Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Amazon Web Services SAA-C03 Practice Exam with Questions & Answers | Set: 9

Questions 161

A solutions architect needs to secure an Amazon API Gateway REST API. Users need to be able to log in to the API by using common external social identity providers (IdPs). The social IdPs must use standard authentication protocols such as SAML or OpenID Connect (OIDC). The solutions architect needs to protect the API against attempts to exploit application vulnerabilities.

Which combination of steps will meet these security requirements? (Select TWO.)

Options:
A.

Create an AWS WAF web ACL that is associated with the REST API. Add the appropriate managed rules to the ACL.

B.

Subscribe to AWS Shield Advanced. Enable DDoS protection. Associate Shield Advanced with the REST API.

C.

Create an Amazon Cognito user pool with a federation to the social IdPs. Integrate the user pool with the REST API.

D.

Create an API key in API Gateway. Associate the API key with the REST API.

E.

Create an IP address filter in AWS WAF that allows only the social IdPs. Associate the filter with the web ACL and the API.

Amazon Web Services SAA-C03 Premium Access
Questions 162

A company hosts an application on AWS that stores files that users need to access. The application uses two Amazon EC2 instances. One instance is in Availability Zone A, and the second instance is in Availability Zone B. Both instances use Amazon Elastic Block Store (Amazon EBS) volumes. Users must be able to access the files at any time without delay. Users report that the two instances occasionally contain different versions of the same file. Users occasionally receive HTTP 404 errors when they try to download files. The company must address the customer issues. The company cannot make changes to the application code. Which solution will meet these requirements in the MOST operationally efficient way?

Options:
A.

Run the robocopy command on one of the EC2 instances on a schedule to copy files from the Availability Zone A instance to the Availability Zone B instance.

B.

Configure the application to store the files on both EBS volumes each time a user writes or updates a file.

C.

Mount an Amazon Elastic File System (Amazon EFS) file system to the EC2 instances. Copy the files from the EBS volumes to the EFS file system. Configure the application to store files in the EFS file system.

D.

Create an EC2 instance profile that allows the instance in Availability Zone A to access the S3 bucket. Re-associate the instance profile to the instance in Availability Zone B when needed.

Questions 163

A company has hired an external vendor to work in the company’s AWS account. The vendor uses an automated tool that the vendor hosts in its own AWS account. The vendor does not have IAM access to the company ' s AWS account. A solutions architect needs to grant access to the vendor.

Which solution will meet these requirements MOST securely?

Options:
A.

Create an IAM role in the company ' s account to delegate access to the vendor ' s IAM role. Attach the appropriate IAM policies to the new IAM role to grant the permissions that the vendor requires.

B.

Create an IAM user in the company ' s account with a password. Attach the appropriate IAM policies to the IAM user.

C.

Create an IAM group in the company ' s account. Add the IAM user for the vendor ' s automated tool from the vendor account to the IAM group. Attach policies to the group.

D.

Create a new identity provider (IdP) of provider type AWS account. Supply the vendor ' s AWS account ID and username. Attach policies to the IdP.

Questions 164

A global company runs its workloads on AWS The company ' s application uses Amazon S3 buckets across AWS Regions for sensitive data storage and analysis. The company stores millions of objects in multiple S3 buckets daily. The company wants to identify all S3 buckets that are not versioning-enabled.

Which solution will meet these requirements?

Options:
A.

Set up an AWS CloudTrail event that has a rule to identify all S3 buckets that are not versioning-enabled across Regions

B.

Use Amazon S3 Storage Lens to identify all S3 buckets that are not versioning-enabled across Regions.

C.

Enable IAM Access Analyzer for S3 to identify all S3 buckets that are not versioning-enabled across Regions

D.

Create an S3 Multi-Region Access Point to identify all S3 buckets that are not versioning-enabled across Regions

Questions 165

A company hosts a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run Amazon Linux in an Auto Scaling group. Each instance stores product manuals on Amazon EBS volumes.

New instances often start with outdated data and may take up to 30 minutes to download updates. The company needs a solution ensuring all instances always have up-to-date product manuals, can scale rapidly, and does not require application code changes.

Which solution will meet these requirements?

Options:
A.

