SAA-C03 Exam - AWS Certified Solutions Architect - Associate (SAA-C03)

NEW QUESTION 1
A company has an application with a REST-based interface that allows data to be received in near-real time from a third-party vendor Once received the application processes and stores the data for further analysis. The application is running on Amazon EC2 instances.
The third-party vendor has received many 503 Service Unavailable Errors when sending data to the application When the data volume spikes, the compute capacity reaches its maximum limit and the application is unable to process all requests.
Which design should a solutions architect recommend to provide a more scalable solution?

• A. Use Amazon Kinesis Data Streams to ingest the data Process the data using AWS Lambda function.
• B. Use Amazon API Gateway on top of the existing applicatio
• C. Create a usage plan with a quota limit for the third-party vendor
• D. Use Amazon Simple Notification Service (Amazon SNS) to ingest the data Put the EC2 instances in an Auto Scaling group behind an Application Load Balancer
• E. Repackage the application as a container Deploy the application using Amazon Elastic Container Service (Amazon ECS) using the EC2 launch type with an Auto Scaling group

Answer: A

NEW QUESTION 2
A company runs multiple Windows workloads on AWS. The company’s employees use Windows the file shares that are hosted on two Amazon EC2 instances. The file shares synchronize data between themselves and maintain duplicate copies. The company wants a highly available and durable storage solution that preserves how users currently access the files.

• A. Migrate all the data to Amazon S3 Set up IAM authentication for users to access files
• B. Set up an Amazon S3 File Gatewa
• C. Mount the S3 File Gateway on the existing EC2 Instances.
• D. Extend the file share environment to Amazon FSx for Windows File Server with a Multi-AZ configuratio
• E. Migrate all the data to FSx for Windows File Server.
• F. Extend the file share environment to Amazon Elastic File System (Amazon EFS) with a Multi-AZ configuratio
• G. Migrate all the data to Amazon EFS.

Answer: C

NEW QUESTION 3
A company wants to create a mobile app that allows users to stream slow-motion video clips on their mobile devices Currently, the app captures video clips and uploads the video clips in raw format into an Amazon S3 bucket The app retrieves these video clips directly from the S3 bucket. However the videos are large in their raw format.
Users are experiencing issues with buffering and playback on mobile devices. The company wants to implement solutions to maximize the performance and scalability of the app while minimizing operational overhead
Which combination of solutions will meet these requirements? (Select TWO.)

• A. Deploy Amazon CloudFront for content delivery and caching
• B. Use AWS DataSync to replicate the video files across AWS Regions in other S3 buckets
• C. Use Amazon Elastic Transcoder to convert the video files to more appropriate formats
• D. Deploy an Auto Scaling group of Amazon EC2 instances in Local Zones for content delivery and caching
• E. Deploy an Auto Scaling group of Amazon EC2 instances to convert the video files to more appropriate formats

Answer: CD

NEW QUESTION 4
A company maintains a searchable repository of items on its website. The data is stored in an Amazon RDS for MySQL database table that contains more than 10 million rows The database has 2 TB of General Purpose SSD storage There are millions of updates against this data every day through the company's website
The company has noticed that some insert operations are taking 10 seconds or longer The company has determined that the database storage performance is the problem
Which solution addresses this performance issue?

• A. Change the storage type to Provisioned IOPS SSD
• B. Change the DB instance to a memory optimized instance class
• C. Change the DB instance to a burstable performance instance class
• D. Enable Multi-AZ RDS read replicas with MySQL native asynchronous replication.

Answer: A

Explanation:
Explanation
https://aws.amazon.com/ebs/features/
"Provisioned IOPS volumes are backed by solid-state drives (SSDs) and are the highest performance EBS volumes designed for your critical, I/O intensive database applications. These volumes are ideal for both IOPS-intensive and throughput-intensive workloads that require extremely low latency."

NEW QUESTION 5
A company that primarily runs its application servers on premises has deeded to migrate to AWS. The company wants to minimize its need to scale its Internet Small Computer Systems Interface (iSCSI) storage on premises. The company wants only its recently accessed data to remain stored locally
Which AWS solution should the company use to meet these requirements?

