Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Amazon
  3. AWS Certified Solutions Architect - Associate

Amazon AWS Certified Solutions Architect - Associate SAA-C03 AWS Certified Solutions Architect - Associate Exam Questions in PDF

Free Amazon AWS Certified Solutions Architect - Associate Dumps Questions (page: 16)

AWS Certified Solutions Architect - Associate PDF — 903 Questions

A company is running an online transaction processing (OLTP) workload on AWS. This workload uses an unencrypted Amazon RDS DB instance in a Multi-AZ deployment. Daily database snapshots are taken from this instance.
What should a solutions architect do to ensure the database and snapshots are always encrypted moving forward?

  1. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot.
  2. Create a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the snapshots to it. Enable encryption on the DB instance.
  3. Copy the snapshots and enable encryption using AWS Key Management Service (AWS KMS) Restore encrypted snapshot to an existing DB instance.
  4. Copy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS).

Answer(s): A

Explanation:

Encrypting the latest DB snapshot ensures all future restores originate from an encrypted source, meeting the requirement to have encrypted backups and DB instances moving forward in an OLTP Multi-AZ setup.
A) Correct: Encrypting a copy of the latest DB snapshot and replacing the instance ensures encryption applies to both the snapshot history and the restored instance, satisfying encryption for backups and data at rest.
B) Incorrect: EBS encryption on a new volume does not encrypt existing snapshots or automatically encrypt the RDS automated backups or DB instance storage.
C) Incorrect: You cannot encrypt an existing unencrypted snapshot by copying and enabling encryption to restore into an existing DB instance; encryption must be applied at restore time, not retroactively here.
D) Incorrect: Storing snapshots in S3 with SSE-KMS is not how RDS backups are managed; RDS backups remain within RDS and snapshots are not copied to S3 for encryption.



A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications.
What should a solutions architect do to reduce the operational burden?

  1. Use multi-factor authentication (MFA) to protect the encryption keys.
  2. Use AWS Key Management Service (AWS KMS) to protect the encryption keys.
  3. Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys.
  4. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys.

Answer(s): B

Explanation:

AWS KMS provides a managed, scalable key management service that handles key storage, rotation, policy enforcement, and access control, reducing operational burden for developers. A) MFA protects access but does not reduce management tasks for keys. C) ACM manages certificates, not general data encryption keys for application data. D) IAM policies control permissions but do not reduce key management operations or provide key lifecycle automation. Therefore, B is the correct choice.



A company has a dynamic web application hosted on two Amazon EC2 instances. The company has its own SSL certificate, which is on each instance to perform SSL termination.
There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit.
What should a solutions architect do to increase the application's performance?

  1. Create a new SSL certificate using AWS Certificate Manager (ACM). Install the ACM certificate on each instance.
  2. Create an Amazon S3 bucket Migrate the SSL certificate to the S3 bucket. Configure the EC2 instances to reference the bucket for SSL termination.
  3. Create another EC2 instance as a proxy server. Migrate the SSL certificate to the new instance and configure it to direct connections to the existing EC2 instances.
  4. Import the SSL certificate into AWS Certificate Manager (ACM). Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM.

Answer(s): D

Explanation:

The correct approach offloads SSL termination to a managed service and distributes load via a load balancer, freeing EC2 instances to serve requests. D uses ACM to manage the certificate and an Application Load Balancer with HTTPS listener, performing TLS termination at the ALB and routing to the EC2 fleet, improving scalability and performance.
A is wrong because ACM certificates cannot be installed directly on EC2 to terminate TLS; ACM is for AWS-managed termination at ELB/CloudFront, not manual installation on instances.
B is wrong because S3 is not a web TLS termination target and cannot serve HTTPS for dynamic web traffic; SSL termination would not occur there.
C is wrong because adding a proxy adds another hop and single point of scaling challenges; it does not offload TLS at the edge and is less scalable than an ALB with ACM.



A company has a highly dynamic batch processing job that uses many Amazon EC2 instances to complete it. The job is stateless in nature, can be started and stopped at any given time with no negative impact, and typically takes upwards of 60 minutes total to complete. The company has asked a solutions architect to design a scalable and cost-effective solution that meets the requirements of the job.
What should the solutions architect recommend?

  1. Implement EC2 Spot Instances.
  2. Purchase EC2 Reserved Instances.
  3. Implement EC2 On-Demand Instances.
  4. Implement the processing on AWS Lambda.

Answer(s): A

Explanation:

Spot Instances provide cost savings for a highly dynamic, fault-tolerant batch job that can be started and stopped at any time, with no state. They enable large-scale parallel processing at significantly lower price, suitable for stateless long-running tasks. Reserved Instances are fixed and require commitment, not ideal for dynamic workloads. On-Demand Instances are more expensive for long-running batch without need for flexibility. Lambda is unsuitable for long (60+ minutes) and potentially high-compute workloads due to execution limits and scaling model. Therefore A is correct; B, C, D are not cost- or fit-appropriate.



