Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Amazon
  3. AWS Certified Solutions Architect - Associate SAA-C03

Amazon AWS Certified Solutions Architect - Associate SAA-C03 AWS Certified Solutions Architect - Associate SAA-C03 Exam Questions in PDF

Free Amazon AWS Certified Solutions Architect - Associate SAA-C03 Dumps Questions (page: 15)

AWS Certified Solutions Architect - Associate SAA-C03 PDF — 903 Questions

A company uses 50 TB of data for reporting. The company wants to move this data from on premises to AWS. A custom application in the company’s data center runs a weekly data transformation job. The company plans to pause the application until the data transfer is complete and needs to begin the transfer process as soon as possible.
The data center does not have any available network bandwidth for additional workloads. A solutions architect must transfer the data and must configure the transformation job to continue to run in the AWS Cloud.
Which solution will meet these requirements with the LEAST operational overhead?

  1. Use AWS DataSync to move the data. Create a custom transformation job by using AWS Glue.
  2. Order an AWS Snowcone device to move the data. Deploy the transformation application to the device.
  3. Order an AWS Snowball Edge Storage Optimized device. Copy the data to the device. Create a custom transformation job by using AWS Glue.
  4. Order an AWS Snowball Edge Storage Optimized device that includes Amazon EC2 compute. Copy the data to the device. Create a new EC2 instance on AWS to run the transformation application.

Answer(s): C

Explanation:

The correct answer is C. Snowball Edge Storage Optimized can ship large data (50 TB) offline, copy data locally, and includes edge compute to run a custom transformation during transfer, enabling the job to continue in AWS with minimal downtime and operational overhead.
A is incorrect because DataSync requires network bandwidth or VPN/direct connect; the premise is no available bandwidth and DataSync plus Glue adds unnecessary data movement steps.
B is incorrect because Snowcone has limited capacity (10 TB) and only edge compute; cannot handle 50 TB.
D is incorrect because using Snowball Edge with EC2 adds more management overhead and a separate AWS EC2 deployment; option C provides integrated storage+compute with lower overhead.



A company has created an image analysis application in which users can upload photos and add photo frames to their images. The users upload images and metadata to indicate which photo frames they want to add to their images. The application uses a single Amazon EC2 instance and Amazon DynamoDB to store the metadata.
The application is becoming more popular, and the number of users is increasing. The company expects the number of concurrent users to vary significantly depending on the time of day and day of week. The company must ensure that the application can scale to meet the needs of the growing user base.
Which solution meats these requirements?

  1. Use AWS Lambda to process the photos. Store the photos and metadata in DynamoDB.
  2. Use Amazon Kinesis Data Firehose to process the photos and to store the photos and metadata.
  3. Use AWS Lambda to process the photos. Store the photos in Amazon S3. Retain DynamoDB to store the metadata.
  4. Increase the number of EC2 instances to three. Use Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volumes to store the photos and metadata.

Answer(s): C

Explanation:

AWS Lambda with S3 for photos and DynamoDB for metadata provides serverless, scalable compute that automatically handles varying concurrent load, eliminating capacity planning for EC2. Storing images in S3 offloads storage, reduces management, and pairs with Lambda event-driven processing to apply frames as requested.
A) Lambda only says store metadata in DynamoDB; lacks explicit photo storage handling via scalable object store.
B) Kinesis Data Firehose is for streaming data delivery, not for on-demand photo processing and metadata association.
D) Scaling EC2 with io2 EBS is manual capacity planning and not as cost-efficient or scalable as serverless options.
C) Correct: Lambda + S3 + DynamoDB delivers scalable, event-driven processing and proper data separation.



A medical records company is hosting an application on Amazon EC2 instances. The application processes customer data files that are stored on Amazon S3. The EC2 instances are hosted in public subnets. The EC2 instances access Amazon S3 over the internet, but they do not require any other network access.
A new requirement mandates that the network traffic for file transfers take a private route and not be sent over the internet.
Which change to the network architecture should a solutions architect recommend to meet this requirement?

  1. Create a NAT gateway. Configure the route table for the public subnets to send traffic to Amazon S3 through the NAT gateway.
  2. Configure the security group for the EC2 instances to restrict outbound traffic so that only traffic to the S3 prefix list is permitted.
  3. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets.
  4. Remove the internet gateway from the VPC. Set up an AWS Direct Connect connection, and route traffic to Amazon S3 over the Direct Connect connection.

