Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Amazon
  3. AWS Certified Solutions Architect - Associate

Amazon AWS Certified Solutions Architect - Associate SAA-C03 AWS Certified Solutions Architect - Associate Exam Questions in PDF

Free Amazon AWS Certified Solutions Architect - Associate Dumps Questions (page: 14)

AWS Certified Solutions Architect - Associate PDF — 903 Questions

A company is preparing to deploy a new serverless workload. A solutions architect must use the principle of least privilege to configure permissions that will be used to run an AWS Lambda function. An Amazon EventBridge (Amazon CloudWatch Events) rule will invoke the function.
Which solution meets these requirements?

  1. Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal.
  2. Add an execution role to the function with lambda:InvokeFunction as the action and Service: lambda.amazonaws.com as the principal.
  3. Add a resource-based policy to the function with lambda:* as the action and Service: events.amazonaws.com as the principal.
  4. Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service: events.amazonaws.com as the principal.

Answer(s): D

Explanation:

EventBridge should be allowed to invoke the Lambda function via a resource-based policy granting lambda:InvokeFunction to the events.amazonaws.com principal.
A) Incorrect: granting a Lambda execution role with lambda:InvokeFunction to * principal is not valid for a function invocation by EventBridge and risks broad, unintended access; use a resource-based policy for cross-service invocation.
B) Incorrect: associating the function’s execution role does not grant EventBridge permission to invoke; invocation must be allowed by a resource-based policy.
C) Incorrect: resource-based policy with lambda:* on events.amazonaws.com is overly broad and violates least privilege; restrict to InvokeFunction.
D) Correct: resource-based policy limiting to lambda:InvokeFunction for events.amazonaws.com grants only required permission for EventBridge to invoke the function.



A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year.
Which solution meets these requirements and is the MOST operationally efficient?

  1. Server-side encryption with customer-provided keys (SSE-C)
  2. Server-side encryption with Amazon S3 managed keys (SSE-S3)
  3. Server-side encryption with AWS KMS keys (SSE-KMS) with manual rotation
  4. Server-side encryption with AWS KMS keys (SSE-KMS) with automatic rotation

Answer(s): D

Explanation:

The correct answer is D. SSE-KMS with automatic rotation meets at-rest encryption, enables detailed usage logging via AWS CloudTrail for KMS key usage, and provides automatic annual key rotation to satisfy rotation requirements with minimal operational overhead.
A is SSE-C: client-side keys not logged by AWS and does not integrate with AWS KMS auditing; not suitable for centralized auditing.
B is SSE-S3: uses S3-managed keys; lacks customer-controlled key rotation auditing and detailed KMS usage logs.
C uses SSE-KMS but requires manual rotation, increasing operational overhead and potential misconfigurations.



A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours. The company wants to use these data points in its existing analytics platform. A solutions architect must determine the most viable multi-tier option to support this architecture. The data points must be accessible from the REST API.
Which action meets these requirements for storing and retrieving location data?

  1. Use Amazon Athena with Amazon S3.
  2. Use Amazon API Gateway with AWS Lambda.
  3. Use Amazon QuickSight with Amazon Redshift.
  4. Use Amazon API Gateway with Amazon Kinesis Data Analytics.

Answer(s): B

Explanation:

A) Correct answer: B) API Gateway with Lambda enables a REST API front end (REST API) that can ingest and route location data to a scalable backend, such as a data store or streaming service, fitting a multi-tier architecture and real-time data capture for analytics.
B) Incorrect: A) Athena with S3 is analytics-driven and not a REST API front end; data is queried, not ingested via a REST endpoint.
C) Incorrect: QuickSight with Redshift is for visualization and data warehousing, not data collection through a REST API.
D) Incorrect: API Gateway with Kinesis Data Analytics could ingest via API, but Kinesis Analytics is for stream processing, whereas the typical pattern here emphasizes data capture and storage for analytics via a backend data store.



A company has an automobile sales website that stores its listings in a database on Amazon RDS. When an automobile is sold, the listing needs to be removed from the website and the data must be sent to multiple target systems.
Which design should a solutions architect recommend?

  1. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) queue for the targets to consume.
  2. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume.
  3. Subscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics. Use AWS Lambda functions to update the targets.
  4. Subscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues. Use AWS Lambda functions to update the targets.

Answer(s): A

Explanation:

A) The correct option uses an event-driven pattern: RDS updates trigger a Lambda that enqueues a standard SQS queue, allowing multiple targets to independently poll and process the deletion data, decoupling systems and ensuring reliable delivery. B) FIFO queue is unnecessary unless strict ordering and exactly-once processing are required; complex deduplication and throughput limits may complicate processing. C) RDS event notifications are limited and fan-out via SNS then Lambda adds extra hops and potential delay; not as direct for decoupled, scalable consumption. D) SNS to multiple SQS queues adds unnecessary fan-out and management; standard SQS from Lambda provides simpler consumption by targets.



