Because the Lead4Pass SAA-C03 dumps contain 658 latest exam questions and answers, more than 99% of the actual exam questions, meeting the conditions for candidates to successfully pass the SAA-C03 Exam “AWS Certified Solutions Architect – Associate”.
Download the Lead4Pass SAA-C03 dumps edited and corrected by a professional team: https://www.leads4pass.com/saa-c03.html, and provide PDF and VCE practice methods to choose from, helping you easily complete the practice tasks and succeed Pass the exam.
Practice Lead4Pass SAA-C03 dumps exam questions online for free
| From | Number of exam questions | Type | Associated certification |
| Lead4Pass | 15/658 | Free | AWS Certified Associate |
Question 1:
A medical research lab produces data that is related to a new study. The lab wants to make the data available with minimum latency to clinics across the country for their on-premises, file-based applications. The data files are stored in an Amazon S3 bucket that has read-only permissions for each clinic.
What should a solutions architect recommend to meet these requirements?
A. Deploy an AWS Storage Gateway file gateway as a virtual machine (VM) on-premises at each clinic
B. Migrate the files to each clinic\’s on-premises applications by using AWS DataSync for processing.
C. Deploy an AWS Storage Gateway volume gateway as a virtual machine (VM) on-premises at each clinic.
D. Attach an Amazon Elastic File System (Amazon EFS) file system to each clinic\’s on-premises servers.
Correct Answer: A
AWS Storage Gateway is a service that connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization\’s on-premises IT environment and AWS\’s storage infrastructure.
By deploying a file gateway as a virtual machine on each clinic\’s premises, the medical research lab can provide low-latency access to the data stored in the S3 bucket while maintaining read-only permissions for each clinic.
This solution allows the clinics to access the data files directly from their on-premises file-based applications without the need for data transfer or migration.
Question 2:
A large media company hosts a web application on AWS. The company wants to start caching confidential media files so that users around the world will have reliable access to the files. The content is stored in Amazon S3 buckets. The company must deliver the content quickly, regardless of where the requests originate geographically.
Which solution will meet these requirements?
A. Use AWS DataSync to connect the S3 buckets to the web application.
B. Deploy AWS Global Accelerator to connect the S3 buckets to the web application.
C. Deploy Amazon CloudFront to connect the S3 buckets to CloudFront edge servers.
D. Use Amazon Simple Queue Service (Amazon SQS) to connect the S3 buckets to the web application.
Correct Answer: C
CloudFront uses a local cache to provide the response, and AWS Global accelerator proxies requests and connects to the application all the time for the response. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/privatecontent-restricting-access-to-s3.html#private-content-granting-permissions-to-oai
Question 3:
A company has an e-commerce checkout workflow that writes an order to a database and calls a service to process the payment. Users are experiencing timeouts during the checkout process. When users resubmit the checkout form, multiple unique orders are created for the same desired transaction.
How should a solutions architect refactor this workflow to prevent the creation of multiple orders?
A. Configure the web application to send an order message to Amazon Kinesis Data Firehose. Set the payment service to retrieve the message from Kinesis Data Firehose and process the order.
B. Create a rule in AWS CloudTrail to invoke an AWS Lambda function based on the logged application path request Use Lambda to query the database, call the payment service, and pass in the order information.
C. Store the order in the database. Send a message that includes the order number to Amazon Simple Notification Service (Amazon SNS). Set the payment service to poll Amazon SNS. retrieve the message, and process the order.
D. Store the order in the database. Send a message that includes the order number to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the payment service to retrieve the message and process the order. Delete the message from the queue.
Correct Answer: D
This approach ensures that the order creation and payment processing steps are separate and atomic. By sending the order information to an SQS FIFO queue, the payment service can process the order one at a time and in the order they were received.
If the payment service is unable to process an order, it can be retried later, preventing the creation of multiple orders. The deletion of the message from the queue after it is processed will prevent the same message from being processed multiple times.
It\’s worth noting that FIFO queues guarantee that messages are processed in the order they are received, and prevent duplicates.
