Amazon-Web-Services SAA-C03 Free Practice Questions

NEW QUESTION 1
A company has a web application that runs on Amazon EC2 instances. The company wants end users to authenticate themselves before they use the web application. The web application accesses AWS resources, such as Amazon S3 buckets, on behalf of users who are logged on.
Which combination of actions must a solutions architect take to meet these requirements? (Select TWO).

• A. Configure AWS App Mesh to log on users.
• B. Enable and configure AWS Single Sign-On in AWS Identity and Access Management (IAM).
• C. Define a default (AM role for authenticated users.
• D. Use AWS Identity and Access Management (IAM) for user authentication.
• E. Use Amazon Cognito for user authentication.

Answer: BE

NEW QUESTION 2
A company is running several business applications in three separate VPCs within me us-east-1 Region. The applications must be able to communicate between VPCs. The applications also must be able to consistently send hundreds to gigabytes of data each day to a latency-sensitive application that runs in a single on-premises data center.
A solutions architect needs to design a network connectivity solution that maximizes cost-effectiveness Which solution moots those requirements?

• A. Configure three AWS Site-to-Site VPN connections from the data center to AWS Establish connectivity by configuring one VPN connection for each VPC
• B. Launch a third-party virtual network appliance in each VPC Establish an iPsec VPN tunnel between the Data center and each virtual appliance
• C. Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway inus-east-1 Establish connectivity by configuring each VPC to use one of the Direct Connect connections
• D. Set up one AWS Direct Connect connection from the data center to AW
• E. Create a transit gateway, and attach each VPC to the transit gatewa
• F. Establish connectivity between the Direct Connect connection and the transit gateway.

Answer: C

NEW QUESTION 3
An ecommerce company has an order-processing application that uses Amazon API Gateway and an AWS Lambda function. The application stores data in an Amazon Aurora PostgreSQL database. During a recent sales event, a sudden surge in customer orders occurred. Some customers experienced timeouts and the application did not process the orders of those customers A solutions architect determined that the CPU utilization and memory utilization were high on the database because of a large number of open connections The solutions architect needs to prevent the timeout errors while making the least possible changes to the application.
Which solution will meet these requirements?

• A. Configure provisioned concurrency for the Lambda function Modify the database to be a global database in multiple AWS Regions
• B. Use Amazon RDS Proxy to create a proxy for the database Modify the Lambda function to use the RDS Proxy endpoint instead of the database endpoint
• C. Create a read replica for the database in a different AWS Region Use query string parameters in API Gateway to route traffic to the read replica
• D. Migrate the data from Aurora PostgreSQL to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS| Modify the Lambda function to use the OynamoDB table

Answer: C

NEW QUESTION 4
A company needs the ability to analyze the log files of its proprietary application. The logs are stored
in JSON format in an Amazon S3 bucket Queries will be simple and will run on-demand A solutions
architect needs to perform the analysis with minimal changes to the existing architecture
What should the solutions architect do to meet these requirements with the LEAST amount of
operational overhead?

• A. Use Amazon Redshift to load all the content into one place and run the SQL queries as needed
• B. Use Amazon CloudWatch Logs to store the logs Run SQL queries as needed from the AmazonCloudWatch console
• C. Use Amazon Athena directly with Amazon S3 to run the queries as needed
• D. Use AWS Glue to catalog the logs Use a transient Apache Spark cluster on Amazon EMR to run theSQL queries as needed

Answer: C

Explanation:
Explanation
Amazon Athena can be used to query JSON in S3

NEW QUESTION 5
A company's web application resizes uploaded images lot users The application stores the original images and the resized images in Amazon S3 The company needs lo minimize the storage costs tor all the images Original images ate viewed frequently. and resized images are viewed infrequently after they are created Both types of images need to be immediately available
Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.) A. Store the original images In S3 Standard.

• A. Store the resized images in S3 Standard
• B. Store the original images in S3 Glacier
• C. Store the resized Images In S3 Glacier
• D. Store the resized Images In S3 One Zone-Infrequent Access (S3 One Zone-IA).

Answer: AD

NEW QUESTION 6
A company runs a photo processing application mat needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region A solutions architect has noticed an increased cost in data transfer lees and needs to implement a solution to reduce these costs
How can the solutions architect meet this requirement?

• A. Deploy Amazon API Gateway into a public subnet and adjust the route table to route S3 calls through it
• B. Deploy a NAT gateway into a public subnet and attach an endpoint policy that allows access to the S3 buckets
• C. Deploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets
• D. Deploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that allows access to the S3 buckets

Answer: D

NEW QUESTION 7
A company hosts a serverless application on AWS. The application uses Amazon API Gateway. AWS Lambda, and an Amazon RDS for PostgreSQL database. The company notices an increase in application errors that result from database connection timeouts during times of peak traffic or unpredictable traffic. The company needs a solution that reduces the application failures with the least amount of change to the code.
What should a solutions architect do to meet these requirements?

• A. Reduce the Lambda concurrency rate.
• B. Enable RDS Proxy on the RDS DB instance.
• C. Resize the ROS DB instance class to accept more connections.
• D. Migrate the database to Amazon DynamoDB with on-demand scaling

Answer: B

NEW QUESTION 8
A company is expecting rapid growth in the near future. A solutions architect needs to configure existing users and grant permissions to new users on AWS The solutions architect has decided to create IAM groups The solutions architect will add the new users to IAM groups based on department
Which additional action is the MOST secure way to grant permissions to the new users?

• A. Apply service control policies (SCPs) to manage access permissions
• B. Create IAM roles that have least privilege permission Attach the roles lo the IAM groups
• C. Create an IAM policy that grants least privilege permission Attach the policy to the IAM groups
• D. Create IAM roles Associate the roles with a permissions boundary that defines the maximum permissions

Answer: C

NEW QUESTION 9
A company is hosting a website from an Amazon S3 bucket that is configured for public hosting. The company’s security team mandates the usage of secure connections for access to the website. However; HTTP-based URLS and HTTPS-based URLS mist be functional.
What should a solution architect recommend to meet these requirements?

• A. Create an S3 bucket policy to explicitly deny non-HTTPS traffic.
• B. Enable S3 Transfer Acceleratio
• C. Select the HTTPS Only bucket property.
• D. Place thee website behind an Elastic Load Balancer that is configured to redirect HTTP traffic to HTTTPS.
• E. Serve the website through an Amazon CloudFront distribution that is configured to redirect HTTP traffic to HTTPS.

Answer: D

NEW QUESTION 10
A company is running a high performance computing (HPC) workload on AWS across many Linux based Amazon EC2 instances. The company needs a shared storage system that is capable of sub-millisecond latencies, hundreds of Gbps of throughput and millions of IOPS. Users will store millions of small files.
Which solution meets these requirements?

• A. Create an Amazon Elastic File System (Amazon EFS) file system Mount me file system on each of the EC2 instances
• B. Create an Amazon S3 bucket Mount the S3 bucket on each of the EC2 instances
• C. Ensure that the EC2 instances ate Amazon Elastic Block Store (Amazon EBS) optimized Mount Provisioned lOPS SSD (io2) EBS volumes with Multi-Attach on each instance
• D. Create an Amazon FSx for Lustre file syste
• E. Mount the file system on each of the EC2 instances

Answer: D

NEW QUESTION 11
A company uses a legacy application to produce data in CSV format The legacy application stores the output data In Amazon S3 The company is deploying a new commercial off-the-shelf (COTS) application that can perform complex SQL queries to analyze data that is stored Amazon Redshift and Amazon S3 only However the COTS application cannot process the csv files that the legacy application produces The company cannot update the legacy application to produce data in another format The company needs to implement a solution so that the COTS application can use the data that the legacy applicator produces.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Create a AWS Glue extract, transform, and load (ETL) job that runs on a schedul
• B. Configure the ETL job to process the .csv files and store the processed data in Amazon Redshit.
• C. Develop a Python script that runs on Amazon EC2 instances to convert th
• D. csv files to sql files invoke the Python script on cron schedule to store the output files in Amazon S3.
• E. Create an AWS Lambda function and an Amazon DynamoDB tabl
• F. Use an S3 event to invoke the Lambda functio
• G. Configure the Lambda function to perform an extract transform, and load (ETL) job to process the .csv files and store the processed data in the DynamoDB table.
• H. Use Amazon EventBridge (Amazon CloudWatch Events) to launch an Amazon EMR cluster on a weekly schedul
• I. Configure the EMR cluster to perform an extract, tractform, and load (ETL) job to process the .csv files and store the processed data in an Amazon Redshift table.

Answer: C

NEW QUESTION 12
A research company runs experiments that are powered by a simulation application and a visualization application. The simulation application runs on Linux and outputs intermediate data to an NFS share every 5 minutes. The visualization application is a Windows desktop application that displays the simulation output and requires an SMB file system.
The company maintains two synchronized tile systems. This strategy is causing data duplication and inefficient resource usage. The company needs to migrate the applications to AWS without making code changes to either application.
Which solution will meet these requirements?

• A. Migrate both applications to AWS Lambda Create an Amazon S3 bucket to exchange data between the applications.
• B. Migrate both applications to Amazon Elastic Container Service (Amazon ECS). Configure Amazon FSx File Gateway for storage.
• C. Migrate the simulation application to Linux Amazon EC2 instance
• D. Migrate the visualization application to Windows EC2 instance
• E. Configure Amazon Simple Queue Service (Amazon SOS) to exchange data between the applications.
• F. Migrate the simulation application to Linux Amazon EC2 instance
• G. Migrate the visualization application to Windows EC2 instance
• H. Configure Amazon FSx for NetApp ONTAP for storage.
• I. B

Answer: E

NEW QUESTION 13
A company's website uses an Amazon EC2 instance store for its catalog of items. The company wants to make sure that the catalog is highly available and that the catalog is stored in a durable location.
What should a solutions architect do to meet these requirements?

• A. Move the catalog to Amazon ElastiCache for Redis.
• B. Deploy a larger EC2 instance with a larger instance store.
• C. Move the catalog from the instance store to Amazon S3 Glacier Deep Archive.
• D. Move the catalog to an Amazon Elastic File System (Amazon EFS) file system.

Answer: A

NEW QUESTION 14
To meet security requirements, a company needs to encrypt all of its application data in transit while communicating with an Amazon RDS MySQL DB instance A recent security audit revealed that encryption al rest is enabled using AWS Key Management Service (AWS KMS). but data in transit Is not enabled
What should a solutions architect do to satisfy the security requirements?

• A. Enable IAM database authentication on the database.
• B. Provide self-signed certificates, Use the certificates in all connections to the RDS instance
• C. Take a snapshot of the RDS instance Restore the snapshot to a new instance with encryption enabled
• D. Download AWS-provided root certificates Provide the certificates in all connections to the RDS instance

Answer: C

Explanation:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html#Overview.Encryption.

NEW QUESTION 15
A company is implementing a new business application The application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage A solutions architect needs to ensure that the EC? instances can access the S3 bucket
What should the solutions architect do to moot this requirement?

• A. Create an IAM role that grants access to the S3 bucke
• B. Attach the role to the EC2 Instances.
• C. Create an IAM policy that grants access to the S3 bucket Attach the policy to the EC2 Instances
• D. Create an IAM group that grants access to the S3 bucket Attach the group to the EC2 instances
• E. Create an IAM user that grants access to the S3 bucket Attach the user account to the EC2 Instances

Answer: C

NEW QUESTION 16
A company hosts a website on Amazon EC2 instances behind an Application Load Balancer (ALB) The website serves static content Website traffic is increasing, and the company is concerned about a potential increase in cost.
What should a solutions architect do to reduce the cost of the website?

• A. Create an Amazon CloudFront distribution to cache static files at edge locations.
• B. Create an Amazon ElastiCache cluster Connect the ALB to the ElastiCache cluster to serve cached files.
• C. Create an AWS WAF web ACL, and associate it with the ALB Add a rule to the web ACL to cache static files.
• D. Create a second ALB in an alternative AWS Region Route user traffic to the closest Region to minimize data transfer costs.

Answer: A

NEW QUESTION 17
A company is launching a new application and will display application metrics on an Amazon CloudWatch dashboard. The company’s product manager needs to access this dashboard periodically. The product manager does not have an AWS account. A solution architect must provide access to the product manager by following the principle of least privilege.
Which solution will meet these requirements?

• A. Share the dashboard from the CloudWatch consol
• B. Enter the product manager’s email address, and complete the sharing step
• C. Provide a shareable link for the dashboard to the product manager.
• D. Create an IAM user specifically for the product manage
• E. Attach the CloudWatch Read Only Access managed policy to the use
• F. Share the new login credential with the product manage
• G. Share the browser URL of the correct dashboard with the product manager.
• H. Create an IAM user for the company’s employees, Attach the View Only Access AWS managed policy to the IAM use
• I. Share the new login credentials with the product manage
• J. Ask the product manager to navigate to the CloudWatch console and locate the dashboard by name in the Dashboards section.
• K. Deploy a bastion server in a public subne
• L. When the product manager requires access to the dashboard, start the server and share the RDP credential
• M. On the bastion server, ensure that the browser is configured to open the dashboard URL with cached AWS credentials that have appropriate permissions to view the dashboard.

Answer: A

NEW QUESTION 18
A company runs a global web application on Amazon EC2 instances behind an Application Load Balancer The application stores data in Amazon Aurora. The company needs to create a disaster recovery solution and can tolerate up to 30 minutes of downtime and potential data loss. The solution does not need to handle the load when the primary infrastructure is healthy
What should a solutions architect do to meet these requirements?

• A. Deploy the application with the required infrastructure elements in place Use Amazon Route 53 to configure active-passive failover Create an Aurora Replica in a second AWS Region
• B. Host a scaled-down deployment of the application in a second AWS Region Use Amazon Route 53 to configure active-active failover Create an Aurora Replica in the second Region
• C. Replicate the primary infrastructure in a second AWS Region Use Amazon Route 53 to configure active-active failover Create an Aurora database that is restored from the latest snapshot
• D. Back up data with AWS Backup Use the backup to create the required infrastructure in a second AWS Region Use Amazon Route 53 to configure active-passive failover Create an Aurora second primary instance in the second Region

Answer: C

NEW QUESTION 19
A company collects temperature, humidity, and atmospheric pressure data in cities across multiple
continents. The average volume of data collected per site each day is 500 GB. Each site has a highspeed
internet connection. The company's weather forecasting applications are based in a single Region and analyze the data daily.
What is the FASTEST way to aggregate data from all of these global sites?

• A. Enable Amazon S3 Transfer Acceleration on the destination bucke
• B. Use multipart uploads todirectly upload site data to the destination bucket.
• C. Upload site data to an Amazon S3 bucket in the closest AWS Regio
• D. Use S3 cross-Regionreplication to copy objects to the destination bucket.
• E. Schedule AWS Snowball jobs daily to transfer data to the closest AWS Regio
• F. Use S3 cross-Regionreplication to copy objects to the destination bucket.
• G. Upload the data to an Amazon EC2 instance in the closest Regio
• H. Store the data in an AmazonElastic Block Store (Amazon EBS) volum
• I. Once a day take an EBS snapshot and copy it to thecentralized Regio
• J. Restore the EBS volume in the centralized Region and run an analysis on the datadaily.

Answer: A

Explanation:
Explanation
You might want to use Transfer Acceleration on a bucket for various reasons, including the following:
You have customers that upload to a centralized bucket from all over the world.
You transfer gigabytes to terabytes of data on a regular basis across continents.
You are unable to utilize all of your available bandwidth over the Internet when uploading to Amazon
S3.
https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html
https://aws.amazon.com/s3/transferacceleration/#:~:text=S3 Transfer Acceleration (S3TA) reduces,to S3 for remote applications:
"Amazon S3 Transfer Acceleration can speed up content transfers to and from Amazon S3 by as much
as 50-500% for long-distance transfer of larger objects. Customers who have either web or mobile
applications with widespread users or applications hosted far away from their S3 bucket can experience long and variable upload and download speeds over the Internet"
https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html
"Improved throughput - You can upload parts in parallel to improve throughput."

NEW QUESTION 20
A company wants to migrate its on-premises data center to AWS. According to the company's compliance requirements, the company can use only the ap-northeast-3 Region. Company administrators are not permitted to connect VPCs to the internet.
Which solutions will meet these requirements? (Choose two.)

• A. Use AWS Control Tower to implement data residency guardrails to deny internet access and deny access to all AWS Regions except ap-northeast-3.
• B. Use rules in AWS WAF to prevent internet acces
• C. Deny access to all AWS Regions except ap-northeast-3 in the AWS account settings.
• D. Use AWS Organizations to configure service control policies (SCPS) that prevent VPCs from gaining internet acces
• E. Deny access to all AWS Regions except ap-northeast-3.
• F. Create an outbound rule for the network ACL in each VPC to deny all traffic from 0.0.0.0/0. Create an IAM policy for each user to prevent the use of any AWS Region other than ap-northeast-3.
• G. Use AWS Config to activate managed rules to detect and alert for internet gateways and to detect and alert for new resources deployed outside of ap-northeast-3.

Answer: AC

NEW QUESTION 21
......