• A. Amazon S3 File Gateway
• B. AWS Storage Gateway Tape Gateway
• C. AWS Storage Gateway Volume Gateway stored volumes
• D. AWS Storage Gateway Volume Gateway cached volumes

Answer: D

NEW QUESTION 6
A company is designing an application to run in a VPC on AWS The application consists of Amazon EC2 instances that tun in private subnets as part of an Auto Scaling group The application also includes a Network Load Balancer that extends across public subnets The application stores data in an Amazon RDS OB instance
The company has attached a security group that is named "web-servers' to the EC2 instances. The company has attached a security group that is named "database" to the DB Instance.
How should a solutions architect configure the communication between the EC2 instances and the DB instance?

• A. Configure the "web-servers* security group (o allow access lo the OB instance's current IP addresses Configure the "database" security group to allow access from the current set of IP addresses in use by the EC? instances
• B. Configure the "web-servers" security group to allow access to the "database" security group Configure the "database" security group to allow access from the "web-servers" security group
• C. Configure the "web-servers" security group to allow access to the DB instance's current IP addresses Configure the "database" security group to allow access from the Auto Scaling group
• D. Configure the "web servers" security group to allow access to the "database" security group Configure the "database" security group to allow access from the Auto Scaling group

Answer: C

NEW QUESTION 7
A company has a three-tier web application that is deployed on AWS. The web servers are deployed in a public subnet in a VPC. The application servers and database servers are deployed in private subnets in the same VPC. The company has deployed a third-party virtual firewall appliance from AWS Marketplace in an inspection VPC. The appliance is configured with an IP interface that can accept IP packets.
A solutions architect needs to Integrate the web application with the appliance to inspect all traffic to the application before the traffic teaches the web server. Which solution will moot these requirements with the LEAST operational overhead?

• A. Create a Network Load Balancer the public subnet of the application's VPC to route the traffic lo the appliance for packet inspection
• B. Create an Application Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection
• C. Deploy a transit gateway m the inspection VPC Configure route tables to route the incoming pockets through the transit gateway
• D. Deploy a Gateway Load Balancer in the inspection VPC Create a Gateway Load Balancer endpoint to receive the incoming packets and forward the packets to the appliance

Answer: D

NEW QUESTION 8
A company collects temperature, humidity, and atmospheric pressure data in cities across multiple
continents. The average volume of data collected per site each day is 500 GB. Each site has a highspeed
internet connection. The company's weather forecasting applications are based in a single Region and analyze the data daily.
What is the FASTEST way to aggregate data from all of these global sites?

• A. Enable Amazon S3 Transfer Acceleration on the destination bucke
• B. Use multipart uploads todirectly upload site data to the destination bucket.
• C. Upload site data to an Amazon S3 bucket in the closest AWS Regio
• D. Use S3 cross-Regionreplication to copy objects to the destination bucket.
• E. Schedule AWS Snowball jobs daily to transfer data to the closest AWS Regio
• F. Use S3 cross-Regionreplication to copy objects to the destination bucket.
• G. Upload the data to an Amazon EC2 instance in the closest Regio
• H. Store the data in an AmazonElastic Block Store (Amazon EBS) volum
• I. Once a day take an EBS snapshot and copy it to thecentralized Regio
• J. Restore the EBS volume in the centralized Region and run an analysis on the datadaily.

Answer: A

Explanation:
Explanation
You might want to use Transfer Acceleration on a bucket for various reasons, including the following:
You have customers that upload to a centralized bucket from all over the world.
You transfer gigabytes to terabytes of data on a regular basis across continents.
You are unable to utilize all of your available bandwidth over the Internet when uploading to Amazon
S3.
https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html
https://aws.amazon.com/s3/transferacceleration/#:~:text=S3%20Transfer%20Acceleration%20(S3TA)%20reduces,to%20S3%20for%20remote%20applications:
"Amazon S3 Transfer Acceleration can speed up content transfers to and from Amazon S3 by as much
as 50-500% for long-distance transfer of larger objects. Customers who have either web or mobile
applications with widespread users or applications hosted far away from their S3 bucket can experience long and variable upload and download speeds over the Internet"
https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html
"Improved throughput - You can upload parts in parallel to improve throughput."

NEW QUESTION 9
A company is building an application in the AWS Cloud. The application will store data in Amazon S3 buckets in two AWS Regions. The company must use an AWS Key Management Service (AWS KMS) customer managed key to encrypt
all data that is stored in the S3 buckets. The data in both S3 buckets must be encrypted and decrypted with the same KMS key. The data and the key must be stored in each of the two Regions.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Create an S3 bucket in each Region Configure the S3 buckets to use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) Configure replication between the S3 buckets.
• B. Create a customer managed multi-Region KMS ke
• C. Create an S3 bucket in each Regio
• D. Configure replication between the S3 bucket
• E. Configure the application to use the KMS key with client-side encryption.
• F. Create a customer managed KMS key and an S3 bucket in each Region Configure the S3 buckets to use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) Configure replication between the S3 buckets.
• G. Create a customer managed KMS key and an S3 bucket m each Region Configure the S3 buckets to use server-side encryption with AWS KMS keys (SSE-KMS) Configure replication between the S3 buckets.

Answer: C

Explanation:
Explanation
From https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.htmlFor most users, the default AWS KMS key store, which is protected by FIPS 140-2 validatedcryptographic modules, fulfills their security requirements. There is no need to add an extra layer ofmaintenance responsibility or a dependency on an additional service. However, you might considercreating a custom key store if your organization has any of the following requirements: Key materialcannot be stored in a shared environment. Key material must be subject to a secondary, independentaudit path. The HSMs that generate and store key material must be certified at FIPS 140-2 Level 3.
https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html

NEW QUESTION 10
A company runs an on-premises application that is powered by a MySQL database The company is migrating the application to AWS to Increase the application's elasticity and availability
The current architecture shows heavy read activity on the database during times of normal operation Every 4 hours the company's development team pulls a full export of the production database to populate a database in the staging environment During this period, users experience unacceptable application latency The development team is unable to use the staging environment until the procedure completes
A solutions architect must recommend replacement architecture that alleviates the application latency issue The replacement architecture also must give the development team the ability to continue using the staging environment without delay
Which solution meets these requirements?

• A. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for productio
• B. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.
• C. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production Use database cloning to create the staging database on-demand
• D. Use Amazon RDS for MySQL with a Mufti AZ deployment and read replicas for production Use the standby instance tor the staging database.
• E. Use Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for productio
• F. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.

Answer: C

NEW QUESTION 11
A company wants to reduce the cost of its existing three-tier web architect. The web, application, and database servers are running on Amazon EC2 instance EC2 instance for the development, test and production environments. The EC2 instances average 30% CPU utilization during peak hours and 10% CPU utilization during non-peak hours.
The production EC2 instance purchasing solution will meet the company’s requirements MOST cost-effectively?

• A. Use Spot Instances for the production EC2 instance
• B. Use Reserved Instances for the development and test EC2 instances
• C. Use Reserved Instances for the production EC2 instance
• D. Use On-Demand Instances for the development and test EC2 instances
• E. Use blocks for the production FC2 ins ranges Use Reserved instances for the development and lest EC2 instances
• F. Use On-Demand Instances for the production EC2 instance
• G. Use Spot blocks for the development and test EC2 instances

Answer: B

NEW QUESTION 12
A company is implementing a shared storage solution for a media application that is hosted m the AWS Cloud The company needs the ability to use SMB clients to access data The solution must he fully managed.
Which AWS solution meets these requirements?

• A. Create an AWS Storage Gateway volume gatewa
• B. Create a file share that uses the required client protocol Connect the application server to the tile share.
• C. Create an AWS Storage Gateway tape gateway Configure (apes to use Amazon S3 Connect the application server lo the tape gateway
• D. Create an Amazon EC2 Windows instance Install and configure a Windows file share role on the instanc
• E. Connect the application server to the file share.
• F. Create an Amazon FSx for Windows File Server tile system Attach the fie system to the origin server.Connect the application server to the tile system

Answer: D

NEW QUESTION 13
A company has an application that loads documents into an Amazon 53 bucket and converts the documents into another format. The application stores the converted documents m another S3 bucket and saves the document name and URLs in an Amazon DynamoOB table The DynamoOB entries are used during subsequent days to access the documents The company uses a DynamoOB Accelerator (DAX) cluster in front of the table
Recently, traffic to the application has increased. Document processing tasks are timing out during the scheduled DAX maintenance window. A solutions architect must ensure that the documents continue to load during the maintenance window
What should the solutions architect do to accomplish this goal?

• A. Modify the application to write to the DAX cluster Configure the DAX cluster to write to the DynamoDB table when the maintenance window is complete
• B. Enable Amazon DynamoDB Streams for the DynamoDB tabl
• C. Modify the application to write to the stream Configure the stream to load the data when the maintenance window is complete.
• D. Convert the application to an AWS Lambda function Configure the Lambda function runtime to be longer than the maintenance window Create an Amazon CloudWatch alarm to monitor Lambda timeouts
• E. Modify the application to write the document name and URLs to an Amazon Simple Queue Service (Amazon SOS) queue Create an AWS Lambda function to read the SOS queue and write to DynamoDB.

