Selected SAA-C03 AWS Certified Associate Questions Answers

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Question 69

A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year.

Which solution meets these requirements and is the MOST operationally efficient?

Options:

Server-side encryption with customer-provided keys (SSE-C)

Server-side encryption with Amazon S3 managed keys (SSE-S3)

Server-side encryption with AWS KMS keys (SSE-KMS) with manual rotation

Server-side encryption with AWS KMS keys (SSE-KMS) with automatic rotation

Question 70

A company is planning to migrate an on-premises online transaction processing (OLTP) database that uses MySQL to an AWS managed database management system. Several reporting and analytics applications use the on-premises database heavily on weekends and at the end of each month. The cloud-based solution must be able to handle read-heavy surges during weekends and at the end of each month.

Which solution will meet these requirements?

Options:

Migrate the database to an Amazon Aurora MySQL cluster. Configure Aurora Auto Scaling to use replicas to handle surges.

Migrate the database to an Amazon EC2 instance that runs MySQL. Use an EC2 instance type that has ephemeral storage. Attach Amazon EBS Provisioned IOPS SSD (io2) volumes to the instance.

Migrate the database to an Amazon RDS for MySQL database. Configure the RDS for MySQL database for a Multi-AZ deployment, and set up auto scaling.

Migrate from the database to Amazon Redshift. Use Amazon Redshift as the database for both OLTP and analytics applications.

Question 71

A company is using AWS DataSync to migrate millions of files from an on-premises system to AWS. The files are 10 KB in size on average.

The company wants to use Amazon S3 for file storage. For the first year after the migration the files will be accessed once or twice and must be immediately available. After 1 year the files must be archived for at least 7 years.

Which solution will meet these requirements MOST cost-effectively?

Options:

Use an archive tool lo group the files into large objects. Use DataSync to migrate the objects. Store the objects in S3 Glacier Instant Retrieval for the first year. Use a lifecycle configuration to transition the files to S3 Glacier Deep Archive after 1 year with a retention period of 7 years.

Use an archive tool to group the files into large objects. Use DataSync to copy the objects to S3 Standard-Infrequent Access (S3 Standard-IA). Use a lifecycle configuration to transition the files to S3 Glacier Instant Retrieval after 1 year with a retention period of 7 years.

Configure the destination storage class for the files as S3 Glacier Instant. Retrieval Use a lifecycle policy to transition the files to S3 Glacier Flexible Retrieval after 1 year with a retention period of 7 years.

Configure a DataSync task to transfer the files to S3 Standard-Infrequent Access (S3 Standard-IA) Use a lifecycle configuration to transition the files to S3. Deep Archive after 1 year with a retention period of 7 years.

Question 72

An e-commerce company stores inventory, order, and user information in multiple Amazon Redshift clusters. The Redshift clusters must comply with the company's security policies. The company must receive notifications about any security configuration violations.

Which solution will meet these requirements?

Options:

Create an Amazon EventBridge rule that uses the Redshift clusters as the source. Create an AWS Lambda function to evaluate the Redshift cluster security configuration. Configure theLambda function to notify the company of any violations of the security policies. Add the Lambda function as a target of the EventBridge rule.

Create an AWS Lambda function to check the validity of the Redshift cluster security configurations. Create an Amazon EventBridge rule that invokes the Lambda function when Redshift clusters are created. Notify the company of any violations of security policies.

Set up Amazon Redshift Advisor in the company's AWS account to monitor cluster configurations. Configure Redshift Advisor to generate notifications for security items that the company must address.

Create an AWS Lambda function to check the Redshift clusters for any violation of the security configurations. Create an AWS Config custom rule to invoke the Lambda function when Redshift cluster security configurations are modified. Provide the compliance state of each Redshift cluster to AWS Config. Configure AWS Config to notify the company of any violations of the security policies.

Answer:

Explanation:

Comprehensive and Detailed Step-by-Step Explanation:

The company needsautomatic monitoringandnotificationsforsecurity violationsin Amazon Redshift clusters.

Option A:❌

Create an Amazon EventBridge rule that uses the Redshift clusters as the source. Create an AWS Lambda function to evaluate the Redshift cluster security configuration. Configure the Lambda function to notify the company of any violations of the security policies. Add the Lambda function as a target of the EventBridge rule.

EventBridgecan trigger actionsbased on events.

However, itdoes not track changesin Redshift security configurations.

Why not?AWS Configis bettersuited forcompliance monitoring.

[Reference:Amazon EventBridge, , Option B:❌, Create an AWS Lambda function to check the validity of the Redshift cluster security configurations. Create an Amazon EventBridge rule that invokes the Lambda function when Redshift clusters are created. Notify the company of any violations of security policies., Explanation:, This solutiononly checks security at cluster creation., Itdoes not detect changesthat happenafter the cluster is created., Why not?Security policiesneed continuous monitoring., Reference:EventBridge Rules, , Option C:❌, Set up Amazon Redshift Advisor in the company's AWS account to monitor cluster configurations. Configure Redshift Advisor to generate notifications for security items that the company must address., Explanation:, Redshift Advisorprovides performance tuning recommendationsbutdoes not monitor security settings., Why not?Itdoes not provide compliance checks., Reference:Amazon Redshift Advisor, , Option D:✅, Create an AWS Lambda function to check the Redshift clusters for any violation of the security configurations. Create an AWS Config custom rule to invoke the Lambda function when Redshift cluster security configurations are modified. Provide the compliance state of each Redshift cluster to AWS Config. Configure AWS Config to notify the company of any violations of the security policies., Explanation:, AWS Configtracksconfiguration changesin Redshift clusters., Custom AWS Config rulesallowsecurity compliance enforcement., Lambdacan performcustom security checksand notify the company., Why is this best?AWS Config isdesigned for compliance monitoring., Reference:AWS Config for Security Compliance, , , ]

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Selected SAA-C03 AWS Certified Associate Questions Answers

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce