Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Amazon Web Services SAA-C03 Practice Exam with Questions & Answers | Set: 5

Questions 81

A company wants to send data from its on-premises systems to Amazon S3 buckets. The company created the S3 buckets in three different accounts. The company must send the data privately without the data traveling across the internet. The company has no existing dedicated connectivity to AWS.

Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

Options:
A.

Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a private VIF between the on-premises environment and the private VPC.

B.

Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a public VIF between the on-premises environment and the private VPC.

C.

Create an Amazon S3 interface endpoint in the networking account.

D.

Create an Amazon S3 gateway endpoint in the networking account.

E.

Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Peer VPCs from the accounts that host the S3 buckets with the VPC in the network account.

Amazon Web Services SAA-C03 Premium Access
Questions 82

A company wants to restrict access to the content of its web application. The company needs to protect the content by using authorization techniques that are available on AWS. The company also wants to implement a serverless architecture for authorization and authentication that has low login latency.

The solution must integrate with the web application and serve web content globally. The application currently has a small user base, but the company expects the application ' s user base to increase

Which solution will meet these requirements?

Options:
A.

Configure Amazon Cognito for authentication. Implement Lambda@Edge for authorization. Configure Amazon CloudFront to serve the web application globally

B.

Configure AWS Directory Service for Microsoft Active Directory for authentication. Implement AWS Lambda for authorization. Use an Application Load Balancer to serve the web application globally.

C.

Configure Amazon Cognito for authentication. Implement AWS Lambda for authorization Use Amazon S3 Transfer Acceleration to serve the web application globally.

D.

Configure AWS Directory Service for Microsoft Active Directory for authentication. Implement Lambda@Edge for authorization. Use AWS Elastic Beanstalk to serve the web application globally.

Questions 83

A company provides devices to users. When a device is registered, its ID is added to DynamoDB. A daily job activates devices using two Lambda functions:

• The Retrieve function lists unregistered device IDs.

• The Retrieve function then calls the Activate function in a loop to register each device.

The number of activations is increasing, and the company wants to avoid Lambda timeouts without modifying existing functions.

Which solution will scale appropriately?

Options:
A.

Use EventBridge Scheduler to periodically invoke the Retrieve function.

B.

Invoke the Activate function from DynamoDB Streams when a device ID is added.

C.

Use Step Functions to call the Retrieve function and use a Map state to run the Activate function for each ID.

D.

Move the Retrieve function to EC2 for longer processing time.

Questions 84

A solutions architect is building an Amazon S3 data lake for a company. The company uses Amazon Kinesis Data Firehose to ingest customer personally identifiable information (PII) and transactional data in near real-time to an S3 bucket. The company needs to mask all PII data before storing thedata in the data lake.

Which solution will meet these requirements?

Options:
A.

Create an AWS Lambda function to detect and mask PII. Invoke the function from Kinesis Data Firehose.

B.

Use Amazon Macie to scan the S3 bucket. Configure Macie to detect and mask PII.

C.

Enable server-side encryption (SSE) on the S3 bucket.

D.

Create an AWS Lambda function that integrates with AWS CloudHSM. Configure the function to detect and mask PII.

Questions 85

A company hosts its application on several Amazon EC2 instances inside a VPC. The company creates a dedicated Amazon S3 bucket for each customer to store their relevant information in Amazon S3.

The company wants to ensure that the application running on EC2 instances can securely access only the S3 buckets that belong to the company ' s AWS account.

Which solution will meet these requirements with the LEAST operational overhead?

Options:
A.

Create a gateway endpoint for Amazon S3 that is attached to the VPC Update the IAM instance profile policy to provide access to only the specific buckets that the application needs.

B.

Create a NAT gateway in a public subnet with a security group that allows access to only Amazon S3 Update the route tables to use the NAT Gateway.

C.

Create a gateway endpoint for Amazon S3 that is attached to the VPC Update the IAM instance profile policy with a Deny action and the following condition key:

D.

