The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Table of Contents
- Exam Question 681
- Correct Answer
- Exam Question 682
- Correct Answer
- Exam Question 683
- Correct Answer
- Exam Question 684
- Correct Answer
- Exam Question 685
- Correct Answer
- Exam Question 686
- Correct Answer
- Exam Question 687
- Correct Answer
- Exam Question 688
- Correct Answer
- Exam Question 689
- Correct Answer
- Exam Question 690
- Correct Answer
Exam Question 681
A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications.
What should a solutions architect do to reduce the operational burden?
A. Use multi-factor authentication (MFA) to protect the encryption keys
B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys
C. Use AWS Certificate Manager (ACM) to create, store and assign the encryption keys
D. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys
Correct Answer
B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys
Exam Question 682
A solutions architect is designing a solution that involves orchestrating a series of Amazon Elastic Container Service (Amazon ECS) task types running on Amazon EC2 instances that are part of an ECS cluster. The output and state data for all tasks needs to be stored.
The amount of data output by each task is approximately 10MB, and there could be hundreds of tasks running at a time. The system should be optimized for high-frequency reading and writing. As old outputs are archived and deleted, the storage size is not expected to exceed 1TB.
Which storage solution should the solutions architect recommend?
A. An Amazon DynamoDB table accessible by all ECS cluster instances.
B. An Amazon Elastic File System (Amazon EFS) with Provisioned Throughput mode.
C. An Amazon Elastic File System (Amazon EFS) file system with Bursting Throughput mode.
D. An Amazon Elastic File System (Amazon EFS) volume mounted to the ECS cluster instances.
Correct Answer
C. An Amazon Elastic File System (Amazon EFS) file system with Bursting Throughput mode.
Exam Question 683
A company is running a media store across multiple Amazon EC2 instances distributed across multiple Availability Zones in a single VPC.
The company wants a high-performing solution to share data between all the EC2 instances, and prefers to keep the data within the VPC only.
What should a solutions architect recommend?
A. Create an Amazon S3 bucket and call the service APIs from each instance’s application.
B. Create an Amazon S3 bucket and configure all instances to access it as a mounted volume.
C. Configure an Amazon Elastic Block Store (Amazon EBS) volume and mount it across all instances.
D. Configure an Amazon Elastic File System (Amazon EFS) file system and mount it across all instances.
Correct Answer
D. Configure an Amazon Elastic File System (Amazon EFS) file system and mount it across all instances.
Exam Question 684
A solutions architect is designing a publicly accessible web application that is on an Amazon CloudFront distribution with an Amazon S3 website endpoint as the origin.
When the solution is deployed, the website returns an Error 403: Access Denied message.
Which steps should the solutions architect take to correct the issue? (Select TWO.)
A. Remove the S3 block public access option from the S3 bucket.
B. Remove the requester pays option from the S3 bucket.
C. Remove the origin access identity (OAI) from the CloudFront distribution.
D. Change the storage class from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone- IA).
E. Disable S3 object versioning
Correct Answer
A. Remove the S3 block public access option from the S3 bucket.
B. Remove the requester pays option from the S3 bucket.
Exam Question 685
A company is planning a large event where a promotional offer will be introduced. The company’s website is hosted on AWS and backed by an Amazon RDS for PostgreSQL DB instance. The website explains the promotion and includes a sign-up page that collects user information and preferences. Management expects large and unpredictable volumes of traffic periodically, which will create many database writes.
A solutions architect needs to build a solution that does not change the underlying data model and ensures that submissions are not dropped before they are committed to the database.
Which solutions meets these requirements?
A. Immediately before the event, scale up the existing DB instance to meet the anticipated demand. Then scale down after the event.
B. Use Amazon SQS to decouple the application and database layers. Configure an AWS Lambda function to write items from the queue into the database.
C. Migrate to Amazon DynamoDB and manage throughput capacity with automatic scaling.
D. Use Amazon ElastiCache for Memcached to increase write capacity to the DB instance.
Correct Answer
B. Use Amazon SQS to decouple the application and database layers. Configure an AWS Lambda function to write items from the queue into the database.
Exam Question 686
A company’s lease of a co-located storage facility will expire in 90 days. The company wants to move to AWS to avoid signing a contract extension. The company’s environment consists of 200 virtual machines and a NAS with 40 TB of data. Most of the data is archival, yet instant access is required when data is requested.
