Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Amazon Web Services SAA-C03 Practice Exam with Questions & Answers | Set: 11

Questions 201

A healthcare company is developing an AWS Lambda function that publishes notifications to an encrypted Amazon Simple Notification Service (Amazon SNS) topic. The notifications contain protected health information (PHI).

The SNS topic uses AWS Key Management Service (AWS KMS) customer-managed keys for encryption. The company must ensure that the application has the necessary permissions to publish messages securely to the SNS topic.

Which combination of steps will meet these requirements? (Select THREE.)

Options:
A.

Create a resource policy for the SNS topic that allows the Lambda function to publish messages to the topic.

B.

Use server-side encryption with AWS KMS keys (SSE-KMS) for the SNS topic instead of customer-managed keys.

C.

Create a resource policy for the encryption key that the SNS topic uses that has the necessary AWS KMS permissions.

D.

Specify the Lambda function ' s Amazon Resource Name (ARN) in the SNS topic ' s resourcepolicy.

E.

Associate an Amazon API Gateway HTTP API with the SNS topic to control access to the topic by using API Gateway resource policies.

F.

Configure a Lambda execution role that has the necessary IAM permissions to use a customer-managed key in AWS KMS.

Amazon Web Services SAA-C03 Premium Access
Questions 202

A company runs a monolithic application in its on-premises data center. The company used Java/Tomcat to build the application. The application uses Microsoft SQL Server as a database.

The company wants to migrate the application to AWS.

Which solution will meet this requirement with the LEAST operational overhead?

Options:
A.

Use AWS App2Container to containerize the application. Deploy the application on Amazon Elastic Kubernetes Service (Amazon EKS). Deploy the database to Amazon RDS for SQL Server. Configure a Multi-AZ deployment.

B.

Containerize the application and deploy the application on a self-managed Kubernetes cluster on an Amazon EC2 instance. Deploy the database on a separate EC2 instance. Set up Microsoft SQL Server Always On availability groups.

C.

Deploy the frontend of the web application as a website on Amazon S3. Use Amazon DynamoDB for the database tier.

D.

Use AWS App2Container to containerize the application. Deploy the application on Amazon Elastic Kubernetes Service (Amazon EKS). Use Amazon DynamoDB for the database tier.

Questions 203

A company is creating a mobile financial app that gives users the ability to sign up and store personal information. The app uses an Amazon DynamoDB table to store user details and preferences.

The app generates a credit score report by using the data that is stored in DynamoDB. The app sends credit score reports to users once every month.

The company needs to provide users with an option to remove their data and preferences. The app must delete customer data within one month of receiving a request to delete the data.

Which solution will meet these requirements with the LEAST operational overhead?

Options:
A.

Create an AWS Lambda function to delete user information. Create an Amazon EventBridge rule that runs when a specified TTL expires. Configure the EventBridge rule to invoke the Lambda function.

B.

Create a DynamoDB stream. Create an AWS Lambda function to delete user information. When a specified TTL expires, write user information to the DynamoDB stream from the DynamoDB table. Configure the DynamoDB stream to invoke the Lambda function to delete user information.

C.

Enable TTL in DynamoDB. Set the expiration date as an attribute. Create an AWS Lambda function to set the TTL based on the expiration date value. Invoke the Lambda function when a user requests to delete personal data.

D.

Enable TTL in DynamoDB. Create an AWS Lambda function to delete user information. Configure AWS Config to detect the DynamoDB state change when TTL expires and to invoke the Lambda function.

Questions 204

How can a law firm make files publicly readable while preventing modifications or deletions until a specific future date?

Options:
A.

Upload files to an Amazon S3 bucket configured for static website hosting. Grant read-only IAM permissions to any AWS principals.

B.

Create an S3 bucket. Enable S3 Versioning. Use S3 Object Lock with a retention period. Create a CloudFront distribution. Use a bucket policy to restrict access.

C.

Create an S3 bucket. Enable S3 Versioning. Configure an event trigger with AWS Lambda to restore modified objects from a private S3 bucket.

D.

Upload files to an S3 bucket for static website hosting. Use S3 Object Lock with a retention period. Grant read-only IAM permissions.

Questions 205

A company runs an online order management system on AWS. The company stores order and inventory data for the previous 5 years in an Amazon Aurora MySQL database. The company deletes inventory data after 5 years.

