A company is running an SMB file server in its data center. The file server stores large files that are accessed frequently for the first few days after the files are created. After 7 days the files are rarely accessed.The total data size is increasing and is close to the company's total storage capacity. A solutions architect must increase the company's available storage space without losing low-latency access to the most recently accessed files. The solutions architect must also provide file lifecycle management to avoid future storage issues.Which solution will meet these requirements?
Answer(s): B
A short summary: Using a File Gateway with S3 storage and lifecycle policies best preserves low-latency access for recent files while expanding capacity and managing data aging.A) Incorrect. DataSync moves data, but does not provide continuous access to recent files on-premises and lacks integrated lifecycle management for ongoing growth.B) Correct. S3 File Gateway extends on-premises storage with S3, preserving low-latency access for recent files via local cache, while S3 Lifecycle moves older data to Glacier Deep Archive to free space.C) Incorrect. FSx for Windows provides additional Windows file storage but does not inherently integrate with on-prem SMB access or lifecycle tiers to archive data.D) Incorrect. Client-side S3 access with lifecycle to Glacier Flexible Retrieval reduces performance and does not maintain local low-latency access for active files.
A company is building an ecommerce web application on AWS. The application sends information about new orders to an Amazon API Gateway REST API to process. The company wants to ensure that orders are processed in the order that they are received.Which solution will meet these requirements?
Using an API Gateway integration to place each new order into an SQS FIFO queue ensures strict message ordering and at-least-once processing with exactly-once in-order semantics, which is appropriate for processing ecommerce orders in arrival order. The FIFO queue guarantees ordering via message group IDs and provides deduplication.A) SNS does not preserve per-message processing order across multiple subscribers; ordering is not guaranteed. C) API Gateway authorizers control access, not processing order. D) SQS standard queue does not guarantee strict ordering; messages can be delivered out of order.
A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management.What should a solutions architect do to accomplish this goal?
Answer(s): A
AWS Secrets Manager provides centralized credential management with automatic rotation for database credentials, minimizing operational overhead for applications running on EC2 and connecting to Aurora. It supports seamless retrieval by apps and can rotate secrets without code changes.A) Correct: Secrets Manager with automatic rotation reduces manual credential maintenance and ensures credentials are rotated automatically.B) Systems Manager Parameter Store is suitable for secret values but lacks built-in database credential rotation like Secrets Manager; rotation is not as seamless for database credentials.C) Storing credentials in S3 introduces risk if access controls or rotation aren’t robust; not ideal for dynamic database credentials.D) Encrypting and mounting credentials on EBS volumes increases maintenance and does not automate rotation or centralized management.
A global company hosts its web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The web application has static data and dynamic data. The company stores its static data in an Amazon S3 bucket. The company wants to improve performance and reduce latency for the static data and dynamic data. The company is using its own domain name registered with Amazon Route 53.What should a solutions architect do to meet these requirements?
A) CloudFront with S3 as origin and ALB as origin? Wait, correct is A: CloudFront distribution with S3 bucket and ALB as origins, and Route 53 routes to CloudFront. This provides caching for static data from S3 and dynamic data from ALB, reducing latency globally; CloudFront edge caches serve static content and forward dynamic requests to ALB, while Route 53 routing to the CloudFront distribution ensures global performance. B, C, D incorrect: Global Accelerator is not needed when CloudFront already provides edge caching; mixing endpoints and multiple accelerators adds complexity and can misroute traffic; using separate endpoints or domain splits is not required and can complicate TLS and routing.
A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions.Which solution will meet these requirements with the LEAST operational overhead?
A) Secrets Manager with multi-Region replication and rotation minimizes operational overhead by providing built-in secret storage, automatic rotation, and cross-region replication for IAM/RDS credentials. This aligns with RDS for MySQL integration and reduces custom tooling.B) Systems Manager Parameter Store replication exists but not as seamless for cross-region rotation of database credentials; multi-region replication is less common and rotation may require custom steps.C) S3 SSE plus Lambda rotation adds significant custom logic and lacks native secret rotation for RDS; higher maintenance.D) DynamoDB with KMS keys and Lambda rotation is a custom approach requiring bespoke rotation logic and does not provide native, managed RDS credential rotation.
