The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Question 941
Exam Question
A company is running an application on AWS to process weather sensor data that is stored in an Amazon S3 bucket. Three batch jobs run hourly to process the data in the S3 bucket for different purposes. The company wants to reduce the overall processing time by running the three applications in parallel using an event-based approach.
What should a solutions architect do to meet these requirements?
A. Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Subscribe all applications to the queue for processing.
B. Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SQS) standard queue. Create an additional SQS queue for all applications, and subscribe all applications to the initial queue for processing.
C. Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SQS) FIFO queues. Create an additional SQS queue for each application, and subscribe each queue to the initial topic for processing.
D. Enable S3 Event Notifications for new objects to an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon Simple Queue Service (Amazon SQS) queue for each application, and subscribe each queue to the topic for processing.
Correct Answer
D. Enable S3 Event Notifications for new objects to an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon Simple Queue Service (Amazon SQS) queue for each application, and subscribe each queue to the topic for processing.
Explanation
To reduce the overall processing time by running the three applications in parallel using an event-based approach, a solutions architect should take the following steps:
D. Enable S3 Event Notifications for new objects to an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon Simple Queue Service (Amazon SQS) queue for each application, and subscribe each queue to the topic for processing.
Here’s why this approach meets the requirements:
- By enabling S3 Event Notifications, the applications will be notified whenever a new object is created in the S3 bucket. This allows for an event-driven architecture where the applications can automatically trigger their processing logic when new data becomes available.
- Using an Amazon SNS topic as the notification mechanism allows for decoupling the S3 bucket from the applications. The SNS topic acts as a central hub for notifications, and multiple subscribers can be connected to it.
- Creating an SQS queue for each application ensures that the applications can process the incoming data independently and in parallel. Each application can subscribe to its dedicated SQS queue to receive the relevant notifications from the SNS topic.
- With this approach, when a new object is created in the S3 bucket, S3 Event Notifications will trigger a notification to the SNS topic. The SNS topic, in turn, will publish the notification to all subscribed SQS queues. Each application can then retrieve the relevant messages from its SQS queue and initiate its processing logic independently and concurrently.
Option A suggests using a single Amazon SQS FIFO queue for all applications, which can introduce contention and potentially impact parallel processing, as only one application can process a message at a time.
Option B proposes creating an additional SQS queue for all applications, but this does not facilitate independent processing by each application. It still involves contention and potential processing delays.
Option C suggests using separate SQS FIFO queues for each application, which can limit scalability due to the strict ordering requirement of FIFO queues.
Therefore, option D is the most suitable solution as it allows for parallel processing of the three applications by utilizing S3 Event Notifications, an SNS topic, and separate SQS queues for each application. This approach ensures efficient, decoupled, and scalable processing of weather sensor data.
Question 942
Exam Question
A company runs an internal browser-based application. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales up to 20 instances during work hours, but scales down to 2 instances overnight. Staff are complaining that the application is very slow when the day begins, although it runs well by mid-morning.
How should the scaling be changed to address the staff complaints and keep costs to a minimum?
A. Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens.
B. Implement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period.
C. Implement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period.
D. Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens.
Correct Answer
C. Implement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period.
Explanation
To address the staff complaints and keep costs to a minimum, a solutions architect should implement the following change in scaling:
C. Implement a target tracking action triggered at a lower CPU threshold and decrease the cooldown period.
Here’s why this solution is recommended:
- Target tracking scaling allows you to set a target metric, such as CPU utilization, and automatically adjusts the number of instances to maintain the desired metric level. By setting a lower CPU threshold, the scaling action will be triggered earlier, ensuring that additional instances are added before the staff begins work, preventing performance degradation.
- Decreasing the cooldown period will reduce the time it takes for the Auto Scaling group to launch new instances or terminate existing ones. With a shorter cooldown period, the scaling actions can be triggered more frequently, allowing the capacity to be adjusted more quickly based on workload demands.
Option A suggests implementing a scheduled action to set the desired capacity to 20 shortly before the office opens. While this may address the issue of slow performance during the day, it may result in unnecessary costs during non-office hours when the higher capacity is not required.
Option B suggests implementing a step scaling action triggered at a lower CPU threshold and decreasing the cooldown period. While step scaling can be effective, it involves predefined scaling steps and may not provide the necessary granularity to address the specific performance issues in this scenario.
Option D suggests implementing a scheduled action to set the minimum and maximum capacity to 20 shortly before the office opens. While this can ensure a fixed capacity during office hours, it may result in unnecessary costs during non-office hours when the higher capacity is not required.
