AWS Certified Solutions Architect – Associate SAA-C03 Exam Questions and Answers – Page 46

The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.

Question 1171

Exam Question

A company is deploying an application in three AWS Regions using an Application Load Balancer Amazon Route 53 will be used to distribute traffic between these Regions.

Which Route 53 configuration should a solutions architect use to provide the MOST high-performing experience?

A. Create an A record with a latency policy.
B. Create an A record with a geolocation policy.
C. Create a CNAME record with a failover policy.
D. Create a CNAME record with a geo proximity policy.

Correct Answer

A. Create an A record with a latency policy.

Explanation

To provide the most high-performing experience when distributing traffic between multiple AWS Regions using an Application Load Balancer, a solutions architect should use the following Route 53 configuration:

A. Create an A record with a latency policy.

1. Configure an Application Load Balancer (ALB) in each AWS Region where the application is deployed.
2. Obtain the DNS names associated with each ALB.
3. In Amazon Route 53, create an A record and specify the DNS names of the ALBs as the record values.
4. Configure a latency-based routing policy for the A record.
5. Route 53 will automatically evaluate the latency between the end user and the AWS Regions and direct the traffic to the Region with the lowest latency.

By using a latency-based routing policy, Route 53 will dynamically route traffic to the AWS Region that provides the best performance for the end users, resulting in the most high-performing experience.

Question 1172

Exam Question

A company hosts its website on Amazon S3. The website serves petabytes of outbound traffic monthly, which accounts for most of the company’s AWS costs.

What should a solutions architect do to reduce costs?

A. Configure Amazon CloudFront with the existing website as the origin.
B. Move the website to Amazon EC2 with Amazon EBS volumes for storage.
C. Use AWS Global Accelerator and specify the existing website as the endpoint.
D. Re Architect the website to run on a combination of Amazon API Gateway and AWS Lambda.

Correct Answer

A. Configure Amazon CloudFront with the existing website as the origin.

Explanation

To reduce costs for serving a website hosted on Amazon S3 that generates significant outbound traffic, a solutions architect should:

A. Configure Amazon CloudFront with the existing website as the origin.

1. Set up an Amazon CloudFront distribution and configure the existing Amazon S3 bucket as the origin.
2. Configure the necessary cache behaviors and distribution settings based on the website’s requirements.
3. Point the DNS records for the website to the CloudFront distribution’s domain name.
4. CloudFront will act as a content delivery network (CDN) and cache the website’s content at edge locations worldwide.
5. When users access the website, they will be served the content from the nearest CloudFront edge location, reducing latency and improving performance.
6. CloudFront also helps in reducing the amount of traffic directly served from Amazon S3, resulting in cost savings.

By configuring CloudFront, the company can take advantage of its caching capabilities and global network of edge locations, which can help reduce the amount of outbound traffic generated from the S3 bucket and lower costs associated with serving the website.

Question 1173

Exam Question

A company has several Amazon EC2 instances set up in a private subnet for security reasons. These instances host applications that read and write large amounts of data to and from Amazon S3 regularly. Currently, subnet routing directs all the traffic destined for the internet through a NAT gateway. The company wants to optimize the overall cost without impacting the ability of the application to communicate with Amazon S3 or the outside internet.

What should a solutions architect do to optimize costs?

A. Create an additional NAT gateway. Update the route table to route to the NAT gateway. Update the network ACL to allow S3 traffic.
B. Create an internet gateway. Update the route table to route traffic to the internet gateway. Update the network ACL to allow S3 traffic.
C. Create a VPC endpoint for Amazon S3. Attach an endpoint policy to the endpoint. Update the route table to direct traffic to the VPC endpoint.
D. Create an AWS Lambda function outside of the VPC to handle S3 requests. Attach an IAM policy to the EC2 instances, allowing them to invoke the Lambda function.

Correct Answer

C. Create a VPC endpoint for Amazon S3. Attach an endpoint policy to the endpoint. Update the route table to direct traffic to the VPC endpoint.

Explanation

To optimize costs for Amazon EC2 instances in a private subnet accessing Amazon S3, a solutions architect should:

C. Create a VPC endpoint for Amazon S3. Attach an endpoint policy to the endpoint. Update the route table to direct traffic to the VPC endpoint.

1. Create a VPC endpoint for Amazon S3 in the same VPC as the EC2 instances.
2. Attach an endpoint policy to the VPC endpoint to allow access to the necessary S3 resources and actions.
3. Update the route table for the private subnet to direct traffic destined for Amazon S3 to the VPC endpoint instead of the NAT gateway.
4. By using a VPC endpoint, the EC2 instances can directly access Amazon S3 without going through the NAT gateway or the internet, eliminating the associated data transfer costs.
5. The traffic between the EC2 instances and Amazon S3 remains within the AWS network, improving performance and reducing network latency.

