Free Amazon Web Services SAA-C03 Practice Exam with Questions & Answers | Set: 12

Amazon S3 Object Lambda allows you to add your own code to process data retrieved from S3 before it is returned to an application. You can use this to dynamically redact or remove PII for specific applications on-the-fly, eliminating the need to manage multiple buckets or datasets, thus minimizing operational overhead.

Reference Extract:

"S3 Object Lambda enables you to process and transform data as it is retrieved from S3, supporting use cases such as redacting sensitive information before returning data to an application."

Source: AWS Certified Solutions Architect – Official Study Guide, Data Security and Transformation section.

By exporting AWS Cost and Usage Reports (CUR) to Amazon S3 and analyzing them with Amazon QuickSight, companies can generate interactive visual dashboards. This solution is fully AWS-managed, requires no third-party tools, and integrates deeply with AWS cost data.

AWS Backup is the most appropriate solution for managing backups with minimal operational overhead while meeting the regulatory requirement to retain data for 90 days and enabling point-in-time restore for up to 14 days.

AWS Backup: AWS Backup provides a centralized backup management solution that supports automated backup scheduling, retention management, and compliance reporting across AWS services, including Amazon RDS. By creating a backup plan, you can define a retention period (in this case, 90 days) and automate the backup process.

Point-in-Time Restore (PITR): Amazon RDS supports point-in-time restore for up to 35 days with automated backups. By using AWS Backup in conjunction with RDS, you ensure that your backup strategy meets the requirement for restoring data to a specific point in time within the last 14 days.

Why Not Other Options?:

Option A (RDS Automated Backups): While RDS automated backups support PITR, they do not directly support retention beyond 35 days without manual intervention.

Option B (Manual Snapshots): Manually creating and managing snapshots is operationally intensive and less automated compared to AWS Backup.

Option C (Aurora Clones): Aurora Clone is a feature specific to Amazon Aurora and is not applicable to Amazon RDS for Oracle.

AWS References:

AWS Backup- Overview of AWS Backup and its capabilities.

Amazon RDS Automated Backups- Information on how RDS automated backups work and their limitations.

AWS Lambda supports functions up to 10 GB of memory and 15 minutes execution time. Each invocation here requires only 1 GB of memory and finishes in 30 seconds, making it an ideal fit for Lambda. Lambda is cost-effective for event-driven, short-duration workloads and requires no infrastructure management. AWS Glue and EMR are better suited for large-scale ETL or distributed processing, which is unnecessary and more costly for this workload.

AWS Documentation Extract:

“AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. You pay only for the compute time you consume. Lambda supports up to 10 GB memory and 15 minutes per invocation.”

(Source: AWS Lambda documentation)

B, D: AWS Glue is intended for ETL on larger datasets or batch jobs, usually with higher operational overhead and cost.

C: EMR is for large-scale distributed processing and is not cost-effective for single, fast, memory-bound jobs.

ECS with Fargate: Allows containerized workloads to scale rapidly without managing underlying servers, handling unpredictable growth effectively.

RDS for Relational Data: Manages large relational datasets efficiently while supporting high availability.

SQS for Decoupling: Ensures message processing occurs in a specific order, decoupling application components and allowing independent evolution.

AWS ECS with Fargate Documentation,AWS SQS Documentation

Why Option B is Correct:

Amazon SQS: Ensures no requests are lost, even during traffic spikes.

API Gateway: Handles dynamic traffic patterns efficiently, integrating with SQS for asynchronous processing.

Lambda: Polls the queue and processes requests in a serverless and scalable manner.

Dead-Letter Queue (DLQ): Ensures failed messages are retried or logged for debugging.

Why Other Options Are Not Ideal:

Option A: Elastic Beanstalk cannot handle queue-based decoupling, making it unsuitable for spiky traffic.

Option C: ALB to Lambda does not provide buffering for traffic spikes, risking request loss.

Option D: SNS is better suited for notifications, not reliable for ensuring message durability.

AWS References:

Amazon SQS:AWS Documentation - SQS

Amazon RDS does not support enabling encryption at rest on an existing unencrypted DB instance. To encrypt an existing RDS instance’s data at rest, the recommended method is to:

Take a snapshot of the unencrypted DB instance.

Create an encrypted copy of the snapshot using AWS KMS. This encrypted snapshot contains the existing data encrypted at rest.

Restore a new DB instance from the encrypted snapshot. This new instance will have encryption at rest enabled.

Additionally, to manage encryption keys securely, companies can use customer managed keys (CMKs) in AWS Key Management Service (KMS). CMKs provide greater control over key management policies, rotation, and usage permissions compared to default AWS managed keys. Using a CMK allows customization of access control and auditability.

Option A is incorrect because you cannot enable encryption directly on a snapshot; you must create an encrypted copy. Option C is invalid because encryption cannot be enabled by modifying an existing instance’s configuration. Option D refers to the default AWS managed key, which is less flexible than customer managed keys.

AWS Service Catalogallows organizations to centrally manage commonly deployed IT services and offers self-service deployment capabilities to customers. By creatingService Catalog products, the consulting company can package their solutions and tools for easy reuse by customers while maintaining central control over configuration and access. This provides a standardized and automated solution with the least operational overhead for managing and deploying solutions across different customers.

Option A (CloudFormation): CloudFormation templates are useful but don't provide the same level of management and user-friendly self-service capabilities as Service Catalog.

Option C (Systems Manager): Systems Manager is more focused on managing infrastructure and doesn't offer the same self-service capabilities.

Option D (AWS Config): AWS Config is used for tracking resource configurations, not for deploying solutions.

AWS References:

AWS Service Catalog

Amazon S3 Express One Zone provides single-digit millisecond latency and high throughput, making it ideal for ML workloads that require multiple compute nodes and fast access. It is also more cost-effective than traditional file or block storage for temporary, high-speed needs.

In Amazon Aurora, a custom endpoint is a feature that allows you to create a load-balanced endpoint that directs traffic to a specific set of instances in your Aurora DB cluster. This is particularly useful when you want to route traffic to a subset of instances that have different configurations or when you want to isolate specific workloads (e.g., reporting queries) to certain instances.

Custom Endpoint: The correct solution is to create a custom endpoint that includes the three Aurora Replicas that the department wants to use for near-real-time reporting. This custom endpoint will distribute the reporting queries only across the three selected replicas with the specified compute and memory configurations, ensuring that these queries do not affect the rest of the DB cluster.

Other Options:

Option B (Create a three-node cluster clone): This would create a separate cluster with its own resources, but it is not necessary and could incur additional costs. Also, it doesn't leverage the existing replicas.

Option C (Use any of the instance endpoints): This would involve manually managing connections to individual instances, which is not scalable or automatic.

Option D (Use the reader endpoint): The reader endpoint would distribute the read queries across all replicas in the cluster, not just the selected three. This would not meet the requirement to limit the reporting queries to only three specific replicas.

AWS References:

Amazon Aurora Endpoints- Provides detailed information on the different types of endpoints available in Aurora, including custom endpoints.

Custom Endpoints in Amazon Aurora- Specific documentation on how to create and use custom endpoints to direct traffic to selected instances in an Aurora cluster.