A company needs to store data in Amazon S3 and must prevent the data from being changed. The company wants new objects that are uploaded to Amazon S3 to remain unchangeable for a nonspecific amount of time until the company decides to modify the objects. Only specific users in the company's AWS account can have the ability 10 delete the objects.
What should a solutions architect do to meet these requirements?

  1. Create an S3 Glacier vault. Apply a write-once, read-many (WORM) vault lock policy to the objects.
  2. Create an S3 bucket with S3 Object Lock enabled. Enable versioning. Set a retention period of 100 years. Use governance mode as the S3 bucket’s default retention mode for new objects.
  3. Create an S3 bucket. Use AWS CloudTrail to track any S3 API events that modify the objects. Upon notification, restore the modified objects from any backup versions that the company has.
  4. Create an S3 bucket with S3 Object Lock enabled. Enable versioning. Add a legal hold to the objects. Add the s3:PutObjectLegalHold permission to the IAM policies of users who need to delete the objects.

Answer(s): D

Explanation:

S3 Object Lock with versioning and a legal hold ensures objects cannot be deleted or overwritten until the hold is released, while granting delete permissions only to specific users via IAM. This satisfies immutability for new uploads and controlled deletion.
A) S3 Glacier vault with WORM is incorrect because Glacier vaults are for archival storage with different retention mechanisms and not directly integrated with per-object delete permissions in S3.
B) S3 Object Lock with governance mode and a 100-year retention makes objects immutable by default but does not specify per-user delete permission scopes via IAM; legal hold is needed for flexible deletion control.
C) CloudTrail logging and restore from backups do not prevent deletion or modification; they only provide audit and recovery, not enforce immutability.
D) Correct: enables Object Lock, versioning, and legal holds with targeted IAM permission for deletes.



A social media company allows users to upload images to its website. The website runs on Amazon EC2 instances. During upload requests, the website resizes the images to a standard size and stores the resized images in Amazon S3. Users are experiencing slow upload requests to the website.
The company needs to reduce coupling within the application and improve website performance. A solutions architect must design the most operationally efficient process for image uploads.
Which combination of actions should the solutions architect take to meet these requirements? (Choose two.)

  1. Configure the application to upload images to S3 Glacier.
  2. Configure the web server to upload the original images to Amazon S3.
  3. Configure the application to upload images directly from each user's browser to Amazon S3 through the use of a presigned URL
  4. Configure S3 Event Notifications to invoke an AWS Lambda function when an image is uploaded. Use the function to resize the image.
  5. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function on a schedule to resize uploaded images.

Answer(s): B,D

Explanation:

The correct combination B and D enables decoupling and improves performance: B lets the web server upload originals directly to S3, reducing EC2 processing and network load on the app server. D uses S3 Event Notifications to trigger a Lambda function to resize, providing automatic, scalable image processing without maintaining servers. A is incorrect because Glacier is cold storage and not suitable for active uploads. C is plausible but introduces complexity with presigned URLs and browser-side uploads, which can complicate validation and security and may not reduce server load as effectively. E is incorrect because a scheduled resize cannot respond promptly to new uploads.



A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The company wants this application to be highly available with low operational complexity.
Which architecture offers the HIGHEST availability?

  1. Add a second ActiveMQ server to another Availability Zone. Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone.
  2. Use Amazon MQ with active/standby brokers configured across two Availability Zones. Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone.
  3. Use Amazon MQ with active/standby brokers configured across two Availability Zones. Add an additional consumer EC2 instance in another Availability Zone. Use Amazon RDS for MySQL with Multi-AZ enabled.
  4. Use Amazon MQ with active/standby brokers configured across two Availability Zones. Add an Auto Scaling group for the consumer EC2 instances across two Availability Zones. Use Amazon RDS for MySQL with Multi-AZ enabled.

Answer(s): D

Explanation:

Amazon MQ with active/standby across two AZs plus an Auto Scaling group for consumer EC2 instances across two AZs and Multi-AZ RDS provide built-in high availability for broker, compute, and database with fault tolerance and automatic recovery, reducing operational complexity.
A) Requires manual broker and DB replication across AZs; higher complexity and potential single points.
B) Adds MQ and consumer but still relies on EC2 MySQL; no managed DB high availability, increasing ops.
C) Adds Multi-AZ RDS but keeps manual EC2 MySQL; partial HA and more management of DB.
D) Provides fully managed, HA architecture across layers with Auto Scaling and Multi-AZ RDS, minimizing maintenance and ensuring failover.



A company hosts a containerized web application on a fleet of on-premises servers that process incoming requests. The number of requests is growing quickly. The on-premises servers cannot handle the increased number of requests. The company wants to move the application to AWS with minimum code changes and minimum development effort.
Which solution will meet these requirements with the LEAST operational overhead?

  1. Use AWS Fargate on Amazon Elastic Container Service (Amazon ECS) to run the containerized web application with Service Auto Scaling. Use an Application Load Balancer to distribute the incoming requests.
  2. Use two Amazon EC2 instances to host the containerized web application. Use an Application Load Balancer to distribute the incoming requests.
  3. Use AWS Lambda with a new code that uses one of the supported languages. Create multiple Lambda functions to support the load. Use Amazon API Gateway as an entry point to the Lambda functions.
  4. Use a high performance computing (HPC) solution such as AWS ParallelCluster to establish an HPC cluster that can process the incoming requests at the appropriate scale.

