The latest AWS Certified Solutions Architect – Associate SAA-C03 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Associate SAA-C03 exam and earn AWS Certified Solutions Architect – Associate SAA-C03 certification.
Table of Contents
- Exam Question 781
- Correct Answer
- Answer Description
- References
- Exam Question 782
- Correct Answer
- Answer Description
- Exam Question 783
- Correct Answer
- Answer Description
- References
- Exam Question 784
- Correct Answer
- Answer Description
- References
- Exam Question 785
- Correct Answer
- Answer Description
- References
- Exam Question 786
- Correct Answer
- Exam Question 787
- Correct Answer
- Exam Question 788
- Correct Answer
- Answer Description
- References
- Exam Question 789
- Correct Answer
- Answer Description
- Exam Question 790
- Correct Answer
- Answer Description
- References
Exam Question 781
In the context of AWS support, why must an EC2 instance be unreachable for 20 minutes rather than allowing customers to open tickets immediately?
A. Because most reachability issues are resolved by automated processes in less than 20 minutes
B. Because all EC2 instances are unreachable for 20 minutes every day when AWS does routine maintenance
C. Because all EC2 instances are unreachable for 20 minutes when first launched
D. Because of all the reasons listed here
Correct Answer
A. Because most reachability issues are resolved by automated processes in less than 20 minutes
Answer Description
An EC2 instance must be unreachable for 20 minutes before opening a ticket, because most reachability issues are resolved by automated processes in less than 20 minutes and will not require any action on the part of the customer. If the instance is still unreachable after this time frame has passed, then you should open a case with support.
References
Exam Question 782
In Amazon EC2 Container Service components, what is the name of a logical grouping of container instances on which you can place tasks?
A. A cluster
B. A container instance
C. A container
D. A task definition
Correct Answer
A. A cluster
Answer Description
Amazon ECS contains the following components:
A Cluster is a logical grouping of container instances that you can place tasks on. A Container instance is an Amazon EC2 instance that is running the Amazon ECS agent and has been registered into a cluster.
A Task definition is a description of an application that contains one or more container definitions. A Scheduler is the method used for placing tasks on container instances. A Service is an Amazon ECS service that allows you to run and maintain a specified number of instances of a task definition simultaneously.
A Task is an instantiation of a task definition that is running on a container instance. A Container is a Linux container that was created as part of a task.
Exam Question 783
In Amazon EC2 Container Service components, what is the name of a logical grouping of container instances on which you can place tasks?
A. A cluster
B. A container instance
C. A container
D. A task definition
Correct Answer
A. A cluster
Answer Description
Amazon ECS contains the following components:
A Cluster is a logical grouping of container instances that you can place tasks on. A Container instance is an Amazon EC2 instance that is running the Amazon ECS agent and has been registered into a cluster.
A Task definition is a description of an application that contains one or more container definitions. A Scheduler is the method used for placing tasks on container instances. A Service is an Amazon ECS service that allows you to run and maintain a specified number of instances of a task definition simultaneously.
A Task is an instantiation of a task definition that is running on a container instance. A Container is a Linux container that was created as part of a task.
References
- Amazon Elastic Container Service > Developer Guide > What is Amazon Elastic Container Service?
Exam Question 784
You have set up an Auto Scaling group. The cool down period for the Auto Scaling group is 7 minutes. The first instance is launched after 3 minutes, while the second instance is launched after 4 minutes. How many minutes after the first instance is launched will Auto Scaling accept another scaling activity request?
A. 11 minutes
B. 7 minutes
C. 10 minutes
D. 14 minutes
Correct Answer
A. 11 minutes
Answer Description
If an Auto Scaling group is launching more than one instance, the cool down period for each instance starts after that instance is launched. The group remains locked until the last instance that was launched has completed its cool down period. In this case the cool down period for the first instance starts after 3 minutes and finishes at the 10th minute (3+7 cool down), while for the second instance it starts at the 4th minute and finishes at the 11th minute (4+7 cool down). Thus, the Auto Scaling group will receive another request only after 11 minutes.
References
- Amazon EC2 Auto Scaling > User Guide > What is Amazon EC2 Auto Scaling?
Exam Question 785
You are trying to launch an EC2 instance, however the instance seems to go into a terminated status immediately. What would probably not be a reason that this is happening?
A. The AMI is missing a required part.
B. The snapshot is corrupt.
C. You need to create storage in EBS first.
D. You’ve reached your volume limit.
Correct Answer
C. You need to create storage in EBS first.
Answer Description
Amazon EC2 provides a virtual computing environments, known as an instance. After you launch an instance, AWS recommends that you check its status to confirm that it goes from the pending status to the running status, the not terminated status. The following are a few reasons why an Amazon EBS-backed instance might immediately terminate:
You’ve reached your volume limit. The AMI is missing a required part. The snapshot is corrupt.