Create a NAT Gateway in a public subnet Update route tables to use the NAT Gateway Assign bucket policies for all buckets with a Deny action and the following condition key:

Questions 86

A company runs an application on several Amazon EC2 instances. Multiple Amazon Elastic Block Store (Amazon EBS) volumes are attached to each EC2 instance. The company needs to back up the configurations and the data of the EC2 instances every night. The application must be recoverable in a secondary AWS Region.

Which solution will meet these requirements in the MOST operationally efficient way?

Options:
A.

Configure an AWS Lambda function to take nightly snapshots of the application ' s EBS volumes and to copy the snapshots to a secondary Region.

B.

Create a backup plan in AWS Backup to take nightly backups. Copy the backups to a secondary Region. Add the EC2 instances to a resource assignment as part of the backup plan.

C.

Create a backup plan in AWS Backup to take nightly backups. Copy the backups to a secondary Region. Add the EBS volumes to a resource assignment as part of the backup plan.

D.

Configure an AWS Lambda function to take nightly snapshots of the application ' s EBS volumes and to copy the snapshots to a secondary Availability Zone.

Questions 87

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer ALB. The application experiences periodic spikes in malicious traffic attempts from attackers. The application receives mostly SQL injection and cross-site scripting XSS attacks from external sources.

The company requires a solution to protect the application from the attacks. The solution must have minimal effect on application performance.

Which solution will meet these requirements?

Options:
A.

Deploy AWS WAF on the ALB. Configure rules to block malicious traffic activity. Enable AWS Shield Advanced.

B.

Use AWS CloudTrail data events to monitor the ALB traffic. Create alerts for suspicious incoming requests. Update the application ' s security group to drop malicious IP addresses.

C.

Install an intrusion detection system IDS on each EC2 instance to analyze and block malicious traffic at the host level. Update the ALB to pass all traffic directly to the instances for analysis.

D.

Configure a network ACL to drop traffic from known malicious IP ranges. Enable Amazon GuardDuty.

Questions 88

A company hosts an application on Amazon EC2 instances that are part of a target group behind an Application Load Balancer (ALB). The company has attached a security group to the ALB.

During a recent review of application logs, the company found many unauthorized login attempts from IP addresses that belong to countries outside the company ' s normal user base. The company wants to allow traffic only from the United States and Australia.

Options:
A.

Edit the default network ACL to block IP addresses from outside of the allowed countries.

B.

Create a geographic match rule in AWS WAF. Attach the rule to the ALB.

C.

Configure the ALB security group to allow the IP addresses of company employees. Edit the default network ACL to block IP addresses from outside of the allowed countries.

D.

Use a host-based firewall on the EC2 instances to block IP addresses from outside of the allowed countries. Configure the ALB security group to allow the IP addresses of company employees.

Questions 89

A company runs an enterprise resource planning (ERP) system on Amazon EC2 instances in a single AWS Region. Users connect to the ERP system by using a public API that is hosted on the EC2 instances. International users report slow API response times from their data centers.

A solutions architect needs to improve API response times for the international users.

Which solution will meet these requirements MOST cost-effectively?

Options:
A.

Set up an AWS Direct Connect connection that has a public virtual interface (VIF) to connect each user ' s data center to the EC2 instances. Create a Direct Connect gateway for the ERP system API to route user API requests.

B.

Deploy Amazon API Gateway endpoints in multiple Regions. Use Amazon Route 53 latency-based routing to route requests to the nearest endpoint. Configure a VPC peering connection between the Regions to connect to the ERP system.

C.

Set up AWS Global Accelerator. Configure listeners for the necessary ports. Configure endpoint groups for the appropriate Regions to distribute traffic. Create an endpoint in each group for the API.

D.

Use AWS Site-to-Site VPN to establish dedicated VPN tunnels between multiple Regions and user networks. Route traffic to the API through the VPN connections.

Questions 90

A company wants to use AWS Direct Connect to connect the company ' s on-premises networks to the AWS Cloud. The company runs several VPCs in a single AWS Region. The company plans to expand its VPC fleet to include hundreds of VPCs.

