Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Amazon Web Services SAA-C03 Practice Exam with Questions & Answers | Set: 3

Questions 41

A company is developing a microservices-based application to manage the company ' s delivery operations. The application consists of microservices that process orders, manage a fleet of delivery vehicles, and optimize delivery routes. The microservices must be able to scale independently and must be able to handle bursts of traffic without any data loss.

Which solution will meet these requirements with the LEAST operational overhead?

Options:
A.

Use Amazon API Gateway REST APIs to establish communication between microservices. Deploy the application on Amazon EC2 instances in Auto Scaling groups.

B.

Use Amazon SQS to establish communication between microservices. Deploy the application on Amazon ECS containers on AWS Fargate.

C.

Use WebSocket-based communication between microservices. Deploy the application on Amazon EC2 instances in Auto Scaling groups.

D.

Use Amazon SNS to establish communication between microservices. Deploy the application on Amazon ECS containers on Amazon EC2.

Amazon Web Services SAA-C03 Premium Access
Questions 42

A solutions architect needs to ensure that only resources in VPC vpc-11aabb22 can access an S3 bucket in account 123456789012 with Block Public Access enabled.

Which solution meets this requirement?

Options:
A.

Create a bucket policy with Deny and a Condition using " StringNotEquals " : { " aws:SourceVpc " : " vpc-11aabb22 " }.

B.

Create a bucket policy with Allow and Resource " arn:aws:ec2:us-west-2:123456789012:vpc/vpc-11aabb22 " .

C.

Create a bucket policy with Allow and a Condition using " StringNotEquals " : { " aws:SourceVpc " : " vpc-11aabb22 " }.

D.

Create a bucket policy with Deny and " StringNotEquals " : { " aws:PrincipalAccount " : " 123456789012 " }.

Questions 43

A company wants to implement new security compliance requirements for its development team to limit the use of approved Amazon Machine Images (AMIs).

The company wants to provide access to only the approved operating system and software for all its Amazon EC2 instances. The company wants the solution to have the least amount of lead time for launching EC2 instances.

Which solution will meet these requirements?

Options:
A.

Create a portfolio by using AWS Service Catalog that includes only EC2 instances launched with approved AMIs. Ensure that all required software is preinstalled on the AMIs. Create the necessary permissions for developers to use the portfolio.

B.

Create an AMI that contains the approved operating system and software by using EC2 Image Builder. Give developers access to that AMI to launch the EC2 instances.

C.

Create an AMI that contains the approved operating system Tell the developers to use the approved AMI Create an Amazon EventBridge rule to run an AWS Systems Manager script when a new EC2 instance is launched. Configure the script to install the required software from a repository.

D.

Create an AWS Config rule to detect the launch of EC2 instances with an AMI that is not approved. Associate a remediation rule to terminate those instances and launch the instances again with the approved AMI. Use AWS Systems Manager to automatically install the approved software on the launch of an EC2 instance.

Questions 44

A company hosts an application on AWS. The application has generated approximately 2.5 TB of data over the previous 12 years. The company currently stores the data on Amazon EBS volumes.

The company wants a cost-effective backup solution for long-term storage. The company must be able to retrieve the data within minutes when required for audits.

Which solution will meet these requirements?

Options:
A.

Create EBS snapshots to back up the data.

B.

Create an Amazon S3 bucket. Use the S3 Glacier Deep Archive storage class to back up the data.

C.

Create an Amazon S3 bucket. Use the S3 Glacier Flexible Retrieval storage class to back up the data.

D.

Create an Amazon Elastic File System (Amazon EFS) file system to back up the data.

Questions 45

A company needs to grant a team of developers access to the company ' s AWS resources. The company must maintain a high level of security for the resources.

The company requires an access control solution that will prevent unauthorized access to the sensitive data.

Which solution will meet these requirements?

Options:
A.

Share the IAM user credentials for each development team member with the rest of the team to simplify access management and to streamline development workflows.

B.

Define IAM roles that have fine-grained permissions based on the principle of least privilege. Assign an IAM role to each developer.

C.

Create IAM access keys to grant programmatic access to AWS resources. Allow only developers to interact with AWS resources through API calls by using the access keys.

D.

Create an AWS Cognito user pool. Grant developers access to AWS resources by using the user pool.

Questions 46

A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions. However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A solutions architect must ensure that the instances launch on time and have fewer interruptions.

Which action will meet these requirements?

Options:
A.

Specify the capacity-optimized allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.

B.

Specify the capacity-optimized allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.

C.

Specify the lowest-price allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.

D.

Specify the lowest-price allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.

Questions 47

A company operates a food delivery service. Because of recent growth, the company ' s order processing system is experiencing scaling problems during peak traffic hours. The current architecture includes Amazon EC2 instances in an Auto Scaling group that collect orders from an application. A second group of EC2 instances in an Auto Scaling group fulfills the orders.

The order collection process occurs quickly, but the order fulfillment process can take longer. Data must not be lost because of a scaling event.

A solutions architect must ensure that the order collection process and the order fulfillment process can both scale adequately during peak traffic hours.

Which solution will meet these requirements?

Options:
A.

Use Amazon CloudWatch to monitor the CPUUtilization metric for each instance in both Auto Scaling groups. Configure each Auto Scaling group ' s minimum capacity to meet its peak workload value.

B.

Use Amazon CloudWatch to monitor the CPUUtilization metric for each instance in both Auto Scaling groups. Configure a CloudWatch alarm to invoke an Amazon SNS topic to create additional Auto Scaling groups on demand.

C.

Provision two Amazon SQS queues. Use one SQS queue for order collection. Use the second SQS queue for order fulfillment. Configure the EC2 instances to poll their respective queues. Scale the Auto Scaling groups based on notifications that the queues send.

D.

Provision two Amazon SQS queues. Use one SQS queue for order collection. Use the second SQS queue for order fulfillment. Configure the EC2 instances to poll their respective queues. Scale the Auto Scaling groups based on the number of messages in each queue.

Questions 48

A company regularly receives route status updates from its delivery trucks as events in Amazon EventBridge. The company is building an API-based application in a VPC that will consume and process the events to create a delivery status dashboard. The API application must not be available by using public IP addresses because of security and compliance requirements.

How should the company send events from EventBridge to the API application?

Options:
A.

Create an AWS Lambda function that runs in the same VPC as the API application. Configure the function as an EventBridge target. Use the function to send events to the API.

B.

Create an internet-facing Application Load Balancer ALB in front of the API application. Associate a security group with rules that block access from all external sources except for EventBridge. Configure the ALB as an EventBridge target.

C.

Create an internet-facing Network Load Balancer NLB in front of the API application. Associate a security group with rules that block access from all external sources except for EventBridge. Configure the NLB as an EventBridge target.

D.

Use the application API endpoint in the VPC as a target for EventBridge. Send events directly to the application API endpoint from EventBridge.

Questions 49

A company is developing a highly available natural language processing (NLP) application. The application handles large volumes of concurrent requests. The application performs NLP tasks such as entity recognition, sentiment analysis, and key phrase extraction on text data.

The company needs to store data that the application processes in a highly available and scalable database.

Options:

Options:
A.

Create an Amazon API Gateway REST API endpoint to handle incoming requests. Configure the REST API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Comprehend to perform NLP tasks on the text data. Store the processed data in Amazon DynamoDB.

B.

Create an Amazon API Gateway HTTP API endpoint to handle incoming requests. Configure the HTTP API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Translate to perform NLP tasks on the text data. Store the processed data in Amazon ElastiCache.

C.

Create an Amazon SQS queue to buffer incoming requests. Deploy the NLP application on Amazon EC2 instances in an Auto Scaling group. Use Amazon Comprehend to perform NLP tasks. Store the processed data in an Amazon RDS database.