Question 4:
A company is deploying a two-tier web application in a VPC. The web tier is using an Amazon EC2 Auto Scaling group with public subnets that span multiple Availability Zones.
The database tier consists of an Amazon RDS for MySQL DB instances in separate private subnets. The web tier requires access to the database to retrieve product information.
The web application is not working as intended. The web application reports that it cannot connect to the database. The database is confirmed to be up and running. All configurations for the network ACLs. security groups and route tables are still in their default states.
What should a solutions architect recommend to fix the application?
A. Add an explicit rule to the private subnet\’s network ACL to allow traffic from the web tier\’s EC2 instances.
B. Add a route in the VPC route table to allow traffic between the web tier\’s EC2 instances and the database tier.
C. Deploy the web tier\’s EC2 instances and the database tier\’s RDS instance into two separate VPCs. and configure VPC peering.
D. Add an inbound rule to the security group of the database tier\’s RDS instance to allow traffic from the web tier\’s security group.
Correct Answer: D
By default, all inbound traffic to an RDS instance is blocked. Therefore, an inbound rule needs to be added to the security group of the RDS instance to allow traffic from the security group of the web tier\’s EC2 instances.
Question 5:
A solution architect needs to assign a new Microsoft for a company\’s application. Clients must be able to call an HTTPS endpoint to reach the microservice. The microservice also must use AWS Identity and Access Management (IAM) to authenticate calls. The solutions architect will write the logic for this microservice by using a single AWS Lambda function that is written in Go 1. x.
Which solution will deploy the function in the MOST operationally efficient way?
A. Create an Amazon API Gateway REST API. Configure the method to use the Lambda function. Enable IAM authentication on the API.
B. Create a Lambda function URL for the function. Specify AWS_IAM as the authentication type.
C. Create an Amazon CloudFront distribution. Deploy the function to Lambda@Edge. Integrate IAM authentication logic into the Lambda@Edge function.
D. Create an Amazon CloudFront distribution. Deploy the function to CloudFront Functions. Specify AWS_IAM as the authentication type.
Correct Answer: A
This option is the most operationally efficient as it allows you to use API Gateway to handle the HTTPS endpoint and also allows you to use IAM to authenticate the calls to the microservice.
API Gateway also provides many additional features such as caching, throttling, and monitoring, which can be useful for a microservice.
Question 6:
A company deploys Amazon EC2 instances that run in a VPC The EC2 instances load source data into Amazon S3 buckets so that the data can be processed in the future According to compliance laws, the data must not be transmitted over public internet Servers in the company\’s on-premises data center will consume the output from an application that runs on the EC2 instances
Which solution will meet these requirements?
A. Deploy an interface VPC endpoint for Amazon EC2 Create an AWS Site-to-Site VPN connection between the company and the VPC
B. Deploy a gateway VPC endpoint for Amazon S3 Set up an AWS Direct Connect connection between the on-premises network and the VPC
C. Set up an AWS Transit Gateway connection from the VPC to the S3 buckets Create an AWS Site-to-Site VPN connection between the company and the VPC
D. Set up proxy EC2 instances that have routes to NAT gateways Configure the proxy EC2 instances to fetch S3 data and feed the application instances
Correct Answer: A
Question 7:
A company wants to restrict access to the content of one of its main web applications and to protect the content by using authorization techniques available on AWS.
The company wants to implement a serverless architecture and an authentication solution for fewer than 100 users.
The solution needs to integrate with the main web application and serve web content globally. The solution must also scale as the company\’s user base grows while providing the lowest login latency possible.
Which solution will meet these requirements MOST cost-effectively?
A. Use Amazon Cognito for authentication. Use Lambda@Edge for authorization. Use Amazon CloudFront to serve the web application globally.
B. Use AWS Directory Service for Microsoft Active Directory for authentication. Use AWS Lambda for authorization. Use an Application Load Balancer to serve the web application globally.
C. Use Amazon Cognito for authentication. Use AWS Lambda for authorization. Use Amazon S3 Transfer Acceleration to serve the web application globally.
