The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Table of Contents
- Exam Question 621
- Correct Answer
- Exam Question 622
- Correct Answer
- Exam Question 623
- Correct Answer
- Exam Question 624
- Correct Answer
- Exam Question 625
- Correct Answer
- Exam Question 626
- Correct Answer
- Exam Question 627
- Correct Answer
- Exam Question 628
- Correct Answer
- Exam Question 629
- Correct Answer
- Exam Question 630
- Correct Answer
Exam Question 621
A company wants to create an application that will transmit protected health information (PHI) to thousands of service consumers in different AWS accounts.
The application servers will sit in private VPC subnets The routing for the application must be fault tolerant.
What should be done to meet these requirements?
A. Create a VPC endpoint service and grant permissions to specific service consumers to create a connection
B. Create a virtual private gateway connection between each pair of service provider VPCs and service consumer VPCs
C. Create an internal Application Load Balancer in the service provider VPC and put application servers behind it.
D. Create a proxy server in the service provider VPC to route requests from service consumers to the application servers.
Correct Answer
A. Create a VPC endpoint service and grant permissions to specific service consumers to create a connection
Exam Question 622
A company uses an Amazon S3 bucket as its data lake storage platform.
The S3 bucket contains a massive amount of data that is accessed randomly by multiple teams and hundreds of applications.
The company wants to reduce the S3 storage costs and provide immediate availability for frequently accessed objects.
What is the MOST operationally efficient solution that meets these requirements?
A. Create an S3 Lifecycle rule to transition objects to the S3 Intelligent-Tiering storage class
B. Store objects in Amazon S3 Glacier. Use S3 Select to provide applications with access to the data
C. Use data from S3 storage class analysis to create S3 Lifecycle rules to automatically transition objects to the S3 Standard-Infrequent Access {S3 Standard-IA) storage class
D. Transition objects to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create an AWS Lambda function to transition objects to the S3 Standard storage class when they are accessed by an application
Correct Answer
A. Create an S3 Lifecycle rule to transition objects to the S3 Intelligent-Tiering storage class
Exam Question 623
A solutions architect is designing a system that will store personally identifiable information (Pll) in an Amazon S3 bucket.
Due to compliance and regulatory requirements, both the master keys and the unencrypted data should never be sent to AWS.
Which Amazon S3 encryption technique should the architect choose?
A. Amazon S3 client-side encryption with an AWS Key Management Service {AWS KMS) managed customer master key (CMK)
B. Amazon S3 server-side encryption with AWS KMS managed encryption keys (SSE-KMS)
C. Amazon S3 client-side encryption with a client-side master key
D. Amazon S3 server-side encryption with customer-provided encryption keys (SSE-C)
Correct Answer
D. Amazon S3 server-side encryption with customer-provided encryption keys (SSE-C)
Exam Question 624
A company is making a prototype of the infrastructure for its new website by manually provisioning the necessary infrastructure.
This infrastructure includes an Auto Scaling group an Application Load Balancer, and an Amazon RDS database.
After the configuration has been thoroughly validated the company wants the capability to immediately deploy the infrastructure for development and production use in two Availability Zones in an automated fashion.
What should a solutions architect recommend to meet these requirements?
A. Use AWS Systems Manager to replicate and provision the prototype infrastructure in two Availability Zones
B. Define the infrastructure as a template by using the prototype infrastructure as a guide Deploy the infrastructure with AWS CloudFormation
C. Use AWS Config to record the inventory of resources that are used in the prototype infrastructure Use AWS Config to deploy the prototype infrastructure into two Availability Zones.
D. Use AWS Elastic Beanstalk and configure it to use an automated reference to the prototype infrastructure to automatically deploy new environments in two Availability Zones
Correct Answer
B. Define the infrastructure as a template by using the prototype infrastructure as a guide Deploy the infrastructure with AWS CloudFormation
Exam Question 625
A company uses Amazon S3 for storing a variety of files.
A solutions architect needs to design a feature that will allow users to instantly restore any deleted files within 30 days of deletion.
Which is the MOST cost-efficient solution?
A. Create lifecycle policies that move the objects to Amazon S3 Glacier and delete them after 30 days
B. Enable Cross-Region Replication Empty the replica bucket every 30 days using an AWS Lambda function
C. Enable versioning and create a lifecycle policy to remove expired versions after 30 days.
D. Enable versioning and MFA Delete Using a Lambda function remove MFA Delete from objects more than 30 days old
Correct Answer
A. Create lifecycle policies that move the objects to Amazon S3 Glacier and delete them after 30 days
Exam Question 626
A company runs analytics software on Amazon EC2 instances.