Answer(s): C

Explanation:

A solution that ensures private routing to S3 is to place EC2 in private subnets and use a VPC endpoint for S3, associated with the private subnets’ route table. This keeps S3 traffic within the AWS network.
A) NAT gateway would still route via the NAT device over the internet path; not private to S3. B) Restricting SG egress to S3 prefix list does not guarantee private AWS network path or avoid internet egress. D) Direct Connect is unnecessary and costlier; it doesn’t specifically provide S3 private access within VPC unless combined with endpoints, which is not stated. C) correctly enables private connectivity via VPC endpoint.



A company uses a popular content management system (CMS) for its corporate website. However, the required patching and maintenance are burdensome. The company is redesigning its website and wants anew solution. The website will be updated four times a year and does not need to have any dynamic content available. The solution must provide high scalability and enhanced security.
Which combination of changes will meet these requirements with the LEAST operational overhead? (Choose two.)

  1. Configure Amazon CloudFront in front of the website to use HTTPS functionality.
  2. Deploy an AWS WAF web ACL in front of the website to provide HTTPS functionality.
  3. Create and deploy an AWS Lambda function to manage and serve the website content.
  4. Create the new website and an Amazon S3 bucket. Deploy the website on the S3 bucket with static website hosting enabled.
  5. Create the new website. Deploy the website by using an Auto Scaling group of Amazon EC2 instances behind an Application Load Balancer.

Answer(s): A,D

Explanation:

A) Using CloudFront in front of a static site with HTTPS provides global scalability, DDoS protection, and TLS termination with minimal maintenance.
D) Hosting a static website in an S3 bucket with static website hosting meets low operational overhead, high scalability, and security when paired with CloudFront.
B) AWS WAF adds protection but not necessary for HTTPS termination and introduces extra management for this scenario.
C) Lambda-based content hosting is dynamic and adds complexity and overhead for a static site.
E) EC2 with ASG/ALB increases operational burden and maintenance.



A company stores its application logs in an Amazon CloudWatch Logs log group. A new policy requires the company to store all application logs in Amazon OpenSearch Service (Amazon Elasticsearch Service) in near-real time.
Which solution will meet this requirement with the LEAST operational overhead?

  1. Configure a CloudWatch Logs subscription to stream the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).
  2. Create an AWS Lambda function. Use the log group to invoke the function to write the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).
  3. Create an Amazon Kinesis Data Firehose delivery stream. Configure the log group as the delivery streams sources. Configure Amazon OpenSearch Service (Amazon Elasticsearch Service) as the delivery stream's destination.
  4. Install and configure Amazon Kinesis Agent on each application server to deliver the logs to Amazon Kinesis Data Streams. Configure Kinesis Data Streams to deliver the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).

Answer(s): A

Explanation:

CloudWatch Logs subscription to OpenSearch Service provides near-real-time streaming with minimal setup and fully managed integration, meeting the requirement with the least operational overhead.
A) Correct. Direct CloudWatch Logs subscription filter to OpenSearch is a managed, low-maintenance integration that streams logs in near real time without custom code or additional services.
B) Requires custom Lambda code, handling retries, pagination, and scaling; more operational overhead than a managed subscription.
C) Firehose adds an extra managed service layer and configuration, but is heavier than a direct subscription for near-real-time ingestion.
D) Involves deploying agents on every server, managing agents, and scaling the pipeline; highest operational burden.



A company is building a web-based application running on Amazon EC2 instances in multiple Availability Zones. The web application will provide access to a repository of text documents totaling about 900 TB in size. The company anticipates that the web application will experience periods of high demand. A solutions architect must ensure that the storage component for the text documents can scale to meet the demand of the application at all times. The company is concerned about the overall cost of the solution.
Which storage solution meets these requirements MOST cost-effectively?

