DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

2024 SAA-C03 Exam Prep: Practice Tests & Study Materials, AWS Certified Solutions Architect – Associate | SPOTO

Prepare for success with the 2024 AWS SAA-C03 Exam Prep from SPOTO. The AWS Certified Solutions Architect – Associate certification validates your expertise in AWS technologies and services, showcasing your ability to design cost-effective and performance-optimized solutions. By mastering the AWS Well-Architected Framework, you demonstrate a deep understanding of cloud architecture principles. Our practice tests and study materials are meticulously designed to help you ace the exam. Access a wealth of exam questions and answers, along with sample questions, all available for free. Utilize our exam dumps and exam materials to enhance your exam practice and preparation. Our exam simulator provides a realistic testing environment for you to sharpen your skills with online exam questions and mock exams. Earning the AWS Certified Solutions Architect – Associate certification not only boosts your professional profile and income but also enhances your credibility and confidence in dealing with stakeholders and customers. Join SPOTO today and embark on your journey to AWS excellence.

Take other online exams

Question #1
8. A US-based healthcare startup is building an interactive diagnostic tool for COVID-19 related assessments. The users would be required to capture their personal health records via this tool. As this is sensitive health information, the backup of the user data must be kept encrypted in S3. The startup does not want to provide its own encryption keys but still wants to maintain an audit trail of when an encryption key was used and by whom. Which of the following is the BEST solution for this use-case?
A. Use SSE-KMS to encrypt the user data on S3
B. Use client-side encryption with client provided keys and then upload the encrypted user data to S3
C. Use SSE-C to encrypt the user data on S3
D. Use SSE-S3 to encrypt the user data on S3
View answer
Correct Answer: A

View The Updated SAA-C03 Exam Questions

SPOTO Provides 100% Real SAA-C03 Exam Questions for You to Pass Your SAA-C03 Exam!

Question #2
2. A social gaming startup has its flagship application hosted on a fleet of EC2 servers running behind an Elastic Load Balancer. These servers are part of an Auto Scaling Group. 90% of the users start logging into the system at 6 pm every day and continue till midnight. The engineering team at the startup has observed that there is a significant performance lag during the initial hour from 6 pm to 7 pm. The application is able to function normally thereafter. As a solutions architect, which of the followin
A. Configure your Auto Scaling group by creating a target tracking policy
B. Configure your Auto Scaling group by creating a scheduled action that kicks-off before 6 pm
C. Configure your Auto Scaling group by creating a lifecycle hook that kicks-off before 6 pm
D. Configure your Auto Scaling group by creating a step scaling policy
View answer
Correct Answer: B
Question #3
252. A Solutions Architect is designing an architecture for a mobile gaming application. The application is expected to be very popular. The Architect needs to prevent the Amazon RDS MySQL database from becoming a bottleneck due to frequently accessed queries. Which service or feature should the Architect add to prevent a bottleneck?
A. Multi-AZ feature on the RDS MySQL database
B. ELB Classic Load Balancer in front of the web application tier
C. Amazon SQS in front of RDS MySQL database
D. Amazon ElastiCache in front of the RDS MySQL Database
View answer
Correct Answer: D
Question #4
241. A solution architect is designing new social media application. The application must provide a secure method uploading profile photos. Each user should be able to upload a profile photo into a shared storage location after profile is created. Which approach will meet all of these requirements?
A. Use Amazon Kinesis with AWS Cloudtrail for auditing the specific times when profile photos are uploaded
B. Use Amazon EBS volumes with IAM policies restricting user access to specific time periods
C. Use Amazon S3 with the default private access policy and generate pre-signed URLs each time a new site is created
D. Use Amazon Cloudfront with AWS CloudTrail for auditing the specific times when profile photos are uploaded
View answer
Correct Answer: C
Question #5
274. A customer is deploying a production portal application on AWS. The database tier has structured data. The company requires a solution that is easily manageable and highly available. How can these requirements be met?
A. Deploy the database on multiple Amazon EC2 instances backed by Amazon EBS across multiple Availability Zones
B. Use Amazon RDS with a multiple Availability Zone option
C. Use RDS with a single Availability Zone option and schedule periodic database snapshots
D. Use Amazon DynamoDB
View answer
Correct Answer: B
Question #6
6. A streaming solutions company is building a video streaming product by using an Application Load Balancer (ALB) that routes the requests to the underlying EC2 instances. The engineering team has noticed a peculiar pattern. The ALB removes an instance whenever it is detected as unhealthy but the Auto Scaling group fails to kick-in and provision the replacement instance. What could explain this anomaly?
A. Both the Auto Scaling group and Application Load Balancer are using ALB based health check
B. The Auto Scaling group is using ALB based health check and the Application Load Balancer is using EC2 based health check
C. The Auto Scaling group is using EC2 based health check and the Application Load Balancer is using ALB based health check
D. Both the Auto Scaling group and Application Load Balancer are using EC2 based health check
View answer
Correct Answer: C
Question #7
A solutions architect needs to design the architecture for an application that a vendor provides as a Docker container image. The container needs 50 GB of storage. available for temporary files. The infrastructure must be serverless. Which solution meets these requirements with the LEAST operational overhead?
A. Create an AWS Lambda function that uses the Docker container image with an Amazon S3 mounted volume that has more than 50 GB of space
B. Create an AWS Lambda function that uses the Docker container image with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of space
C. Create an Amazon Elastic Container Service (Amazon ECS) cluster that uses the AWS Fargate launch typ
D. Create a task definition for the container image with an Amazon Elastic File System (Amazon EFS) volum
E. Create a service with that task definition
F. Create an Amazon Elastic Container Service (Amazon ECS) duster that uses the Amazon EC2 launch type with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of spac G
View answer
Correct Answer: C
Question #8
244. A data analytics startup company asks a Solutions Architect to recommend an AWS data store option for indexed data. The data processing engine will generate and input more than 64 TB of processed data every day, with item sizes reaching up to 300KB. The Startup Is flexible with data storage models and is more interested in a database that requires minimal effort to scale with a growing dataset size. Which AWS data store service should the Architect recommend?
A. Amazon RDS
B. Amazon Redshift
C. Amazon DynamoDB
D. Amazon S3
View answer
Correct Answer: C
Question #9
280. Legacy applications currently send messages through a single Amazon EC2 instance, which then routes the messages to the appropriate destinations. The Amazon EC2 instance is a bottleneck and single point of failure, so the company would like to address these issues. Which services could address this architectural use case? ( Select TWO)
A. Amazon SNS
B. AWS STS
C. Amazon SQS
D. Amazon Route53
E. AWS Glue
View answer
Correct Answer: AC
Question #10
273. A Solutions Architect is designing the storage layer for a production relational database. The database will run on Amazon EC2. The database is accessed by an application that performs intensive read and writes, so the database requires the LOWEST random I/O latency. Which data storage method fulfills the above requirements?
A. Store data in a file system backed by Amazon Elastic File System (EFS)
B. Store data in Amazon S3 and use a third-party solution to expose Amazon S3 as a file system to the database server
C. Store data in Amazon DynamoDB and emulate relational database semantics
D. Stripe data across multiple Amazon EBS volumes using RAID 0
View answer
Correct Answer: D
Question #11
258. A solutions Architect is designing an application that will encrypt all data in an Amazon redshift cluster. Which action will encrypt the data at rest?
A. Place the Redshift cluster in a private subnet
B. Use the AWS KMS Default Customer master key
C. Encrypt the Amazon EBS volumes
D. Encrypt the data using SSL/TLS
View answer
Correct Answer: B
Question #12
271. A Solutions Architect needs to design an architecture for a new, mission-critical batch processing billing application. The application is required to run Monday, Wednesday and Friday from 5 AM to 11 AM. Which is the MOST cost-effective Amazon EC2 pricing model?
A. Amazon EC2 Spot Instances
B. On-Demand Amazon EC2 instances
C. Scheduled Reserved Instances
D. Dedicated Amazon EC2 Instances
View answer
Correct Answer: C
Question #13
268. A Company is launching a static website using the zone apex (mycompany.com). The company wants to use Amazon Route 53 for DNS. Which steps should the company perform to implement a scalable and cost-effective solution? (Select TWO)
A. Host the website on an Amazon EC2 instance with ELB and Auto scaling, and map a Route 53 alias record to the ELB endpoint
B. Host the website using AWS Elastic Beanstalk, and map a Route 53 alias record to the Beanstalk stack
C. Host the website on an Amazon EC2 instance, and map a Route 53 alias record to the public IP address of the Amazon EC2 instance
D. Serve the website from an Amazon S3 bucket, and map a Route 53 alias record to the website endpoint
E. Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers
View answer
Correct Answer: DE
Question #14
A company runs us two-tier ecommerce website on AWS The web tier consists of a load balancer that sends traffic to Amazon EC2 instances The database tier uses an Amazon RDS D8 instance The EC2 instances and the ROS DB instance should not be exposed to the public internet The EC2 instances require internet access to complete payment processing of orders through a third-party web service The application must be highly available Which combination of configuration options will meet these requirements? (Select T
A. Use an Auto Scaling group to launch the EC2 Instances in private subnets Deploy an RDS Mulli-AZ DB instance in private subnets
B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the private subnets
C. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones Deploy an RDS Multi-AZ DB instance in private subnets
D. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the public subnet
E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the public subnets
View answer
Correct Answer: B
Question #15
9. A cyber security company is running a mission critical application using a single Spread lacement group of EC2 instances. The company needs 15 Amazon EC2 instances for optimal performance. How many Availability Zones (AZs) will the company need to deploy these EC2 instances per the given use-case?
