Exactprep SAA-C03 Questions

 This solution meets the requirements with the least operational overhead because it uses AWS services that are fully managed and scalable. The EventBridge rule can detect the DeleteKey operation from the AWS KMS API and trigger the Systems Manager Automation runbook, which can execute a predefined workflow to cancel the key deletion. The EventBridge rule can also publish an SNS message to the topic that sends an email notification to the administrators. This way, the company can prevent the accidental deletion of KMS keys and notify the administrators of any attempts to delete them.

Option A is not a valid solution because AWS Config rules are used to evaluate the configuration of AWS resources, not to cancel the deletion of KMS keys. Option B is not a valid solution because it requires creating and maintaining a custom Lambda function that has logic to prevent KMS key deletion, which adds operational overhead. Option D is not a valid solution because it only notifies the administrators of the DeleteKey operation, but does not cancel it.

Understanding the Requirement: The company needs to keep daily EBS snapshots for 1 month and retain monthly snapshots for 7 years due to new regulations.

Analysis of Options:

S3 Glacier Deep Archive: Moving snapshots to S3 Glacier Deep Archive involves additional complexity and might not be the most straightforward approach for EBS snapshots.

EBS Snapshots Archive: This is a cost-effective solution designed specifically for long-term storage of EBS snapshots.

Standard Tier for 7 Years: Keeping snapshots in the standard tier for 7 years is more expensive and does not optimize costs.

EBS Direct APIs to S3: This involves additional operational overhead and is not the most cost-effective approach compared to using EBS Snapshots Archive.

Best Solution:

EBS Snapshots Archive: Adding a policy to move monthly snapshots to the EBS Snapshots Archive for long-term retention is the most cost-effective and administratively simple solution.

Understanding the Requirement: The company needs all EC2 instances to share up-to-date website content with minimal lag time, running behind an Application Load Balancer.

Analysis of Options:

EC2 User Data with ALB: Complex and not scalable as it requires updating each instance manually.

Amazon EFS: Provides a scalable, shared file storage solution that can be mounted by multiple EC2 instances, ensuring all instances have access to the same up-to-date content.

Amazon S3 with EC2 Sync: Involves periodic synchronization which introduces lag and complexity.

Amazon EBS Snapshots: Not suitable for dynamic and frequent updates required by a content management system.

Best Solution:

Amazon EFS: Ensures all EC2 instances have access to a consistent and up-to-date set of website assets with minimal lag time, meeting the requirements effectively.

Understanding the Requirement: The company needs to ensure clients use a TLS certificate when accessing the website and automate the creation and renewal of TLS certificates.

Analysis of Options:

CloudFront Security Policy: Not applicable for creating certificates.

CloudFront Origin Access Control (OAC): Controls access to origins, not relevant for TLS certificate creation.

AWS Certificate Manager (ACM) with DNS Validation: Provides automated certificate management, including creation and renewal, with minimal manual intervention. DNS validation is automated and does not require manual intervention as email validation does.

AWS Certificate Manager (ACM) with Email Validation: Requires manual intervention to approve validation emails, which increases operational effort.

Best Solution:

AWS Certificate Manager (ACM) with DNS Validation: Ensures automated and efficient certificate management with the least operational effort.