https://www.certbus.com/saa-c03.

html
2024 Latest certbus SAA-C03 PDF and VCE dumps Download

SAA-C03Q&As
AWS Certified Solutions Architect - Associate (SAA-C03)

Pass Amazon SAA-C03 Exam with 100% Guarantee

Free Download Real Questions & Answers PDF and VCE file from:

https://www.certbus.com/saa-c03.html

100% Passing Guarantee

100% Money Back Assurance

Following Questions and Answers are all new published by Amazon

Official Exam Center

SAA-C03 VCE Dumps | SAA-C03 Practice Test | SAA-C03 Braindumps 1/9

 https://www.certbus.com/saa-c03.html
2024 Latest certbus SAA-C03 PDF and VCE dumps Download

QUESTION 1

A company runs a three-tier web application in the AWS Cloud that operates across three Availability Zones. The
application architecture has an Application Load Balancer, an Amazon EC2 web server that hosts user session states,
and a MySQL database that runs on an EC2 instance. The company expects sudden increases in application traffic.
The company wants to be able to scale to meet future application capacity demands and to ensure high availability
across all three Availability Zones.

Which solution will meet these requirements?

A. Migrate the MySQL database to Amazon RDS for MySQL with a Multi-AZ DB cluster deployment. Use Amazon
ElastiCache for Redis with high availability to store session data and to cache reads. Migrate the web server to an Auto
Scaling group that is in three Availability Zones.

B. Migrate the MySQL database to Amazon RDS for MySQL with a Multi-AZ DB cluster deployment. Use Amazon
ElastiCache for Memcached with high availability to store session data and to cache reads. Migrate the web server to an
Auto Scaling group that is in three Availability Zones.

C. Migrate the MySQL database to Amazon DynamoDB Use DynamoDB Accelerator (DAX) to cache reads. Store the
session data in DynamoDB. Migrate the web server to an Auto Scaling group that is in three Availability Zones.

D. Migrate the MySQL database to Amazon RDS for MySQL in a single Availability Zone. Use Amazon ElastiCache for
Redis with high availability to store session data and to cache reads. Migrate the web server to an Auto Scaling group
that is in three Availability Zones.

Correct Answer: A

Memcached is best suited for caching data, while Redis is better for storing data that needs to be persisted. If you need
to store data that needs to be accessed frequently, such as user profiles, session data, and application settings, then
Redis is the better choice

QUESTION 2

A company wants to run applications in containers in the AWS Cloud. These applications are stateless and can tolerate
disruptions within the underlying infrastructure. The company needs a solution that minimizes cost and operational
overhead.

What should a solutions architect do to meet these requirements?

A. Use Spot Instances in an Amazon EC2 Auto Scaling group to run the application containers.

B. Use Spot Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.

C. Use On-Demand Instances in an Amazon EC2 Auto Scaling group to run the application containers.

D. Use On-Demand Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.

Correct Answer: B

https://aws.amazon.com/about-aws/whats-new/2020/12/amazon-eks-support-ec2-spot-instances-managed-node-
groups/

SAA-C03 VCE Dumps | SAA-C03 Practice Test | SAA-C03 Braindumps 2/9

 https://www.certbus.com/saa-c03.html
2024 Latest certbus SAA-C03 PDF and VCE dumps Download

QUESTION 3

A company wants to provide data scientists with near real-time read-only access to the company\\'s production Amazon
RDS for PostgreSQL database. The database is currently configured as a Single-AZ database. The data scientists use
complex queries that will not affect the production database. The company needs a solution that is highly available.

Which solution will meet these requirements MOST cost-effectively?

A. Scale the existing production database in a maintenance window to provide enough power for the data scientists.

B. Change the setup from a Single-AZ to a Multi-AZ instance deployment with a larger secondary standby instance.
Provide the data scientists access to the secondary instance.

C. Change the setup from a Single-AZ to a Multi-AZ instance deployment. Provide two additional read replicas for the
data scientists.

D. Change the setup from a Single-AZ to a Multi-AZ cluster deployment with two readable standby instances. Provide
read endpoints to the data scientists.

