Practice Free SAA-C03 Exam Online Questions
A solutions architect is designing a new API using Amazon API Gateway that will receive requests
from users. The volume of requests is highly variable; several hours can pass without receiving a single request. The data processing will take place asynchronously, but should be completed within a few seconds after a request is made.
Which compute service should the solutions architect have the API invoke to deliver the requirements at the lowest cost?
- A . An AWS Glue job
- B . An AWS Lambda function
- C . A containerized service hosted in Amazon Elastic Kubernetes Service (Amazon EKS)
- D . A containerized service hosted in Amazon ECS with Amazon EC2
B
Explanation:
API Gateway + Lambda is the perfect solution for modern applications with serverless architecture.
A company has an application that is running on Amazon EC2 instances A solutions architect has standardized the company on a particular instance family and various instance sizes based on the current needs of the company.
The company wants to maximize cost savings for the application over the next 3 years. The company needs to be able to change the instance family and sizes in the next 6 months based on application popularity and usage
Which solution will meet these requirements MOST cost-effectively?
- A . Compute Savings Plan
- B . EC2 Instance Savings Plan
- C . Zonal Reserved Instances
- D . Standard Reserved Instances
A
Explanation:
Understanding the Requirement: The company wants to maximize cost savings for their application over the next three years, with the flexibility to change the instance family and sizes within the next six months based on application popularity and usage.
Analysis of Options:
Compute Savings Plan: This plan offers the most flexibility, allowing the company to change instance families, sizes, and regions. It applies to EC2, AWS Fargate, and AWS Lambda, offering significant cost savings with this flexibility.
EC2 Instance Savings Plan: This plan is less flexible than the Compute Savings Plan, as it only applies to EC2 instances and allows changes within a specific instance family.
Zonal Reserved Instances: These provide a discount on EC2 instances but are tied to a specific availability zone and instance type, offering the least flexibility.
Standard Reserved Instances: These offer discounts on EC2 instances but with more restrictions compared to Savings Plans, particularly when changing instance types and families.
Best Option for Flexibility and Savings:
The Compute Savings Plan is the most cost-effective solution because it allows the company to maintain flexibility while still achieving significant cost savings. This is critical for adapting to changing application demands without being locked into specific instance types or families.
Reference: AWS Savings Plans
EC2 Instance Types
A company hosts an application on AWS. The application gives users the ability to upload photos and store the photos in an Amazon S3 bucket. The company wants to use Amazon CloudFront and a custom domain name to upload the photo files to the S3 bucket in the eu-west-1 Region.
Which solution will meet these requirements? (Select TWO.)
- A . Use AWS Certificate Manager (ACM) to create a public certificate in the us-east-1 Region. Use the certificate in CloudFront
- B . Use AWS Certificate Manager (ACM) to create a public certificate in eu-west-1. Use the certificate in CloudFront.
- C . Configure Amazon S3 to allow uploads from CloudFront. Configure S3 Transfer Acceleration.
- D . Configure Amazon S3 to allow uploads from CloudFront origin access control (OAC).
- E . Configure Amazon S3 to allow uploads from CloudFront. Configure an Amazon S3 website endpoint.
AC
Explanation:
To upload photos to an S3 bucket using Amazon CloudFront with a custom domain name, the following components are required:
ACM in us-east-1 (Option A): When using CloudFront with HTTPS, the SSL/TLS certificate must be created in the us-east-1 Region. AWS Certificate Manager (ACM) handles the provisioning, management, and renewal of public certificates, making this a cost-effective and low-maintenance solution.
S3 Transfer Acceleration (Option C): Transfer Acceleration allows faster uploads to S3 from CloudFront by routing traffic through AWS’s edge locations. This significantly speeds up the data upload process, especially for users that are geographically distant from the S3 bucket’s region.
Option B (ACM in eu-west-1): CloudFront only supports certificates created in us-east-1.
Option D and E (OAC and website endpoint): These are not ideal for handling secure uploads or efficient data transfers in this case.
AWS
Reference: Using ACM with CloudFront
Amazon S3 Transfer Acceleration
A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that is located in the same AWS account.
Which solution will meet these requirement in the MOST secure manner?
- A . Apply an S3 bucket pokey that grants road access to the S3 bucket
- B . Apply an IAM role to the Lambda function Apply an IAM policy to the role to grant read access to the S3 bucket
- C . Embed an access key and a secret key In the Lambda function’s coda to grant the required IAM permissions for read access to the S3 bucket
- D . Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to all S3 buckets In the account
B
Explanation:
This option is the most secure because it follows the principle of least privilege and grants only the necessary permissions to the Lambda function without exposing any credentials in the code. The IAM role can be configured as the Lambda function’s execution role and the IAM policy can specify the S3 bucket ARN and the s3:GetObject action12.
Option A is less secure because it grants read access to any principal that has access to the S3 bucket, which could be more than the Lambda function.
Option C is less secure because it embeds credentials in the code, which could be compromised or exposed.
Option D is less secure because it grants read access to all S3 buckets in the account, which could be more than what the Lambda function needs.
A company runs a stateful production application on Amazon EC2 instances. The application requires at least two EC2 instances to always be running.
A solutions architect needs to design a highly available and fault-tolerant architecture for the application. The solutions architect creates an Auto Scaling group of EC2 instances.
Which set of additional steps should the solutions architect take to meet these requirements?
- A . Set the Auto Scaling group’s minimum capacity to two. Deploy one On-Demand Instance in one Availability Zone and one On-Demand Instance in a second Availability Zone.
- B . Set the Auto Scaling group’s minimum capacity to four Deploy two On-Demand Instances in one Availability Zone and two On-Demand Instances in a second Availability Zone
- C . Set the Auto Scaling group’s minimum capacity to two. Deploy four Spot Instances in one Availability Zone.
- D . Set the Auto Scaling group’s minimum capacity to four Deploy two On-Demand Instances in one Availability Zone and two Spot Instances in a second Availability Zone.
A
Explanation:
Understanding the Requirement: The application is stateful and requires at least two EC2 instances to be running at all times, with a highly available and fault-tolerant architecture.
Analysis of Options:
Minimum capacity of two with instances in separate AZs: Ensures high availability by distributing instances across multiple AZs, fulfilling the requirement of always having two instances running.
Minimum capacity of four: Provides redundancy but is more than what is required and increases cost without additional benefit.
Spot Instances: Not suitable for a stateful application requiring guaranteed availability, as Spot Instances can be terminated at any time.
Combination of On-Demand and Spot Instances: Mixing instance types might provide cost savings but does not ensure the required availability for a stateful application.
Best Solution:
Minimum capacity of two with instances in separate AZs: This setup ensures high availability and meets the requirement with the least cost and complexity.
Reference: Amazon EC2 Auto Scaling
High Availability for Amazon EC2
A solutions architect is designing a user authentication solution for a company. The solution must invoke two-factor authentication for users that log in from inconsistent geographical locations. IP addresses, or devices. The solution must also be able to scale up to accommodate millions of users.
Which solution will meet these requirements’?
- A . Configure Amazon Cognito user pools for user authentication Enable the nsk-based adaptive authentication feature with multi-factor authentication (MFA)
- B . Configure Amazon Cognito identity pools for user authentication Enable multi-factor authentication (MFA).
- C . Configure AWS Identity and Access Management (1AM) users for user authentication Attach an 1AM policy that allows the AllowManageOwnUserMFA action
- D . Configure AWS 1AM Identity Center (AWS Single Sign-On) authentication for user authentication Configure the permission sets to require multi-factor authentication (MFA)
A
Explanation:
Amazon Cognito user pools provide a secure and scalable user directory for user authentication and management. User pools support various authentication methods, such as username and password, email and password, phone number and password, and social identity providers. User pools also support multi-factor authentication (MFA), which adds an extra layer of security by requiring users to provide a verification code or a biometric factor in addition to their credentials. User pools can also enable risk-based adaptive authentication, which dynamically adjusts the authentication challenge based on the risk level of the sign-in attempt. For example, if a user tries to sign in from an unfamiliar device or location, the user pool can require a stronger authentication factor, such as SMS or email verification code. This feature helps to protect user accounts from unauthorized access and reduce the friction for legitimate users. User pools can scale up to millions of users and integrate with other AWS services, such as Amazon SNS, Amazon SES, AWS Lambda, and AWS KMS.
Amazon Cognito identity pools provide a way to federate identities from multiple identity providers, such as user pools, social identity providers, and corporate identity providers. Identity pools allow users to access AWS resources with temporary, limited-privilege credentials. Identity pools do not provide user authentication or management features, such as MFA or adaptive authentication. Therefore, option B is not correct.
AWS Identity and Access Management (IAM) is a service that helps to manage access to AWS resources. IAM users are entities that represent people or applications that need to interact with AWS. IAM users can be authenticated with a password or an access key. IAM users can also enable MFA for their own accounts, by using the AllowManageOwnUserMFA action in an IAM policy. However, IAM users are not suitable for user authentication for web or mobile applications, as they are intended for administrative purposes. IAM users also do not support adaptive authentication based on risk factors. Therefore, option C is not correct.
AWS IAM Identity Center (AWS Single Sign-On) is a service that enables users to sign in to multiple AWS accounts and applications with a single set of credentials. AWS SSO supports various identity sources, such as AWS SSO directory, AWS Managed Microsoft AD, and external identity providers.
AWS SSO also supports MFA for user authentication, which can be configured in the permission sets that define the level of access for each user. However, AWS SSO does not support adaptive authentication based on risk factors. Therefore, option D is not correct.
Reference: Amazon Cognito User Pools
Adding Multi-Factor Authentication (MFA) to a User Pool
Risk-Based Adaptive Authentication
Amazon Cognito Identity Pools
IAM Users
Enabling MFA Devices
AWS Single Sign-On
How AWS SSO Works
A company hosts a three-tier ecommerce application on a fleet of Amazon EC2 instances. The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) All ecommerce data is stored in an Amazon RDS for ManaDB Multi-AZ DB instance
The company wants to optimize customer session management during transactions. The application must store session data durably
Which solutions will meet these requirements? (Select TWO)
- A . Turn on the sticky sessions feature (session affinity) on the ALB
- B . Use an Amazon DynamoDB table to store customer session information
- C . Deploy an Amazon Cognito user pool to manage user session information
- D . Deploy an Amazon ElastiCache for Redis cluster to store customer session information
- E . Use AWS Systems Manager Application Manager in the application to manage user session information
A, D
Explanation:
https://aws.amazon.com/caching/session-management/
A company is hosting a web application from an Amazon S3 bucket. The application uses Amazon Cognito as an identity provider lo authenticate users and return a JSON Web Token (JWT) that provides access to protected resources that am restored in another S3 bucket.
Upon deployment of the application, users report errors and are unable to access the protected content. A solutions architect must resolve this issue by providing proper permissions so that users can access the protected content.
Which solution meets these requirements?
- A . Update the Amazon Cognito identity pool to assume the proper IAM role for access to the protected consent.
- B . Update the S3 ACL to allow the application to access the protected content
- C . Redeploy the application to Amazon 33 to prevent eventually consistent reads m the S3 bucket from affecting the ability of users to access the protected content.
- D . Update the Amazon Cognito pool to use custom attribute mappings within tie Identity pool and grant users the proper permissions to access the protected content
A
Explanation:
Amazon Cognito identity pools assign your authenticated users a set of temporary, limited-privilege credentials to access your AWS resources. The permissions for each user are controlled through IAM roles that you create. https://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html
A company needs the ability to analyze the log files of its proprietary application. The logs are stored in JSON format in an Amazon S3 bucket Queries will be simple and will run on-demand A solutions architect needs to perform the analysis with minimal changes to the existing architecture
What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?
- A . Use Amazon Redshift to load all the content into one place and run the SQL queries as needed
- B . Use Amazon CloudWatch Logs to store the logs Run SQL queries as needed from the Amazon CloudWatch console
- C . Use Amazon Athena directly with Amazon S3 to run the queries as needed
- D . Use AWS Glue to catalog the logs Use a transient Apache Spark cluster on Amazon EMR to run the SQL queries as needed
C
Explanation:
Amazon Athena can be used to query JSON in S3
A company hosts an application on Amazon EC2 On-Demand Instances in an Auto Scaling group. Application peak hours occur at the same time each day. Application users report slow application performance at the start of peak hours. The application performs normally 2-3 hours after peak hours begin. The company wants to ensure that the application works properly at the start o* peak hours.
Which solution will meet these requirements?
- A . Configure an Application Load Balancer to distribute traffic properly to the Instances.
- B . Configure a dynamic scaling policy for the Auto Scaling group to launch new instances based on memory utilization
- C . Configure a dynamic scaling policy for the Auto Scaling group to launch new instances based on CPU utilization.
- D . Configure a scheduled scaling policy for the Auto Scaling group to launch new instances before peak hours.
D
Explanation:
Understanding the Requirement: The application experiences slow performance at the start of peak hours, but normalizes after a few hours. The goal is to ensure proper performance at the beginning of peak hours.
Analysis of Options:
Application Load Balancer: Ensures proper traffic distribution but does not address the need to have sufficient instances running at the start of peak hours.
Dynamic Scaling Policy Based on Memory or CPU Utilization: While dynamic scaling reacts to usage metrics, it may not preemptively scale in anticipation of peak hours, leading to delays as new instances are launched and become available.
Scheduled Scaling Policy: This allows the Auto Scaling group to launch instances ahead of time, ensuring that enough instances are available and ready to handle the increased load right at the start of peak hours.
Best Solution:
Scheduled Scaling Policy: This approach ensures that new instances are launched and ready before peak hours begin, addressing the slow performance issue at the start of peak periods.
Reference: Scheduled Scaling for Amazon EC2 Auto Scaling