ExamGecko
Search Search Login
Home Home / Amazon / SAA-C03

Amazon SAA-C03 Practice Test - Questions Answers, Page 39

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A solutions architect is developing a multiple-subnet VPC architecture. The solution will consist of six subnets in two Availability Zones. The subnets are defined as public, private and dedicated for databases. Only the Amazon EC2 instances running in the private subnets should be able to access a database. Which solution meets these requirements?
A development team uses multiple AWS accounts for its development, staging, and production environments. Team members have been launching large Amazon EC2 instances that are underutilized. A solutions architect must prevent large instances from being launched in all accounts. How can the solutions architect meet this requirement with the LEAST operational overhead?
A company creates operations data and stores the data in an Amazon S3 bucket for the company's annual audit, an external consultant needs to access an annual report that is stored in the S3 bucket. The external consultant needs to access the report for 7 days. The company must implement a solution to allow the external consultant access to only the report. Which solution will meet these requirements with the MOST operational efficiency?
A company stores customer data in a multitenant Amazon S3 bucket. Each customer's data is stored in a prefix that is unique to the customer. The company needs to migrate data for specific customers to a new. dedicated S3 bucket that is in the same AWS Region as the source bucket. The company must preserve object metadata such as creation date and version IDs. After the migration is finished, the company must delete the source data for the migrated customers from the original multitenant S3 bucket. Which combination of solutions will meet these requirements with the LEAST overhead? (Select THREE.)
A company stores data in an on-premises Oracle relational database. The company needs to make the data available in Amazon Aurora PostgreSQL for analysis The company uses an AWS Site-to-Site VPN connection to connect its on-premises network to AWS. The company must capture the changes that occur to the source database during the migration to Aurora PostgreSQL. Which solution will meet these requirements?
A company hosts its multi-tier, public web application in the AWS Cloud. The web application runs on Amazon EC2 instances, and its database runs on Amazon RDS. The company is anticipating a large increase in sales during an upcoming holiday weekend. A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes. What should the solutions architect do to meet this requirement?
A company is implementing a new application on AWS. The company will run the application on multiple Amazon EC2 instances across multiple Availability Zones within multiple AWS Regions. The application will be available through the internet. Users will access the application from around the world. The company wants to ensure that each user who accesses the application is sent to the EC2 instances that are closest to the user's location. Which solution will meet these requirements?
A company hosts a web application on multiple Amazon EC2 instances The EC2 instances are in an Auto Scaling group that scales in response to user demand The company wants to optimize cost savings without making a long-term commitment Which EC2 instance purchasing option should a solutions architect recommend to meet these requirements'?
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs to share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses a customer managed customer master key (CMK) to encrypt EBS volume snapshots. What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?
A company has an application that runs on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on Amazon EC2 instances. The application has a U1 that uses Amazon DynamoDB and data services that use Amazon S3 as part of the application deployment. The company must ensure that the EKS Pods for the U1 can access only Amazon DynamoDB and that the EKS Pods for the data services can access only Amazon S3. The company uses AWS Identity and Access Management |IAM). Which solution meets these requirements?

Question 381

Report
Export
Collapse

A company previously migrated its data warehouse solution to AWS. The company also has an AWS Direct Connect connection. Corporate office users query the data warehouse using a visualization tool. The average size of a query returned by the data warehouse is 50 MB and each webpage sent by the visualization tool is approximately 500 KB. Result sets returned by the data warehouse are not cached. Which solution provides the LOWEST data transfer egress cost for the company?

A.
Host the visualization tool on premises and query the data warehouse directly over the internet.
A.
Host the visualization tool on premises and query the data warehouse directly over the internet.
Answers
B.
Host the visualization tool in the same AWS Region as the data warehouse. Access it over the internet.
B.
Host the visualization tool in the same AWS Region as the data warehouse. Access it over the internet.
Answers
C.
Host the visualization tool on premises and query the data warehouse directly over a Direct Connect connection at a location in the same AWS Region.
C.
Host the visualization tool on premises and query the data warehouse directly over a Direct Connect connection at a location in the same AWS Region.
Answers
D.
Host the visualization tool in the same AWS Region as the data warehouse and access it over a Direct Connect connection at a location in the same Region.
D.
Host the visualization tool in the same AWS Region as the data warehouse and access it over a Direct Connect connection at a location in the same Region.
Answers
Suggested answer: D

Explanation:

https://aws.amazon.com/directconnect/pricing/

https://aws.amazon.com/blogs/aws/aws-data-transfer-prices-reduced/

Question 382

Report
Export
Collapse

An application runs on an Amazon EC2 instance that has an Elastic IP address in VPC

A.
The application requires access to a database in VPC B. Both VPCs are in the same AWS account.Which solution will provide the required access MOST securely?
A.
The application requires access to a database in VPC B. Both VPCs are in the same AWS account.Which solution will provide the required access MOST securely?
Answers
B.
Create a DB instance security group that allows all traffic from the public IP address of the application server in VPC A.
B.
Create a DB instance security group that allows all traffic from the public IP address of the application server in VPC A.
Answers
C.
Configure a VPC peering connection between VPC A and VPC B.
C.
Configure a VPC peering connection between VPC A and VPC B.
Answers
D.
Make the DB instance publicly accessible. Assign a public IP address to the DB instance.
D.
Make the DB instance publicly accessible. Assign a public IP address to the DB instance.
Answers
E.
Launch an EC2 instance with an Elastic IP address into VPC B. Proxy all requests through the new EC2 instance.
E.
Launch an EC2 instance with an Elastic IP address into VPC B. Proxy all requests through the new EC2 instance.
Answers
Suggested answer: B

Question 383

Report
Export
Collapse

A company runs demonstration environments for its customers on Amazon EC2 instances. Each environment is isolated in its own VPC. The company’s operations team needs to be notified when RDP or SSH access to an environment has been established.

A.
Configure Amazon CloudWatch Application Insights to create AWS Systems Manager OpsItems when RDP or SSH access is detected.
A.
Configure Amazon CloudWatch Application Insights to create AWS Systems Manager OpsItems when RDP or SSH access is detected.
Answers
B.
Configure the EC2 instances with an IAM instance profile that has an IAM role with the AmazonSSMManagedInstanceCore policy attached.
B.
Configure the EC2 instances with an IAM instance profile that has an IAM role with the AmazonSSMManagedInstanceCore policy attached.
Answers
C.
Publish VPC flow logs to Amazon CloudWatch Logs. Create required metric filters. Create an Amazon CloudWatch metric alarm with a notification action for when the alarm is in the ALARM state.
C.
Publish VPC flow logs to Amazon CloudWatch Logs. Create required metric filters. Create an Amazon CloudWatch metric alarm with a notification action for when the alarm is in the ALARM state.
Answers
D.
Configure an Amazon EventBridge rule to listen for events of type EC2 Instance State-change Notification. Configure an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the operations team to the topic.
D.
Configure an Amazon EventBridge rule to listen for events of type EC2 Instance State-change Notification. Configure an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the operations team to the topic.
Answers
Suggested answer: C

Question 384

Report
Export
Collapse

A solutions architect has created a new AWS account and must secure AWS account root user access.

Which combination of actions will accomplish this? (Choose two.)

A.
Ensure the root user uses a strong password.
A.
Ensure the root user uses a strong password.
Answers
B.
Enable multi-factor authentication to the root user.
B.
Enable multi-factor authentication to the root user.
Answers
C.
Store root user access keys in an encrypted Amazon S3 bucket.
C.
Store root user access keys in an encrypted Amazon S3 bucket.
Answers
D.
Add the root user to a group containing administrative permissions.
D.
Add the root user to a group containing administrative permissions.
Answers
E.
Apply the required permissions to the root user with an inline policy document.
E.
Apply the required permissions to the root user with an inline policy document.
Answers
Suggested answer: A, B

Question 385

Report
Export
Collapse

A company is moving its on-premises Oracle database to Amazon Aurora PostgreSQL. The database has several applications that write to the same tables. The applications need to be migrated one by one with a month in between each migration. Management has expressed concerns that the database has a high number of reads and writes. The data must be kept in sync across both databases throughout the migration. What should a solutions architect recommend?

