ANS

ISACA CISM

Huawei

Palo Alto

Aruba

Juniper

Comptia

Fortinet

Microsoft

F5

GCIH

Oracle

Itil-v4

CWNA

Opengroup

The AWS Certified Solutions Architect – Associate certification verifies the ability to develop and deliver well-architected solutions on AWS that satisfy the needs of customers. It is valid for two years.

SAA-C03 includes updated content across all domains, as well as new objectives aligned with AWS platform innovations in categories such as databases, cost optimization, and security. This new exam version (SAA-C03) also includes updated content across all domains, as well as new objectives aligned with AWS platform innovations. It is updated on a regular basis by AWS Certification to reflect the rapid pace of innovation on the AWS platform as well as the most recent developments in best practices for architecting on the AWS Cloud.

Candidates have the choice of taking the old version (SAA-C01) until March 22, 2020, or the new version (SAA-C03) starting on March 23, 2020, depending on their preference.

 

How will you know whether you are ready to sit for the SAA-C03 Exam and what you should expect? To get a feel for the sorts of questions you may encounter on the actual AWS exam and to determine whether you are prepared for the forthcoming SAA-C03 exam, take this free AWS practice test.

QUESTION 1

A company recently implemented hybrid cloud connectivity using AWS Direct Connect and is migrating data to Amazon S3. The company is looking for a fully managed solution that will automate and accelerate the replication of data between the on-premises storage systems and AWS storage services.

Which solution should a solutions architect recommend to keep the data private?

A.Deploy an AWS DataSync agent for the on-premises environment. Configure a sync job to replicate the data and connect it with an AWS service endpoint.

B.Deploy an AWS DataSync agent for the on-premises environment. Schedule a batch job to replicate point-ln-time snapshots to AWS.

C.Deploy an AWS Storage Gateway volume gateway for the on-premises environment. Configure it to store data locally, and asynchronously back up point-in- time snapshots to AWS.

D.Deploy an AWS Storage Gateway file gateway for the on-premises environment. Configure it to store data locally, and asynchronously back up point-in-lime snapshots to AWS.

 

Correct Answer: C

 

QUESTION 2

A solutions architect must provide a fully managed replacement for an on-premises solution that allows employees and partners to exchange files The solution must be easily accessible to employees connecting from on-premises systems, remote employees, and external partners

Which solution meets these requirements?

A.Use AWS Transfer for SFTP to transfer files into and out of Amazon S3.

B.Use AWS Snowball Edge for local storage and large-scale data transfers.

C.Use Amazon FSx to store and transfer files to make them available remotely

D.Use AWS Storage Gateway to create a volume gateway to store and transfer files to Amazon S3

 

Correct Answer: D

 

QUESTION 3

A solutions architect needs to design a network that will allow multiple Amazon EC2 instances to access a common data source used for mission-critical data that can be accessed by all the EC2 instances simultaneously. The solution must be highly scalable, easy to implement, and support the NFS protocol.

Which solution meets these requirements?

A.Create an Amazon EFS file system. Configure a mount target in each Availability Zone. Attach each instance to the appropriate mount target.

B.Create an additional EC2 instance and configure it as a file server. Create a security group that allows communication between the instances and

apply that to the additional instance.

C.Create an Amazon S3 bucket with the appropriate permissions. Create a role in AWS IAM that grants the correct permissions to the S3 bucket. Attach the role to the EC2 instances that need access to the data.

D.Create an Amazon EBS volume with the appropriate permissions. Create a role in AWS IAM that grants the correct permissions to the EBS volume. Attach the role to the EC2 instances that need access to the data.

 

Correct Answer: A

 

QUESTION 4

A company wants to run a hybrid workload for data processing. The data needs to be accessed by on-premises applications for local data processing using an NFS protocol, and must also be accessible from the AWS Cloud for further analytics and batch processing.

Which solution will meet these requirements?

A.Use an AWS Storage Gateway file gateway to provide file storage to AWS, then perform analytics on this data in the AWS Cloud.

B.Use an AWS storage Gateway tape gateway to copy the backup of the local data to AWS, then perform analytics on this data in the AWS cloud.

C.Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AWS.

D.Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS cloud, then perform analytics on this data in the cloud.

 

Correct Answer: A

 

QUESTION 5

A company hosts its multi-tier, pubic web appl cation in the AWS Cloud. The web application runs on Amazon EC2 instances, and its database runs on Amazon RDS The company is anticipating a large increase in sales during an upcoming holiday weekend. A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes.

What should the solutions architect do to meet this requirement?

A.Send Amazon Cloud Watch logs to Amazon Red shit Use Amazon Quick Sight to perform further analysis

B.Enable detailed monitoring on all EC2 instances. Use Amazon Cloud Watch metrics to perform further analysis

C.Create an AWS Lambda function to fetch EC2 logs from Amazon Cloud Watch Logs Use Amazon CloudWatch metrics to perform further a nays

D.Send EC2 logs to Amazon S3. Use Amazon Redshift to fetch log from the S3 bucket to process raw data for future analysis with Amazon Quick Sight

 

Correct Answer: B

 

QUESTION 6

An administrator of a large company wants to monitor for and prevent any cryptocurrency-related attacks on the company’s AWS accounts. Which AWS service can the administrator use to protect the company against attacks?

A.Amazon Cognit

B.Amazon GuardDuty

C.Amazon Inspector

D.Amazon Macie

 

Correct Answer: B

 

QUESTION 7

A company has created a multi-tier application for its ecommerce website. The website uses an Application Load Balancer that resides in the public subnets, a web tier in the public subnets, and a MySQL cluster hosted on Amazon EC2 instances in the private subnets. The MySQL database needs to retrieve product catalog and pricing information that is hosted on the internet by a third-party provider. A solutions architect must devices a strategy that maximizes security without increasing operational overhead. What should the solutions architect do to meet these requirements?

A.Deploy a NAT instance in the VPC. Route all the internet-based traffic through the NAT instance.

B.Deploy a NAT gateway in the public subnets. Modify the private subnet route table to direct all internet-bound traffic to the NAT gateway.

C.Configure an internet gateway and attach it to the VPC. Modify the private subnet route table to direct internet-bound traffic to the internet gateway.

D.Configure a virtual private gateway and attach it to the VPC. Modify the private subnet route table to direct internet-bound traffic to the virtual private gateway.

 

Correct Answer: C

 

QUESTION 8

What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?

A.Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set.

B.Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set to private.

C.Update the bucket policy to deny if the PutObject does not have an aws:SecureTransport header set to true.

D.Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.

 

Correct Answer: D

 

QUESTION 9

A company’s legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption. Due to new compliance requirements, all existing and new data in this database must be encrypted.

How should this be accomplished?

A.Create an Amazon S3 bucket with server-side encryption enabled. Move all the data to Amazon S3. Delete the RDS instance.

B.Enable RDS Multi-AZ mode with encryption at rest enabled. Perform a failover to the standby instance to delete the original instance.

C.Take a Snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.

D.Create an RDS read replica with encryption at rest enabled. Promote the read replica to master and switch the over to the new master. Delete the old RDS instance.

 

Correct Answer: C

 

QUESTION 10

A company is designing an interne-facing web application. The app cat n runs on Amazon EC2 for Linux-based instances that store sensitive user data in Amazon RDS MySQL Multi-Az DB instances. The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web-based attacks.

What should a solutions architect recommend?

A.Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Configure the EC2 instance iptables rules to drop suspicious web traffic. Create a security group for the DB instances Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.

B.Ensure the EC2 instances are part of an Auto Scaling group and are behind an Appl cation Load Balancer Move DB instances to the same subnets that EC2 instances are located in Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances

C.Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer Use A WSW AF to monitor inbound web traffic for threats. Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group

D.Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer Use AWS WAF to monitor inbound web traffic or threats. Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances Configure the RDS security group to only allow port 3306 inbound

 

Correct Answer: C

 

Conclusion

While working for your AWS certification, you may feel as if you’re sailing through unknown waters during your AWS test preparation process. The AWS certification exam can be difficult to pass, but SPOTO can make it easier than ever by providing you with a wealth of learning resources and the best service. These include training courses, real-time updated exam dumps that contain only 200+ questions that are based on real exam questions to make studying for the AWS certification exam easier than ever. SPOTO also has the VPC AWS interview questions that can help you when you want to find a good job. Allow SPOTO to clear the path for you!

Leave your email to get more free practice exams or other latest IT study materials.

 

Join our SPOTO IT Study Group to find your study mate or to share the exam experience with others:

Other People are also Reading:

AWS Certified: Is it worth it in 2024?

TOP 10 Best Tips to Obtain AWS Skills Quickly!

TOP 20 Samples of AWS VPC Interview Questions & Answers

Free!!!AWS Architect Solution Certification Exam Voucher Challenge offer.

Check 2024 Top AWS Cloud Security Interview Questions & Answers!

How to Write an AWS Resume? Hand-in-hand Guidance

Latest passing report-100% pass guarantee

Please follow and like us:
Last modified: November 7, 2023

Author

Comments

Write a Reply or Comment

Your email address will not be published.