D.

Create an Amazon API Gateway WebSocket API endpoint to handle incoming requests. Configure the WebSocket API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Textract to perform NLP tasks on the text data. Store the processed data in Amazon ElastiCache.

Questions 50

A company needs to store confidential files on AWS. The company accesses the files every week. The company must encrypt the files by using envelope encryption, and the encryption keys must be rotated automatically. The company must have an audit trail to monitor encryption key usage.

Which combination of solutions will meet these requirements? (Select TWO.)

Options:
A.

Store the confidential files in Amazon S3.

B.

Store the confidential files in Amazon S3 Glacier Deep Archive.

C.

Use server-side encryption with customer-provided keys (SSE-C).

D.

Use server-side encryption with Amazon S3 managed keys (SSE-S3).

E.

Use server-side encryption with AWS KMS managed keys (SSE-KMS).

Questions 51

Question:

A company wants to migrate an application that uses a microservice architecture to AWS. The services currently run on Docker containers on-premises. The application has an event-driven architecture that uses Apache Kafka. The company configured Kafka to use multiple queues to send and receive messages. Some messages must be processed by multiple services. Which solution will meet these requirements with the LEAST management overhead?

Options:

Options:
A.

Migrate the services to Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type. Deploy a Kafka cluster on EC2 instances to handle service-to-service communication.

B.

Migrate the services to Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type. Create multiple Amazon Simple Queue Service (Amazon SQS) queues to handle service-to-service communication.

C.

Migrate the services to Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type. Deploy an Amazon Managed Streaming for Apache Kafka (Amazon MSK) cluster to handle service-to-service communication.

D.

Migrate the services to Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type. Use Amazon EventBridge to handle service-to-service communication.

Questions 52

A company is migrating a Linux-based web server group to AWS. The web servers must access shared files by using the NFS protocol. The company must not make any changes to the web server application.

Which solution will meet these requirements?

Options:
A.

Create an Amazon S3 bucket to store the shared files in S3 Standard. Grant the S3 bucket access to the web servers.

B.

Configure an Amazon CloudFront distribution. Set an Amazon S3 bucket as the origin. Store the shared files in the S3 bucket.

C.

Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system on the web servers.

D.

Create an Amazon FSx for Windows File Server file system. Configure SMB protocol access for the web servers.

Questions 53

A company has an application that generates a large number of files. File sizes vary between 1 KB and 10 MB. The company wants to build a store-and-forward solution that keeps the files in a temporary Amazon S3 location. The solution must then preprocess the files and archive them to S3 Glacier Flexible Retrieval.

Which combination of steps will meet these requirements MOST cost-effectively? (Select THREE.)

Options:
A.

Configure the temporary S3 location to use the S3 Standard storage class.

B.

Use S3 Event Notifications to invoke an AWS Lambda function when a new file is moved into the temporary S3 location.

C.

Use event source mappings to invoke an AWS Lambda function when a new file is moved into the temporary S3 location.

D.

For files that are 128 KB or smaller, use an AWS Lambda function to add the files to a ZIP archive. Move the ZIP archive to S3 Glacier Flexible Retrieval when the ZIP file reaches 1 MB.

E.

For files that are 128 KB or smaller, use an AWS Lambda function to change the files’ storage class to S3 One Zone-Infrequent Access (S3 One Zone-IA).

F.

Configure the temporary S3 location to use the S3 Standard-Infrequent Access (S3 Standard-IA) storage class.

Questions 54

A solutions architect is using Amazon EC2 instances to host an application. The solutions architect needs to grant permissions for the application to access an Amazon DynamoDB table.

Which solution will meet this requirement?

Options:
A.

Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.

B.

Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.

C.

Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.

D.

Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.

Questions 55

A company uses an Amazon CloudFront distribution to serve thousands of media files to users. The CloudFront distribution uses a private Amazon S3 bucket as an origin.

A solutions architect must prevent users in specific countries from accessing the company ' s files.

