A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of jobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely coupled and the job items are durably stored.Which design should the solutions architect use?
Answer(s): C
The correct answer is C because an SQS queue provides durable, decoupled, and scalable job buffering for stateless processors; the Auto Scaling group can scale based on the actual backlog (number of items in the queue), ensuring parallel processing and automatic node adjustment. A launch template with an AMI supports flexible scaling.A) Uses SNS, which is best for fan-out messaging, not durable queueing of work items; scaling on CPU is not tied to workload. B) Scales on network usage, not workload, and uses SQS but wrong scaling metric. D) SNS-based queuing infrastructure with scaling on published messages is not a standard durable work-queue approach; unnecessary coupling.
A company hosts its web applications in the AWS Cloud. The company configures Elastic Load Balancers to use certificates that are imported into AWS Certificate Manager (ACM). The company's security team must be notified 30 days before the expiration of each certificate.What should a solutions architect recommend to meet this requirement?
Answer(s): B
AWS Config provides continuously evaluated resource compliance with a 30-day expiry check for ACM certificates, and EventBridge can trigger alerts when Config reports noncompliance, ensuring timely notifications to SNS. This satisfies the requirement to be notified 30 days before expiration in a managed, auditable manner.A) ACM does not publish expiration alerts via custom SNS topics; ACM alerting isn’t configurable this way. C) Trusted Advisor checks are not configurable to trigger per-certificate expiry notifications or custom alerting via EventBridge/SNS. D) An EventBridge rule and Lambda could work, but it requires building custom logic; Config provides a simpler, managed solution with automatic evaluation. B) is the correct, declarative approach.
A company's dynamic website is hosted using on-premises servers in the United States. The company is launching its product in Europe, and it wants to optimize site loading times for new European users. The site's backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed.What should the solutions architect recommend?
CloudFront with a custom origin enables edge caching and low-latency delivery to European users while keeping the backend in the United States, meeting the globalization objective quickly.A) Incorrect: Launching EC2 in us-east-1 does not reduce latency for Europe; it relocates compute but increases latency for European users.B) Incorrect: S3 with Cross-Region Replication is for object storage in another region, not suitable for dynamic site hosting or immediate global latency reduction.D) Incorrect: Route 53 geoproximity routes traffic based on location but requires endpoints in AWS or elsewhere; it doesn’t provide edge caching or rapid deployment with on-prem origin.
A company wants to reduce the cost of its existing three-tier web architecture. The web, application, and database servers are running on Amazon EC2 instances for the development, test, and production environments. The EC2 instances average 30% CPU utilization during peak hours and 10% CPU utilization during non-peak hours.The production EC2 instances run 24 hours a day. The development and test EC2 instances run for at least 8 hours each day. The company plans to implement automation to stop the development and test EC2 instances when they are not in use.Which EC2 instance purchasing solution will meet the company's requirements MOST cost-effectively?
The best fit is B because production runs continuously, so Reserved Instances (RI) provide cost savings over On-Demand. Development/test run only part of each day and can be shut off; On-Demand is simplest and avoids paying for idle capacity, aligning with automation to stop when unused.A) Spotted for production is risky due to interruption; RI/On-Demand mix could be cheaper than relying on Spot for prod. C) Spot blocks for production expose volatility; development/test RIs don’t align with low utilization and shutdown. D) On-Demand for prod misses continuous-use savings; Spot blocks for dev/test rely on interruptions and forecasted usage.
A company has a production web application in which users upload documents through a web interface or a mobile app. According to a new regulatory requirement. new documents cannot be modified or deleted after they are stored.What should a solutions architect do to meet this requirement?
Answer(s): A
S) A) is correct because enabling S3 Object Lock in Compliance mode with Versioning ensures immutability: objects cannot be modified or deleted for a defined retention period, satisfying regulatory immutability.B) Incorrect: Lifecycle policies archive data but do not guarantee immutability or prevent deletion/modification.C) Incorrect: Read-only ACL does not prevent deletions if bucket/object permissions allow it and does not enforce a retention period or immutability.D) Incorrect: EFS does not provide built-in object-level immutability or retention controls; mounting read-only does not guarantee protection against deletions or modifications.
A company has several web servers that need to frequently access a common Amazon RDS MySQL Multi-AZ DB instance. The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.Which solution meets these requirements?
A) Storing credentials in AWS Secrets Manager and granting web servers access aligns with rotating credentials automatically and securely via built-in secret rotation for RDS-compatible databases.B) OpsCenter is for operational issue management, not credential storage or rotation.C) Storing credentials in S3 requires manual rotation and access controls; not as seamless or secure for frequent rotation as Secrets Manager.D) Per-host file-based encryption with KMS lacks centralized rotation, auditability, and scalable credential management compared to Secrets Manager.
A company hosts an application on AWS Lambda functions that are invoked by an Amazon API Gateway API. The Lambda functions save customer data to an Amazon Aurora MySQL database. Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete. The result is that customer data is not recorded for some of the event.A solutions architect needs to design a solution that stores customer data that is created during database upgrades.Which solution will meet these requirements?
Answer(s): D
The correct answer is D.D) Using an SQS FIFO queue decouples data ingestion from the database write. API Gateway/Lambda can enqueue events when the database is unavailable during upgrades, ensuring no data is lost, and a separate Lambda consumer can reliably persist data to Aurora once connections are available.A) RDS Proxy helps manage database connections, but does not guarantee data durability during upgrade outages; it doesn’t inherently buffer writes when the DB is unavailable.B) Extending Lambda duration and retries may still fail to preserve data if the DB is unreachable; timing is unpredictable and may violate data integrity.C) Storing locally in Lambda is volatile and not durable across function invocations or instances, risking data loss.
A survey company has gathered data for several years from areas in the United States. The company hosts the data in an Amazon S3 bucket that is 3 TB in size and growing. The company has started to share the data with a European marketing firm that has S3 buckets. The company wants to ensure that its data transfer costs remain as low as possible.Which solution will meet these requirements?
Cross-Region Replication minimizes transfer costs by keeping copies in the destination region, allowing data sharing with the European firm without egress charges from the source region for replicated objects.A) Requester Pays shifts data access costs to the requester, not reducing cross-border data transfer fees for shared data, so it doesn’t minimize overall transfer costs for this workflow. C) Cross-account access enables access rights but does not automatically reduce data transfer costs or replicate data to the partner’s region. D) S3 Intelligent-Tiering optimizes storage costs, not cross-region data sharing or transfer costs, and syncing to another bucket does not inherently reduce egress charges.
Share your comments for Amazon SAA-C03 exam with other users:
easy questions
q.189 - answers are incorrect.
question 8 - can cloudtrail be used for storing jobs? based on aws - aws cloudtrail is used for governance, compliance and investigating api usage across all of our aws accounts. every action that is taken by a user or script is an api call so this is logged to [aws] cloudtrail. something seems incorrect here.
thanks for the questions
this is very helpfull for me
this is a good experience
q. 289 - the correct answer should be b not d, since the question asks for the most secure way to provide access to a s3 bucket (a single one), and by principle of the least privilege you should not be giving access to all buckets.
i took the aws saa-c03 test and scored 935/1000. it has all the exam dumps and important info.
is it possible to clear the exam if we focus on only these 156 questions instead of 623 questions? kindly help!
great job. hope this helps out.