A company's application integrates with multiple software-as-a-service (SaaS) sources for data collection. The company runs Amazon EC2 instances to receive the data and to upload the data to an Amazon S3 bucket for analysis. The same EC2 instance that receives and uploads the data also sends a notification to the user when an upload is complete. The company has noticed slow application performance and wants to improve the performance as much as possible.Which solution will meet these requirements with the LEAST operational overhead?
Answer(s): B
The flow-based integration reduces overhead by orchestrating data transfer from multiple SaaS sources to S3 and notifying on completion without managing EC2-based logic, providing scalability with minimal ops.A) Autoscaling focuses on scaling EC2 but does not optimize SaaS-to-S3 data transfer orchestration or reduce manual management; adds complexity for notifications. B) AppFlow handles SaaS-to-S3 data transfers natively, scales automatically, and can trigger SNS on completion with minimal configuration, meeting the low-operational overhead requirement. C) EventBridge rules for each SaaS source introduce multiple rules and custom routing logic; increases maintenance and latency. D) Migrating to ECS adds container orchestration overhead and requires managing containerized deployments, not as low-op as AppFlow.
A company runs a highly available image-processing application on Amazon EC2 instances in a single VPC. The EC2 instances run inside several subnets across multiple Availability Zones. The EC2 instances do not communicate with each other. However, the EC2 instances download images from Amazon S3 and upload images to Amazon S3 through a single NAT gateway. The company is concerned about data transfer charges.What is the MOST cost-effective way for the company to avoid Regional data transfer charges?
Answer(s): C
The correct answer is C.A) Not necessary; NAT gateway per AZ increases cost and still routes through NAT, not reducing S3 data transfer charges. B) NAT instances may save on hourly costs but require management and don’t eliminate Regional data transfer when accessing S3. C) Gateway VPC endpoint for S3 enables private S3 access over the AWS network, avoiding data transfer charges between AZs and within the VPC to S3. D) EC2 Dedicated Host has no impact on S3 data transfer costs and is unrelated to egress/ingress routing or regional data transfer.
A company has an on-premises application that generates a large amount of time-sensitive data that is backed up to Amazon S3. The application has grown and there are user complaints about internet bandwidth limitations. A solutions architect needs to design a long-term solution that allows for both timely backups to Amazon S3 and with minimal impact on internet connectivity for internal users.Which solution meets these requirements?
A) VPN plus VPC gateway endpoint is not sufficient for large, time-sensitive backups and would still use internet bandwidth, not addressing long-term scaling or internal bandwidth needs.B) Direct Connect provides a dedicated, low-latency, high-bandwidth path for backup traffic, reducing internet reliance and supporting timely S3 data transfers, meeting both latency and bandwidth goals.C) Snowball is for offline, bulk data transfer not suitable for continuous or daily time-sensitive backups and introduces operational overhead and timing gaps.D) Requesting removal of S3 limits does not address network bandwidth or backup performance; it only alters quotas without solution for data transfer path.
A company has an Amazon S3 bucket that contains critical data. The company must protect the data from accidental deletion.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
Answer(s): A,B
Enabling versioning preserves previous object versions, allowing recovery from accidental deletions. Enabling MFA Delete requires MFA to permanently delete object versions, adding protection against intentional or accidental deletions. A) Correct: versioning preserves data; B) Correct: MFA Delete provides an additional deletion safeguard. C) Bucket policy alone does not prevent deletions unless combined with specific deny rules; D) Default encryption protects data at rest but not deletion protection; E) Lifecycle policies manage data aging/transition, not deletion protection.
A company has a data ingestion workflow that consists of the following:• An Amazon Simple Notification Service (Amazon SNS) topic for notifications about new data deliveries• An AWS Lambda function to process the data and record metadataThe company observes that the ingestion workflow fails occasionally because of network connectivity issues. When such a failure occurs, the Lambda function does not ingest the corresponding data unless the company manually reruns the job.Which combination of actions should a solutions architect take to ensure that the Lambda function ingests all data in the future? (Choose two.)
