ExamGecko
Login
Home / Amazon / SAA-C03 / List of questions
Ask Question

Amazon SAA-C03 Practice Test - Questions Answers, Page 25

List of questions

Question 241

Report
Export
Collapse

A company is using a fleet of Amazon EC2 instances to ingest data from on-premises data sources.

The data is in JSON format and Ingestion rates can be as high as 1 MB/s. When an EC2 instance is rebooted, the data in-flight is lost. The company's data science team wants to query Ingested data In near-real time. Which solution provides near-real -time data querying that is scalable with minimal data loss?

Publish data to Amazon Kinesis Data Streams Use Kinesis data Analytics to query the data.
Publish data to Amazon Kinesis Data Streams Use Kinesis data Analytics to query the data.
Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination Use Amazon Redshift to query the data
Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination Use Amazon Redshift to query the data
Store ingested data m an EC2 Instance store Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destination. Use Amazon Athena to query the data.
Store ingested data m an EC2 Instance store Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destination. Use Amazon Athena to query the data.
Store ingested data m an Amazon Elastic Block Store (Amazon EBS) volume Publish data to Amazon ElastiCache tor Red Subscribe to the Redis channel to query the data
Store ingested data m an Amazon Elastic Block Store (Amazon EBS) volume Publish data to Amazon ElastiCache tor Red Subscribe to the Redis channel to query the data
Suggested answer: A

Explanation:


asked 16/09/2024
Wissem GHARBI
33 questions

Question 242

Report
Export
Collapse

A company recently migrated its entire IT environment to the AWS Cloud. The company discovers that users are provisioning oversized Amazon EC2 instances and modifying security group rules without using the appropriate change control process A solutions architect must devise a strategy to track and audit these inventory and configuration changes. Which actions should the solutions architect take to meet these requirements? (Select TWO )

Enable AWS CloudTrail and use it for auditing
Enable AWS CloudTrail and use it for auditing
Use data lifecycie policies for the Amazon EC2 instances
Use data lifecycie policies for the Amazon EC2 instances
Enable AWS Trusted Advisor and reference the security dashboard
Enable AWS Trusted Advisor and reference the security dashboard
Enable AWS Config and create rules for auditing and compliance purposes
Enable AWS Config and create rules for auditing and compliance purposes
Restore previous resource configurations with an AWS CloudFormation template
Restore previous resource configurations with an AWS CloudFormation template
Suggested answer: A, D

Explanation:

A) Enable AWS CloudTrail and use it for auditing. AWS CloudTrail provides a record of API calls and can be used to audit changes made to EC2 instances and security groups. By analyzing CloudTrail logs, the solutions architect can track who provisioned oversized instances or modified security groups without proper approval. D) Enable AWS Config and create rules for auditing and compliance purposes. AWS Config can record the configuration changes made to resources like EC2 instances and security groups. The solutions architect can create AWS Config rules to monitor for non-compliant changes, like launching certain instance types or opening security group ports without permission. AWS Config would alert on any violations of these rules.


asked 16/09/2024
rayan rayanalbanna
44 questions

Question 243

Report
Export
Collapse

A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB).

The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. On the first day of every month at midnight. The application becomes much slower when the month-end financial calcualtion bath runs. This causes the CPU utilization of the EC2 instaces to immediately peak to 100%, which disrupts the application. What should a solution architect recommend to ensure the application is able to handle the workload and avoid downtime?

Configure an Amazon CloudFront distribution in from of the ALB.
Configure an Amazon CloudFront distribution in from of the ALB.
Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization.
Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization.
Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
Configure Amazon ElasticCache to remove some of the workload from tha EC2 instances.
Configure Amazon ElasticCache to remove some of the workload from tha EC2 instances.
Suggested answer: C

Explanation:

Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule is the best option because it allows for the proactive scaling of the EC2 instances before the monthly batch run begins. This will ensure that the application is able to handle the increased workload without experiencing downtime. The scheduled scaling policy can be configured to increase the number of instances in the Auto Scaling group a few hours before the batch run and then decrease the number of instances after the batch run is complete. This will ensure that the resources are available when needed and not wasted when not needed. The most appropriate solution to handle the increased workload during the monthly batch run and avoid downtime would be to configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule. https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scheduled-scaling.html

s

asked 16/09/2024
None None
40 questions

Question 244

Report
Export
Collapse

A company stores its data objects in Amazon S3 Standard storage. A solutions architect has found that 75% of the data is rarely accessed after 30 days. The company needs all the data to remain immediately accessible with the same high availability and resiliency, but the company wants to minimize storage costs.

Which storage solution will meet these requirements?

