Amazon AWS Certified Solutions Architect - Associate SAA-C03
Prev

There are 677 results

Next
#461 (Accuracy: 100% / 3 votes)
A company’s website hosted on Amazon EC2 instances processes classified data stored in Amazon S3. Due to security concerns, the company requires a private and secure connection between its EC2 resources and Amazon S3.

Which solution meets these requirements?
  • A. Set up S3 bucket policies to allow access from a VPC endpoint.
  • B. Set up an IAM policy to grant read-write access to the S3 bucket.
  • C. Set up a NAT gateway to access resources outside the private subnet.
  • D. Set up an access key ID and a secret access key to access the S3 bucket.
#462 (Accuracy: 100% / 5 votes)
A gaming company wants to launch a new internet-facing application in multiple AWS Regions. The application will use the TCP and UDP protocols for communication. The company needs to provide high availability and minimum latency for global users.

Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)
  • A. Create internal Network Load Balancers in front of the application in each Region.
  • B. Create external Application Load Balancers in front of the application in each Region.
  • C. Create an AWS Global Accelerator accelerator to route traffic to the load balancers in each Region.
  • D. Configure Amazon Route 53 to use a geolocation routing policy to distribute the traffic.
  • E. Configure Amazon CloudFront to handle the traffic and route requests to the application in each Region
#463 (Accuracy: 100% / 5 votes)
A company uses on-premises servers to host its applications. The company is running out of storage capacity. The applications use both block storage and NFS storage. The company needs a high-performing solution that supports local caching without re-architecting its existing applications.

Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)
  • A. Mount Amazon S3 as a file system to the on-premises servers.
  • B. Deploy an AWS Storage Gateway file gateway to replace NFS storage.
  • C. Deploy AWS Snowball Edge to provision NFS mounts to on-premises servers.
  • D. Deploy an AWS Storage Gateway volume gateway to replace the block storage.
  • E. Deploy Amazon Elastic File System (Amazon EFS) volumes and mount them to on-premises servers.
#464 (Accuracy: 100% / 2 votes)
A solutions architect is designing a shared storage solution for a web application that is deployed across multiple Availability Zones. The web application runs on Amazon EC2 instances that are in an Auto Scaling group. The company plans to make frequent changes to the content. The solution must have strong consistency in returning the new content as soon as the changes occur.

Which solutions meet these requirements? (Choose two.)
  • A. Use AWS Storage Gateway Volume Gateway Internet Small Computer Systems Interface (iSCSI) block storage that is mounted to the individual EC2 instances.
  • B. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system on the individual EC2 instances.
  • C. Create a shared Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume on the individual EC2 instances.
  • D. Use AWS DataSync to perform continuous synchronization of data between EC2 hosts in the Auto Scaling group.
  • E. Create an Amazon S3 bucket to store the web content. Set the metadata for the Cache-Control header to no-cache. Use Amazon CloudFront to deliver the content.
#465 (Accuracy: 100% / 5 votes)
A company regularly uploads GB-sized files to Amazon S3. After the company uploads the files, the company uses a fleet of Amazon EC2 Spot Instances to transcode the file format. The company needs to scale throughput when the company uploads data from the on-premises data center to Amazon S3 and when the company downloads data from Amazon S3 to the EC2 instances.

Which solutions will meet these requirements? (Choose two.)
  • A. Use the S3 bucket access point instead of accessing the S3 bucket directly.
  • B. Upload the files into multiple S3 buckets.
  • C. Use S3 multipart uploads.
  • D. Fetch multiple byte-ranges of an object in parallel.
  • E. Add a random prefix to each object when uploading the files.
#466 (Accuracy: 100% / 2 votes)
A company has deployed its application on Amazon EC2 instances with an Amazon RDS database. The company used the principle of least privilege to configure the database access credentials. The company's security team wants to protect the application and the database from SQL injection and other web-based attacks.

Which solution will meet these requirements with the LEAST operational overhead?
  • A. Use security groups and network ACLs to secure the database and application servers.
  • B. Use AWS WAF to protect the application. Use RDS parameter groups to configure the security settings.
  • C. Use AWS Network Firewall to protect the application and the database.
  • D. Use different database accounts in the application code for different functions. Avoid granting excessive privileges to the database users.
#467 (Accuracy: 98% / 15 votes)
A company experienced a breach that affected several applications in its on-premises data center. The attacker took advantage of vulnerabilities in the custom applications that were running on the servers. The company is now migrating its applications to run on Amazon EC2 instances. The company wants to implement a solution that actively scans for vulnerabilities on the EC2 instances and sends a report that details the findings.

Which solution will meet these requirements?
  • A. Deploy AWS Shield to scan the EC2 instances for vulnerabilities. Create an AWS Lambda function to log any findings to AWS CloudTrail.
  • B. Deploy Amazon Macie and AWS Lambda functions to scan the EC2 instances for vulnerabilities. Log any findings to AWS CloudTrail.
  • C. Turn on Amazon GuardDuty. Deploy the GuardDuty agents to the EC2 instances. Configure an AWS Lambda function to automate the generation and distribution of reports that detail the findings.
  • D. Turn on Amazon Inspector. Deploy the Amazon Inspector agent to the EC2 instances. Configure an AWS Lambda function to automate the generation and distribution of reports that detail the findings.
#468 (Accuracy: 93% / 8 votes)
A company has a mobile chat application with a data store based in Amazon DynamoDB. Users would like new messages to be read with as little latency as possible. A solutions architect needs to design an optimal solution that requires minimal application changes.

Which method should the solutions architect select?
  • A. Configure Amazon DynamoDB Accelerator (DAX) for the new messages table. Update the code to use the DAX endpoint.
  • B. Add DynamoDB read replicas to handle the increased read load. Update the application to point to the read endpoint for the read replicas.
  • C. Double the number of read capacity units for the new messages table in DynamoDB. Continue to use the existing DynamoDB endpoint.
  • D. Add an Amazon ElastiCache for Redis cache to the application stack. Update the application to point to the Redis cache endpoint instead of DynamoDB.
#469 (Accuracy: 100% / 5 votes)
A company's website handles millions of requests each day, and the number of requests continues to increase. A solutions architect needs to improve the response time of the web application. The solutions architect determines that the application needs to decrease latency when retrieving product details from the Amazon DynamoDB table.

Which solution will meet these requirements with the LEAST amount of operational overhead?
  • A. Set up a DynamoDB Accelerator (DAX) cluster. Route all read requests through DAX.
  • B. Set up Amazon ElastiCache for Redis between the DynamoDB table and the web application. Route all read requests through Redis.
  • C. Set up Amazon ElastiCache for Memcached between the DynamoDB table and the web application. Route all read requests through Memcached.
  • D. Set up Amazon DynamoDB Streams on the table, and have AWS Lambda read from the table and populate Amazon ElastiCache. Route all read requests through ElastiCache.
#470 (Accuracy: 100% / 9 votes)
An IAM user made several configuration changes to AWS resources in their company's account during a production deployment last week. A solutions architect learned that a couple of security group rules are not configured as desired. The solutions architect wants to confirm which IAM user was responsible for making changes.

Which service should the solutions architect use to find the desired information?
  • A. Amazon GuardDuty
  • B. Amazon Inspector
  • C. AWS CloudTrail
  • D. AWS Config