The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Table of Contents
- Exam Question 91
- Correct Answer
- Exam Question 92
- Correct Answer
- Answer Description
- Exam Question 93
- Correct Answer
- Exam Question 94
- Correct Answer
- Exam Question 95
- Correct Answer
- References
- Exam Question 96
- Correct Answer
- Exam Question 97
- Correct Answer
- Answer Description
- Exam Question 98
- Correct Answer
- Exam Question 99
- Correct Answer
- Exam Question 100
- Correct Answer
Exam Question 91
A company has established a new AWS account. The account is newly provisioned and no changed have been made to the default settings. The company is concerned about the security of the AWS account root user.
What should be done to secure the root user?
A. Create IAM users for daily administrative tasks. Disable the root user.
B. Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user.
C. Generate an access key for the root user. Use the access key for daily administration tasks instead of the AWS Management Console.
D. Provide the root user credentials to the most senior solutions architect. Have the solutions architect use the root user for daily administration tasks.
Correct Answer
B. Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user.
Exam Question 92
A company requires a durable backup storage solution for its on-premises database servers while ensuring on-premises applications maintain access to these backups for quick recovery. The company will use AWS storage services as the destination for these backups. A solutions architect is designing a solution with minimal operational overhead.
Which solution should the solutions architect implement?
A. Deploy an AWS Storage Gateway file gateway on-premises and associate it with an Amazon S3 bucket.
B. Back up the databases to an AWS Storage Gateway volume gateway and access it using the Amazon S3 API.
C. Transfer the database backup files to an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 instance.
D. Back up the database directly to an AWS Snowball device and use lifecycle rules to move the data to Amazon S3 Glacier Deep Archive.
Correct Answer
A. Deploy an AWS Storage Gateway file gateway on-premises and associate it with an Amazon S3 bucket.
Answer Description
Network Load Balancer overview
A Network Load Balancer functions at the fourth layer of the Open Systems Interconnection (OSI) model. It can handle millions of requests per second. After the load balancer receives a connection request, it selects a target from the target group for the default rule. It attempts to open a TCP connection to the selected target on the port specified in the listener configuration.
When you enable an Availability Zone for the load balancer, Elastic Load Balancing creates a load balancer node in the Availability Zone. By default, each load balancer node distributes traffic across the registered targets in its Availability Zone only. If you enable cross-zone load balancing, each load balancer node distributes traffic across the registered targets in all enabled Availability Zones. For more information, see Availability Zones.
If you enable multiple Availability Zones for your load balancer and ensure that each target group has at least one target in each enabled Availability Zone, this increases the fault tolerance of your applications. For example, if one or more target groups does not have a healthy target in an Availability Zone, we remove the IP address for the corresponding subnet from DNS, but the load balancer nodes in the other Availability Zones are still available to route traffic. If a client doesn’t honor the time-to-live (TTL) and sends requests to the IP address after it is removed from DNS, the requests fail.
For TCP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, destination port, and TCP sequence number. The TCP connections from a client have different source ports and sequence numbers, and can be routed to different targets. Each individual TCP connection is routed to a single target for the life of the connection.
For UDP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, and destination port. A UDP flow has the same source and destination, so it is consistently routed to a single target throughout its lifetime. Different UDP flows have different source IP addresses and ports, so they can be routed to different targets.
An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service.
The size of an Auto Scaling group depends on the number of instances that you set as the desired capacity. You can adjust its size to meet demand, either manually or by using automatic scaling.
An Auto Scaling group starts by launching enough instances to meet its desired capacity. It maintains this number of instances by performing periodic health checks on the instances in the group. The Auto Scaling group continues to maintain a fixed number of instances even if an instance becomes unhealthy. If an instance becomes unhealthy, the group terminates the unhealthy instance and launches another instance to replace it.
Exam Question 93
A company decides to migrate its three-tier web application from on-premises to the AWS Cloud. The new database must be capable of dynamically scaling storage capacity and performing table joins.
Which AWS service meets these requirements?
A. Amazon Aurora
B. Amazon RDS for SqlServer
C. Amazon DynamoDB Streams
D. Amazon DynamoDB on-demand
Correct Answer
A. Amazon Aurora
Exam Question 94
A company is using a VPC peering strategy to connect its VPCs in a single Region to allow for cross communication.
A recent increase in account creations and VPCs has made it difficult to maintain the VPC peering strategy, and the company expects to grow to hundreds of VPCs. There are also new requests to create site-to-site VPNs with some of the VPCs. A solutions architect has been tasked with creating a centrally managed networking setup for multiple accounts, VPCs, and VPNs.
