Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Amazon
  3. AWS Certified Solutions Architect - Associate SAA-C03

Amazon AWS Certified Solutions Architect - Associate SAA-C03 AWS Certified Solutions Architect - Associate SAA-C03 Exam Questions in PDF

Free Amazon AWS Certified Solutions Architect - Associate SAA-C03 Dumps Questions (page: 23)

AWS Certified Solutions Architect - Associate SAA-C03 PDF — 903 Questions

An entertainment company is using Amazon DynamoDB to store media metadata. The application is read intensive and experiencing delays. The company does not have staff to handle additional operational overhead and needs to improve the performance efficiency of DynamoDB without reconfiguring the application.
What should a solutions architect recommend to meet this requirement?

  1. Use Amazon ElastiCache for Redis.
  2. Use Amazon DynamoDB Accelerator (DAX).
  3. Replicate data by using DynamoDB global tables.
  4. Use Amazon ElastiCache for Memcached with Auto Discovery enabled.

Answer(s): B

Explanation:

D
A) Incorrect: ElastiCache adds a caching layer but requires application or integration changes unless using a compatible data access pattern; DAX is purpose-built for DynamoDB with seamless integration.
B) Correct: DynamoDB Accelerator (DAX) provides in-memory caching for DynamoDB with zero code changes and transparent reads, reducing latency for read-heavy workloads.
C) Incorrect: Global tables offer multi-region replication for availability and write/read scalability, not latency optimization for a single-region read-heavy workload; it doesn’t address read latency via caching.
D) Incorrect: ElastiCache for Memcached with Auto Discovery is a generic cache, but requires more integration effort and does not offer DynamoDB-specific seamless read-path acceleration like DAX.



A company’s infrastructure consists of Amazon EC2 instances and an Amazon RDS DB instance in a single AWS Region. The company wants to back up its data in a separate Region.
Which solution will meet these requirements with the LEAST operational overhead?

  1. Use AWS Backup to copy EC2 backups and RDS backups to the separate Region.
  2. Use Amazon Data Lifecycle Manager (Amazon DLM) to copy EC2 backups and RDS backups to the separate Region.
  3. Create Amazon Machine Images (AMIs) of the EC2 instances. Copy the AMIs to the separate Region. Create a read replica for the RDS DB instance in the separate Region.
  4. Create Amazon Elastic Block Store (Amazon EBS) snapshots. Copy the EBS snapshots to the separate Region. Create RDS snapshots. Export the RDS snapshots to Amazon S3. Configure S3 Cross-Region Replication (CRR) to the separate Region.

Answer(s): A

Explanation:

AWS Backup provides centralized, automated cross-region backups for both EC2 (AMI/volume data via backup vaults) and RDS with minimal operator effort, meeting the requirement with least overhead. A) consolidates backup scheduling, lifecycle policies, and cross-region replication in one service across EC2 and RDS.
B) DLM only covers EC2 backups; it does not natively manage RDS backups cross-region at the same operational level, increasing complexity.
C) AMIs plus cross-region copy require manual consistency for RDS and the read replica approach does not provide equivalent cross-region RDS backup coverage or automated lifecycle.
D) EBS snapshots and RDS snapshots with CRR adds multiple steps and monitoring, increasing operational overhead without an integrated cross-region backup solution.



A solutions architect needs to securely store a database user name and password that an application uses to access an Amazon RDS DB instance. The application that accesses the database runs on an Amazon EC2 instance. The solutions architect wants to create a secure parameter in AWS Systems Manager Parameter Store.
What should the solutions architect do to meet this requirement?

  1. Create an IAM role that has read access to the Parameter Store parameter. Allow Decrypt access to an AWS Key Management Service (AWS KMS) key that is used to encrypt the parameter. Assign this IAM role to the EC2 instance.
  2. Create an IAM policy that allows read access to the Parameter Store parameter. Allow Decrypt access to an AWS Key Management Service (AWS KMS) key that is used to encrypt the parameter. Assign this IAM policy to the EC2 instance.
  3. Create an IAM trust relationship between the Parameter Store parameter and the EC2 instance. Specify Amazon RDS as a principal in the trust policy.
  4. Create an IAM trust relationship between the DB instance and the EC2 instance. Specify Systems Manager as a principal in the trust policy.

