Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

AWS Certified Associate SAA-C03 Release Date

Page: 27 / 78
Total 1039 questions

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Question 105

A company uses Amazon Elastic Kubernetes Service (Amazon EKS) to run a container application. The EKS cluster stores sensitive information in the Kubernetes secrets object. The company wants to ensure that the information is encrypted

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use the container application to encrypt the information by using AWS Key Management Service (AWS KMS).

B.

Enable secrets encryption in the EKS cluster by using AWS Key Management Service (AWS KMS)_

C.

Implement an AWS Lambda tuncüon to encrypt the information by using AWS Key Management Service (AWS KMS).

D.

use AWS Systems Manager Parameter Store to encrypt the information by using AWS Key Management Service (AWS KMS).

Question 106

A company runs an infrastructure monitoring service. The company is building a new feature that will enable the service to monitor data in customer AWS accounts. The new feature will call AWS APIs in customer accounts to describe Amazon EC2 instances and read Amazon CloudWatch metrics.

What should the company do to obtain access to customer accounts in the MOST secure way?

Options:

A.

Ensure that the customers create an IAM role in their account with read-only EC2 and CloudWatch permissions and a trust policy to the company's account.

B.

Create a serverless API that implements a token vending machine to provide temporary AWS credentials for a role with read-only EC2 and CloudWatch permissions.

C.

Ensure that the customers create an IAM user in their account with read-only EC2 and CloudWatch permissions. Encrypt and store customer access and secret keys in a secrets management system.

D.

Ensure that the customers create an Amazon Cognito user in their account to use an IAM role with read-only EC2 and CloudWatch permissions. Encrypt and store the Amazon Cognito user and password in a secrets management system.

Question 107

A company is concerned that two NAT instances in use will no longer be able to support the traffic needed for the company’s application. A solutions architect wants to implement a solution that is highly available, fault tolerant, and automatically scalable.

What should the solutions architect recommend?

Options:

A.

Remove the two NAT instances and replace them with two NAT gateways in the same Availability Zone.

B.

Use Auto Scaling groups with Network Load Balancers for the NAT instances in different Availability Zones.

C.

Remove the two NAT instances and replace them with two NAT gateways in different Availability Zones.

D.

Replace the two NAT instances with Spot Instances in different Availability Zones and deploy a Network Load Balancer.

Question 108

A law firm needs to share information with the public The information includes hundreds of files that must be publicly readable Modifications or deletions of the files by anyone before a designated future date are prohibited.

Which solution will meet these requirements in the MOST secure way?

Options:

A.

Upload all files to an Amazon S3 bucket that is configured for static website hosting. Grant read-only IAM permissions to any AWS principals that access the S3 bucket until the designated date.

B.

Create a new Amazon S3 bucket with S3 Versioning enabled Use S3 Object Lock with a retention period in accordance with the designated date Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objrcts.

C.

Create a new Amazon S3 bucket with S3 Versioning enabled Configure an event trigger to run an AWS Lambda function in case of object modification or deletion. Configure the Lambda function to replace the objects with the original versions from a private S3 bucket.

D.

Upload all files to an Amazon S3 bucket that is configured for static website hosting. Select the folder that contains the files. Use S3 Object Lock with a retention period in accordance withthe designated date. Grant read-only IAM permissions to any AWS principals that access the S3 bucket.

Page: 27 / 78
Total 1039 questions