This approach ensures that the applications running on the EC2 instances can continue to communicate with Amazon S3 securely and efficiently while optimizing costs by bypassing the NAT gateway and reducing outbound data transfer charges.

Question 1174

Exam Question

A company has implemented one of its microservices on AWS Lambda that accesses an Amazon DynamoDB table named Books. A solutions architect is designing an IAM policy to be attached to the Lambda function IAM role, giving it access to put, update, and delete items in the Books table. The IAM policy must prevent function from performing any other actions on the Books table or any other.

Which IAM policy would fulfill these needs and provide the LEAST privileged access?

A.

B.

C.

D.

Correct Answer

A.

Question 1175

Exam Question

A company has a mobile game that reads most of its metadata from an Amazon RDS DB instance. As the game increased in popularity developers noticed slowdowns related to the game metadata load times. Performance metrics indicate that simply scaling the database will not help. A solutions architect must explore all options that include capabilities for snapshots replication and sub-millisecond response times.

What should the solutions architect recommend to solve these issues?

A. Migrate the database to Amazon Aurora with Aurora Replicas.
B. Migrate the database to Amazon DynamoDB with global tables.
C. Add an Amazon ElastiCache for Redis layer in front of the database.
D. Add an Amazon ElastiCache for Memcached layer in front of the database.

Correct Answer

A. Migrate the database to Amazon Aurora with Aurora Replicas.

Explanation

To solve the performance issues related to game metadata load times, with the requirement of snapshots replication and sub-millisecond response times, a solutions architect should recommend:

A. Migrate the database to Amazon Aurora with Aurora Replicas.

1. Amazon Aurora is a highly performant and scalable database service that offers sub-millisecond response times.
2. Aurora Replicas can be used to offload read traffic from the primary database and provide additional read scalability.
3. Snapshots of the Amazon Aurora database can be replicated across multiple Availability Zones for improved durability and disaster recovery.
4. By migrating the database to Amazon Aurora with Aurora Replicas, the company can achieve better performance for game metadata load times and handle increased popularity without compromising response times.
5. Option B (Migrate the database to Amazon DynamoDB with global tables) is not recommended because DynamoDB may not provide the required sub-millisecond response times for complex queries or large amounts of data.

Options C (Add an Amazon ElastiCache for Redis layer) and D (Add an Amazon ElastiCache for Memcached layer) can improve performance by caching frequently accessed data, but they may not be sufficient to address the slowdowns related to metadata load times. Additionally, they do not provide the same capabilities for snapshots replication as Amazon Aurora.

Question 1176

Exam Question

A company is creating an architecture for a mobile app that requires minimal latency for its users. The company’s architecture consists of Amazon EC2 instances behind an Application Load Balancer running in an Auto Scaling group. The EC2 instances connect to Amazon RDS. Application beta testing showed there was a slowdown when reading the data. However the metrics indicate that the EC2 instances do not cross any CPU utilization thresholds.

How can this issue be addressed?

A. Reduce the threshold for CPU utilization in the Auto Scaling group.
B. Replace the Application Load Balancer with a Network Load Balancer.
C. Add read replicas for the RDS instances and direct read traffic to the replica.
D. Add Multi-AZ support to the RDS instances and direct read traffic to the new EC2 instance.

Correct Answer

C. Add read replicas for the RDS instances and direct read traffic to the replica.

Explanation

To address the slowdown when reading data in the architecture, a solutions architect should recommend:

C. Add read replicas for the RDS instances and direct read traffic to the replica.

1. By adding read replicas for the Amazon RDS instances, the read workload can be distributed across multiple database instances.
2. Read replicas can offload read traffic from the primary RDS instance, improving read performance and reducing latency.
3. By directing read traffic to the read replicas, the load on the primary RDS instance is reduced, allowing it to focus on write operations.
4. This approach can help alleviate the slowdown in reading data without the need to modify the CPU utilization thresholds or change the load balancer type.

Option A (Reduce the threshold for CPU utilization in the Auto Scaling group) is not recommended because the metrics indicate that the EC2 instances do not cross any CPU utilization thresholds. Therefore, lowering the threshold would not address the slowdown issue.

Option B (Replace the Application Load Balancer with a Network Load Balancer) is not directly related to the issue of slowdown in reading data. It may provide benefits in certain scenarios but does not specifically address the described problem.

Option D (Add Multi-AZ support to the RDS instances and direct read traffic to the new EC2 instance) is not the most suitable solution for improving read performance in this scenario. Multi-AZ support primarily provides high availability and failover capabilities, rather than directly improving read performance.