A. 3
B. 7
C. 15
D. 14
View answer
Correct Answer: A
Question #16
284. An organization designs a mobile application for their customers to upload photos to a site. The application needs a secure login with MFA. The organization wants to limit the initial build time and maintenance of the solution. Which solution should a Solutions Architect recommend to meet the requirements?
A. Use Amazon Cognito Identity with SMS-based MFA
B. Edit AWS IAM policies to require MFA for all users
C. Federate IAM against corporate AD that requires MFA
D. Use Amazon API Gateway and require SSE for photos
View answer
Correct Answer: A
Question #17
1. One of the biggest football leagues in Europe has granted the distribution rights for live streaming its matches in the US to a silicon valley based streaming services company. As per the terms of distribution, the company must make sure that only users from the US are able to live stream the matches on their platform. Users from other countries in the world must be denied access to these live-streamed matches. Which of the following options would allow the company to enforce these streaming restrictions
A. Use Route 53 based latency routing policy to restrict distribution of content to only the locations in which you have distribution rights
B. Use georestriction to prevent users in specific geographic locations from accessing content that you’re distributing through a CloudFront web distribution
C. Use Route 53 based geolocation routing policy to restrict distribution of content to only the locations in which you have distribution rights
D. Use Route 53 based failover routing policy to restrict distribution of content to only the locations in which you have distribution rights
E. Use Route 53 based weighted routing policy to restrict distribution of content to only the locations in which you have distribution rights
View answer
Correct Answer: BC
Question #18
A company wants to direct its users to a backup static error page if the company's primary website is unavailable. The primary website's DNS records are hosted in Amazon Route 53. The domain is pointing to an Application Load Balancer (ALB). The company needs a solution that minimizes changes and infrastructure overhead. Which solution will meet these requirements?
A. Update the Route 53 records to use a latency routing polic
B. Add a static error page that is hosted in an Amazon S3 bucket to the records so that the traffic is sent to the most responsive endpoints
C. Set up a Route 53 active-passive failover configuratio
D. Direct traffic to a static error page that is hosted in an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy
E. Set up a Route 53 active-active configuration with the ALB and an Amazon EC2 instance that hosts a static error page as endpoint
F. Configure Route 53 to send requests to the instance only if the health checks fail for the ALB
View answer
Correct Answer: A
Question #19
250. A company hosts a website on premises. The website has a mix of static and dynamic content but users experience latency when loading static files. Which AWS service can help reduce latency?
A. Amazon Cloudfront with on-premises servers as the origin
B. ELB Application Load Balancer
C. Amazon Route 53 latency-based routing
D. Amazon EFS to store and serve static files
View answer
Correct Answer: A
Question #20
281. A company’s website receives 50000 request each second, and the company wants to use multiple applications to analyze the navigation patterns of the users on their website so that the experience can be personalized. What can a Solutions Architect use to collect page clicks for the website and process them sequentially for each user?
A. Amazon Kinesis Stream
B. Amazon SQS standard queue
C. Amazon SQS FIFO queue
D. AWS CloudTrail trail
View answer
Correct Answer: A
Question #21
283. A solutions architect must select the storage type for a big data application that requires very high sequential I/0. The data must persist if the instance is stopped. Which of the following storage types will provide the best fit at the LOWEST cost for the application?
A. An Amazon EC2 instance store local SSD volume
B. An Amazon EBS provisioned IOPS SSD volume
C. An Amazon EBS throughput optimized HDD volume
D. An Amazon EBS general purpose SSD volume
View answer
Correct Answer: C
Question #22
269. A company runs a legacy with a single-tiers architecture on an Amazon EC2 instance. Disk I/0 is low with occasional small spikes during business hours. The company requires the instance to be stopped from 8 PM to 8 AM daily. Which storage options is MOST appropriate for this workload?
A. Amazon EC2 instance storage
B. Amazon EBS General Purpose SSD (gp2) storage
C. Amazon S3
D. Amazon EBS Provisioned IOPS SSD (io1) storage
View answer
Correct Answer: B
Question #23
267. A Solutions Architect is designing an Amazon VPC. Applications in the VPC must have private connectivity to Amazon DynamoDB in the same AWS Region. The design should route DynamoDB traffic through.
A. VPC peering connection
B. NAT gateway
C. VPC Endpoint
D. AWS Direct Connect
View answer
Correct Answer: C
Question #24
245. An application is running on Amazon EC2 instances behind an Application Load Balancer. The Instances run in an auto scaling group across multiple Availability Zones. Four instances are required to handle a predictable traffic load. The Solutions Architect wants to ensure that theopreationis fault-tolerant up to the loss of one Availability Zone. Which is the MOST cost-efficient way to meet these requirements?
A. Deploy two instances in each of three Availability Zones
B. Deploy two instances in each of two Availability Zones
C. Deploy four instances in each of two Availability Zones
D. Deploy one instance in each of three Availability Zones
View answer
Correct Answer: A
Question #25
A solutions architect is tasked with transferring 750 TB of data from a network-attached file system located at a branch office to Amazon S3 Glacier The solution must avoid saturating the branch office's tow-bandwidth internet connection What is the MOST cost-effective solution?
A. Create a site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directl
B. Create a bucket policy to enforce a VPC endpoint
C. Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destinatio
D. Create a bucket policy to enforce a VPC endpoint
E. Mount the network-attached file system to Amazon S3 and copy the files directl
F. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier G
View answer
Correct Answer: A
Question #26
255. A Solutions Architect is developing software on AWS that requires access to multiple AWS services, including an Amazon EC2 instance. This is a security sensitive application, and AWS credentials such as Access key ID and Secret Access Key need to be protected and cannot be exposed anywhere in the system. What security measure would satisfy these requirements?
A. Store the AWS Access Key ID/Secret Access Key combination in software comments
B. Assign an IAM user to the Amazon EC2 Instance
C. Assign an IAM role to the Amazon EC2 instance
D. Enable multi-factor authentication for the AWS root account
View answer
Correct Answer: C
Question #27
242. A solution architect is creating a new relational database. The compliance will use the database and mandates that data content must be stored across three different Availability Zones. Which of the following options should the Architect use?
A. Amazon Aurora
B. Amazon RDS MySQL with Multi-AZ enabled
C. Amazon DynamoDB
D. Amazon Elasticache
View answer
Correct Answer: A
Question #28
249. A workload consists of downloading an image from an Amazon S3 bucket, processing the image, and moving it to another Amazon S3 Bucket. An Amazon EC2 instance runs a scheduled task every hour to perform the operation. How should a Solutions Architect redesign the process so that it is highly available?
A. Change the Amazon EC2 instance to compute optimized
B. Launch a second Amazon EC2 instance to monitor the health of the first
C. Trigger a Lambda function when a new object is uploaded
D. Initially copy the images to an attached Amazon EBS volume
View answer
Correct Answer: C
Question #29
262. A Solutions Architect notices slower response times from an application. The CloudWatch metrics on the MySQL RDS indicate Read IOPs are high and fluctuate significantly when the database is under load. How should the database environment be re-designed to resolve the IOPs fluctuation?
A. Change the RDS instance type to get more RAM
B. Change the storage type to provisioned IOPS
C. Scale the web server tier horizontally
D. Split the DB layer into separate RDS instance
View answer
Correct Answer: B
Question #30
272. A Solutions Architect is building a multi-tier website. The web servers will be in a public subnet, and the database servers will be in private subnet. Only the web servers can be accessed from the internet. The database servers must have internet access for software updates. Which solution meets these requirements?
A. Assign Elastic IP addresses to the database instances
B. Allow Internet traffic on the private subnet through the network ACL
C. Use a NAT Gateway
D. Use an egress-only Internet Gateway
View answer
Correct Answer: C
Question #31
A company that primarily runs its application servers on premises has decided to migrate to AWS. The company wants to minimize its need to scale its Internet Small Computer Systems Interface (iSCSI) storage on premises. The company wants only its recently accessed data to remain stored locally. Which AWS solution should the company use to meet these requirements?
A. Amazon S3 File Gateway
B. AWS Storage Gateway Tape Gateway
C. AWS Storage Gateway Volume Gateway stored volumes
D. AWS Storage Gateway Volume Gateway cachea volumes
View answer
Correct Answer: D
Question #32
A company hosts its web application on AWS using seven Amazon EC2 instances. The company requires that the IP addresses of all healthy EC2 instances be returned in response to DNS queries. Which policy should be used to meet this requirement?
A. Simple routing policy
B. Latency routing policy
C. Multivalue routing policy
D. Geolocation routing policy
View answer
Correct Answer: D
Question #33
A company hosts an application on AWS Lambda functions mat are invoked by an Amazon API Gateway API The Lambda functions save customer data to an Amazon Aurora MySQL database Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete The result is that customer data Is not recorded for some of the event A solutions architect needs to design a solution that stores customer data that is created during database upgrades Which solution w
A. Provision an Amazon RDS proxy to sit between the Lambda functions and the database Configure the Lambda functions to connect to the RDS proxy
B. Increase the run time of me Lambda functions to the maximum Create a retry mechanism in the code that stores the customer data in the database
C. Persist the customer data to Lambda local storag
D. Configure new Lambda functions to scan the local storage to save the customer data to the database
E. Store the customer data m an Amazon Simple Queue Service (Amazon SOS) FIFO queue Create a new Lambda function that polls the queue and stores the customer data in the database
View answer
Correct Answer: BE
Question #34
275. A Solutions Architect is designing a microservice to process records from Amazon Kinesis Streams. The metadata must be stored in Amazon DynamoDB. The microservice must be capable of concurrently processing 10000 records daily as they arrive in the Kinesis Stream. The MOST scalable way to design the microservice is:
A. As an AWS Lambda function
B. As a process on an Amazon EC2 instance
C. As a Docker container running on Amazon ECS
D. As a Docker container on an EC2 instance
View answer
Correct Answer: C
Question #35
270. A company wants to migrate a highly transactional database to AWS. Requirements state that the database has more than 6TB of data and will grow exponentially. Which solution should a Solutions Architect recommend?
A. Amazon Aurora
B. Amazon Redshift
C. Amazon DynamoDB
D. Amazon RDS MySQL
View answer
Correct Answer: A
Question #36
A company wants to use Amazon S3 for the secondary copy of itdataset. The company would rarely need to access this copy. The storage solution’s cost should be minimal. Which storage solution meets these requirements?
A. S3 Standard
B. S3 Intelligent-Tiering
C. S3 Standard-Infrequent Access (S3 Standard-IA)
D. S3 One Zone-Infrequent Access (S3 One Zone-IA)
View answer
Correct Answer: B
Question #37
246. An organization runs an online voting system for a television program. During broadcast,hundred of thousands of votes are submitted within minutes and sent to a front-end fleet of auto-scaled Amazon EC2 instances. The EC2 instances push the votes to an RDBMS database. The database is unable to keep up with the front-end connection request. What is the MOST efficient and cost-effective way of ensuring that votes are processed in a timely manner?
A. Each front-end node should send votes to an Amazon SQS queue
B. As the load on the database increases, horizontally-scale the RDBMS database with additional memory-optimized instances
C. Re-provision the RDBMS database with larger, memory-optimized instances
D. Send votes from each front-end node to Amazon DynamoDB
View answer
Correct Answer: A
Question #38
286. A Solutions Architect plans to migrate NAT instances to NAT gateway. The Architect has NAT instances with scripts to manage high availability. What is the MOST efficient method to achieve similar high availability with NAT gateway?
A. Remove source/destination check on NAT instances
B. Launch a NAT gateway in each Availability Zone
C. Use a mix of NAT instances and NAT gateway
D. Add an ELB Application Load Balancer in front of NAT gateway
View answer
Correct Answer: B
Question #39
265. A solutions Architect is building an application that stores data into Amazon RDS. One table in particular is read heavy and minimal latency is critical. Which of the following would provide the highest level of performance?
A. Use Amazon DynamoDB Accelerator
B. Use Amazon RDS read replicas
C. Use Amazon Cloudfront
D. Use Amazon Elasticache
View answer
Correct Answer: B
Question #40
285. A company has a legacy application using a proprietary file system and plans to migrate the application to AWS. Which storage service should the company use?
A. Amazon Dynamodb
B. Amazon S3
C. Amazon EBS
D. Amazon EFS
View answer
Correct Answer: C
Question #41
3. The engineering team at an e-commerce company wants to set up a custom domain for internal usage such as internaldomainexample.com. The team wants to use the private hosted zones feature of Route 53 to accomplish this. Which of the following settings of the VPC need to be enabled? (Select two)
A. enableDnsSupport
B. enableVpcHostnames
C. enableDnsHostnames
D. enableDnsDomain
E. enableVpcSupport
View answer
Correct Answer: AC
Question #42
282. A Solutions Architect has a multi-layer application running in Amazon VPC. The application has an ELB Classic Load Balancer as the front end in a public subnet, and an Amazon EC2-based reverse proxy that performs content-based routing to two backend Amazon EC2 instances hosted in a private subnet. The Architect sees tremendous traffic growth and is concerned that the reserve proxy and current backend setup will be insufficient. Which actions should the Architect take to achieve a cost-effective solutio
A. Replace the Amazon EC2 reverse proxy with an ELB internal Classic Load Balancer
B. Add Auto Scaling to the Amazon EC2 backend fleet
C. Add Auto Scaling to the Amazon EC2 reverse proxy layer
D. Use t2 burstable instance types for the backend fleet
E. Replace both the frontend and reserve proxy layers with an ELB Application Load Balancer
View answer
Correct Answer: BE
Question #43
266. A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at rest. Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when anencrytionkey was used and by whom. Which steps should a Solutions Architect take to satisfy the security requirements request
A. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Customer-Provided Keys (SSE-C)
B. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
C. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
D. Create an Amazon S3 bucket to store the reports and use Amazon S3 versioning with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
View answer
Correct Answer: C
Question #44
253. A Solutions Architect is developing a solution for sharing files in an organization. The solution must allow multiple users to access the storage service at once from different virtual machines and scale automatically. It must also support file-level locking. Which storage service meets the requirements of this use case?
A. Amazon S3
B. Amazon EFS
C. Amazon EBS
D. Cached Volumes
View answer
Correct Answer: B
Question #45
To meet security requirements, a company needs to encrypt all of its application data in transit while communicating with an Amazon RDS MySQL DB instance A recent security audit revealed that encryption al rest is enabled using AWS Key Management Service (AWS KMS). but data in transit Is not enabled What should a solutions architect do to satisfy the security requirements?
A. Enable IAM database authentication on the database
B. Provide self-signed certificates, Use the certificates in all connections to the RDS instance
C. Take a snapshot of the RDS instance Restore the snapshot to a new instance with encryption enabled
D. Download AWS-provided root certificates Provide the certificates in all connections to the RDS instance
View answer
Correct Answer: C
Question #46
259. A solutions Architect is deploying a new production MySQL database on AWS. It is critical that the database is highly available. What should the Architect to do achieve this goal with Amazon RDS?
A. Create a read replica of the primary database and deploy it in a different AWS Region
B. Enable multi-AZ to create a standby database in a different Availability Zone
C. Enable multi-AZ to create a standby database in a different AWS Region
D. Create a read replica of the primary database and deploy it in a different Availability Zone
View answer
Correct Answer: B
Question #47
254. An application runs on multiple Amazon EC2 instances. Each running instance of the application must have access to a shared file system. Where should the data be stored?
A. Amazon S3
B. Amazon DynamoDB
C. Amazon EFS
D. Amazon EBS
View answer
Correct Answer: C
Question #48
251. A Solutions Architect has a two-tier blog application with a single Amazon EC2 instance web server and Amazon RDS MySQL Multi-AZ DB instances. The Architect is re-architecting the application for high availability by adding instances in a second Availability Zone. Which additional services will improve the availability of the application ? ( Select TWO.)
A. Auto Scaling Group
B. AWS CLoudTrail
C. ELB Classic Load Balancer
D. Amazon Dynamodb
E. Amazon ElastiCache
View answer
Correct Answer: AC
Question #49
279. An Internet-facing multi-tier web application must be highly available. An ELB Classic Load Balancer is deployed in front of the web tier. Amazon EC2 instances at the web application tier are deployed evenly across two Availability Zones. The database is deployed using RDS Multi-AZ. A NAT instance is launched for Amazon EC2 instances and database resources to access the internet. These instances are not assigned with public IP address. Which component poses a potential single point of failure in this a
A. Amazon EC2
B. NAT instance
C. ELB Classic Load Balancer
D. Amazon RDS
View answer
Correct Answer: B
Question #50
5. The DevOps team at a major financial services company uses Multi-Availability Zone (Multi-AZ) deployment for its MySQL RDS database in order to automate its database replication and augment data durability. The DevOps team has scheduled a maintenance window for a database engine level upgrade for the coming weekend. Which of the following is the correct outcome during the maintenance window?
A. Any database engine level upgrade for an RDS DB instance with Multi-AZ deployment triggers both the primary and standby DB instances to be upgraded at the same time
B. Any database engine level upgrade for an RDS DB instance with Multi-AZ deployment triggers both the primary and standby DB instances to be upgraded at the same time
C. Any database engine level upgrade for an RDS DB instance with Multi-AZ deployment triggers the primary DB instance to be upgraded which is then followed by the upgrade of the standby DB instance
D. Any database engine level upgrade for an RDS DB instance with Multi-AZ deployment triggers the standby DB instance to be upgraded which is then followed by the upgrade of the primary DB instance
View answer
Correct Answer: B
Question #51
A company needs to move data from an Amazon EC2 instance to an Amazon S3 bucket. The company mutt ensure that no API calls and no data aim routed through public internet routes Only the EC2 instance can have access to upload data to the S3 bucket. Which solution will meet these requirements?
A. Create an interlace VPC endpoinl for Amazon S3 in the subnet where the EC2 instance is located Attach a resource policy to the S3 bucket to only allow the EC2 instance's 1AM rote for access
B. Create a gateway VPC endpoinl for Amazon S3 in the Availability Zone where the EC2 instance is located Attach appropriate security groups to the endpoint Attach a resource policy to the S3 bucket to only allow the EC2 instance's lAM tote for access
C. Run the nslookup toot from inside the EC2 instance to obtain the private IP address of the S3 bucket's service API endpoint Create a route in the VPC route table to provide the EC2 instance with access to the S3 bucket Attach a resource policy to the S3 bucket to only allow the EC2 instance's AM role for access
D. Use the AWS provided publicly available ip-ranges |son file to obtam the pnvate IP address of the S3 bucket's service API endpoint Create a route in the VPC route table to provide the EC2 instance with access to the S3 bucket Attach a resource policy to the S3 bucket to only allow the EC2 instance's 1AM role for access
View answer
Correct Answer: C
Question #52
248. Two Auto Scaling applications, Application A and Application B, currently run within a shared set of subnets. A solutions architect wants to make sure that Application A can make request to Application B, but Application B should be denied from making request to Application A. Which is the SIMPLEST solution to achieve this policy?
A. Using security groups that reference the security groups of the other application
B. Using security groups that reference the application servers IP address
C. Using Network Access Control Lists to allow/deny traffic based on application IP address
D. Migrating the applications to separate subnets from each other
View answer
Correct Answer: A
Question #53
261. A Solutions Architect is designing a solution with AWS Lambda where different environments require different database passwords. What should the Architect do to accomplish this in a secure and scalable way?
