Free Amazon Web Services SAA-C03 Practice Exam with Questions & Answers | Set: 2

The requirement is secure, permanent connectivity to two VPCs without enabling VPC-to-VPC communication. Option B achieves this by establishing a separate Site-to-Site VPN connection between the remote office and each VPC. Updating each VPC’s route tables ensures traffic from the remote office reaches the correct VPC resources, while preventing routing between the VPCs themselves. Options involving transit gateways (A and D) would introduce transitive routing capabilities, which violates the requirement of isolation between VPCs. Option C (VPC peering) directly conflicts with the requirement by enabling cross-VPC access. Therefore, option B is the correct solution as it maintains isolation while providing secure VPN connectivity.

Amazon DocumentDB global clusters support managed cross-region failover, allowing you to promote a secondary region to become the new primary with minimal downtime. This ensures business continuity during maintenance or regional disruptions.

Reference Extract:

"Amazon DocumentDB global clusters support managed cross-Region failover, allowing you to recover quickly from regional disruptions with minimal downtime."

Source: AWS Certified Solutions Architect – Official Study Guide, DocumentDB and Resiliency section.

Comprehensive Explanation:Deploying the frontend as a CloudFront distribution with multiple origins provides an efficient and scalable solution. Using WAF rules with CloudFront protects against web vulnerabilities, while the multi-origin configuration allows traffic routing to the on-premises backend APIs. This approach minimizes operational overhead compared to managing EC2 instances.

A. API Gateway + DynamoDB:Provides high scalability, low latency, and seamless integration with Amazon Comprehend for NLP tasks.

B. HTTP API + Translate + ElastiCache:Translate is not relevant for NLP tasks like sentiment analysis or entity recognition. ElastiCache is unsuitable for permanent storage.

C. SQS + EC2 + RDS:Increases complexity and operational overhead. RDS may not scale effectively for high concurrent loads.

D. WebSocket API + Textract:Textract is irrelevant for NLP tasks. WebSocket API is not the optimal choice for this use case.

Amazon Kinesis Data Streams in on-demand mode is purpose-built for real-time ingestion of streaming data and scales automatically with traffic, which is ideal for fluctuating workloads like clickstream data.

Combined with AWS Lambda, which scales concurrently based on incoming events, this setup ensures efficient, real-time processing with minimal configuration and cost overhead.

Option B involves Firehose, which is not optimal for low-latency processing. Option C is incorrect as Kinesis Video Streams is designed for video data, not clickstream. Option D introduces Flink, which adds unnecessary complexity when Lambda suffices.

Amazon Aurora MySQL–compatible offers a distributed, fault-tolerant storage system with Multi-AZ high availability and supports Aurora Replicas that “share the same underlying storage” for low-latency reads. Aurora provides Aurora Auto Scaling to “automatically add or remove Aurora Replicas based on load,” ideal for unpredictable, read-heavy workloads. This architecture offloads reads from the writer and maintains HA through automatic failover. Amazon RDS Single-AZ (B) lacks HA. Redshift (A) is a data warehouse, not a transactional DB. ElastiCache (D) can reduce read pressure but does not provide durable read replicas or automatic HA scaling at the database tier. Aurora’s design directly addresses the requirement to automatically scale reads while maintaining availability, matching Well-Architected guidance to use managed, elastic services for variable demand.

Aurora I/O-Optimized: This storage configuration is designed to provide consistent high performance for Aurora databases. It automatically scales IOPS as the workload increases, without needing to provision IOPS separately.

Cost-Effectiveness: With Aurora I/O-Optimized, you only pay for the storage and I/O you use, making it a cost-effective solution for applications with varying and unpredictable I/O demands.

Implementation:

During the creation of the Aurora PostgreSQL Serverless v2 cluster, select the I/O-Optimized storage configuration.

The storage system will automatically handle scaling and performance optimization based on the application load.

Operational Efficiency: This configuration reduces the need for manual tuning and ensures optimal performance without additional administrative overhead.

When using an SQS queue as an event source for AWS Lambda, the visibility timeout of the SQS queue plays a critical role in preventing duplicate message processing.

"If your Lambda function doesn't process the message and delete it from the queue within the visibility timeout period, the message becomes visible again and can be processed again by the same or another function instance."

— AWS Lambda with SQS

In this scenario, the third-party API may take up to 60 seconds to respond. Since the Lambda function is configured with a 65-second timeout, the visibility timeout of the queue must be greater than or equal to the maximum function execution time to avoid the same message being reprocessed.

Incorrect Options:

A: Memory allocation doesn’t impact duplicate message handling.

B: Timeout is already sufficient; increasing it further does not solve the core issue.

C: Delivery delay controls initial delivery delay, not reprocessing logic.

Amazon DynamoDB supports Time to Live (TTL), which automatically and asynchronously deletes expired items based on a timestamp attribute. TTL is ideal for automatic data expiration with very low operational overhead.