Question 1177

Exam Question

A company is using Site-to-Site VPN connections for secure connectivity to its AWS Cloud resources from on premises. Due to an increase in traffic across the VPN connections to the Amazon EC2 instances, users are experiencing slower VPN connectivity.

Which solution will improve the VPN throughput?

A. Implement multiple customer gateways for the same network to scale the throughput.
B. Use a transit gateway with equal cost multipath routing and add additional VPN tunnels.
C. Configure a virtual private gateway with equal cost multipath routing and multiple channels.
D. Increase the number of tunnels in the VPN configuration to scale the throughput beyond the default limit.

Correct Answer

B. Use a transit gateway with equal cost multipath routing and add additional VPN tunnels.

Explanation

The solution that will improve VPN throughput in this scenario is:

B. Use a transit gateway with equal cost multipath routing and add additional VPN tunnels.

1. A transit gateway is a highly scalable and centralized hub for connecting multiple on-premises networks and VPCs.
2. By using a transit gateway, you can aggregate VPN connections from multiple on-premises networks and increase the overall VPN throughput.
3. Equal cost multipath routing (ECMP) allows traffic to be distributed across multiple VPN tunnels, increasing the available bandwidth.
4. By adding additional VPN tunnels to the transit gateway, you can further increase the VPN throughput.
5. This solution helps alleviate the slowdown in VPN connectivity by scaling the throughput and distributing the traffic across multiple tunnels.

Option A (Implement multiple customer gateways for the same network to scale the throughput) is not the most suitable solution as it would require additional configuration and management overhead. Using a transit gateway is a more efficient and scalable approach.

Option C (Configure a virtual private gateway with equal cost multipath routing and multiple channels) is not applicable as a virtual private gateway is used for connecting a single on-premises network to a VPC, and it does not support equal cost multipath routing.

Option D (Increase the number of tunnels in the VPN configuration to scale the throughput beyond the default limit) may provide some increase in throughput, but it does not address the need for distributing the traffic across multiple VPN tunnels for better performance. Using a transit gateway with ECMP is a more appropriate solution.

Question 1178

Exam Question

A company has a mobile chat application with a data store based in Amazon DynamoDB. Users would like new messages to be read with as little latency as possible. A solutions architect needs to design an optimal solution that requires minimal application changes.

Which method should the solutions architect select?

A. Configure Amazon DynamoDB Accelerator (DAX) for the new messages table. Update the code to use the DAX endpoint.
B. Add DynamoDB read replicas to handle the increased read load. Update the application to point to the read endpoint for the read replicas.
C. Double the number of read capacity units for the new messages table in DynamoDB. Continue to use the existing DynamoDB endpoint.
D. Add an Amazon ElastiCache for Redis cache to the application stack. Update the application to point to the Redis cache endpoint instead of DynamoDB.

Correct Answer

A. Configure Amazon DynamoDB Accelerator (DAX) for the new messages table. Update the code to use the DAX endpoint.

Explanation

The method that the solutions architect should select to minimize latency for reading new messages from the Amazon DynamoDB data store with minimal application changes is:

A. Configure Amazon DynamoDB Accelerator (DAX) for the new messages table. Update the code to use the DAX endpoint.

1. Amazon DynamoDB Accelerator (DAX) is an in-memory cache for DynamoDB that provides fast, microsecond response times for read-intensive workloads.
2. By configuring DAX for the new messages table, the architect can leverage its caching capabilities to reduce the latency for reading new messages.
3. The existing application code needs to be updated to use the DAX endpoint instead of directly accessing DynamoDB.
4. This solution requires minimal application changes as it involves updating the code to use the DAX endpoint, but the underlying DynamoDB operations remain the same.
5. DAX improves read performance by caching frequently accessed data, reducing the need to query the DynamoDB database for every read request.

Option B (Add DynamoDB read replicas to handle the increased read load) can improve read performance, but it requires updating the application code to use the read endpoint for the read replicas. This would involve more application changes compared to using DAX.

Option C (Double the number of read capacity units for the new messages table in DynamoDB) only increases the provisioned read capacity, but it does not guarantee a reduction in latency. It is not the most efficient solution for minimizing latency.

Option D (Add an Amazon ElastiCache for Redis cache to the application stack) involves introducing a separate caching layer with Redis, which would require significant application changes to use the Redis cache endpoint instead of DynamoDB. This option goes beyond minimal application changes.

Therefore, the best option in this case is to choose A. Configure Amazon DynamoDB Accelerator (DAX) for the new messages table and update the code to use the DAX endpoint.

