ExamGecko
Search Search Login
Home Home / Amazon / SAA-C03

Amazon SAA-C03 Practice Test - Questions Answers, Page 79

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A solutions architect is developing a multiple-subnet VPC architecture. The solution will consist of six subnets in two Availability Zones. The subnets are defined as public, private and dedicated for databases. Only the Amazon EC2 instances running in the private subnets should be able to access a database. Which solution meets these requirements?
A company creates operations data and stores the data in an Amazon S3 bucket for the company's annual audit, an external consultant needs to access an annual report that is stored in the S3 bucket. The external consultant needs to access the report for 7 days. The company must implement a solution to allow the external consultant access to only the report. Which solution will meet these requirements with the MOST operational efficiency?
A company stores data in an on-premises Oracle relational database. The company needs to make the data available in Amazon Aurora PostgreSQL for analysis The company uses an AWS Site-to-Site VPN connection to connect its on-premises network to AWS. The company must capture the changes that occur to the source database during the migration to Aurora PostgreSQL. Which solution will meet these requirements?
A company hosts its multi-tier, public web application in the AWS Cloud. The web application runs on Amazon EC2 instances, and its database runs on Amazon RDS. The company is anticipating a large increase in sales during an upcoming holiday weekend. A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes. What should the solutions architect do to meet this requirement?
A company is implementing a new application on AWS. The company will run the application on multiple Amazon EC2 instances across multiple Availability Zones within multiple AWS Regions. The application will be available through the internet. Users will access the application from around the world. The company wants to ensure that each user who accesses the application is sent to the EC2 instances that are closest to the user's location. Which solution will meet these requirements?
A development team uses multiple AWS accounts for its development, staging, and production environments. Team members have been launching large Amazon EC2 instances that are underutilized. A solutions architect must prevent large instances from being launched in all accounts. How can the solutions architect meet this requirement with the LEAST operational overhead?
A company stores customer data in a multitenant Amazon S3 bucket. Each customer's data is stored in a prefix that is unique to the customer. The company needs to migrate data for specific customers to a new. dedicated S3 bucket that is in the same AWS Region as the source bucket. The company must preserve object metadata such as creation date and version IDs. After the migration is finished, the company must delete the source data for the migrated customers from the original multitenant S3 bucket. Which combination of solutions will meet these requirements with the LEAST overhead? (Select THREE.)
A company hosts a web application on multiple Amazon EC2 instances The EC2 instances are in an Auto Scaling group that scales in response to user demand The company wants to optimize cost savings without making a long-term commitment Which EC2 instance purchasing option should a solutions architect recommend to meet these requirements'?
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs to share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses a customer managed customer master key (CMK) to encrypt EBS volume snapshots. What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?
A financial services company plans to launch a new application on AWS to handle sensitive financial transactions. The company will deploy the application on Amazon EC2 instances. The company will use Amazon RDS for MySQL as the database. The company's security policies mandate that data must be encrypted at rest and in transit. Which solution will meet these requirements with the LEAST operational overhead?

Question 781

Report
Export
Collapse

A company needs a secure connection between its on-premises environment and AWS. This connection does not need high bandwidth and will handle a small amount of traffic. The connection should be set up quickly.

What is the MOST cost-effective method to establish this type of connection?

A.
Implement a client VPN
A.
Implement a client VPN
Answers
B.
Implement AWS Direct Connect.
B.
Implement AWS Direct Connect.
Answers
C.
Implement a bastion host on Amazon EC2.
C.
Implement a bastion host on Amazon EC2.
Answers
D.
Implement an AWS Site-to-Site VPN connection.
D.
Implement an AWS Site-to-Site VPN connection.
Answers
Suggested answer: D

Explanation:

AWS Site-to-Site VPN: This provides a secure and encrypted connection between an on-premises environment and AWS. It is a cost-effective solution suitable for low bandwidth and small traffic needs.

Quick Setup:

Site-to-Site VPN can be quickly set up by configuring a virtual private gateway on the AWS side and a customer gateway on the on-premises side.

It uses standard IPsec protocol to establish the VPN tunnel.

Cost-Effectiveness: Compared to AWS Direct Connect, which requires dedicated physical connections and higher setup costs, a Site-to-Site VPN is less expensive and easier to implement for smaller traffic requirements.

AWS Site-to-Site VPN

Question 782

Report
Export
Collapse

A company is designing a new multi-tier web application that consists of the following components:

* Web and application servers that run on Amazon EC2 instances as part of Auto Scaling groups

* An Amazon RDS DB instance for data storage

A solutions architect needs to limit access to the application servers so that only the web servers can access them. Which solution will meet these requirements?