A company runs an ecommerce application on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales based on CPU utilization metrics. The ecommerce application stores the transaction data in a MySQL 8.0 database that is hosted on a large EC2 instance.The database's performance degrades quickly as application load increases. The application handles more read requests than write transactions. The company wants a solution that will automatically scale the database to meet the demand of unpredictable read workloads while maintaining high availability.Which solution will meet these requirements?
Answer(s): C
Aurora with Auto Scaling and replicas provides a highly available, read-heavy, scalable relational database layer that automatically adds read replicas to handle unpredictable read workloads while maintaining multi-AZ durability.A) Redshift is a data warehouse optimized for analytics, not as a transactional DB or OLTP with automatic read scaling for a live ecommerce workload.B) Single-AZ RDS with cross-AZ readers helps availability but lacks the elastic, per-tenant read-scaling and automatic replica fleet management provided by Aurora Auto Scaling.D) ElastiCache Memcached adds a cache layer but does not replace the authoritative transactional database; relying on Spot Instances is unreliable for a critical database tier.
A company recently migrated to AWS and wants to implement a solution to protect the traffic that flows in and out of the production VPC. The company had an inspection server in its on-premises data center. The inspection server performed specific operations such as traffic flow inspection and traffic filtering. The company wants to have the same functionalities in the AWS Cloud.Which solution will meet these requirements?
Amazon Network Firewall provides managed inspection and filtering capabilities within a VPC, allowing you to define rules to inspect and filter traffic entering and leaving the production VPC, matching the on-prem inspection server functionality. A) GuardDuty is for threat detection and monitoring, not real-time traffic inspection/filtering. B) Traffic Mirroring duplicates traffic for analysis elsewhere but does not perform in-line inspection or enforcement. D) Firewall Manager centralizes policy management across accounts but relies on underlying firewall appliances; it does not itself provide direct in-line inspection/filtering within the VPC. Therefore, Network Firewall is the correct in-line traffic inspection and filtering solution.
A company hosts a data lake on AWS. The data lake consists of data in Amazon S3 and Amazon RDS for PostgreSQL. The company needs a reporting solution that provides data visualization and includes all the data sources within the data lake. Only the company's management team should have full access to all the visualizations. The rest of the company should have only limited access.Which solution will meet these requirements?
Amazon QuickSight supports centralized dashboards that can connect to multiple data sources (S3, RDS PostgreSQL), with fine-grained access control via IAM users/groups or in-app permissions, enabling management to have full access while others have restricted access. B) aligns with per-user/group access control and multi-source visualization.A) Inadequate if it relies on IAM roles instead of per-user/group permissions; may not enforce separate access for the broader user base.C) ETL and S3-only reporting lacks integrated visualization and per-user access controls across data sources.D) Federation and cross-service querying add complexity; access control and visualization governance are not as straightforward as in QuickSight dashboards.
Share your comments for Amazon SAA-C03 exam with other users:
easy questions
q.189 - answers are incorrect.
question 8 - can cloudtrail be used for storing jobs? based on aws - aws cloudtrail is used for governance, compliance and investigating api usage across all of our aws accounts. every action that is taken by a user or script is an api call so this is logged to [aws] cloudtrail. something seems incorrect here.
thanks for the questions
this is very helpfull for me
this is a good experience
q. 289 - the correct answer should be b not d, since the question asks for the most secure way to provide access to a s3 bucket (a single one), and by principle of the least privilege you should not be giving access to all buckets.
i took the aws saa-c03 test and scored 935/1000. it has all the exam dumps and important info.
is it possible to clear the exam if we focus on only these 156 questions instead of 623 questions? kindly help!
great job. hope this helps out.