Amazon AWS Certified Solutions Architect - Associate SAA-C03
Prev

There are 677 results

Next
#511 (Accuracy: 95% / 13 votes)
A company operates an ecommerce website on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. The site is experiencing performance issues related to a high request rate from illegitimate external systems with changing IP addresses. The security team is worried about potential DDoS attacks against the website. The company must block the illegitimate incoming requests in a way that has a minimal impact on legitimate users.

What should a solutions architect recommend?
  • A. Deploy Amazon Inspector and associate it with the ALB.
  • B. Deploy AWS WAF, associate it with the ALB, and configure a rate-limiting rule.
  • C. Deploy rules to the network ACLs associated with the ALB to block the incomingtraffic.
  • D. Deploy Amazon GuardDuty and enable rate-limiting protection when configuring GuardDuty.
#512 (Accuracy: 100% / 4 votes)
A company manages AWS accounts in AWS Organizations. AWS IAM Identity Center (AWS Single Sign-On) and AWS Control Tower are configured for the accounts. The company wants to manage multiple user permissions across all the accounts.

The permissions will be used by multiple IAM users and must be split between the developer and administrator teams. Each team requires different permissions. The company wants a solution that includes new users that are hired on both teams.

Which solution will meet these requirements with the LEAST operational overhead?
  • A. Create individual users in IAM Identity Center for each account. Create separate developer and administrator groups in IAM Identity Center. Assign the users to the appropriate groups. Create a custom IAM policy for each group to set fine-grained permissions.
  • B. Create individual users in IAM Identity Center for each account. Create separate developer and administrator groups in IAM Identity Center. Assign the users to the appropriate groups. Attach AWS managed IAM policies to each user as needed for fine-grained permissions.
  • C. Create individual users in IAM Identity Center. Create new developer and administrator groups in IAM Identity Center. Create new permission sets that include the appropriate IAM policies for each group. Assign the new groups to the appropriate accounts. Assign the new permission sets to the new groups. When new users are hired, add them to the appropriate group.
  • D. Create individual users in IAM Identity Center. Create new permission sets that include the appropriate IAM policies for each user. Assign the users to the appropriate accounts. Grant additional IAM permissions to the users from within specific accounts. When new users are hired, add them to IAM Identity Center and assign them to the accounts.
#513 (Accuracy: 100% / 8 votes)
A company is running its production and nonproduction environment workloads in multiple AWS accounts. The accounts are in an organization in AWS Organizations. The company needs to design a solution that will prevent the modification of cost usage tags.

Which solution will meet these requirements?
  • A. Create a custom AWS Config rule to prevent tag modification except by authorized principals.
  • B. Create a custom trail in AWS CloudTrail to prevent tag modification.
  • C. Create a service control policy (SCP) to prevent tag modification except by authorized principals.
  • D. Create custom Amazon CloudWatch logs to prevent tag modification.
#514 (Accuracy: 96% / 8 votes)
A company has developed a new video game as a web application. The application is in a three-tier architecture in a VPC with Amazon RDS for MySQL in the database layer. Several players will compete concurrently online. The game’s developers want to display a top-10 scoreboard in near-real time and offer the ability to stop and restore the game while preserving the current scores.

What should a solutions architect do to meet these requirements?
  • A. Set up an Amazon ElastiCache for Memcached cluster to cache the scores for the web application to display.
  • B. Set up an Amazon ElastiCache for Redis cluster to compute and cache the scores for the web application to display.
  • C. Place an Amazon CloudFront distribution in front of the web application to cache the scoreboard in a section of the application.
  • D. Create a read replica on Amazon RDS for MySQL to run queries to compute the scoreboard and serve the read traffic to the web application.
#515 (Accuracy: 96% / 10 votes)
A solutions architect must migrate a Windows Internet Information Services (IIS) web application to AWS. The application currently relies on a file share hosted in the user's on-premises network-attached storage (NAS). The solutions architect has proposed migrating the IIS web servers to Amazon EC2 instances in multiple Availability Zones that are connected to the storage solution, and configuring an Elastic Load Balancer attached to the instances.

