SAA C03 Exam Questions Set | 800+ quizzes with
100% Correct Verified Solutions
1. A company has an application that runs on Amazon EC2 instances and uses an Amazon
Aurora database. The EC2 instances connect to the database by using user names and
passwords that are stored locally in a file. The company wants to minimize the operational
overhead of credential management.
What should a solutions architect do to accomplish this goal?
A. Use AWS Secrets Manager. Turn on automatic rotation.
B. Use AWS Systems Manager Parameter Store. Turn on automatic rotation.
C. Create an Amazon S3 bucket to store objects that are encrypted with an AWS Key
Management Service (AWS KMS) encryption key. Migrate the credential file to the S3 bucket.
Point the application to the S3 bucket.
D. Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance.
Attach the new EBS volume to each EC2 instance. Migrate the credential file to the new EBS
volume. Point the application to the new EBS vol - ✔✔A
2. A global company hosts its web application on Amazon EC2 instances behind an Application
Load Balancer (ALB). The web application has static data and dynamic data. The company stores
its static data in an Amazon S3 bucket. The company wants to improve performance and reduce
latency for the static data and dynamic data. The company is using its own domain name
registered with Amazon Route 53.
What should a solutions architect do to meet these requirements?
A. Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins.
Configure Route 53 to route traffic to the CloudFront distribution.
B. Create an Amazon CloudFront distribution that has the ALB as an origin. Create an AWS
Global Accelerator standard accelerator that has the S3 bucket as an endpoint Configure Route
53 to route traffic to the CloudFront distribution.
C. Create an Amazon CloudFront distribution that has the S3 bucket as an - ✔✔A
,3. A company performs monthly maintenance on its AWS infrastructure. During these
maintenance activities, the company needs to rotate the credentials for its Amazon RDS for
MySQL databases across multiple AWS Regions.
Which solution will meet these requirements with the LEAST operational overhead?
A. Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication
for the required Regions. Configure Secrets Manager to rotate the secrets on a schedule.
B. Store the credentials as secrets in AWS Systems Manager by creating a secure string
parameter. Use multi-Region secret replication for the required Regions. Configure Systems
Manager to rotate the secrets on a schedule.
C. Store the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled.
Use Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function to
rotate the credentials.
D. Encrypt the cr - ✔✔A
4. A company runs an ecommerce application on Amazon EC2 instances behind an Application
Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple
Availability Zones. The Auto Scaling group scales based on CPU utilization metrics. The
ecommerce application stores the transaction data in a MySQL 8.0 database that is hosted on a
large EC2 instance.
The database's performance degrades quickly as application load increases. The application
handles more read requests than write transactions. The company wants a solution that will
automatically scale the database to meet the demand of unpredictable read workloads while
maintaining high availability.
Which solution will meet these requirements?
A. Use Amazon Redshift with a single node for leader and compute functionality.
B. Use Amazon RDS with a Single-AZ deployment Configure Amazon RDS to add reader
instances in a different Availability Zone. - ✔✔C
5. A company recently migrated to AWS and wants to implement a solution to protect the
traffic that flows in and out of the production VPC. The company had an inspection server in its
on-premises data center. The inspection server performed specific operations such as traffic
flow inspection and traffic filtering. The company wants to have the same functionalities in the
AWS Cloud.
,Which solution will meet these requirements?
A. Use Amazon GuardDuty for traffic inspection and traffic filtering in the production VPC.
B. Use Traffic Mirroring to mirror traffic from the production VPC for traffic inspection and
filtering.
C. Use AWS Network Firewall to create the required rules for traffic inspection and traffic
filtering for the production VPC.
D. Use AWS Firewall Manager to create the required rules for traffic inspection and traffic
filtering for the production VPC. - ✔✔C
6. A company hosts a data lake on AWS. The data lake consists of data in Amazon S3 and
Amazon RDS for PostgreSQL. The company needs a reporting solution that provides data
visualization and includes all the data sources within the data lake. Only the company's
management team should have full access to all the visualizations. The rest of the company
should have only limited access.
Which solution will meet these requirements?
A. Create an analysis in Amazon QuickSight. Connect all the data sources and create new
datasets. Publish dashboards to visualize the data. Share the dashboards with the appropriate
IAM roles.
B. Create an analysis in Amazon QuickSight. Connect all the data sources and create new
datasets. Publish dashboards to visualize the data. Share the dashboards with the appropriate
users and groups.
C. Create an AWS Glue table and crawler for the data in Amazon S3. Create an AWS Glue
extract, transform, - ✔✔B
7. A company is implementing a new business application. The application runs on two Amazon
EC2 instances and uses an Amazon S3 bucket for document storage. A solutions architect needs
to ensure that the EC2 instances can access the S3 bucket.
What should the solutions architect do to meet this requirement?
A. Create an IAM role that grants access to the S3 bucket. Attach the role to the EC2 instances.
B. Create an IAM policy that grants access to the S3 bucket. Attach the policy to the EC2
instances.
, C. Create an IAM group that grants access to the S3 bucket. Attach the group to the EC2
instances.
D. Create an IAM user that grants access to the S3 bucket. Attach the user account to the EC2
instances. - ✔✔A
8. An application development team is designing a microservice that will convert large images
to smaller, compressed images. When a user uploads an image through the web interface, the
microservice should store the image in an Amazon S3 bucket, process and compress the image
with an AWS Lambda function, and store the image in its compressed form in a different S3
bucket.
A solutions architect needs to design a solution that uses durable, stateless components to
process the images automatically.
Which combination of actions will meet these requirements? (Choose two.)
A. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure the S3 bucket to
send a notification to the SQS queue when an image is uploaded to the S3 bucket.
B. Configure the Lambda function to use the Amazon Simple Queue Service (Amazon SQS)
queue as the invocation source. When the SQS message is successfully processed, delete the
message in - ✔✔AB
9. A company has a three-tier web application that is deployed on AWS. The web servers are
deployed in a public subnet in a VPC. The application servers and database servers are deployed
in private subnets in the same VPC. The company has deployed a third-party virtual firewall
appliance from AWS Marketplace in an inspection VPC. The appliance is configured with an IP
interface that can accept IP packets.
A solutions architect needs to integrate the web application with the appliance to inspect all
traffic to the application before the traffic reaches the web server.
Which solution will meet these requirements with the LEAST operational overhead?
A. Create a Network Load Balancer in the public subnet of the application's VPC to route the
traffic to the appliance for packet inspection.
B. Create an Application Load Balancer in the public subnet of the application's VPC to route the
traffic to the appliance for packet - ✔✔D
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Examsplug. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.