Correct Answer: D

Amazon RDS now offers Multi-AZ deployments with readable standby instances (also called Multi-AZ DB cluster
deployments) in preview. You should consider using Multi-AZ DB cluster deployments with two readable DB instances if
you need additional read capacity in your Amazon RDS Multi-AZ deployment and if your application workload has strict
transaction latency requirements such as single-digit milliseconds transactions.

https://aws.amazon.com/blogs/database/readable-standby-instances-in-amazon-rds-multi-az-deployments-a-new-high-
availability-option/

QUESTION 4

A global video streaming company uses Amazon CloudFront as a content distribution network (CDN). The company
wants to roll out content in a phased manner across multiple countries. The company needs to ensure that viewers who
are outside the countries to which the company rolls out content are not able to view the content.

Which solution will meet these requirements?

A. Add geographic restrictions to the content in CloudFront by using an allow list. Set up a custom error message.

B. Set up a new URL tor restricted content. Authorize access by using a signed URL and cookies. Set up a custom error
message.

C. Encrypt the data for the content that the company distributes. Set up a custom error message.

D. Create a new URL for restricted content. Set up a time-restricted access policy for signed URLs.

Correct Answer: A

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html

QUESTION 5

A company hosts a three-tier web application that includes a PostgreSQL database. The database stores the metadata

SAA-C03 VCE Dumps | SAA-C03 Practice Test | SAA-C03 Braindumps 3/9

 https://www.certbus.com/saa-c03.html
2024 Latest certbus SAA-C03 PDF and VCE dumps Download

from documents. The company searches the metadata for key terms to retrieve documents that the company reviews in
a report each month. The documents are stored in Amazon S3. The documents are usually written only once, but they
are updated frequently.

The reporting process takes a few hours with the use of relational queries. The reporting process must not prevent any
document modifications or the addition of new documents. A solutions architect needs to implement a solution to speed
up the reporting process.

Which solution will meet these requirements with the LEAST amount of change to the application code?

A. Set up a new Amazon DocumentDB (with MongoDB compatibility) cluster that includes a read replica. Scale the read
replica to generate the reports.

B. Set up a new Amazon Aurora PostgreSQL DB cluster that includes an Aurora Replica. Issue queries to the Aurora
Replica to generate the reports.

C. Set up a new Amazon RDS for PostgreSQL Multi-AZ DB instance. Configure the reporting module to query the
secondary RDS node so that the reporting module does not affect the primary node.

D. Set up a new Amazon DynamoDB table to store the documents. Use a fixed write capacity to support new document
entries. Automatically scale the read capacity to support the reports.

Correct Answer: B

Aurora is a relational database, it supports PostgreSQL and with the help of read replicas we can issue the reporting
proccess that take several hours to the replica, therefore not affecting the primary node which can handle new writes or
document modifications.

QUESTION 6

A company has a custom application with embedded credentials that retrieves information from an Amazon RDS
MySQL DB instance. Management says the application must be made more secure with the least amount of
programming effort.

What should a solutions architect do to meet these requirements?

A. Use AWS Key Management Service (AWS KMS) customer master keys (CMKs) to create keys. Configure the
application to load the database credentials from AWS KMS. Enable automatic key rotation.

B. Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets
Manager. Configure the application to load the database credentials from Secrets Manager. Create an AWS Lambda
function that rotates the credentials in Secret Manager.

C. Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS
Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Set up a
credentials rotation schedule for the application user in the RDS for MySQL database using Secrets Manager.

D. Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS
Systems Manager Parameter Store. Configure the application to load the database credentials from Parameter Store.
Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Parameter Store.

Correct Answer: C

C is a valid solution for securing the custom application with the least amount of programming effort. It involves creating
credentials on the RDS for MySQL database for the application user and storing them in AWS Secrets Manager. The

SAA-C03 VCE Dumps | SAA-C03 Practice Test | SAA-C03 Braindumps 4/9

 https://www.certbus.com/saa-c03.html
2024 Latest certbus SAA-C03 PDF and VCE dumps Download

application can then be configured to load the database credentials from Secrets Manager. Additionally, the solution
includes setting up a credentials rotation schedule for the application user in the RDS for MySQL database using
Secrets Manager, which will automatically rotate the credentials at a specified interval without requiring any
programming effort.