Question 1179

Exam Question

A company runs an application that uses multiple Amazon EC2 instances to gather data from its users. The data is then processed and transferred to Amazon S3 for long-term storage. A review of the application shows that there were long periods of time when the EC2 instances were not being used. A solutions architect needs to design a solution that optimizes utilization and reduces costs.

Which solution meets these requirements?

A. Use Amazon EC2 in an Auto Scaling group with On-Demand instances.
B. Build the application to use Amazon Lightsail with On-Demand Instances.
C. Create an Amazon CloudWatch cron job to automatically stop the EC2 instances when there is no activity.
D. Redesign the application to use an event-driven design with Amazon Simple Queue Service (Amazon SQS) and AWS Lambda.

Correct Answer

D. Redesign the application to use an event-driven design with Amazon Simple Queue Service (Amazon SQS) and AWS Lambda.

Explanation

The solution that meets the requirements of optimizing utilization and reducing costs for the application that gathers data from users and transfers it to Amazon S3 is:

D. Redesign the application to use an event-driven design with Amazon Simple Queue Service (Amazon SQS) and AWS Lambda.

1. By redesigning the application to use an event-driven design, you can leverage the serverless architecture provided by AWS Lambda and the message queuing capabilities of Amazon SQS.
2. Instead of continuously running EC2 instances, you can configure the application to trigger AWS Lambda functions in response to events, such as user data being available.
3. When user data is received, it can be placed in an Amazon SQS queue, which triggers the associated Lambda function for processing and transferring the data to Amazon S3.
4. With an event-driven design, resources are only provisioned and utilized when there is actual work to be done. This helps optimize resource utilization and reduce costs by eliminating the need for continuously running EC2 instances during periods of inactivity.
5. AWS Lambda automatically scales based on the incoming workload, ensuring that data processing is performed efficiently and at the required scale.
6. Additionally, AWS Lambda provides a cost-effective pricing model where you only pay for the actual execution time and resources consumed during processing.

Options A and B (Use Amazon EC2 in an Auto Scaling group with On-Demand instances; Build the application to use Amazon Lightsail with On-Demand Instances) involve using continuously running EC2 instances, which may not be cost-effective if there are long periods of inactivity.

Option C (Create an Amazon CloudWatch cron job to automatically stop the EC2 instances when there is no activity) can help reduce costs by stopping EC2 instances during idle periods, but it does not optimize utilization as it does not take advantage of an event-driven architecture and the scalability provided by AWS Lambda.

Therefore, the most suitable solution in this case is to choose D. Redesign the application to use an event-driven design with Amazon SQS and AWS Lambda.

Question 1180

Exam Question

A company has created an isolated backup of its environment in another Region. The application is running in warm standby mode and is fronted by an Application Load Balancer (ALB). The current failover process is manual and requires updating a DNS alias record to point to the secondary ALB in another Region.

What should a solution architect do to automate the failover process?

A. Enable an ALB health check
B. Enable an Amazon Route 53 health check.
C. Create a CNAME record on Amazon Route 53 pointing to the ALB endpoint.
D. Create conditional forwarding rules on Amazon Route 53 pointing to an internal BIND DNS server.

Correct Answer

B. Enable an Amazon Route 53 health check.

Explanation

To automate the failover process for the company’s isolated backup environment, a solution architect should:

B. Enable an Amazon Route 53 health check.

1. Amazon Route 53 health checks can monitor the health of resources, such as an Application Load Balancer (ALB), by periodically sending requests and verifying the responses.
2. By enabling an Amazon Route 53 health check for the primary ALB, the architect can configure it to automatically fail over to the secondary ALB in another Region when the primary ALB is determined to be unhealthy.
3. The health check can be configured with appropriate parameters to determine the health of the primary ALB, such as the response code, latency, or TCP connection.
4. Once the health check detects that the primary ALB is unhealthy, it can automatically update the DNS records to point to the secondary ALB in the other Region, ensuring that traffic is redirected to the backup environment without manual intervention.
5. This automated failover process helps minimize downtime and improves the resiliency of the application.

Option A (Enable an ALB health check) is not the recommended approach because ALB health checks are not designed to automatically update DNS records. They only monitor the health of the ALB and can be used for internal health-related tasks, such as managing target group registration.

Option C (Create a CNAME record on Amazon Route 53 pointing to the ALB endpoint) is not sufficient for automating the failover process. While it provides the capability to update the DNS records, it does not incorporate health checks to determine when the failover should occur.

Option D (Create conditional forwarding rules on Amazon Route 53 pointing to an internal BIND DNS server) is not necessary and overly complex for achieving the automated failover. It introduces the need for an additional DNS server and conditional forwarding rules, which can add complexity to the architecture.

Therefore, the most suitable solution is to enable an Amazon Route 53 health check (Option B) to automate the failover process.