A.
Deploy AWS PrivateLink in front of the application servers. Configure the network ACL to allow only the web servers to access the application servers.
A.
Deploy AWS PrivateLink in front of the application servers. Configure the network ACL to allow only the web servers to access the application servers.
Answers
B.
Deploy a VPC endpoint in front of the application servers Configure the security group to allow only the web servers to access the application servers
B.
Deploy a VPC endpoint in front of the application servers Configure the security group to allow only the web servers to access the application servers
Answers
C.
Deploy a Network Load Balancer with a target group that contains the application servers' Auto Scaling group Configure the network ACL to allow only the web servers to access the application servers.
C.
Deploy a Network Load Balancer with a target group that contains the application servers' Auto Scaling group Configure the network ACL to allow only the web servers to access the application servers.
Answers
D.
Deploy an Application Load Balancer with a target group that contains the application servers' Auto Scaling group. Configure the security group to allow only the web servers to access the application servers.
D.
Deploy an Application Load Balancer with a target group that contains the application servers' Auto Scaling group. Configure the security group to allow only the web servers to access the application servers.
Answers
Suggested answer: D

Explanation:

Application Load Balancer (ALB): ALB is suitable for routing HTTP/HTTPS traffic to the application servers. It provides advanced routing features and integrates well with Auto Scaling groups.

Target Group Configuration:

Create a target group for the application servers and register the Auto Scaling group with this target group.

Configure the ALB to forward requests from the web servers to the application servers.

Security Group Setup:

Configure the security group of the application servers to only allow traffic from the web servers' security group.

This ensures that only the web servers can access the application servers, meeting the requirement to limit access.

Benefits:

Security: Using security groups to restrict access ensures a secure environment where only intended traffic is allowed.

Scalability: ALB works seamlessly with Auto Scaling groups, ensuring the application can handle varying loads efficiently.

Application Load Balancer

Security Groups for Your VPC

Question 783

Report
Export
Collapse

A company has separate AWS accounts for its finance, data analytics, and development departments. Because of costs and security concerns, the company wants to control which services each AWS account can use

Which solution will meet these requirements with the LEAST operational overhead?

A.
Use AWS Systems Manager templates to control which AWS services each department can use
A.
Use AWS Systems Manager templates to control which AWS services each department can use
Answers
B.
Create organization units (OUs) for each department in AWS Organizations. Attach service control policies (SCPs) to the OUs.
B.
Create organization units (OUs) for each department in AWS Organizations. Attach service control policies (SCPs) to the OUs.
Answers
C.
Use AWS CloudFormation to automatically provision only the AWS services that each department can use.
C.
Use AWS CloudFormation to automatically provision only the AWS services that each department can use.
Answers
D.
Set up a list of products in AWS Service Catalog in the AWS accounts to manage and control the usage of specific AWS services
D.
Set up a list of products in AWS Service Catalog in the AWS accounts to manage and control the usage of specific AWS services
Answers
Suggested answer: B

Explanation:

AWS Organizations: AWS Organizations allows you to create multiple AWS accounts and manage them centrally. You can organize accounts into organizational units (OUs) and apply policies to these units.

Organizational Units (OUs):

Create separate OUs for each department: finance, data analytics, and development.

Place the respective AWS accounts for each department into their corresponding OUs.

Service Control Policies (SCPs):

SCPs are policies that can restrict which AWS services and actions are available to accounts in an OU.

Create SCPs to define which services each department can use and attach these policies to the appropriate OUs.

SCPs apply to all IAM users, groups, and roles within the accounts in the OU, providing centralized control over service usage.

Operational Efficiency: Using AWS Organizations and SCPs provides a scalable and centralized way to manage permissions across multiple accounts with minimal operational overhead.

AWS Organizations

Service Control Policies

Question 784

Report
Export
Collapse

A global company runs its workloads on AWS The company's application uses Amazon S3 buckets across AWS Regions for sensitive data storage and analysis. The company stores millions of objects in multiple S3 buckets daily. The company wants to identify all S3 buckets that are not versioning-enabled.

Which solution will meet these requirements?

A.
Set up an AWS CloudTrail event that has a rule to identify all S3 buckets that are not versioning-enabled across Regions
A.
Set up an AWS CloudTrail event that has a rule to identify all S3 buckets that are not versioning-enabled across Regions
Answers
B.
Use Amazon S3 Storage Lens to identify all S3 buckets that are not versioning-enabled across Regions.
B.
Use Amazon S3 Storage Lens to identify all S3 buckets that are not versioning-enabled across Regions.
Answers
C.
Enable IAM Access Analyzer for S3 to identify all S3 buckets that are not versioning-enabled across Regions
C.
Enable IAM Access Analyzer for S3 to identify all S3 buckets that are not versioning-enabled across Regions
Answers
D.
Create an S3 Multi-Region Access Point to identify all S3 buckets that are not versioning-enabled across Regions
D.
Create an S3 Multi-Region Access Point to identify all S3 buckets that are not versioning-enabled across Regions
Answers
Suggested answer: B

Explanation:

Amazon S3 Storage Lens:

S3 Storage Lens provides organization-wide visibility into object storage usage and activity trends.

It can generate metrics and insights about your S3 buckets, including versioning status.

Configuration:

Enable S3 Storage Lens at the organization level.

Configure the dashboard to include the versioning status metric.

Identify Non-Versioned Buckets:

Use the S3 Storage Lens dashboard to filter and identify buckets that do not have versioning enabled.

Storage Lens provides detailed insights and reports which can be used to enforce compliance and manage storage effectively.

Operational Efficiency: Using S3 Storage Lens provides a centralized, easy-to-use interface for monitoring bucket configurations across multiple Regions and accounts, reducing the need for custom scripts or manual checks.

Amazon S3 Storage Lens

S3 Storage Lens Metrics

Question 785

Report
Export
Collapse

A media company uses an Amazon CloudFront distribution to deliver content over the internet The company wants only premium customers to have access to the media streams and file content. The company stores all content in an Amazon S3 bucket. The company also delivers content on demand to customers for a specific purpose, such as movie rentals or music downloads.

Which solution will meet these requirements?

A.
Generate and provide S3 signed cookies to premium customers
A.
Generate and provide S3 signed cookies to premium customers
Answers
B.
Generate and provide CloudFront signed URLs to premium customers.
B.
Generate and provide CloudFront signed URLs to premium customers.
Answers
C.
Use origin access control (OAC) to limit the access of non-premium customers
C.
Use origin access control (OAC) to limit the access of non-premium customers
Answers
D.
Generate and activate field-level encryption to block non-premium customers.
D.
Generate and activate field-level encryption to block non-premium customers.
Answers
Suggested answer: B

Explanation:

CloudFront Signed URLs: These URLs allow you to provide limited access to content that is being served through an Amazon CloudFront distribution. Signed URLs can be generated to grant time-limited access to premium customers.

Content Restriction:

By using CloudFront signed URLs, you can control access to your media streams and file content stored in S3.

These URLs can be customized with an expiration time, ensuring that access is only available for a specific period, which is useful for scenarios like movie rentals or music downloads.

Security and Flexibility:

Signed URLs ensure that only authenticated users (premium customers) can access the restricted content.

This approach integrates seamlessly with CloudFront and S3, providing an efficient way to manage access controls without additional overhead.

Operational Efficiency: Using CloudFront signed URLs leverages AWS managed services to handle the complexity of access control, reducing the need for custom implementation and maintenance.

Serving Private Content with Signed URLs and Signed Cookies

Question 786

Report
Export
Collapse

A company uses Amazon API Gateway to manage its REST APIs that third-party service providers access The company must protect the REST APIs from SQL injection and cross-site scripting attacks.

What is the MOST operationally efficient solution that meets these requirements?

A.
Configure AWS Shield.
A.
Configure AWS Shield.
Answers
B.
Configure AWS WAR
B.
Configure AWS WAR
Answers
C.
Set up API Gateway with an Amazon CloudFront distribution Configure AWS Shield in CloudFront.
C.
Set up API Gateway with an Amazon CloudFront distribution Configure AWS Shield in CloudFront.
Answers
D.
Set up API Gateway with an Amazon CloudFront distribution. Configure AWS WAF in CloudFront
D.
Set up API Gateway with an Amazon CloudFront distribution. Configure AWS WAF in CloudFront
Answers
Suggested answer: D

Explanation:

Amazon API Gateway with CloudFront: API Gateway allows you to create, deploy, and manage APIs, while CloudFront provides a CDN to deliver content with low latency and high transfer speeds.

AWS WAF (Web Application Firewall):

AWS WAF can be configured in CloudFront to protect against common web exploits, including SQL injection and cross-site scripting (XSS).

