All About Refined SAA-C03 Simulations

NEW QUESTION 1
A company has a business system that generates hundreds of reports each day. The business system saves the reports to a network share in CSV format The company needs to store this data in the AWS Cloud in near-real time for analysis. Which solution will meet these requirements with the LEAST administrative overhead?

• A. Use AWS DataSync to transfer the files to Amazon S3 Create a scheduled task that runs at the end of each day.
• B. Create an Amazon S3 File Gateway Update the business system to use a new network share from the S3 File Gateway.
• C. Use AWS DataSync to transfer the files to Amazon S3 Create an application that uses the DataSync API in the automation workflow.
• D. Deploy an AWS Transfer for SFTP endpoint Create a script that checks for new files on the network share and uploads the new files by using SFTP.

Answer: B

NEW QUESTION 2
A company is migrating a distributed application to AWS The application serves variable workloads The legacy platform consists of a primary server trial coordinates jobs across multiple compute nodes The company wants to modernize the application with a solution that maximizes resiliency and scalability
How should a solutions architect design the architecture to meet these requirements?

• A. Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs Implement the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling grou
• B. Configure EC2 Auto Scaling to use scheduled scaling
• C. Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs Implement the compute nodes with Amazon EC2 Instances that are managed in an Auto Scaling group Configure EC2 Auto Scaling based on the size of the queue
• D. Implement the primary server and the compute nodes with Amazon EC2 instances that are managed In an Auto Scaling grou
• E. Configure AWS CloudTrail as a destination for the fobs Configure EC2 Auto Scaling based on the load on the primary server
• F. implement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group Configure Amazon EventBridge (Amazon CloudWatch Events) as a destination for the jobs Configure EC2 Auto Scaling based on the load on the compute nodes

Answer: B

NEW QUESTION 3
A company is developing an Internal application that uses a PostgreSQL database. The company has decided to host the database on Amazon Aurora The application does not need to be highly available but data must be stored in multiple Availability Zones to maximize durability.
Which database configuration meets these requirements MOST cost-effectively?

• A. An Aurora PostgreSQL DB cluster with a single DB Instance
• B. An Aurora PostgreSQL DB cluster with a primary DB instance and a read replica
• C. An Aurora PostgreSQL DB cluster with Multi-AZ deployment enabled
• D. An Aurora PostgreSQL global database cluster

Answer: B

NEW QUESTION 4
A company hosts its web applications in the AWS Cloud. The company configures Elastic Load Balancers to use certificate that are imported into AWS Certificate Manager (ACM). The company’s security team must be notified 30 days before the expiration of each certificate.
What should a solutions architect recommend to meet the requirement?

• A. Add a rule m ACM to publish a custom message to an Amazon Simple Notification Service (Amazon SNS) topic every day beginning 30 days before any certificate will expire.
• B. Create an AWS Config rule that checks for certificates that will expire within 30 day
• C. Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke a custom alert by way of Amazon Simple Notification Service (Amazon SNS) when AWS Config reports a noncompliant resource
• D. Use AWS trusted Advisor to check for certificates that will expire within to day
• E. Create an Amazon CloudWatch alarm that is based on Trusted Advisor metrics for check status changes Configure the alarm to send a custom alert by way of Amazon Simple rectification Service (Amazon SNS)
• F. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to detect any certificates that will expire within 30 day
• G. Configure the rule to invoke an AWS Lambda functio
• H. Configure the Lambda function to send a custom alert by way of Amazon Simple Notification Service (Amazon SNS).

Answer: B

NEW QUESTION 5
A company is hosting a web application on AWS using a single Amazon EC2 instance that stores useruploaded documents in an Amazon EBS volume. For better scalability and availability, the company
duplicated the architecture and created a second EC2 instance and EBS volume in another Availability
Zone placing both behind an Application Load Balancer After completing this change, users reported
that, each time they refreshed the website, they could see one subset of their documents or the
other, but never all of the documents at the same time.
What should a solutions architect propose to ensure users see all of their documents at once?

• A. Copy the data so both EBS volumes contain all the documents.
• B. Configure the Application Load Balancer to direct a user to the server with the documents
• C. Copy the data from both EBS volumes to Amazon EFS Modify the application to save newdocuments to Amazon EFS
• D. Configure the Application Load Balancer to send the request to both servers Return eachdocument from the correct server.

Answer: C

Explanation:
Explanation
Amazon EFS provides file storage in the AWS Cloud. With Amazon EFS, you can create a file system,
mount the file system on an Amazon EC2 instance, and then read and write data to and from your file
system. You can mount an Amazon EFS file system in your VPC, through the Network File System
versions 4.0 and 4.1 (NFSv4) protocol. We recommend using a current generation Linux NFSv4.1 client, such as those found in the latest Amazon Linux, Redhat, and Ubuntu
AMIs, in conjunction with the Amazon EFS Mount Helper. For instructions, see Using the amazon-efsutils
Tools.
For a list of Amazon EC2 Linux Amazon Machine Images (AMIs) that support this protocol, see NFS
Support. For some AMIs, you'll need to install an NFS client to mount your file system on your
Amazon EC2 instance. For instructions, see Installing the NFS Client.
You can access your Amazon EFS file system concurrently from multiple NFS clients, so applications
that scale beyond a single connection can access a file system. Amazon EC2 instances running in
multiple Availability Zones within the same AWS Region can access the file system, so that many
users can access and share a common data source.

NEW QUESTION 6
A company has an application that loads documents into an Amazon 53 bucket and converts the documents into another format. The application stores the converted documents m another S3 bucket and saves the document name and URLs in an Amazon DynamoOB table The DynamoOB entries are used during subsequent days to access the documents The company uses a DynamoOB Accelerator (DAX) cluster in front of the table
Recently, traffic to the application has increased. Document processing tasks are timing out during the scheduled DAX maintenance window. A solutions architect must ensure that the documents continue to load during the maintenance window
What should the solutions architect do to accomplish this goal?

• A. Modify the application to write to the DAX cluster Configure the DAX cluster to write to the DynamoDB table when the maintenance window is complete
• B. Enable Amazon DynamoDB Streams for the DynamoDB tabl
• C. Modify the application to write to the stream Configure the stream to load the data when the maintenance window is complete.
• D. Convert the application to an AWS Lambda function Configure the Lambda function runtime to be longer than the maintenance window Create an Amazon CloudWatch alarm to monitor Lambda timeouts
• E. Modify the application to write the document name and URLs to an Amazon Simple Queue Service (Amazon SOS) queue Create an AWS Lambda function to read the SOS queue and write to DynamoDB.

Answer: C

NEW QUESTION 7
An ecommerce company has an order-processing application that uses Amazon API Gateway and an AWS Lambda function. The application stores data in an Amazon Aurora PostgreSQL database. During a recent sales event, a sudden surge in customer orders occurred. Some customers experienced timeouts and the application did not process the orders of those customers A solutions architect determined that the CPU utilization and memory utilization were high on the database because of a large number of open connections The solutions architect needs to prevent the timeout errors while making the least possible changes to the application.
Which solution will meet these requirements?

• A. Configure provisioned concurrency for the Lambda function Modify the database to be a global database in multiple AWS Regions
• B. Use Amazon RDS Proxy to create a proxy for the database Modify the Lambda function to use the RDS Proxy endpoint instead of the database endpoint
• C. Create a read replica for the database in a different AWS Region Use query string parameters in API Gateway to route traffic to the read replica
• D. Migrate the data from Aurora PostgreSQL to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS| Modify the Lambda function to use the OynamoDB table

Answer: C

NEW QUESTION 8
A company is developing a new machine learning (ML) model solution on AWS. The models are developed as independent microservices that fetch approximately 1GB of model data from Amazon S3 at startup and load the data into memory Users access the models through an asynchronous API Users can send a request or a batch of requests and specify where the results should be sent
The company provides models to hundreds of users. The usage patterns for the models are irregular. Some models could be unused for days or weeks Other models could receive batches of thousands of requests at a time
Which design should a solutions architect recommend to meet these requirements?

• A. Direct the requests from the API to a Network Load Balancer (NLB) Deploy the models as AWS Lambda functions that are invoked by the NLB.
• B. Direct the requests from the API to an Application Load Balancer (ALB). Deploy the models as Amazon Elastic Container Service (Amazon ECS) services that read from an Amazon Simple Queue Service (Amazon SQS) queue Use AWS App Mesh to scale the instances of the ECS cluster based on the SQS queue size
• C. Direct the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue Deploy the models as AWS Lambda functions that are invoked by SQS events Use AWS Auto Scaling to increase the number of vCPUs for the Lambda functions based on the SQS queue size
• D. Direct the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue Deploy the models as Amazon Elastic Container Service (Amazon ECS) services that read from the queue Enable AWS Auto Scaling on Amazon ECS for both the cluster and copies of the service based on thequeue size

Answer: C

NEW QUESTION 9
A company wants to establish connectivity between its on-premlses data center and AWS (or an existing workload. The workload runs on Amazon EC2 Instances in two VPCs In different AWS Regions. The VPCs need to communicate with each other. The company needs to provide connectivity from Its data center to both VPCs. The solution must support a bandwidth of 600 Mbps to the data center.
Which solution will meet these requirements?

• A. Set up an AWS Site-to-Site VPN connection between the data center and one VP
• B. Create a VPC peering connection between the VPCs.
• C. Set up an AWS Site-to-Site VPN connection between the data center and each VP
• D. Create a VPC peering connection between the VPCs.
• E. Set up an AWS Direct Connect connection between the data center and one VP
• F. Create a VPC peering connection between the VPCs.
• G. Create a transit gatewa
• H. Attach both VPCs to the transit gatewa
• I. Create an AWS Slte-to-Site VPN tunnel to the transit gateway.

Answer: B

NEW QUESTION 10
An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without connectivity to the internet.
Which solution will provide private network connectivity to Amazon S3?

• A. Create a gateway VPC endpoint to the S3 bucket.
• B. Stream the logs to Amazon CloudWatch Log
• C. Export the logs to the S3 bucket.
• D. Create an instance profile on Amazon EC2 to allow S3 access.
• E. Create an Amazon API Gateway API with a private link to access the S3 endpoint.

Answer: A

NEW QUESTION 11
A company uses a popular content management system (CMS) for its corporate website. However, the required patching and maintenance are burdensome. The company is redesigning its website and wants anew solution. The website will be updated four times a year and does not need to have any dynamic content available. The solution must provide high scalability and enhanced security.
Which combination of changes will meet these requirements with the LEAST operational overhead? (Choose two.)

• A. Deploy an AWS WAF web ACL in front of the website to provide HTTPS functionality
• B. Create and deploy an AWS Lambda function to manage and serve the website content
• C. Create the new website and an Amazon S3 bucket Deploy the website on the S3 bucket with static website hosting enabled
• D. Create the new websit
• E. Deploy the website by using an Auto Scaling group of Amazon EC2 instances behind an Application Load Balancer.

Answer: AD

NEW QUESTION 12
A company's application integrates with multiple software-as-a-service (SaaS) sources for data collection. The company runs Amazon EC2 instances to receive the data and to upload the data to an Amazon S3 bucket for analysis. The same EC2 instance that receives and uploads the data also sends a notification to the user when an upload is complete. The company has noticed slow application performance and wants to improve the performance as much as possible.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Create an Auto Scaling group so that EC2 instances can scale ou
• B. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
• C. Create an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket.Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
• D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for each SaaS source to send output dat
• E. Configure the S3 bucket as the rule's targe
• F. Create a second EventBridge (CloudWatch Events) rule to send events when the upload to the S3 bucket is complet
• G. Configure an Amazon Simple Notification Service (Amazon SNS) topic as the second rule's target.
• H. Create a Docker container to use instead of an EC2 instanc
• I. Host the containerized application on Amazon Elastic Container Service (Amazon ECS). Configure Amazon CloudWatch Container Insights to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

Answer: D

NEW QUESTION 13
A solutions architect is designing a two-tier web application The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet Security is a high priority for the company
How should security groups be configured in this situation? (Select TWO )

• A. Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.
• B. Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0.
• C. Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.
• D. Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier.
• E. Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier.

Answer: AC

Explanation:
"Security groups create an outbound rule for every inbound rule." Not completely right. Statefull does NOT mean that if you create an inbound (or outbound) rule, it will create an outbound (or inbound) rule. What it does mean is: suppose you create an inbound rule on port 443 for the X ip. When a request enters on port 443 from X ip, it will allow traffic out for that request in the port 443. However, if you look at the outbound rules, there will not be any outbound rule on port 443 unless explicitly create it. In ACLs, which are stateless, you would have to create an inbound rule to allow incoming requests and an outbound rule to allow your application responds to those incoming requests.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRules

NEW QUESTION 14
A company wants to use Amazon S3 for the secondary copy of itdataset. The company would rarely need to access this copy. The storage solution’s
cost should be minimal.
Which storage solution meets these requirements?

• A. S3 Standard
• B. S3 Intelligent-Tiering
• C. S3 Standard-Infrequent Access (S3 Standard-IA)
• D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: C

NEW QUESTION 15
A company collects data from thousands of remote devices by using a RESTful web services application that runs on an Amazon EC2 instance. The EC2 instance receives the raw data, transforms the raw data, and stores all the data in an Amazon S3 bucket. The number of remote devices will increase into the millions soon. The company needs a highly scalable solution that minimizes operational overhead.
Which combination of steps should a solutions architect take to meet these requirements9 (Select TWO.)

• A. Use AWS Glue to process the raw data in Amazon S3.
• B. Use Amazon Route 53 to route traffic to different EC2 instances.
• C. Add more EC2 instances to accommodate the increasing amount of incoming data.
• D. Send the raw data to Amazon Simple Queue Service (Amazon SOS). Use EC2 instances to process the data.
• E. Use Amazon API Gateway to send the raw data to an Amazon Kinesis data strea
• F. Configure Amazon Kinesis Data Firehose to use the data stream as a source to deliver the data to Amazon S3.

Answer: BE

NEW QUESTION 16
A company has chosen to rehost its application on Amazon EC2 instances The application occasionally experiences errors that affect parts of its functionality The company was unaware of this issue until users reported the errors The company wants to address this problem during the migration and reduce the time it takes to detect issues with the application Log files for the application are stored on the local disk.
A solutions architect needs to design a solution that will alert staff if there are errors in the application after the application is migrated to AWS. The solution must not require additional changes to the application code.
What is the MOST operationally efficient solution that meets these requirements?

• A. Configure the application to generate custom metrics tor the errors Send these metric data points to Amazo
• B. CloudWatch by using the PutMetricData API call Create a CloudWatch alarm that is based on the custom metrics
• C. Create an hourly cron job on the instances to copy the application log data to an Amazon S3 bucket Configure an AWS Lambda function to scan the log file and publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to alert staff rf errors are detected.
• D. Install the Amazon CloudWatch agent on the instances Configure the CloudWatch agent to stream the application log file to Amazon CloudWatch Logs Run a CloudWatch Logs insights query to search lor the relevant pattern in the log file Create a CloudWatch alarm that is based on the query output
• E. Install the Amazon CloudWatch agent on the instances Configure the CloudWatch agent to stream the application log file to Amazon CloudWatch Log
• F. Create a metric fitter for the relevant log grou
• G. Define the filter pattern that is required to determine that there are errors in the application Create a CloudWatch alarm that is based on the resulting metric.

Answer: B

NEW QUESTION 17
A company has two VPCs named Management and Production The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center. The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.
What should a solutions architect do to mitigate any single point of failure in this architecture?

• A. Add a set of VPNs between the Management and Production VPCs
• B. Add a second virtual private gateway and attach it to the Management VPC.
• C. Add a second set of VPNs to the Management VPC from a second customer gateway device
• D. Add a second VPC peering connection between the Management VPC and the Production VPC.

Answer: C

Explanation:
https://docs.aws.amazon.com/vpn/latest/s2svpn/images/Multiple_Gateways_diagram.png
"To protect against a loss of connectivity in case your customer gateway device becomes unavailable, you can set up a second Site-to-Site VPN connection to your VPC and virtual private gateway by using a second customer gateway device." https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-redundant-connection.html

NEW QUESTION 18
......