The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Table of Contents
- Exam Question 441
- Correct Answer
- Exam Question 442
- Correct Answer
- Exam Question 443
- Correct Answer
- Exam Question 444
- Correct Answer
- Exam Question 445
- Correct Answer
- Exam Question 446
- Correct Answer
- Exam Question 447
- Correct Answer
- Exam Question 448
- Correct Answer
- Exam Question 449
- Correct Answer
- Exam Question 450
- Correct Answer
Exam Question 441
A company processes large amounts of data. The output data is stored in Amazon S3 Standard storage in an S3 bucket, where it is analyzed for 1 month. The data must remain immediately accessible after the 1-month analysis period.
Which storage solution meets these requirements MOST cost-effectively?
A. Configure an S3 Lifecycle policy to transition the objects to S3 Glacier after 30 days.
B. Configure S3 Intelligent-Tiering to transition the objects to S3 Glacier after 30 days.
C. Configure an S3 Lifecycle policy to transition the objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
D. Configure an S3 Lifecycle policy to delete the objects after 30 days. Enable versioning on the S3 bucket so that deleted objects can still be immediately restored as needed.
Correct Answer
B. Configure S3 Intelligent-Tiering to transition the objects to S3 Glacier after 30 days.
Exam Question 442
A social media company is building a feature for its website. The feature will give users the ability to upload photos. The company expects significant increases in demand during large events and must ensure that the website can handle the upload traffic from users.
Which solution meets these requirements with the MOST scalability?
A. Upload files from the user’s browser to the application servers Transfer the files to an Amazon S3 bucket.
B. Provision an AWS Storage Gateway file gateway. Upload files directly from the user’s browser to the file gateway.
C. Generate Amazon S3 presigned URLs in the application. Upload files directly from the user’s browser into an S3 bucket
D. Provision an Amazon Elastic File System (Amazon EFS) file system. Upload files directly from the user’s browser to the file system.
Correct Answer
C. Generate Amazon S3 presigned URLs in the application. Upload files directly from the user’s browser into an S3 bucket
Exam Question 443
A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML. CSS, client-side JavaScript, and images.
Which method is the MOST cost-effective for hosting the website?
A. Containerize the website and host it in AWS Fargate.
B. Create an Amazon S3 bucket and host the website there
C. Deploy a web server on an Amazon EC2 instance to host the website.
D. Configure an Application Load Balancer with an AWS Lambda target that uses the Express js framework.
Correct Answer
B. Create an Amazon S3 bucket and host the website there
Exam Question 444
A company hosts an application on multiple Amazon EC2 instances. The application processes messages from an Amazon SQS queue writes to an Amazon RDS table and deletes the message from the queue Occasional duplicate records are found in the RDS table. The SQS queue does not contain any duplicate messages.
What should a solutions architect do to ensure messages are being processed once only?
A. Use the CreateQueue API call to create a new queue
B. Use the Add Permission API call to add appropriate permissions
C. Use the ReceiveMessage API call to set an appropriate wail time
D. Use the ChangeMessageVisibility API call to increase the visibility timeout
Correct Answer
D. Use the ChangeMessageVisibility APi call to increase the visibility timeout
Exam Question 445
An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table.
What is me MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?
A. Use a VPC endpoint for DynamoDB
B. Use a NAT gateway in a public subnet
C. Use a NAT instance in a private subnet
D. Use the internet gateway attached to the VPC
Correct Answer
A. Use a VPC endpoint for DynamoDB
Exam Question 446
A social media company allows users to upload images to its website. The website runs on Amazon EC2 instances. During upload requests, the website resizes the images to a standard size and stores the resized images in Amazon S3. Users are experiencing slow upload requests to the website.
The company needs to reduce coupling within the application and improve website performance A solutions architect must design the most operationally efficient process for image uploads.
Which combination of actions should the solutions architect take to meet these requirements? (Select TWO.)
A. Configure the application to upload images to S3 Glacier.
B. Configure the web server to upload the original images to Amazon S3.
C. Configure the application to upload images directly from each user’s browser to Amazon S3 through the use of a presigned UR
D. Configure S3 Event Notifications to invoke an AWS Lambda function when an image is uploaded. Use the function to resize the image
E. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function on a schedule to resize uploaded images.
Correct Answer
D. Configure S3 Event Notifications to invoke an AWS Lambda function when an image is uploaded. Use the function to resize the image
Exam Question 447
A company’s security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently.
What should a solutions architect do to meet these requirements when configuring the logs?
A. Use Amazon CloudWatch as the target. Set the CloudWatch log group with an expiration of 90 days.
B. Use Amazon Kinesis as the target Configure the Kinesis stream to always retain the logs for 90 days
C. Use AWS CloudTrail as the target. Configure CloudTrail to save to an Amazon S3 bucket, and enable S3 Intelligent-Tiering
D. Use Amazon S3 as the target Enable an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days
Correct Answer
D. Use Amazon S3 as the target Enable an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days
Exam Question 448
A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the tiles can be accessed only by authorized users. The files must be downloaded securely to the employees’ devices.
The tiles are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.
Which solution will meet these requirements?
A. Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the security group to limit inbound traffic to the employees’ IP addresses.
B. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VP
C. Migrate the tiles to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
D. Migrate the tiles to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS Single Sign-On.
Correct Answer
D. Migrate the tiles to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS Single Sign-On.
Exam Question 449
A company uses a payment processing system that requires messages for a particular payment ID to be received in the same order that they were sent Otherwise, the payments might be processed incorrectly.
Which actions should a solutions architect take to meet this requirement? (Select TWO.)
A. Write the messages to an Amazon DynamoDB table with the payment ID as the partition key
B. Write the messages to an Amazon Kinesis data stream with the payment ID as the partition key.
C. Write the messages to an Amazon ElastiCache for Memcached cluster with the payment ID as the key
D. Write the messages to an Amazon Simple Queue Service (Amazon SQS) queue Set the message attribute to use the payment ID
E. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID
Correct Answer
A. Write the messages to an Amazon DynamoDB table with the payment ID as the partition key
E. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID
Exam Question 450
A company is concerned about the security of its public web application due to recent web attacks. The application uses an Application Load Balancer (ALB). A solutions architect must reduce the risk of DDoS attacks against the application
What should the solutions architect do to meet this requirement?
A. Add an Amazon Inspector agent to the ALB
B. Configure Amazon Made to prevent attacks.
C. Enable AWS Shield Advanced to prevent attacks.
D. Configure Amazon GuardDuty to monitor the ALB
Correct Answer
C. Enable AWS Shield Advanced to prevent attacks.