A. Create a Lambda function for each individual environment
B. Use Amazon DynamoDB to store environment variables
C. Use encrypted AWS Lambda environment variables
D. Implement a dedicated Lambda function for distributing environment variables
View answer
Correct Answer: C
Question #54
260. A bank is writing new software that is heavily dependent upon database transactions for write consistency. The application will also occasionally generate reports on data in the database, and will do joins across multiple tables. The database must automatically scale as the amount of data grows. Which AWS service should be used to run the database?
A. Amazon S3
B. Amazon Aurora
C. Amazon DynamoDB
D. Amazon Redshift
View answer
Correct Answer: B
Question #55
A company wants to migrate a Windows-based application from on premises to the AWS Cloud. The application has three tiers, a business tier, and a database tier with Microsoft SQL Server. The company wants to use specific features of SQL Server such as native backups and Data Quality Services. The company also needs to share files for process between the tiers. How should a solution architect design the architecture to meet these requirements?
A. Host all three on Amazon instance
B. Use Mmazon FSx File Gateway for file sharing between tiers
C. Host all three on Amazon EC2 instance
D. Use Amazon FSx for Windows file sharing between the tiers
E. Host the application tier and the business tier on Amazon EC2 instance
F. Host the database tier on Amazon RD G
View answer
Correct Answer: B
Question #56
263. A Solutions Architect is designing a solution that retains traffic information between network interfaces. This traffic information will be monitored for anomalies by an InfoSec team using Amazon Cloudwatch. What approach should the Architect take?
A. Save all inbound request to Amazon DynamoDB
B. Maintain traffic history on each Amazon EC2 instance
C. Enable Amazon VPC Flow Logs
D. Save all inbound request to Amazon S3
View answer
Correct Answer: C
Question #57
277. A Solutions Architect is architecting a workload that requires a performant object-based storage system that must be shared with multiple Amazon EC2 instances. Which AWS service meets this requirement?
A. Amazon EFS
B. Amazon S3
C. Amazon EBS
D. Amazon ElastiCache
View answer
Correct Answer: B
Question #58
A company is building a solution that will report Amazon EC2 Auto Scaling events across all the applications In an AWS account. The company needs to use a serverless solution to store the EC2 Auto Scaling status data in Amazon S3 The company then will use the data m Amazon S3 to provide near-real time updates in a dashboard The solution must not affect the speed of EC2 instance launches. How should the company move the data to Amazon S3 to meet these requirements?
A. Use an Amazon CioudWatch metric stream to send the EC2 Auto Scaling status data to Amazon Kinesis Data Firehose Store the data in Amazon S3
B. Launch an Amazon EMR duster to collect the EC2 Auto Scaling status data and send the data to Amazon Kinesis Data Firehose Store the data in Amazon S3
C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda (unction on a schedule Configure the Lambda function to send the EC2 Auto Scaling status data directly to Amazon S3
D. Use a bootstrap script during the launch of an EC2 instance to install Amazon Kinesis Agent Configure Kinesis Agent to collect the EC2 Auto Scaling status data and send the data to Amazon Kinesis Data Firehose Store the data in Amazon S3
View answer
Correct Answer: B
Question #59
A solutions architect is designing a customer-facing application for a company. The application's database will have a clearly defined access pattern throughout the year and will have a variable number of reads and writes that depend on the time of year. The company must retain audit records for the database for 7 days. The recovery point objective (RPO) must be less than 5 hours. Which solution meets these requirements?
A. Use Amazon DynamoDB with auto scaling Use on-demand backups and Amazon DynamoDB Streams
B. Use Amazon Redshif
C. Configure concurrency scalin
D. Activate audit loggin
E. Perform database snapshots every 4 hours
F. Use Amazon RDS with Provisioned IOPS Activate the database auditing parameter Perform database snapshots every 5 hours G
View answer
Correct Answer: C
Question #60
256. A solutions Architect is designing a solution that can monitor memory and disk space utilization of all Amazon EC2 instances running Amazon Linux and Windows. Which solution meets this requirement?
A. Default Amazon CloudWatch metrics
B. Custom Amazon CloudWatch metrics
C. Amazon Inspector resource monitoring
D. Detailed monitoring of Amazon EC2 instances
View answer
Correct Answer: B
Question #61
247. A company needs to quickly ensure that all files created in an Amazon S3 bucket in us-east-1 are also available in another bucket in ap-southeast-2. Which option represents the SIMPLEST way to implement this design ?