QUESTION 7

A company has hired an external vendor to perform work in the company\\'s AWS account. The vendor uses an
automated tool that is hosted in an AWS account that the vendor owns. The vendor does not have IAM access to the
company\\'s AWS account.

How should a solutions architect grant this access to the vendor?

A. Create an IAM role in the company\\'s account to delegate access to the vendor\\'s IAM role. Attach the appropriate
IAM policies to the role for the permissions that the vendor requires.

B. Create an IAM user in the company\\'s account with a password that meets the password complexity requirements.
Attach the appropriate IAM policies to the user for the permissions that the vendor requires.

C. Create an IAM group in the company\\'s account. Add the tool\\'s IAM user from the vendor account to the group.
Attach the appropriate IAM policies to the group for the permissions that the vendor requires.

D. Create a new identity provider by choosing "AWS account" as the provider type in the IAM console. Supply the
vendor\\'s AWS account ID and user name. Attach the appropriate IAM policies to the new provider for the permissions
that the vendor requires.

Correct Answer: A

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html

QUESTION 8

A company hosts an application on multiple Amazon EC2 instances The application processes messages from an
Amazon SQS queue writes to an Amazon RDS table and deletes the message from the queue Occasional duplicate
records are found in the RDS table. The SQS queue does not contain any duplicate messages.

What should a solutions architect do to ensure messages are being processed once only?

A. Use the CreateQueue API call to create a new queue

B. Use the Add Permission API call to add appropriate permissions

C. Use the ReceiveMessage API call to set an appropriate wail time

D. Use the ChangeMessageVisibility APi call to increase the visibility timeout

Correct Answer: D

The visibility timeout begins when Amazon SQS returns a message. During this time, the consumer processes and
deletes the message. However, if the consumer fails before deleting the message and your system doesn\\'t call the
DeleteMessage action for that message before the visibility timeout expires, the message becomes visible to other
consumers and the message is received again. If a message must be received only once, your consumer should delete
it within the duration of the visibility timeout.

SAA-C03 VCE Dumps | SAA-C03 Practice Test | SAA-C03 Braindumps 5/9

 https://www.certbus.com/saa-c03.html
2024 Latest certbus SAA-C03 PDF and VCE dumps Download

https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html

Keyword: SQS queue writes to an Amazon RDS From this, Option D best suite andamp; other Options ruled out [Option
A-You can\\'t intruduce one more Queue in the existing one; Option B-only Permission andamp; Option C-Only
Retrieves Messages] FIF O queues are designed to never introduce duplicate messages. However, your message
producer might introduce duplicates in certain scenarios: for example, if the producer sends a message, does not
receive a response, and then resends the same message. Amazon SQS APIs provide deduplication functionality that
prevents your message producer from sending duplicates. Any duplicates introduced by the message producer are
removed within a 5-minute deduplication interval. For standard queues, you might occasionally receive a duplicate copy
of a message (at-least-once delivery). If you use a standard queue, you must design your applications to be idempotent
(that is, they must not be affected adversely when processing the same message more than once).

QUESTION 9

A company is planning to deploy its application on an Amazon Aurora PostgreSQL Serverless v2 cluster. The
application will receive large amounts of traffic. The company wants to optimize the storage performance of the cluster
as the load on the application increases.

Which solution will meet these requirements MOST cost-effectively?

A. Configure the cluster to use the Aurora Standard storage configuration.

B. Configure the cluster storage type as Provisioned IOPS.

C. Configure the cluster storage type as General Purpose.

D. Configure the cluster to use the Aurora I/O-Optimized storage configuration.

Correct Answer: D

Aurora I/O-Optimized ?Improved price performance and predictability for I/O-intensive applications. You pay only for the
usage and storage of your DB clusters, with no additional charges for read and write I/O operations.

QUESTION 10

A company needs a solution to prevent photos with unwanted content from being uploaded to the company\\'s web
application. The solution must not involve training a machine learning (ML) model. Which solution will meet these
requirements?

A. Create and deploy a model by using Amazon SageMaker Autopilot. Create a real-time endpoint that the web
application invokes when new photos are uploaded.

B. Create an AWS Lambda function that uses Amazon Rekognition to detect unwanted content. Create a Lambda
function URL that the web application invokes when new photos are uploaded.

C. Create an Amazon CloudFront function that uses Amazon Comprehend to detect unwanted content. Associate the
function with the web application.

D. Create an AWS Lambda function that uses Amazon Rekognition Video to detect unwanted content. Create a Lambda
function URL that the web application invokes when new photos are uploaded.

Correct Answer: B

SAA-C03 VCE Dumps | SAA-C03 Practice Test | SAA-C03 Braindumps 6/9

 https://www.certbus.com/saa-c03.html
2024 Latest certbus SAA-C03 PDF and VCE dumps Download

Rekognition: for image and video analysis Comprehend: natural language processing model for uncovering insights and
connections in text Sagemaker Autopilot: feature set that simplifies and accelerates and automates the various stages
of the machine learning workflow

QUESTION 11

A company hostss a three application on Amazon EC2 instances in a single Availability Zone. The web application uses
a self-managed MySQL database that is hosted on an EC2 instances to store data in an Amazon Elastic Block Store
(Amazon EBS) volumn. The MySQL database currently uses a 1 TB Provisioned IOPS SSD (io2) EBS volume. The
company expects traffic of 1,000 IOPS for both reads and writes at peak traffic.

The company wants to minimize any distruptions, stabilize perperformace, and reduce costs while retaining the capacity
for double the IOPS. The company wants to more the database tier to a fully managed solution that is highly available
and fault tolerant.

Which solution will meet these requirements MOST cost-effectively?

A. Use a Multi-AZ deployment of an Amazon RDS for MySQL DB instance with an io2 Block Express EBS volume.

B. Use a Multi-AZ deployment of an Amazon RDS for MySQL DB instance with a General Purpose SSD (gp2) EBS
volume.

C. Use Amazon S3 Intelligent-Tiering access tiers.

D. Use two large EC2 instances to host the database in active-passive mode.

Correct Answer: B

Amazon RDS provides three storage types: General Purpose SSD (also known as gp2 and gp3), Provisioned IOPS
SSD (also known as io1), and magnetic (also known as standard). They differ in performance characteristics and price,
which means that you can tailor your storage performance and cost to the needs of your database workload. You can
create MySQL, MariaDB, Oracle, and PostgreSQL RDS DB instances with up to 64 tebibytes (TiB) of storage. You can
create SQL Server RDS DB instances with up to 16 TiB of storage. For this amount of storage, use the Provisioned
IOPS SSD and General Purpose SSD storage types.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html

QUESTION 12

A company is designing an application. The application uses an AWS Lambda function to receive information through
Amazon API Gateway and to store the information in an Amazon Aurora PostgreSQL database.

During the proof-of-concept stage, the company has to increase the Lambda quotas significantly to handle the high
volumes of data that the company needs to load into the database. A solutions architect must recommend a new design
to

improve scalability and minimize the configuration effort.

Which solution will meet these requirements?

A. Refactor the Lambda function code to Apache Tomcat code that runs on Amazon EC2 instances. Connect the
database by using native Java Database Connectivity (JDBC) drivers.

SAA-C03 VCE Dumps | SAA-C03 Practice Test | SAA-C03 Braindumps 7/9

 https://www.certbus.com/saa-c03.html
2024 Latest certbus SAA-C03 PDF and VCE dumps Download

B. Change the platform from Aurora to Amazon DynamoDB. Provision a DynamoDB Accelerator (DAX) cluster. Use the
DAX client SDK to point the existing DynamoDB API calls at the DAX cluster.

C. Set up two Lambda functions. Configure one function to receive the information. Configure the other function to load
the information into the database. Integrate the Lambda functions by using Amazon Simple Notification Service
(Amazon SNS).

D. Set up two Lambda functions. Configure one function to receive the information. Configure the other function to load
the information into the database. Integrate the Lambda functions by using an Amazon Simple Queue Service (Amazon
SQS) queue.

Correct Answer: D

A - refactoring can be a solution, BUT requires a LOT of effort - not the answer

B - DynamoDB is NoSQL and Aurora is SQL, so it requires a DB migration... again a LOT of effort, so no the answer

C and D are similar in structure, but...

C uses SNS, which would notify the 2nd Lambda function... provoking the same bottleneck... not the solution

D uses SQS, so the 2nd lambda function can go to the queue when responsive to keep with the DB load process.

Usually the app decoupling helps with the performance improvement by distributing load. In this case, the bottleneck is
solved by uses queues... so D is the answer.

QUESTION 13

A payment processing company records all voice communication with its customers and stores the audio files in an
Amazon S3 bucket. The company needs to capture

the text from the audio files. The company must remove from the text any personally identifiable information (Pll) that
belongs to customers.

What should a solutions architect do to meet these requirements?

A. Process the audio files by using Amazon Kinesis Video Streams. Use an AWS Lambda function to scan for known Pll
patterns.

B. When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start an Amazon Textract task
to analyze the call recordings.

C. Configure an Amazon Transcribe transcription job with Pll redaction turned on. When an audio file is uploaded to the
S3 bucket, invoke an AWS Lambda function to start the transcription job. Store the output in a separate S3 bucket.

D. Create an Amazon Connect contact flow that ingests the audio files with transcription turned on. Embed an AWS
Lambda function to scan for known Pll patterns. Use Amazon EventBridge (Amazon CloudWatch Events) to start the
contact flow when an audio file is uploaded to the S3 bucket.

Correct Answer: C

it suggests using Amazon Transcribe with PII redaction turned on. When an audio file is uploaded to the S3 bucket, an
AWS Lambda function can be used to start the transcription job. The output can be stored in a separate S3 bucket to
ensure that the PII redaction is applied to the transcript. Amazon Transcribe can redact PII such as credit card numbers,
social security numbers, and phone numbers.

SAA-C03 VCE Dumps | SAA-C03 Practice Test | SAA-C03 Braindumps 8/9

 https://www.certbus.com/saa-c03.html
2024 Latest certbus SAA-C03 PDF and VCE dumps Download

QUESTION 14

A company is migrating applications from an on-premises Microsoft Active Directory that the company manages to
AWS. The company deploys the applications in multiple AWS accounts. The company uses AWS Organizations to
manage

the accounts centrally.

The company\\'s security team needs a single sign-on solution across all the company\\'s AWS accounts. The company
must continue to manage users and groups that are in the on-premises Active Directory.

Which solution will meet these requirements?

A. Create an Enterprise Edition Active Directory in AWS Directory Service for Microsoft Active Directory. Configure the
Active Directory to be the identity source for AWS IAM Identity Center.

B. Enable AWS IAM Identity Center. Configure a two-way forest trust relationship to connect the company\\'s self-
managed Active Directory with IAM Identity Center by using AWS Directory Service for Microsoft Active Directory.

C. Use AWS Directory Service and create a two-way trust relationship with the company\\'s self-managed Active
Directory.

D. Deploy an identity provider (IdP) on Amazon EC2. Link the IdP as an identity source within AWS IAM Identity
Center.

Correct Answer: B

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html

QUESTION 15

A company is storing sensitive user information in an Amazon S3 bucket The company wants to provide secure access
to this bucket from the application tier running on Ama2on EC2 instances inside a VPC. Which combination of steps
should a solutions architect take to accomplish this? (Select TWO.)

A. Configure a VPC gateway endpoint for Amazon S3 within the VPC

B. Create a bucket policy to make the objects to the S3 bucket public

C. Create a bucket policy that limits access to only the application tier running in the VPC

D. Create an IAM user with an S3 access policy and copy the IAM credentials to the EC2 instance

E. Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket

Correct Answer: AC

https://aws.amazon.com/premiumsupport/knowledge-center/s3-private-connection-no-authentication/

SAA-C03 VCE Dumps SAA-C03 Practice Test SAA-C03 Braindumps

SAA-C03 VCE Dumps | SAA-C03 Practice Test | SAA-C03 Braindumps 9/9

Powered by TCPDF (www.tcpdf.org)