Move the data objects to S3 Glacier Deep Archive after 30 days.
Move the data objects to S3 Glacier Deep Archive after 30 days.
Move the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
Move the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately.
Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately.
Suggested answer: B
asked 16/09/2024
David Aghaegbuna
41 questions

Question 245

Report
Export
Collapse

A solutions architect must secure a VPC network that hosts Amazon EC2 instances The EC2 ^stances contain highly sensitive data and tun n a private subnet According to company policy the EC2 instances mat run m the VPC can access only approved third-party software repositories on the internet for software product updates that use the third party's URL Other internet traffic must be blocked. Which solution meets these requirements?

Update the route table for the private subnet to route the outbound traffic to an AWS Network Firewall. Configure domain list rule groups
Update the route table for the private subnet to route the outbound traffic to an AWS Network Firewall. Configure domain list rule groups
Set up an AWS WAF web ACL. Create a custom set of rules that filter traffic requests based on source and destination IP address range sets.
Set up an AWS WAF web ACL. Create a custom set of rules that filter traffic requests based on source and destination IP address range sets.
Implement strict inbound security group roles Configure an outbound rule that allows traffic only to the authorized software repositories on the internet by specifying the URLs
Implement strict inbound security group roles Configure an outbound rule that allows traffic only to the authorized software repositories on the internet by specifying the URLs
Configure an Application Load Balancer (ALB) in front of the EC2 instances. Direct an outbound traffic to the ALB Use a URL-based rule listener in the ALB's target group for outbound access to the internet
Configure an Application Load Balancer (ALB) in front of the EC2 instances. Direct an outbound traffic to the ALB Use a URL-based rule listener in the ALB's target group for outbound access to the internet
Suggested answer: A

Explanation:

Send the outbound connection from EC2 to Network Firewall. In Network Firewall, createstateful outbound rules to allow certain domains for software patch download and deny allother domains. https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-examples.html#suricata-example-domain-filtering

asked 16/09/2024
Aimé Tameti
42 questions

Question 246

Report
Export
Collapse

A company has hundreds of Amazon EC2 Linux-based instances in the AWS Cloud. Systems administrators have used shared SSH keys to manage the instances After a recent audit, the company's security team is mandating the removal of all shared keys. A solutions architect must design a solution that provides secure access to the EC2 instances. Which solution will meet this requirement with the LEAST amount of administrative overhead?

Use AWS Systems Manager Session Manager to connect to the EC2 instances.
Use AWS Systems Manager Session Manager to connect to the EC2 instances.
Use AWS Security Token Service (AWS STS) to generate one-time SSH keys on demand.
Use AWS Security Token Service (AWS STS) to generate one-time SSH keys on demand.
Allow shared SSH access to a set of bastion instances. Configure all other instances to allow only SSH access from the bastion instances
Allow shared SSH access to a set of bastion instances. Configure all other instances to allow only SSH access from the bastion instances
Use an Amazon Cognito custom authorizer to authenticate users. Invoke an AWS Lambda function to generate a temporary SSH key.
Use an Amazon Cognito custom authorizer to authenticate users. Invoke an AWS Lambda function to generate a temporary SSH key.
Suggested answer: A

Explanation:

Session Manager is a fully managed AWS Systems Manager capability. With Session Manager, you can manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, on-premises servers, and virtual machines (VMs). You can use either an interactive one-click browser-based shell or the AWS Command Line Interface (AWS CLI). Session Manager provides secure and auditable node management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. Session Manager also allows you to comply with corporate policies that require controlled access to managed nodes, strict security practices, and fully auditable logs with node access details, while providing end users with simple one-click cross-platform access to your managed nodes. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html


asked 16/09/2024
Manohar M
41 questions

Question 247

Report
Export
Collapse

A company is building a data analysis platform on AWS by using AWS Lake Formation. The platform will ingest data from different sources such as Amazon S3 and Amazon RDS. The company needs a secure solution to prevent access to portions of the data that contain sensitive information.

Create an IAM role that includes permissions to access Lake Formation tables.
Create an IAM role that includes permissions to access Lake Formation tables.
Create data filters to implement row-level security and cell-level security.
Create data filters to implement row-level security and cell-level security.
Create an AWS Lambda function that removes sensitive information before Lake Formation ingests re data.
Create an AWS Lambda function that removes sensitive information before Lake Formation ingests re data.
Create an AWS Lambda function that perodically Queries and removes sensitive information from Lake Formation tables.
Create an AWS Lambda function that perodically Queries and removes sensitive information from Lake Formation tables.
Suggested answer: B

Explanation:


asked 16/09/2024
Vijay Kumar
47 questions

Question 248

Report
Export
Collapse

A company wants to create an application to store employee data in a hierarchical structured relationship. The company needs a minimum-latency response to high-traffic queries for the employee data and must protect any sensitive dat a. The company also need to receive monthly email messages if any financial information is present in the employee data. Which combination of steps should a solutin architect take to meet these requirement? ( Select TWO.)

