Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

SAA-C03 Exam Results

Page: 42 / 68
Total 911 questions

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Question 165

A company runs an application on EC2 instances that need access to RDS credentials stored in AWS Secrets Manager.

Which solution meets this requirement?

Options:

A.

Create an IAM role, and attach the role to each EC2 instance profile. Use an identity-based policy to grant the role access to the secret.

B.

Create an IAM user, and attach the user to each EC2 instance profile. Use a resource-based policy to grant the user access to the secret.

C.

Create a resource-based policy for the secret. Use EC2 Instance Connect to access the secret.

D.

Create an identity-based policy for the secret. Grant direct access to the EC2 instances.

Question 166

A company manages millions of documents in hundreds of Amazon S3 buckets in multiple AWS Regions. The company must determine whether any of the S3 buckets contain personally identifiable information (PII).

Which solution will meet this requirement with the LEAST operational overhead?

Options:

A.

Use Amazon Detective to detect PII in the S3 buckets.

B.

Use AWS Trusted Advisor to generate PII notifications.

C.

Use Amazon Macie to detect PII in the S3 buckets.

D.

Use AWS Lambda functions to review each file in the S3 buckets to identify PII.

Question 167

A media company uses an Amazon CloudFront distribution to deliver content over the internet The company wants only premium customers to have access to the media streams and file content. The company stores all content in an Amazon S3 bucket. The company also delivers content on demand to customers for a specific purpose, such as movie rentals or music downloads.

Which solution will meet these requirements?

Options:

A.

Generate and provide S3 signed cookies to premium customers

B.

Generate and provide CloudFront signed URLs to premium customers.

C.

Use origin access control (OAC) to limit the access of non-premium customers

D.

Generate and activate field-level encryption to block non-premium customers.

Question 168

A solutions architect needs to design a system to process incoming work items immediately. Processing can take up to 30 minutes and involves calling external APIs, executing multiple states, and storing intermediate states.

The solution must scale with variable workloads and minimize operational overhead.

Which combination of steps meets these requirements? (Select TWO.)

Options:

A.

Invoke an AWS Lambda function for each incoming work item. Configure each function to handle the work item completely. Store states in DynamoDB.

B.

Invoke an AWS Step Functions workflow to process incoming work items. Use Lambda functions for business logic. Store work item states in DynamoDB.

C.

Set up an API Gateway REST API to receive work items. Configure the API to invoke a Lambda function for each work item.

D.

Deploy two EC2 Reserved Instances behind an ALB and send requests to an SQS queue.

E.

Set up an API Gateway REST API to receive work items. Send the work items to an SQS queue.

Page: 42 / 68
Total 911 questions