A solutions architect needs to simplify and scale the company ' s network infrastructure to accommodate future VPCs.

Which service or resource will meet these requirements?

Options:
A.

VPC endpoints

B.

AWS Transit Gateway

C.

Amazon Route 53

D.

AWS Secrets Manager

Questions 91

A company has an application that uses a MySQL database that runs on an Amazon EC2 instance. The instance currently runs in a single Availability Zone. The company requires a fault-tolerant database solution that provides a recovery time objective (RTO) and a recovery point objective (RPO) of 2 minutes or less. Which solution will meet these requirements?

Options:
A.

Migrate the MySQL database to Amazon RDS. Create a read replica in a second Availability Zone. Create a script that detects availability interruptions and promotes the read replica when needed.

B.

Migrate the MySQL database to Amazon RDS for MySQL. Configure the new RDS for MySQL database to use a Multi-AZ deployment.

C.

Create a second MySQL database in a second Availability Zone. Use native MySQL commands to sync the two databases every 2 minutes. Create a script that detects availability interruptions and promotes the second MySQL database when needed.

D.

Create a copy of the EC2 instance that runs the MySQL database. Deploy the copy in a second Availability Zone. Create a Network Load Balancer. Add both instances as targets.

Questions 92

A company is migrating a daily Microsoft Windows batch job from the company ' s on-premises environment to AWS. The current batch job runs for up to 1 hour. The company wants to modernize the batch job process for the cloud environment.

Which solution will meet these requirements with the LEAST operational overhead?

Options:
A.

Create a fleet of Amazon EC2 instances in an Auto Scaling group to handle the Windows batch job processing.

B.

Implement an AWS Lambda function to process the Windows batch job. Use an Amazon EventBridge rule to invoke the Lambda function.

C.

Use AWS Fargate to deploy the Windows batch job as a container. Use AWS Batch to manage the batch job processing.

D.

Use Amazon Elastic Kubernetes Service (Amazon EKS) on Amazon EC2 instances to orchestrate Windows containers for the batch job processing.

Questions 93

A company runs production workloads in its AWS account. Multiple teams create and maintain the workloads.

The company needs to be able to detect changes in resource configurations. The company needs to capture changes as configuration items without changing or modifying the existing resources.

Which solution will meet these requirements?

Options:
A.

Use AWS Config. Start the configuration recorder for AWS resources to detect changes in resource configurations.

B.

Use AWS CloudFormation. Initiate drift detection to capture changes in resource configurations.

C.

Use Amazon Detective to detect, analyze, and investigate changes in resource configurations.

D.

Use AWS Audit Manager to capture management events and global service events for resource configurations.

Questions 94

A company uses Amazon RDS for PostgreSQL databases for its data tier. The company must implement password rotation for the databases.

Which solution meets this requirement with the LEAST operational overhead?

Options:
A.

Store the password in AWS Secrets Manager. Enable automatic rotation on the secret.

B.

Store the password in AWS Systems Manager Parameter Store. Enable automatic rotation on the parameter.

C.

Store the password in AWS Systems Manager Parameter Store. Write an AWS Lambda function that rotates the password.

D.

Store the password in AWS Key Management Service (AWS KMS). Enable automatic rotation on the AWS KMS key.

Questions 95

A developer creates a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The developer reviews the deployment and notices some suspicious traffic to the application. The traffic is malicious and is coming from a single public IP address. A solutions architect must block the public IP address.

Which solution will meet this requirement?

Options:
A.

Create a security group rule to deny all inbound traffic from the suspicious IP address. Associate the security group with the ALB.

B.

Implement Amazon Detective to monitor traffic and to block malicious activity from the internet. Configure Detective to integrate with the ALB.

C.

Implement AWS Resource Access Manager (AWS RAM) to manage traffic rules and to block malicious activity from the internet. Associate AWS RAM with the ALB.

D.

Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.

Questions 96

A company collects data from sensors. The company needs a cloud-based solution to store and transform the sensor data to make critical decisions. The solution must store the data for up to 2 days. After 2 days, the solution must delete the data. The company needs to use the transformeddata in an automated workflow that has manual approval steps.

