Month End Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

AWS Certified Associate SAA-C03 Updated Exam

Page: 17 / 75
Total 999 questions

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Question 65

A company is reviewing a recent migration of a three-tier application to a VPC. The security team discovers that the principle of least privilege is not being applied to Amazon EC2 security group ingress and egress rules between the application tiers.

What should a solutions architect do to correct this issue?

Options:

A.

Create security group rules using the instance ID as the source or destination.

B.

Create security group rules using the security group ID as the source or destination.

C.

Create security group rules using the VPC CIDR blocks as the source or destination.

D.

Create security group rules using the subnet CIDR blocks as the source or destination.

Question 66

A company runs demonstration environments for its customers on Amazon EC2 instances. Each environment is isolated in its own VPC. The company’s operations team needs to be notified when RDP or SSH access to an environment has been established.

Options:

A.

Configure Amazon CloudWatch Application Insights to create AWS Systems Manager OpsItems when RDP or SSH access is detected.

B.

Configure the EC2 instances with an IAM instance profile that has an IAM role with the AmazonSSMManagedInstanceCore policy attached.

C.

Publish VPC flow logs to Amazon CloudWatch Logs. Create required metric filters. Create an Amazon CloudWatch metric alarm with a notification action for when the alarm is in the ALARM state.

D.

Configure an Amazon EventBridge rule to listen for events of type EC2 Instance State-change Notification. Configure an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the operations team to the topic.

Question 67

A company runs applications on AWS that connect to the company's Amazon RDS database. The applications scale on weekends and at peak times of the year. The company wants to scale the database more effectively for its applications that connect to the database.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use Amazon DynamoDB with connection pooling with a target group configuration for the database. Change the applications to use the DynamoDB endpoint.

B.

Use Amazon RDS Proxy with a target group for the database. Change the applications to use the RDS Proxy endpoint.

C.

Use a custom proxy that runs on Amazon EC2 as an intermediary to the database. Change the applications to use the custom proxy endpoint.

D.

Use an AWS Lambda function to provide connection pooling with a target group configuration for the database. Change the applications to use the Lambda function.

Question 68

A company is planning to use an Amazon DynamoDB table for data storage. The company is concerned about cost optimization. The table will not be used on most mornings. In the evenings, the read and write traffic will often be unpredictable. When traffic spikes occur, they will happen very quickly.

What should a solutions architect recommend?

Options:

A.

Create a DynamoDB table in on-demand capacity mode.

B.

Create a DynamoDB table with a global secondary index

C.

Create a DynamoDB table with provisioned capacity and auto scaling.

D.

Create a DynamoDB table in provisioned capacity mode, and configure it as a global table

Page: 17 / 75
Total 999 questions