WAF allows you to create custom rules to block specific attack patterns and can be managed centrally.

Configuration:

Deploy your APIs using Amazon API Gateway.

Set up an Amazon CloudFront distribution in front of the API Gateway.

Configure AWS WAF on the CloudFront distribution to apply security rules.

Operational Efficiency: This solution provides robust protection with minimal operational overhead by leveraging managed AWS services, ensuring that your APIs are secure without extensive custom implementation.

Using AWS WAF to Protect Your APIs

How CloudFront Works with AWS WAF

Question 787

Report
Export
Collapse

A company runs its application on Oracle Database Enterprise Edition The company needs to migrate the application and the database to AWS. The company can use the Bring Your Own License (BYOL) model while migrating to AWS The application uses third-party database features that require privileged access.

A solutions architect must design a solution for the database migration.

Which solution will meet these requirements MOST cost-effectively?

A.
Migrate the database to Amazon RDS for Oracle by using native tools. Replace the third-party features with AWS Lambda.
A.
Migrate the database to Amazon RDS for Oracle by using native tools. Replace the third-party features with AWS Lambda.
Answers
B.
Migrate the database to Amazon RDS Custom for Oracle by using native tools Customize the new database settings to support the third-party features.
B.
Migrate the database to Amazon RDS Custom for Oracle by using native tools Customize the new database settings to support the third-party features.
Answers
C.
Migrate the database to Amazon DynamoDB by using AWS Database Migration Service {AWS DMS). Customize the new database settings to support the third-party features.
C.
Migrate the database to Amazon DynamoDB by using AWS Database Migration Service {AWS DMS). Customize the new database settings to support the third-party features.
Answers
D.
Migrate the database to Amazon RDS for PostgreSQL by using AWS Database Migration Service (AWS DMS). Rewrite the application code to remove the dependency on third-party features.
D.
Migrate the database to Amazon RDS for PostgreSQL by using AWS Database Migration Service (AWS DMS). Rewrite the application code to remove the dependency on third-party features.
Answers
Suggested answer: B

Explanation:

Amazon RDS Custom for Oracle: This service allows you to bring your own Oracle Database licenses and provides the flexibility to customize the database settings, making it suitable for applications that require privileged access and third-party database features.

BYOL (Bring Your Own License):

RDS Custom supports the BYOL model, allowing you to use your existing Oracle licenses and comply with licensing requirements.

This helps in leveraging existing investments and reducing migration costs.

Customization and Third-Party Features:

RDS Custom allows for deeper customization of the database environment compared to standard RDS instances.

This makes it possible to support the third-party features that your application relies on without significant changes.

Migration Process:

Use native Oracle tools like Data Pump or RMAN to migrate the database to RDS Custom.

Customize the database settings post-migration to ensure compatibility with third-party features.

Amazon RDS Custom for Oracle

Migrating to Amazon RDS Custom

Question 788

Report
Export
Collapse

A news company that has reporters all over the world is hosting its broadcast system on AWS. The reporters send live broadcasts to the broadcast system. The reporters use software on their phones to send live streams through the Real Time Messaging Protocol (RTMP).

A solutions architect must design a solution that gives the reporters the ability to send the highest quality streams The solution must provide accelerated TCP connections back to the broadcast system.

What should the solutions architect use to meet these requirements?

A.
Amazon CloudFront
A.
Amazon CloudFront
Answers
B.
AWS Global Accelerator
B.
AWS Global Accelerator
Answers
C.
AWS Client VPN
C.
AWS Client VPN
Answers
D.
Amazon EC2 instances and AWS Elastic IP addresses
D.
Amazon EC2 instances and AWS Elastic IP addresses
Answers
Suggested answer: B

Explanation:

AWS Global Accelerator: This service provides a global fixed entry point to your applications and optimizes the path to your application through the AWS global network, reducing latency and improving performance.

Accelerated TCP Connections:

Global Accelerator uses the AWS global network to route traffic to the nearest edge location, improving the performance and reliability of your live streams.

It provides static IP addresses that act as a fixed entry point to your application, simplifying DNS management.

High-Quality Streams:

By leveraging Global Accelerator, reporters can send live streams with the highest quality and low latency.

This service automatically reroutes traffic to the nearest available AWS Region, ensuring consistent performance even during traffic spikes or failures.

Operational Efficiency: Using Global Accelerator simplifies the network setup and provides an optimized path for live streams without the need for complex configurations, making it an efficient solution for real-time streaming applications.

