AWS Certified Solutions Architect – Associate SAA-C03 Exam Questions and Answers – Page 27

The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.

Question 981

Exam Question

A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications.

What should a solutions architect do to reduce the operational burden?

A. Use multi-factor authentication (MFA) to protect the encryption keys.
B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys.
C. Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys.
D. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys.

Correct Answer

B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys.

Explanation

To reduce the operational burden of building a scalable key management infrastructure for developers, the recommended solution is:

B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys.

AWS Key Management Service (AWS KMS) is a fully managed service that simplifies the management of encryption keys for data encryption in AWS. By leveraging AWS KMS, the operational burden of key management is significantly reduced. AWS KMS provides a scalable and highly available infrastructure for generating, storing, and managing encryption keys. It offers features such as key rotation, automatic backups, and integration with other AWS services, making it a convenient and efficient solution for developers who need to encrypt data in their applications.

Option A, using multi-factor authentication (MFA) to protect the encryption keys, is a security measure that adds an extra layer of protection but does not directly reduce the operational burden of key management.

Option C, using AWS Certificate Manager (ACM) to create, store, and assign the encryption keys, is not the appropriate service for managing encryption keys. ACM is primarily used for managing SSL/TLS certificates for securing communication between clients and servers.

Option D, using an IAM policy to limit the scope of users who have access permissions to protect the encryption keys, is a security measure but does not address the operational burden of key management. IAM policies can be used to control access to AWS KMS and manage user permissions, but the operational aspects of key generation, rotation, and storage still need to be addressed.

Therefore, using AWS Key Management Service (AWS KMS) is the most suitable option to reduce the operational burden of building a scalable key management infrastructure for developers.

Question 982

Exam Question

A company has an application running on Amazon EC2 instances in a VPC. One of the applications needs to call an Amazon S3 API to store and read objects. The company’s security policies restrict any internet-bound traffic from the applications.

Which action will fulfill these requirements and maintain security?

A. Configure an S3 interface endpoint.
B. Configure an S3 gateway endpoint.
C. Create an S3 bucket in a private subnet.
D. Create an S3 bucket in the same Region as the EC2 instance.

Correct Answer

A. Configure an S3 interface endpoint.

Explanation

To fulfill the requirements of restricting internet-bound traffic from the applications while allowing the EC2 instances to store and read objects from Amazon S3, the most suitable action is:

A. Configure an S3 interface endpoint.

By configuring an S3 interface endpoint, you can establish a private connection between your VPC and Amazon S3 without requiring internet access. The S3 interface endpoint enables the EC2 instances within the VPC to communicate with Amazon S3 securely and efficiently, using private IP addresses. This ensures that the traffic stays within the VPC and does not traverse the internet, aligning with the company’s security policies.

Option B, configuring an S3 gateway endpoint, is incorrect. S3 gateway endpoints are used for VPCs with a VPC gateway endpoint for S3, which routes S3 requests through an internet gateway. This would not fulfill the requirement of restricting internet-bound traffic.

Option C, creating an S3 bucket in a private subnet, does not address the requirement of allowing the EC2 instances to call the S3 API while restricting internet-bound traffic. Placing the S3 bucket in a private subnet only controls access to the bucket itself, but it does not provide a direct connection for the EC2 instances to communicate with S3.

Option D, creating an S3 bucket in the same Region as the EC2 instance, does not fulfill the requirement of restricting internet-bound traffic. It only ensures that the bucket is located in the same Region as the EC2 instance but does not provide a private connection.

Therefore, configuring an S3 interface endpoint is the appropriate action to fulfill the requirements and maintain security by allowing the EC2 instances to store and read objects from Amazon S3 without relying on internet-bound traffic.

Question 983

Exam Question

An entertainment company is using Amazon DynamoDB to store media metadata. The application is read intensive and experiencing delays. The company does not have staff to handle additional operational overhead and needs to improve the performance efficiency of DynamoDB without reconfiguring the application.

What should a solutions architect recommend to meet this requirement?

A. Use Amazon ElastiCache for Redis.
B. Use Amazon DynamoDB Accelerator (DAX).
C. Replicate data by using DynamoDB global tables.
D. Use Amazon ElastiCache for Memcached with Auto Discovery enabled.

Correct Answer

B. Use Amazon DynamoDB Accelerator (DAX).

Explanation

To improve the performance efficiency of DynamoDB without reconfiguring the application and considering the read-intensive workload, a solutions architect should recommend:

B. Use Amazon DynamoDB Accelerator (DAX).

Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, and in-memory cache for DynamoDB. By adding DAX to the architecture, the application can offload a significant portion of the read traffic from DynamoDB, resulting in reduced latency and improved read performance.

DAX sits between the application and DynamoDB, caching frequently accessed data in memory. This eliminates the need for the application to make direct requests to DynamoDB for every read operation, reducing the load on the DynamoDB tables and improving response times.

The advantage of using DAX is that it seamlessly integrates with DynamoDB and does not require any changes to the application code or configuration. The application can continue using the existing DynamoDB APIs, and DAX handles the caching transparently.

Option A, using Amazon ElastiCache for Redis, is not the most suitable choice in this scenario. While ElastiCache for Redis can improve read performance by caching data, it requires modifying the application code to utilize the Redis cache. Since the requirement specifies not reconfiguring the application, ElastiCache for Redis may not be the optimal solution.

Option C, replicating data using DynamoDB global tables, can improve read performance by distributing the workload across multiple AWS Regions. However, it involves additional complexity and operational overhead, which is not desired according to the requirement.

Option D, using Amazon ElastiCache for Memcached with Auto Discovery enabled, is not the best choice because it does not offer the seamless integration and optimized caching capabilities specifically designed for DynamoDB, as provided by DAX.

Therefore, the recommended solution in this scenario is to use Amazon DynamoDB Accelerator (DAX) to improve the performance efficiency of DynamoDB without reconfiguring the application.

Question 984

Exam Question

A company is planning to migrate a business-critical dataset to Amazon S3. The current solution design uses a single S3 bucket in the us-east-1 Region with versioning enabled to store the dataset. The company’s disaster recovery policy states that all data multiple AWS Regions.

How should a solutions architect design the S3 solution?

A. Create an additional S3 bucket in another Region and configure cross-Region replication.
B. Create an additional S3 bucket in another Region and configure cross-origin resource sharing (CORS).
C. Create an additional S3 bucket with versioning in another Region and configure cross-Region replication.
D. Create an additional S3 bucket with versioning in another Region and configure cross-origin resource (CORS).

Correct Answer

A. Create an additional S3 bucket in another Region and configure cross-Region replication.

Explanation

To design the S3 solution that aligns with the company’s disaster recovery policy of storing data in multiple AWS Regions, a solutions architect should:

A. Create an additional S3 bucket in another Region and configure cross-Region replication.

Cross-Region replication in Amazon S3 allows for automatic and asynchronous replication of data between S3 buckets in different AWS Regions. By creating an additional S3 bucket in another Region and configuring cross-Region replication, the company can achieve both data durability and availability in multiple Regions.

Enabling cross-Region replication ensures that any new or updated objects in the source bucket (in the us-east-1 Region) are automatically replicated to the destination bucket in the chosen Region. This provides redundancy and data resiliency in the event of a disaster or outage in the source Region.

Option B, configuring cross-origin resource sharing (CORS), is not relevant to the requirement of replicating data to multiple AWS Regions. CORS is used to control access to resources in a web browser and does not address the need for disaster recovery and data replication.

Option C, creating an additional S3 bucket with versioning in another Region and configuring cross-Region replication, is the correct choice. Versioning in S3 provides additional protection against accidental deletions or modifications of objects, and when combined with cross-Region replication, it ensures that both the object versions and their replication are maintained in multiple Regions.