The company wants to optimize costs to archive data.

Which solution will meet this requirement?

Options:
A.

Create an AWS Glue crawler to export data to Amazon S3. Create an AWS Lambda function to compress the data.

B.

Use the SELECT INTO OUTFILE S3 query on the Aurora database to export the data to Amazon S3. Configure S3 Lifecycle rules on the S3 bucket.

C.

Create an AWS Glue DataBrew job to migrate data from Aurora to Amazon S3. Configure S3 Lifecycle rules on the S3 bucket.

D.

Use the AWS Schema Conversion Tool (AWS SCT) to replicate data from Aurora to Amazon S3. Use the S3 Standard-Infrequent Access (S3 Standard-IA) storage class.

Questions 206

A company stores data in Amazon S3. According to regulations, the data must not contain personally identifiable information (PII). The company recently discovered that S3 buckets have some objects that contain PII. The company needs to automatically detect PII in S3 buckets and to notify the company ' s security team. Which solution will meet these requirements?

Options:
A.

Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData event type from Macie findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.

B.

Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.

C.

Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData:S3Object/Personal event type from Macie findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.

D.

Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.

Questions 207

A financial company is migrating banking applications to AWS accounts managed through AWS Organizations. The applications store sensitive customer data on Amazon EBS volumes, and the company takes regular snapshots for backups.

The company must implement controls across all accounts to prevent sharing EBS snapshots publicly, with the least operational overhead.

Which solution will meet these requirements?

Options:
A.

Enable AWS Config rules for each OU to monitor EBS snapshot permissions.

B.

Enable block public access for EBS snapshots at the organization level.

C.

Create an IAM policy in the root account that prevents users from modifying snapshot permissions.

D.

Use AWS CloudTrail to track snapshot permission changes.

Questions 208

A city ' s weather forecast team is using Amazon DynamoDB in the data tier for an application. The application has several components. The analysis component of the application requires repeated reads against a large dataset. The application has started to temporarily consume all the read capacity in the DynamoDB table and is negatively affecting other applications that need to access the same data.

Which solution will resolve this issue with the LEAST development effort?

Options:
A.

Use DynamoDB Accelerator (DAX).

B.

Use Amazon CloudFront in front of DynamoDB.

C.

Create a DynamoDB table with a local secondary index (LSI).

D.

Use Amazon ElastiCache in front of DynamoDB.

Questions 209

A company is designing a new application that uploads files to an Amazon S3 bucket. The uploaded files are processed to extract metadata.

Processing must take less than 5 seconds. The volume and frequency of the uploads vary from a few files each hour to hundreds of concurrent uploads.

Which solution will meet these requirements MOST cost-effectively?

Options:
A.

Configure AWS CloudTrail trails to log Amazon S3 API calls. Use AWS AppSync to process the files.

B.

Configure a new object created S3 event notification within the bucket to invoke an AWS Lambda function to process the files.

C.

Configure Amazon Kinesis Data Streams to deliver the files to the S3 bucket. Invoke an AWS Lambda function to process the files.

D.

Deploy an Amazon EC2 instance. Create a script that lists all files in the S3 bucket and processes new files. Use a cron job that runs every minute to run the script.

Questions 210

A company needs an automated solution to detect cryptocurrency mining activity on Amazon EC2 instances. The solution must automatically isolate any identified EC2 instances for forensic analysis.

Which solution will meet these requirements?

Options:
A.

Create an Amazon EventBridge rule that runs when Amazon GuardDuty detects cryptocurrency mining activity. Configure the rule to invoke an AWS Lambda function to isolate the identified EC2 instances.

B.

Create an AWS Security Hub custom action that runs when Amazon GuardDuty detects cryptocurrency mining activity. Configure the custom action to invoke an AWS Lambda function to isolate the identified EC2 instances.

C.

Create an Amazon Inspector rule that runs when Amazon GuardDuty detects cryptocurrency mining activity. Configure the rule to invoke an AWS Lambda function to isolate the identified EC2 instances.

D.

Create an AWS Config custom rule that runs when AWS Config detects cryptocurrency mining activity. Configure the rule to invoke an AWS Lambda function to isolate the identified EC2 instances.

Questions 211

The DNS provider that hosts a company ' s domain name records is experiencing outages that cause service disruption for a website running on AWS. The company needs to migrate to a more resilient managed DNS service and wants the service to run on AWS.

What should a solutions architect do to rapidly migrate the DNS hosting service?

Options:
A.

Create an Amazon Route 53 public hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider.

B.

Create an Amazon Route 53 private hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider.

C.

Create a Simple AD directory in AWS. Enable zone transfer between the DNS provider and AWS Directory Service for Microsoft Active Directory for the domain records.

D.

Create an Amazon Route 53 Resolver inbound endpoint in the VPC. Specify the IP addresses that the provider ' s DNS will forward DNS queries to. Configure the provider ' s DNS to forward DNS queries for the domain to the IP addresses that are specified in the inbound endpoint.

Questions 212

A solutions architect must design a database solution for a high-traffic ecommerce web application. The database stores customer profiles and shopping cart information. The database must support a peak load of several million requests each second and deliver responses in milliseconds. The operational overhead for managing and scaling the database must be minimized.

Which database solution should the solutions architect recommend?

Options:
A.

Amazon Aurora

B.

Amazon DynamoDB

C.

Amazon RDS

D.

Amazon Redshift

Questions 213

A company has a legacy mainframe system that can retrieve data only from systems that provide synchronous RESTful APIs. A developer at the company creates a new web service to calculate stock prices. The new web service takes 3 minutes on average to process each request. The developer must integrate the new web service with the legacy mainframe system.

Which solution will meet these requirements?

Options:
A.

Deploy an Amazon API Gateway REST API. Integrate the REST API with an AWS Lambda function. Configure the legacy mainframe to use the REST API endpoint.

B.

Deploy an Amazon API Gateway HTTP API. Integrate the HTTP API with an AWS Lambda function. Configure the legacy mainframe to use the HTTP API endpoint.

C.

Deploy an Amazon API Gateway WebSocket API. Integrate the WebSocket API with an AWS Lambda function. Configure the legacy mainframe to use the WebSocket API endpoint.

D.

Configure a URL for an AWS Lambda function. Configure the legacy mainframe to use the Lambda function URL endpoint.

Questions 214

A finance company uses backup software to back up its data to physical tape storage on-premises. To comply with regulations, the company needs to store the data for 7 years. The company must be able to restore archived data within one week when necessary.

The company wants to migrate the backup data to AWS to reduce costs. The company does not want to change the current backup software.

Which solution will meet these requirements MOST cost-effectively?

Options:
A.

Use AWS Storage Gateway Tape Gateway to copy the data to virtual tapes. Use AWS DataSync to migrate the virtual tapes to the Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Change the target of the backup software to S3 Standard-IA.

B.

Convert the physical tapes to virtual tapes. Use AWS DataSync to migrate the virtual tapes to Amazon S3 Glacier Flexible Retrieval. Change the target of the backup software to the S3 Glacier Flexible Retrieval.

C.

Use AWS Storage Gateway Tape Gateway to copy the data to virtual tapes. Migrate the virtual tapes to Amazon S3 Glacier Deep Archive. Change the target of the backup software to the virtual tapes.

D.

Convert the physical tapes to virtual tapes. Use AWS Snowball Edge storage-optimized devices to migrate the virtual tapes to Amazon S3 Glacier Flexible Retrieval. Change the target of the backup software to S3 Glacier Flexible Retrieval.

Questions 215

A company is developing a photo-hosting application in the us-east-1 Region. The application gives users across multiple countries the ability to upload and view photos. Some photos are heavily viewed for months, while other photos are viewed for less than a week. The application allows users to upload photos that are up to 20 MB in size. The application uses photo metadata to determine which photos to display to each user.

The company needs a cost-effective storage solution to support the application.

Options:
A.

Store the photos in Amazon DynamoDB. Turn on DynamoDB Accelerator (DAX).

B.

Store the photos in the Amazon S3 Intelligent-Tiering storage class. Store the photo metadata and the S3 location URLs in Amazon DynamoDB.

C.

Store the photos in the Amazon S3 Standard storage class. Set up an S3 Lifecycle policy to move photos older than 30 days to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Use object tags to keep track of metadata.

D.