Which replacement to the on-premises file share is MOST resilient and durable?
  • A. Migrate the file share to Amazon RDS.
  • B. Migrate the file share to AWS Storage Gateway.
  • C. Migrate the file share to Amazon FSx for Windows File Server.
  • D. Migrate the file share to Amazon Elastic File System (Amazon EFS).
#516 (Accuracy: 100% / 7 votes)
An ecommerce company needs to run a scheduled daily job to aggregate and filter sales records for analytics. The company stores the sales records in an Amazon S3 bucket. Each object can be up to 10 GB in size. Based on the number of sales events, the job can take up to an hour to complete. The CPU and memory usage of the job are constant and are known in advance.

A solutions architect needs to minimize the amount of operational effort that is needed for the job to run.

Which solution meets these requirements?
  • A. Create an AWS Lambda function that has an Amazon EventBridge notification. Schedule the EventBridge event to run once a day.
  • B. Create an AWS Lambda function. Create an Amazon API Gateway HTTP API, and integrate the API with the function. Create an Amazon EventBridge scheduled event that calls the API and invokes the function.
  • C. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an AWS Fargate launch type. Create an Amazon EventBridge scheduled event that launches an ECS task on the cluster to run the job.
  • D. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type and an Auto Scaling group with at least one EC2 instance. Create an Amazon EventBridge scheduled event that launches an ECS task on the cluster to run the job.
#517 (Accuracy: 100% / 7 votes)
A company has a large dataset for its online advertising business stored in an Amazon RDS for MySQL DB instance in a single Availability Zone. The company wants business reporting queries to run without impacting the write operations to the production DB instance.

Which solution meets these requirements?
  • A. Deploy RDS read replicas to process the business reporting queries.
  • B. Scale out the DB instance horizontally by placing it behind an Elastic Load Balancer.
  • C. Scale up the DB instance to a larger instance type to handle write operations and queries.
  • D. Deploy the DB instance in multiple Availability Zones to process the business reporting queries.
#518 (Accuracy: 91% / 10 votes)
A company must migrate 20 TB of data from a data center to the AWS Cloud within 30 days. The company’s network bandwidth is limited to 15 Mbps and cannot exceed 70% utilization.

What should a solutions architect do to meet these requirements?
  • A. Use AWS Snowball.
  • B. Use AWS DataSync.
  • C. Use a secure VPN connection.
  • D. Use Amazon S3 Transfer Acceleration.
#519 (Accuracy: 100% / 6 votes)
A security audit reveals that Amazon EC2 instances are not being patched regularly. A solutions architect needs to provide a solution that will run regular security scans across a large fleet of EC2 instances. The solution should also patch the EC2 instances on a regular schedule and provide a report of each instance’s patch status.

Which solution will meet these requirements?
  • A. Set up Amazon Macie to scan the EC2 instances for software vulnerabilities. Set up a cron job on each EC2 instance to patch the instance on a regular schedule.
  • B. Turn on Amazon GuardDuty in the account. Configure GuardDuty to scan the EC2 instances for software vulnerabilities. Set up AWS Systems Manager Session Manager to patch the EC2 instances on a regular schedule.
  • C. Set up Amazon Detective to scan the EC2 instances for software vulnerabilities. Set up an Amazon EventBridge scheduled rule to patch the EC2 instances on a regular schedule.
  • D. Turn on Amazon Inspector in the account. Configure Amazon Inspector to scan the EC2 instances for software vulnerabilities. Set up AWS Systems Manager Patch Manager to patch the EC2 instances on a regular schedule.
#520 (Accuracy: 100% / 8 votes)
What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?
  • A. Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set.
  • B. Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set to private.
  • C. Update the bucket policy to deny if the PutObject does not have an aws:SecureTransport header set to true.
  • D. Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.