Last Attempt SAA-C03 Questions

Pre-Signed URLs: Allow temporary access to S3 buckets, making it easy to manage time-limited upload permissions without complex operational overhead.

Lambda for Automation: Automatically generates and provides pre-signed URLs when users authenticate, minimizing manual steps and code complexity.

Least Operational Overhead: Requires no custom authentication service or deep integration with STS or Cognito.

Amazon S3 Pre-Signed URLs Documentation

AWS Transfer Family: This service provides fully managed support for file transfers directly into and out of Amazon S3 using the SFTP, FTPS, and FTP protocols.

SFTP Endpoints:

Set up an AWS Transfer Family server and configure SFTP endpoints to handle the file transfers.

This service is scalable and managed, reducing operational overhead compared to running an SFTP solution on EC2 instances.

Integration with Active Directory:

Choose the AWS Directory Service option as the identity provider for the Transfer Family server.

Use AD Connector to link the on-premises Active Directory with AWS, allowing employees to use their existing AD credentials to access the SFTP service.

Operational Efficiency: This solution leverages managed services for both file transfer and identity management, ensuring minimal changes to the current authentication mechanisms and reducing operational overhead.

When on-premises DNS servers need to resolve private DNS names in a VPC, the correct pattern is to create a Route 53 Resolver inbound endpoint. The inbound endpoint allows DNS queries to flow from the on-premises environment into the VPC, where Route 53 can resolve VPC-specific names (such as private hosted zones or private resource records). Outbound endpoints (C) are for sending VPC DNS queries to on-premises, not the reverse. Verified Access (A) is unrelated to DNS resolution. Direct Connect (B) provides network connectivity but does not provide DNS forwarding capabilities. Therefore, option D is the correct design.

Amazon EFS offers an Infrequent Access (IA) storage class, which can be managed via EFS lifecycle policies. Frequently accessed files remain in the Standard storage class, while infrequently accessed files are automatically moved to the IA class, significantly reducing storage costs with minimal effort and no application changes.

Reference Extract:

"EFS lifecycle management automatically transitions files that are not accessed for a set period to the EFS Infrequent Access (IA) storage class, reducing storage costs."

Source: AWS Certified Solutions Architect – Official Study Guide, EFS and Lifecycle Management section.