  1. Amazon Elastic Block Store (Amazon EBS)
  2. Amazon Elastic File System (Amazon EFS)
  3. Amazon OpenSearch Service (Amazon Elasticsearch Service)
  4. Amazon S3

Answer(s): D

Explanation:

Answer: D
S)3 is object storage designed to scale massively with99.99% durability and pay-as-you-go pricing, ideal for 900 TB of documents accessed by a web app across AZs. It requires no provisioning for capacity and supports concurrent access from EC2 instances.
A) EBS is block storage tied to a single AZ and requires provisioning; not cost-effective or scalable across AZs for large, shared data.
B) EFS offers shared file system across instances but is more expensive at very large scale and higher latency than S3 for static document repositories.
C) OpenSearch is a search service, not a durable document store; inappropriate for primary storage.



A global company is using Amazon API Gateway to design REST APIs for its loyalty club users in the us-east-1 Region and the ap-southeast-2 Region. A solutions architect must design a solution to protect these API Gateway managed REST APIs across multiple accounts from SQL injection and cross-site scripting attacks.
Which solution will meet these requirements with the LEAST amount of administrative effort?

  1. Set up AWS WAF in both Regions. Associate Regional web ACLs with an API stage.
  2. Set up AWS Firewall Manager in both Regions. Centrally configure AWS WAF rules.
  3. Set up AWS Shield in bath Regions. Associate Regional web ACLs with an API stage.
  4. Set up AWS Shield in one of the Regions. Associate Regional web ACLs with an API stage.

Answer(s): B

Explanation:

AWS Firewall Manager allows centrally configuring and enforcing WAF rules across multiple accounts and regions, minimizing administrative overhead for protecting API Gateway REST APIs in us-east-1 and ap-southeast-2. This matches the requirement for cross-account, multi-region protection with least admin effort.
A) Requires configuring WAF in each region separately per account; more administrative work than centralized FMS.
C) AWS Shield focuses on DDoS protection, not general WAF rule sets for SQLi/XSS.
D) Shield applies regionally but does not provide centralized multi-account rule management; not optimal for multi-region, multi-account scope.
B) Correct: central, cross-account, multi-region WAF rule enforcement via Firewall Manager.



A company has implemented a self-managed DNS solution on three Amazon EC2 instances behind a Network Load Balancer (NLB) in the us-west-2 Region. Most of the company's users are located in the United States and Europe. The company wants to improve the performance and availability of the solution. The company launches and configures three EC2 instances in the eu-west-1 Region and adds the EC2 instances as targets for a new NLB.
Which solution can the company use to route traffic to all the EC2 instances?

  1. Create an Amazon Route 53 geolocation routing policy to route requests to one of the two NLBs. Create an Amazon CloudFront distribution. Use the Route 53 record as the distribution’s origin.
  2. Create a standard accelerator in AWS Global Accelerator. Create endpoint groups in us-west-2 and eu-west-1. Add the two NLBs as endpoints for the endpoint groups.
  3. Attach Elastic IP addresses to the six EC2 instances. Create an Amazon Route 53 geolocation routing policy to route requests to one of the six EC2 instances. Create an Amazon CloudFront distribution. Use the Route 53 record as the distribution's origin.
  4. Replace the two NLBs with two Application Load Balancers (ALBs). Create an Amazon Route 53 latency routing policy to route requests to one of the two ALBs. Create an Amazon CloudFront distribution. Use the Route 53 record as the distribution’s origin.

Answer(s): B

Explanation:

Route 53 Global Accelerator with endpoint groups in us-west-2 and eu-west-1 provides fast, global, healthy routing to multiple NLBs across regions, improving both performance and availability for users in US/Europe.
A) Geolocation routing to two NLBs plus CloudFront is not optimal for WAN health/latency across regions; CloudFront origin would be regional, not ideal for self-managed DNS behind NLBs.
C) Attaching Elastic IPs to six instances is impractical for multi-region global traffic and lacks health-aware routing; CloudFront origin would still not leverage regional NLB health.
D) Latency routing to ALBs requires replacing NLBs and rerouting; adds unnecessary complexity and does not centralize traffic optimization like Global Accelerator.



Viewing page 15 of 129

Share your comments for Amazon AWS Certified Solutions Architect - Associate SAA-C03 exam with other users:

A
Amitabha Roy
10/5/2023 3:16:00 AM

planning to attempt for the exam.

Anonymous
AI Tutor 👋 I’m here to help!