Option D, creating an additional S3 bucket with versioning in another Region and configuring cross-origin resource (CORS), is not relevant to the requirement of disaster recovery and data replication. CORS is used to control access to resources in a web browser and does not address the need for data replication and disaster recovery across multiple Regions.

Therefore, the recommended solution is to create an additional S3 bucket in another Region and configure cross-Region replication to ensure data replication and disaster recovery across multiple AWS Regions.

Question 985

Exam Question

A company is relocating its data center and wants to securely transfer 50 TB of data to AWS within 2 weeks. The existing data center has a Site-to-Site VPN connection to AWS that is 90% utilized.

Which AWS service should a solutions architect use to meet these requirements?

A. AWS DataSync with a VPC endpoint
B. AWS Direct Connect
C. AWS Snowball Edge Storage Optimized
D. AWS Storage Gateway

Correct Answer

C. AWS Snowball Edge Storage Optimized

Explanation

To securely transfer 50 TB of data to AWS within 2 weeks while considering the existing network limitations, a solutions architect should use:

C. AWS Snowball Edge Storage Optimized.

AWS Snowball Edge is a service designed to securely and efficiently transfer large amounts of data into and out of AWS. It provides a physical device that you can use to transport your data. The Snowball Edge Storage Optimized device has a usable storage capacity of 80 TB.

By using AWS Snowball Edge Storage Optimized, the company can load the 50 TB of data onto the device at the current data center and then ship it to AWS. Once the device arrives at AWS, the data can be imported directly into an S3 bucket. This method allows for fast and secure data transfer, bypassing the limitations of the existing Site-to-Site VPN connection.

Using AWS DataSync with a VPC endpoint (option A) may provide efficient data transfer, but it relies on network connectivity, which is already heavily utilized. Therefore, it may not be the most suitable solution for this scenario.

AWS Direct Connect (option B) provides a dedicated network connection between the on-premises environment and AWS, but it requires setup and provisioning time, which may not meet the timeline requirement of 2 weeks.

AWS Storage Gateway (option D) is primarily used for integrating on-premises environments with AWS storage services and does not provide a direct solution for securely transferring large amounts of data within a short timeframe.

Therefore, the recommended solution is to use AWS Snowball Edge Storage Optimized to securely transfer the 50 TB of data to AWS within 2 weeks, overcoming the limitations of the existing network infrastructure.

Question 986

Exam Question

A solutions architect is designing a solution to access a catalog of images and provide users with the ability to submit requests to customize images. Image customization parameters will be in any request sent to an AWS API Gateway API. The customized image will be generated on demand, and users will receive a link they can click to view or download their customized image. The solution must be highly available for viewing and customizing images.

What is the MOST cost-effective solution to meet these requirements?

A. Use Amazon EC2 instances to manipulate the original image into the requested customization Store the original and manipulated images in Amazon S3. Configure an Elastic Load Balancer in front of the EC2 instances.
B. Use AWS Lambda to manipulate the original image to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.
C. Use AWS Lambda to manipulate the original image to the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Elastic Load Balancer in front of the Amazon EC2 instances.
D. Use Amazon EC2 instances to manipulate the original image into the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.

Correct Answer

B. Use AWS Lambda to manipulate the original image to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.

Explanation

The MOST cost-effective solution to meet the requirements of accessing and customizing images, as well as providing highly available access to those images, would be:

B. Use AWS Lambda to manipulate the original image to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.

In this solution, AWS Lambda is used to perform the image customization based on the parameters received in the API request. The original and manipulated images are stored in Amazon S3, which provides a durable and scalable storage solution. By configuring an Amazon CloudFront distribution with the S3 bucket as the origin, the images can be served with low latency and high availability to users.

Using AWS Lambda for image manipulation allows for a serverless and scalable approach, where resources are provisioned and billed based on actual usage, resulting in cost optimization. Storing the images in Amazon S3 ensures durability and easy accessibility. Configuring Amazon CloudFront as a content delivery network improves performance and availability by caching the images at edge locations worldwide.

Options A and C introduce unnecessary complexity by involving Amazon EC2 instances and Amazon DynamoDB for storing the manipulated images, which would add additional costs and management overhead.