A.
Use AWS DataSync for the initial migration. Use AWS Database Migration Service (AWS DMS) to create a change data capture (CDC) replication task and a table mapping to select all tables.
A.
Use AWS DataSync for the initial migration. Use AWS Database Migration Service (AWS DMS) to create a change data capture (CDC) replication task and a table mapping to select all tables.
Answers
B.
Use AWS DataSync for the initial migration. Use AWS Database Migration Service (AWS DMS) to create a full load plus change data capture (CDC) replication task and a table mapping to select all tables.
B.
Use AWS DataSync for the initial migration. Use AWS Database Migration Service (AWS DMS) to create a full load plus change data capture (CDC) replication task and a table mapping to select all tables.
Answers
C.
Use the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a memory optimized replication instance. Create a full load plus change data capture (CDC) replication task and a table mapping to select all tables.
C.
Use the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a memory optimized replication instance. Create a full load plus change data capture (CDC) replication task and a table mapping to select all tables.
Answers
D.
Use the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a compute optimized replication instance. Create a full load plus change data capture (CDC) replication task and a table mapping to select the largest tables.
D.
Use the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a compute optimized replication instance. Create a full load plus change data capture (CDC) replication task and a table mapping to select the largest tables.
Answers
Suggested answer: C

Question 386

Report
Export
Collapse

A company needs to retain its AWS CloudTrail logs for 3 years. The company is enforcing CloudTrail across a set of AWS accounts by using AWS Organizations from the parent account. The CloudTrail target S3 bucket is configured with S3 Versioning enabled. An S3 Lifecycle policy is in place to delete current objects after 3 years.

After the fourth year of use of the S3 bucket, the S3 bucket metrics show that the number of objects has continued to rise. However, the number of new CloudTrail logs that are delivered to the S3 bucket has remained consistent. Which solution will delete objects that are older than 3 years in the MOST cost-effective manner?

A.
Configure the organization’s centralized CloudTrail trail to expire objects after 3 years.
A.
Configure the organization’s centralized CloudTrail trail to expire objects after 3 years.
Answers
B.
Configure the S3 Lifecycle policy to delete previous versions as well as current versions.
B.
Configure the S3 Lifecycle policy to delete previous versions as well as current versions.
Answers
C.
Create an AWS Lambda function to enumerate and delete objects from Amazon S3 that are older than 3 years.
C.
Create an AWS Lambda function to enumerate and delete objects from Amazon S3 that are older than 3 years.
Answers
D.
Configure the parent account as the owner of all objects that are delivered to the S3 bucket.
D.
Configure the parent account as the owner of all objects that are delivered to the S3 bucket.
Answers
Suggested answer: B

Explanation:

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practicessecurity.html#:~:text=The%20CloudTrail%20trail,time%20has%20passed.

Question 387

Report
Export
Collapse

A company manages its own Amazon EC2 instances that run MySQL databases. The company is manually managing replication and scaling as demand increases or decreases. The company needs a new solution that simplifies the process of adding or removing compute capacity to or from its database tier as needed. The solution also must offer improved performance, scaling, and durability with minimal effort from operations. Which solution meets these requirements?

A.
Migrate the databases to Amazon Aurora Serverless for Aurora MySQL.
A.
Migrate the databases to Amazon Aurora Serverless for Aurora MySQL.
Answers
B.
Migrate the databases to Amazon Aurora Serverless for Aurora PostgreSQL.
B.
Migrate the databases to Amazon Aurora Serverless for Aurora PostgreSQL.
Answers
C.
Combine the databases into one larger MySQL database. Run the larger database on larger EC2 instances.
C.
Combine the databases into one larger MySQL database. Run the larger database on larger EC2 instances.
Answers
D.
Create an EC2 Auto Scaling group for the database tier. Migrate the existing databases to the new environment.
D.
Create an EC2 Auto Scaling group for the database tier. Migrate the existing databases to the new environment.
Answers
Suggested answer: A

Explanation:

https://aws.amazon.com/rds/aurora/serverless/

Question 388

Report
Export
Collapse

A company is concerned that two NAT instances in use will no longer be able to support the traffic needed for the company’s application. A solutions architect wants to implement a solution that is highly available, fault tolerant, and automatically scalable.