A company runs its two-tier ecommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2 instances require internet access to complete payment processing of orders through a third-party web service. The application must be highly available.
Which combination of configuration options will meet these requirements? (Choose two.)

  1. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.
  2. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.
  3. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones. Deploy an RDS Multi-AZ DB instance in private subnets.
  4. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnet. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets.

Answer(s): A,D

Explanation:

The correct options ensure HA while keeping DB/EC2 private from the internet and enabling outbound internet access for EC2.
A) EC2 in private subnets with ASG and RDS Multi-AZ in private subnets provides private->private architecture for web tier and resilient database, meeting HA and isolation requirements.
D) VPC with two public subnets, two private subnets, and two NAT gateways across AZs, with an Application Load Balancer in the public subnets, gives internet-facing load balancing for the web tier while backend resources remain private; NAT gateways allow EC2 instances in private subnets to access the internet for payment processing.
B) ALB in private subnets prevents external access to the web tier; but the requirement is a publicly accessible web tier, and two NAT gateways alone do not ensure public ALB placement.
C) EC2 in public subnets exposes instances to the internet; RDS private is fine, but public EC2 undermines the security requirement.



A solutions architect needs to implement a solution to reduce a company's storage costs. All the company's data is in the Amazon S3 Standard storage class. The company must keep all data for at least 25 years. Data from the most recent 2 years must be highly available and immediately retrievable.
Which solution will meet these requirements?

  1. Set up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive immediately.
  2. Set up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 2 years.
  3. Use S3 Intelligent-Tiering. Activate the archiving option to ensure that data is archived in S3 Glacier Deep Archive.
  4. Set up an S3 Lifecycle policy to transition objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately and to S3 Glacier Deep Archive after 2 years.

Answer(s): B

Explanation:

S) B)
B) Correct: Transition data after 2 years ensures the most recent 2 years remain in S3 Standard or readily accessible lifecycle while older data moves to Glacier Deep Archive, meeting 25-year retention and cost savings.
A) Incorrect: Immediate transition to Glacier Deep Archive violates the requirement for highly available and immediately retrievable data for the most recent 2 years.
C) Incorrect: S3 Intelligent-Tiering archiving option is not applicable to guarantee immediate retrievability to 2 years; it optimizes by tiering but does not guarantee Glacier Deep Archive as the target for the time window.
D) Incorrect: S3 One Zone-IA is not durable or highly available like Standard; immediate transition followed by 2-year rule does not satisfy the requirement for long-term cost-effective, highly available storage for the initial period.



A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing, 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore.
Which set of services should a solutions architect recommend to meet these requirements?

  1. Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage
  2. Amazon EBS for maximum performance, Amazon EFS for durable data storage, and Amazon S3 Glacier for archival storage
  3. Amazon EC2 instance store for maximum performance, Amazon EFS for durable data storage, and Amazon S3 for archival storage
  4. Amazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

Answer(s): D

Explanation:

The correct answer is D.
A) Incorrect: EC2 instance store is ephemeral and not durable; unsuitable for archival or durable storage needs.
B) Incorrect: EFS is durable but not cost-optimized for large archival workloads; S3 Glacier is appropriate for archival. EBS for 10 TB and high IOPS is excessive here.
C) Incorrect: EC2 instance store again is ephemeral and not durable; EC2 for archival storage is inappropriate, and S3 is better for durable/archival storage.
D) Correct: EC2 instance store offers maximum I/O on the instance for video processing, S3 provides durable storage for 300 TB with high durability, and S3 Glacier provides cost-effective archival storage for 900 TB.



A company wants to run applications in containers in the AWS Cloud. These applications are stateless and can tolerate disruptions within the underlying infrastructure. The company needs a solution that minimizes cost and operational overhead.
What should a solutions architect do to meet these requirements?

  1. Use Spot Instances in an Amazon EC2 Auto Scaling group to run the application containers.
  2. Use Spot Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.
  3. Use On-Demand Instances in an Amazon EC2 Auto Scaling group to run the application containers.
  4. Use On-Demand Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.

Answer(s): B

Explanation:

Spot instances in an EKS managed node group provide cost savings with automated lifecycle and capacity management suitable for stateless, disruption-tolerant workloads, minimizing operational overhead while leveraging Kubernetes scheduling for containerized apps. A) EC2 Auto Scaling with Spot Instances is viable but lacks Kubernetes management benefits and ecosystem for container orchestration. C) On-Demand in EC2 ASG ensures availability but higher cost and no automation for Kubernetes. D) On-Demand in EKS node group reduces cost efficiency compared to Spot-based EKS nodes. Thus B correctly combines cost efficiency, managed Kubernetes control plane, and minimal overhead for stateless containers.