AWS Global Accelerator

How Global Accelerator Works

Question 789

Report
Export
Collapse

A company serves its website by using an Auto Scaling group of Amazon EC2 instances in a single AWS Region. The website does not require a database

The company is expanding, and the company's engineering team deploys the website to a second Region. The company wants to distribute traffic across both Regions to accommodate growth and for disaster recovery purposes The solution should not serve traffic from a Region in which the website is unhealthy.

Which policy or resource should the company use to meet these requirements?

A.
An Amazon Route 53 simple routing policy
A.
An Amazon Route 53 simple routing policy
Answers
B.
An Amazon Route 53 multivalue answer routing policy
B.
An Amazon Route 53 multivalue answer routing policy
Answers
C.
An Application Load Balancer in one Region with a target group that specifies the EC2 instance IDs from both Regions
C.
An Application Load Balancer in one Region with a target group that specifies the EC2 instance IDs from both Regions
Answers
D.
An Application Load Balancer in one Region with a target group that specifies the IP addresses of the EC2 instances from both Regions
D.
An Application Load Balancer in one Region with a target group that specifies the IP addresses of the EC2 instances from both Regions
Answers
Suggested answer: B

Explanation:

Amazon Route 53 Multivalue Answer Routing: This routing policy allows Route 53 to return multiple values, such as IP addresses, in response to DNS queries. This can distribute traffic across multiple resources and includes health checks to ensure traffic is only routed to healthy instances.

Health Checks:

Configure health checks for each Region to monitor the health of the website instances.

Route 53 will only include healthy instances in the DNS responses, ensuring that traffic is not routed to an unhealthy Region.

Load Distribution and Disaster Recovery:

Multivalue answer routing helps balance the load between instances in different Regions.

If instances in one Region become unhealthy, Route 53 will route traffic to the healthy instances in the other Region.

Operational Simplicity: This solution does not require complex configurations or additional resources, making it a simple yet effective way to distribute traffic and ensure high availability.

Amazon Route 53 Routing Policies

Multivalue Answer Routing

Question 790

Report
Export
Collapse

A company has an on-premises SFTP file transfer solution. The company is migrating to the AWS Cloud to scale the file transfer solution and to optimize costs by using Amazon S3. The company's employees will use their credentials for the on-premises Microsoft Active Directory (AD) to access the new solution The company wants to keep the current authentication and file access mechanisms.

Which solution will meet these requirements with the LEAST operational overhead?

A.
Configure an S3 File Gateway. Create SMB file shares on the file gateway that use the existing Active Directory to authenticate
A.
Configure an S3 File Gateway. Create SMB file shares on the file gateway that use the existing Active Directory to authenticate
Answers
B.
Configure an Auto Scaling group with Amazon EC2 instances to run an SFTP solution Configure the group to scale up at 60% CPU utilization.
B.
Configure an Auto Scaling group with Amazon EC2 instances to run an SFTP solution Configure the group to scale up at 60% CPU utilization.
Answers
C.
Create an AWS Transfer Family server with SFTP endpoints Choose the AWS Directory Service option as the identity provider Use AD Connector to connect the on-premises Active Directory.
C.
Create an AWS Transfer Family server with SFTP endpoints Choose the AWS Directory Service option as the identity provider Use AD Connector to connect the on-premises Active Directory.
Answers
D.
Create an AWS Transfer Family SFTP endpoint. Configure the endpoint to use the AWS Directory Service option as the identity provider to connect to the existing Active Directory.
D.
Create an AWS Transfer Family SFTP endpoint. Configure the endpoint to use the AWS Directory Service option as the identity provider to connect to the existing Active Directory.
Answers
Suggested answer: C

Explanation:

AWS Transfer Family: This service provides fully managed support for file transfers directly into and out of Amazon S3 using the SFTP, FTPS, and FTP protocols.

SFTP Endpoints:

Set up an AWS Transfer Family server and configure SFTP endpoints to handle the file transfers.

This service is scalable and managed, reducing operational overhead compared to running an SFTP solution on EC2 instances.

Integration with Active Directory:

Choose the AWS Directory Service option as the identity provider for the Transfer Family server.

Use AD Connector to link the on-premises Active Directory with AWS, allowing employees to use their existing AD credentials to access the SFTP service.

Operational Efficiency: This solution leverages managed services for both file transfer and identity management, ensuring minimal changes to the current authentication mechanisms and reducing operational overhead.

AWS Transfer Family

AWS Directory Service and AD Connector

Total 886 questions
Go to page: of 89
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms