Free Amazon SAA-C03 Exam Questions

Question 1

A company needs an automated solution to detect cryptocurrency mining activity on Amazon EC2 instances.The solution must automatically isolate any identified EC2 instances for forensic analysis.Which solution will meet these requirements?

A : Create an Amazon EventBridge rule that runs when Amazon GuardDuty detects cryptocurrency mining activity. Configure the rule to invoke an AWS Lambda function to isolate the identified EC2 instances.

B : Create an AWS Security Hub custom action that runs when Amazon GuardDuty detects cryptocurrency mining activity. Configure the custom action to invoke an AWS Lambda function to isolate the identified EC2 instances.

C : Create an Amazon Inspector rule that runs when Amazon GuardDuty detects cryptocurrency mining activity. Configure the rule to invoke an AWS Lambda function to isolate the identified EC2 instances.

D : Create an AWS Config custom rule that runs when AWS Config detects cryptocurrency mining activity. Configure the rule to invoke an AWS Lambda function to isolate the identified EC2 instances.

Answer: A

Question 2

A company runsmultiple applications on Amazon EC2 instances in a VPC.Application Aruns in aprivate subnetthat has acustom route table and network ACL.Application Bruns in asecond private subnet in the same VPC.The companyneeds to prevent Application A from sending traffic to Application B.Which solution will meet this requirement?

A : Add adeny outbound ruleto asecurity group associated with Application B. Configure the rule toprevent Application B from sending traffic to Application A.

B : Add adeny outbound ruleto asecurity group associated with Application A. Configure the rule toprevent Application A from sending traffic to Application B.

C : Add adeny outbound ruleto thecustom network ACL for the Application B subnet. Configure the rule toprevent Application B from sending traffic to the IP addresses associated with Application A.

D : Add adeny outbound ruleto thecustom network ACL for the Application A subnet. Configure the rule toprevent Application A from sending traffic to the IP addresses associated with Application B.

Answer: D

Question 3

A company is building a serverless application to process clickstream data from its website. The clickstreamdata is sent to an Amazon Kinesis Data Streams data stream from the application web servers.The company wants to enrich the clickstream data by joining the clickstream data with customer profile datafrom an Amazon Aurora Multi-AZ database. The company wants to use Amazon Redshift to analyze theenriched data. The solution must be highly available.Which solution will meet these requirements?

A : Use an AWS Lambda function to process and enrich the clickstream data. Use the same Lambda function to write the clickstream data to Amazon S3. Use Amazon Redshift Spectrum to query the enriched data in Amazon S3.

B : Use an Amazon EC2 Spot Instance to poll the data stream and enrich the clickstream data. Configure the EC2 instance to use the COPY command to send the enriched results to Amazon Redshift.

C : Use an Amazon Elastic Container Service (Amazon ECS) task with AWS Fargate Spot capacity to poll the data stream and enrich the clickstream data. Configure an Amazon EC2 instance to use the COPY command to send the enriched results to Amazon Redshift.

D : Use Amazon Kinesis Data Firehose to load the clickstream data from Kinesis Data Streams to Amazon S3. Use AWS Glue crawlers to infer the schema and populate the AWS Glue Data Catalog. Use Amazon Athena to query the raw data in Amazon S3.

Answer: A

Question 4

A company requires all the data stored in the cloud to be encrypted at rest. To easily integrate this with other AWS services, they must have full control over the encryption of the created keys and also the ability to immediately remove the key material from AWS KMS. The solution should also be able to audit the key usage independently of AWS CloudTrail.

Which of the following options will meet this requirement?

A : AWS Key Management Service to create a CMK in a custom key store and store the non-extractable key material in AWS CloudHSM.

B : AWS Key Management Service to create AWS-owned CMKs and store the non-extractable key material in AWS CloudHSM.

C : Use AWS Key Management Service to create AWS-managed CMKs and store the non-extractable key material in AWS CloudHSM.

D : AWS Key Management Service to create a CMK in a custom key store and store the non-extractable key material in Amazon S3.

Answer: A

Question 5

A company wants to run a hybrid workload for data processing. The data needs to be accessed by on-premisesapplications for local data processing using an NFS protocol, and must also be accessible from the AWSCloud for further analytics and batch processing.Which solution will meet these requirements?

A : Use an AWS Storage Gateway file gateway to provide file storage to AWS, then perform analytics on this data in the AWS Cloud.

B : Use an AWS Storage Gateway tape gateway to copy the backup of the local data to AWS, then perform analytics on this data in the AWS Cloud.

C : Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AWS.

D : Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS Cloud, then perform analytics on this data in the cloud

Answer: A