D. Use AWS Directory Service for Microsoft Active Directory for authentication. Use Lambda@Edge for authorization. Use AWS Elastic Beanstalk to serve the web application globally.
Correct Answer: A
Amazon CloudFront is a global content delivery network (CDN) service that can securely deliver web content, videos, and APIs at scale.
It integrates with Cognito for authentication and with Lambda@Edge for authorization, making it an ideal choice for serving web content globally.
Lambda@Edge is a service that lets you run AWS Lambda functions globally closer to users, providing lower latency and faster response times.
It can also handle authorization logic at the edge to secure content in CloudFront. For this scenario, Lambda@Edge can provide authorization for the web application while leveraging the low-latency benefit of running at the edge.
Question 8:
A group requires permission to list an Amazon S3 bucket and delete objects from that bucket. An administrator has created the following IAM policy to provide access to the bucket and applied that policy to the group.
The group is not able to delete objects in the bucket. The company follows least-privilege access rules.
Which statement should a solutions architect add to the policy to correct bucket access?
A. Option A
B. Option B
C. Option C
D. Option D
Correct Answer: D
Question 9:
A company wants to migrate its on-premises application to AWS. The application produces output files that vary in size from tens of gigabytes to hundreds of terabytes The application data must be stored in a standard file system structure The company wants a solution that scales automatically, is highly available, and requires minimum operational overhead.
Which solution will meet these requirements?
A. Migrate the application to run as containers on Amazon Elastic Container Service (Amazon ECS) Use Amazon S3 for storage
B. Migrate the application to run as containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use Amazon Elastic Block Store (Amazon EBS) for storage
C. Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling group. Use Amazon Elastic File System (Amazon EFS) for storage.
D. Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling group. Use Amazon Elastic Block Store (Amazon EBS) for storage.
Correct Answer: C
EFS is a standard file system, it scales automatically and is highly available.
Question 10:
A company\’s application Is having performance issues The application is stateful and needs to complete m-memory tasks on Amazon EC2 instances.
The company used AWS CloudFormation to deploy infrastructure and used the M5 EC2 Instance family As traffic increased, the application performance degraded Users are reporting delays when the users attempt to access the application.
Which solution will resolve these issues in the MOST operationally efficient way?
A. Replace the EC2 Instances with T3 EC2 instances that run in an Auto Scaling group. Made the changes by using the AWS Management Console.
B. Modify the CloudFormation templates to run the EC2 instances in an Auto Scaling group. Increase the desired capacity and the maximum capacity of the Auto Scaling group manually when an increase is necessary
C. Modify the CloudFormation templates. Replace the EC2 instances with R5 EC2 instances. Use Amazon CloudWatch built-in EC2 memory metrics to track the application performance for future capacity planning.
D. Modify the CloudFormation templates. Replace the EC2 instances with R5 EC2 instances. Deploy the Amazon CloudWatch agent on the EC2 instances to generate custom application latency metrics for future capacity planning.
Correct Answer: D
https://aws.amazon.com/premiumsupport/knowledge-center/cloudwatch-memory-metrics-ec2/
Question 11:
A company runs a public three-Tier web application in a VPC The application runs on Amazon EC2 instances across multiple Availability Zones.
The EC2 instances that run in private subnets need to communicate with a license server over the Internet The company needs a managed solution that minimizes operational maintenance
Which solution meets these requirements\’\’
A. Provision a NAT instance in a public subnet Modify each private subnets route table with a default route that points to the NAT instance
B. Provision a NAT instance in a private subnet Modify each private subnet\’s route table with a default route that points to the NAT instance
C. Provision a NAT gateway in a public subnet Modify each private subnet\’s route table with a default route that points to the NAT gateway
D. Provision a NAT gateway in a private subnet Modify each private subnet\’s route table with a default route that points to the NAT gateway.
Correct Answer: C
minimizes operational maintenance = NGW
Question 12:
A company must save all the email messages that its employees send to customers for a period of 12 months. The messages are stored m a binary format and vary m size from 1 KB to 20 KB.
The company has selected Amazon S3 as the storage service for the messages
Which combination of steps will meet these requirements MOST cost-effectively9 (Select TWO.)
A. Create an S3 bucket policy that denies the s3 Delete Object action.
B. Create an S3 lifecycle configuration that deletes the messages after 12 months.
C. Upload the messages to Amazon S3 Use S3 Object Lock in governance mode
D. Upload the messages to Amazon S3. Use S3 Object Lock in compliance mode.
E. Use S3 Inventory Create an AWS Batch job that periodically scans the inventory and deletes the messages after 12 months
Correct Answer: BD
Question 13:
A solutions architect needs to allow team members to access Amazon S3 buckets in two different AWS accounts: a development account and a production account.
The team currently has access to S3 buckets in the development account by using unique IAM users that are assigned to an IAM group that has appropriate permissions in the account.
The solutions architect has created an IAM role in the production account. The role has a policy that grants access to an S3 bucket in the production account.
Which solution will meet these requirements while complying with the principle of least privilege?
A. Attach the Administrator Access policy to the development account users.
B. Add the development account as a principal in the trust policy of the role in the production account.
C. Turn off the S3 Block Public Access feature on the S3 bucket in the production account.
D. Create a user in the production account with unique credentials for each team member.
Correct Answer: B
By adding the development account as a principal in the trust policy of the IAM role in the production account, you are allowing users from the development account to assume the role in the production account.
This allows the team members to access the S3 bucket in the production account without granting them unnecessary privileges.
Question 14:
A medical records company is hosting an application on Amazon EC2 instances. The application processes customer data files that are stored on Amazon S3. The EC2 instances are hosted in public subnets.
The EC2 instances access Amazon S3 over the internet, but they do not require any other network access.
A new requirement mandates that the network traffic for file transfers take a private route and not be sent over the Internet.
Which change to the network architecture should a solutions architect recommend to meet this requirement?
A. Create a NAT gateway. Configure the route table for the public subnets to send traffic to Amazon S3 through the NAT gateway.
B. Configure the security group for the EC2 instances to restrict outbound traffic so that only traffic to the S3 prefix list is permitted.
C. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets
D. Remove the internet gateway from the VPC. Set up an AWS Direct Connect connection, and route traffic to Amazon S3 over the Direct Connect connection.
Correct Answer: C
The application must be moved to a Private subnet. This is a prerequisite in using VPC endpoints with S3 https://aws.amazon.com/blogs/storage/managing-amazon-s3-access-with-vpc-endpoints-and-s3-access-points/
Question 15:
A company needs to store data in Amazon S3 and must prevent the data from being changed. The company wants new objects that are uploaded to Amazon S3 to remain unchangeable for a nonspecific amount of time until the company decides to modify the objects.
Only specific users in the company\’s AWS account can have the ability to delete the objects.
What should a solutions architect do to meet these requirements?
A. Create an S3 Glacier vault Apply a write-once, read-many (WORM) vault lock policy to the objects
B. Create an S3 bucket with S3 Object Lock enabled Enable versioning Set a retention period of 100 years Use governance mode as the S3 bucket\’s default retention mode for new objects
C. Create an S3 bucket Use AWS CloudTrail to (rack any S3 API events that modify the objects Upon notification, restore the modified objects from any backup versions that the company has
D. Create an S3 bucket with S3 Object Lock enabled Enable versioning Add a legal hold to the objects Add the s3 PutObjectLegalHold permission to the IAM policies of users who need to delete the objects
Correct Answer: D
“The Object Lock legal hold operation enables you to place a legal hold on an object version. Like setting a retention period, a legal hold prevents an object version from being overwritten or deleted.
However, a legal hold doesn’t have an associated retention period and remains in effect until removed.” https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-legal-hold.html
…
The above Amazon SAA-C03 free exam questions provide you with online practice verification! Download the complete Lead4Pass SAA-C03 dumps exam questions: https://www.leads4pass.com/saa-c03.html, get more than 99% of the customs clearance questions and answers,
Help you pass the exam easily. Friendly reminder: You can choose any learning method you are used to (PDF OR VCE)! Just download and use it!