The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Table of Contents
- Exam Question 81
- Correct Answer
- Answer Description
- References
- Exam Question 82
- Correct Answer
- Exam Question 83
- Correct Answer
- Exam Question 84
- Correct Answer
- Exam Question 85
- Correct Answer
- Exam Question 86
- Correct Answer
- Exam Question 87
- Correct Answer
- Exam Question 88
- Correct Answer
- References
- Exam Question 89
- Correct Answer
- Exam Question 90
- Correct Answer
Exam Question 81
A company wants to migrate a workload to AWS. The chief information security officer requires that all data be encrypted at rest when stored in the cloud. The company wants complete control of encryption key lifecycle management.
The company must be able to immediately remove the key material and audit key usage independently of AWS CloudTrail. The chosen services should integrate with other storage services that will be used on AWS.
Which services satisfies these security requirements?
A. AWS CloudHSM with the CloudHSM client
B. AWS Key Management Service (AWS KMS) with AWS CloudHSM
C. AWS Key Management Service (AWS KMS) with an external key material origin
D. AWS Key Management Service (AWS KMS) with AWS managed customer master keys (CMKs)
Correct Answer
B. AWS Key Management Service (AWS KMS) with AWS CloudHSM
Answer Description
Took a bit of reading. Key points in question:
“The company must be able to immediately remove the key material and audit key usage independently”
“The chosen services should integrate with other storage services that will be used on AWS” Point 1: Q: Can I use CloudHSM to store keys or encrypt data used by other AWS services? Ans: Yes. You can do all encryption in your CloudHSM-integrated application. In this case, AWS services such as Amazon S3 or Amazon Elastic Block Store (EBS) would only see your data encrypted.
Point 2: AWS manages the hardware security module (HSM) appliance, but does not have access to your keys. You control and manage your own keys
References
Exam Question 82
A company has an application with a REST-based interface that allows data to be received in near-real time from a third-party vendor. Once received, the application processes and stores the data for further analysis.
The application is running on Amazon EC2 instances.
The third-party vendor has received many 503 Service Unavailable Errors when sending data to the application. When the data volume spikes, the compute capacity reaches its maximum limit and the application is unable to process all requests.
Which design should a solutions architect recommend to provide a more scalable solution?
A. Use Amazon Kinesis Data Streams to ingest the data. Process the data using AWS Lambda functions.
B. Use Amazon API Gateway on top of the existing application. Create a usage plan with a quota limit for the third-party vendor.
C. Use Amazon Simple Notification Service (Amazon SNS) to ingest the data. Put the EC2 instances in an Auto Scaling group behind an Application Load Balancer.
D. Repackage the application as a container. Deploy the application using Amazon Elastic Container Service (Amazon ECS) using the EC2 launch type with an Auto Scaling group.
Correct Answer
A. Use Amazon Kinesis Data Streams to ingest the data. Process the data using AWS Lambda functions.
Exam Question 83
A solutions architect is working on optimizing a legacy document management application running on Microsoft Windows Server in an on-premises data center. The application stores a large number of files on a network file share. The chief information officer wants to reduce the on-premises data center footprint and minimize storage costs by moving on-premises storage to AWS.
What should the solutions architect do to meet these requirements?
A. Set up an AWS Storage Gateway file gateway.
B. Set up Amazon Elastic File System (Amazon EFS)
C. Set up AWS Storage Gateway as a volume gateway
D. Set up an Amazon Elastic Block Store (Amazon EBS) volume.
Correct Answer
A. Set up an AWS Storage Gateway file gateway.
Exam Question 84
A solutions architect is designing a hybrid application using the AWS cloud. The network between the on premises data center and AWS will use an AWS Direct Connect (DX) connection. The application connectivity between AWS and the on-premises data center must be highly resilient.
Which DX configuration should be implemented to meet these requirements?
A. Configure a DX connection with a VPN on top of it.
B. Configure DX connections at multiple DX locations.
C. Configure a DX connection using the most reliable DX partner.
D. Configure multiple virtual interfaces on top of a DX connection.
Correct Answer
B. Configure DX connections at multiple DX locations.
Exam Question 85
A company runs an application on Amazon EC2 instances. The application is deployed in private subnets in three Availability Zones of the us-east-1 Region. The instances must be able to connect to the internet to download files. The company wants a design that is highly available across the Region.
