The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Question 561
A company slops a cluster of Amazon EC2 instances over a weekend. The costs decrease, but they do not drop to zero.
Which resources could still be generating costs? (Select TWO.)
* A. Elastic IP addresses
B. Data transfer out
C. Regional data transfers
* D. Amazon Elastic Block Store (Amazon EBS) volumes
E. AWS Auto Scaling
Question 562
A company has multiple AWS accounts with applications deployed in the us-west-2 Region Application togs are stored within Amazon S3 buckets in each account. The company wants to build a centralized log analysts solution that uses a single S3 bucket Logs must not leave us- west-2T and the company wants to incur minimal operational overhead.
Which solution meets these requirements and is MOST cost-effective?
* A. Create an S3 Lifecycle policy that copies the objects from one of the application S3 buckets to the centralized S3 bucket
B. Use S3 Same-Region Replication to replicate togs from the S3 buckets to another S3 bucket in us-west-2 Use this S3 bucket for log analysis
C. Write a script that uses the PutObject API operation every day to copy the entire contents of the buckets to another S3 bucket in us-west-2 Use this S3 bucket for log analysis
D. Write AWS Lambda functions in these accounts that are triggered every time logs ate delivered to the S3 buckets (s3 ObjectCreated. * event) Copy the logs to another S3 bucket in us-west-2 Use this S3 bucket for log analysis
Question 563
A company is designing a cloud communications platform trial is driven by APIs.
The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB).
The company uses Amazon API Gateway to provide external users with access to the application through APIs. The company wants to protect the platform against web exploits like SQL Injection and also wants to detect and mitigate large, sophisticated DDoS attacks.
Which combination of solutions provides the MOST protection? (Select TWO.)
* A. Use AWS WAF to protect the NLB
B. Use AWS Shield Advanced with the NLB
C. Use AWS WAF to protect Amazon API Gateway
* D. Use Amazon GuardDuty with AWS Shield Standard
E. Use AWS Shield Standard with Amazon API Gateway
Question 564
A company receives data from different sources and implements multiple applications to consume this data. There are many short-running jobs that run only on the weekend.
The data arrives in batches rather than throughout the entire weekend.
The company needs an environment on AWS to ingest and process this data while maintaining the order of the transactions.
Which combination of AWS services meets these requirements in the MOST cost-effective manner?
* A. Amazon Kinesis Data Streams with AWS Lambda
B. Amazon Kinesis Data Streams with Amazon EC2 Auto Scaling
C. Amazon Simple Queue Service (Amazon SQS) with AWS Lambda
D. Amazon Simple Queue Service (Amazon SQS) with Amazon EC2 Auto Scaling
Question 565
A company needs to use its on-premises LDAP directory service to authenticate its users to the AWS Management Console.
The directory service is not compatible with Security Assertion Markup Language (SAML).
Which solution meets these requirements?
* A. Enable AWS Single Sign-On between AWS and the on-premises LDAP
B. Create an 1AM policy mat uses AWS credentials and integrate the policy into LDAP
C. Set up a process that rotates the IAM credentials whenever LDAP credentials are updated.
D. Develop an on-premises custom identity broker application of process mat uses AWS Security Token Service (AWS STS) to get short-lived credentials
Question 566
An application running on AWS generates audit logs of operational activities Compliance requirements mandate that the application retain the logs for 5 years.
How can these requirements be met?
* A. Save the togs in an Amazon S3 bucket and enable MFA Delete on the bucket
B. Save the togs In an Amazon Elastic File System (Amazon EFS) volume and use Network File System version 4 (NFSv4) locking with the volume
C. Save the togs in an Amazon S3 Glacier vault and define a vault lock policy
D. Save the logs in an Amazon Elastic Block Store (Amazon EBS) volume and take monthly snapshots
Question 567
A company’s security policy requires that alt AWS API activity in its AWS accounts be recorded for periodic auditing. The company needs to ensure that AWS CloudTrail is enabled on all of its current and future AWS accounts using AWS Organizations.
Which solution is MOST secure?
A. At the organization’s root define and attach a service control policy (SCP) that permits enabling CloudTrail only
B. Create IAM groups in the organization’s master account as needed Define and attach an IAM policy to the groups that prevents users from disabling CloudTrail
C. Organize accounts into organizational units (OUs) At the organization’s root, define and attach a service control policy (SCP) that prevents users from disabling CloudTrail
* D. Add all existing accounts under the organization’s root Define and attach a service control policy (SCP) to every account that prevents users from disabling CloudTrail
Question 568
A company sells ringtones created from clips of popular songs. The files containing the ringtones are stored in Amazon S3 Standard and are at least 123 KB m size.
The company has millions of files but downloads are infrequent for ringtones older than 90 days. The company needs to save money on storage while keeping the most accessed files readily available for its users.
Which action should the company take to meet these requirements MOST cost-effectively?
* A. Configure S3 Standard-infrequent Access (S3 Standard-IA) storage for the initial storage tier of the objects
B. Move the files to S3 Intelligent-Tiering and configure it to move objects to a less expensive storage tier after 90 days
C. Configure S3 inventory to manage objects and move them to S3 Standard-infrequent Access (S3 Standard-IA) after 90 days
D. Implement an S3 Lifecycle policy that moves the objects from S3 Standard to S3 Standard- Infrequent Access (S3 Standard-IA) after 90 days
Question 569
A company wants to improve the availability of an existing firewall.
To meet the compliance requirements of the applications hosted in the VPC.
The company’s security team is using a proprietary firewall running on Amazon EC2 instances. All internet traffic flows through the primary firewall.
When the primary firewall goes down, the team manually changes the VPC route table so that it uses a secondary firewall running in a different Availability Zone.
Which strategies should a solutions architect use to improve the availability of the firewall? (Select TWO.)
A. Create an EC2 gateway endpoint In the VPC where the firewall is hosted.
B. Create an EC2 interface endpoint in the VPC where the firewall is hosted.
C. Enable enhanced networking on the EC2 instance running the proprietary firewall
* D. Deploy a scheduled AWS Lambda function in the VPC to monitor the primary firewall and change the route table to use the secondary firewall in case of failure.
* E. Monitor the firewall instance health in Amazon EventBridge (Amazon CloudWatch Events). Trigger an event rule to restart the primary firewall upon a detected failure.
Question 570
A company wants to educe Its Amazon S3 storage costs in its production environment without impacting durability or performance of the stored objects.
What is the FIRST step the company should take to meet these objectives?
A. Enable Amazon Made on the business-critical S3 buckets to classify the sensitivity of the objects
B. Enable S3 analytics to Identify S3 buckets that are candidates for transitioning to S3 Standard- Infrequent Access (S3 Standard-IA)
C. Enable versioning on all business-critical S3 buckets.
* D. Migrate me objects in all S3 buckets to S3 Intelligent-Tie ring