Store the product manuals on instance store volumes attached to each EC2 instance.

B.

Store the product manuals in an Amazon S3 bucket. Configure EC2 instances to download updates from the bucket.

C.

Store the product manuals in an Amazon EFS file system. Mount the EFS volume on the EC2 instances.

D.

Store the product manuals in an S3 bucket using S3 Standard-IA. Configure EC2 instances to download updates from S3.

Questions 166

A company hosts an application on Amazon EC2 instances behind an Application Load Balancer ALB. The company wants the application to be accessible only from inside the VPC that hosts the ALB.

The company creates an alias record of example.com in Amazon Route 53. The DNS record for the application must be resolvable only in the VPC where the application runs.

Which solution will meet these requirements?

Options:
A.

Use an internet-facing ALB. Create a Route 53 public hosted zone for the application DNS name.

B.

Use an internal ALB. Create a Route 53 public hosted zone for the application DNS name.

C.

Use an internet-facing ALB. Create a Route 53 private hosted zone for the application DNS name.

D.

Use an internal ALB. Create a Route 53 private hosted zone for the application DNS name.

Questions 167

A company needs to design a hybrid network architecture The company ' s workloads are currently stored in the AWS Cloud and in on-premises data centers The workloads require single-digit latencies to communicate The company uses an AWS Transit Gateway transit gateway to connect multiple VPCs

Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO.)

Options:
A.

Establish an AWS Site-to-Site VPN connection to each VPC.

B.

Associate an AWS Direct Connect gateway with the transit gateway that is attached to the VPCs.

C.

Establish an AWS Site-to-Site VPN connection to an AWS Direct Connect gateway.

D.

Establish an AWS Direct Connect connection. Create a transit virtual interface (VIF) to a Direct Connect gateway.

E.

Associate AWS Site-to-Site VPN connections with the transit gateway that is attached to the VPCs

Questions 168

A company has separate AWS accounts for its finance, data analytics, and development departments. Because of costs and security concerns, the company wants to control which services each AWS account can use

Which solution will meet these requirements with the LEAST operational overhead?

Options:
A.

Use AWS Systems Manager templates to control which AWS services each department can use

B.

Create organization units (OUs) for each department in AWS Organizations. Attach service control policies (SCPs) to the OUs.

C.

Use AWS CloudFormation to automatically provision only the AWS services that each department can use.

D.

Set up a list of products in AWS Service Catalog in the AWS accounts to manage and control the usage of specific AWS services

Questions 169

A company is using Amazon DocumentDB global clusters to support an ecommerce application. The application serves customers across multiple AWS Regions. To ensure business continuity, the company needs a solution to minimize downtime during maintenance windows or other disruptions.

Which solution will meet these requirements?

Options:
A.

Regularly create manual snapshots of the DocumentDB instance in the primary Region.

B.

Perform a managed failover to a secondary Region when needed.

C.

Perform a failover to a replica DocumentDB instance within the primary Region.

D.

Configure increased replication lag to manage cross-Region replication.

Questions 170

A company runs a web application in an Amazon EC2 Auto Scaling group. The application runs during business hours only. The company cannot allow interruptions to the application during business hours.

The company wants to optimize compute costs for the application based on the application ' s usage pattern.

Which solution will meet this requirement with the LEAST operational overhead?

Options:
A.

Manually terminate the instances during non-business hours. Manually launch new instances during business hours.

B.

Create a scheduled scaling policy for the Auto Scaling group. Configure the policy to scale out during business hours and to scale in during non-business hours.

C.

Use Amazon EC2 Spot Instances in the Auto Scaling group.

D.

Purchase Amazon EC2 Reserved Instances on a 1-year term to handle the maximum expected load for the Auto Scaling group.

Questions 171

A company stores a large number of image files in an Amazon S3 bucket. The images need to be readily available for 180 days. The company rarely accesses images that are older than 180 days. However, the company must be able to access images immediately when necessary.

The company wants to archive images that are older than 360 days, but the company must be able to access the images instantly when required. The images cannot be deleted. The company requires high availability and redundancy throughout the entire lifecycle of the files.

The company will use S3 Standard storage for the first 180 days. The company needs to configure S3 Lifecycle rules to handle the remaining lifecycle stages of the files.

Which solution will meet these requirements MOST cost-effectively?

Options:
A.

Transition the objects to S3 One Zone-Infrequent Access S3 One Zone-IA after 180 days. Transition the objects to S3 Glacier Instant Retrieval after 360 days.

B.

Transition the objects to S3 One Zone-Infrequent Access S3 One Zone-IA after 180 days. Transition the objects to S3 Glacier Flexible Retrieval after 360 days.

C.

Transition the objects to S3 Standard-Infrequent Access S3 Standard-IA after 180 days. Transition the objects to S3 Glacier Instant Retrieval after 360 days.

D.

Transition the objects to S3 Standard-Infrequent Access S3 Standard-IA after 180 days. Transition the objects to S3 Glacier Flexible Retrieval after 360 days.

Questions 172

A company has established a new AWS account. The account is newly provisioned and no changes have been made to the default settings. The company is concerned about the security of the AWS account root user.

What should be done to secure the root user?

Options:
A.

Create IAM users for daily administrative tasks. Disable the root user.

B.

Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user.

C.

Generate an access key for the root user. Use the access key for daily administration tasks instead of the AWS Management Console.

D.

Provide the root user credentials to the most senior solutions architect. Have the solutions architect use the root user for daily administration tasks.

Questions 173

A company needs to save confidential medical results in an Amazon S3 bucket. The repository must allow a few approved users to add new files. The repository must restrict all other users to read-only access by using a write once, read many WORM approach. The company must keep every file in the repository for a minimum of 1 year after its creation date. Which solution will meet these requirements with the LEAST implementation effort?

Options:
A.

Configure the S3 bucket with multi-factor authentication MFA delete. Do not share the MFA secret with users to avoid deletion.

B.

Use S3 Object Lock in compliance mode with a retention period of 1 year. Use an IAM policy that restricts file access to specified approved users.

C.

Use an IAM role to restrict all users from deleting or changing objects in the S3 bucket. Use an S3 bucket policy to only allow the IAM role.

D.

Configure the S3 bucket to invoke an AWS Lambda function every time an object is added. Configure the function to track the hash of the saved object so that modified objects can be marked accordingly.

Questions 174

A company is moving its on-premises Oracle database to Amazon Aurora PostgreSQL. The database has several applications that write to the same tables. The applications need to be migrated one by one with a month in between each migration. Management has expressed concerns that the database has a high number of reads and writes. The data must be kept in sync across both databases throughout the migration.

What should a solutions architect recommend?

Options:
A.

Use AWS DataSync for the initial migration. Use AWS DMS to create a change data capture CDC replication task and a table mapping to select all tables.

B.

Use AWS DataSync for the initial migration. Use AWS DMS to create a full load plus change data capture CDC replication task and a table mapping to select all tables.

C.

Use the AWS SCT with AWS DMS using a memory optimized replication instance. Create a full load plus change data capture CDC replication task and a table mapping to select all tables.

D.

Use the AWS SCT with AWS DMS using a compute optimized replication instance. Create a full load plus change data capture CDC replication task and a table mapping to select the largest tables.

Questions 175

A company is developing a latency-sensitive application. Part of the application includes several AWS Lambda functions that need to initialize as quickly as possible. The Lambda functions are written in Java and contain initialization code outside the handlers to load libraries, initialize classes, and generate unique IDs.

Which solution will meet the startup performance requirement MOST cost-effectively?

Options:
A.

Move all the initialization code to the handlers for each Lambda function. Activate Lambda SnapStart for each Lambda function. Configure SnapStart to reference the $LATEST version of each Lambda function.

B.

Publish a version of each Lambda function. Create an alias for each Lambda function. Configure each alias to point to its corresponding version. Set up provisioned concurrency configuration for each Lambda function to point to the corresponding alias.

C.

Publish a version of each Lambda function. Set up a provisioned concurrency configuration for each Lambda function to point to the corresponding version. Activate Lambda SnapStart for the published versions of the Lambda functions.

D.

Update the Lambda functions to add a pre-snapshot hook. Move the code that generates unique IDs into the handlers. Publish a version of each Lambda function. Activate Lambda SnapStart for the published versions of the Lambda functions.

Questions 176

A company needs to create a compliance management solution. The company wants to use a combination of AWS services to achieve the fine-grained visibility that the solution requires. The compliance management solution must provide a centralized method for company employees to review security findings and out-of-compliance findings.

Which solution will meet these requirements with the LEAST ongoing maintenance?

Options:
A.

Configure AWS Security Hub to centralize findings. Use conformance packs in Amazon Inspector to check for compliance framework misalignment.

B.

Use AWS Marketplace to purchase a security tool. Install the tool on an Amazon EC2 instance. Assign an EC2 Instance Profile for the tool to gather data from AWS resources.

C.

Configure AWS Security Hub to centralize findings. Use conformance packs in AWS Config to check for compliance framework misalignment.

D.

Configure AWS Systems Manager to provide a centralized dashboard. Use conformance packs in AWS Config to check for compliance framework misalignment.

Questions 177

An ecommerce company runs a multi-tier application on AWS. The frontend and backend tiers run on Amazon EC2 instances. The database tier runs on an Amazon RDS for MySQL DB instance.

The application makes frequent calls to return identical datasets from the database. These frequent calls cause performance slowdowns. A solutions architect must improve the performance of the application backend.

Which solution will meet this requirement?

Options:
A.

Configure an Amazon Simple Notification Service (Amazon SNS) topic between the EC2 instances and the RDS DB instance.

B.

Configure an Amazon ElastiCache (Redis OSS) cache. Configure the backend EC2 instances to read from the cache.

C.

Configure an Amazon DynamoDB Accelerator (DAX) cluster. Configure the backend EC2 instances to read from the cluster.

D.

Configure Amazon Data Firehose to stream the calls to the database.

Questions 178

A finance company uses scheduled scripts to store and visualize stock market data in an Amazon DynamoDB table. The company deletes records after a month to optimize costs. However, the company needs a cost-optimized solution to generate reports and visualizations based on historical data. Which solution will meet these requirements?

Options:
A.

Use an integration between DynamoDB and Amazon Redshift to load records directly into Amazon Redshift. Use the built-in Amazon Redshift query engine to generate reports and visualizations.

B.

Use Amazon Kinesis Data Streams and Amazon Data Firehose to stream DynamoDB records to an Amazon S3 bucket. Load the data into Amazon Redshift. Use the built-in Amazon Redshift query editor to query the data to generate reports and visualizations.

C.

Use Amazon Kinesis Data Streams and Amazon Data Firehose to stream DynamoDB records to an Amazon S3 bucket. Use Amazon Athena to query the data. Use Amazon QuickSight to generate reports and visualizations.

D.

Use AWS DMS to continuously copy DynamoDB records into an Amazon RDS database for long-term storage. Use Amazon QuickSight to generate reports and visualizations.

Questions 179

A company uses Amazon S3 to store customer data that contains personally identifiable information (PII) attributes. The company needs to make the customer information available to company resources through an AWS Glue Catalog. The company needs to have fine-grained access control for the data so that only specific IAM roles can access the PII data.

Options:
A.

Create one IAM policy that grants access to PII. Create a second IAM policy that grants access to non-PII data. Assign the PII policy to the specified IAM roles.

B.

Create one IAM role that grants access to PII. Create a second IAM role that grants access to non-PII data. Assign the PII policy to the specified IAM roles.

C.

Use AWS Lake Formation to provide the specified IAM roles access to the PII data.

D.

Use AWS Glue to create one view for PII data. Create a second view for non-PII data. Provide the specified IAM roles access to the PII view.

Questions 180

A financial services company needs to migrate an on-premises MySQL database workload to AWS. The database requires consistent low-latency performance with a baseline of 32,000 IOPS to process transactions.

Which solution will meet these requirements?

Options:
A.

Migrate the database to an Amazon S3 bucket. Enable S3 Transfer Acceleration.

B.

Migrate the data to a Provisioned IOPS SSD io2 Amazon EBS Express volume.

C.

Migrate the data to an Amazon EFS Standard file system.

D.

Migrate the data to a General Purpose SSD gp3 Amazon EBS volume.