The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Question 1151
Exam Question
A company has an on-premises business application that generates hundreds of files each day. These files are stored on an SMB file share and require a low- latency connection to the application servers. A new company policy states all application-generated files must be copied to AWS. There is already a VPN connection to AWS. The application development team does not have time to make the necessary code modifications to move the application to AWS.
Which service should a solutions architect recommend to allow the application to copy files to AWS?
A. Amazon Elastic File System (Amazon EFS)
B. Amazon FSx for Windows File Server
C. AWS Snowball
D. AWS Storage Gateway
Correct Answer
D. AWS Storage Gateway
Explanation
To allow the application to copy files to AWS without making code modifications or significant changes to the existing infrastructure, a solutions architect should recommend:
D. AWS Storage Gateway.
AWS Storage Gateway provides a hybrid storage service that enables on-premises applications to seamlessly integrate with AWS cloud storage. In this scenario, the File Gateway type of AWS Storage Gateway can be used. It presents an SMB file share interface that can be mounted on the application servers, allowing them to access the file share as if it were located on-premises. The files generated by the application can then be copied to AWS by writing them to the mounted file share.
Option A (Amazon Elastic File System – Amazon EFS) is a fully managed file storage service in AWS, but it does not directly integrate with on-premises applications and requires modifications to the application code.
Option B (Amazon FSx for Windows File Server) is another managed file storage service in AWS, but it is not designed for integration with on-premises applications and would require changes to the infrastructure.
Option C (AWS Snowball) is a data migration service that physically transfers data using a secure device. It is not suitable for a low-latency connection and ongoing file copying.
Therefore, the most suitable option for this scenario is to use AWS Storage Gateway, specifically the File Gateway type, to allow the application to copy files to AWS.
Question 1152
Exam Question
A solutions architect is designing an architecture for a new application that requires low network latency and high network throughput between Amazon EC2 instances.
Which component should be included in the architectural design?
A. An Auto Scaling group with Spot Instance types.
B. A placement group using a cluster placement strategy.
C. A placement group using a partition placement strategy.
D. An Auto Scaling group with On-Demand instance types.
Correct Answer
B. A placement group using a cluster placement strategy.
Explanation
To achieve low network latency and high network throughput between Amazon EC2 instances, a solutions architect should include:
B. A placement group using a cluster placement strategy.
A placement group is a logical grouping of instances within a single Availability Zone. By using a cluster placement strategy, instances are placed in close physical proximity to each other, which minimizes the network latency and improves network throughput. This is especially beneficial for applications that require high-performance and low-latency communication between instances, such as HPC (High-Performance Computing) workloads, big data processing, or real-time analytics.
Option A (An Auto Scaling group with Spot Instance types) and option D (An Auto Scaling group with On-Demand instance types) are related to the instance types and pricing options, but they do not directly address the requirement for low network latency and high network throughput.
Option C (A placement group using a partition placement strategy) is not suitable for this scenario. Partition placement strategy is used for spreading instances across logical partitions to maximize fault tolerance, but it does not prioritize low network latency or high network throughput.
Therefore, the most appropriate component to include in the architectural design for achieving low network latency and high network throughput is a placement group using a cluster placement strategy.
Question 1153
Exam Question
A company has an Amazon S3 bucket that contains mission-critical data. The company wants to ensure this data is protected from accidental deletion. The data should still be accessible, and a user should be able to delete the data intentionally.
Which combination of steps should a solutions architect take to accomplish this? (Choose two.)
A. Enable versioning on the S3 bucket.
B. Enable MFA Delete on the S3 bucket.
C. Create a bucket policy on the S3 bucket.
D. Enable default encryption on the S3 bucket.
E. Create a lifecycle policy for the objects in the S3 bucket.
Correct Answer
A. Enable versioning on the S3 bucket.
Explanation
To protect mission-critical data in an Amazon S3 bucket from accidental deletion while still allowing intentional deletion by authorized users, a solutions architect should take the following steps:
A. Enable versioning on the S3 bucket: Enabling versioning allows multiple versions of an object to be stored in the bucket. When an object is deleted, instead of being permanently deleted, a new version with a delete marker is created. This ensures that the data is not lost and can be restored if needed.
