Home/ Practice/ SAA-C03 Questions/ Page 3

AWS SAA-C03 Free Practice Questions — Page 3

Solutions Architect Associate • 5 questions • Answers & explanations included

Question 11

A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management. What should a solutions architect do to accomplish this goal?

A. Use AWS Secrets Manager. Turn on automatic rotation.
B. Use AWS Systems Manager Parameter Store. Turn on automatic rotation.
C. Create an Amazon S3 bucket to store objects that are encrypted with an AWS Key Management Service (AWS KMS) encryption key. Migrate the credential file to the S3 bucket. Point the application to the S3 bucket.
D. Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance. Attach the new EBS volume to each EC2 instance. Migrate the credential file to the new EBS volume. Point the application to the new EBS volume.
Show Answer & Explanation

Correct Answer: A. Use AWS Secrets Manager. Turn on automatic rotation.

To minimize the operational overhead of credential management for an application using Amazon EC2 instances and an Amazon Aurora database, the most suitable option is to use AWS Secrets Manager with automatic rotation. AWS Secrets Manager allows for the secure storage, management, and automated rotation of database credentials, API keys, and other secrets, reducing the need for manual credential updates and improving security compliance. By turning on automatic rotation, the company ensures that credentials are regularly updated without human intervention, minimizing operational overhead effectively.

Question 12

A global company hosts its web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The web application has static data and dynamic data. The company stores its static data in an Amazon S3 bucket. The company wants to improve performance and reduce latency for the static data and dynamic data. The company is using its own domain name registered with Amazon Route 53. What should a solutions architect do to meet these requirements?

A. Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins. Configure Route 53 to route traffic to the CloudFront distribution.
B. Create an Amazon CloudFront distribution that has the ALB as an origin. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint Configure Route 53 to route traffic to the CloudFront distribution.
C. Create an Amazon CloudFront distribution that has the S3 bucket as an origin. Create an AWS Global Accelerator standard accelerator that has the ALB and the CloudFront distribution as endpoints. Create a custom domain name that points to the accelerator DNS name. Use the custom domain name as an endpoint for the web application.
D. Create an Amazon CloudFront distribution that has the ALB as an origin. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint. Create two domain names. Point one domain name to the CloudFront DNS name for dynamic content. Point the other domain name to the accelerator DNS name for static content. Use the domain names as endpoints for the web application.
Show Answer & Explanation

Correct Answer: A. Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins. Configure Route 53 to route traffic to the CloudFront distribution.

To reduce latency and improve performance for both static and dynamic data, the company should use a content delivery network (CDN) such as Amazon CloudFront. By creating a CloudFront distribution with both the S3 bucket (for static data) and the Application Load Balancer (ALB) (for dynamic data) as origins, the content can be cached and delivered more efficiently to users around the world. Once this CloudFront distribution is set up, Route 53 can be configured to route traffic to the CloudFront distribution, providing users with a low-latency experience for both types of content.

Question 13

A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions. Which solution will meet these requirements with the LEAST operational overhead?

A. Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets Manager to rotate the secrets on a schedule.
B. Store the credentials as secrets in AWS Systems Manager by creating a secure string parameter. Use multi-Region secret replication for the required Regions. Configure Systems Manager to rotate the secrets on a schedule.
C. Store the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function to rotate the credentials.
D. Encrypt the credentials as secrets by using AWS Key Management Service (AWS KMS) multi-Region customer managed keys. Store the secrets in an Amazon DynamoDB global table. Use an AWS Lambda function to retrieve the secrets from DynamoDB. Use the RDS API to rotate the secrets.
Show Answer & Explanation

Correct Answer: A. Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets Manager to rotate the secrets on a schedule.

To meet the requirement of rotating credentials for Amazon RDS for MySQL databases across multiple AWS Regions with the least operational overhead, storing the credentials as secrets in AWS Secrets Manager and using multi-Region secret replication is the most efficient solution. AWS Secrets Manager provides integrated support for automated secret rotation on a schedule, secure storage, and multi-Region replication. This minimizes manual intervention and simplifies the management of secrets across multiple regions.

Question 14

A company runs an ecommerce application on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales based on CPU utilization metrics. The ecommerce application stores the transaction data in a MySQL 8.0 database that is hosted on a large EC2 instance. The database's performance degrades quickly as application load increases. The application handles more read requests than write transactions. The company wants a solution that will automatically scale the database to meet the demand of unpredictable read workloads while maintaining high availability. Which solution will meet these requirements?

A. Use Amazon Redshift with a single node for leader and compute functionality.
B. Use Amazon RDS with a Single-AZ deployment Configure Amazon RDS to add reader instances in a different Availability Zone.
C. Use Amazon Aurora with a Multi-AZ deployment. Configure Aurora Auto Scaling with Aurora Replicas.
D. Use Amazon ElastiCache for Memcached with EC2 Spot Instances.
Show Answer & Explanation

Correct Answer: C. Use Amazon Aurora with a Multi-AZ deployment. Configure Aurora Auto Scaling with Aurora Replicas.

Using Amazon Aurora with a Multi-AZ deployment and configuring Aurora Auto Scaling with Aurora Replicas is the most appropriate solution. Aurora is a MySQL-compatible relational database engine that provides high performance and scalability. With a Multi-AZ deployment, the database is automatically replicated across multiple Availability Zones for high availability. Aurora Auto Scaling ensures the database can automatically add or remove Aurora Replicas based on the workload, allowing the database to handle unpredictable read workloads efficiently. This meets the requirements of maintaining high availability while scaling automatically to meet the demand.

Question 15

A company recently migrated to AWS and wants to implement a solution to protect the traffic that flows in and out of the production VPC. The company had an inspection server in its on-premises data center. The inspection server performed specific operations such as traffic flow inspection and traffic filtering. The company wants to have the same functionalities in the AWS Cloud. Which solution will meet these requirements?

A. Use Amazon GuardDuty for traffic inspection and traffic filtering in the production VPC.
B. Use Traffic Mirroring to mirror traffic from the production VPC for traffic inspection and filtering.
C. Use AWS Network Firewall to create the required rules for traffic inspection and traffic filtering for the production VPC.
D. Use AWS Firewall Manager to create the required rules for traffic inspection and traffic filtering for the production VPC.
Show Answer & Explanation

Correct Answer: C. Use AWS Network Firewall to create the required rules for traffic inspection and traffic filtering for the production VPC.

To protect the traffic in and out of a production VPC on AWS and to perform specific operations such as traffic flow inspection and traffic filtering, AWS Network Firewall is the appropriate solution. It is a managed firewall service that allows you to create rules for both inbound and outbound traffic, ensuring a robust security posture. With its ability to perform deep packet inspection and advanced traffic filtering, it aligns closely with the functionalities described, replicating what an on-premises inspection server would do within the AWS environment.

Ready for the Full SAA-C03 Experience?

Access all 204 pages of practice questions, track your progress, and simulate the real exam with timed mode.

Start Interactive Quiz →

Recommended Next Certifications

After SAA-C03, consider these certification paths:

SAP-C02 — Solutions Architect Professional ANS-C01 — Advanced Networking SCS-C02 — Security Specialty