The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Table of Contents
- Exam Question 51
- Correct Answer
- Exam Question 52
- Correct Answer
- Answer Description
- References
- Exam Question 53
- Correct Answer
- Answer Description
- References
- Exam Question 54
- Correct Answer
- Exam Question 55
- Correct Answer
- Exam Question 56
- Correct Answer
- References
- Exam Question 57
- Correct Answer
- Exam Question 58
- Correct Answer
- Exam Question 59
- Correct Answer
- Exam Question 60
- Correct Answer
Exam Question 51
A company has 150 TB of archived image data stored on-premises that needs to be moved to the AWS Cloud within the next month. The company’s current network connection allows up to 100 Mbps uploads for this purpose during the night only.
What is the MOST cost-effective mechanism to move this data and meet the migration deadline?
A. Use AWS Snowmobile to ship the data to AWS.
B. Order multiple AWS Snowball devices to ship the data to AWS.
C. Enable Amazon S3 Transfer Acceleration and securely upload the data.
D. Create an Amazon S3 VPC endpoint and establish a VPN to upload the data.
Correct Answer
B. Order multiple AWS Snowball devices to ship the data to AWS.
Exam Question 52
A company is seeing access requests by some suspicious IP addresses. The security team discovers the requests are from different IP addresses under the same CIDR range.
What should a solutions architect recommend to the team?
A. Add a rule in the inbound table of the security to deny the traffic from that CIDR range.
B. Add a rule in the outbound table of the security group to deny the traffic from that CIDR range.
C. Add a deny rule in the inbound table of the network ACL with a lower number than other rules.
D. Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules.
Correct Answer
C. Add a deny rule in the inbound table of the network ACL with a lower number than other rules.
Answer Description
You can only create deny rules with network ACLs, it is not possible with security groups. Network ACLs process rules in order from the lowest numbered rules to the highest until they reach and allow or deny. The following table describes some of the differences between security groups and network ACLs:
Therefore, the solutions architect should add a deny rule in the inbound table of the network ACL with a lower rule number than other rules.
CORRECT: “Add a deny rule in the inbound table of the network ACL with a lower rule number than other rules” is the correct answer.
INCORRECT: “Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules” is incorrect as this will only block outbound traffic.
INCORRECT: “Add a rule in the inbound table of the security group to deny the traffic from that CIDR range” is incorrect as you cannot create a deny rule with a security group.
INCORRECT: “Add a rule in the outbound table of the security group to deny the traffic from that CIDR range” is incorrect as you cannot create a deny rule with a security group.
References
Amazon Virtual Private Cloud > User Guide > Network ACLs
Exam Question 53
A company recently expanded globally and wants to make its application accessible to users in those geographic locations. The application is deployed on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. The company needs the ability shift traffic from resources in one region to another.
What should a solutions architect recommend?
A. Configure an Amazon Route 53 latency routing policy.
B. Configure an Amazon Route 53 geolocation routing policy.
C. Configure an Amazon Route 53 geoproximity routing policy.
D. Configure an Amazon Route 53 multivalue answer routing policy.
Correct Answer
C. Configure an Amazon Route 53 geoproximity routing policy.
Answer Description
Keyword: Users in those Geographic Locations
Condition: Ability Shift traffic from resources in One Region to Another Region The following table highlights the key function of each type of routing policy:
Geo-location:
Caters to different users in different countries and different languages.
Contains users within a particular geography and offers them a customized version of the workload based on their specific needs.
Geolocation can be used for localizing content and presenting some or all of your website in the language of your users.
Can also protect distribution rights.
Can be used for spreading load evenly between regions.
If you have multiple records for overlapping regions, Route 53 will route to the smallest geographic region.
You can create a default record for IP addresses that do not map to a geographic location.
References
- Amazon Route 53 > Developer Guide > Choosing a routing policy
- Amazon Route 53
Exam Question 54
A company wants to replicate its data to AWS to recover in the event of a disaster. Today, a system administrator has scripts that copy data to a NFS share Individual backup files need to be accessed with low latency by application administrators to deal with errors in processing.
What should a solutions architect recommend to meet these requirements?
A. Modify the script to copy data to an Amazon S3 bucket instead of the on-premises NFS share.
B. Modify the script to copy data to an Amazon S3 Glacier Archive instead of the on-premises NFS share.
C. Modify the script to copy data to an Amazon Elastic File System (Amazon EFS) volume instead of the on-premises NFS share.
D. Modify the script to copy data to an AWS Storage Gateway for File Gateway virtual appliance instead of the on-premises NFS share.
Correct Answer
D. Modify the script to copy data to an AWS Storage Gateway for File Gateway virtual appliance instead of the on-premises NFS share.
Exam Question 55
A solutions architect is designing a mission-critical web application. It will consist of Amazon EC2 instances behind an Application Load Balancer and a relational database. The database should be highly available and fault tolerant.
Which database implementations will meet these requirements? (Choose two.)
A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon RDS for MySQL
D. MySQL-compatible Amazon Aurora Multi-AZ
E. Amazon RDS for SQL Server Standard Edition Multi-AZ
Correct Answer
D. MySQL-compatible Amazon Aurora Multi-AZ
E. Amazon RDS for SQL Server Standard Edition Multi-AZ
Exam Question 56
A company’s web application is running on Amazon EC2 instances behind an Application Load Balancer.
The company recently changed its policy, which now requires the application to be accessed from one specific country only.
Which configuration will meet this requirement?
A. Configure the security group for the EC2 instances.
B. Configure the security group on the Application Load Balancer.
C. Configure AWS WAF on the Application Load Balancer in a VPC.
D. Configure the network ACL for the subnet that contains the EC2 instances.
Correct Answer
C. Configure AWS WAF on the Application Load Balancer in a VPC.
References
- AWS Security Blog > How to use AWS WAF to filter incoming traffic from embargoed countries
Exam Question 57
A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.
A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?
A. Deleting IAM users
B. Deleting directories
C. Deleting Amazon EC2 instances
D. Deleting logs from Amazon CloudWatch Logs
Correct Answer
C. Deleting Amazon EC2 instances
Exam Question 58
A company has an Amazon EC2 instance running on a private subnet that needs to access a public website to download patches and updates.
The company does not want external websites to see the EC2 instance IP address or initiate connections to it.
How can a solutions architect achieve this objective?
A. Create a site-to-site VPN connection between the private subnet and the network in which the public site is deployed.
B. Create a NAT gateway in a public subnet. Route outbound traffic from the private subnet through the NAT gateway.
C. Create a network ACL for the private subnet where the EC2 instance deployed only allows access from the IP address range of the public website.
D. Create a security group that only allows connections from the IP address range of the public website. Attach the security group to the EC2 instance.
Correct Answer
B. Create a NAT gateway in a public subnet. Route outbound traffic from the private subnet through the NAT gateway.
Exam Question 59
A company must migrate 20 TB of data from a data center to the AWS Cloud within 30 days. The company’s network bandwidth is limited to 15 Mbps and cannot exceed 70% utilization. What should a solutions architect do to meet these requirements?
A. Use AWS Snowball.
B. Use AWS DataSync.
C. Use a secure VPN connection.
D. Use Amazon S3 Transfer Acceleration.
Correct Answer
A. Use AWS Snowball.
Exam Question 60
A company has a website running on Amazon EC2 instances across two Availability Zones. The company is expecting spikes in traffic on specific holidays, and wants to provide a consistent user experience. How can a solutions architect meet this requirement?
A. Use step scaling.
B. Use simple scaling.
C. Use lifecycle hooks.
D. Use scheduled scaling.
Correct Answer
D. Use scheduled scaling.