Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Amazon
  3. AWS Certified Solutions Architect - Associate SAA-C03

Amazon AWS Certified Solutions Architect - Associate SAA-C03 AWS Certified Solutions Architect - Associate SAA-C03 Exam Questions in PDF

Free Amazon AWS Certified Solutions Architect - Associate SAA-C03 Dumps Questions (page: 12)

AWS Certified Solutions Architect - Associate SAA-C03 PDF — 903 Questions

A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.
What should a solutions architect do to secure the audit documents?

  1. Enable the versioning and MFA Delete features on the S3 bucket.
  2. Enable multi-factor authentication (MFA) on the IAM user credentials for each audit team IAM user account.
  3. Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3:DeleteObject action during audit dates.
  4. Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit team IAM user accounts from accessing the KMS key.

Answer(s): A

Explanation:

Enabling versioning and MFA Delete protects objects from accidental deletion and requires additional authentication for deletion, providing a robust, data-protective layer beyond IAM least privilege.
A) Correct: Versioning preserves previous object versions; MFA Delete enforces deletion requests with MFA, preventing accidental or malicious deletions.
B) MFA on IAM users prevents sign-in, not deletion actions unless MFA Delete is enabled; it does not enforce object-level safeguards.
C) Lifecycle policies manage transitions/deletions by time, not per-action denial; they cannot selectively deny DeleteObject for audit dates.
D) KMS encryption protects data at rest but does not prevent deletions; access to keys can’t alone block DeleteObject actions.



A company is using a SQL database to store movie data that is publicly accessible. The database runs on an Amazon RDS Single-AZ DB instance. A script runs queries at random intervals each day to record the number of new movies that have been added to the database. The script must report a final total during business hours.
The company's development team notices that the database performance is inadequate for development tasks when the script is running. A solutions architect must recommend a solution to resolve this issue.
Which solution will meet this requirement with the LEAST operational overhead?

  1. Modify the DB instance to be a Multi-AZ deployment.
  2. Create a read replica of the database. Configure the script to query only the read replica.
  3. Instruct the development team to manually export the entries in the database at the end of each day.
  4. Use Amazon ElastiCache to cache the common queries that the script runs against the database.

Answer(s): B

Explanation:

The correct answer is B. Creating a read replica allows the script to run queries against the replica, offloading read traffic from the primary DB instance and improving performance during development tasks, with minimal operational overhead.
A) Multi-AZ improves high availability and db failover, not read traffic scaling, and adds some overhead without addressing read workload separation.
C) Manual daily exports add significant operational overhead and potential inconsistencies; not scalable or automatic.
D) ElastiCache caching helps with repeated reads but introduces cache coherence and added complexity; using a read replica is simpler and more direct for read-heavy workloads.



A company has applications that run on Amazon EC2 instances in a VPC. One of the applications needs to call the Amazon S3 API to store and read objects. According to the company's security regulations, no traffic from the applications is allowed to travel across the internet.
Which solution will meet these requirements?

  1. Configure an S3 gateway endpoint.
  2. Create an S3 bucket in a private subnet.
  3. Create an S3 bucket in the same AWS Region as the EC2 instances.
  4. Configure a NAT gateway in the same subnet as the EC2 instances.

Answer(s): A

Explanation:

S3 gateway endpoint provides private, region-local routing to S3 over the AWS network without traversing the internet, meeting the no-internet requirement.
A) S3 gateway endpoint is correct: uses VPC endpoint to S3 via AWS backbone, ensuring traffic never leaves AWS.
B) A private subnet alone does not prevent internet egress; unless paired with a VPC endpoint or security controls, requests can still reach the internet.
C) Bucket region alignment doesn’t affect data path; traffic could still go via the internet unless a VPC endpoint is used.
D) NAT gateway enables internet access for private subnets, which violates the no-internet requirement.



A company is storing sensitive user information in an Amazon S3 bucket. The company wants to provide secure access to this bucket from the application tier running on Amazon EC2 instances inside a VPC.
Which combination of steps should a solutions architect take to accomplish this? (Choose two.)

  1. Configure a VPC gateway endpoint for Amazon S3 within the VPC.
  2. Create a bucket policy to make the objects in the S3 bucket public.
  3. Create a bucket policy that limits access to only the application tier running in the VP
  4. Create an IAM user with an S3 access policy and copy the IAM credentials to the EC2 instance.
  5. Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket.

Answer(s): A,C

Explanation:

A) A VPC gateway endpoint for Amazon S3 within the VPC allows private, regionally-routeable access to S3 without traversing the public internet, ensuring secure access from EC2 in the VPC.
C) A bucket policy that limits access to only the application tier running in the VPC (e.g., IAM role or VPC principal) enforces least privilege and ensures only trusted sources within the VPC can access the bucket.
B) Makes objects public—breaches confidentiality.
D) Embedding IAM credentials on EC2 is insecure and not recommended; use instance roles.
E) NAT is unnecessary for S3 access within a VPC and adds cost and complexity.



A company runs an on-premises application that is powered by a MySQL database. The company is migrating the application to AWS to increase the application's elasticity and availability.
The current architecture shows heavy read activity on the database during times of normal operation. Every 4 hours, the company's development team pulls a full export of the production database to populate a database in the staging environment. During this period, users experience unacceptable application latency. The development team is unable to use the staging environment until the procedure completes.
A solutions architect must recommend replacement architecture that alleviates the application latency issue. The replacement architecture also must give the development team the ability to continue using the staging environment without delay.
Which solution meets these requirements?

  1. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.
  2. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production. Use database cloning to create the staging database on-demand.
  3. Use Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for production. Use the standby instance for the staging database.
  4. Use Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for production. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.

Answer(s): B

Explanation:

Aurora MySQL with on-demand cloning provides low-latency reads and can create a fast, isolated staging copy without impacting production, meeting elasticity and zero-wait staging access.
A) Uses backup/restore with mysqldump, which is slow and volume-intensive, causing latency during production export and delaying staging access.
C) RDS MySQL with Multi-AZ and read replicas adds complexity and still relies on backup/restore for staging; standby cannot be used for a live staging clone.
D) Similar to C, relies on mysqldump for staging data, introducing heavy I/O and latency during export, delaying staging access.



A company is designing an application where users upload small files into Amazon S3. After a user uploads a file, the file requires one-time simple processing to transform the data and save the data in JSON format for later analysis.
Each file must be processed as quickly as possible after it is uploaded. Demand will vary. On some days, users will upload a high number of files. On other days, users will upload a few files or no files.
Which solution meets these requirements with the LEAST operational overhead?

  1. Configure Amazon EMR to read text files from Amazon S3. Run processing scripts to transform the data. Store the resulting JSON file in an Amazon Aurora DB cluster.
  2. Configure Amazon S3 to send an event notification to an Amazon Simple Queue Service (Amazon SQS) queue. Use Amazon EC2 instances to read from the queue and process the data. Store the resulting JSON file in Amazon DynamoD
  3. Configure Amazon S3 to send an event notification to an Amazon Simple Queue Service (Amazon SQS) queue. Use an AWS Lambda function to read from the queue and process the data. Store the resulting JSON file in Amazon DynamoDB.
  4. Configure Amazon EventBridge (Amazon CloudWatch Events) to send an event to Amazon Kinesis Data Streams when a new file is uploaded. Use an AWS Lambda function to consume the event from the stream and process the data. Store the resulting JSON file in an Amazon Aurora DB cluster.

Answer(s): C

Explanation:

S3 event-driven processing with Lambda provides near-real-time handling, serverless scaling for variable demand, and minimal operational overhead. Using SQS with Lambda (option C) ensures asynchronous, decoupled processing of each uploaded file and Lambda scales automatically to the event rate; storing JSON in DynamoDB suits small, fast lookups and is fully managed.
A) EMR is heavy, requires cluster management, and is unsuitable for simple one-time processing with variable load.
B) EC2-based processing adds maintenance, scaling, and higher overhead than serverless.
D) EventBridge to Kinesis adds unnecessary components and complexity; Aurora introduces relational storage with more management.



An application allows users at a company's headquarters to access product data. The product data is stored in an Amazon RDS MySQL DB instance. The operations team has isolated an application performance slowdown and wants to separate read traffic from write traffic. A solutions architect needs to optimize the application's performance quickly.
What should the solutions architect recommend?

  1. Change the existing database to a Multi-AZ deployment. Serve the read requests from the primary Availability Zone.
  2. Change the existing database to a Multi-AZ deployment. Serve the read requests from the secondary Availability Zone.
  3. Create read replicas for the database. Configure the read replicas with half of the compute and storage resources as the source database.
  4. Create read replicas for the database. Configure the read replicas with the same compute and storage resources as the source database.

Answer(s): D

Explanation:

A) D) incorrect to start; A and B discuss Multi-AZ but read/write separation via AZ placement is not how reads are scaled in RDS; Multi-AZ provides high availability, not read offload.
C) Incorrect: read replicas typically have same or scaled resources; halving resources can cause underprovisioning and latency; not a recommended quick optimization.
D) Correct: creating read replicas provides true read offload from the primary, enabling separation of read traffic without impacting write performance; maintaining same compute/storage ensures consistent performance and reduces configuration risk.



An Amazon EC2 administrator created the following policy associated with an IAM group containing several users:
What is the effect of this policy?

  1. Users can terminate an EC2 instance in any AWS Region except us-east-1.
  2. Users can terminate an EC2 instance with the IP address 10.100.100.1 in the us-east-1 Region.
  3. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.
  4. Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.

Answer(s): C

Explanation:

The policy allows terminating EC2 instances in us-east-1 only when the source IP matches 10.100.100.254, so option C is correct.
A) Incorrect because it restricts by region and IP; policy does not grant termination in all regions or exclude us-east-1.
B) Incorrect because it allows termination by a specific private IP, not the exact instance IP; IAM policies typically control by source IP range, not instance IP, and the stated IP doesn’t match the condition.
D) Incorrect because it states a prohibition; the policy grants permission under a specific source IP, not a blanket deny for that region.



Viewing page 12 of 129

Share your comments for Amazon AWS Certified Solutions Architect - Associate SAA-C03 exam with other users:

A
Amitabha Roy
10/5/2023 3:16:00 AM

planning to attempt for the exam.

Anonymous
AI Tutor 👋 I’m here to help!