A company uses 50 TB of data for reporting. The company wants to move this data from on premises to AWS. A custom application in the company’s data center runs a weekly data transformation job. The company plans to pause the application until the data transfer is complete and needs to begin the transfer process as soon as possible.The data center does not have any available network bandwidth for additional workloads. A solutions architect must transfer the data and must configure the transformation job to continue to run in the AWS Cloud.Which solution will meet these requirements with the LEAST operational overhead?
Answer(s): C
The correct answer is C. Snowball Edge Storage Optimized can ship large data (50 TB) offline, copy data locally, and includes edge compute to run a custom transformation during transfer, enabling the job to continue in AWS with minimal downtime and operational overhead.A is incorrect because DataSync requires network bandwidth or VPN/direct connect; the premise is no available bandwidth and DataSync plus Glue adds unnecessary data movement steps.B is incorrect because Snowcone has limited capacity (10 TB) and only edge compute; cannot handle 50 TB.D is incorrect because using Snowball Edge with EC2 adds more management overhead and a separate AWS EC2 deployment; option C provides integrated storage+compute with lower overhead.
A company has created an image analysis application in which users can upload photos and add photo frames to their images. The users upload images and metadata to indicate which photo frames they want to add to their images. The application uses a single Amazon EC2 instance and Amazon DynamoDB to store the metadata.The application is becoming more popular, and the number of users is increasing. The company expects the number of concurrent users to vary significantly depending on the time of day and day of week. The company must ensure that the application can scale to meet the needs of the growing user base.Which solution meats these requirements?
AWS Lambda with S3 for photos and DynamoDB for metadata provides serverless, scalable compute that automatically handles varying concurrent load, eliminating capacity planning for EC2. Storing images in S3 offloads storage, reduces management, and pairs with Lambda event-driven processing to apply frames as requested.A) Lambda only says store metadata in DynamoDB; lacks explicit photo storage handling via scalable object store.B) Kinesis Data Firehose is for streaming data delivery, not for on-demand photo processing and metadata association.D) Scaling EC2 with io2 EBS is manual capacity planning and not as cost-efficient or scalable as serverless options.C) Correct: Lambda + S3 + DynamoDB delivers scalable, event-driven processing and proper data separation.
A medical records company is hosting an application on Amazon EC2 instances. The application processes customer data files that are stored on Amazon S3. The EC2 instances are hosted in public subnets. The EC2 instances access Amazon S3 over the internet, but they do not require any other network access.A new requirement mandates that the network traffic for file transfers take a private route and not be sent over the internet.Which change to the network architecture should a solutions architect recommend to meet this requirement?
A solution that ensures private routing to S3 is to place EC2 in private subnets and use a VPC endpoint for S3, associated with the private subnets’ route table. This keeps S3 traffic within the AWS network.A) NAT gateway would still route via the NAT device over the internet path; not private to S3. B) Restricting SG egress to S3 prefix list does not guarantee private AWS network path or avoid internet egress. D) Direct Connect is unnecessary and costlier; it doesn’t specifically provide S3 private access within VPC unless combined with endpoints, which is not stated. C) correctly enables private connectivity via VPC endpoint.
A company uses a popular content management system (CMS) for its corporate website. However, the required patching and maintenance are burdensome. The company is redesigning its website and wants anew solution. The website will be updated four times a year and does not need to have any dynamic content available. The solution must provide high scalability and enhanced security.Which combination of changes will meet these requirements with the LEAST operational overhead? (Choose two.)
Answer(s): A,D
A) Using CloudFront in front of a static site with HTTPS provides global scalability, DDoS protection, and TLS termination with minimal maintenance.D) Hosting a static website in an S3 bucket with static website hosting meets low operational overhead, high scalability, and security when paired with CloudFront.B) AWS WAF adds protection but not necessary for HTTPS termination and introduces extra management for this scenario.C) Lambda-based content hosting is dynamic and adds complexity and overhead for a static site.E) EC2 with ASG/ALB increases operational burden and maintenance.
A company stores its application logs in an Amazon CloudWatch Logs log group. A new policy requires the company to store all application logs in Amazon OpenSearch Service (Amazon Elasticsearch Service) in near-real time.Which solution will meet this requirement with the LEAST operational overhead?
Answer(s): A
CloudWatch Logs subscription to OpenSearch Service provides near-real-time streaming with minimal setup and fully managed integration, meeting the requirement with the least operational overhead.A) Correct. Direct CloudWatch Logs subscription filter to OpenSearch is a managed, low-maintenance integration that streams logs in near real time without custom code or additional services.B) Requires custom Lambda code, handling retries, pagination, and scaling; more operational overhead than a managed subscription.C) Firehose adds an extra managed service layer and configuration, but is heavier than a direct subscription for near-real-time ingestion.D) Involves deploying agents on every server, managing agents, and scaling the pipeline; highest operational burden.
A company is building a web-based application running on Amazon EC2 instances in multiple Availability Zones. The web application will provide access to a repository of text documents totaling about 900 TB in size. The company anticipates that the web application will experience periods of high demand. A solutions architect must ensure that the storage component for the text documents can scale to meet the demand of the application at all times. The company is concerned about the overall cost of the solution.Which storage solution meets these requirements MOST cost-effectively?
Answer(s): D
Answer: DS)3 is object storage designed to scale massively with99.99% durability and pay-as-you-go pricing, ideal for 900 TB of documents accessed by a web app across AZs. It requires no provisioning for capacity and supports concurrent access from EC2 instances.A) EBS is block storage tied to a single AZ and requires provisioning; not cost-effective or scalable across AZs for large, shared data.B) EFS offers shared file system across instances but is more expensive at very large scale and higher latency than S3 for static document repositories.C) OpenSearch is a search service, not a durable document store; inappropriate for primary storage.
A global company is using Amazon API Gateway to design REST APIs for its loyalty club users in the us-east-1 Region and the ap-southeast-2 Region. A solutions architect must design a solution to protect these API Gateway managed REST APIs across multiple accounts from SQL injection and cross-site scripting attacks.Which solution will meet these requirements with the LEAST amount of administrative effort?
Answer(s): B
AWS Firewall Manager allows centrally configuring and enforcing WAF rules across multiple accounts and regions, minimizing administrative overhead for protecting API Gateway REST APIs in us-east-1 and ap-southeast-2. This matches the requirement for cross-account, multi-region protection with least admin effort.A) Requires configuring WAF in each region separately per account; more administrative work than centralized FMS.C) AWS Shield focuses on DDoS protection, not general WAF rule sets for SQLi/XSS.D) Shield applies regionally but does not provide centralized multi-account rule management; not optimal for multi-region, multi-account scope.B) Correct: central, cross-account, multi-region WAF rule enforcement via Firewall Manager.
A company has implemented a self-managed DNS solution on three Amazon EC2 instances behind a Network Load Balancer (NLB) in the us-west-2 Region. Most of the company's users are located in the United States and Europe. The company wants to improve the performance and availability of the solution. The company launches and configures three EC2 instances in the eu-west-1 Region and adds the EC2 instances as targets for a new NLB.Which solution can the company use to route traffic to all the EC2 instances?
Route 53 Global Accelerator with endpoint groups in us-west-2 and eu-west-1 provides fast, global, healthy routing to multiple NLBs across regions, improving both performance and availability for users in US/Europe.A) Geolocation routing to two NLBs plus CloudFront is not optimal for WAN health/latency across regions; CloudFront origin would be regional, not ideal for self-managed DNS behind NLBs.C) Attaching Elastic IPs to six instances is impractical for multi-region global traffic and lacks health-aware routing; CloudFront origin would still not leverage regional NLB health.D) Latency routing to ALBs requires replacing NLBs and rerouting; adds unnecessary complexity and does not centralize traffic optimization like Global Accelerator.
Share your comments for Amazon SAA-C03 exam with other users:
easy questions
q.189 - answers are incorrect.
question 8 - can cloudtrail be used for storing jobs? based on aws - aws cloudtrail is used for governance, compliance and investigating api usage across all of our aws accounts. every action that is taken by a user or script is an api call so this is logged to [aws] cloudtrail. something seems incorrect here.
thanks for the questions
this is very helpfull for me
this is a good experience
q. 289 - the correct answer should be b not d, since the question asks for the most secure way to provide access to a s3 bucket (a single one), and by principle of the least privilege you should not be giving access to all buckets.
i took the aws saa-c03 test and scored 935/1000. it has all the exam dumps and important info.
is it possible to clear the exam if we focus on only these 156 questions instead of 623 questions? kindly help!
great job. hope this helps out.