Which solution will meet these requirements in the MOST operationally-efficient way?

Options:
A.

Require users to access the files by using CloudFront signed URLs.

B.

Configure geographic restrictions in CloudFront.

C.

Require users to access the files by using CloudFront signed cookies.

D.

Configure an origin access control (OAC) between CloudFront and the S3 bucket.

Questions 56

A company is designing a new internal web application in the AWS Cloud. The new application must securely retrieve and store multiple employee usernames and passwords from an AWS managed service. Which solution will meet these requirements with the LEAST operational overhead?

Options:
A.

Store the employee credentials in AWS Systems Manager Parameter Store. Use AWS Cloud Formation and the BatchGetSecretValue API to retrieve usernames and passwords from Parameter Store.

B.

Store the employee credentials in AWS Secrets Manager. Use AWS Cloud Formation and AWS Batch with the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.

C.

Store the employee credentials in AWS Systems Manager Parameter Store. Use AWS Cloud Formation and AWS Batch with the BatchGetSecretValue API to retrieve the usernames and passwords from Parameter Store.

D.

Store the employee credentials in AWS Secrets Manager. Use AWS Cloud Formation and the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.

Questions 57

A company runs all its business applications in the AWS Cloud. The company uses AWS Organizations to manage multiple AWS accounts.

A solutions architect needs to review all permissions that are granted to IAM users to determine which IAM users have more permissions than required.

Which solution will meet these requirements with the LEAST administrative overhead?

Options:
A.

Use Network Access Analyzer to review all access permissions in the company ' s AWS accounts.

B.

Create an AWS CloudWatch alarm that activates when an IAM user creates or modifies resources in an AWS account.

C.

Use AWS Identity and Access Management IAM Access Analyzer to review all the company ' s resources and accounts.

D.

Use Amazon Inspector to find vulnerabilities in existing IAM policies.

Questions 58

A company has resources across multiple AWS Regions and accounts. A newly hired solutions architect discovers that a previous employee did not provide details about the resources inventory. The solutions architect needs to build and map the relationship details of the various workloads across all accounts.

Which solution will meet these requirements in the MOST operationally efficient way?

Options:
A.

Use AWS Systems Manager Inventory to generate a map view from the detailed view report.

B.

Use AWS Step Functions to collect workload details. Build architecture diagrams of the workloads manually.

C.

Use Workload Discovery on AWS to generate architecture diagrams of the workloads.

D.

Use AWS X-Ray to view the workload details. Build architecture diagrams with relationships.

Questions 59

A company is building a serverless application to process orders from an e-commerce site. The application needs to handle bursts of traffic during peak usage hours and to maintain high availability. The orders must be processed asynchronously in the order the application receives them.

Options:
A.

Use an Amazon Simple Notification Service (Amazon SNS) topic to receive orders. Use an AWS Lambda function to process the orders.

B.

Use an Amazon Simple Queue Service (Amazon SQS) FIFO queue to receive orders. Use an AWS Lambda function to process the orders.

C.

Use an Amazon Simple Queue Service (Amazon SQS) standard queue to receive orders. Use AWS Batch jobs to process the orders.

D.

Use an Amazon Simple Notification Service (Amazon SNS) topic to receive orders. Use AWS Batch jobs to process the orders.

Questions 60

A company is designing a serverless application to process a large number of events within an AWS account. The application saves the events to a data warehouse for further analysis. The application sends incoming events to an Amazon SQS queue. Traffic between the application and the SQS queue must not use public IP addresses.

Options:
A.

Create a VPC endpoint for Amazon SQS. Set the queue policy to deny all access except from the VPC endpoint.

B.

Configure server-side encryption with SQS-managed keys (SSE-SQS).

C.

Configure AWS Security Token Service (AWS STS) to generate temporary credentials for resources that access the queue.

D.

Configure VPC Flow Logs to detect SQS traffic that leaves the VPC.