Most Up-to-date AWS Certified Solutions Architect - Associate (SAA-C03) SAA-C03 Test Questions

NEW QUESTION 1
A gaming company is moving its public scoreboard from a data center to the AWS Cloud. The company uses Amazon EC2 Windows Server instances behind an Application Load Balancer to host its dynamic application. The company needs a highly available storage solution for the application. The application consists of static files and dynamic server-side code.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

• A. Store the static files on Amazon S3. Use Amazon
• B. CloudFront to cache objects at the edge.
• C. Store the static files on Amazon S3. Use Amazon ElastiCache to cache objects at the edge.
• D. Store the server-side code on Amazon Elastic File System (Amazon EFS). Mount the EFS volume on each EC2 instance to share the files.
• E. Store the server-side code on Amazon FSx for Windows File Serve
• F. Mount the FSx for Windows File Server volume on each EC2 instance to share the files.
• G. Store the server-side code on a General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volum
• H. Mount the EBS volume on each EC2 instance to share the files.

Answer: AE

NEW QUESTION 2
An image-processing company has a web application that users use to upload images. The application uploads the images into an Amazon S3 bucket. The company has set up S3 event notifications to publish the object creation events to an A company has a service that produces event queue. The SQS queue serves as the event source for an AWS Lambda function that processes the images and sends the results to users through email.
Users report that they are receiving multiple email messages for every uploaded image. A solutions architect determines that SQS messages are invoking the Lambda function more than once, resulting in multiple email messages.
What should the solutions architect do to resolve this issue with the LEAST operational overhead?

• A. Set up long polling in the SQS queue by increasing the ReceiveMessage wait time to 30 seconds.
• B. Change the SQS standard queue to an SQS FIFO queu
• C. Use the message deduplication ID to discard duplicate messages.
• D. Increase the visibility timeout in the SQS queue to a value that is greater than the total of the function timeout and the batch window timeout.
• E. Modify the Lambda function to delete each message from the SQS queue immediately after the message is read before processing.

Answer: B

NEW QUESTION 3
A company has a business-critical application that runs on Amazon bC2 instances. The application stores data m an Amazon DynamoDB table. The company must be able to revert the table to any point within the last 24 hours. Which solution meets these requirements with the LEAST operational overhead?

• A. Configure point-in-time recovery for the fabric
• B. Use AWS Backup for the table
• C. Use an AWS Lambda function to make an on demand backup of the table every hour
• D. Turn on streams on the table to capture a log of all changes to the table in the last 24 hour
• E. Store a copy of the stream in an Amazon S3 bucket

Answer: A

NEW QUESTION 4
A company has two AWS accounts in the same AWS Region. One account is a publisher account, and the other account is a subscriber account Each account has its own Amazon S3 bucket.
An application puts media objects into the publisher account's S3 bucket The objects are encrypted with server-side encryption with customer-provided encryption keys (SSE-C). The company needs a solution that will automatically copy the objects to the subscriber's account's S3 bucket.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Enable S3 Versioning on the publisher account's S3 bucket Configure S3 Same-Region Replication of the objects to the subscriber account's S3 bucket
• B. Create an AWS Lambda function that is invoked when objects are published in the publisher account's S3 bucke
• C. Configure the Lambda function to copy the objects to the subscriber accounts S3 bucket
• D. Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function when objects are published in the publisher account's S3 bucket Configure the Lambda function to copy the objects to the subscriber account's S3 bucket
• E. Configure Amazon EventBridge (Amazon CloudWatch Events) to publish Amazon Simple Notification Service (Amazon SNS) notifications when objects are published in the publisher account's S3 bucket When notifications are received use the S3 console to copy the objects to the subscriber accounts S3 bucket

Answer: B

NEW QUESTION 5
A solutions architect needs to design the architecture for an application that a vendor provides as a Docker container image. The container needs 50 GB of storage.
available for temporary files. The infrastructure must be serverless.
Which solution meets these requirements with the LEAST operational overhead?

• A. Create an AWS Lambda function that uses the Docker container image with an Amazon S3 mounted volume that has more than 50 GB of space.
• B. Create an AWS Lambda function that uses the Docker container image with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of space.
• C. Create an Amazon Elastic Container Service (Amazon ECS) cluster that uses the AWS Fargate launch typ
• D. Create a task definition for the container image with an Amazon Elastic File System (Amazon EFS) volum
• E. Create a service with that task definition.
• F. Create an Amazon Elastic Container Service (Amazon ECS) duster that uses the Amazon EC2 launch type with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of spac
• G. Create a task definition for the container imag
• H. Create a service with that task definition.

Answer: C

NEW QUESTION 6
A company wants to direct its users to a backup static error page if the company's primary website is unavailable. The primary website's DNS records are hosted in Amazon Route 53. The domain is pointing to an Application Load Balancer (ALB). The company needs a solution that minimizes changes and infrastructure overhead.
Which solution will meet these requirements?

• A. Update the Route 53 records to use a latency routing polic
• B. Add a static error page that is hosted in an Amazon S3 bucket to the records so that the traffic is sent to the most responsive endpoints.
• C. Set up a Route 53 active-passive failover configuratio
• D. Direct traffic to a static error page that is hosted in an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy.
• E. Set up a Route 53 active-active configuration with the ALB and an Amazon EC2 instance that hosts a static error page as endpoint
• F. Configure Route 53 to send requests to the instance only if the health checks fail for the ALB.
• G. Update the Route 53 records to use a multivalue answer routing polic
• H. Create a health chec
• I. Direct traffic to the website if the health check passe
• J. Direct traffic to a static error page that is hosted in Amazon S3 if the health check does not pass.

Answer: B

NEW QUESTION 7
A company's web application consists of multiple Amazon EC2 instances that run behind an Application Load Balancer in a VPC. An Amazon ROS for MySQL DB instance contains the data. The company needs the ability to automatically detect and respond to suspicious or unexpected behaviour in its AWS environment the company already has added AWS WAF to its architecture.
What should a solutions architect do next lo protect against threats?

• A. Use Amazon GuardDuty to perform threat detectio
• B. Configure Amazon EventBridge (Amazon CloudWatch Events) to filler for GuardDuty findings and to invoke pin AWS Lambda function to adjust the AWS WAF rules
• C. Use AWS Firewall Manager to perform threat detection Configure Amazon EventBridge (Amazon CloudWatch Events) to filter for Firewall Manager findings and to invoke an AWS Lambda function to adjust the AWS WAF web ACL
• D. Use Amazon Inspector to perform three! detection and to update the AWS WAT rules Create a VPC network ACL to limit access to the web application
• E. Use Amazon Macie to perform throat detection and to update the AWS WAF rules Create a VPC network ACL to limit access to the web application

Answer: A

NEW QUESTION 8
A company is running an ASP.NET MVC application on a single Amazon EC2 instance. A recent increase in application traffic is causing slow response times for users during lunch hours. The company needs to resolve this concern with the least amount of configuration.
What should a solutions architect recommend to meet these requirements?

• A. Move the application to AWS Elastic Beanstal
• B. Configure load-based auto scaling and time-based scaling to handle scaling during lunch hours
• C. Move the application to Amazon Elastic Container Service (Amazon ECS) Create an AWS Lambda function to handle scaling during lunch hours.
• D. Move the application to Amazon Elastic Container Service (Amazon ECS). Configure scheduled scaling for AWS Application Auto Scaling during lunch hours.
• E. Move the application to AWS Elastic Beanstal
• F. Configure load-based auto scaling, and create an AWS Lambda function to handle scaling during lunch hours.

Answer: A

Explanation:
- Scheduled scaling is the solution here, while "using the least amount of settings possible" - Beanstalk vs moving to ECS - ECS requires MORE CONFIGURATION / SETTINGS (task and service definitions, configuring ECS container agent) than Beanstalk (upload application code)
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-cfg-autoscaling-scheduledactions.html Elastic Beanstalk supports time based scaling, since we are aware that the application performance slows down during the lunch hours.
https://aws.amazon.com/about-aws/whats-new/2015/05/aws-elastic-beanstalk-supports-time-based-scaling/

NEW QUESTION 9
A company is designing an application to run in a VPC on AWS The application consists of Amazon EC2 instances that tun in private subnets as part of an Auto Scaling group The application also includes a Network Load Balancer that extends across public subnets The application stores data in an Amazon RDS OB instance
The company has attached a security group that is named "web-servers' to the EC2 instances. The company has attached a security group that is named "database" to the DB Instance.
How should a solutions architect configure the communication between the EC2 instances and the DB instance?

• A. Configure the "web-servers* security group (o allow access lo the OB instance's current IP addresses Configure the "database" security group to allow access from the current set of IP addresses in use by the EC? instances
• B. Configure the "web-servers" security group to allow access to the "database" security group Configure the "database" security group to allow access from the "web-servers" security group
• C. Configure the "web-servers" security group to allow access to the DB instance's current IP addresses Configure the "database" security group to allow access from the Auto Scaling group
• D. Configure the "web servers" security group to allow access to the "database" security group Configure the "database" security group to allow access from the Auto Scaling group

Answer: C

NEW QUESTION 10
A company wants to use Amazon S3 for the secondary copy of itdataset. The company would rarely need to access this copy. The storage solution’s
cost should be minimal.
Which storage solution meets these requirements?

• A. S3 Standard
• B. S3 Intelligent-Tiering
• C. S3 Standard-Infrequent Access (S3 Standard-IA)
• D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: C

NEW QUESTION 11
A solutions architect is designing a new hybrid architecture to extend a company s on-premises infrastructure to AWS The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails.
What should the solutions architect do to meet these requirements?

• A. Provision an AWS Direct Connect connection to a Region Provision a VPN connection as a backup if the primary Direct Connect connection fails.
• B. Provision a VPN tunnel connection to a Region for private connectivit
• C. Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails.
• D. Provision an AWS Direct Connect connection to a Region Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails.
• E. Provision an AWS Direct Connect connection to a Region Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.

Answer: A

Explanation:
Explanation
"In some cases, this connection alone is not enough. It is always better to guarantee a fallback connection as the backup of DX. There are several options, but implementing it with an AWS Site-To-Site VPN is a real
cost-effective solution that can be exploited to reduce costs or, in the meantime, wait for the setup of a second DX."
https://www.proud2becloud.com/hybrid-cloud-networking-backup-aws-direct-connect-network-connection-with

NEW QUESTION 12
A company needs to review its AWS Cloud deployment to ensure that its Amazon S3 buckets do not have unauthorized configuration changes.
What should a solutions architect do to accomplish this goal?

• A. Turn on AWS Config with the appropriate rules.
• B. Turn on AWS Trusted Advisor with the appropriate checks.
• C. Turn on Amazon Inspector with the appropriate assessment template.
• D. Turn on Amazon S3 server access loggin
• E. Configure Amazon EventBridge (Amazon Cloud Watch Events).

Answer: A

NEW QUESTION 13
A company runs us two-tier ecommerce website on AWS The web tier consists of a load balancer that sends traffic to Amazon EC2 instances The database tier uses an Amazon RDS D8 instance The EC2 instances and the ROS DB instance should not be exposed to the public internet The EC2 instances require internet access to complete payment processing of orders through a third-party web service The application must be highly available
Which combination of configuration options will meet these requirements? (Select TWO.)

• A. Use an Auto Scaling group to launch the EC2 Instances in private subnets Deploy an RDS Mulli-AZ DB instance in private subnets
• B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the private subnets
• C. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones Deploy an RDS Multi-AZ DB instance in private subnets
• D. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the public subnet
• E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the public subnets

Answer: AE

NEW QUESTION 14
A company has an on-premises application that generates a large amount of time-sensitive data that is backed up to Amazon S3. The application has grown and there are user complaints about internet bandwidth limitations. A solutions architect needs to design a long-term solution that allows for both timely backups to Amazon S3 and with minimal impact on internet connectivity for internal users.
Which solution meets these requirements?

• A. Establish AWS VPN connections and proxy all traffic through a VPC gateway endpoint
• B. Establish a new AWS Direct Connect connection and direct backup traffic through this new connection.
• C. Order daily AWS Snowball devices Load the data onto the Snowball devices and return the devices to AWS each day.
• D. Submit a support ticket through the AWS Management Console Request the removal of S3 service limits from the account.

Answer: B

NEW QUESTION 15
A company hosts a serverless application on AWS. The application uses Amazon API Gateway. AWS Lambda, and an Amazon RDS for PostgreSQL database. The company notices an increase in application errors that result from database connection timeouts during times of peak traffic or unpredictable traffic. The company needs a solution that reduces the application failures with the least amount of change to the code.
What should a solutions architect do to meet these requirements?

• A. Reduce the Lambda concurrency rate.
• B. Enable RDS Proxy on the RDS DB instance.
• C. Resize the ROS DB instance class to accept more connections.
• D. Migrate the database to Amazon DynamoDB with on-demand scaling

Answer: B

NEW QUESTION 16
A company is building a containerized application on premises and decides to move the application to AWS. The application will have thousands of users soon after li is deployed. The company Is unsure how to manage the deployment of containers at scale. The company needs to deploy the containerized application in a highly available architecture that minimizes operational overhead.
Which solution will meet these requirements?

• A. Store container images In an Amazon Elastic Container Registry (Amazon ECR) repositor
• B. Use an Amazon Elastic Container Service (Amazon ECS) cluster with the AWS Fargate launch type to run the container
• C. Use target tracking to scale automatically based on demand.
• D. Store container images in an Amazon Elastic Container Registry (Amazon ECR) repositor
• E. Use an Amazon Elastic Container Service (Amazon ECS) cluster with the Amazon EC2 launch type to run the container
• F. Use target tracking to scale automatically based on demand.
• G. Store container images in a repository that runs on an Amazon EC2 instanc
• H. Run the containers on EC2 instances that are spread across multiple Availability Zone
• I. Monitor the average CPU utilization in Amazon CloudWatc
• J. Launch new EC2 instances as needed
• K. Create an Amazon EC2 Amazon Machine Image (AMI) that contains the container image Launch EC2 Instances in an Auto Scaling group across multiple Availability Zone
• L. Use an Amazon CloudWatch alarm to scale out EC2 instances when the average CPU utilization threshold is breached.

