22/03/2024, 16:27 AWS Certified Solutions Architect - Associate SAA-C03 Exam - Free Exam Q&As, Page 40 | ExamTopics
- Expert Verified, Online, Free.
Want to Unlock All Questions for this Exam?
Full Exam Access, Discussions, No Robots Checks
Get Contributor Access
27 Students signed up in the last 24H
Custom View Settings
Question #391 Topic 1
A company needs a backup strategy for its three-tier stateless web application. The web application runs on Amazon EC2 instances in an Auto
Scaling group with a dynamic scaling policy that is configured to respond to scaling events. The database tier runs on Amazon RDS for
PostgreSQL. The web application does not require temporary local storage on the EC2 instances. The company’s recovery point objective (RPO) is
2 hours.
The backup strategy must maximize scalability and optimize resource utilization for this environment.
Which solution will meet these requirements?
A. Take snapshots of Amazon Elastic Block Store (Amazon EBS) volumes of the EC2 instances and database every 2 hours to meet the RPO.
B. Configure a snapshot lifecycle policy to take Amazon Elastic Block Store (Amazon EBS) snapshots. Enable automated backups in Amazon
RDS to meet the RPO. Most Voted
C. Retain the latest Amazon Machine Images (AMIs) of the web and application tiers. Enable automated backups in Amazon RDS and use
point-in-time recovery to meet the RPO. Most Voted
D. Take snapshots of Amazon Elastic Block Store (Amazon EBS) volumes of the EC2 instances every 2 hours. Enable automated backups in
Amazon RDS and use point-in-time recovery to meet the RPO.
Correct Answer: D
Community vote distribution
C (84%) Other
https://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-associate-saa-c03/view/40/ 1/6
�22/03/2024, 16:27 AWS Certified Solutions Architect - Associate SAA-C03 Exam - Free Exam Q&As, Page 40 | ExamTopics
Question #392 Topic 1
A company wants to deploy a new public web application on AWS. The application includes a web server tier that uses Amazon EC2 instances.
The application also includes a database tier that uses an Amazon RDS for MySQL DB instance.
The application must be secure and accessible for global customers that have dynamic IP addresses.
How should a solutions architect configure the security groups to meet these requirements?
A. Configure the security group for the web servers to allow inbound traffic on port 443 from 0.0.0.0/0. Configure the security group for the DB
instance to allow inbound traffic on port 3306 from the security group of the web servers. Most Voted
B. Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers. Configure the
security group for the DB instance to allow inbound traffic on port 3306 from the security group of the web servers.
C. Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers. Configure the
security group for the DB instance to allow inbound traffic on port 3306 from the IP addresses of the customers.
D. Configure the security group for the web servers to allow inbound traffic on port 443 from 0.0.0.0/0. Configure the security group for the DB
instance to allow inbound traffic on port 3306 from 0.0.0.0/0.
Correct Answer: A
Community vote distribution
A (78%) B (22%)
Question #393 Topic 1
A payment processing company records all voice communication with its customers and stores the audio files in an Amazon S3 bucket. The
company needs to capture the text from the audio files. The company must remove from the text any personally identifiable information (PII) that
belongs to customers.
What should a solutions architect do to meet these requirements?
A. Process the audio files by using Amazon Kinesis Video Streams. Use an AWS Lambda function to scan for known PII patterns.
B. When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start an Amazon Textract task to analyze the call
recordings.
C. Configure an Amazon Transcribe transcription job with PII redaction turned on. When an audio file is uploaded to the S3 bucket, invoke an
AWS Lambda function to start the transcription job. Store the output in a separate S3 bucket. Most Voted
D. Create an Amazon Connect contact flow that ingests the audio files with transcription turned on. Embed an AWS Lambda function to scan
for known PII patterns. Use Amazon EventBridge to start the contact flow when an audio file is uploaded to the S3 bucket.
Correct Answer: C
Community vote distribution
C (100%)
https://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-associate-saa-c03/view/40/ 2/6
�22/03/2024, 16:27 AWS Certified Solutions Architect - Associate SAA-C03 Exam - Free Exam Q&As, Page 40 | ExamTopics
Question #394 Topic 1
A company is running a multi-tier ecommerce web application in the AWS Cloud. The application runs on Amazon EC2 instances with an Amazon
RDS for MySQL Multi-AZ DB instance. Amazon RDS is configured with the latest generation DB instance with 2,000 GB of storage in a General
Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume. The database performance affects the application during periods of high
demand.
A database administrator analyzes the logs in Amazon CloudWatch Logs and discovers that the application performance always degrades when
the number of read and write IOPS is higher than 20,000.
What should a solutions architect do to improve the application performance?
A. Replace the volume with a magnetic volume.
B. Increase the number of IOPS on the gp3 volume. Most Voted
C. Replace the volume with a Provisioned IOPS SSD (io2) volume. Most Voted
D. Replace the 2,000 GB gp3 volume with two 1,000 GB gp3 volumes. Most Voted
Correct Answer: C
Community vote distribution
D (44%) B (40%) C (16%)
Question #395 Topic 1
An IAM user made several configuration changes to AWS resources in their company's account during a production deployment last week. A
solutions architect learned that a couple of security group rules are not configured as desired. The solutions architect wants to confirm which IAM
user was responsible for making changes.
Which service should the solutions architect use to find the desired information?
A. Amazon GuardDuty
B. Amazon Inspector
C. AWS CloudTrail Most Voted
D. AWS Config
Correct Answer: B
Community vote distribution
C (100%)
https://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-associate-saa-c03/view/40/ 3/6
�22/03/2024, 16:27 AWS Certified Solutions Architect - Associate SAA-C03 Exam - Free Exam Q&As, Page 40 | ExamTopics
Question #396 Topic 1
A company has implemented a self-managed DNS service on AWS. The solution consists of the following:
• Amazon EC2 instances in different AWS Regions
• Endpoints of a standard accelerator in AWS Global Accelerator
The company wants to protect the solution against DDoS attacks.
What should a solutions architect do to meet this requirement?
A. Subscribe to AWS Shield Advanced. Add the accelerator as a resource to protect. Most Voted
B. Subscribe to AWS Shield Advanced. Add the EC2 instances as resources to protect.
C. Create an AWS WAF web ACL that includes a rate-based rule. Associate the web ACL with the accelerator.
D. Create an AWS WAF web ACL that includes a rate-based rule. Associate the web ACL with the EC2 instances.
Correct Answer: A
Community vote distribution
A (96%) 4%
Question #397 Topic 1
An ecommerce company needs to run a scheduled daily job to aggregate and filter sales records for analytics. The company stores the sales
records in an Amazon S3 bucket. Each object can be up to 10 GB in size. Based on the number of sales events, the job can take up to an hour to
complete. The CPU and memory usage of the job are constant and are known in advance.
A solutions architect needs to minimize the amount of operational effort that is needed for the job to run.
Which solution meets these requirements?
A. Create an AWS Lambda function that has an Amazon EventBridge notification. Schedule the EventBridge event to run once a day.
B. Create an AWS Lambda function. Create an Amazon API Gateway HTTP API, and integrate the API with the function. Create an Amazon
EventBridge scheduled event that calls the API and invokes the function.
C. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an AWS Fargate launch type. Create an Amazon EventBridge
scheduled event that launches an ECS task on the cluster to run the job. Most Voted
D. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type and an Auto Scaling group with at least
one EC2 instance. Create an Amazon EventBridge scheduled event that launches an ECS task on the cluster to run the job.
Correct Answer: C
Community vote distribution
C (100%)
https://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-associate-saa-c03/view/40/ 4/6
�22/03/2024, 16:27 AWS Certified Solutions Architect - Associate SAA-C03 Exam - Free Exam Q&As, Page 40 | ExamTopics
Question #398 Topic 1
A company needs to transfer 600 TB of data from its on-premises network-attached storage (NAS) system to the AWS Cloud. The data transfer
must be complete within 2 weeks. The data is sensitive and must be encrypted in transit. The company’s internet connection can support an
upload speed of 100 Mbps.
Which solution meets these requirements MOST cost-effectively?
A. Use Amazon S3 multi-part upload functionality to transfer the files over HTTPS.
B. Create a VPN connection between the on-premises NAS system and the nearest AWS Region. Transfer the data over the VPN connection.
C. Use the AWS Snow Family console to order several AWS Snowball Edge Storage Optimized devices. Use the devices to transfer the data to
Amazon S3. Most Voted
D. Set up a 10 Gbps AWS Direct Connect connection between the company location and the nearest AWS Region. Transfer the data over a VPN
connection into the Region to store the data in Amazon S3.
Correct Answer: B
Community vote distribution
C (100%)
Question #399 Topic 1
A financial company hosts a web application on AWS. The application uses an Amazon API Gateway Regional API endpoint to give users the
ability to retrieve current stock prices. The company’s security team has noticed an increase in the number of API requests. The security team is
concerned that HTTP flood attacks might take the application offline.
A solutions architect must design a solution to protect the application from this type of attack.
Which solution meets these requirements with the LEAST operational overhead?
A. Create an Amazon CloudFront distribution in front of the API Gateway Regional API endpoint with a maximum TTL of 24 hours.
B. Create a Regional AWS WAF web ACL with a rate-based rule. Associate the web ACL with the API Gateway stage. Most Voted
C. Use Amazon CloudWatch metrics to monitor the Count metric and alert the security team when the predefined rate is reached.
D. Create an Amazon CloudFront distribution with Lambda@Edge in front of the API Gateway Regional API endpoint. Create an AWS Lambda
function to block requests from IP addresses that exceed the predefined rate.
Correct Answer: B
Community vote distribution
B (100%)
https://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-associate-saa-c03/view/40/ 5/6
�22/03/2024, 16:27 AWS Certified Solutions Architect - Associate SAA-C03 Exam - Free Exam Q&As, Page 40 | ExamTopics
Question #400 Topic 1
A meteorological startup company has a custom web application to sell weather data to its users online. The company uses Amazon DynamoDB
to store its data and wants to build a new service that sends an alert to the managers of four internal teams every time a new weather event is
recorded. The company does not want this new service to affect the performance of the current application.
What should a solutions architect do to meet these requirements with the LEAST amount of operational overhead?
A. Use DynamoDB transactions to write new event data to the table. Configure the transactions to notify internal teams.
B. Have the current application publish a message to four Amazon Simple Notification Service (Amazon SNS) topics. Have each team
subscribe to one topic.
C. Enable Amazon DynamoDB Streams on the table. Use triggers to write to a single Amazon Simple Notification Service (Amazon SNS) topic
to which the teams can subscribe. Most Voted
D. Add a custom attribute to each record to flag new items. Write a cron job that scans the table every minute for items that are new and
notifies an Amazon Simple Queue Service (Amazon SQS) queue to which the teams can subscribe.
Correct Answer: C
Community vote distribution
C (100%)
Previous Questions Next Questions
https://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-associate-saa-c03/view/40/ 6/6