Answer(s): B,E
The correct options B and E address decoupling and reliable processing. B ensures messages published to SNS are persisted in an SQS queue, enabling durable delivery even when the Lambda or network is temporarily unavailable. E enables the Lambda to poll and process messages from SQS, decoupling ingestion from real-time delivery and providing retries for failed invocations. A is incorrect because Lambda already runs within multiple AZs; it doesn’t guarantee ingestion retry semantics. C is not relevant to reliability under transient network failures; CPU/memory won’t guarantee retries. D is incorrect because Lambda is not provisioned throughput-based; it uses concurrency limits, not throughput units.
A company has an application that provides marketing services to stores. The services are based on previous purchases by store customers. The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers. Some of the files can exceed 200 GB in size.Recently, the company discovered that some of the stores have uploaded files that contain personally identifiable information (PII) that should not have been included. The company wants administrators to be alerted if PII is shared again. The company also wants to automate remediation.What should a solutions architect do to meet these requirements with the LEAST development effort?
S3 + Macie provides scalable, low-effort PII discovery with automated remediation and alerting, minimizing development work.A) Incorrect: Inspector is for security assessments of EC2 and on-prem assets, not scalable S3 object PII scanning; lifecycle removal would be manual/configured but not aligned with PII discovery.B) Correct: Macie automatically discovers PII in S3, can alert via SNS for remediation, and requires minimal custom code.C) Incorrect: Custom Lambda requires building and maintaining scanning logic for PII, increasing development effort; lacks the built-in PII discovery capabilities of Macie.D) Incorrect: Uses SES for alerts (email) and lifecycle, but requires custom scanning; more friction and less robust alerting than Macie + SNS.
A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week.What should the company do to guarantee the EC2 capacity?
Answer(s): D
Creating an On-Demand Capacity Reservation (ODCR) across the specific region and all three AZs guarantees EC2 capacity for the defined time window, ensuring availability even if competing demands occur. It reserves the exact instances in the chosen AZs for the duration of the event.A) Incorrect: Reserved Instances provide discounted pricing, not guaranteed capacity or explicit AZ-level reservations for a time-bound event.B) Incorrect: ODCR in a region without specifying AZs does not guarantee multi-AZ capacity.C) Incorrect: RI region- and AZ-specific reservations exist for pricing benefits, but RIs do not guarantee capacity for a fixed period.
A company's website uses an Amazon EC2 instance store for its catalog of items. The company wants to make sure that the catalog is highly available and that the catalog is stored in a durable location.What should a solutions architect do to meet these requirements?
The correct answer is D.A) Not correct because EC2 instance store is ephemeral and does not provide durability or high availability; data is lost on stop, termination, or failure.B) Not correct; increasing instance size does not protect against instance failure or data loss in the ephemeral store, and it still lacks durable, shared storage.C) Not correct; S3 Glacier Deep Archive is for long-term archival, not high availability or low-latency access for catalog data.D) Correct because Amazon EFS provides a durable, scalable, shared file system accessible from multiple instances, enabling high availability and data durability beyond a single EC2 instance.
Share your comments for Amazon SAA-C03 exam with other users:
easy questions
q.189 - answers are incorrect.
question 8 - can cloudtrail be used for storing jobs? based on aws - aws cloudtrail is used for governance, compliance and investigating api usage across all of our aws accounts. every action that is taken by a user or script is an api call so this is logged to [aws] cloudtrail. something seems incorrect here.
thanks for the questions
this is very helpfull for me
this is a good experience
q. 289 - the correct answer should be b not d, since the question asks for the most secure way to provide access to a s3 bucket (a single one), and by principle of the least privilege you should not be giving access to all buckets.
i took the aws saa-c03 test and scored 935/1000. it has all the exam dumps and important info.
is it possible to clear the exam if we focus on only these 156 questions instead of 623 questions? kindly help!
great job. hope this helps out.