Option D also includes Amazon EC2 instances and Amazon DynamoDB, making it less cost-effective compared to option B.

Therefore, option B provides the most cost-effective solution while meeting the requirements for accessing, customizing, and serving images in a highly available manner.

Question 987

Exam Question

A company designed a stateless two-tier application that uses Amazon EC2 in a single Availability Zone and an Amazon RDS Multi-AZ DB instance. New company management wants to ensure the application is highly available.

What should a solutions architect do to meet this requirement?

A. Configure the application to use Multi-AZ EC2 Auto Scaling and create an Application Load Balancer.
B. Configure the application to take snapshots of the EC2 instances and send them to a different AWS Region.
C. Configure the application to use Amazon Route 53 latency-based routing to feed requests to the application.
D. Configure Amazon Route 53 rules to handle incoming requests and create a Multi-AZ Application Load Balancer.

Correct Answer

D. Configure Amazon Route 53 rules to handle incoming requests and create a Multi-AZ Application Load Balancer.

Explanation

To ensure high availability for the stateless two-tier application, the following solution should be implemented:

D. Configure Amazon Route 53 rules to handle incoming requests and create a Multi-AZ Application Load Balancer.

By configuring Amazon Route 53 with rules, you can route incoming requests to the application across multiple Availability Zones. This helps distribute the traffic and ensures availability even if one Availability Zone becomes unavailable. By creating a Multi-AZ Application Load Balancer, you can further enhance the application’s availability by automatically distributing incoming traffic to healthy EC2 instances in multiple Availability Zones.

Option A is incorrect because while it mentions using EC2 Auto Scaling and creating an Application Load Balancer, it doesn’t mention anything about making the application highly available across multiple Availability Zones.

Option B is incorrect because taking snapshots of EC2 instances and sending them to a different AWS Region does not provide immediate availability in case of failures within the same Region.

Option C is incorrect because although latency-based routing in Amazon Route 53 can improve user experience by directing requests to the lowest-latency endpoint, it does not ensure high availability on its own.

Therefore, option D is the correct choice as it combines the use of Amazon Route 53 for routing requests and a Multi-AZ Application Load Balancer to achieve high availability for the application.

Question 988

Exam Question

A start-up company has a web application based in the us-east-1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones. As the company’s user base grows in the us-west-1 Region, it needs a solution with low latency and high availability.

What should a solutions architect do to accomplish this?

A. Provision EC2 instances in us-west-1. Switch the Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing.
B. Provision EC2 instances and an Application Load Balancer in us-west-1. Make the load balancer distribute the traffic based on the location of the request.
C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.
D. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Configure Amazon Route 53 with a weighted routing policy. Create alias records in Route 53 that point to the Application Load Balancer.

Correct Answer

C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.

Explanation

To achieve low latency and high availability for the growing user base in the us-west-1 Region, the following solution should be implemented:

C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.

By provisioning EC2 instances and an Application Load Balancer in the us-west-1 Region, you can ensure that the web application is deployed closer to the users in that region, reducing latency. Additionally, creating an accelerator in AWS Global Accelerator allows you to create an endpoint group that includes the load balancer endpoints in both the us-east-1 and us-west-1 Regions. This way, user traffic is automatically routed to the closest healthy endpoint, optimizing performance and availability.

Option A is incorrect because switching the Application Load Balancer to a Network Load Balancer does not provide cross-Region load balancing and does not address the need for low latency in the us-west-1 Region.

Option B is incorrect because while provisioning EC2 instances and an Application Load Balancer in us-west-1 is a step in the right direction, load balancing based on request location does not guarantee low latency and high availability for the us-west-1 Region.

Option D is incorrect because while using Amazon Route 53 with a weighted routing policy and alias records can distribute traffic across multiple regions, it does not provide the low latency required for the us-west-1 Region.

Therefore, option C is the correct choice as it combines the use of EC2 instances, an Application Load Balancer, and AWS Global Accelerator to achieve low latency and high availability for the growing user base in the us-west-1 Region.

Question 989

Exam Question

A company wants to use a custom distributed application that calculates various profit and loss scenarios. To achieve this goal, the company needs to provide a network connection between its Amazon EC2 instances. The connection must minimize latency and must maximize throughput.

Which solution will meet these requirements?

A. Provision the application to use EC2 Dedicated Hosts of the same instance type.
B. Configure a placement group for EC2 instances that have the same instance type.
C. Use multiple AWS elastic network interfaces and link aggregation.
D. Configure AWS PrivateLink for the EC2 instances.

Correct Answer

C. Use multiple AWS elastic network interfaces and link aggregation.

Explanation

To provide a network connection between Amazon EC2 instances that minimizes latency and maximizes throughput, the following solution should be implemented:

C. Use multiple AWS elastic network interfaces and link aggregation.

By using multiple AWS elastic network interfaces (ENIs) and link aggregation, you can distribute the network traffic across multiple network interfaces and combine the bandwidth of those interfaces. This allows for improved throughput and reduced latency as the network traffic is spread out and handled by multiple interfaces simultaneously.

Option A is incorrect because provisioning the application to use EC2 Dedicated Hosts of the same instance type does not guarantee minimized latency and maximized throughput. While it provides dedicated hardware for the EC2 instances, it does not address network performance requirements.

Option B is incorrect because configuring a placement group for EC2 instances with the same instance type does not directly address the latency and throughput requirements. Placement groups are designed to enhance the network performance within a single Availability Zone, but they do not provide network connectivity across instances.

Option D is incorrect because configuring AWS PrivateLink does not directly address the latency and throughput requirements. AWS PrivateLink is used for securely accessing services over the AWS network, but it does not optimize network performance between EC2 instances.

Therefore, option C is the correct choice as it leverages multiple AWS elastic network interfaces and link aggregation to provide a network connection that minimizes latency and maximizes throughput for the custom distributed application.

Question 990

Exam Question

A solutions architect is designing a new service behind Amazon API Gateway. The request patterns for the service will be unpredictable and can change suddenly from 0 requests to over 500 per second. The total size of the data that needs to be persisted in a database is currently less than 1 GB with unpredictable future growth. Data can be queried using simple key-value requests.

Which combination of AWS services would meet these requirements? (Choose two.)

A. AWS Fargate
B. AWS Lambda
C. Amazon DynamoDB
D. Amazon EC2 Auto Scaling
E. MySQL-compatible Amazon Aurora

Correct Answer

B. AWS Lambda

Explanation

To meet the requirements of unpredictable request patterns, unpredictable future growth, and the ability to query data using simple key-value requests, the following combination of AWS services can be used:

B. AWS Lambda
C. Amazon DynamoDB

AWS Lambda is a serverless compute service that can scale automatically based on the incoming request load. It allows you to run code without provisioning or managing servers. With AWS Lambda, you can handle the unpredictable request patterns and scale from 0 requests to over 500 per second seamlessly.

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance at any scale. DynamoDB is designed to handle high traffic and can automatically scale up or down based on the workload. It supports key-value access patterns and can handle the storage requirements, even with unpredictable future growth.

Option A, AWS Fargate, is a serverless compute engine for containers. While it can handle unpredictable request patterns, it may not be the most efficient or cost-effective solution for simple key-value data persistence.

Option D, Amazon EC2 Auto Scaling, is a service that automatically adjusts the number of EC2 instances based on demand. While it can handle scaling based on request patterns, it may not be the most suitable solution for unpredictable request patterns and may require more management overhead.

Option E, MySQL-compatible Amazon Aurora, is a scalable and highly available relational database service. While it can handle the data storage requirements and query patterns, it may not be the most cost-effective solution for the given scenario.

Therefore, options B (AWS Lambda) and C (Amazon DynamoDB) provide a scalable and cost-effective solution to handle the unpredictable request patterns, data persistence, and simple key-value querying requirements.