Use Amazon Redshift to store the employee data in hierarchies. Unload the data to Amazon S3 every month.
Use Amazon Redshift to store the employee data in hierarchies. Unload the data to Amazon S3 every month.
Use Amazon DynamoDB to store the employee data in hierarchies Export the data to Amazon S3 every month.
Use Amazon DynamoDB to store the employee data in hierarchies Export the data to Amazon S3 every month.
Configure Amazon Macie for the AWS account Integrate Macie with Amazon EventBridge to send monthly events to AWS Lambda.
Configure Amazon Macie for the AWS account Integrate Macie with Amazon EventBridge to send monthly events to AWS Lambda.
Use Amazon Athena to analyze the employee data in Amazon S3 integrate Athena with Amazon QuickSight to publish analysis dashboards and share the dashboards with users.
Use Amazon Athena to analyze the employee data in Amazon S3 integrate Athena with Amazon QuickSight to publish analysis dashboards and share the dashboards with users.
Configure Amazon Macie for the AWS account. integrate Macie with Amazon EventBridge to send monthly notifications through an Amazon Simple Notification Service (Amazon SNS) subscription.
Configure Amazon Macie for the AWS account. integrate Macie with Amazon EventBridge to send monthly notifications through an Amazon Simple Notification Service (Amazon SNS) subscription.
Suggested answer: B, E

Explanation:


asked 16/09/2024
Victor Silveira
28 questions

Question 249

Report
Export
Collapse

A solutions architect is designing a multi-tier application for a company. The application's users upload images from a mobile device. The application generates a thumbnail of each image and returns a message to the user to confirm that the image was uploaded successfully.

The thumbnail generation can take up to 60 seconds, but the company wants to provide a faster response time to its users to notify them that the original image was received. The solutions architect must design the application to asynchronously dispatch requests to the different application tiers.

What should the solutions architect do to meet these requirements?

Write a custom AWS Lambda function to generate the thumbnail and alert the user. Use the image upload process as an event source to invoke the Lambda function.
Write a custom AWS Lambda function to generate the thumbnail and alert the user. Use the image upload process as an event source to invoke the Lambda function.
Create an AWS Step Functions workflow Configure Step Functions to handle the orchestration between the application tiers and alert the user when thumbnail generation is complete
Create an AWS Step Functions workflow Configure Step Functions to handle the orchestration between the application tiers and alert the user when thumbnail generation is complete
Create an Amazon Simple Queue Service (Amazon SQS) message queue. As images are uploaded, place a message on the SQS queue for thumbnail generation. Alert the user through an application message that the image was received
Create an Amazon Simple Queue Service (Amazon SQS) message queue. As images are uploaded, place a message on the SQS queue for thumbnail generation. Alert the user through an application message that the image was received
Create Amazon Simple Notification Service (Amazon SNS) notification topics and subscriptions Use one subscription with the application to generate the thumbnail after the image upload is complete. Use a second subscription to message the user's mobile app by way of a push notification after thumbnail generation is complete.
Create Amazon Simple Notification Service (Amazon SNS) notification topics and subscriptions Use one subscription with the application to generate the thumbnail after the image upload is complete. Use a second subscription to message the user's mobile app by way of a push notification after thumbnail generation is complete.
Suggested answer: C

Explanation:

This option is the most efficient because it uses Amazon SQS, which is a fully managed message queuing service that lets you send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available1. It also uses an SQS message queue to asynchronously dispatch requests to the different application tiers, which decouples the image upload process from the thumbnail generation process and enables scalability and reliability. It also alerts the user through an application message that the image was received, which provides a faster response time to the user than waiting for the thumbnail generation to complete. Option A is less efficient because it uses a custom AWS Lambda function to generate the thumbnail and alert the user, which is a way to run code without provisioning or managing servers. However, this does not use an asynchronous dispatch mechanism to separate the image upload process from the thumbnail generation process. It also uses the image upload process as an event source to invoke the Lambda function, which could cause concurrency issues if there are many images uploaded at once. Option B is less efficient because it uses AWS Step Functions, which is a fully managed service that provides a graphical console to arrange and visualize the components of your application as a series of steps2. However, this does not use an asynchronous dispatch mechanism to separate the image upload process from the thumbnail generation process. It also uses Step Functions to handle the orchestration between the application tiers and alert the user when thumbnail generation is complete, which could introduce additional complexity and latency. Option D is less efficient because it uses Amazon SNS, which is a fully managed messaging service that enables you to send messages or notifications directly to users with SMS text messages or email3. However, this does not use an asynchronous dispatch mechanism to separate the image upload process from the thumbnail generation process. It also uses SNS notification topics and subscriptions to generate the thumbnail after the image upload is complete and message the user's mobile app by way of a push notification after thumbnail generation is complete, which could introduce additional complexity and latency.