Which solution will meet these requirements?

Options:
A.

Load the data into an Amazon Simple Queue Service (Amazon SQS) queue that has a retention period of 2 days. Use an Amazon EventBridge pipe to retrieve data from the queue, transform the data, and pass the data to an AWS Step Functions workflow.

B.

Load the data into AWS DataSync. Delete the DataSync task after 2 days. Invoke an AWS Lambda function to retrieve the data, transform the data, and invoke a second Lambda function that performs the remaining workflow steps.

C.

Load the data into an Amazon Simple Notification Service (Amazon SNS) topic. Use an Amazon EventBridge pipe to retrieve the data from the topic, transform the data, and send the data to Amazon EC2 instances to perform the remaining workflow steps.

D.

Load the data into an Amazon Simple Notification Service (Amazon SNS) topic. Use an Amazon EventBridge pipe to retrieve the data from the topic and transform the data into an appropriate format for an Amazon SQS queue. Use an AWS Lambda function to poll the queue to perform the remaining workflow steps.

Questions 97

A manufacturing company develops an application to give a small team of executives the ability to track sales performance globally. The application provides a real-time simulator in a popular programming language. The company uses AWS Lambda functions to support the simulator. The simulator is an algorithm that predicts sales performance based on specific variables.

Although the solution works well initially, the company notices that the time required to complete simulations is increasing exponentially. A solutions architect needs to improve the response time of the simulator.

Which solution will meet this requirement in the MOST cost-effective way?

Options:
A.

Use AWS Fargate to run the simulator. Serve requests through an Application Load Balancer (ALB).

B.

Use Amazon EC2 instances to run the simulator. Serve requests through an Application Load Balancer (ALB).

C.

Use AWS Batch to run the simulator. Serve requests through a Network Load Balancer (NLB).

D.

Use Lambda provisioned concurrency for the simulator functions.

Questions 98

A company wants to standardize its Amazon Elastic Block Store (Amazon EBS) volume encryption strategy. The company also wants to minimize the cost and configuration effort required to operate the volume encryption check.

Which solution will meet these requirements?

Options:
A.

Write API calls to describe the EBS volumes and to confirm the EBS volumes are encrypted. Use Amazon EventBridge to schedule an AWS Lambda function to run the API calls.

B.

Write API calls to describe the EBS volumes and to confirm the EBS volumes are encrypted. Run the API calls on an AWS Fargate task.

C.

Create an AWS Identity and Access Management (IAM) policy that requires the use of tags on EBS volumes. Use AWS Cost Explorer to display resources that are not properly tagged. Encrypt the untagged resources manually.

D.

Create an AWS Config rule for Amazon EBS to evaluate if a volume is encrypted and to flag the volume if it is not encrypted.

Questions 99

A company is creating a new application that will store a large amount of data. The data will be analyzed hourly and will be modified by several Amazon EC2 Linux instances that are deployed across multiple Availability Zones. The needed amount of storage space will continue to grow for the next 6 months.

Which storage solution should a solutions architect recommend to meet these requirements?

Options:
A.

Store the data in Amazon S3 Glacier. Update the S3 Glacier vault policy to allow access to the application instances.

B.

Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume on the application instances.

C.

Store the data in an Amazon Elastic File System (Amazon EFS) file system. Mount the file system on the application instances.

D.

Store the data in an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume shared between the application instances.

Questions 100

A company uses AWS to run its ecommerce platform. The platform is critical to the company ' s operations and has a high volume of traffic and transactions. The company configures a multi-factor authentication (MFA) device to secure its AWS account root user credentials. The company wants to ensure that it will not lose access to the root user account if the MFA device is lost.

Which solution will meet these requirements?

Options:
A.

Set up a backup administrator account that the company can use to log in if the company loses the MFA device.

B.

Add multiple MFA devices for the root user account to handle the disaster scenario.

C.

Create a new administrator account when the company cannot access the root account.

D.

Attach the administrator policy to another IAM user when the company cannot access the root account.