Approved Amazon-Web-Services SAA-C03 Free Dumps Online

NEW QUESTION 1
A solution architect is creating a new Amazon CloudFront distribution for an application Some of Ine information submitted by users is sensitive. The application uses HTTPS but needs another layer" of security The sensitive information should be protected throughout the entire application stack end access to the information should be restricted to certain applications
Which action should the solutions architect take?

• A. Configure a CloudFront signed URL
• B. Configure a CloudFront signed cookie.
• C. Configure a CloudFront field-level encryption profile
• D. Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy

Answer: C

NEW QUESTION 2
A company that primarily runs its application servers on premises has decided to migrate to AWS. The company wants to minimize its need to scale its Internet Small Computer Systems Interface (iSCSI) storage on premises. The company wants only its recently accessed data to remain stored locally.
Which AWS solution should the company use to meet these requirements?

• A. Amazon S3 File Gateway
• B. AWS Storage Gateway Tape Gateway
• C. AWS Storage Gateway Volume Gateway stored volumes
• D. AWS Storage Gateway Volume Gateway cachea volumes

Answer: D

NEW QUESTION 3
A rapidly growing ecommerce company is running its workloads in a single AWS Region. A solutions architect must create a disaster recovery (DR) strategy that includes a different AWS Region. The company wants its database to be up to date in the DR Region with the least possible latency. The remaining infrastructure in the DR Region needs to run at reduced capacity and must be able to scale up if necessary.
Which solution will meet these requirements with the LOWEST recovery time objective (RTO)?

• A. Use an Amazon Aurora global database with a pilot light deployment.
• B. Use an Amazon Aurora global database with a warm standby deployment.
• C. Use an Amazon RDS Multi-AZ DB instance with a pilot light deployment.
• D. Use an Amazon RDS Multi-AZ DB instance with a warm standby deployment.

Answer: B

NEW QUESTION 4
An image hosting company uploads its large assets to Amazon S3 Standard buckets. The company uses multipart upload in parallel by using S3 APIs and overwrites if the same object is uploaded again. For the first 30 days after upload, the objects will be accessed frequently. The objects will be used less frequently after 30 days, but the access patterns for each object will be inconsistent. The company must optimize its S3 storage costs while maintaining high availability and resiliency of stored assets.
Which combination of actions should a solutions architect recommend to meet these requirements? (Select TWO.)

• A. Move assets to S3 Intelligent-Tiering after 30 days.
• B. Configure an S3 Lifecycle policy to clean up incomplete multipart uploads.
• C. Configure an S3 Lifecycle policy to clean up expired object delete markers.
• D. Move assets to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
• E. Move assets to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.

Answer: CD

NEW QUESTION 5
A company hosts an application on AWS. The application uses AWS Lambda functions and stores data in Amazon DynamoDB tables. The Lambda functions are connected to a VPC that does not have internet access.
The traffic to access DynamoDB must not travel across the internet. The application must have write access to only specific DynamoDB tables.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

• A. Attach a VPC endpoint policy for DynamoDB to allow write access to only the specific DynamoDB tables.
• B. Attach a security group to the interface VPC endpoint to allow write access to only the specific DynamoDB tables.
• C. Create a resource-based 1AM policy to grant write access to only the specific DynamoDB table
• D. Attach the policy to the DynamoDB tables.
• E. Create a gateway VPC endpoint for DynamoDB that is associated with the Lambda VP
• F. Ensure that the Lambda execution role can access the gateway VPC endpoint.
• G. Create an interface VPC endpoint for DynamoDB that is associated with the Lambda VP
• H. Ensure that the Lambda execution role can access the interface VPC endpoint.

Answer: AD

NEW QUESTION 6
A company has two VPCs named Management and Production The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center. The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.
What should a solutions architect do to mitigate any single point of failure in this architecture?

• A. Add a set of VPNs between the Management and Production VPCs
• B. Add a second virtual private gateway and attach it to the Management VPC.
• C. Add a second set of VPNs to the Management VPC from a second customer gateway device
• D. Add a second VPC peering connection between the Management VPC and the Production VPC.

Answer: C

Explanation:
https://docs.aws.amazon.com/vpn/latest/s2svpn/images/Multiple_Gateways_diagram.png
"To protect against a loss of connectivity in case your customer gateway device becomes unavailable, you can set up a second Site-to-Site VPN connection to your VPC and virtual private gateway by using a second customer gateway device." https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-redundant-connection.html

NEW QUESTION 7
A company is designing a new web application that the company will deploy into a single AWS Region. The application requires a two-tier architecture that will include Amazon EC2 instances and an Amazon RDS DB instance. A solutions architect needs to design the application so that all components are highly available.

• A. Deploy EC2 instances In an additional Region Create a DB instance with the Multi-AZ option activated
• B. Deploy all EC2 instances in the same Region and the same Availability Zon
• C. Create a DB instance with the Multi-AZ option activated.
• D. Deploy the fcC2 instances across at least two Availability Zones within the some Regio
• E. Create a DB instance in a single Availability Zone
• F. Deploy the EC2 instances across at least Two Availability Zones within the same Regio
• G. Create a DB instance with the Multi-AZ option activated

Answer: D

NEW QUESTION 8
A company needs to review its AWS Cloud deployment to ensure that its Amazon S3 buckets do not have unauthorized configuration changes.
What should a solutions architect do to accomplish this goal?

