Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Amazon Web Services SAA-C03 Practice Exam with Questions & Answers | Set: 12

Questions 221

A company is building a new web-based customer relationship management application. The application will use several Amazon EC2 instances that are backed by Amazon EBS volumes behind an Application Load Balancer (ALB). The application will also use an Amazon Aurora database. All data for the application must be encrypted at rest and in transit.

Which solution will meet these requirements?

Options:
A.

Use AWS KMS certificates on the ALB to encrypt data in transit. Use AWS Certificate Manager (ACM) to encrypt the EBS volumes and Aurora database storage at rest.

B.

Use the AWS root account to log in to the AWS Management Console. Upload the company ' s encryption certificates. While in the root account, select the option to turn on encryption for all data at rest and in transit for the account.

C.

Use AWS KMS to encrypt the EBS volumes and Aurora database storage at rest. Attach an AWS Certificate Manager (ACM) certificate to the ALB to encrypt data in transit.

D.

Use BitLocker to encrypt all data at rest. Import the company ' s TLS certificate keys to AWS KMS. Attach the KMS keys to the ALB to encrypt data in transit.

Amazon Web Services SAA-C03 Premium Access
Questions 222

A company manages millions of documents in hundreds of Amazon S3 buckets in multiple AWS Regions. The company must determine whether any of the S3 buckets contain personally identifiable information (PII).

Which solution will meet this requirement with the LEAST operational overhead?

Options:
A.

Use Amazon Detective to detect PII in the S3 buckets.

B.

Use AWS Trusted Advisor to generate PII notifications.

C.

Use Amazon Macie to detect PII in the S3 buckets.

D.

Use AWS Lambda functions to review each file in the S3 buckets to identify PII.

Questions 223

Question:

An ecommerce company hosts an API that handles sales requests. The company hosts the API frontend on Amazon EC2 instances that run behind an Application Load Balancer (ALB). The company hosts the API backend on EC2 instances that perform the transactions. The backend tiers are loosely coupled by an Amazon Simple Queue Service (Amazon SQS) queue.

The company anticipates a significant increase in request volume during a new product launch event. The company wants to ensure that the API can handle increased loads successfully.

Options:

Options:
A.

Double the number of frontend and backend EC2 instances to handle the increased traffic during the product launch event. Create a dead-letter queue to retain unprocessed sales requests when the demand exceeds the system capacity.

B.

Place the frontend EC2 instances into an Auto Scaling group. Create an Auto Scaling policy to launch new instances to handle the incoming network traffic.

C.

Place the frontend EC2 instances into an Auto Scaling group. Add an Amazon ElastiCache cluster in front of the ALB to reduce the amount of traffic the API needs to handle.

D.

Place the frontend and backend EC2 instances into separate Auto Scaling groups. Create a policy for the frontend Auto Scaling group to launch instances based on incoming network traffic. Create a policy for the backend Auto Scaling group to launch instances based on the SQS queue backlog.

Questions 224

A company serves its website by using an Auto Scaling group of Amazon EC2 instances in a single AWS Region. The website does not require a database

The company is expanding, and the company ' s engineering team deploys the website to a second Region. The company wants to distribute traffic across both Regions to accommodate growth and for disaster recovery purposes The solution should not serve traffic from a Region in which the website is unhealthy.

Which policy or resource should the company use to meet these requirements?

Options:
A.

An Amazon Route 53 simple routing policy

B.

An Amazon Route 53 multivalue answer routing policy

C.

An Application Load Balancer in one Region with a target group that specifies the EC2 instance IDs from both Regions

D.

An Application Load Balancer in one Region with a target group that specifies the IP addresses of the EC2 instances from both Regions

Questions 225

A company hosts a public web application on AWS with a three-tier architecture: a frontend Auto Scaling group, an application Auto Scaling group, and an Amazon RDS database.

During unexpected traffic spikes, the company notices long delays in startup time when the frontend and application tiers scale out. The company needs to improve scaling performance without negatively affecting user experience.

Which solution will meet these requirements MOST cost-effectively?

Options:
A.

Decrease the minimum number of EC2 instances for both Auto Scaling groups. Increase the desired number of instances to meet peak demand.

B.

Configure the maximum number of instances for both Auto Scaling groups to the number required for peak demand. Create a warm pool.

C.

Increase the maximum number of EC2 instances for both Auto Scaling groups to meet normal demand. Create a warm pool.

D.

Use scheduled scaling. Increase EC2 and RDS instance sizes.

Questions 226

A company uses an Amazon CloudFront distribution to serve content pages for its website. The company needs to ensure that clients use a TLS certificate when accessing the company ' s website. The company wants to automate the creation and renewal of the TLS certificates.

Which solution will meet these requirements with the MOST operational efficiency?

Options:
A.

Use a CloudFront security policy to create a certificate.

B.

Use a CloudFront origin access control (OAC) to create a certificate.

C.

Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain.

D.

Use AWS Certificate Manager (ACM) to create a certificate. Use email validation for the domain.

Questions 227

A solutions architect is creating a website that will be hosted from an Amazon S3 bucket. The website must support secure browser connections (HTTPS).

Which combination of actions must the solutions architect take to meet this requirement? (Select TWO.)

Options:
A.

Create an Elastic Load Balancing (ELB) load balancer. Configure the load balancer to direct traffic to the S3 bucket.

B.

Create an Amazon CloudFront distribution. Set the S3 bucket as an origin.

C.

Configure the Elastic Load Balancing (ELB) load balancer with an SSL/TLS certificate.

D.

Configure the Amazon CloudFront distribution with an SSL/TLS certificate.

E.

Configure the S3 bucket with an SSL/TLS certificate.

Questions 228

A company runs an internet-facing web application on AWS and uses Amazon Route 53 with a public hosted zone.

The company wants to log DNS response codes to support future root cause analysis.

Which solution will meet these requirements?

Options:
A.

Use Route 53 to configure query logging.

B.

Use AWS CloudTrail to record all Route 53 queries.

C.

Use Amazon CloudWatch metrics for Route 53.

D.

Use AWS Trusted Advisor for root cause analysis.

Questions 229

A company is developing a rating system for its ecommerce web application. The company needs a solution to save ratings that users submit in an Amazon DynamoDB table.

The company wants to ensure that developers do not need to interact directly with the DynamoDB table. The solution must be scalable and reusable.

Which solution will meet these requirements with the LEAST operational overhead?

Options:
A.

Create an Application Load Balancer (ALB). Create an AWS Lambda function, and set the function as a target group in the ALB. Invoke the Lambda function by using the put_item method through the ALB.

B.

Create an AWS Lambda function. Configure the Lambda function to interact with the DynamoDB table by using the put-item method from Boto3. Invoke the Lambda function from the web application.

C.

Create an Amazon Simple Queue Service (Amazon SQS) queue and an AWS Lambda function that has an SQS trigger type. Instruct the developers to add customer ratings to the SQS queue as JSON messages. Configure the Lambda function to fetch the ratings from the queue and store the ratings in DynamoDB.

D.

Create an Amazon API Gateway REST API Define a resource and create a new POST method Choose AWS as the integration type, and select DynamoDB as the service. Set the action to PutItem.

Questions 230

A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer ALB. The company uses Amazon Route 53 to route traffic. The company also has a static website that is configured in an Amazon S3 bucket.

A solutions architect must use the static website as a backup to the web application. The failover to the static website must be fully automated.

Which combination of actions will meet these requirements? Select TWO.

Options:
A.

Create a primary failover routing policy record. Configure the value to be the ALB.

B.

Create an AWS Lambda function to switch from the primary website to the secondary website when the health check fails.

C.

Create a primary failover routing policy record. Configure the value to be the ALB. Associate the record with a Route 53 health check.

D.

Create a secondary failover routing policy record. Configure the value to be the static website. Associate the record with a Route 53 health check.

E.

Create a secondary failover routing policy record. Configure the value to be the static website.

Questions 231

A manufacturing company runs an order processing application in its VPC. The company wants to securely send messages from the application to an external Salesforce system that uses Open Authorization (OAuth).

A solutions architect needs to integrate the company ' s order processing application with the external Salesforce system.

Which solution will meet these requirements?

Options:
A.

Create an Amazon Simple Notification Service (Amazon SNS) topic in a fanout configuration that pushes data to an HTTPS endpoint. Configure the order processing application to publish messages to the SNS topic.

B.

Create an Amazon Simple Notification Service (Amazon SNS) topic in a fanout configuration that pushes data to an Amazon Data Firehose delivery stream that has a HTTP destination. Configure the order processing application to publish messages to the SNS topic.

C.

Create an Amazon EventBridge rule and configure an Amazon EventBridge API destination partner Configure the order processing application to publish messages to Amazon EventBridge.

D.

Create an Amazon Managed Streaming for Apache Kafka (Amazon MSK) topic that has an outbound MSK Connect connector. Configure the order processing application to publish messages to the MSK topic.

Questions 232

A company hosts an application on AWS. The application gives users the ability to upload photos and store the photos in an Amazon S3 bucket. The company wants to use Amazon CloudFront and a custom domain name to upload the photo files to the S3 bucket in the eu-west-1 Region.

Which solution will meet these requirements? (Select TWO.)

Options:
A.

Use AWS Certificate Manager (ACM) to create a public certificate in the us-east-1 Region. Use the certificate in CloudFront

B.

Use AWS Certificate Manager (ACM) to create a public certificate in eu-west-1. Use the certificate in CloudFront.

C.

Configure Amazon S3 to allow uploads from CloudFront. Configure S3 Transfer Acceleration.

D.

Configure Amazon S3 to allow uploads from CloudFront origin access control (OAC).

E.

Configure Amazon S3 to allow uploads from CloudFront. Configure an Amazon S3 website endpoint.

Questions 233

A company runs multiple applications in multiple AWS accounts within the same organization in AWS Organizations. A content management system (CMS) runs on Amazon EC2 instances in a VPC. The CMS needs to access shared files from an Amazon Elastic File System (Amazon EFS) file system that is deployed in a separate AWS account. The EFS account is in a separate VPC.

Which solution will meet this requirement?

Options:
A.

Mount the EFS file system on the EC2 instances by using the EFS Elastic IP address.

B.

Enable VPC sharing between the two accounts. Use the EFS mount helper to mount the file system on the EC2 instances. Redeploy the EFS file system in a shared subnet.

C.

Configure AWS Systems Manager Run Command to mount the EFS file system on the EC2 instances.

D.

Install the amazon-efs-utils package on the EC2 instances. Add the mount target in the efs-config file. Mount the EFS file system by using the EFS access point.

Questions 234

A company is designing the architecture for a new mobile app that uses the AWS Cloud. The company uses organizational units (OUs) in AWS Organizations to manage its accounts. The company wants to tag Amazon EC2 instances with data sensitivity by using values of sensitive and nonsensitive IAM identities must not be able to delete a tag or create instances without a tag

Which combination of steps will meet these requirements? (Select TWO.)

Options:
A.

In Organizations, create a new tag policy that specifies the data sensitivity tag key and the required values. Enforce the tag values for the EC2 instances Attach the tag policy to the appropriate OU.

B.

In Organizations, create a new service control policy (SCP) that specifies the data sensitivity tag key and the required tag values Enforce the tag values for the EC2 instances. Attach the SCP to the appropriate OU.

C.

Create a tag policy to deny running instances when a tag key is not specified. Create another tag policy that prevents identities from deleting tags Attach the tag policies to the appropriate OU.

D.

Create a service control policy (SCP) to deny creating instances when a tag key is not specified. Create another SCP that prevents identities from deleting tags Attach the SCPs to the appropriate OU.

E.

Create an AWS Config rule to check if EC2 instances use the data sensitivity tag and the specified values. Configure an AWS Lambda function to delete the resource if a noncompliant resource is found.

Questions 235

A company is developing a new application that uses Amazon EC2, Amazon S3, and AWS Lambda resources. The company wants to allow employees to access the AWS Management Console by using existing credentials that the company stores and manages in an on-premises Microsoft Active Directory. Each employee must have a specific level of access to the AWS resources that is based on the employee ' s role.

Which solution will meet these requirements with the LEAST operational overhead?

Options:
A.

Configure AWS Directory Service to create an Active Directory in AWS Managed Microsoft AD. Establish a trust relationship with the on-premises Active Directory. Configure IAM roles and trust policies to give the employees access to the AWS resources.

B.

Use LDAP to directly integrate the on-premises Active Directory with IAM. Map Active Directory groups to IAM roles to control access to AWS resources.

C.

Implement a custom identity broker to authenticate users into the on-premises Active Directory. Configure the identity broker to use AWS STS to grant authorized users IAM role-based access to the AWS resources.

D.

Configure Amazon Cognito to federate users into the on-premises Active Directory. Use Cognito user pools to manage user identities and to manage user access to the AWS resources.

Questions 236

A solutions architect is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2 instances. The instances all exist in the same VPC across multiple Availability Zones. There are two instances in each Availability Zone. The solutions architect must make the file system accessible to each instance with the lowest possible latency.

Which solution will meet these requirements?

Options:
A.

Create a mount target for the EFS file system in the VPC. Use the mount target to mount the file system on each of the instances.

B.

Create a mount target for the EFS file system in one Availability Zone of the VPC. Use the mount target to mount the file system on the instances in that Availability Zone. Share the directory with the other instances.

C.

Create a mount target for each instance. Use each mount target to mount the EFS file system on each respective instance.

D.

Create a mount target in each Availability Zone of the VPC. Use the mount target to mount the EFS file system on the instances in the respective Availability Zone.

Questions 237

A company runs multiple workloads in separate AWS environments. The company wants to optimize its AWS costs but must maintain the same level of performance for the environments.

The company ' s production environment requires resources to be highly available. The other environments do not require highly available resources.

Each environment has the same set of networking components, including the following:

• 1 VPC

• 1 Application Load Balancer

• 4 subnets distributed across 2 Availability Zones (2 public subnets and 2 private subnets)

• 2 NAT gateways (1 in each public subnet)

• 1 internet gateway

Which solution will meet these requirements?

Options:
A.

Do not change the production environment workload. For each non-production workload, remove one NAT gateway and update the route tables for private subnets to target the remaining NAT gateway for the destination 0.0.0.0/0.

B.

Reduce the number of Availability Zones that all workloads in all environments use.

C.

Replace every NAT gateway with a t4g.large NAT instance. Update the route tables for each private subnet to target the NAT instance that is in the same Availability Zone for the destination 0.0.0.0/0.

D.

In each environment, create one transit gateway and remove one NAT gateway. Configure routing on the transit gateway to forward traffic for the destination 0.0.0.0/0 to the remaining NAT gateway. Update private subnet route tables to target the transit gateway for the destination 0.0.0.0/0.

Questions 238

A solutions architect is designing an asynchronous application to process credit card data validation requests for a bank. The application must be secure and be able to process each request at least once.

Which solution will meet these requirements MOST cost-effectively?

Options:
A.

Use AWS Lambda event source mapping. Set Amazon SQS standard queues as the event source. Use AWS KMS SSE-KMS for encryption. Add the kms:Decrypt permission for the Lambda execution role.

B.

Use AWS Lambda event source mapping. Use Amazon SQS FIFO queues as the event source. Use SQS managed encryption keys SSE-SQS for encryption. Add the encryption key invocation permission for the Lambda function.

C.

Use AWS Lambda event source mapping. Set Amazon SQS FIFO queues as the event source. Use AWS KMS keys SSE-KMS. Add the kms:Decrypt permission for the Lambda execution role.

D.

Use AWS Lambda event source mapping. Set Amazon SQS standard queues as the event source. Use AWS KMS keys SSE-KMS for encryption. Add the encryption key invocation permission for the Lambda function.

Questions 239

A company is designing a web application with an internet-facing Application Load Balancer (ALB).

The company needs the ALB to receive HTTPS web traffic from the public internet. The ALB must send only HTTPS traffic to the web application servers hosted on the Amazon EC2 instances on port 443. The ALB must perform a health check of the web application servers over HTTPS on port 8443.

Which combination of configurations of the security group that is associated with the ALB will meet these requirements? (Select THREE.)

Options:
A.

Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443.

B.

Allow all outbound traffic to 0.0.0.0/0 for port 443.

C.

Allow HTTPS outbound traffic to the web application instances for port 443.

D.

Allow HTTPS inbound traffic from the web application instances for port 443.

E.

Allow HTTPS outbound traffic to the web application instances for the health check on port 8443.

F.

Allow HTTPS inbound traffic from the web application instances for the health check on port 8443.

Questions 240

A company hosts an application that allows authorized users to upload and download documents. The application uses Amazon EC2 instances and an Amazon Elastic File System (Amazon EFS) file system.

The company plans to deploy the application into a second AWS Region. The company will launch a new EFS file system and a new set of EC2 instances in the second Region. A solutions architect must develop a highly available and fault-tolerant solution to establish two-way synchronization across the Regions.

Which solution will meet these requirements?

Options:
A.

Create an Amazon EFS VPC endpoint for the original EFS file system in the second Region. Mount both the original and the new EFS file system to the new set of EC2 instances in the second Region. Configure an rsync cron job to run every 5 minutes.

B.

Set up EFS replication between the two EFS file systems. Set the new file system as the source. Set the original file system in the first Region as the destination. Turn off overwrite protection for the destination file system.

C.

Set up one AWS DataSync agent in each Region. Configure Amazon EFS VPC endpoints, EFS transfer locations, and EFS transfer tasks with opposite directions on the two DataSync agents.

D.

Mount the EFS file system in the second Region to the new set of EC2 instances in the second Region. Use AWS Transfer Family to establish SFTP access to the EFS file system in the original Region. Configure an rsync cron job to run every 5 minutes.