In this scenario:

When a user requests deletion, the system can calculate an expiration timestamp one month in the future.

A Lambda function is used once per request to write or update the item’s TTL attribute to that timestamp (Option C).

DynamoDB TTL then automatically removes the item after the expiration time. Deletion typically occurs within 48 hours of the TTL timestamp, which satisfies the “within one month” requirement.

This approach offloads the actual deletion to DynamoDB and avoids building complex orchestration or periodic cleanup jobs.

Options A, B, and D add unnecessary components (EventBridge, streams, AWS Config, and Lambda-based deletion workflows) on top of TTL or custom logic, increasing operational overhead without providing additional value for the given requirement.

When an AWS Lambda function is invoked, especially after periods of inactivity, it may experience cold starts that delay execution. As demand increases, the scaling behavior and latency of Lambda can affect performance. Provisioned Concurrency is an AWS feature designed specifically to solve this issue.

From AWS Documentation:

“Provisioned Concurrency keeps functions initialized and hyper-ready to respond in double-digit milliseconds.”

(Source: AWS Lambda Developer Guide – Managing Concurrency)

Why Option D is correct:

Provisioned Concurrency ensures that a specified number of Lambda function instances are always warm and ready to serve requests, eliminating cold start latency.

It's cost-effective for workloads with consistent usage patterns, like real-time simulations for a small user group.

Maintains scalability and low overhead of Lambda without moving to managed container or EC2 platforms.

Why the other options are less optimal:

Option A (Fargate) and Option B (EC2): Introduce more infrastructure and higher ongoing costs for a small team with likely intermittent usage.

Option C (AWS Batch): Ideal for batch jobs, not real-time simulations; also incurs higher latency due to job queuing.

For Amazon RDS relational databases experiencing read-heavy workloads, AWS best practice is to create read replicas and offload read traffic to those replicas. A read replica:

Uses asynchronous replication from the primary.

Can serve read-only queries, thereby reducing load and query latency on the primary.

Can be used behind an application-level read/write splitting mechanism or via endpoints that direct read traffic to replicas.

Performance Insights (Option A) helps diagnose performance problems but does not itself offload traffic.

DAX (Option B) is a cache for DynamoDB, not RDS.

Kinesis Data Firehose (Option D) is a streaming ingestion service and cannot increase RDS query concurrency.

The workload is Windows-based and requires a shared file system with SMB support and very high throughput for 4K video editing.

Amazon FSx for Windows File Server is a fully managed, highly available native Windows file system that supports the SMB protocol, Active Directory integration, and can deliver high throughput and low latency suitable for media workloads.

FSx for Windows File Server supports automatic storage scaling to grow file system capacity as data increases, matching the requirement of +1 TB per week with minimal admin effort.

A Multi-AZ SSD deployment provides high availability and performance.

Why others are not correct:

B: Amazon EFS is NFS, not SMB, and is optimized for Linux clients, not Windows-based environments.

C: FSx for Lustre is a high-performance POSIX file system typically used with Linux-based HPC workloads, not Windows + SMB.

D: S3 File Gateway is not designed for sustained multi-GB/s shared-edit performance and adds additional complexity; it is more suited for backup/archival and limited shared file access.

To authenticate users using an on-premises Active Directory Federation Service (AD FS), AWS provides the AWS Directory Service AD Connector. AD Connector is a proxy that connects AWS applications to your on-premises Microsoft Active Directory without requiring complex directory synchronization or the need to set up a separate directory in the cloud.

By integrating AD Connector with the Application Load Balancer (ALB), you can authenticate and authorize users using your existing on-premises credentials. This setup allows the ALB to leverage the authentication capabilities of your on-premises AD FS, providing a seamless and secure user experience.

AWS Global Accelerator is a service that improves global application availability and performance using the AWS global network. It supports both TCP and UDP protocols and provides optimized routing and lower latency for real-time applications such as VoIP, regardless of where the user is located globally.

AWS Documentation Extract:

"AWS Global Accelerator uses the AWS global network to optimize the path to your application endpoints, improving performance for TCP and UDP traffic, such as VoIP."

(Source: AWS Global Accelerator documentation)

B: CloudFront accelerates HTTP/S content, not TCP/UDP.

C: Route 53 geoproximity routing is for DNS-based routing, not for traffic acceleration.

D: Network Load Balancers support TCP/UDP, but do not address global latency or provide acceleration.

Amazon RDS for MySQL Reserved Instances provide significant savings over on-demand pricing when you plan to run the database for long periods. This is the most cost-effective option for non-production, long-running managed MySQL workloads.

Reference Extract:

"Reserved Instances provide a significant discount compared to On-Demand pricing and are recommended for steady-state workloads that run for an extended period."

Source: AWS Certified Solutions Architect – Official Study Guide, RDS Cost Optimization section.