Therefore, option C is the most suitable solution as it utilizes target tracking scaling with a lower CPU threshold to proactively add instances based on workload demands, and decreases the cooldown period to ensure quicker capacity adjustments. This approach optimizes performance during work hours while minimizing costs during non-office hours.
Question 943
Exam Question
A financial company hosts a web application on AWS. The application uses an Amazon API Gateway Regional API endpoint to give users the ability to retrieve current stock prices. The company’s security team has noticed an increase in the number of API requests. The security team is concerned that HTTP flood attacks might take the application offline. A solutions architect must design a solution to protect the application from this type of attack.
Which solution meets these requirements with the LEAST operational overhead?
A. Create an Amazon CloudFront distribution in front of the API Gateway Regional API endpoint with a maximum TTL of 24 hours.
B. Create a Regional AWS WAF web ACL with a rate-based rule. Associate the web ACL with the API Gateway stage.
C. Use Amazon CloudWatch metrics to monitor the Count metric and alert the security team when the predefined rate is reached.
D. Create an Amazon CloudFront distribution with [email protected] in front of the API Gateway Regional API endpoint. Create an AWS Lambda function to block requests from IP addresses that exceed the predefined rate.
Correct Answer
B. Create a Regional AWS WAF web ACL with a rate-based rule. Associate the web ACL with the API Gateway stage.
Explanation
To protect the web application from HTTP flood attacks with the least operational overhead, a solutions architect should recommend the following solution:
B. Create a Regional AWS WAF web ACL with a rate-based rule and associate it with the API Gateway stage.
Here’s why this solution is recommended:
- AWS WAF (Web Application Firewall) provides protection against common web exploits and allows you to define rules to filter and monitor incoming requests. In this case, a rate-based rule can be configured to track the number of requests from a specific IP address over time.
- By associating the AWS WAF web ACL with the API Gateway stage, the rate-based rule can be applied to the API requests and help mitigate HTTP flood attacks. It allows you to set a limit on the number of requests from an IP address within a specified time frame. When the predefined rate is exceeded, subsequent requests can be blocked or throttled to prevent overload and maintain application availability.
Option A suggests creating an Amazon CloudFront distribution in front of the API Gateway Regional API endpoint with a maximum TTL of 24 hours. While CloudFront can help improve performance and protect against certain types of attacks, it doesn’t provide granular control over rate limiting or protection against specific HTTP flood attacks.
Option C suggests using Amazon CloudWatch metrics to monitor the request count and alert the security team when a predefined rate is reached. While this can provide visibility into the request volume, it doesn’t provide active mitigation against HTTP flood attacks.
Option D suggests creating an Amazon CloudFront distribution with [email protected] and using a custom AWS Lambda function to block requests from IP addresses that exceed the predefined rate. While this can provide protection, it requires additional configuration and maintenance overhead with the use of [email protected].
Therefore, option B is the recommended solution as it leverages AWS WAF’s rate-based rule to provide granular control over request rates and protect the application from HTTP flood attacks without significant operational overhead.
Question 944
Exam Question
An application runs on Amazon EC2 instances across multiple Availability Zones. The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer. The application performs best when the CPU utilization of the EC2 instances is at or near 40%.
What should a solutions architect do to maintain the desired performance across all instances in the group?
A. Use a simple scaling policy to dynamically scale the Auto Scaling group.
B. Use a target tracking policy to dynamically scale the Auto Scaling group.
C. Use an AWS Lambda function to update the desired Auto Scaling group capacity.
D. Use scheduled scaling actions to scale up and scale down the Auto Scaling group.
Correct Answer
B. Use a target tracking policy to dynamically scale the Auto Scaling group.
Explanation
To maintain the desired performance of the application across all instances in the Amazon EC2 Auto Scaling group, a solutions architect should recommend the following solution:
B. Use a target tracking policy to dynamically scale the Auto Scaling group.
Here’s why this solution is recommended:
- Target tracking scaling policies allow you to set a target value for a specific metric, in this case, CPU utilization. The Auto Scaling group will automatically adjust the number of instances to maintain the target value.
- By setting the target value to 40% CPU utilization, the Auto Scaling group will scale the number of instances up or down as needed to keep the CPU utilization around the desired level. This helps ensure optimal performance of the application.
Option A suggests using a simple scaling policy, which allows scaling based on a specific threshold or step adjustments. However, it may not provide fine-grained control to maintain the desired CPU utilization level.
Option C suggests using an AWS Lambda function to update the desired capacity of the Auto Scaling group. While it’s possible to automate scaling using Lambda, it requires additional development and management effort compared to using built-in scaling policies.