What should the solutions architect recommend?

A.
Remove the two NAT instances and replace them with two NAT gateways in the same Availability Zone.
A.
Remove the two NAT instances and replace them with two NAT gateways in the same Availability Zone.
Answers
B.
Use Auto Scaling groups with Network Load Balancers for the NAT instances in different Availability Zones.
B.
Use Auto Scaling groups with Network Load Balancers for the NAT instances in different Availability Zones.
Answers
C.
Remove the two NAT instances and replace them with two NAT gateways in different Availability Zones.
C.
Remove the two NAT instances and replace them with two NAT gateways in different Availability Zones.
Answers
D.
Replace the two NAT instances with Spot Instances in different Availability Zones and deploy a Network Load Balancer.
D.
Replace the two NAT instances with Spot Instances in different Availability Zones and deploy a Network Load Balancer.
Answers
Suggested answer: C

Explanation:

If you have resources in multiple Availability Zones and they share one NAT gateway, and if the NAT gateway’s Availability Zone is down, resources in the other Availability Zones lose internet access. To create an Availability Zone- independent architecture, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat- gateway.html#nat-gatewaybasics

Question 389

Report
Export
Collapse

A company runs an application on a group of Amazon Linux EC2 instances. For compliance reasons, the company must retain all application log files for 7 years. The log files will be analyzed by a reporting tool that must be able to access all the files concurrently.

Which storage solution meets these requirements MOST cost-effectively?

A.
Amazon Elastic Block Store (Amazon EBS)
A.
Amazon Elastic Block Store (Amazon EBS)
Answers
B.
Amazon Elastic File System (Amazon EFS)
B.
Amazon Elastic File System (Amazon EFS)
Answers
C.
Amazon EC2 instance store
C.
Amazon EC2 instance store
Answers
D.
Amazon S3
D.
Amazon S3
Answers
Suggested answer: D

Question 390

Report
Export
Collapse

A company has hired an external vendor to perform work in the company’s AWS account. The vendor uses an automated tool that is hosted in an AWS account that the vendor owns. The vendor does not have IAM access to the company’s AWS account.

How should a solutions architect grant this access to the vendor?

A.
Create an IAM role in the company’s account to delegate access to the vendor’s IAM role. Attach the appropriate IAM policies to the role for the permissions that the vendor requires.
A.
Create an IAM role in the company’s account to delegate access to the vendor’s IAM role. Attach the appropriate IAM policies to the role for the permissions that the vendor requires.
Answers
B.
Create an IAM user in the company’s account with a password that meets the password complexity requirements. Attach the appropriate IAM policies to the user for the permissions that the vendor requires.
B.
Create an IAM user in the company’s account with a password that meets the password complexity requirements. Attach the appropriate IAM policies to the user for the permissions that the vendor requires.
Answers
C.
Create an IAM group in the company’s account. Add the tool’s IAM user from the vendor account to the group. Attach the appropriate IAM policies to the group for the permissions that the vendor requires.
C.
Create an IAM group in the company’s account. Add the tool’s IAM user from the vendor account to the group. Attach the appropriate IAM policies to the group for the permissions that the vendor requires.
Answers
D.
Create a new identity provider by choosing “AWS account” as the provider type in the IAM console. Supply the vendor’s AWS account ID and user name. Attach the appropriate IAM policies to the new provider for the permissions that the vendor requires.
D.
Create a new identity provider by choosing “AWS account” as the provider type in the IAM console. Supply the vendor’s AWS account ID and user name. Attach the appropriate IAM policies to the new provider for the permissions that the vendor requires.
Answers
Suggested answer: A

Explanation:

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html

Total 886 questions
Go to page: of 89
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms