SAA-C03 (117-139) University Quiz

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications. What should a solutions architect do to reduce the operational burden?

Use multi-factor authentication (MFA) to protect the encryption keys.

Use AWS Key Management Service (AWS KMS) to protect the encryption keys.

Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys.

Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys.

Answer explanation

Using AWS Key Management Service (AWS KMS) simplifies key management by providing a fully managed service for creating and controlling encryption keys, reducing operational burden compared to other options.

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A company has a dynamic web application hosted on two Amazon EC2 instances. The company has its own SSL certificate, which is on each instance to perform SSL termination. There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit. What should a solutions architect do to increase the application's performance?

Create a new SSL certificate using AWS Certificate Manager (ACM). Install the ACM certificate on each instance.

Create an Amazon S3 bucket Migrate the SSL certificate to the S3 bucket. Configure the EC2 instances to reference the bucket for SSL termination.

Create another EC2 instance as a proxy server. Migrate the SSL certificate to the new instance and configure it to direct connections to the existing EC2 instances.

Import the SSL certificate into AWS Certificate Manager (ACM). Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM.

Answer explanation

Importing the SSL certificate into AWS Certificate Manager (ACM) and using an Application Load Balancer for SSL termination offloads the encryption/decryption process, improving performance and scalability of the web application.

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A company has a highly dynamic batch processing job that uses many Amazon EC2 instances to complete it. The job is stateless in nature, can be started and stopped at any given time with no negative impact, and typically takes upwards of 60 minutes total to complete. The company has asked a solutions architect to design a scalable and cost-effective solution that meets the requirements of the job. What should the solutions architect recommend?

Implement EC2 Spot Instances.

Purchase EC2 Reserved Instances.

Implement EC2 On-Demand Instances.

Implement the processing on AWS Lambda.

Answer explanation

Implementing EC2 Spot Instances is ideal for this stateless, dynamic batch job as it allows for significant cost savings while providing the scalability needed to handle variable workloads effectively.

4.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

A company runs its two-tier ecommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2 instances require internet access to complete payment processing of orders through a third-party web service. The application must be highly available. Which combination of configuration options will meet these requirements? (Choose two.)

Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.

Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.

Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones. Deploy an RDS Multi-AZ DB instance in private subnets.

Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnet.

Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets.

Answer explanation

The correct choices ensure EC2 instances are in private subnets for security while allowing internet access via NAT gateways. RDS in Multi-AZ enhances availability, meeting the requirement for a highly available architecture.

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A solutions architect needs to implement a solution to reduce a company's storage costs. All the company's data is in the Amazon S3 Standard storage class. The company must keep all data for at least 25 years. Data from the most recent 2 years must be highly available and immediately retrievable. Which solution will meet these requirements?

Set up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive immediately.

Set up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 2 years.

Use S3 Intelligent-Tiering. Activate the archiving option to ensure that data is archived in S3 Glacier Deep Archive.

Set up an S3 Lifecycle policy to transition objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately and to S3 Glacier Deep Archive after 2 years.

Answer explanation

The correct choice is to set up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 2 years. This meets the requirement of keeping recent data highly available while reducing costs for older data.

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing, 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore. Which set of services should a solutions architect recommend to meet these requirements?

Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

Amazon EBS for maximum performance, Amazon EFS for durable data storage, and Amazon S3 Glacier for archival storage

Amazon EC2 instance store for maximum performance, Amazon EFS for durable data storage, and Amazon S3 for archival storage

Amazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

Answer explanation

Amazon EBS provides high I/O performance for video processing, Amazon S3 offers durable storage for media content, and Amazon S3 Glacier is ideal for cost-effective archival storage, making this the best choice.

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A company wants to run applications in containers in the AWS Cloud. These applications are stateless and can tolerate disruptions within the underlying infrastructure. The company needs a solution that minimizes cost and operational overhead. What should a solutions architect do to meet these requirements?

Use Spot Instances in an Amazon EC2 Auto Scaling group to run the application containers.

Use Spot Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.

Use On-Demand Instances in an Amazon EC2 Auto Scaling group to run the application containers.

Use On-Demand Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.

Answer explanation

Using Spot Instances in an EC2 Auto Scaling group minimizes costs while allowing for application disruptions, making it ideal for stateless applications. This option balances cost efficiency and operational simplicity.

8.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

A company is running a multi-tier web application on premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records. The operational overhead of maintaining the infrastructure and capacity planning is limiting the company's growth. A solutions architect must improve the application's infrastructure. Which combination of actions should the solutions architect take to accomplish this? (Choose two.)

Migrate the PostgreSQL database to Amazon Aurora.

Migrate the web application to be hosted on Amazon EC2 instances.

Set up an Amazon CloudFront distribution for the web application content.

Set up Amazon ElastiCache between the web application and the PostgreSQL database.

Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS).

Answer explanation

Migrating the PostgreSQL database to Amazon Aurora enhances scalability and reduces maintenance. Hosting the web application on AWS Fargate with Amazon ECS simplifies management and allows for automatic scaling, addressing operational overhead.

9.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An application runs on Amazon EC2 instances across multiple Availability Zones. The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer. The application performs best when the CPU utilization of the EC2 instances is at or near 40%. What should a solutions architect do to maintain the desired performance across all instances in the group?

Use a simple scaling policy to dynamically scale the Auto Scaling group.

Use a target tracking policy to dynamically scale the Auto Scaling group.

Use an AWS Lambda function to update the desired Auto Scaling group capacity.

Use scheduled scaling actions to scale up and scale down the Auto Scaling group.

Answer explanation

Using a target tracking policy allows the Auto Scaling group to automatically adjust capacity to maintain the desired CPU utilization of 40%, ensuring optimal performance without manual intervention.

10.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A company is developing a file-sharing application that will use an Amazon S3 bucket for storage. The company wants to serve all the files through an Amazon CloudFront distribution. The company does not want the files to be accessible through direct navigation to the S3 URL. What should a solutions architect do to meet these requirements?

Write individual policies for each S3 bucket to grant read permission for only CloudFront access.

Create an IAM user. Grant the user read permission to objects in the S3 bucket. Assign the user to CloudFront.

Write an S3 bucket policy that assigns the CloudFront distribution ID as the Principal and assigns the target S3 bucket as the Amazon Resource Name (ARN).

Create an origin access identity (OAI). Assign the OAI to the CloudFront distribution. Configure the S3 bucket permissions so that only the OAI has read permission.

Answer explanation

Creating an origin access identity (OAI) allows CloudFront to securely access the S3 bucket. By configuring the bucket permissions to allow only the OAI read access, direct access via S3 URLs is effectively restricted.

Create a free account and access millions of resources

Similar Resources on Quizizz

Popular Resources on Quizizz

Discover more resources for Information Technology (IT)