls to limit access.
D.
Create an Amazon Redshift cluster. Schedule an AWS Lambda function to periodically copy data from Amazon S3 and Amazon RDS to Amazon Redshift. Use Amazon Redshift access controls to limit access.
Answers
Suggested answer: D

Explanation:


Question 188

Report
Export
Collapse

A company owns an asynchronous API that is used to ingest user requests and, based on the request type, dispatch requests to the appropriate microservice for processing. The company is using Amazon API Gateway to deploy the API front end, and an AWS Lambda function that invokes Amazon DynamoDB to store user requests before dispatching them to the processing microservices. The company provisioned as much DynamoDB throughput as its budget allows, but the company is still experiencing availability issues and is losing user requests. What should a solutions architect do to address this issue without impacting existing users?

A.
Add throttling on the API Gateway with server-side throttling limits.
A.
Add throttling on the API Gateway with server-side throttling limits.
Answers
B.
Use DynamoDB Accelerator (DAX) and Lambda to buffer writes to DynamoDB.
B.
Use DynamoDB Accelerator (DAX) and Lambda to buffer writes to DynamoDB.
Answers
C.
Create a secondary index in DynamoDB for the table with the user requests.
C.
Create a secondary index in DynamoDB for the table with the user requests.
Answers
D.
Use the Amazon Simple Queue Service (Amazon SQS) queue and Lambda to buffer writes to DynamoDB.
D.
Use the Amazon Simple Queue Service (Amazon SQS) queue and Lambda to buffer writes to DynamoDB.
Answers
Suggested answer: D

Explanation:

By using an SQS queue and Lambda, the solutions architect can decouple the API front end from the processing microservices and improve the overall scalability and availability of the system. The SQS queue acts as a buffer, allowing the API front end to continue accepting user requests even if the processing microservices are experiencing high workloads or are temporarily unavailable. The Lambda function can then retrieve requests from the SQS queue and write them to DynamoDB, ensuring that all user requests are stored and processed. This approach allows the company to scale the processing microservices independently from the API front end, ensuring that the API remains available to users even during periods of high demand.

Question 189

Report
Export
Collapse

A company needs to move data from an Amazon EC2 instance to an Amazon S3 bucket. The company must ensure that no API calls and no data are routed through public internet routes. Only the EC2 instance can have access to upload data to the S3 bucket.

Which solution will meet these requirements?

A.
Create an interface VPC endpoint for Amazon S3 in the subnet where the EC2 instance is located.Attach a resource policy to the S3 bucket to only allow the EC2 instance's IAM role for access.
A.
Create an interface VPC endpoint for Amazon S3 in the subnet where the EC2 instance is located.Attach a resource policy to the S3 bucket to only allow the EC2 instance's IAM role for access.
Answers
B.
Create a gateway VPC endpoint for Amazon S3 in the Availability Zone where the EC2 instance is located. Attach appropriate security groups to the endpoint. Attach a resource policy lo the S3 bucket to only allow the EC2 instance's IAM role for access.
B.
Create a gateway VPC endpoint for Amazon S3 in the Availability Zone where the EC2 instance is located. Attach appropriate security groups to the endpoint. Attach a resource policy lo the S3 bucket to only allow the EC2 instance's IAM role for access.
Answers
C.
Run the nslookup tool from inside the EC2 instance to obtain the private IP address of the S3 bucket's service API endpoint. Create a route in the VPC route table to provide the EC2 instance with access to the S3 bucket. Attach a resource policy to the S3 bucket to only allow the EC2 instance's IAM role for access.
C.
Run the nslookup tool from inside the EC2 instance to obtain the private IP address of the S3 bucket's service API endpoint. Create a route in the VPC route table to provide the EC2 instance with access to the S3 bucket. Attach a resource policy to the S3 bucket to only allow the EC2 instance's IAM role for access.
Answers
D.
Use the AWS provided, publicly available ip-ranges.json tile to obtain the private IP address of the S3 bucket's service API endpoint. Create a route in the VPC route table to provide the EC2 instance with access to the S3 bucket. Attach a resource policy to the S3 bucket to only allow the EC2 instance's IAM role for access.
D.
Use the AWS provided, publicly available ip-ranges.json tile to obtain the private IP address of the S3 bucket's service API endpoint. Create a route in the VPC route table to provide the EC2 instance with access to the S3 bucket. Attach a resource policy to the S3 bucket to only allow the EC2 instance's IAM role for access.
Answers
Suggested answer: A

Explanation:

https://aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint/

Question 190

Report
Export
Collapse

A gaming company hosts a browser-based application on AWS. The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users. The application has increased in popularity, and millions of users worldwide are accessing these media files. The company wants to provide the files to the users while reducing the load on the origin. Which solution meets these requirements MOST cost-effectively?

A.
Deploy an AWS Global Accelerator accelerator in front of the web servers.
A.
Deploy an AWS Global Accelerator accelerator in front of the web servers.
Answers
B.
Deploy an Amazon CloudFront web distribution in front of the S3 bucket.
B.
Deploy an Amazon CloudFront web distribution in front of the S3 bucket.
Answers
C.
Deploy an Amazon ElastiCache for Redis instance in front of the web servers.
C.
Deploy an Amazon ElastiCache for Redis instance in front of the web servers.
Answers
D.
Deploy an Amazon ElastiCache for Memcached instance in front of the web servers.
D.
Deploy an Amazon ElastiCache for Memcached instance in front of the web servers.
Answers
Suggested answer: B
Total 886 questions
Go to page: of 89
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms