Amazon SAA-C03 Exam Practice Test Instant Access

Question 1

[Design High-Performing Architectures]

A company runs an order management application on AWS. The application allows customers to place orders and pay with a credit card. The company uses an Amazon CloudFront distribution to deliver the application. A security team has set up logging for all incoming requests. The security team needs a solution to generate an alert if any user modifies the logging configuration.

Which combination of solutions will meet these requirements? (Select TWO.)

AConfigure an Amazon EventBridge rule that is invoked when a user creates or modifies a CloudFront distribution. Add the AWS Lambda function as a target of the EventBridge rule.

BCreate an Application Load Balancer (ALB). Enable AWS WAF rules for the ALB. Configure an AWS Config rule to detect security violations.

CCreate an AWS Lambda function to detect changes in CloudFront distribution logging. Configure the Lambda function to use Amazon Simple Notification Service (Amazon SNS) to send notifications to the security team.

DSet up Amazon GuardDuty. Configure GuardDuty to monitor findings from the CloudFront distribution. Create an AWS Lambda function to address the findings.

ECreate a private API in Amazon API Gateway. Use AWS WAF rules to protect the private API from common security problems.

Answer : A, C

A . EventBridge rule:Triggers an event whenever there is a change in CloudFront distribution, ensuring real-time monitoring.

B . ALB with WAF:Focuses on application-level security, not CloudFront logging.

C . Lambda + SNS:Provides notifications upon detection of changes in logging configuration.

D . GuardDuty:Monitors anomalies but does not specifically address CloudFront logging changes.

E . Private API + WAF:Irrelevant to CloudFront logging changes.

Question 2

[Design High-Performing Architectures]

A company is deploying an application that processes streaming data in near-real time The company plans to use Amazon EC2 instances for the workload The network architecture must be configurable to provide the lowest possible latency between nodes

Which combination of network solutions will meet these requirements? (Select TWO)

AEnable and configure enhanced networking on each EC2 instance

BGroup the EC2 instances in separate accounts

CRun the EC2 instances in a cluster placement group

DAttach multiple elastic network interfaces to each EC2 instance

EUse Amazon Elastic Block Store (Amazon EBS) optimized instance types.

Answer : A, C

These options are the most suitable ways to configure the network architecture to provide the lowest possible latency between nodes. Option A enables and configures enhanced networking on each EC2 instance, which is a feature that improves the network performance of the instance by providing higher bandwidth, lower latency, and lower jitter. Enhanced networking uses single root I/O virtualization (SR-IOV) or Elastic Fabric Adapter (EFA) to provide direct access to the network hardware. You can enable and configure enhanced networking by choosing a supported instance type and a compatible operating system, and installing the required drivers. Option C runs the EC2 instances in a cluster placement group, which is a logical grouping of instanceswithin a single Availability Zone that are placed close together on the same underlying hardware. Cluster placement groups provide the lowest network latency and the highest network throughput among the placement group options. You can run the EC2 instances in a cluster placement group by creating a placement group and launching the instances into it.

Option B is not suitable because grouping the EC2 instances in separate accounts does not provide the lowest possible latency between nodes. Separate accounts are used to isolate and organize resources for different purposes, such as security, billing, or compliance. However, they do not affect the network performance or proximity of the instances. Moreover, grouping the EC2 instances in separate accounts would incur additional costs and complexity, and it would require setting up cross-account networking and permissions.

Option D is not suitable because attaching multiple elastic network interfaces to each EC2 instance does not provide the lowest possible latency between nodes. Elastic network interfaces are virtual network interfaces that can be attached to EC2 instances to provide additional network capabilities, such as multiple IP addresses, multiple subnets, or enhanced security. However, they do not affect the network performance or proximity of the instances. Moreover, attaching multiple elastic network interfaces to each EC2 instance would consume additional resources and limit the instance type choices.

Option E is not suitable because using Amazon EBS optimized instance types does not provide the lowest possible latency between nodes. Amazon EBS optimized instance types are instances that provide dedicated bandwidth for Amazon EBS volumes, which are block storage volumes that can be attached to EC2 instances. EBS optimized instance types improve the performance and consistency of the EBS volumes, but they do not affect the network performance or proximity of the instances. Moreover, using EBS optimized instance types would incur additional costs and may not be necessary for the streaming data workload.Reference:

Enhanced networking on Linux

Placement groups

Elastic network interfaces

Amazon EBS-optimized instances

Question 3

A company operates an online photo-sharing service and stores data in AWS Account A in a centralized Amazon S3 bucket. The company wants to grant a second AWS account named Account B access to the centralized S3 bucket. The company owns Account B.

Options:

AEnable S3 Transfer Acceleration to provide Account B access to the centralized S3 bucket in Account A.

BEnable cross-Region replication between Account A and Account B to share the S3 bucket data.

CUse Amazon CloudFront to distribute the S3 bucket contents. Grant Account B access to the bucket contents through a signed URL.

DCreate a bucket policy that grants Account B permission to access the centralized S3 bucket in Account A.

Answer : D

Question 4

[Design Secure Architectures]

A company uses an Amazon S3 bucket as its data lake storage platform The S3 bucket contains a massive amount of data that is accessed randomly by multiple teams and hundreds of applications. The company wants to reduce the S3 storage costs and provide immediate availability for frequently accessed objects

What is the MOST operationally efficient solution that meets these requirements?

ACreate an S3 Lifecycle rule to transition objects to the S3 Intelligent-Tiering storage class

BStore objects in Amazon S3 Glacier Use S3 Select to provide applications with access to the data.

CUse data from S3 storage class analysis to create S3 Lifecycle rules to automatically transition objects to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class.

DTransition objects to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class Create an AWS Lambda function to transition objects to the S3 Standard storage class when they are accessed by an application

Answer : A

Amazon S3 Intelligent-Tiering: This storage class is designed to optimize costs by automatically moving data between two access tiers (frequent and infrequent) when access patterns change. It provides cost savings without performance impact or operational overhead.

S3 Lifecycle Rules: By creating an S3 Lifecycle rule, the company can automatically transition objects to the Intelligent-Tiering storage class. This eliminates the need for manual intervention and ensures that objects are moved to the most cost-effective storage tier based on their access patterns.

Operational Efficiency: Intelligent-Tiering requires no additional management and delivers immediate availability for frequently accessed objects. This makes it the most operationally efficient solution for the given requirements.

Amazon S3 Intelligent-Tiering

S3 Lifecycle Policies

Question 5

[Design Resilient Architectures]

A company is running a legacy system on an Amazon EC2 instance. The application code cannot be modified, and the system cannot run on more than one instance. A solutions architect must design a resilient solution that can improve the recovery time for the system.

What should the solutions architect recommend to meet these requirements?

AEnable termination protection for the EC2 instance.

BConfigure the EC2 instance for Multi-AZ deployment.

CCreate an Amazon CloudWatch alarm to recover the EC2 instance in case of failure.

DLaunch the EC2 instance with two Amazon Elastic Block Store (Amazon EBS) volumes that use RAID configurations for storage redundancy.

Answer : C

To design a resilient solution that can improve the recovery time for the system, a solutions architect should recommend creating an Amazon CloudWatch alarm to recover the EC2 instance in case of failure. This solution has the following benefits:

It allows the EC2 instance to be automatically recovered when a system status check failure occurs, such as loss of network connectivity, loss of system power, software issues on the physical host, or hardware issues on the physical host that impact network reachability1.

It preserves the instance ID, private IP addresses, Elastic IP addresses, and all instance metadata of the original instance.A recovered instance is identical to the original instance, except for any data that is in-memory, which is lost during the recovery process1.

It does not require any modification of the application code or the EC2 instance configuration.The solutions architect can create a CloudWatch alarm using the AWS Management Console, the AWS CLI, or the CloudWatch API2.

1: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html

2: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#ec2-instance-recover-create-alarm

Question 6

[Design Resilient Architectures]

A company runs a three-tier web application in a VPC across multiple Availability Zones. Amazon EC2 instances run in an Auto Scaling group for the application tier.

The company needs to make an automated scaling plan that will analyze each resource's daily and weekly historical workload trends. The configuration must scale resources appropriately according to both the forecast and live changes in utilization.

Which scaling strategy should a solutions architect recommend to meet these requirements?

AImplement dynamic scaling with step scaling based on average CPU utilization from the EC2 instances.

BEnable predictive scaling to forecast and scale. Configure dynamic scaling with target tracking.

CCreate an automated scheduled scaling action based on the traffic patterns of the web application.

DSet up a simple scaling policy. Increase the cooldown period based on the EC2 instance startup time

Answer : B

This solution meets the requirements because it allows the company to use both predictive scaling and dynamic scaling to optimize the capacity of its Auto Scaling group. Predictive scaling uses machine learning to analyze historical data and forecast future traffic patterns. It then adjusts the desired capacity of the group in advance of the predicted changes. Dynamic scaling uses target tracking to maintain a specified metric (such as CPU utilization) at a target value. It scales the group in or out as needed to keep the metric close to the target. By using both scaling methods, the company can benefitfrom faster, simpler, and more accurate scaling that responds to both forecasted and live changes in utilization.

Predictive scaling for Amazon EC2 Auto Scaling

[Target tracking scaling policies for Amazon EC2 Auto Scaling]

Question 7

A company is developing a serverless, bidirectional chat application that can broadcast messages to connected clients. The application is based on AWS Lambda functions. The Lambda functions receive incoming messages in JSON format.

The company needs to provide a frontend component for the application.

Which solution will meet this requirement?

AUse an Amazon API Gateway HTTP API to direct incoming JSON messages to backend destinations.

BUse an Amazon API Gateway REST API that is configured with a Lambda proxy integration.

CUse an Amazon API Gateway WebSocket API to direct incoming JSON messages to backend destinations.

DUse an Amazon CloudFront distribution that is configured with a Lambda function URL as a custom origin.

Answer : C

Amazon SAA-C03 AWS Certified Solutions Architect - Associate Exam Practice Test