Which solution should be implemented to ensure that there are no disruptions to internet connectivity?
A. Deploy a NAT instance in a private subnet of each Availability Zone.
B. Deploy a NAT gateway in a public subnet of each Availability Zone.
C. Deploy a transit gateway in a private subnet of each Availability Zone.
D. Deploy an internet gateway in a public subnet of each Availability Zone.
Correct Answer
B. Deploy a NAT gateway in a public subnet of each Availability Zone.
Exam Question 86
A company is running a two-tier eCommerce website using services. The current architect uses a public facing Elastic Load Balancer that sends traffic to Amazon EC2 instances in a private subnet. The static content is hosted on EC2 instances, and the dynamic content is retrieved from a MYSQL database. The application is running in the United States. The company recently started selling to users in Europe and Australia. A solutions architect needs to design solution so their international users have an improved browsing experience.
Which solution is MOST cost-effective?
A. Host the entire website on Amazon S3.
B. Use Amazon CloudFront and Amazon S3 to host static images.
C. Increase the number of public load balancers and EC2 instances.
D. Deploy the two-tier website in AWS Regions in Europe and Australia.
Correct Answer
B. Use Amazon CloudFront and Amazon S3 to host static images.
Exam Question 87
A company’s website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company’s website demands globally. The solution should be cost effective, limit the provisioning of infrastructure resources, and provide the fastest possible response time.
Which combination should a solutions architect recommend to meet these requirements?
A. Amazon CloudFront and Amazon S3
B. AWS Lambda and Amazon DynamoDB
C. Application Load Balancer with Amazon EC2 Auto Scaling
D. Amazon Route 53 with internal Application Load Balancers
Correct Answer
A. Amazon CloudFront and Amazon S3
Exam Question 88
A company wants to deploy a shared file system for its .NET application servers and Microsoft SQL Server databases running on Amazon EC2 instances with Windows Server 2016. The solution must be able to be integrated into the corporate Active Directory domain, be highly durable, be managed by AWS, and provide high levels of throughput and IOPS.
Which solution meets these requirements?
A. Use Amazon FSx for Windows File Server.
B. Use Amazon Elastic File System (Amazon EFS).
C. Use AWS Storage Gateway in file gateway mode.
D. Deploy a Windows file server on two On Demand instances across two Availability Zones.
Correct Answer
A. Use Amazon FSx for Windows File Server.
References
Exam Question 89
A company that develops web applications has launched hundreds of Application Load Balancers (ALBs) in multiple Regions. The company wants to create an allow list (or the IPs of all the load balancers on its firewall device. A solutions architect is looking for a one-time, highly available solution to address this request, which will also help reduce the number of IPs that need to be allowed by the firewall.
What should the solutions architect recommend to meet these requirements?
A. Create a AWS Lambda function to keep track of the IPs for all the ALBs in different Regions. Keep refreshing this list.
B. Set up a Network Load Balancer (NLB) with Elastic IPs. Register the private IPs of all the ALBs as targets to this NLB.
C. Launch AWS Global Accelerator and create endpoints for all the Regions. Register all the ALBs in different Regions to the corresponding endpoints.
D. Set up an Amazon EC2 instance, assign an Elastic IP to this EC2 instance, and configure the instance as a proxy to forward traffic to all the ALBs.
Correct Answer
C. Launch AWS Global Accelerator and create endpoints for all the Regions. Register all the ALBs in different Regions to the corresponding endpoints.
Exam Question 90
A company is planning to migrate its virtual server-based workloads to AWS. The company has internet facing load balancers backed by application servers. The application servers rely on patches from an internet-hosted repository.
Which services should a solutions architect recommend be hosted on the public subnet? (Choose two.)
A. NAT gateway
B. Amazon RDS DB instances
C. Application Load Balancers
D. Amazon EC2 application servers
E. Amazon Elastic File System (Amazon EFS) volumes
Correct Answer
A. NAT gateway
C. Application Load Balancers