• A. Turn on AWS Config with the appropriate rules.
• B. Turn on AWS Trusted Advisor with the appropriate checks.
• C. Turn on Amazon Inspector with the appropriate assessment template.
• D. Turn on Amazon S3 server access loggin
• E. Configure Amazon EventBridge (Amazon Cloud Watch Events).

Answer: A

NEW QUESTION 9
A company runs an on-premises application that is powered by a MySQL database The company is migrating the application to AWS to Increase the application's elasticity and availability
The current architecture shows heavy read activity on the database during times of normal operation Every 4 hours the company's development team pulls a full export of the production database to populate a database in the staging environment During this period, users experience unacceptable application latency The development team is unable to use the staging environment until the procedure completes
A solutions architect must recommend replacement architecture that alleviates the application latency issue The replacement architecture also must give the development team the ability to continue using the staging environment without delay
Which solution meets these requirements?

• A. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for productio
• B. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.
• C. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production Use database cloning to create the staging database on-demand
• D. Use Amazon RDS for MySQL with a Mufti AZ deployment and read replicas for production Use the standby instance tor the staging database.
• E. Use Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for productio
• F. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.

Answer: C

NEW QUESTION 10
A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application. The media files must be resilient to the loss of an Availability Zone Some files are accessed frequently while other files are rarely accessed in an unpredictable pattern. The solutions architect must minimize the costs of storing and retrieving the media files.
Which storage option meets these requirements?

• A. S3 Standard
• B. S3 Intelligent-Tiering
• C. S3 Standard-Infrequent Access {S3 Standard-IA)
• D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: B

NEW QUESTION 11
A solutions architect is designing a new hybrid architecture to extend a company s on-premises infrastructure to AWS The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails.
What should the solutions architect do to meet these requirements?

• A. Provision an AWS Direct Connect connection to a Region Provision a VPN connection as a backup if the primary Direct Connect connection fails.
• B. Provision a VPN tunnel connection to a Region for private connectivit
• C. Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails.
• D. Provision an AWS Direct Connect connection to a Region Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails.
• E. Provision an AWS Direct Connect connection to a Region Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.

Answer: A

NEW QUESTION 12
A company hosts an application on AWS Lambda functions mat are invoked by an Amazon API Gateway API The Lambda functions save customer data to an Amazon Aurora MySQL database Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete The result is that customer data Is not recorded for some of the event
A solutions architect needs to design a solution that stores customer data that is created during database upgrades
Which solution will meet these requirements?

• A. Provision an Amazon RDS proxy to sit between the Lambda functions and the database Configure the Lambda functions to connect to the RDS proxy
• B. Increase the run time of me Lambda functions to the maximum Create a retry mechanism in the code that stores the customer data in the database
• C. Persist the customer data to Lambda local storag
• D. Configure new Lambda functions to scan the local storage to save the customer data to the database.
• E. Store the customer data m an Amazon Simple Queue Service (Amazon SOS) FIFO queue Create a new Lambda function that polls the queue and stores the customer data in the database

Answer: C

NEW QUESTION 13
A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.
• B. Attach the appropriate 1AM role to each existing instance and new instanc
• C. Use AWS Systems Manager Session Manager to establish a remote SSH session.
• D. Create an administrative SSH key pai
• E. Load the public key into each EC2 instanc
• F. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.
• G. Establish an AWS Site-to-Site VPN connectio
• H. Instruct administrators to use their local onpremises machines to connect directly to the instances by using SSH keys across the VPN tunnel.

Answer: B

Explanation:
Explanation
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-launch-managedinstance. html

NEW QUESTION 14
A gaming company hosts a browser-based application on AWS The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users
The application has increased in popularity, and millions of users worldwide are accessing these media files. The company wants to provide the files to the users while reducing the load on the origin
Which solution meets these requirements MOST cost-effectively?

• A. Deploy an AWS Global Accelerator accelerator in front of the web servers
• B. Deploy an Amazon CloudFront web distribution in front of the S3 bucket
• C. Deploy an Amazon ElastiCache for Redis instance in front of the web servers
• D. Deploy an Amazon ElastiCache for Memcached instance in front of the web servers

Answer: B

Explanation:
CloudFront uses Edge Locations to cache content while Global Accelerator uses Edge Locations to find an optimal pathway to the nearest regional endpoint.

NEW QUESTION 15
A solution architect is using an AWS CloudFormation template to deploy a three-tier web application. The web application consist of a web tier and an application that stores and retrieves user data in Amazon DynamoDB tables. The web and application tiers are hosted on Amazon EC2 instances, and the database tier is not publicly accessible. The application EC2 instances need to access the Dynamo tables Without exposing API credentials in the template.
What should the solution architect do to meet the requirements?

• A. Create an IAM role to read the DynamoDB table
• B. Associate the role with the application instances by referencing an instance profile.
• C. Create an IAM role that has the required permissions to read and write from the DynamoDB table
• D. Add the role to the EC2 instance profile, and associate the instances profile with the application instances.
• E. Use the parameter section in the AWS CloudFormation template to have the user input access and secret keys from an already-created IAM user that has the required permissions to read and write from the DynamoDB tables.
• F. Create an IAM user in the AWS CloudFormation template that has the required permissions to read and write from the DynamoDB table
• G. Use the GetAtt function to retrieve the access secret keys, and pass them to the application instances through the user data.

Answer: B

NEW QUESTION 16
......