asked 16/09/2024
Rick van der Slot
40 questions

Question 250

Report
Export
Collapse

A company uses a 100 GB Amazon RDS for Microsoft SQL Server Single-AZ DB instance in the us-east- 1 Region to store customer transactions. The company needs high availability and automate recovery for the DB instance. The companu must also run reports on the RDS database several times a year. The report process causes transactions to take longer than usual to post to the customer‘ accounts. Which combination of steps will meet these requirements? (Select TWO.)

Modify the DB instance from a Single-AZ DB instance to a Multi-AZ deployment.
Modify the DB instance from a Single-AZ DB instance to a Multi-AZ deployment.
Take a snapshot of the current DB instance. Restore the snapshot to a new RDS deployment in another Availability Zone.
Take a snapshot of the current DB instance. Restore the snapshot to a new RDS deployment in another Availability Zone.
Create a read replica of the DB instance in a different Availability Zone. Point All requests for reports to the read replica.
Create a read replica of the DB instance in a different Availability Zone. Point All requests for reports to the read replica.
Migrate the database to RDS Custom.
Migrate the database to RDS Custom.
Use RDS Proxy to limit reporting requests to the maintenance window.
Use RDS Proxy to limit reporting requests to the maintenance window.
Suggested answer: A, C

Explanation:

https://medium.com/awesome-cloud/aws-difference-between-multi-az-and-read-replicas-in- amazon-rds-60fe848ef53a


asked 16/09/2024
Tym Dom
41 questions
Total 1.002 questions
Go to page: of 101
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company hosts a web application on multiple Amazon EC2 instances The EC2 instances are in an Auto Scaling group that scales in response to user demand The company wants to optimize cost savings without making a long-term commitment Which EC2 instance purchasing option should a solutions architect recommend to meet these requirements'?
A solutions architect is developing a multiple-subnet VPC architecture. The solution will consist of six subnets in two Availability Zones. The subnets are defined as public, private and dedicated for databases. Only the Amazon EC2 instances running in the private subnets should be able to access a database. Which solution meets these requirements?
A company stores data in an on-premises Oracle relational database. The company needs to make the data available in Amazon Aurora PostgreSQL for analysis The company uses an AWS Site-to-Site VPN connection to connect its on-premises network to AWS. The company must capture the changes that occur to the source database during the migration to Aurora PostgreSQL. Which solution will meet these requirements?
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs to share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses a customer managed customer master key (CMK) to encrypt EBS volume snapshots. What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?
A company is implementing a new application on AWS. The company will run the application on multiple Amazon EC2 instances across multiple Availability Zones within multiple AWS Regions. The application will be available through the internet. Users will access the application from around the world. The company wants to ensure that each user who accesses the application is sent to the EC2 instances that are closest to the user's location. Which solution will meet these requirements?
A development team uses multiple AWS accounts for its development, staging, and production environments. Team members have been launching large Amazon EC2 instances that are underutilized. A solutions architect must prevent large instances from being launched in all accounts. How can the solutions architect meet this requirement with the LEAST operational overhead?
A company stores customer data in a multitenant Amazon S3 bucket. Each customer's data is stored in a prefix that is unique to the customer. The company needs to migrate data for specific customers to a new. dedicated S3 bucket that is in the same AWS Region as the source bucket. The company must preserve object metadata such as creation date and version IDs. After the migration is finished, the company must delete the source data for the migrated customers from the original multitenant S3 bucket. Which combination of solutions will meet these requirements with the LEAST overhead? (Select THREE.)
A company hosts its multi-tier, public web application in the AWS Cloud. The web application runs on Amazon EC2 instances, and its database runs on Amazon RDS. The company is anticipating a large increase in sales during an upcoming holiday weekend. A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes. What should the solutions architect do to meet this requirement?
A company uses high concurrency AWS Lambda functions to process a constantly increasing number of messages in a message queue during marketing events. The Lambda functions use CPU intensive code to process the messages. The company wants to reduce the compute costs and to maintain service latency for its customers. Which solution will meet these requirements?
A solutions architect needs to connect a company's corporate network to its VPC to allow on-premises access to its AWS resources. The solution must provide encryption of all traffic between the corporate network and the VPC at the network layer and the session layer. The solution also must provide security controls to prevent unrestricted access between AWS and the on-premises systems. Which solution meets these requirements?