The software accepts job requests from users to process data that has been uploaded to Amazon S3.
Users report that some submitted data is not being processed Amazon CloudWatch reveals that the EC2 instances have a consistent CPU utilization at or near 100%.
The company wants to improve system performance and scale the system based on user load. What should a solutions architect do to meet these requirements?
A. Create a copy of the instance. Place all instances behind an Application Load Balancer
B. Create an S3 VPC endpoint for Amazon S3 Update the software to reference the endpoint.
C. Stop the EC2 instances Modify the instance type to one with a more powerful CPU and more memory. Restart the instances
D. Route incoming requests to Amazon Simple Queue Service (Amazon SQS) Configure an EC2 Auto Scaling group based on queue size. Update the software to read from the queue
Correct Answer
A. Create a copy of the instance. Place all instances behind an Application Load Balancer
Exam Question 627
A company provides a three-tier web application to its customers.
Each customer has an AWS account in which the application is deployed, and these accounts are members of the company’s organization in AWS Organizations.
To protect its customers’ AWS accounts and applications the company wants to monitor them for unusual and unexpected behavior.
The company needs to analyze and monitor customer VPC Flow Logs. AWS CloudTrail logs, and DNS logs.
What should a solutions architect do to meet these requirements?
A. Designate an account in the organization as the AWS Shield master account. Enable Shield and Shield logs in every account and invite the accounts to join the Shield master account. Analyze Shield findings m the Shield master account
B. Designate an account in the organization as the Amazon GuardDuty master account. Enable GuardDuty in every account and invite the accounts to join the GuardDuty master account Analyze GuardDuty finding in the GuardDuty master account
C. Designate an account in the organization as the AWS WAF master account. Enable AWS WAF and AWS WAF logs in every account and invite the accounts to join the AWS WAF master account. Analyze AWS WAF logs in the AWS WAF master account
D. Designate an account in the organization as the AWS Resource Access Manager (AWS RAM) master account. Enable AWS RAM in every account, and invite the accounts to join the AWS RAM master account. Analyze AWS RAM logs in the AWS RAM master account
Correct Answer
B. Designate an account in the organization as the Amazon GuardDuty master account. Enable GuardDuty in every account and invite the accounts to join the GuardDuty master account Analyze GuardDuty finding in the GuardDuty master account
Exam Question 628
A company is running an application on AWS to process weather sensor data that is stored in an Amazon S3 bucket.
Three batch jobs run hourly to process the data in the S3 bucket for different purposes.
The company wants to reduce the overall processing time by running the three applications in parallel using an event-based approach.
What should a solutions architect do to meet these requirements?
A. Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Subscribe all applications to the queue for processing
B. Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SQS) standard queue. Create an additional SQS queue for all applications and subscribe all applications to the initial queue for processing
C. Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SQS) FIFO queues. Create an additional SQS queue for each application and subscribe each queue to the initial topic for processing
D. Enable S3 Event Notifications for new objects to an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon Simple Queue Service (Amazon SQS) queue for each application and subscribe each queue to the topic for processing
Correct Answer
C. Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SQS) FIFO queues. Create an additional SQS queue for each application and subscribe each queue to the initial topic for processing
Exam Question 629
A company hosts its multi-tier applications on AWS.
For compliance, governance, auditing, and security, the company must track configuration changes on its AWS resources and record a history of API calls made o these resources.
What should a solutions architect do to meet these requirements?
A. Use AWS CloudTrail to track configuration changes and AWS Config to record API calls
B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls
C. Use AWS Config to track configuration changes and Amazon CloudWatch to record API calls
D. Use AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls
Correct Answer
B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls
Exam Question 630
A user is designing a new service that receives location updates from 3 600 rental cars every hour.
The cars upload their location to an Amazon S3 bucket.
Each location must be checked for distance from the original rental location.
Which services will process the updates and automatically scale?
A. Amazon EC2 and Amazon Elastic Block Store (Amazon EBS)
B. Amazon Kinesis Data Firehose and Amazon S3
C. Amazon Elastic Container Service (Amazon ECS) and Amazon RDS
D. Amazon S3 events and AWS Lambda
Correct Answer
B. Amazon Kinesis Data Firehose and Amazon S3