Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Amazon
  3. AWS Certified Solutions Architect - Associate SAA-C03

Amazon AWS Certified Solutions Architect - Associate SAA-C03 AWS Certified Solutions Architect - Associate SAA-C03 Exam Questions in PDF

Free Amazon AWS Certified Solutions Architect - Associate SAA-C03 Dumps Questions (page: 13)

AWS Certified Solutions Architect - Associate SAA-C03 PDF — 903 Questions

A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options. The storage solution must be highly available and integrated with Active Directory for access control.
Which solution will satisfy these requirements?

  1. Configure Amazon EFS storage and set the Active Directory domain for authentication.
  2. Create an SMB file share on an AWS Storage Gateway file gateway in two Availability Zones.
  3. Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume.
  4. Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.

Answer(s): D

Explanation:

FSx for Windows File Server provides a fully managed Windows file server with native SMB support and native integration with Active Directory for authentication and access control, meeting high availability through multi-AZ replication. A) EFS supports NFS/SMB with AD integration limited; but not native Windows AD integration for SharePoint workloads. B) Storage Gateway file gateway in two AZs provides SMB access but uses on-prem gateway model and may add complexity; not as seamless as managed FSx for Windows with AD. C) S3 with Windows mounting is not a native Windows file system and lacks integrated AD authentication. D) FSx for Windows File Server directly satisfies Windows-based file shares with AD integration and high availability.



An image-processing company has a web application that users use to upload images. The application uploads the images into an Amazon S3 bucket. The company has set up S3 event notifications to publish the object creation events to an Amazon Simple Queue Service (Amazon SQS) standard queue. The SQS queue serves as the event source for an AWS Lambda function that processes the images and sends the results to users through email.
Users report that they are receiving multiple email messages for every uploaded image. A solutions architect determines that SQS messages are invoking the Lambda function more than once, resulting in multiple email messages.
What should the solutions architect do to resolve this issue with the LEAST operational overhead?

  1. Set up long polling in the SQS queue by increasing the ReceiveMessage wait time to 30 seconds.
  2. Change the SQS standard queue to an SQS FIFO queue. Use the message deduplication ID to discard duplicate messages.
  3. Increase the visibility timeout in the SQS queue to a value that is greater than the total of the function timeout and the batch window timeout.
  4. Modify the Lambda function to delete each message from the SQS queue immediately after the message is read before processing.

Answer(s): C

Explanation:

The correct answer is C. Increasing the SQS queue visibility timeout to exceed the sum of the Lambda function timeout and batch window ensures that a message is not picked up again while still being processed, preventing duplicate Lambda executions and hence duplicate emails. A) Long polling reduces empty receives but does not prevent concurrent processing or duplicate invocations. B) Switching to FIFO with deduplication is unnecessary overhead for this issue and standard SQS already supports at-least-once delivery with potential duplicates; deduplication is time-based and not for idempotency of processing. D) Deleting messages before processing risks losing messages if processing fails, causing data loss and retries.



A company is implementing a shared storage solution for a gaming application that is hosted in an on-premises data center. The company needs the ability to use Lustre clients to access data. The solution must be fully managed.
Which solution meets these requirements?

  1. Create an AWS Storage Gateway file gateway. Create a file share that uses the required client protocol. Connect the application server to the file share.
  2. Create an Amazon EC2 Windows instance. Install and configure a Windows file share role on the instance. Connect the application server to the file share.
  3. Create an Amazon Elastic File System (Amazon EFS) file system, and configure it to support Lustre. Attach the file system to the origin server. Connect the application server to the file system.
  4. Create an Amazon FSx for Lustre file system. Attach the file system to the origin server. Connect the application server to the file system.

Answer(s): D

Explanation:

The correct answer is D.
D) FSx for Lustre provides a fully managed Lustre file system that can be mounted by Lustre clients, meeting the Lustre access and fully managed requirements.
A) Storage Gateway file gateway is not Lustre native and does not provide Lustre client access; it’s for NFS/SMB interfaces to on-prem apps.
B) An EC2 Windows instance is not fully managed and does not deliver a managed Lustre service.
C) EFS can be used for POSIX but does not support Lustre and is not Lustre-compatible.



A company's containerized application runs on an Amazon EC2 instance. The application needs to download security certificates before it can communicate with other business applications. The company wants a highly secure solution to encrypt and decrypt the certificates in near real time. The solution also needs to store data in highly available storage after the data is encrypted.
Which solution will meet these requirements with the LEAST operational overhead?

  1. Create AWS Secrets Manager secrets for encrypted certificates. Manually update the certificates as needed. Control access to the data by using fine-grained IAM access.
  2. Create an AWS Lambda function that uses the Python cryptography library to receive and perform encryption operations. Store the function in an Amazon S3 bucket.
  3. Create an AWS Key Management Service (AWS KMS) customer managed key. Allow the EC2 role to use the KMS key for encryption operations. Store the encrypted data on Amazon S3.
  4. Create an AWS Key Management Service (AWS KMS) customer managed key. Allow the EC2 role to use the KMS key for encryption operations. Store the encrypted data on Amazon Elastic Block Store (Amazon EBS) volumes.

Answer(s): C

Explanation:

The correct answer is C.
A) Secrets Manager adds management overhead for rotating and storing certificates; not as streamlined for near real-time encryption/decryption with EC2 workloads as using KMS. B) A Lambda-based approach increases latency and operational complexity; storing code and managing cryptography locally is less robust than using KMS. C) Uses a KMS customer-managed key with EC2 IAM for on-demand encryption/decryption, and stores encrypted data in S3 for highly available, durable object storage, meeting near real-time needs with minimal ops. D) Storing encrypted data on EBS ties data lifecycle to a single EC2 instance and reduces persistence and availability compared with S3’s object storage.



