The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Table of Contents
- Exam Question 671
- Correct Answer
- Exam Question 672
- Correct Answer
- Exam Question 673
- Correct Answer
- Exam Question 674
- Correct Answer
- Exam Question 675
- Correct Answer
- Exam Question 676
- Correct Answer
- Exam Question 677
- Correct Answer
- References
- Exam Question 678
- Correct Answer
- Exam Question 679
- Correct Answer
- Exam Question 680
- Correct Answer
Exam Question 671
A company hosts its web application on AWS using seven Amazon EC2 instances.
The company requires that the IP addresses of all healthy EC2 instances be returned in response to DNS queries.
Which policy should be used to meet this requirement?
A. Simple routing policy
B. Latency routing policy
C. Multivalue routing policy
D. Geolocation routing policy
Correct Answer
C. Multivalue routing policy
Exam Question 672
A solutions architect is designing a highly available website that is served by multiple web servers hosted outside of AWS.
If an instance becomes unresponsive, the architect needs to remove it from the rotation.
What is the MOST efficient way to fulfill this requirement?
A. Use Amazon CloudWatch to monitor utilization.
B. Use Amazon API Gateway to monitor availability.
C. Use an Amazon Elastic Load Balancer.
D. Use Amazon Route 53 health checks.
Correct Answer
C. Use an Amazon Elastic Load Balancer.
Exam Question 673
An eCommerce website is deploying its web application as Amazon Elastic Container Service (Amazon ECS) container instances behind an Application Load Balancer (ALB). During periods of high activity, the website slows down and availability is reduced.
A solutions architect uses Amazon CloudWatch alarms to receive notifications whenever there is an availability issue so they can scale out resources. Company management wants a solution that automatically responds to such events.
Which solution meets these requirements?
A. Set up AWS Auto Scaling to scale out the ECS service when there are timeouts on the ALB. Set up AWS Auto Scaling to scale out the ECS cluster when the CPU or memory reservation is too high.
B. Set up AWS Auto Scaling to scale out the ECS service when the ALB CPU utilization is too high. Set up AWS Auto Scaling to scale out the ECS cluster when the CPU or memory reservation is too high.
C. Sot up AWS Auto Scaling to scale out the ECS service when the service’s CPU utilization is too high. Set up AWS Auto Scaling to scale out the ECS cluster when the CPU or memory reservation is too high.
D. Set up AWS Auto Scaling to scale out the ECS service when the ALB target group CPU utilization is too high. Set up AWS Auto Scaling to scale out the ECS cluster when the CPU or memory reservation is too high.
Correct Answer
A. Set up AWS Auto Scaling to scale out the ECS service when there are timeouts on the ALB. Set up AWS Auto Scaling to scale out the ECS cluster when the CPU or memory reservation is too high.
Exam Question 674
A company wants to migrate its web application to AWS. The legacy web application consists of a web tier, an application tier, and a MySQL database.
The re-architected application must consist of technologies that do not require the administration team to manage instances or clusters.
Which combination of services should a solutions architect include in the overall architecture? (Select TWO)
A. Amazon Aurora Serverless
B. Amazon EC2 Spot Instances
C. Amazon Elasticsearch Service (Amazon ES)
D. Amazon RDS for MySQL
E. AWS Fargate
Correct Answer
D. Amazon RDS for MySQL
E. AWS Fargate
Exam Question 675
A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for 1AM user passwords.
What should the solutions architect do to accomplish this?
A. Set an overall password policy for the entire AWS account
B. Set a password policy for each 1AM user in the AWS account.
C. Use third-party vendor software to set password requirements,
D. Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.
Correct Answer
A. Set an overall password policy for the entire AWS account
Exam Question 676
A solutions architect must design a database solution for a high-traffic eCommerce web application.
The database stores customer profiles and shopping cart information.
The database must support a peak load of several million requests each second and deliver responses in milliseconds.
The operational overhead for managing and scaling the database must be minimized.
Which database solution should the solutions architect recommend?
A. Amazon Aurora
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon Redshift
Correct Answer
A. Amazon Aurora
Exam Question 677
A company’s website hosted on Amazon EC2 instances processes classified data stored in Amazon S3. Due to security concerns, the company requires a private and secure connection between its EC2 resources and Amazon S3.
Which solution meets these requirements?
A. Set up S3 bucket policies to allow access from a VPC endpoint.
B. Set up an IAM policy to grant read-write access to the S3 bucket.
C. Set up a NAT gateway to access resources outside the private subnet.
D. Set up an access key ID and a secret access key to access the S3 bucket.
Correct Answer
A. Set up S3 bucket policies to allow access from a VPC endpoint.
References
- Amazon Simple Storage Service > User Guide > Controlling access from VPC endpoints with bucket policies
Exam Question 678
A company uses Amazon S3 to store its confidential audit documents.
The S3 bucket uses bucket policies to restrict access to audit team 1AM user credentials according to the principle of least privilege.
Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.
What should a solutions architect do to secure the audit documents?
A. Enable the versioning and MFA Delete features on the S3 bucket
B. Enable multi-factor authentication (MFA) on the 1AM user credentials for each audit team 1AM user account.
C. Add an S3 Lifecycle policy to the audit team’s 1AM user accounts to deny the s3:DeleteOb|ect action during audit dates.
D. Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit team 1AM user accounts from accessing the KMS key.
Correct Answer
A. Enable the versioning and MFA Delete features on the S3 bucket
Exam Question 679
A company Is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in Amazon RDS MySQL Multi-AZ DB instances.
The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web-based attacks.
What should a solutions architect recommend?
A. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Configure the EC2 instance iptables rules to drop suspicious web traffic. Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
B. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Move DB instances to the same subnets that EC2 instances are located in. Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group.
D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.
Correct Answer
D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.
Exam Question 680
A company is running a multi-tier web application on-premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records. The operational overhead of maintaining the infrastructure and capacity planning is limiting the company’s growth. A solutions architect must improve the application’s infrastructure.
Which combination of actions should the solutions architect take to accomplish this? (Select TWO.)
A. Migrate the PostgreSQL database to Amazon Aurora
B. Migrate the web application to be hosted on Amazon EC2 instances.
C. Set up an Amazon CloudFront distribution for the web application content.
D. Set up Amazon ElastiCache between the web application and the PostgreSQL database
E. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS)
Correct Answer
A. Migrate the PostgreSQL database to Amazon Aurora
E. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS)