AWS-Solution-Architect-Associate AWS Certified Solutions Architect - Associate (SAA-C03) is now Stable and With Pass Result | Test Your Knowledge for Free

AWS-Solution-Architect-Associate Practice Questions

AWS Certified Solutions Architect - Associate (SAA-C03)

Last Update 19 hours ago
Total Questions : 649

Dive into our fully updated and stable AWS-Solution-Architect-Associate practice test platform, featuring all the latest AWS Solutions Architect Associate exam questions added this week. Our preparation tool is more than just a Amazon study aid; it's a strategic advantage.

Our free AWS Solutions Architect Associate practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about AWS-Solution-Architect-Associate. Use this test to pinpoint which areas you need to focus your study on.

AWS-Solution-Architect-Associate PDF

$52.15
~~$149~~

Add to Cart

AWS-Solution-Architect-Associate Testing Engine

$69.65
~~$199~~

Add to Cart

AWS-Solution-Architect-Associate PDF + Testing Engine

$87.15
~~$249~~

Add to Cart

Question # 51

A company is building a new web-based customer relationship management application. The application will use several Amazon EC2 instances that are backed by Amazon Elastic Block Store (Amazon EBS) volumes behind an Application Load Balancer (ALB). The application will also use an Amazon Aurora database. All data for the application must be encrypted at rest and in transit.

Which solution will meet these requirements?

Options:

Use AWS Key Management Service (AWS KMS) certificates on the ALB to encrypt data in transit. Use AWS Certificate Manager (ACM) to encrypt the EBS volumes and Aurora database storage at rest.

Use the AWS root account to log in to the AWS Management Console. Upload the company’s encryption certificates. While in the root account, select the option to turn on encryption for all data at rest and in transit for the account.

Use a AWS Key Management Service (AWS KMS) to encrypt the EBS volumes and Aurora database storage at rest. Attach an AWS Certificate Manager (ACM) certificate to the ALB to encrypt data in transit.

Use BitLocker to encrypt all data at rest. Import the company’s TLS certificate keys to AWS key Management Service (AWS KMS). Attach the KMS keys to the ALB to encrypt data in transit.

Discussion 0

Question # 52

A solutions architect is designing a two-tiered architecture that includes a public subnet and a database subnet. The web servers in the public subnet must be open to the internet on port 443. The Amazon RDS for MySQL D6 instance in the database subnet must be accessible only to the web servers on port 3306.

Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

Options:

Create a network ACL for the public subnet Add a rule to deny outbound traffic to 0 0 0 0/0 on port 3306

Create a security group for the DB instance Add a rule to allow traffic from the public subnet CIDR block on port 3306

Create a security group for the web servers in the public subnet Add a rule to allow traffic from 0 0 0 O'O on port 443

Create a security group for the DB instance Add a rule to allow traffic from the web servers' security group on port 3306

Create a security group for the DB instance Add a rule to deny all traffic except traffic from the web servers' security group on port 3306

Discussion 0

Question # 53

A company runs a containerized application on a Kubernetes cluster in an on-premises data center. The company is using a MongoDB database for data storage.

The company wants to migrate some of these environments to AWS, but no code changes or deployment method changes are possible at this time. The company needs a solution that minimizes operational overhead.

Which solution meets these requirements?

Options:

Use Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 worker nodes for compute and MongoDB on EC2 for data storage.

Use Amazon Elastic Container Service (Amazon ECS) with AWS Fargate for compute and Amazon DynamoDB for data storage.

Use Amazon Elastic Kubernetes Service (Amazon EKS) with Amazon EC2 worker nodes for compute and Amazon DynamoDB for data storage.

Use Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Fargate for compute and Amazon DocumentDB (with MongoDB compatibility) for data storage.

Discussion 0

Question # 54

An application that is hosted on Amazon EC2 instances needs to access an Amazon S3 bucket Traffic must not traverse the internet How should a solutions architect configure access to meet these requirements?

Options:

Create a private hosted zone by using Amazon Route 53

Set up a gateway VPC endpoint for Amazon S3 in the VPC

Configure the EC2 instances to use a NAT gateway to access the S3 bucket

Establish an AWS Site-to-Site VPN connection between the VPC and the S3 bucket

Discussion 0

Question # 55

A company has launched an Amazon RDS for MySQL D6 instance Most of the connections to the database come from serverless applications. Application traffic to the database changes significantly at random intervals At limes of high demand, users report that their applications experience database connection rejection errors.

Which solution will resolve this issue with the LEAST operational overhead?

Options:

Create a proxy in RDS Proxy Configure the users' applications to use the DB instance through RDS Proxy

Deploy Amazon ElastCache for Memcached between the users' application and the DB instance

Migrate the DB instance to a different instance class that has higher I/O capacity. Configure the users' applications to use the new DB instance.

Configure Multi-AZ for the DB instance Configure the users' application to switch between the DB instances.

Discussion 0

Question # 56

A company needs a backup strategy for its three-tier stateless web application The web application runs on Amazon EC2 instances in an Auto Scaling group with a dynamic scaling policy that is configured to respond to scaling events The database tier runs on Amazon RDS for PostgreSQL The web application does not require temporary local storage on the EC2 instances The company's recovery point objective (RPO) is 2 hours

The backup strategy must maximize scalability and optimize resource utilization for this environment

Which solution will meet these requirements?

Options:

Take snapshots of Amazon Elastic Block Store (Amazon EBS) volumes of the EC2 instances and database every 2 hours to meet the RPO

Configure a snapshot lifecycle policy to take Amazon Elastic Block Store (Amazon EBS) snapshots Enable automated backups in Amazon RDS to meet the RPO

Retain the latest Amazon Machine Images (AMIs) of the web and application tiers Enable automated backups in Amazon RDS and use point-in-time recovery to meet the RPO

Take snapshots of Amazon Elastic Block Store (Amazon EBS) volumes of the EC2 instances every 2 hours Enable automated backups in Amazon RDS and use point-in-time recovery to meet the RPO

Discussion 0

Question # 57

A company wants to deploy a new public web application on AWS The application includes a web server tier that uses Amazon EC2 instances The application also includes a database tier that uses an Amazon RDS for MySQL DB instance

The application must be secure and accessible for global customers that have dynamic IP addresses

How should a solutions architect configure the security groups to meet these requirements'?

Options:

Configure the security group tor the web servers lo allow inbound traffic on port 443 from 0.0.0. 0/0) Configure the security group for the DB instance to allow inbound traffic on port 3306 from the security group of the web servers

Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers Configure the security group for the DB instance lo allow inbound traffic on port 3306 from the security group of the web servers

Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers Configure the security group for the DB instance to allow inbound traffic on port 3306 from the IP addresses of the customers

Configure the security group for the web servers to allow inbound traffic on port 443 from 0.0.0.0.0 Configure the security group for the DB instance to allow inbound traffic on port 3306 from 0.0.0.0/0)

Discussion 0

Question # 58

A company uses a 100 GB Amazon RDS for Microsoft SQL Server Single-AZ DB instance in the us-east-1 Region to store customer transactions. The company needs high availability and automate recovery for the DB instance.

The company must also run reports on the RDS database several times a year. The report process causes transactions to take longer than usual to post to the customer‘ accounts.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

Modify the DB instance from a Single-AZ DB instance to a Multi-AZ deployment.

Take a snapshot of the current DB instance. Restore the snapshot to a new RDS deployment in another Availability Zone.

Create a read replica of the DB instance in a different Availability Zone. Point All requests for reports to the read replica.

Migrate the database to RDS Custom.

Use RDS Proxy to limit reporting requests to the maintenance window.

Discussion 0

Question # 59

A company has a web server running on an Amazon EC2 instance in a public subnet with an Elastic IP address. The default security group is assigned to the EC2 instance. The default network ACL has been modified to block all traffic. A solutions architect needs to make the web server accessible from everywhere on port 443.

Which combination of steps will accomplish this task? (Choose two.)

Options:

Create a security group with a rule to allow TCP port 443 from source 0.0.0.0/0.

Create a security group with a rule to allow TCP port 443 to destination 0.0.0.0/0.

Update the network ACL to allow TCP port 443 from source 0.0.0.0/0.

Update the network ACL to allow inbound/outbound TCP port 443 from source 0.0.0.0/0 and to destination 0.0.0.0/0.

Update the network ACL to allow inbound TCP port 443 from source 0.0.0.0/0 and outbound TCP port 32768-65535 to destination 0.0.0.0/0.

Discussion 0

Question # 60

What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?

Options:

Update the bucket policy to deny if the PutObject does not have an s3 x-amz-acl header set

Update the bucket policy to deny if the PutObject does not have an s3:x-amz-aci header set to private.

Update the bucket policy to deny if the PutObject does not have an aws SecureTransport header set to true

Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.

Discussion 0

Get AWS-Solution-Architect-Associate dumps and pass your exam in 24 hours!

Pre-Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

AWS-Solution-Architect-Associate AWS Certified Solutions Architect - Associate (SAA-C03) is now Stable and With Pass Result | Test Your Knowledge for Free

AWS-Solution-Architect-Associate Practice Questions

AWS-Solution-Architect-Associate PDF

AWS-Solution-Architect-Associate Testing Engine

AWS-Solution-Architect-Associate PDF + Testing Engine

Options:

Options:

Answer:

Explanation:

Options:

Options:

Options:

Options:

Options:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Free Exams Sample Questions

We Accept

Secure Site

Customer Review

Money Back Guarantee