A solutions architect is designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability. An internet gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon EC2 instances to download software updates.
What should the solutions architect do to enable Internet access for the private subnets?

  1. Create three NAT gateways, one for each public subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT gateway in its AZ.
  2. Create three NAT instances, one for each private subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ.
  3. Create a second internet gateway on one of the private subnets. Update the route table for the private subnets that forward non-VPC traffic to the private internet gateway.
  4. Create an egress-only internet gateway on one of the public subnets. Update the route table for the private subnets that forward non-VPC traffic to the egress-only Internet gateway.

Answer(s): A

Explanation:

Public subnets use an Internet Gateway; private subnets require outbound internet access via NAT. A correctly implements NAT in each AZ to preserve HA: three NAT gateways in public subnets, with private subnets’ route tables directing non-VPC traffic to the NAT gateway in the same AZ. This provides scalable, managed NAT with high availability.
A) Correct: per-AZ NAT gateways ensure private subnets can reach the internet for updates while remaining non-routable from the internet.
B) NAT instances are self-managed and require maintenance; using three adds operational overhead and single AZ failure risk.
C) A second internet gateway is not supported; private subnets cannot route to an Internet Gateway directly.
D) Egress-only gateways are for IPv6; private IPv4 traffic cannot rely on this for general internet egress.



A company wants to migrate an on-premises data center to AWS. The data center hosts an SFTP server that stores its data on an NFS-based file system. The server holds 200 GB of data that needs to be transferred. The server must be hosted on an Amazon EC2 instance that uses an Amazon Elastic File System (Amazon EFS) file system.
Which combination of steps should a solutions architect take to automate this task? (Choose two.)

  1. Launch the EC2 instance into the same Availability Zone as the EFS file system.
  2. Install an AWS DataSync agent in the on-premises data center.
  3. Create a secondary Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instance for the data.
  4. Manually use an operating system copy command to push the data to the EC2 instance.
  5. Use AWS DataSync to create a suitable location configuration for the on-premises SFTP server.

Answer(s): B,E

Explanation:

DataSync provides a scalable, automated method to transfer on-premises data to an EFS-backed EC2 environment, and setting up the on-premises DataSync agent enables this integration and migration.
A) Wrong: EC2 and EFS do not require being in the same AZ for DataSync; EFS is accessible across AZs within the same region, and this is not a distinct migration requirement.
B) Correct: Installing a DataSync agent in the on-premises data center enables discovery and transfer to the target EFS through DataSync.
C) Wrong: Using a secondary EBS volume on the EC2 instance adds management overhead and is unnecessary when targeting EFS via DataSync.
D) Wrong: Manual OS copy is non-automated and error-prone, not suitable for automated migration at scale.
E) Correct: DataSync can configure a location for the on-premises SFTP data source, enabling automated transfer to EFS-backed storage.



A company has an AWS Glue extract, transform, and load (ETL) job that runs every day at the same time. The job processes XML data that is in an Amazon S3 bucket. New data is added to the S3 bucket every day. A solutions architect notices that AWS Glue is processing all the data during each run.
What should the solutions architect do to prevent AWS Glue from reprocessing old data?

  1. Edit the job to use job bookmarks.
  2. Edit the job to delete data after the data is processed.
  3. Edit the job by setting the NumberOfWorkers field to 1.
  4. Use a FindMatches machine learning (ML) transform.

Answer(s): A

Explanation:

The correct answer is A. AWS Glue job bookmarks track processed data and only process new or changed records in subsequent runs, preventing reprocessing of old XML data when the job runs on a fixed schedule.
B is incorrect because deleting processed data is destructive and not a recommended ETL pattern; it would remove data rather than control reprocessing.
C is incorrect because NumberOfWorkers only affects throughput and parallelism, not whether previously processed data is re-read.
D is incorrect because FindMatches ML transform is for deduplication or relationship finding, not for preventing reprocessing of previously processed data.



A solutions architect must design a highly available infrastructure for a website. The website is powered by Windows web servers that run on Amazon EC2 instances. The solutions architect must implement a solution that can mitigate a large-scale DDoS attack that originates from thousands of IP addresses. Downtime is not acceptable for the website.
Which actions should the solutions architect take to protect the website from such an attack? (Choose two.)

  1. Use AWS Shield Advanced to stop the DDoS attack.
  2. Configure Amazon GuardDuty to automatically block the attackers.
  3. Configure the website to use Amazon CloudFront for both static and dynamic content.
  4. Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.
  5. Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization.

Answer(s): A,C

Explanation:

Amazon CloudFront and Shield Advanced provide scalable, at-edge DDoS protection and caching that mitigate large-scale attacks with minimal downtime. A) Shield Advanced offers DDoS detection and mitigation for AWS resources, suitable for high-traffic, volumetric attacks. C) CloudFront distributes traffic, accelerates content, and absorbs/mitigates DDoS at edge, protecting origin. B) GuardDuty is a threat detection service, not an automatic blocker for inbound traffic. D) Dynamically updating VPC NACLs via Lambda is risky, brittle, and not scalable for large, rapid DDoS. E) Spot Instances don’t address DDoS mitigation and can undermine availability.



Viewing page 13 of 129

Share your comments for Amazon AWS Certified Solutions Architect - Associate SAA-C03 exam with other users:

A
Amitabha Roy
10/5/2023 3:16:00 AM

planning to attempt for the exam.

Anonymous
AI Tutor 👋 I’m here to help!