The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Table of Contents
- Exam Question 641
- Correct Answer
- Exam Question 642
- Correct Answer
- Exam Question 643
- Correct Answer
- Exam Question 644
- Correct Answer
- Exam Question 645
- Correct Answer
- Exam Question 646
- Correct Answer
- Exam Question 647
- Correct Answer
- Exam Question 648
- Correct Answer
- Exam Question 649
- Correct Answer
- Exam Question 650
- Correct Answer
Exam Question 641
A company needs to run its external website on Amazon EC2 instances and on-premises virtualized servers.
The AWS environment has a 1 GB AWS Direct Connect connection to the data center. The application has IP addresses that will not change.
The on-premises and AWS servers are able to restart themselves while maintaining the same IP address if a failure occurs.
Some website users have to add their vendors to an allow list, so the solution must have a fixed IP address.
The company needs a solution with the lowest operational overhead to handle this split traffic. What should a solutions architect do to meet these requirements?
A. Deploy an Amazon Route 53 Resolver with rules pointing to the on-premises and AWS IP addresses
B. Deploy a Network Load Balancer on AWS. Create target groups for the on-premises and AWS IP addresses.
C. Deploy an Application Load Balancer on AWS Register the on-premises and AWS IP addresses with the target group.
D. Deploy Amazon API Gateway to direct traffic to the on-premises and AWS IP addresses based on the header of the request.
Correct Answer
A. Deploy an Amazon Route 53 Resolver with rules pointing to the on-premises and AWS IP addresses
Exam Question 642
A company wants to migrate its 1PB on-premises image repository to AWS.
The images will be used by a serverless web application Images stored in the repository are rarely accessed, but they must be immediately available. Additionally, the images must be encrypted at rest and protected from accidental deletion.
Which solution meets these requirements?
A. Implement client-side encryption and store the images in an Amazon S3 Glacier vault. Set a vault lock to prevent accidental deletion.
B. Store the images in an Amazon S3 bucket in the S3 Standard-Infrequent Access (S3 Standard- IA) storage class. Enable versioning: default encryption, and MFA Delete on the S3 bucket
C. Store the images in an Amazon FSx for Windows File Server file share. Configure the Amazon FSx file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share. Use NTFS permission sets on the images to prevent accidental deletion
D. Store the images in an Amazon Elastic File System (Amazon EFS) file share in the Infrequent Access storage class. Configure the EFS file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share. Use NFS permission set on the images to prevent accidental deletion.
Correct Answer
B. Store the images in an Amazon S3 bucket in the S3 Standard-Infrequent Access (S3 Standard- IA) storage class. Enable versioning: default encryption, and MFA Delete on the S3 bucket
Exam Question 643
A solutions architect is investigating AWS file storage solutions that can be used with a company’s on-premises Linux servers and applications. The company has an existing VPN connection set up between the company’s VPC and its on-premises network.
Which AWS services should the solutions architect use? (Select TWO)
A. AWS Backup
B. AWS DataSync
C. AWS Snowball Edge
D. AWS Storage Gateway
E. Amazon Elastic File System (Amazon EFS)
Correct Answer
A. AWS Backup
E. Amazon Elastic File System (Amazon EFS)
Exam Question 644
A financial company operates its production AWS environment in the us-east-1 Region and uses Amazon Elastic Block Store (Amazon EBS) snapshots to back up its instances.
To meet a compliance requirement, the company must maintain a secondary copy of all critical data at least 100 miles (160.9 km) away from its primary location.
What is the MOST cost-effective way for the company to meet this requirement?
A. Replicate the EBS snapshots to a different Availability Zone in us-east-1.
B. Replicate the EBS snapshots to us-east-2.
C. Replicate the EBS snapshots to us-west-1.
D. Replicate the EBS snapshots to us-west-2
Correct Answer
C. Replicate the EBS snapshots to us-west-1.
Exam Question 645
A company seeks a storage solution for its application. The solution must be highly available and scalable.
The solution also must function as a file system, be mountable by multiple Linux instances in AWS and on-premises through native protocols, and have no minimum size requirements.
The company has set up a Site-to-Site VPN for access from its on-premises network to its VPC. Which storage solution meets these requirements?
A. Amazon FSx Multi-AZ deployments
B. Amazon Elastic Block Store (Amazon EBS) Multi-Attach volumes
C. Amazon Elastic File System (Amazon EFS) with multiple mount targets
D. Amazon Elastic File System (Amazon EFS) with a single mount target and multiple access points
Correct Answer
C. Amazon Elastic File System (Amazon EFS) with multiple mount targets
Exam Question 646
A solutions architect needs to host a high performance computing (HPC) workload in the AWS Cloud.