References
- Amazon Elastic Compute Cloud > User Guide for Linux Instances > Instance terminates immediately
Exam Question 786
A company is implementing a data lake solution on Amazon S3. Its security policy mandates that the data stored in Amazon S3 should be encrypted at rest.
Which options can achieve this? (Select TWO.)
A. Use S3 server-side encryption with an Amazon EC2 key pair.
B. Use S3 server-side encryption with customer-provided keys (SSE-C).
C. Use S3 bucket policies to restrict access to the data at rest.
D. Use client-side encryption before ingesting the data to Amazon S3 using encryption keys.
E. Use SSL to encrypt the data while in transit to Amazon S3.
Correct Answer
B. Use S3 server-side encryption with customer-provided keys (SSE-C).
D. Use client-side encryption before ingesting the data to Amazon S3 using encryption keys.
Exam Question 787
A photo-sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An Amazon DynamoDB table maintains the locations of photos, and thumbnails are easily re-created from the originals if they are accidentally deleted.
How should the thumbnail images be stored to ensure the LOWEST cost?
A. Amazon S3 Standard-Infrequent Access (S3 Standard-IA) with cross-region replication
B. Amazon S3
C. Amazon Glacier
D. Amazon S3 with cross-region replication
Correct Answer
B. Amazon S3
Exam Question 788
A Solutions Architect is creating an application running in an Amazon VPC that needs to access AWS Systems Manager Parameter Store. Network security rules prohibit any route table entry with a 0.0.0.0/0 destination.
What infrastructure addition will allow access to the AWS service while meeting the requirements?
A. VPC peering
B. NAT instance
C. NAT gateway
D. AWS PrivateLink
Correct Answer
D. AWS PrivateLink
Answer Description
To publish messages to Amazon SNS topics from an Amazon VPC, create an interface VPC endpoint. Then, you can publish messages to SNS topics while keeping the traffic within the network that you manage with the VPC. This is the most secure option as traffic does not need to traverse the Internet.
CORRECT: “Use AWS PrivateLink” is the correct answer.
INCORRECT: “Use an Internet Gateway” is incorrect. Internet Gateways are used by instances in public subnets to access the Internet and this is less secure than an VPC endpoint.
INCORRECT: “Use a proxy instance” is incorrect. A proxy instance will also use the public Internet and so is less secure than a VPC endpoint.
INCORRECT: “Use a NAT gateway” is incorrect. A NAT Gateway is used by instances in private subnets to access the Internet and this is less secure than an VPC endpoint.
References
- Amazon Simple Notification Service > Developer Guide > What is Amazon SNS?
Exam Question 789
An application generates audit logs of operational activities. Compliance requirements mandate that the application retain the logs for 5 years.
How can these requirements be met?
A. Save the logs in an Amazon S3 bucket and enable Multi-Factor Authentication Delete (MFA Delete) on the bucket.
B. Save the logs in an Amazon EFS volume and use Network File System version 4 (NFSv4) locking with the volume.
C. Save the logs in an Amazon Glacier vault and use the Vault Lock feature.
D. Save the logs in an Amazon EBS volume and take monthly snapshots.
Correct Answer
C. Save the logs in an Amazon Glacier vault and use the Vault Lock feature.
Answer Description
Amazon Glacier, which enables long-term storage of mission-critical data, has added Vault Lock. This new feature allows you to lock your vault with a variety of compliance controls that are designed to support such long-term records retention.
Exam Question 790
A company creates business-critical 3D images every night. The images are batch-processed every Friday and require an uninterrupted 48 hours to complete.
What is the MOST cost-effective Amazon EC2 pricing model for this scenario?
A. On-Demand Instances
B. Scheduled Reserved Instances
C. Reserved Instances
D. Spot Instances
Correct Answer
B. Scheduled Reserved Instances
Answer Description
Scheduled Reserved Instances (Scheduled Instances) enable you to purchase capacity reservations that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year term. You reserve the capacity in advance, so that you know it is available when you need it. You pay for the time that the instances are scheduled, even if you do not use them.
Scheduled Instances are a good choice for workloads that do not run continuously, but do run on a regular schedule. For example, you can use Scheduled Instances for an application that runs during business hours or for batch processing that runs at the end of the week.
CORRECT: “Scheduled Reserved Instances” is the correct answer.
INCORRECT: “Standard Reserved Instances” is incorrect as the workload only runs for 4 hours a day this would be more expensive.
INCORRECT: “On-Demand Instances” is incorrect as this would be much more expensive as there is no discount applied.
INCORRECT: “Spot Instances” is incorrect as the workload cannot be interrupted once started. With Spot instances workloads can be terminated if the Spot price changes or capacity is required.
References
- Amazon Elastic Compute Cloud > User Guide for Linux Instances > Scheduled Reserved Instances