CertsTopics Logo

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

SAA-C03 Exam Results

Page: 42 / 80
Total 1068 questions
Get SAA-C03 Full Access Download SAA-C03 PDF

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Question 165

A company is deploying a new application on Amazon EC2 instances. The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes. The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.

Which solution wil meet this requirement?

Options:

A.

Create an IAM role that specifies EBS encryption. Attach the role to the EC2 instances.

B.

Create the EBS volumes as encrypted volumes Attach the EBS volumes to the EC2 instances.

C.

Create an EC2 instance tag that has a key of Encrypt and a value of True. Tag all instances that require encryption at the ESS level.

D.

Create an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account Ensure that the key policy is active.

Question 166

A company needs to provide its employee with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded security to the employees devices.

The files are stored in an on-premises Windows files server. However, due to an increase in remote usage, the file server out of capacity.

Which solution will meet these requirement?

Options:

A.

Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the security group to limit inbound traffic to the employees ‚IP addresses.

B.

Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory Configure AWS Client VPN.

C.

Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.

D.

Migrate the files to Amazon S3, and create a public VPC endpoint Allow employees to sign on with AWS IAM identity Center (AWS Sing-On).

Question 167

A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda. The application's traffic recently spiked due to fraudulent requests from botnets.

Which steps should a solutions architect take to block requests from unauthorized users? (Select TWO.)

Options:

A.

Create a usage plan with an API key that is shared with genuine users only.

B.

Integrate logic within the Lambda function to ignore the requests from fraudulent IP addresses.

C.

Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out.

D.

Convert the existing public API to a private API. Update the DNS records to redirect users to the new API endpoint.

E.

Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.

Question 168

A company collects data from thousands of remote devices by using a RESTful web services application that runs on an Amazon EC2 instance. The EC2 instance receives the raw data, transforms the raw data, and stores all the data in an Amazon S3 bucket. The number of remote devices will increase into the millions soon. The company needs a highly scalable solution that minimizes operational overhead.

Which combination of steps should a solutions architect take to meet these requirements9 (Select TWO.)

Options:

A.

Use AWS Glue to process the raw data in Amazon S3.

B.

Use Amazon Route 53 to route traffic to different EC2 instances.

C.

Add more EC2 instances to accommodate the increasing amount of incoming data.

D.

Send the raw data to Amazon Simple Queue Service (Amazon SOS). Use EC2 instances to process the data.

E.

Use Amazon API Gateway to send the raw data to an Amazon Kinesis data stream. Configure Amazon Kinesis Data Firehose to use the data stream as a source to deliver the data to Amazon S3.

Page: 42 / 80
Total 1068 questions
Get SAA-C03 Full Access Download SAA-C03 PDF