Leadership wants to ensure minimal downtime during the migration. Each virtual machine has a number of customized configurations. The company’s existing 1 Gbps network connection is mostly idle, especially after business hours.
Which combination of steps should the company take to migrate to AWS while minimizing downtime and operational impact? (Select TWO)
A. Use new Amazon EC2 instances and reinstall all application code.
B. Use AWS SMS to migrate the virtual machines.
C. Use AWS Storage Gateway to migrate the data to cloud-native storage.
D. Use AWS Snowball to migrate the data.
E. Use AWS SMS to copy the infrequently accessed data from the NAS.
Correct Answer
B. Use AWS SMS to migrate the virtual machines.
C. Use AWS Storage Gateway to migrate the data to cloud-native storage.
Exam Question 687
A company is deploying a public-facing global application on AWS using Amazon CloudFront. The application communicates with an external system. A solutions architect needs to ensure the data is secured during end-to-end transit and at rest.
Which combination of steps will satisfy these requirements? (Select TWO)
A. Create a public certificate for the required domain in AWS Certificate Manager and deploy it to CloudFront, an Application Load Balancer, and Amazon EC2 instances.
B. Acquire a public certificate from a third-party vendor and deploy it to CloudFront, an Application Load Balancer, and Amazon EC2 instances.
C. Provision Amazon EBS encrypted volumes using AWS KMS and ensure explicit encryption of data when writing to Amazon EBS.
D. Use SSL or encrypt data while communicating with the external system using a VPN.
E. Communicate with the external system using plaintext and use the VPN to encrypt the data in transit.
Correct Answer
C. Provision Amazon EBS encrypted volumes using AWS KMS and ensure explicit encryption of data when writing to Amazon EBS.
D. Use SSL or encrypt data while communicating with the external system using a VPN.
Exam Question 688
A company has a media catalog with metadata for each item in the catalog. Different types of metadata are extracted from the media items by an application running on AWS Lambda.
Metadata is extracted according to a number of rules, with the output stored in an Amazon ElastiCache for Redis cluster. The extraction process is done in batches and takes around 40 minutes to complete. The update process is triggered manually whenever the metadata extraction rules change.
The company wants to reduce the amount of time it takes to extract metadata from its media catalog. To achieve this, a solutions architect has split the single metadata extraction Lambda function into a Lambda function for each type of metadata.
Which additional steps should the solutions architect take to meet the requirements?
A. Create an AWS Step Functions workflow to run the Lambda functions in parallel. Create another Step Functions workflow that retrieves a list of media items and executes a metadata extraction workflow for each one.
B. Create an AWS Batch compute environment for each Lambda function. Configure an AWS Batch job queue for the compute environment. Create a Lambda function to retrieve a list of media items and write each item to the job queue.
C. Create an AWS Step Functions workflow to run the Lambda functions in parallel. Create a Lambda function to retrieve a list of media items and write each item to an Amazon SQS queue. Configure the SQS queue as an input to the Step Functions workflow.
D. Create a Lambda function to retrieve a list of media items and write each item to an Amazon SQS queue. Subscribe the metadata extraction Lambda functions to the SQS queue with a large batch size.
Correct Answer
C. Create an AWS Step Functions workflow to run the Lambda functions in parallel. Create a Lambda function to retrieve a list of media items and write each item to an Amazon SQS queue. Configure the SQS queue as an input to the Step Functions workflow.
Exam Question 689
A user has underutilized on-premises resources.
Which AWS Cloud concept can BEST address this issue?
A. High Availability
B. Elasticity
C. Security
D. Loose Coupling
Correct Answer
B. Elasticity
Exam Question 690
A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3.
These files are encrypted using AWS Key Management Service Customer Master Keys (AWS KMS CMKs).
A solutions architect needs to design a solution that will ensure the required permissions are set correctly.
Which combination of actions accomplish this? (Select TWO)
A. Attach the kms.decrypt permission to the Lambda function’s resource policy.
B. Grant the decrypt permission for the Lambda IAM role in the KMS key’s policy.
C. Grant the decrypt permission for the Lambda resource policy in the KMS key’s policy.
D. Create a new IAM policy with the kms:decrypt permission and attach the policy to the Lambda function.
E. Create a new IAM role with the kms decrypt permission and attach the execution role to the Lambda function.
Correct Answer
B. Grant the decrypt permission for the Lambda IAM role in the KMS key’s policy.
E. Create a new IAM role with the kms decrypt permission and attach the execution role to the Lambda function.