The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Question 511
A company Is seeing access requests by some suspicious IP addresses. The security team discovers the requests are horn different IP addresses under the same CIDR range.
What should a solutions architect recommend to the team?
A. Add a deny rule in the outbound table of the network ACL with a tower rule number than other rules.
B. Add a rule In the outbound table of the security group to deny the traffic from that CIDR range.
* C. Add a deny rule in the Inbound table of the network ACL with a lower rule number than other rules.
D. Add a rule in the inbound table of the security group to deny the traffic from that CIDR range.
Question 512
A solutions architect must create a highly available bastion host architecture. The solution needs to be resilient within a single AWS Region and should require only minimal effort to maintain.
What should the solutions architect do to meet these requirements?
A. Create a Network Load Balancer backed by an Auto Scaling group with a UDP listener.
B. Create a Network Load Balancer backed by the existing serves in different Availability Zones as the target.
C. Create a Network Load Balancer backed by a Spot Fleet with instances in a group with instances in a partition placement group.
* D. Create a Network Load Balancer backed by an Auto Scaling with instances in multiple Availability zones as the target.
Question 513
A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.
What should a solutions architect do to mitigate any single point of failure in this architecture?
* A. Add a second virtual private gateway and attach it to the Management VPC.
B. Add a second VPC peering connection between the Management VPC and the Production VPC.
C. Add a set of VPNs between the Management and Production VPCs.
D. Add a second set of VPNs to the Management VPC from a second customer gateway device.
Question 514
A company that operates a web application on-premises is preparing to launch a newer version of the application on AWS. The company needs to route requests to either the AWS-hosted or the on-premises-hosted application based on the URL query string.
The on-premises application is not available from the internet, and a VPN connection is established between Amazon VPC and the company’s data center. The company wants to use an Application Load Balancer (ALB) for this launch.
Which solution meets these requirements?
A. Use two ALBs: one for on-premises and one for the AWS resource. Add hosts to each target group of each ALB. Route with Amazon Route 53 based on the URL query string.
B. Use two ALBs: one for on-premises and one for the AWS resource. Add hosts to the target group of each ALB. Create a software router on an EC2 instance based on the URL query string.
* C. Use one ALB with two target groups: one for the AWS resource and one for on-premises. Add hosts to each target group of the ALB. Configure listener rules based on the URL query string.
D. Use one ALB with two AWS Auto Scaling groups: one for the AWS resource and one for on-premises. Add hosts to each Auto Scaling group. Route with Amazon Route 53 based on the URL query string.
Explanation
The host-based routing feature allows you to write rules that use the Host header to route traffic to the desired target group. Today we are extending and generalizing this feature, giving you the ability to write rules (and route traffic) based on standard and custom HTTP headers and methods, the query string, and the source IP address.
Question 515
A company has an asynchronous web application where Amazon API Gateway triggers AWS Lambda functions to perform write and update operations on an Amazon RDS DB instance. During periods of extreme use API Gateway and Lambda scale in response to the incoming workload but service outages occur due to congestion with Amazon RDS.
The company is seeking a cost-effective design to alleviate this congestion. What should a solutions architect recommend’?
A. implement RDS storage autoscaling with a larger instance type
B. Create read replicas to alleviate me read requests on the database
C. Use Amazon Kinesis to poll the incoming requests from API Gateway to the Lambda functions
* D. Use Amazon Simple Queue Service (Amazon SQS) to buffer the incoming requests before delivering them to the Lambda functions
Question 516
A company has several web servers that need to frequently access a common Amazon RDS MySQL Multi-AZ instance.
The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.
A company has several web servers that need to frequently access a common Amazon ROS MySQL Muto-AZ DB instance.
The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.
Which solution meets these requirements?
* A. Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager
B. Store the database user credentials m AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter
C. Store the database user credentials in a secure Amazon S3 bucket. Grant the necessary IAM permissions to allow the web servers to retrieve credentials and access the database
D. Store the database user credentials in fries encrypted with AWS Key Management Service (AWS KMS) on the web server file system. The web server should be able to decrypt the files and access the database
Question 517
A user owns a MySQL database that is accessed by various clients who expect, at most, 100 ms latency on requests.
Once a record is stored in the database, it is rarely changed. Clients only access one record at a time.
Database access has been increasing exponentially due to increased client demand.
The resultant load will soon exceed the capacity of the most expensive hardware available for purchase.
The user wants to migrate to AWS, and is willing to change database systems.
Which service would alleviate the database load issue and offer virtually unlimited scalability for the future?
A. Amazon RDS
* B. Amazon DynamoDB
C. Amazon Redshift
D. AWS Data Pipeline
Question 518
A company has an AWS Direct Connect connection from its corporate data center to its VPC in the us-east-1 Region.
The company recently acquired a corporation that has several VPCs and a Direct Connect connection between its on-premises data center and the eu-west-2 Region.
The CIDR blocks for the VPCs of the company and the corporation do not overlap. The company requires connectivity between two Regions and the data centers.
The company needs a solution that is scalable while reducing operational overhead. What should a solutions architect do to meet these requirements?
A. Set up inter-Region VPC peering between the VPC m us-east-1 and the VPCs in eu-west-2
B. Create private virtual interfaces from the Direct Connect connection in us-east-1 to the VPCs in eu-west-2
C. Establish VPN appliances in a fully meshed VPN network hosted by Amazon EC2 Use AWS VPN CloudHub to send and receive data between the data centers and each VPC
* D. Connect the existing Direct Connect connection to a Direct Connect gateway Route traffic from the virtual private gateways of the VPCs in each Region to the Direct Connect gateway
Question 519
A company is using various types of amazon EC-2 On-Demand instances.
The company suspects that these instances have greater CPU and memory capacity than its workloads require.
Which actions should the company take to obtain recommendation to optimize cost?
* A. Use AWS Trusted Advisor for instance type recommendations.
B. Use AWS Compute Optimizer for instance type recommendations.
C. Use AWS Budgets for instance type recommendations.
* D. Use Cost Explorer rightsizing recommendations.
E. Use Amazon Inspector to identify underutilized EC2 instances.
Question 520
A global company plans to track and store information about local allergens in an Amazon DynamoOB table and query this data from its website.
- The company anticipates that website traffic will fluctuate.
- The company estimates that the combined read and write capacity units will range from 10.
- 10.000 per second, depending on the severity of the conditions for the given day.
- A solutions architect must design a solution that avoids throttling issues and manages capacity efficiently.
What should the solutions architect do to meet these requirements MOST cost-effectively?
A. Use provisioned capacity mode. Set the table’s read capacity units to 10,000.
* B. Use provisioned capacity mode and a scaling policy in DynamoDB auto scaling
C. Use on-demand capacity made for a couple of months. Then switch to provisioned capacity mode
D. Use on-demand capacity mode only. Configure DynamoDB Accelerator (DAX) to be in front of the tab