Answer(s): A

Explanation:

AWS Fargate with ECS and Service Auto Scaling minimizes operational overhead by running containerized workloads without managing servers, while an Application Load Balancer elastically distributes traffic.
A) Correct: Fargate eliminates server provisioning and management; ECS handles container orchestration; Auto Scaling adapts to demand; ALB provides Layer 7 routing for HTTP(S).
B) Requires managing EC2 instances and capacity planning; more maintenance than Fargate; scaling must be handled at OS/container level.
C) Lambda introduces new code and stateless function approach; not optimal for long-running containerized web apps or existing architecture; API Gateway adds management overhead.
D) HPC clusters are inappropriate for web request scaling; intended for compute-heavy batch workloads; high operational overhead.



Viewing page 14 of 129

Share your comments for Amazon AWS Certified Solutions Architect - Associate exam with other users:

V
Vavz
11/2/2023 6:51:00 AM

questions are accurate

Anonymous
S
Su
11/23/2023 4:34:00 AM

i need questions/dumps for this exam.

Anonymous
L
LuvSN
7/16/2023 11:19:00 AM

i need this exam, when will it be uploaded

ROMANIA
M
Mihai
7/19/2023 12:03:00 PM

i need the dumps !

Anonymous
W
Wafa
11/13/2023 3:06:00 AM

very helpful

Anonymous
A
Alokit
7/3/2023 2:13:00 PM

good source

Anonymous
S
Show-Stopper
7/27/2022 11:19:00 PM

my 3rd test and passed on first try. hats off to this brain dumps site.

UNITED STATES
M
Michelle
6/23/2023 4:06:00 AM

please upload it

Anonymous
L
Lele
11/20/2023 11:55:00 AM

does anybody know if are these real exam questions?

EUROPEAN UNION
G
Girish Jain
10/9/2023 12:01:00 PM

are these questions similar to actual questions in the exam? because they seem to be too easy

Anonymous
P
Phil
12/8/2022 11:16:00 PM

i have a lot of experience but what comes in the exam is totally different from the practical day to day tasks. so i thought i would rather rely on these brain dumps rather failing the exam.

GERMANY
B
BV
6/8/2023 4:35:00 AM

good questions

NETHERLANDS
K
krishna
12/19/2023 2:05:00 AM

valied exam dumps. they were very helpful and i got a pretty good score. i am very grateful for this service and exam questions

Anonymous
P
Pie
9/3/2023 4:56:00 AM

will it help?

INDIA
L
Lucio
10/6/2023 1:45:00 PM

very useful to verify knowledge before exam

POLAND
A
Ajay
5/17/2023 4:54:00 AM

good stuffs

Anonymous
T
TestPD1
8/10/2023 12:19:00 PM

question 17 : responses arent b and c ?

EUROPEAN UNION
N
Nhlanhla
12/13/2023 5:26:00 AM

just passed the exam on my first try using these dumps.

Anonymous
R
Rizwan
1/6/2024 2:18:00 AM

very helpful

INDIA
Y
Yady
5/24/2023 10:40:00 PM

these questions look good.

SINGAPORE
K
Kettie
10/12/2023 1:18:00 AM

this is very helpful content

Anonymous
S
SB
7/21/2023 3:18:00 AM

please provide the dumps

UNITED STATES
D
David
8/2/2023 8:20:00 AM

it is amazing

Anonymous
U
User
8/3/2023 3:32:00 AM

quesion 178 about "a banking system that predicts whether a loan will be repaid is an example of the" the answer is classification. not regresion, you should fix it.

EUROPEAN UNION
Q
quen
7/26/2023 10:39:00 AM

please upload apache spark dumps

Anonymous
E
Erineo
11/2/2023 5:34:00 PM

q14 is b&c to reduce you will switch off mail for every single alert and you will switch on daily digest to get a mail once per day, you might even skip the empty digest mail but i see this as a part of the daily digest adjustment

Anonymous
P
Paul
10/21/2023 8:25:00 AM

i think it is good question

Anonymous
U
Unknown
8/15/2023 5:09:00 AM

good for students who wish to give certification.

INDIA
C
Ch
11/20/2023 10:56:00 PM

is there a google drive link to the images? the links in questions are not working.

AUSTRALIA
J
Joey
5/16/2023 5:25:00 AM

very promising, looks great, so much wow!

Anonymous
A
alaska
10/24/2023 5:48:00 AM

i scored 87% on the az-204 exam. thanks! i always trust

GERMANY
N
nnn
7/9/2023 11:09:00 PM

good need more

Anonymous
U
User-sfdc
12/29/2023 7:21:00 AM

sample questions seems good

Anonymous
T
Tamer dam
8/4/2023 10:21:00 AM

huawei is ok

UNITED STATES
AI Tutor 👋 I’m here to help!