The workload will run on hundreds of Amazon EC2 instances and will require parallel access to a shared file system to enable distributed processing of large datasets. Datasets will be accessed across multiple instances simultaneously.
The workload requires access latency within 1 ms.
After processing has completed, engineer will need access to the dataset for manual postprocessing.
Which solution will meet these requirements?
A. Use Amazon Elastic File System (Amazon EFS) as a shared file system. Access the dataset from Amazon EFS.
B. Mount an Amazon S3 bucket to serve as the shared file system Perform postprocessing directly from the S3 bucket
C. Use Amazon FSx for Lustre as a shared file system. Link the file system to an Amazon S3 bucket for postprocessing.
D. Configure AWS Resource Access Manager to share an Amazon S3 bucket so that it can be mounted to all instances for processing and postprocessing
Correct Answer
A. Use Amazon Elastic File System (Amazon EFS) as a shared file system. Access the dataset from Amazon EFS.
Exam Question 647
The DNS provider that hosts a company’s domain name records is experiencing outages that cause service disruption for a website running on AWS.
The company needs to migrate to a more resilient managed DNS service and wants the service to run on AWS.
What should a solutions architect do to rapidly migrate the DNS hosting service?
A. Create an Amazon Route 53 public hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider.
B. Create an Amazon Route 53 private hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider
C. Create a Simple AD directory in AWS. Enable zone transfer between the DNS provider and AWS Directory Service for Microsoft Active Directory for the domain records.
D. Create an Amazon Route 53 Resolver inbound endpoint in the VPC. Specify the IP addresses that the provider’s DNS will forward DNS queries to Configure the provider’s DNS to forward DNS queries for the domain to the IP addresses that are specified in the inbound endpoint.
Correct Answer
A. Create an Amazon Route 53 public hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider.
Exam Question 648
A solutions architect needs to allow developers to have SSH connectivity to web servers The requirements are as follows:
- Limit access to users originating from the corporate
- Web servers cannot have SSH access directly from the
- Web servers reside in a private
Which combination of steps must the architect complete to meet these requirements? (Select TWO.)
A. Create a bastion host that authenticates users against the corporate directory
B. Create a bastion host with security group rules that only allow traffic from the corporate network.
C. Attach an 1AM role to the bastion host with relevant permissions
D. Configure the web servers’ security group to allow SSH traffic from a bastion host.
E. Deny all SSH traffic from the corporate network in the inbound network ACL.
Correct Answer
A. Create a bastion host that authenticates users against the corporate directory
E. Deny all SSH traffic from the corporate network in the inbound network ACL.
Exam Question 649
A company wants to monitor its AWS costs for financial review. The cloud operations team is designing an architecture in the AWS Organizations master account to query AWS Cost and Usage Reports for all member accounts.
The team must run this query once a month and provide a detailed analysis of the bill.
Which solution is the MOST scalable and cost-effective way to meet these requirements?
A. Enable Cost and Usage Reports in the master account. Deliver reports to Amazon Kinesis. Use Amazon EMR for analysis.
B. Enable Cost and Usage Reports in the master account. Deliver the reports to Amazon S3. Use Amazon Athena for analysis.
C. Enable Cost and Usage Reports for member accounts. Deliver the reports to Amazon S3. Use Amazon Redshift for analysis.
D. Enable Cost and Usage Reports for member accounts. Deliver the reports to Amazon Kinesis. Use Amazon QuicKSight for analysis.
Correct Answer
B. Enable Cost and Usage Reports in the master account. Deliver the reports to Amazon S3. Use Amazon Athena for analysis.
Exam Question 650
A solutions architect is designing a solution that will include a database in Amazon RDS Corporate security policy mandates that the database its logs, and its backups are all encrypted.
What is the MOST efficient option to fulfill the security policy using Amazon RDS?
A. Launch an Amazon RDS instance with encryption enabled Enable encryption for logs and backups
B. Launch an Amazon RDS instance Enable encryption for the database, logs, and backups
C. Launch an Amazon RDS instance with encryption enabled Logs and backups are automatically encrypted
D. Launch an Amazon RDS instance Enable encryption for backups Encrypt logs with a database- engine feature
Correct Answer
C. Launch an Amazon RDS instance with encryption enabled Logs and backups are automatically encrypted