Viewing page 16 of 129

Share your comments for Amazon AWS Certified Solutions Architect - Associate exam with other users:

P
piyush keshari
7/7/2023 9:46:00 PM

true quesstions

Anonymous
B
B.A.J
11/6/2023 7:01:00 AM

i can´t believe ms asks things like this, seems to be only marketing material.

Anonymous
G
Guss
5/23/2023 12:28:00 PM

hi, could you please add the last update of ns0-527

Anonymous
R
Rond65
8/22/2023 4:39:00 PM

question #3 refers to vnet4 and vnet5. however, there is no vnet5 listed in the case study (testlet 2).

UNITED STATES
C
Cheers
12/13/2023 9:55:00 AM

sometimes it may be good some times it may be

GERMANY
S
Sumita Bose
7/21/2023 1:01:00 AM

qs 4 answer seems wrong- please check

AUSTRALIA
A
Amit
9/7/2023 12:53:00 AM

very detailed explanation !

HONG KONG
F
FisherGirl
5/16/2022 10:36:00 PM

the interactive nature of the test engine application makes the preparation process less boring.

NETHERLANDS
C
Chiranthaka
9/20/2023 11:15:00 AM

very useful.

Anonymous
S
SK
7/15/2023 3:51:00 AM

complete question dump should be made available for practice.

Anonymous
G
Gamerrr420
5/25/2022 9:38:00 PM

i just passed my first exam. i got 2 exam dumps as part of the 50% sale. my second exam is under work. once i write that exam i report my result. but so far i am confident.

AUSTRALIA
K
Kudu hgeur
9/21/2023 5:58:00 PM

nice create dewey stefen

CZECH REPUBLIC
A
Anorag
9/6/2023 9:24:00 AM

i just wrote this exam and it is still valid. the questions are exactly the same but there are about 4 or 5 questions that are answered incorrectly. so watch out for those. best of luck with your exam.

CANADA
N
Nathan
1/10/2023 3:54:00 PM

passed my exam today. this is a good start to 2023.

UNITED STATES
1
1
10/28/2023 7:32:00 AM

great sharing

Anonymous
A
Anand
1/20/2024 10:36:00 AM

very helpful

UNITED STATES
K
Kumar
6/23/2023 1:07:00 PM

thanks.. very helpful

FRANCE
U
User random
11/15/2023 3:01:00 AM

i registered for 1z0-1047-23 but dumps qre available for 1z0-1047-22. help me with this...

UNITED STATES
K
kk
1/17/2024 3:00:00 PM

very helpful

UNITED STATES
R
Raj
7/24/2023 10:20:00 AM

please upload oracle 1z0-1110-22 exam pdf

INDIA
B
Blessious Phiri
8/13/2023 11:58:00 AM

becoming interesting on the logical part of the cdbs and pdbs

Anonymous
L
LOL what a joke
9/10/2023 9:09:00 AM

some of the answers are incorrect, i would be wary of using this until an admin goes back and reviews all the answers

UNITED STATES
M
Muhammad Rawish Siddiqui
12/9/2023 7:40:00 AM

question # 267: federated operating model is also correct.

SAUDI ARABIA
M
Mayar
9/22/2023 4:58:00 AM

its helpful alot.

Anonymous
S
Sandeep
7/25/2022 11:58:00 PM

the questiosn from this braindumps are same as in the real exam. my passing mark was 84%.

INDIA
E
Eman Sawalha
6/10/2023 6:09:00 AM

it is an exam that measures your understanding of cloud computing resources provided by aws. these resources are aligned under 6 categories: storage, compute, database, infrastructure, pricing and network. with all of the services and typees of services under each category

GREECE
M
Mars
11/16/2023 1:53:00 AM

good and very useful

TAIWAN PROVINCE OF CHINA
R
ronaldo7
10/24/2023 5:34:00 AM

i cleared the az-104 exam by scoring 930/1000 on the exam. it was all possible due to this platform as it provides premium quality service. thank you!

UNITED STATES
P
Palash Ghosh
9/11/2023 8:30:00 AM

easy questions

Anonymous
N
Noor
10/2/2023 7:48:00 AM

could you please upload ad0-127 dumps

INDIA
K
Kotesh
7/27/2023 2:30:00 AM

good content

Anonymous
B
Biswa
11/20/2023 9:07:00 AM

understanding about joins

Anonymous
J
Jimmy Lopez
8/25/2023 10:19:00 AM

please upload oracle cloud infrastructure 2023 foundations associate exam braindumps. thank you.

Anonymous
L
Lily
4/24/2023 10:50:00 PM

questions made studying easy and enjoyable, passed on the first try!

UNITED STATES
AI Tutor 👋 I’m here to help!