Store the photos in an Amazon DynamoDB table. Use the DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) storage class. Store the photo metadata in Amazon ElastiCache.

Questions 216

A company hosts a public product catalog. The product catalog is accessible through an Amazon API Gateway REST API with AWS Lambda function integrations in a single AWS Region. Most traffic consists of read-only GET requests to the /products resource from global users. The catalog changes approximately once every hour.

The company needs to lower latency for global users and reduce the load on the Lambda functions.

Which solution will meet these requirements?

Options:
A.

Enable API Gateway response caching for the GET /products resource. Set a 1-hour TTL.

B.

Place an Amazon CloudFront distribution in front of API Gateway. Cache GET responses with a 1-hour TTL.

C.

Increase the Lambda function memory for the functions that handle the GET /products resource.

D.

Move the API to an Application Load Balancer that uses Amazon EC2 instances to cache the catalog.

Questions 217

A company has an organization in AWS Organizations that has all features enabled. The company has multiple Amazon S3 buckets in multiple AWS Regions around the world. The S3 buckets contain sensitive data.

The company needs to ensure that no personally identifiable information (PII) is stored in the S3 buckets. The company also needs a scalable solution to identify PII.

Which solution will meet these requirements?

Options:
A.

In the Organizations management account, configure an Amazon Macie administrator IAM user as the delegated administrator for the global organization. Use the Macie administrator user to configure Macie settings to scan for PII.

B.

For each Region in the Organizations management account, designate a delegated Amazon Macie administrator account. In the Macie administrator account, add all accounts in the organization. Use the Macie administrator account to enable Macie. Configure automated sensitive data discovery for all accounts in the organization.

C.

For each Region in the Organizations management account, configure a service control policy (SCP) to identify PII. Apply the SCP to the organization root.

D.

In the Organizations management account, configure AWS Lambda functions to scan for PII in each Region.

Questions 218

A company has a VPC with multiple private subnets that host multiple applications. The applications must not be accessible to the internet. However, the applications need to access multiple AWS services. The applications must not use public IP addresses to access the AWS services.

Options:
A.

Configure interface VPC endpoints for the required AWS services. Route traffic from the private subnets through the interface VPC endpoints.

B.

Deploy a NAT gateway in each private subnet. Route traffic from the private subnets through the NAT gateways.

C.

Deploy internet gateways in each private subnet. Route traffic from the private subnets through the internet gateways.

D.

Set up an AWS Direct Connect connection between the private subnets. Route traffic from the private subnets through the Direct Connect connection.

Questions 219

A media company needs to migrate its Windows-based video editing environment to AWS. The company ' s current environment processes 4K video files that require sustained throughput of 2 GB per second across multiple concurrent users.

The company ' s storage needs increase by 1 TB each week. The company needs a shared file system that supports SMB protocol and can scale automatically based on storage demands.

Which solution will meet these requirements?

Options:
A.

Deploy an Amazon FSx for Windows File Server Multi-AZ file system with SSD storage.

B.

Deploy an Amazon Elastic File System (Amazon EFS) file system in Max I/O mode. Provision mount targets in multiple Availability Zones.

C.

Deploy an Amazon FSx for Lustre file system with a Persistent 2 deployment type. Provision the file system with 2 TB of storage.

D.

Deploy Amazon S3 File Gateway by using multiple cached gateway instances. Configure S3 Transfer Acceleration.

Questions 220

A company runs an application in a VPC on AWS. The company ' s on-premises data center has a DNS server. The data center is connected to AWS through an AWS Direct Connect connection with a private virtual interface (VIF). The on-premises DNS server needs to resolve the DNS name of the application in the VPC.

Options:
A.

Set up AWS Verified Access endpoints in the VPC. Configure DNS forwarding rules in Verified Access. Configure the on-premises DNS server to forward DNS queries through the Verified Access endpoints.

B.

Configure the Direct Connect connection to enable DNS resolution between the on-premises DNS server and the application in the VPC.

C.

Create an Amazon Route 53 Resolver outbound endpoint and a Resolver rule in the VPC. Configure the on-premises DNS server to send requests for the application to the outbound endpoint.

D.

Create an Amazon Route 53 Resolver inbound endpoint in the VPC. Configure the on-premises DNS server to send requests for the application to the inbound endpoint.