Answer(s): A

Explanation:

A) Correct. Attach an IAM role to the EC2 instance that grants read access to the Parameter Store parameter and allows decrypt via the KMS key used to encrypt the parameter. This enables the application to securely retrieve the SecureString value at runtime without embedding credentials.
B) Incorrect. IAM policies grant permissions, but the secure practice is to use an instance IAM role attached to EC2 for credential retrieval; a policy alone on the instance is insufficient unless it’s attached to a role.
C) Incorrect. Parameter Store access is controlled via IAM roles/policies, not a trust relationship between the parameter and the EC2 instance; trust policies do not apply to Parameter Store.
D) Incorrect. Trust relationships are between principals for assuming roles; Systems Manager or DB instance do not require a trust with the EC2 instance for Parameter Store access.



A company is designing a cloud communications platform that is driven by APIs. The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB). The company uses Amazon API Gateway to provide external users with access to the application through APIs. The company wants to protect the platform against web exploits like SQL injection and also wants to detect and mitigate large, sophisticated DDoS attacks.
Which combination of solutions provides the MOST protection? (Choose two.)

  1. Use AWS WAF to protect the NLB.
  2. Use AWS Shield Advanced with the NL
  3. Use AWS WAF to protect Amazon API Gateway.
  4. Use Amazon GuardDuty with AWS Shield Standard
  5. Use AWS Shield Standard with Amazon API Gateway.

Answer(s): B,C

Explanation:

AWS Shield Advanced with the NLB provides enhanced DDoS protection and DDoS cost protection; AWS WAF on API Gateway protects against web exploits like SQLi and can be tied to API Gateway for external API access, giving both web ACL filtering and protection for API endpoints. A) WAF on NLB is not supported (WAF integrates with CloudFront, ALB, and API Gateway, not NLB). C) WAF on API Gateway is valid for filtering API requests. D) GuardDuty is a threat-detection service, not a DDoS mitigation or web ACL protection. E) Shield Standard lacks advanced protections and is insufficient for API Gateway-specific WAF rules. Correct: B and C.



A company has a legacy data processing application that runs on Amazon EC2 instances. Data is processed sequentially, but the order of results does not matter. The application uses a monolithic architecture. The only way that the company can scale the application to meet increased demand is to increase the size of the instances.
The company’s developers have decided to rewrite the application to use a microservices architecture on Amazon Elastic Container Service (Amazon ECS).
What should a solutions architect recommend for communication between the microservices?

  1. Create an Amazon Simple Queue Service (Amazon SQS) queue. Add code to the data producers, and send data to the queue. Add code to the data consumers to process data from the queue.
  2. Create an Amazon Simple Notification Service (Amazon SNS) topic. Add code to the data producers, and publish notifications to the topic. Add code to the data consumers to subscribe to the topic.
  3. Create an AWS Lambda function to pass messages. Add code to the data producers to call the Lambda function with a data object. Add code to the data consumers to receive a data object that is passed from the Lambda function.
  4. Create an Amazon DynamoDB table. Enable DynamoDB Streams. Add code to the data producers to insert data into the table. Add code to the data consumers to use the DynamoDB Streams API to detect new table entries and retrieve the data.

Answer(s): A

Explanation:

A) SQS is appropriate for decoupled, asynchronous communication between microservices with asynchronous processing and fault tolerance; producers send messages to the queue and consumers poll/consume, enabling scalable, independent processing.
B) SNS delivers pub/sub notifications but is best for fan-out to multiple subscribers and real-time alerts, not for buffered, reliable work queues required by sequential processing with independent workers.
C) Lambda-based pass-through adds invocation overhead and tight coupling; not suitable for long-running, scalable microservice workflows or backpressure handling.
D) DynamoDB Streams provide event data, but using a database-centric queue introduces complexity and coupling; SQS is the standard managed queue for decoupled microservices.



A company wants to migrate its MySQL database from on premises to AWS. The company recently experienced a database outage that significantly impacted the business. To ensure this does not happen again, the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes.
Which solution meets these requirements?