Answer: C

NEW QUESTION 14
A company's order system sends requests from clients to Amazon EC2 instances The EC2 instances process the orders and then store the orders in a database on Amazon RDS. Users report that they must reprocess orders when the system fails. The company wants a resilient solution that can process orders automatically if a system outage occurs.
What should a solutions architect do to meet these requirements?

• A. Move the EC2 instances Into an Auto Scaling grou
• B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to target an Amazon Elastic Container Service (Amazon ECS) task
• C. Move the EC2 instances into an Auto Seating group behind an Application Load Balancer (Al B) Update the order system to send message to the ALB endpoint
• D. Move the EC2 instances into an Auto Scaling grou
• E. Configure the order system to send messages to an Amazon Simple Queue Service (Amazon SGS) queu
• F. Configure the EC2 instances to consume messages from the queue.
• G. Create an Amazon Simple Notification Service (Amazon SNS) topi
• H. Create an AWS Lambda function, and subscribe the function to the SNS topic Configure (he order system to send messages to the SNS topi
• I. Send a command to the EC2 instances to process the messages by using AWS Systems Manager Run Command

Answer: C

NEW QUESTION 15
A solutions architect is designing a two-tier web application The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet Security is a high priority for the company
How should security groups be configured in this situation? (Select TWO )

• A. Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.
• B. Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0.
• C. Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.
• D. Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier.
• E. Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier.

Answer: AC

Explanation:
"Security groups create an outbound rule for every inbound rule." Not completely right. Statefull does NOT mean that if you create an inbound (or outbound) rule, it will create an outbound (or inbound) rule. What it does mean is: suppose you create an inbound rule on port 443 for the X ip. When a request enters on port 443 from X ip, it will allow traffic out for that request in the port 443. However, if you look at the outbound rules, there will not be any outbound rule on port 443 unless explicitly create it. In ACLs, which are stateless, you would have to create an inbound rule to allow incoming requests and an outbound rule to allow your application responds to those incoming requests.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRules

NEW QUESTION 16
A hospital wants to create digital copies for its large collection of historical written records. The hospital will continue to add hundreds of new documents each day. The hospital's data team will scan the documents and will upload the documents to the AWS Cloud.
A solutions architect must implement a solution to analyze the documents: extract the medical information, and store the documents so that an application can run SQL queries on the data The solution must maximize scalability and operational efficiency
Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

• A. Write the document information to an Amazon EC2 instance that runs a MySQL database
• B. Write the document information to an Amazon S3 bucket Use Amazon Athena to query the data
• C. Create an Auto Scaling group of Amazon EC2 instances to run a custom application that processes the scanned files and extracts the medical information.
• D. Create an AWS Lambda function that runs when new documents are uploaded Use Amazon Rekognition to convert the documents to raw text Use Amazon Transcribe Medical to detect and extract relevant medical Information from the text.
• E. Create an AWS Lambda function that runs when new documents are uploaded Use Amazon Textract to convert the documents to raw text Use Amazon Comprehend Medical to detect and extract relevant medical information from the text

Answer: AE

NEW QUESTION 17
A solution architect is using an AWS CloudFormation template to deploy a three-tier web application. The web application consist of a web tier and an application that stores and retrieves user data in Amazon DynamoDB tables. The web and application tiers are hosted on Amazon EC2 instances, and the database tier is not publicly accessible. The application EC2 instances need to access the Dynamo tables Without exposing API credentials in the template.
What should the solution architect do to meet the requirements?

• A. Create an IAM role to read the DynamoDB table
• B. Associate the role with the application instances by referencing an instance profile.
• C. Create an IAM role that has the required permissions to read and write from the DynamoDB table
• D. Add the role to the EC2 instance profile, and associate the instances profile with the application instances.
• E. Use the parameter section in the AWS CloudFormation template to have the user input access and secret keys from an already-created IAM user that has the required permissions to read and write from the DynamoDB tables.
• F. Create an IAM user in the AWS CloudFormation template that has the required permissions to read and write from the DynamoDB table
• G. Use the GetAtt function to retrieve the access secret keys, and pass them to the application instances through the user data.

Answer: B

NEW QUESTION 18
......