Option D suggests using scheduled scaling actions to scale up and scale down the Auto Scaling group based on predefined schedules. This approach is not as responsive to real-time workload changes and may not efficiently maintain the desired CPU utilization level.
Therefore, option B is the recommended solution as it allows for dynamic scaling based on target tracking of CPU utilization, ensuring that the desired performance is maintained across all instances in the Auto Scaling group.
Question 945
Exam Question
A solutions architect is designing a new hybrid architecture to extend a company’s on-premises infrastructure to AWS. The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails.
What should the solutions architect do to meet these requirements?
A. Provision an AWS Direct Connect connection to a Region. Provision a VPN connection as a backup if the primary Direct Connect connection fails.
B. Provision a VPN tunnel connection to a Region for private connectivity. Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails.
C. Provision an AWS Direct Connect connection to a Region. Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails.
D. Provision an AWS Direct Connect connection to a Region. Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.
Correct Answer
C. Provision an AWS Direct Connect connection to a Region. Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails.
Explanation
To meet the requirements of a highly available connection with consistent low latency to an AWS Region, while minimizing costs and accepting slower traffic in the event of a primary connection failure, the solutions architect should recommend the following solution:
C. Provision an AWS Direct Connect connection to a Region. Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails.
Here’s why this solution is recommended:
- AWS Direct Connect provides a dedicated network connection between the on-premises infrastructure and AWS, offering consistent and low-latency connectivity.
- By provisioning a primary Direct Connect connection to the desired AWS Region, the company can achieve the required low latency and high availability.
- To further ensure availability, a second Direct Connect connection should be provisioned as a backup. This allows for seamless failover in case the primary connection experiences any issues, maintaining continuous connectivity.
Option A suggests provisioning an AWS Direct Connect connection and a VPN connection as a backup. While a VPN connection can be a viable backup solution, it may not offer the same consistent low latency and high availability as Direct Connect.
Option B suggests provisioning multiple VPN tunnel connections for private connectivity. While this can provide redundancy, VPN connections may not consistently deliver the desired low latency and may have higher variability in performance compared to Direct Connect.
Option D mentions using the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails. While this is a valid approach, it may require additional scripting and management overhead.
Therefore, option C is the recommended solution as it provides a primary AWS Direct Connect connection for consistent low latency and high availability, with a second Direct Connect connection serving as a backup to ensure continuous connectivity in the event of a primary connection failure.
Question 946
Exam Question
A company’s website is using an Amazon RDS MySQL Multi-AZ DB instance for its transactional data storage. There are other internal systems that query this DB instance to fetch data for internal batch processing. The RDS DB instance slows down significantly the internal systems fetch data. This impacts the website’s read and write performance, and the users experience slow response times.
Which solution will improve the website’s performance?
A. Use an RDS PostgreSQL DB instance instead of a MySQL database.
B. Use Amazon ElastiCache to cache the query responses for the website.
C. Add an additional Availability Zone to the current RDS MySQL Multi.AZ DB instance.
D. Add a read replica to the RDS DB instance and configure the internal systems to query the read replica.
Correct Answer
D. Add a read replica to the RDS DB instance and configure the internal systems to query the read replica.
Explanation
To improve the website’s performance and alleviate the impact on internal systems, the recommended solution is:
D. Add a read replica to the RDS DB instance and configure the internal systems to query the read replica.
Here’s why this solution is recommended:
- By adding a read replica to the RDS DB instance, you offload the read traffic from the primary DB instance to the replica. This helps distribute the load and improves overall performance.
- The read replica is an asynchronous copy of the primary DB instance, and it can handle read queries independently. This reduces the contention for resources and improves the response times for both the website and the internal systems.
Option A, which suggests using an RDS PostgreSQL DB instance instead of a MySQL database, may not necessarily address the performance issues. The choice between MySQL and PostgreSQL depends on specific requirements and considerations, but it does not directly address the issue at hand.
Option B, suggesting the use of Amazon ElastiCache to cache query responses for the website, can improve read performance for frequently accessed data. However, it may not alleviate the impact on the internal systems fetching data for batch processing, as ElastiCache operates at the data access layer and may not be directly integrated with those systems.
Option C, adding an additional Availability Zone to the current RDS MySQL Multi-AZ DB instance, improves availability and fault tolerance but may not directly address the performance issue unless the existing DB instance is struggling with resource constraints.