  1. Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones.
  2. Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data.
  3. Create an Amazon RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data.
  4. Create an Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance.

Answer(s): B

Explanation:

S) B) is correct because RDS MySQL with Multi-AZ provides synchronous replication to a standby in a separate Availability Zone, delivering high availability and data durability with automatic failover during outages, minimizing data loss.
A) Synchronous replication to three nodes in three AZs is not how RDS implements Multi-AZ; RDS provides one primary and one synchronous standby per Multi-AZ deployment, not three active nodes.
C) Read replicas are asynchronous and intended for offloading reads; they do not provide synchronous data protection for failover or data durability in a single-Region scenario.
D) EC2-based replication introduces complexity and lacks managed Multi-AZ failover and automatic recovery guarantees.



A company is building a new dynamic ordering website. The company wants to minimize server maintenance and patching. The website must be highly available and must scale read and write capacity as quickly as possible to meet changes in user demand.
Which solution will meet these requirements?

  1. Host static content in Amazon S3. Host dynamic content by using Amazon API Gateway and AWS Lambda. Use Amazon DynamoDB with on-demand capacity for the database. Configure Amazon CloudFront to deliver the website content.
  2. Host static content in Amazon S3. Host dynamic content by using Amazon API Gateway and AWS Lambda. Use Amazon Aurora with Aurora Auto Scaling for the database. Configure Amazon CloudFront to deliver the website content.
  3. Host all the website content on Amazon EC2 instances. Create an Auto Scaling group to scale the EC2 instances. Use an Application Load Balancer to distribute traffic. Use Amazon DynamoDB with provisioned write capacity for the database.
  4. Host all the website content on Amazon EC2 instances. Create an Auto Scaling group to scale the EC2 instances. Use an Application Load Balancer to distribute traffic. Use Amazon Aurora with Aurora Auto Scaling for the database.

Answer(s): A

Explanation:

The correct answer is A. It minimizes maintenance and patching by using serverless components (API Gateway, Lambda) for dynamic logic, on-demand DynamoDB eliminates capacity planning and provisioning, and CloudFront provides caching and global delivery for high availability and fast scaling.
B is incorrect because Aurora Auto Scaling adds database management complexity and is not as seamless as DynamoDB for serverless, on-demand workloads. C and D rely on EC2 and Auto Scaling, which increase maintenance (patching, OS updates) and do not natively scale read/write with minimal admin effort like DynamoDB. DynamoDB (on-demand) offers immediate scalability and low operational overhead for dynamic workloads.



A company has an AWS account used for software engineering. The AWS account has access to the company’s on-premises data center through a pair of AWS Direct Connect connections. All non-VPC traffic routes to the virtual private gateway.
A development team recently created an AWS Lambda function through the console. The development team needs to allow the function to access a database that runs in a private subnet in the company’s data center.
Which solution will meet these requirements?

  1. Configure the Lambda function to run in the VPC with the appropriate security group.
  2. Set up a VPN connection from AWS to the data center. Route the traffic from the Lambda function through the VPN.
  3. Update the route tables in the VPC to allow the Lambda function to access the on-premises data center through Direct Connect.
  4. Create an Elastic IP address. Configure the Lambda function to send traffic through the Elastic IP address without an elastic network interface.

Answer(s): A

Explanation:

A) Lambda must be associated with the VPC and use security groups to access resources in the on-premises network through Direct Connect. Placing the function in the VPC enables its ENIs to use private subnets and route to on-prem via the existing Direct Connect connection and VGW.
B is incorrect because a VPN connection is unnecessary when Direct Connect already provides private connectivity; Lambda access should use the VPC routing, not a separate VPN.
C is incorrect because Direct Connect route tables are for VPC on-prem traffic, but Lambda functions require VPC placement and ENIs to access private subnets, not manual route edits.
D is incorrect because Elastic IPs apply to EC2; Lambda requires VPC ENIs for private network access, not outbound IP binding through an EIP.



Viewing page 23 of 129

Share your comments for Amazon AWS Certified Solutions Architect - Associate SAA-C03 exam with other users:

A
Amitabha Roy
10/5/2023 3:16:00 AM

planning to attempt for the exam.

Anonymous
AI Tutor 👋 I’m here to help!