The Secret Of Amazon-Web-Services SAA-C03 Free Dumps

NEW QUESTION 1
A company runs multiple Windows workloads on AWS. The company’s employees use Windows the file shares that are hosted on two Amazon EC2 instances. The file shares synchronize data between themselves and maintain duplicate copies. The company wants a highly available and durable storage solution that preserves how users currently access the files.

• A. Migrate all the data to Amazon S3 Set up IAM authentication for users to access files
• B. Set up an Amazon S3 File Gatewa
• C. Mount the S3 File Gateway on the existing EC2 Instances.
• D. Extend the file share environment to Amazon FSx for Windows File Server with a Multi-AZ configuratio
• E. Migrate all the data to FSx for Windows File Server.
• F. Extend the file share environment to Amazon Elastic File System (Amazon EFS) with a Multi-AZ configuratio
• G. Migrate all the data to Amazon EFS.

Answer: C

NEW QUESTION 2
A company has deployed a server less application that invokes an AWS Lambda function when new documents are uploaded to an Amazon S3 bucket The application uses the Lambda function to process the documents After a recent marketing campaign the company noticed that the application did not process many of The documents
What should a solutions architect do to improve the architecture of this application?

• A. Set the Lambda function's runtime timeout value to 15 minutes
• B. Configure an S3 bucket replication policy Stage the documents m the S3 bucket for later processing
• C. Deploy an additional Lambda function Load balance the processing of the documents across the two Lambda functions
• D. Create an Amazon Simple Queue Service (Amazon SOS) queue Send the requests to the queue Configure the queue as an event source for Lambda.

Answer: B

NEW QUESTION 3
A company uses Amazon EC2 instances to host its internal systems As pan of a deployment operation, an administrator tries to use the AWS CLI to terminate an EC2 instance However, the administrator receives a 403 (Access Dented) error message
The administrator is using an IAM role that has the following 1AM policy attached:

What is the cause of the unsuccessful request?

• A. The EC2 Instance has a resource-based policy win a Deny statement.B The principal has not been specified in the policy statement
• B. The "Action" field does not grant the actions that are required to terminate the EC2 instance
• C. The request to terminate the EC2 instance does not originate from the CIDR blocks 192 0 2.0:24 or 203.0.113.0/24.

Answer: B

NEW QUESTION 4
A company runs an online marketplace web application on AWS. The application serves hundreds of thousands of users during peak hours. The company needs a scalable, near-real-time solution to share the details of millions of financial transactions with several other internal applications Transactions also need to be processed to remove sensitive data before being stored in a document database for low-latency retrieval.
What should a solutions architect recommend to meet these requirements?

• A. Store the transactions data into Amazon DynamoDB Set up a rule in DynamoDB to remove sensitive data from every transaction upon write Use DynamoDB Streams to share the transactions data with other applications
• B. Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3 Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive dat
• C. Other applications can consumethe data stored in Amazon S3
• D. Stream the transactions data into Amazon Kinesis Data Streams Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in Amazon DynamoDB Other applications can consumethe transactions data off the Kinesis data stream.
• E. Store the batched transactions data in Amazon S3 as file
• F. Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon S3 The Lambda function then stores the data in Amazon DynamoDBOther applications can consume transaction files stored in Amazon S3.

Answer: C

Explanation:
Explanation
The destination of your Kinesis Data Firehose delivery stream. Kinesis Data Firehose can send data records to various destinations, including Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon OpenSearch Service,
and any HTTP endpoint that is owned by you or any of your third-party service providers. The following are the supported destinations:
* Amazon OpenSearch Service
* Amazon S3
* Datadog
* Dynatrace
* Honeycomb
* HTTP Endpoint
* Logic Monitor
* MongoDB Cloud
* New Relic
* Splunk
* Sumo Logic
https://docs.aws.amazon.com/firehose/latest/dev/create-name.html
https://aws.amazon.com/kinesis/data-streams/
Amazon Kinesis Data Streams (KDS) is a massively scalable and durable real-time data streaming service. KDS can continuously capture gigabytes of data per second from hundreds of thousands of sources such as website clickstreams, database event streams, financial transactions, social media feeds, IT logs, and location-tracking events.

NEW QUESTION 5
A company has thousands of edge devices that collectively generate 1 TB of status alerts each day.
Each alert is approximately 2 KB in size. A solutions architect needs to implement a solution to ingest and store the alerts for future analysis.
The company wants a highly available solution. However, the company needs to minimize costs and does not want to manage additional infrastructure. Additionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than 14 days.
What is the MOST operationally efficient solution that meets these requirements?

