Free Amazon SAA-C03 Exam Questions

Question 1

A company is developing a new application on AWS. The application consists of an Amazon Elastic Container Service (Amazon ECS) cluster, an Amazon S3 bucket that contains assets for the application, and an Amazon RDS for MySQL database that contains the dataset for the application. The dataset contains sensitive information. The company wants to ensure that only the ECS cluster can access the data in the RDS for MySQL database and the data in the S3 bucket.

Which solution will meet these requirements?

A : Create a new AWS Key Management Service (AWS KMS) customer managed key to encrypt both the S3 bucket and the RDS for MySQL database. Ensure that the KMS key policy includes encrypt and decrypt permissions for the ECS task execution role.

B : Create an AWS Key Management Service (AWS KMS) AWS managed key to encrypt both the S3 bucket and the RDS for MySQL database. Ensure that the S3 bucket policy specifies the ECS task execution role as a user.

C : Create an S3 bucket policy that restricts bucket access to the ECS task execution role. Create a VPC endpoint for Amazon RDS for MySQL. Update the RDS for MySQL security group to allow access from only the subnets that the ECS cluster will generate tasks in.

D : Create a VPC endpoint for Amazon RDS for MySQL. Update the RDS for MySQL security group to allow access from only the subnets that the ECS cluster will generate tasks in. Create a VPC endpoint for Amazon S3. Update the S3 bucket policy to allow access from only the S3 VPC endpoint.

Answer: A

Question 2

A company is performing a security review of its Amazon EMR API usage. The company's developers use an integrated development environment (IDE) that is hosted on Amazon EC2 instances. The IDE is configured to authenticate users to AWS by using access keys. Traffic between the company's EC2 instances and EMR cluster uses public IP addresses. A solutions architect needs to improve the company's overall security posture. The solutions architect needs to reduce the company's use of long-term credentials and to limit the amount of communication that uses public IP addresses. Which combination of steps will MOST improve the security of the company's architecture? (Select TWO.)

A : Set up a gateway endpoint to the EMR cluster.

B : Set up interface VPC endpoints to connect to the EMR cluster.

C : Set up a private NAT gateway to connect to the EMR cluster.

D : Set up IAM roles for the developers to use to connect to the Amazon EMR API.

E : Set up AWS Systems Manager Parameter Store to store access keys for each developer.

Answer: B,D

Question 3

A company is designing a new application that uploads files to an Amazon S3 bucket. The uploadedfiles are processed to extract metadata.Processing must take less than 5 seconds. The volume and frequency of the uploads vary from a fewfiles each hour to hundreds of concurrent uploads.Which solution will meet these requirements MOST cost-effectively?

A : Configure AWS CloudTrail trails to log Amazon S3 API calls. Use AWS AppSync to process the files.

B : Configure a new object created S3 event notification within the bucket to invoke an AWS Lambda function to process the files.

C : Configure Amazon Kinesis Data Streams to deliver the files to the S3 bucket. Invoke an AWS Lambda function to process the files.

D : Deploy an Amazon EC2 instance. Create a script that lists all files in the S3 bucket and processes new files. Use a cron job that runs every minute to run the script.

Answer: B

Question 4

A company runs its production workload on Amazon EC2 instances with Amazon Elastic Block Store (Amazon EBS) volumes. A solutions architect needs to analyze the current EBS volume cost and to recommend optimizations. The recommendations need to include estimated monthly saving opportunities.

Which solution will meet these requirements?

A : Use Amazon Inspector reporting to generate EBS volume recommendations for optimization.

B : Use AWS Systems Manager reporting to determine EBS volume recommendations for optimization.

C : Use Amazon CloudWatch metrics reporting to determine EBS volume recommendations for optimization.

D : Use AWS Compute Optimizer to generate EBS volume recommendations for optimization.

Answer: D

Question 5

A company is designing a solution to capture customer activity in different web applications to process analytics and make predictions. Customer activity in the web applications is unpredictable and can increase suddenly. The company requires a solution that integrates with other web applications. The solution must include an authorization step for security purposes.

Which solution will meet these requirements?

A : Configure a Gateway Load Balancer (GWLB) in front of an Amazon Elastic Container Service (Amazon ECS) container instance that stores the information that the company receives in an Amazon Elastic File System (Amazon EFS) file system. Authorization is resolved at the GWLB.

B : onfigure an Amazon API Gateway endpoint in front of an Amazon Kinesis data stream that stores the information that the company receives in an Amazon S3 bucket. Use an AWS Lambda function to resolve authorization.

C : Configure an Amazon API Gateway endpoint in front of an Amazon Kinesis Data Firehose that stores the information that the company receives in an Amazon S3 bucket. Use an API Gateway Lambda authorizer to resolve authorization.

D : Configure a Gateway Load Balancer (GWLB) in front of an Amazon Elastic Container Service (Amazon ECS) container instance that stores the information that the company receives on an Amazon Elastic File System (Amazon EFS) file system. Use an AWS Lambda function to resolve authorization.

Answer: C