C. Create a bucket policy on the S3 bucket: By creating a bucket policy, you can define fine-grained access controls and permissions for the bucket. You can specify who has the permission to delete objects from the bucket, ensuring that only authorized users can intentionally delete data.
Enabling MFA Delete (option B) would require the use of Multi-Factor Authentication (MFA) for deleting objects, which might not be practical for regular operations.
Enabling default encryption (option D) and creating a lifecycle policy (option E) are important for data protection and management but are not directly related to preventing accidental deletion.
Therefore, the recommended steps to protect the data from accidental deletion while still allowing intentional deletion are to enable versioning on the S3 bucket (option A) and create a bucket policy (option C).
Question 1154
Exam Question
A solutions architect must design a solution for a persistent database that is being migrated from on-premises to AWS. The database requires 64,000 IOPS according to the database administrator. If possible, the database administrator wants to use a single Amazon Elastic Block Store (Amazon EBS) volume to host the database instance.
Which solution effectively meets the database administrator’s criteria?
A. Use an instance from the I3 I/O optimized family and leverage local ephemeral storage to achieve the IOPS requirement.
B. Create an Nitro-based Amazon EC2 instance with an Amazon EBS Provisioned IOPS SSD (io1) volume attached. Configure the volume to have 64,000 IOPS.
C. Create and map an Amazon Elastic File System (Amazon EFS) volume to the database instance and use the volume to achieve the required IOPS for the database.
D. Provision two volumes and assign 32,000 IOPS to each. Create a logical volume at the operating system level that aggregates both volumes to achieve the IOPS requirements.
Correct Answer
B. Create an Nitro-based Amazon EC2 instance with an Amazon EBS Provisioned IOPS SSD (io1) volume attached. Configure the volume to have 64,000 IOPS.
Explanation
To meet the database administrator’s criteria of achieving 64,000 IOPS with a single Amazon EBS volume, the recommended solution is:
B. Create a Nitro-based Amazon EC2 instance with an Amazon EBS Provisioned IOPS SSD (io1) volume attached and configure the volume to have 64,000 IOPS.
Amazon EBS Provisioned IOPS SSD (io1) volumes are designed to deliver predictable and high-performance storage for I/O-intensive workloads. By provisioning an io1 volume with the desired IOPS, you can achieve the required performance for the database.
Option A, using an instance from the I3 I/O optimized family and leveraging local ephemeral storage, might not provide the required IOPS and would also introduce the risk of data loss if the instance is stopped or terminated.
Option C, using Amazon Elastic File System (Amazon EFS), is a scalable and managed file storage service but it does not provide the guaranteed IOPS required by the database.
Option D, provisioning two volumes and aggregating them at the operating system level, may achieve the required IOPS but it introduces additional complexity and may not provide the same level of performance and reliability as a single provisioned io1 volume.
Therefore, option B is the most suitable solution for achieving the required IOPS with a single Amazon EBS volume.
Question 1155
Exam Question
A company maintains a searchable repository of items on its website. The data is stored in an Amazon RDS for MySQL database table that contains over 10 million rows. The database has 2 TB of General Purpose SSD (gp2) storage. There are millions of updates against this data every day through the company website. The company has noticed some operations are taking 10 seconds or longer and has determined that the database storage performance is the bottleneck.
Which solution addresses the performance issue?
A. Change the storage type to Provisioned IOPS SSD (io1).
B. Change the instance to a memory-optimized instance class.
C. Change the instance to a burstable performance DB instance class.
D. Enable Multi-AZ RDS read replicas with MySQL native asynchronous replication.
Correct Answer
A. Change the storage type to Provisioned IOPS SSD (io1).
Explanation
To address the storage performance issue for the Amazon RDS for MySQL database, the recommended solution is:
A. Change the storage type to Provisioned IOPS SSD (io1).
General Purpose SSD (gp2) volumes provide a baseline level of performance with the ability to burst beyond that baseline for short periods of time. However, if the database workload consistently exceeds the baseline performance, it can lead to performance bottlenecks.
By changing the storage type to Provisioned IOPS SSD (io1), you can provision the desired amount of IOPS for the database, ensuring consistent and predictable performance even under high load.
Option B, changing the instance to a memory-optimized instance class, may improve the overall performance of the database if memory is the bottleneck, but it does not directly address the storage performance issue.
Option C, changing the instance to a burstable performance DB instance class, is not directly related to the storage performance and may not provide the required performance improvement for the database.
Option D, enabling Multi-AZ RDS read replicas with MySQL native asynchronous replication, can offload read traffic to the replicas and improve overall scalability, but it does not directly address the storage performance issue.
Therefore, option A is the most suitable solution for addressing the storage performance issue by leveraging Provisioned IOPS SSD (io1) storage.
Question 1156
Exam Question
A company relies on an application that needs at least 4 Amazon EC2 instances during regular traffic and must scale up to 12 EC2 instances during peak loads.
The application is critical to the business and must be highly available.
Which solution will meet these requirements?
A. Deploy the EC2 instances in an Auto Scaling group Set the minimum to 4 and the maximum to 12, with 2 in Availability Zone A and 2 in Availability Zone B.
B. Deploy the EC2 instances in an Auto Scaling group Set the minimum to 4 and the maximum to 12, with all 4 in Availability Zone A.
C. Deploy the EC2 instances in an Auto Scaling group Set the minimum to 8 and the maximum to 12, with 4 in Availability Zone A and 4 in Availability Zone B.
D. Deploy the EC2 instances in an Auto Scaling group Set the minimum to 8 and the maximum to 12 with all 8 in Availability Zone A.
Correct Answer
C. Deploy the EC2 instances in an Auto Scaling group Set the minimum to 8 and the maximum to 12, with 4 in Availability Zone A and 4 in Availability Zone B.
Explanation
To meet the requirements of having at least 4 Amazon EC2 instances during regular traffic and scaling up to 12 instances during peak loads while ensuring high availability, the recommended solution is:
C. Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 8 and the maximum to 12, with 4 instances in Availability Zone A and 4 instances in Availability Zone B.
By setting the minimum to 8 instances, you ensure that even during regular traffic, there are at least 4 instances available for high availability. This provides redundancy and fault tolerance.
Setting the maximum to 12 instances allows the Auto Scaling group to scale up to handle peak loads when necessary. Distributing the instances across Availability Zone A and Availability Zone B further enhances availability and resilience in case of any localized issues or failures in a single availability zone.
Option A, with a minimum of 4 instances across two availability zones, does not meet the requirement of having at least 4 instances during regular traffic.
Option B, with all 4 instances in Availability Zone A, does not provide the desired level of high availability since all instances are concentrated in a single availability zone.
Option D, with a minimum of 8 instances in Availability Zone A, does not distribute instances across availability zones and lacks redundancy and fault tolerance.
Therefore, option C is the most suitable solution for ensuring high availability while accommodating the required number of instances during regular and peak traffic.
Question 1157
Exam Question
An engineering team is developing and deploying AWS Lambda functions. The team needs to create roles and manage policies in AWS IAM to configure the permissions of the Lambda functions.
How should the permissions for the team be configured so they also adhere to the concept of least privilege?
A. Create an IAM role with a managed policy attached. Allow the engineering team and the Lambda functions to assume this role.
B. Create an IAM group for the engineering team with an IAMFullAccess policy attached. Add all the users from the team to this IAM group.
C. Create an execution role for the Lambda functions. Attach a managed policy that has permission boundaries specific to these Lambda functions.
D. Create an IAM role with a managed policy attached that has permission boundaries specific to the Lambda functions. Allow the engineering team to assume this role.
Correct Answer
D. Create an IAM role with a managed policy attached that has permission boundaries specific to the Lambda functions. Allow the engineering team to assume this role.
Explanation
The permissions for the engineering team should be configured to adhere to the concept of least privilege. To achieve this, the recommended approach is:
D. Create an IAM role with a managed policy attached that has permission boundaries specific to the Lambda functions. Allow the engineering team to assume this role.
By creating an IAM role with a managed policy attached, you can define the specific permissions required for the Lambda functions. The managed policy should have permission boundaries that are tailored to the needs of the Lambda functions, granting only the necessary actions and resources.
Allowing the engineering team to assume this role means they can temporarily assume the permissions associated with the role when necessary, enabling them to perform the required actions on the Lambda functions without granting them unnecessary permissions in their own user accounts.
Option A, allowing both the engineering team and the Lambda functions to assume a single role, may lead to granting more permissions than necessary to the Lambda functions.
Option B, attaching an IAMFullAccess policy to an IAM group for the engineering team, grants wide-ranging permissions that are not specific to the needs of the Lambda functions, which does not adhere to the principle of least privilege.
Option C, creating an execution role for the Lambda functions and attaching a managed policy with permission boundaries specific to the functions, does not address the permissions required by the engineering team to manage and configure the Lambda functions.
Therefore, option D provides the most appropriate configuration by allowing the engineering team to assume a role with specific permissions tailored to the Lambda functions while adhering to the principle of least privilege.
Question 1158
Exam Question
A three-tier web application processes orders from customers. The web tier consists of Amazon EC2 instances behind an Application Load Balancer, a middle tier of three EC2 instances decoupled from the web tier using Amazon SQS and an Amazon DynamoDB backend. At peak times, customers who submit orders using the site have to wait much longer than normal to receive confirmations due to lengthy processing times. A solutions architect needs to reduce these processing times.
Which action will be MOST effective in accomplishing this?
A. Replace the SQS queue with Amazon Kinesis Data Firehose.
B. Use Amazon ElastiCache for Redis in front of the DynamoDB backend tier.
C. Add an Amazon CloudFront distribution to cache the responses for the web tier.
D. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SOS queue depth.
Correct Answer
D. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SOS queue depth.
Explanation
To reduce the processing times for customer orders in the three-tier web application, the most effective action would be:
D. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SQS queue depth.
By utilizing Amazon EC2 Auto Scaling, the middle tier instances can automatically scale out to handle increased workload during peak times. Scaling out the instances based on the depth of the SQS queue ensures that there are enough resources available to process the orders efficiently.
Options A, B, and C are not the most effective solutions for reducing processing times in this scenario:
- Option A suggests replacing the SQS queue with Amazon Kinesis Data Firehose. However, Kinesis Data Firehose is primarily designed for streaming data into data lakes and analytics services, and it may not provide the necessary mechanisms for processing order confirmations in a timely manner.
- Option B suggests using Amazon ElastiCache for Redis in front of the DynamoDB backend tier. While ElastiCache can improve read performance by caching frequently accessed data, it may not significantly reduce processing times for order confirmations, as the bottleneck is likely in the middle tier processing.
- Option C suggests adding an Amazon CloudFront distribution to cache the responses for the web tier. While this can improve the response times for subsequent requests by caching static content at the edge locations, it may not directly address the processing times for order confirmations in the middle tier.
Therefore, option D is the most effective solution as it directly addresses the processing times by dynamically scaling out the middle tier instances based on the workload in the SQS queue.
Question 1159
Exam Question
A company has a multi-tier application deployed on several Amazon EC2 instances in an Auto Scaling group. An Amazon RDS for Oracle instance is the application data layer that uses Oracle-specific PSQL functions. Traffic to the application has been steadily increasing. This is causing the EC2 instances to become overloaded and RDS instances to run out of storage. The Auto Scaling group does not have any scaling metrics and defines the minimum healthy instance count only. The company predicts that traffic will continue to increase at a steady but unpredictable rate before leveling off.
What should a solutions architect do to ensure the system can automatically scale for the increased traffic? (Choose two.)
A. Configure storage Auto Scaling on the RDS for Oracle instance.
B. Migrate the database to Amazon Aurora to use Auto Scaling storage.
C. Configure an alarm on the RDS for Oracle instance for low free storage space.
D. Configure the Auto Scaling group to use the average CPU as the scaling metric.
E. Configure the Auto Scaling group to use the average free memory as the scaling metric.
Correct Answer
C. Configure an alarm on the RDS for Oracle instance for low free storage space.
D. Configure the Auto Scaling group to use the average CPU as the scaling metric.
Explanation
To ensure the system can automatically scale for the increased traffic, the following steps should be taken:
C. Configure an alarm on the RDS for Oracle instance for low free storage space: By setting up an alarm for low free storage space on the RDS for Oracle instance, you can proactively monitor the storage utilization and take necessary actions, such as increasing storage capacity or optimizing data storage.
D. Configure the Auto Scaling group to use the average CPU as the scaling metric: By configuring the Auto Scaling group to use average CPU utilization as the scaling metric, the system can automatically scale the EC2 instances based on the CPU load. This will help ensure that the EC2 instances can handle the increased traffic and prevent overloading.
Options A and B are not the appropriate solutions in this scenario:
A. Configuring storage Auto Scaling on the RDS for Oracle instance is not available for Amazon RDS for Oracle. Storage Auto Scaling is a feature specific to Amazon Aurora.
B. Migrating the database to Amazon Aurora to use Auto Scaling storage is a valid option, as Amazon Aurora provides the capability of auto-scaling storage. However, this option requires migrating the database to Aurora, which may not be feasible or desirable in the current situation.
Option E is not recommended because scaling based on free memory is not an appropriate metric for determining the workload and scaling needs of the application. CPU utilization is a more reliable metric in this context.
Therefore, options C and D are the appropriate choices to ensure the system can automatically scale for the increased traffic.
Question 1160
Exam Question
A solutions architect must create a highly available bastion host architecture. The solution needs to be resilient within a single AWS Region and should require only minimal effort to maintain.
What should the solutions architect do to meet these requirements?
A. Create a Network Load Balancer backed by an Auto Scaling group with a UDP listener.
B. Create a Network Load Balancer backed by a Spot Fleet with instances in a group with instances in a partition placement group.
C. Create a Network Load Balancer backed by the existing serves in different Availability Zones as the target.
D. Create a Network Load Balancer backed by an Auto Scaling with instances in multiple Availability zones as the target.
Correct Answer
D. Create a Network Load Balancer backed by an Auto Scaling with instances in multiple Availability zones as the target.
Explanation
To create a highly available bastion host architecture within a single AWS Region while requiring minimal effort to maintain, the following solution can be implemented:
D. Create a Network Load Balancer backed by an Auto Scaling group with instances in multiple Availability Zones as the target.
- By using a Network Load Balancer (NLB), you can distribute incoming traffic to multiple bastion host instances.
- Setting up an Auto Scaling group ensures that the bastion host instances are automatically scaled and replaced if any failures occur.
- Deploying the bastion host instances across multiple Availability Zones increases the availability and fault tolerance of the architecture.
- This solution provides high availability as the Network Load Balancer can automatically route traffic to healthy instances, and the Auto Scaling group ensures the desired number of instances is maintained.
Options A, B, and C are not suitable for a bastion host architecture:
A. Creating a Network Load Balancer backed by an Auto Scaling group with a UDP listener is not a suitable approach for a bastion host architecture. A UDP listener is typically used for specific network protocols, while a bastion host requires SSH or RDP access, which uses TCP.
B. Creating a Network Load Balancer backed by a Spot Fleet with instances in a partition placement group introduces complexity and is not necessary for a simple bastion host architecture.
C. Creating a Network Load Balancer backed by the existing servers in different Availability Zones as the target is not an optimal approach as it does not provide automatic scaling, fault tolerance, and the ability to replace unhealthy instances.
Therefore, option D is the recommended solution to create a highly available bastion host architecture within a single AWS Region while requiring minimal effort to maintain.