Which networking solution meets these requirements?
A. Configure shared VPCs and VPNs and share to each other.
B. Configure a hub-and-spoke VPC and route all traffic through VPC peering.
C. Configure an AWS Direct Connect connection between all VPCs and VPNs.
D. Configure a transit gateway with AWS Transit Gateway and connect all VPCs and VPNs.
Correct Answer
D. Configure a transit gateway with AWS Transit Gateway and connect all VPCs and VPNs.
Exam Question 95
A solutions architect is helping a developer design a new eCommerce shopping cart application using AWS services. The developer is unsure of the current database schema and expects to make changes as the eCommerce site grows. The solution needs to be highly resilient and capable of automatically scaling read and write capacity.
Which database solution meets these requirements?
A. Amazon Aurora PostgreSQL
B. Amazon DynamoDB with on-demand enabled
C. Amazon DynamoDB with DynamoDB Streams enabled
D. Amazon SQS and Amazon Aurora PostgreSQL
Correct Answer
B. Amazon DynamoDB with on-demand enabled
References
Exam Question 96
A solutions architect must migrate a Windows internet information Services (IIS) web application to AWS.
The application currently relies on a file share hosted in the user’s on-premises network-attached storage (NAS). The solutions architected has proposed migrating the IIS web servers.
Which replacement to the on-premises file share is MOST resilient and durable?
A. Migrate the file Share to Amazon RDS.
B. Migrate the file Share to AWS Storage Gateway
C. Migrate the file Share to Amazon FSx for Windows File Server.
D. Migrate the file share to Amazon Elastic File System (Amazon EFS)
Correct Answer
C. Migrate the file Share to Amazon FSx for Windows File Server.
Exam Question 97
A company needs to implement a relational database with a multi-Region disaster recovery Recovery Point Objective (RPO) of 1 second and a Recovery Time Objective (RTO) of 1 minute.
Which AWS solution can achieve this?
A. Amazon Aurora Global Database
B. Amazon DynamoDB global tables
C. Amazon RDS for MySQL with Multi-AZ enabled
D. Amazon RDS for MySQL with a cross-Region snapshot copy
Correct Answer
A. Amazon Aurora Global Database
Answer Description
Cross-Region Disaster Recovery: If your primary region suffers a performance degradation or outage, you can promote one of the secondary regions to take read/write responsibilities. An Aurora cluster can recover in less than 1 minute even in the event of a complete regional outage. This provides your application with an effective Recovery Point Objective (RPO) of 1 second and a Recovery Time Objective (RTO) of less than 1 minute, providing a strong foundation for a global business continuity plan.
Exam Question 98
A company is reviewing its AWS Cloud deployment to ensure its data is not accessed by anyone without appropriate authorization. A solutions architect is tasked with identifying all open Amazon S3 buckets and recording any S3 bucket configuration changes.
What should the solutions architect do to accomplish this?
A. Enable AWS Config service with the appropriate rules
B. Enable AWS Trusted Advisor with the appropriate checks.
C. Write a script using an AWS SDK to generate a bucket report
D. Enable Amazon S3 server access logging and configure Amazon CloudWatch Events.
Correct Answer
A. Enable AWS Config service with the appropriate rules
Exam Question 99
A company is planning to build a new web application on AWS. The company expects predictable traffic most of the year and very high traffic on occasion. The web application needs to be highly available and fault tolerant with minimal latency.
What should a solutions architect recommend to meet these requirements?
A. Use an Amazon Route 53 routing policy to distribute requests to two AWS Regions, each with one Amazon EC2 instance.
B. Use Amazon EC2 instances in an Auto Scaling group with an Application Load Balancer across multiple Availability Zones.
C. Use Amazon EC2 instances in a cluster placement group with an Application Load Balancer across multiple Availability Zones.
D. Use Amazon EC2 instances in a cluster placement group and include the cluster placement group within a new Auto Scaling group.
Correct Answer
B. Use Amazon EC2 instances in an Auto Scaling group with an Application Load Balancer across multiple Availability Zones.
Exam Question 100
A solutions architect has configured the following IAM policy.
A solutions architect has configured the following IAM policy.
Which action will be allowed by the policy?
A. An AWS Lambda function can be deleted from any network.
B. An AWS Lambda function can be created from any network.
C. An AWS Lambda function can be deleted from the 100.220.0.0/20 network.
D. An AWS Lambda function can be deleted from the 220.100.16.0/20 network.
Correct Answer
C. An AWS Lambda function can be deleted from the 100.220.0.0/20 network.