In summary, adding a read replica (option D) is a recommended solution as it offloads read traffic, improves performance, and helps balance the load on the RDS DB instance, benefiting both the website and the internal systems accessing the data for batch processing.
Question 947
Exam Question
An online learning company is migrating to the AWS Cloud. The company maintains its student records in a PostgreSQL database. The company needs a solution in which its data is available and online across multiple AWS Regions at all times.
Which solution will meet these requirements with the LEAST amount of operational overhead?
A. Migrate the PostgreSQL database to a PostgreSQL cluster on Amazon EC2 instances.
B. Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance with the Multi-AZ feature turned on.
C. Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. Create a read replica in another Region.
D. Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. Set up DB snapshots to be copied to another Region.
Correct Answer
C. Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. Create a read replica in another Region.
Explanation
To meet the requirements of having data available and online across multiple AWS Regions with minimal operational overhead, the recommended solution is:
C. Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. Create a read replica in another Region.
Here’s why this solution is recommended:
- Amazon RDS for PostgreSQL provides a managed database service that handles administrative tasks, such as backups, software patching, and hardware maintenance. This reduces operational overhead for managing the database.
- By creating a read replica in another AWS Region, you can achieve data availability and online access across multiple Regions. The read replica is an asynchronous copy of the primary database, and it can be accessed for read operations, improving performance and availability.
Option A, migrating the PostgreSQL database to a PostgreSQL cluster on Amazon EC2 instances, requires more operational overhead as it involves managing and maintaining the EC2 instances and the cluster setup.
Option B, migrating the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance with the Multi-AZ feature turned on, provides high availability within a single Region but does not address the requirement of data availability across multiple Regions.
Option D, migrating the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance and setting up DB snapshots to be copied to another Region, allows for data backup and recovery in another Region but does not provide real-time availability and online access to the data.
In summary, migrating the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance and creating a read replica in another Region (option C) provides a managed, highly available, and online solution across multiple AWS Regions with minimal operational overhead.
Question 948
Exam Question
A web application is deployed in the AWS Cloud. It consists of a two-tier architecture that includes a web layer and a database layer. The web server is vulnerable to cross-site scripting (XSS) attacks.
What should a solutions architect do to remediate the vulnerability?
A. Create a Classic Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
B. Create a Network Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
C. Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
D. Create an Application Load Balancer. Put the web layer behind the load balancer and use AWS Shield Standard.
Correct Answer
C. Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
Explanation
To remediate the vulnerability of cross-site scripting (XSS) attacks in a web application deployed in the AWS Cloud, the recommended solution is:
C. Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
Here’s why this solution is recommended:
- Application Load Balancer (ALB): ALB provides advanced request routing and load balancing capabilities at the application layer. It allows you to distribute incoming traffic to multiple targets (web servers) within the web layer.
- AWS WAF (Web Application Firewall): By enabling AWS WAF with ALB, you can add an additional layer of protection against common web exploits, including cross-site scripting (XSS) attacks. AWS WAF provides rules and filters to inspect incoming web requests and block malicious traffic patterns.
Option A, creating a Classic Load Balancer, is not recommended because Classic Load Balancer is a legacy load balancer and lacks some of the advanced features available in Application Load Balancer, such as content-based routing and AWS WAF integration.
Option B, creating a Network Load Balancer, is also not recommended in this scenario as it operates at the transport layer and does not have built-in support for AWS WAF.
Option D, creating an Application Load Balancer and using AWS Shield Standard, provides protection against distributed denial-of-service (DDoS) attacks but does not directly address the specific vulnerability of cross-site scripting (XSS) attacks.
In summary, creating an Application Load Balancer, putting the web layer behind it, and enabling AWS WAF (option C) provides a robust solution to remediate the vulnerability of cross-site scripting (XSS) attacks by adding layer 7 load balancing and web application firewall protection.
Question 949
Exam Question
A company is building its web application by using containers on AWS. The company requires three instances of the web application to run at all times. The application must be highly available and must be able to scale to meet increases in demand.
Which solution meets these requirements?
A. Use the AWS Fargate launch type to create an Amazon Elastic Container Service (Amazon ECS) cluster. Create a task definition for the web application. Create an ECS service that has a desired count of three tasks.
B. Use the Amazon EC2 launch type to create an Amazon Elastic Container Service (Amazon ECS) cluster that has three container instances in one Availability Zone. Create a task definition for the web application. Place one task for each container instance.
C. Use the AWS Fargate launch type to create an Amazon Elastic Container Service (Amazon ECS) cluster that has three container instances in three different Availability Zones. Create a task definition for the web application. Create an ECS service that has a desired count of three tasks.