• A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3 bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days
• B. Launch Amazon EC2 instances across two Availability Zones and place them behind an Elastic Load Balancer to ingest the alerts Create a script on the EC2 instances that will store tne alerts m an Amazon S3 bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days
• C. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon Elasticsearch Service (Amazon ES) duster Set up the Amazon ES cluster to take manual snapshots every day and delete data from the duster that is older than 14 days
• D. Create an Amazon Simple Queue Service (Amazon SQS i standard queue to ingest the alerts and set the message retention period to 14 days Configure consumers to poll the SQS queue check the age of the message and analyze the message data as needed If the message is 14 days old the consumer should copy the message to an Amazon S3 bucket and delete the message from the SQS queue

Answer: A

Explanation:
Explanation
https://aws.amazon.com/kinesis/datafirehose/features/?nc=sn&loc=2#:~:text=into%20Amazon%20S3%2C%20Amazon%20Redshift%2C%20Amazon%20OpenSearch%20Service%2C%20Kinesis,Delivery%20streams

NEW QUESTION 6
A company is running a critical business application on Amazon EC2 instances behind an Application Load Balancer The EC2 instances run in an Auto Scaling group and access an Amazon RDS DB instance
The design did not pass an operational review because the EC2 instances and the DB instance are all located in a single Availability Zone A solutions architect must update the design to use a second Availability Zone
Which solution will make the application highly available?

• A. Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across bothAvailability Zones Configure the DB instance with connections to each network
• B. Provision two subnets that extend across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instancesacross both Availability Zones Configure the DB instance with connections to each network
• C. Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones Configure the DB instance for Multi-AZ deployment
• D. Provision a subnet that extends across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instancesacross both Availability Zones Configure the DB instance for Multi-AZ deployment

Answer: C

NEW QUESTION 7
A gaming company is moving its public scoreboard from a data center to the AWS Cloud. The company uses Amazon EC2 Windows Server instances behind an Application Load Balancer to host its dynamic application. The company needs a highly available storage solution for the application. The application consists of static files and dynamic server-side code.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

• A. Store the static files on Amazon S3. Use Amazon
• B. CloudFront to cache objects at the edge.
• C. Store the static files on Amazon S3. Use Amazon ElastiCache to cache objects at the edge.
• D. Store the server-side code on Amazon Elastic File System (Amazon EFS). Mount the EFS volume on each EC2 instance to share the files.
• E. Store the server-side code on Amazon FSx for Windows File Serve
• F. Mount the FSx for Windows File Server volume on each EC2 instance to share the files.
• G. Store the server-side code on a General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volum
• H. Mount the EBS volume on each EC2 instance to share the files.

Answer: AE

NEW QUESTION 8
A company wants to build a scalable key management Infrastructure to support developers who need to encrypt data in their applications.
What should a solutions architect do to reduce the operational burden?

• A. Use multifactor authentication (MFA) to protect the encryption keys.
• B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys
• C. Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys
• D. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys

Answer: B

NEW QUESTION 9
A company needs to review its AWS Cloud deployment to ensure that its Amazon S3 buckets do not have unauthorized configuration changes.
What should a solutions architect do to accomplish this goal?

• A. Turn on AWS Config with the appropriate rules.
• B. Turn on AWS Trusted Advisor with the appropriate checks.
• C. Turn on Amazon Inspector with the appropriate assessment template.
• D. Turn on Amazon S3 server access loggin
• E. Configure Amazon EventBridge (Amazon Cloud Watch Events).

Answer: A

NEW QUESTION 10
A company is building an application in the AWS Cloud. The application will store data in Amazon S3 buckets in two AWS Regions. The company must use an AWS Key Management Service (AWS KMS) customer managed key to encrypt
all data that is stored in the S3 buckets. The data in both S3 buckets must be encrypted and decrypted with the same KMS key. The data and the key must be stored in each of the two Regions.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Create an S3 bucket in each Region Configure the S3 buckets to use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) Configure replication between the S3 buckets.
• B. Create a customer managed multi-Region KMS ke
• C. Create an S3 bucket in each Regio
• D. Configure replication between the S3 bucket
• E. Configure the application to use the KMS key with client-side encryption.
• F. Create a customer managed KMS key and an S3 bucket in each Region Configure the S3 buckets to use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) Configure replication between the S3 buckets.
• G. Create a customer managed KMS key and an S3 bucket m each Region Configure the S3 buckets to use server-side encryption with AWS KMS keys (SSE-KMS) Configure replication between the S3 buckets.

Answer: C

Explanation:
Explanation
From https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.htmlFor most users, the default AWS KMS key store, which is protected by FIPS 140-2 validatedcryptographic modules, fulfills their security requirements. There is no need to add an extra layer ofmaintenance responsibility or a dependency on an additional service. However, you might considercreating a custom key store if your organization has any of the following requirements: Key materialcannot be stored in a shared environment. Key material must be subject to a secondary, independentaudit path. The HSMs that generate and store key material must be certified at FIPS 140-2 Level 3.
https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html

NEW QUESTION 11
A company is expecting rapid growth in the near future. A solutions architect needs to configure existing users and grant permissions to new users on AWS The solutions architect has decided to create IAM groups The solutions architect will add the new users to IAM groups based on department
Which additional action is the MOST secure way to grant permissions to the new users?

• A. Apply service control policies (SCPs) to manage access permissions
• B. Create IAM roles that have least privilege permission Attach the roles lo the IAM groups
• C. Create an IAM policy that grants least privilege permission Attach the policy to the IAM groups
• D. Create IAM roles Associate the roles with a permissions boundary that defines the maximum permissions

Answer: C

NEW QUESTION 12
A company hosts its multi-tier applications on AWS. For compliance, governance, auditing, and security, the company must track configuration changes on its AWS resources and record a history of API calls made to these resources.
What should a solutions architect do to meet these requirements?

• A. Use AWS CloudTrail to track configuration changes and AWS Config to record API calls
• B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls
• C. Use AWS Config to track configuration changes and Amazon CloudWatch to record API calls
• D. Use AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls

Answer: B

NEW QUESTION 13
A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application. The media files must be resilient to the loss of an Availability Zone Some files are accessed frequently while other files are rarely accessed in an unpredictable pattern. The solutions architect must minimize the costs of storing and retrieving the media files.
Which storage option meets these requirements?

• A. S3 Standard
• B. S3 Intelligent-Tiering
• C. S3 Standard-Infrequent Access {S3 Standard-IA)
• D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: B

NEW QUESTION 14
A company is hosting a static website on Amazon S3 and is using Amazon Route 53 for DNS. The website is experiencing increased demand from around the world. The company must decrease latency for users who access the website.
Which solution meets these requirements MOST cost-effectively?

• A. Replicate the S3 bucket that contains the website to all AWS Region
• B. Add Route 53 geolocation routing entries.
• C. Provision accelerators in AWS Global Accelerato
• D. Associate the supplied IP addresses with the S3 bucke
• E. Edit the Route 53 entries to point to the IP addresses of the accelerators.
• F. Add an Amazon CloudFront distribution in front of the S3 bucke
• G. Edit the Route 53 entries to point to the CloudFront distribution.
• H. Enable S3 Transfer Acceleration on the bucke
• I. Edit the Route 53 entries to point to the new endpoint.

Answer: C

NEW QUESTION 15
An image-processing company has a web application that users use to upload images. The application uploads the images into an Amazon S3 bucket. The company has set up S3 event notifications to publish the object creation events to an A company has a service that produces event queue. The SQS queue serves as the event source for an AWS Lambda function that processes the images and sends the results to users through email.
Users report that they are receiving multiple email messages for every uploaded image. A solutions architect determines that SQS messages are invoking the Lambda function more than once, resulting in multiple email messages.
What should the solutions architect do to resolve this issue with the LEAST operational overhead?

• A. Set up long polling in the SQS queue by increasing the ReceiveMessage wait time to 30 seconds.
• B. Change the SQS standard queue to an SQS FIFO queu
• C. Use the message deduplication ID to discard duplicate messages.
• D. Increase the visibility timeout in the SQS queue to a value that is greater than the total of the function timeout and the batch window timeout.
• E. Modify the Lambda function to delete each message from the SQS queue immediately after the message is read before processing.

Answer: B

NEW QUESTION 16
A company wants to manage Amazon Machine Images (AMIs). The company currently copies AMIs to the same AWS Region where the AMIs were created. The company needs to design an application that captures AWS API calls and sends alerts whenever the Amazon EC2 Createlmage API operation is called within the company's account.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Create an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a Createlmage API call is detected.
• B. Configure AWS CloudTrail with an Amazon Simple Notification Service {Amazon SNS) notification that occurs when updated logs are sent to Amazon S3. Use Amazon Athena to create a new table and to query on Createlmage when an API call is detected.
• C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the Createlmage API call.Configure the target as an Amazon Simple Notification Service (Amazon SNS) topic to send an alert when a Createlmage API call is detected.
• D. Configure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail log
• E. Create an AWS Lambda function to send an alert to an Amazon Simple NotificationService (Amazon SNS) topic when a Createlmage API call is detected.

Answer: B

NEW QUESTION 17
A company is creating a new application that will store a large amount of data. The data will be analyzed hourly and will be modified by several Amazon EC2 Linux instances that are deployed across multiple Availability Zones. The needed amount of storage space will continue to grow for the next 6 Months.
Which storage solution should a solutions architect recommend to meet these requirements?

• A. Store the data in Amazon S3 Glacier Update me S3 Glacier vault policy to allow access to the application Instances
• B. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume Mount the EBS volume on the application nuances.
• C. Store the data in an Amazon Elastic File System (Amazon EFS) tile system Mount the file system on the application instances.
• D. Store the data in an Amazon Elastic Block Store (Amazon EBS) Provisioned K)PS volume shared between the application instances.

Answer: C

NEW QUESTION 18
A company needs to store its accounting records in Amazon S3. The records must be immediately accessible for 1 year and then must be archived for an additional 9 years. No one at the company, including administrative users and root users, can be able to delete the records during the entire 10- year period. The records must be stored with maximum resiliency.
Which solution will meet these requirements?

• A. Store the records in S3 Glacier for the entire 10-year perio
• B. Use an access control policy to deny deletion of the records for a period of 10 years.
• C. Store the records by using S3 Intelligent-Tierin
• D. Use an IAM policy to deny deletion of the records.After 10 years, change the IAM policy to allow deletion.
• E. Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 yea
• F. Use S3 Object Lock in compliance mode for a period of 10 years.
• G. Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 yea
• H. Use S3 Object Lock in governance mode for a period of 10 years.

Answer: C

NEW QUESTION 19
......