Answer: A

NEW QUESTION 17
A company hosts an application on AWS Lambda functions mat are invoked by an Amazon API Gateway API The Lambda functions save customer data to an Amazon Aurora MySQL database Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete The result is that customer data Is not recorded for some of the event
A solutions architect needs to design a solution that stores customer data that is created during database upgrades
Which solution will meet these requirements?

• A. Provision an Amazon RDS proxy to sit between the Lambda functions and the database Configure the Lambda functions to connect to the RDS proxy
• B. Increase the run time of me Lambda functions to the maximum Create a retry mechanism in the code that stores the customer data in the database
• C. Persist the customer data to Lambda local storag
• D. Configure new Lambda functions to scan the local storage to save the customer data to the database.
• E. Store the customer data m an Amazon Simple Queue Service (Amazon SOS) FIFO queue Create a new Lambda function that polls the queue and stores the customer data in the database

Answer: C

NEW QUESTION 18
A company stores call transcript files on a monthly basis. Users access the files randomly within 1 year of the call, but users access the files infrequently after 1 year. The company wants to optimize its solution by giving users the ability to query and retrieve files that are less than 1-year-old as quickly as possible. A delay in retrieving older files is acceptable.
Which solution will meet these requirements MOST cost-effectively?

• A. Store individual files with tags in Amazon S3 Glacier Instant Retrieva
• B. Query the tags to retrieve the files from S3 Glacier Instant Retrieval.
• C. Store individual files in Amazon S3 Intelligent-Tierin
• D. Use S3 Lifecycle policies to move the files to S3 Glacier Flexible Retrieval after 1 yea
• E. Query and retrieve the files that are in Amazon S3 by using Amazon Athen
• F. Query and retrieve the files that are in S3 Glacier by using S3 Glacier Select.
• G. Store individual files with tags in Amazon S3 Standard storag
• H. Store search metadata for each archive in Amazon S3 Standard storag
• I. Use S3 Lifecycle policies to move the files to S3 Glacier Instant Retrieval after 1 yea
• J. Query and retrieve the files by searching for metadata from Amazon S3.
• K. Store individual files in Amazon S3 Standard storag
• L. Use S3 Lifecycle policies to move the files to S3 Glacier Deep Archive after 1 yea
• M. Store search metadata in Amazon RD
• N. Query the files from Amazon RD
• O. Retrieve the files from S3 Glacier Deep Archive.

Answer: C

NEW QUESTION 19
A company has enabled AWS CloudTrail logs to deliver log files to an Amazon S3 bucket for each of its developer accounts. The company has created a central AWS account for streamlining management and audit reviews An internal auditor needs to access the CloudTrail logs yet access needs to be restricted for all developer account users The solution must be secure and optimized
How should a solutions architect meet these requirements?

• A. Configure an AWS Lambda function m each developer account to copy the log files to the central account Create an IAM role in the central account for the auditor Attach an IAM policy providing read-only permissions to the bucket
• B. Configure CloudTrail from each developer account to deliver the log files to an S3 bucket m the central account Create an IAM user in the central account for the auditor Attach an IAM policy providing full permissions to the bucket
• C. Configure CloudTrail from each developer account to deliver the log files to an S3 bucket in the central account Create an IAM role in the central account for the auditor Attach an IAM policy providingread-only permissions to the bucket
• D. Configure an AWS Lambda function in the central account to copy the log files from the S3 bucket m each developer account Create an IAM user m the central account for the auditor Attach an IAM policy providing full permissions to the bucket

Answer: C

Explanation:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-sharing-logs.html

NEW QUESTION 20
A company is building a solution that will report Amazon EC2 Auto Scaling events across all the applications In an AWS account. The company needs to use a serverless solution to store the EC2 Auto Scaling status data in Amazon S3 The company then will use the data m Amazon S3 to provide near-real time updates in a dashboard The solution must not affect the speed of EC2 instance launches.
How should the company move the data to Amazon S3 to meet these requirements?

• A. Use an Amazon CioudWatch metric stream to send the EC2 Auto Scaling status data to Amazon Kinesis Data Firehose Store the data in Amazon S3
• B. Launch an Amazon EMR duster to collect the EC2 Auto Scaling status data and send the data to Amazon Kinesis Data Firehose Store the data in Amazon S3
• C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda (unction on a schedule Configure the Lambda function to send the EC2 Auto Scaling status data directly to Amazon S3
• D. Use a bootstrap script during the launch of an EC2 instance to install Amazon Kinesis Agent Configure Kinesis Agent to collect the EC2 Auto Scaling status data and send the data to Amazon Kinesis Data Firehose Store the data in Amazon S3

Answer: B

NEW QUESTION 21
......