D. Use the Amazon EC2 launch type to create an Amazon Elastic Container Service (Amazon ECS) cluster that has one container instance in two different Availability Zones. Create a task definition for the web application. Place two tasks on one container instance. Place one task on the remaining container instance.
Correct Answer
C. Use the AWS Fargate launch type to create an Amazon Elastic Container Service (Amazon ECS) cluster that has three container instances in three different Availability Zones. Create a task definition for the web application. Create an ECS service that has a desired count of three tasks.
Explanation
To meet the requirements of having three instances of the web application running at all times, high availability, and the ability to scale to meet increases in demand, the recommended solution is:
C. Use the AWS Fargate launch type to create an Amazon Elastic Container Service (Amazon ECS) cluster that has three container instances in three different Availability Zones. Create a task definition for the web application. Create an ECS service that has a desired count of three tasks.
Here’s why this solution is recommended:
- AWS Fargate: Fargate is a serverless compute engine for containers, which eliminates the need to manage underlying EC2 instances. It allows you to focus on deploying and scaling containers without worrying about the infrastructure.
- Amazon ECS Cluster: By creating an ECS cluster with Fargate launch type, you can leverage the benefits of container orchestration and have the containers automatically distributed across multiple Availability Zones for high availability.
- Task Definition: Define a task definition that describes how the containers should be run, including the required resources and configurations for the web application.
- ECS Service: Create an ECS service with a desired count of three tasks. This ensures that there will always be three instances of the web application running at all times. The service will automatically handle scaling, including launching new tasks when needed to meet increased demand or replacing failed tasks.
Option A, using AWS Fargate launch type with an ECS service of desired count three tasks, provides a scalable and highly available solution without the need to manage EC2 instances.
Option B, using the EC2 launch type with three container instances in one Availability Zone, does not provide the desired high availability as it relies on a single Availability Zone.
Option D, using the EC2 launch type with one container instance in two different Availability Zones and placing two tasks on one instance and one task on the other, does not provide the desired redundancy and high availability as it does not have multiple instances running the web application.
In summary, by using AWS Fargate launch type, creating an ECS cluster with three container instances in three different Availability Zones, and configuring an ECS service with a desired count of three tasks, you can achieve a highly available and scalable web application deployment using containers on AWS.
Question 950
Exam Question
A solutions architect is designing an application for a two-step order process. The first step is synchronous and must return to the user with little latency. The second step takes longer, so it will be implemented in a separate component. Orders must be processed exactly once and in the order in which they are received.
How should the solutions architect integrate these components?
A. Use Amazon SQS FIFO queues.
B. Use an AWS Lambda function along with Amazon SQS standard queues.
C. Create an SNS topic and subscribe an Amazon SQS FIFO queue to that topic.
D. Create an SNS topic and subscribe an Amazon SQS Standard queue to that topic.
Correct Answer
A. Use Amazon SQS FIFO queues.
Explanation
To integrate the components of the two-step order process while ensuring that orders are processed exactly once and in the order of receipt, the recommended solution is:
A. Use Amazon SQS FIFO queues.
Here’s why this solution is recommended:
Amazon SQS FIFO queues: FIFO (First-In-First-Out) queues ensure strict ordering of messages and exactly-once processing. Messages are processed in the order they are received, and duplicates are not introduced into the system. This makes it suitable for maintaining the order and reliability required for the two-step order process.
Synchronous first step: The synchronous first step of the order process, which requires low latency, can directly return the response to the user without the need for queuing. This step can interact directly with the application or service responsible for processing the first part of the order.
Asynchronous second step: The second step, which takes longer to process, can be implemented in a separate component or service. When the first step is completed, a message can be sent to an Amazon SQS FIFO queue that represents the second step. The separate component can consume messages from this queue and process them at its own pace, ensuring proper sequencing.
By using Amazon SQS FIFO queues, you ensure that orders are processed exactly once and in the order they are received. This allows for decoupling of the synchronous and asynchronous steps, providing flexibility and scalability while maintaining reliability and order.
Option B, using an AWS Lambda function with Amazon SQS standard queues, does not guarantee strict ordering of messages and may introduce duplicates. It is not suitable for ensuring the exact order of processing required for the two-step order process.
Options C and D, involving the use of SNS topics, are more suitable for pub/sub messaging scenarios and do not provide the strict ordering guarantees required for the two-step order process.
In summary, by using Amazon SQS FIFO queues, you can integrate the components of the two-step order process, ensuring exact ordering and exactly-once processing while providing scalability and reliability.