A. Add an S3 lifecycle rule to move any new files from the bucket in us-east-1 to the bucket in ap-southeast-2
B. Create a Lambda function to be triggered for every new file in us-east-1 that copies the file to the bucket in ap-southeast-2
C. Use SNS to notify the bucket in ap-southeast-2 to create a file whenever a file is created in the bucket in us-east-1
D. Enable versioning and configure cross-region replication from the bucket in us-east-1 to the bucket in ap-southeast-2
View answer
Correct Answer: D
Question #62
257 . A solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. Load on this platform will be constant, using a number of r4.8xlarge instances. Key drivers for this system include high availability, but elasticity is not required. What is the MOST cost-effective way to purchase compute for this platform?
A. Scheduled Reserved Instances
B. Convertible Reserved Instances
C. Standard Reserved Instances
D. Spot Instances
View answer
Correct Answer: C
Question #63
276. A solutions architect is migrating a company’s MySQL database to an Amazon RDS MySQL database. The company requires the database to be resilient with minimum downtime when failures occur. How can these requirements be met?
A. Enable a read replica in another Availability Zone
B. Enable multiple Availability Zones in a different AWS Region
C. Enable multiple Availability Zones in the same AWS Region
D. Enable Amazon RDS instance snapshots in on Availability Zone
View answer
Correct Answer: C
Question #64
A company has chosen to rehost its application on Amazon EC2 instances The application occasionally experiences errors that affect parts of its functionality The company was unaware of this issue until users reported the errors The company wants to address this problem during the migration and reduce the time it takes to detect issues with the application Log files for the application are stored on the local disk. A solutions architect needs to design a solution that will alert staff if there are errors in
A. Configure the application to generate custom metrics tor the errors Send these metric data points to Amazo
B. CloudWatch by using the PutMetricData API call Create a CloudWatch alarm that is based on the custom metrics
C. Create an hourly cron job on the instances to copy the application log data to an Amazon S3 bucket Configure an AWS Lambda function to scan the log file and publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to alert staff rf errors are detected
D. Install the Amazon CloudWatch agent on the instances Configure the CloudWatch agent to stream the application log file to Amazon CloudWatch Logs Run a CloudWatch Logs insights query to search lor the relevant pattern in the log file Create a CloudWatch alarm that is based on the query output
E. Install the Amazon CloudWatch agent on the instances Configure the CloudWatch agent to stream the application log file to Amazon CloudWatch Log
F. Create a metric fitter for the relevant log grou G
View answer
Correct Answer: D
Question #65
243. A solution Architect needs to allow developers to have SSH connectivity to web servers. The requirements are as follow: – Limit access to users originating from the corporate network. – Web servers cannot have SSH access directly from the internet. – Web servers reside in a private subnet. Which combination of steps must the Architect complete to meet these requirements? ( Select TWO)
A. Create a bastion host that authenticates users against the corporate directory
B. Create a bastion host with security group rules that only allow traffic from the corporate network
C. Attach an Iam role to the bastion host with relevant permissions
D. Configure the web servers security group to allow SSH traffic from a bastion host
E. Deny all SSH traffic from the corporate network in the inbound network ACL
View answer
Correct Answer: BD
Question #66
264. A restaurant reservation application needs the ability to maintain a waiting list. When a customer tries to reserve a table,and none are available, the customer must be put on the waiting list, and the application must notify the customer when a table becomes free. What service should the Solutions Architect recommend to ensure that the system respects the order in which the customer request are put onto the waiting list?
A. Amazon SNS
B. AWS Lambda with sequential dispatch
C. A FIFO queue in Amazon SQS
D. A standard queue in Amazon SQS
View answer
Correct Answer: C
Question #67
7. A social media analytics company uses a fleet of EC2 servers to manage its analytics workflow. These EC2 servers operate under an Auto Scaling group. The engineers at the company want to be able to download log files whenever an instance terminates because of a scale-in event from an auto-scaling policy. Which of the following features can be used to enable this custom action?
A. EC2 instance meta data
B. EC2 instance user data
C. Auto Scaling group lifecycle hook
D. Auto Scaling group scheduled action
View answer
Correct Answer: C
Question #68
278. A Solutions Architect is designing a solution to monitor weather changes by the minute. The frontend application is hosted on Amazon EC2 instances. The backend must be scalable to a virtually unlimited size, and data retrieval must occur with minimal latency. Which AWS service should the Architect use to store the data and achieve these requirements?
A. Amazon S3
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon EBS
View answer
Correct Answer: B
Question #69
4. A research group at an ivy-league university needs a fleet of EC2 instances operating in a fault-tolerant architecture for a specialized task that must deliver high random I/O performance. Each instance in the fleet would have access to a dataset that is replicated across the instances. Because of the resilient architecture, the specialized task would continue to be processed even if any of the instances goes down as the underlying application architecture would ensure the replacement instance has access
A. Use EC2 instances with access to S3 based storage
B. Use Instance Store based EC2 instances
C. Use EBS based EC2 instances
D. Use EC2 instances with EFS mount points
View answer
Correct Answer: B

View The Updated AWS Exam Questions

SPOTO Provides 100% Real AWS Exam Questions for You to Pass Your AWS Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: