• Home
  • Articles
  • Verified SAA-C03 dumps Q&As - 2024 Latest SAA-C03 Download [Q202-Q221]

Verified SAA-C03 dumps Q&As - 2024 Latest SAA-C03 Download [Q202-Q221]

Share

Verified SAA-C03 dumps Q&As - 2024 Latest SAA-C03 Download

Dumps Questions [2024] Pass for SAA-C03 Exam

NEW QUESTION # 202
A company plans to use Amazon ElastiCache for its multi-tier web application. A solutions architect creates a Cache VPC for the ElastiCache cluster and an App VPC for the application's Amazon EC2 instances. Both VPCs are in the us-east-1 Region.
The solutions architect must implement a solution to provide the application's EC2 instances with access to the ElastiCache cluster.
Which solution will meet these requirements MOST cost-effectively?

  • A. Create a peering connection between the VPCs. Add a route table entry for the peering connection in both VPCs. Configure an inbound rule for the peering connection's security group to allow inbound connection from the application's security group.
  • B. Create a Transit VPC. Update the VPC route tables in the Cache VPC and the App VPC to route traffic through the Transit VPC. Configure an inbound rule for the Transit VPC's security group to allow inbound connection from the application's security group.
  • C. Create a Transit VPC. Update the VPC route tables in the Cache VPC and the App VPC to route traffic through the Transit VPC. Configure an inbound rule for the ElastiCache cluster's security group to allow inbound connection from the application's security group.
  • D. Create a peering connection between the VPCs. Add a route table entry for the peering connection in both VPCs. Configure an inbound rule for the ElastiCache cluster's security group to allow inbound connection from the application's security group.

Answer: D

Explanation:
Explanation
Creating a peering connection between the VPCs allows the application's EC2 instances to communicate with the ElastiCache cluster directly and efficiently. This is the most cost-effective solution as it does not involve creating additional resources such as a Transit VPC, and it does not incur additional costs for traffic passing through the Transit VPC. Additionally, it is also more secure as it allows you to configure a more restrictive security group rule to allow inbound connection from only the application's security group.


NEW QUESTION # 203
A company uses multiple vendors to distribute digital assets that are stored in Amazon S3 buckets The company wants to ensure that its vendor AWS accounts have the minimum access that is needed to download objects in these S3 buckets Which solution will meet these requirements with the LEAST operational overhead?

  • A. Design a bucket policy that gives read-only access to users. Specify 1AM entities as principals
  • B. Create a cross-account 1AM role that has a read-only access policy specified for the 1AM role.
  • C. Design a bucket policy that has anonymous read permissions and permissions to list ail buckets.
  • D. Create a user policy and vendor user groups that give read-only access to vendor users

Answer: B

Explanation:
A cross-account IAM role is a way to grant users from one AWS account access to resources in another AWS account. The cross-account IAM role can have a read-only access policy attached to it, which allows the users to download objects from the S3 buckets without modifying or deleting them. The cross-account IAM role also reduces the operational overhead of managing multiple IAM users and policies in each account. The cross-account IAM role meets all the requirements of the question, while the other options do not. Reference:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example2.html
https://aws.amazon.com/blogs/storage/setting-up-cross-account-amazon-s3-access-with-s3-access-points/
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html


NEW QUESTION # 204
A company wants to migrate an on-premises data center to AWS. The data canter hosts an SFTP server that stores its data on an NFS-based file system. The server holds 200 GB of data that needs to be transferred. The server must be hosted on an Amazon EC2 instance that uses an Amazon Elastic File System (Amazon EFS) file system When combination of steps should a solutions architect take to automate this task? (Select TWO )

  • A. Create a secondary Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instance tor the data
  • B. Launch the EC2 instance into the same Avalability Zone as the EFS fie system
  • C. Manually use an operating system copy command to push the data to the EC2 instance
  • D. Use AWS DataSync to create a suitable location configuration for the onprermises SFTP server
  • E. install an AWS DataSync agent m the on-premises data center

Answer: D,E

Explanation:
Explanation
AWS DataSync is an online data movement and discovery service that simplifies data migration and helps users quickly, easily, and securely move their file or object data to, from, and between AWS storage services1.
Users can use AWS DataSync to transfer data between on-premises and AWS storage services. To use AWS DataSync, users need to install an AWS DataSync agent in the on-premises data center. The agent is a software appliance that connects to the source or destination storage system and handles the data transfer to or from AWS over the network2. Users also need to use AWS DataSync to create a suitable location configuration for the on-premises SFTP server. A location is a logical representation of a storage system that contains files or objects that users want to transfer using DataSync. Users can create locations for NFS shares, SMB shares, HDFS file systems, self-managed object storage, Amazon S3 buckets, Amazon EFS file systems, Amazon FSx for Windows File Server file systems, Amazon FSx for Lustre file systems, Amazon FSx for OpenZFS file systems, Amazon FSx for NetApp ONTAP file systems, and AWS Snowcone devices3.


NEW QUESTION # 205
A company seeks a storage solution for its application The solution must be highly available and scalable. The solution also must function as a file system, be mountable by multiple Linux instances in AWS and on premises through native protocols, and have no minimum size requirements. The company has set up a Site-to-Site VPN for access from its on-premises network to its VPC.
Which storage solution meets these requirements?

  • A. Amazon FSx Multi-AZ deployments
  • B. Amazon Elastic Block Store (Amazon EBS) Multi-Attach volumes
  • C. Amazon Elastic File System (Amazon EFS) with multiple mount targets
  • D. Amazon Elastic File System (Amazon EFS) with a single mount target and multiple access points

Answer: C

Explanation:
Amazon EFS is a fully managed file system that can be mounted by multiple Linux instances in AWS and on premises through native protocols such as NFS and SMB. Amazon EFS has no minimum size requirements and can scale up and down automatically as files are added and removed. Amazon EFS also supports high availability and durability by allowing multiple mount targets in different Availability Zones within a region.
Amazon EFS meets all the requirements of the question, while the other options do not. References:
https://aws.amazon.com/efs/
https://docs.aws.amazon.com/wellarchitected/latest/performance-efficiency-pillar/storage-architecture-sele
https://aws.amazon.com/blogs/storage/from-on-premises-to-aws-hybrid-cloud-architecture-for-network-fil


NEW QUESTION # 206
A retail company uses a regional Amazon API Gateway API for its public REST APIs. The API Gateway endpoint is a custom domain name that points to an Amazon Route 53 alias record. A solutions architect needs to create a solution that has minimal effects on customers and minimal data loss to release the new version of APIs.
Which solution will meet these requirements?

  • A. Create a new API Gateway endpoint with new versions of the API definitions. Create a custom domain name for the new API Gateway API. Point the Route 53 alias record to the new API Gateway API custom domain name.
  • B. Create a new API Gateway endpoint with a new version of the API in OpenAPI YAML file format. Use the import-to-update operation in merge mode into the API in API Gateway. Deploy the new version of the API to the production stage.
  • C. Create a new API Gateway endpoint with a new version of the API in OpenAPI JSON file format. Use the import-to-update operation in overwrite mode into the API in API Gateway. Deploy the new version of the API to the production stage.
  • D. Create a canary release deployment stage for API Gateway. Deploy the latest API version. Point an appropriate percentage of traffic to the canary stage. After API verification, promote the canary stage to the production stage.

Answer: D

Explanation:
This answer is correct because it meets the requirements of releasing the new version of APIs with minimal effects on customers and minimal data loss. A canary release deployment is a software development strategy in which a new version of an API is deployed for testing purposes, and the base version remains deployed as a production release for normal operations on the same stage. In a canary release deployment, total API traffic is separated at random into a production release and a canary release with a pre-configured ratio. Typically, the canary release receives a small percentage of API traffic and the production release takes up the rest. The updated API features are only visible to API traffic through the canary. You can adjust the canary traffic percentage to optimize test coverage or performance. By keeping canary traffic small and the selection random, most users are not adversely affected at any time by potential bugs in the new version, and no single user is adversely affected all the time. After the test metrics pass your requirements, you can promote the canary release to the production release and disable the canary from the deployment. This makes the new features available in the production stage.
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/canary-release.html


NEW QUESTION # 207
A company collects data from a large number of participants who use wearabledevices.The company stores the data in an Amazon DynamoDB table and uses applications to analyze the dat a. The data workload is constant and predictable. The company wants to stay at or below its forecasted budget for DynamoDB.
Whihc solution will meet these requirements MOST cost-effectively?

  • A. Use on-demand mode. Set the read capacity unite (RCUs) and write capacity units (WCUs) high enough to accommodate changes in the workload.
  • B. Use on-demand mode. Specify the read capacity units (RCUs) and write capacity units (WCUs) with reserved capacity.
  • C. Use provisioned mode Specify the read capacity units (RCUs) and write capacity units (WCUs).
  • D. Use provisioned mode and DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA). Reserve capacity for the forecasted workload.

Answer: A


NEW QUESTION # 208
A solutions architect wants to use the following JSON text as an identity-based policy to grant specific permissions:

Which IAM principals can the solutions architect attach this policy to? (Select TWO.)

  • A. Group
  • B. Amazon EC2 resource
  • C. Amazon Elastic Container Service (Amazon ECS) resource
  • D. Organization
  • E. Role

Answer: A,E

Explanation:
This JSON text is an identity-based policy that grants specific permissions. The IAM principals that the solutions architect can attach this policy to are Role and Group. This is because the policy is written in JSON and is an identity-based policy, which can be attached to IAM principals such as users, groups, and roles. Identity-based policies are permissions policies that you attach to IAM identities (users, groups, or roles) and explicitly state what that identity is allowed (or denied) to do1. Identity-based policies are different from resource-based policies, which define the permissions around the specific resource1. Resource-based policies are attached to a resource, such as an Amazon S3 bucket or an Amazon EC2 instance1. Resource-based policies can also specify a principal, which is the entity that is allowed or denied access to the resource1. Organization is not an IAM principal, but a feature of AWS Organizations that allows you to manage multiple AWS accounts centrally2. Amazon ECS resource and Amazon EC2 resource are not IAM principals, but AWS resources that can have resource-based policies attached to them34.
Reference:
Identity-based policies and resource-based policies
AWS Organizations
Amazon ECS task role
Amazon EC2 instance profile


NEW QUESTION # 209
An ecommerce company wants to launch a one-deal-a-day website on AWS. Each day will feature exactly one product on sale for a period of 24 hours. The company wants to be able to handle millions of requests each hour with millisecond latency during peak hours.
Which solution will meet these requirements with the LEAST operational overhead?

  • A. Deploy the full website on Amazon EC2 instances that run in Auto Scaling groups across multiple Availability Zones Add an Application Load Balancer (ALB) to distribute the website traffic Add another ALB for the backend APIs Store the data in Amazon RDS for MySQL
  • B. Migrate the full application to run in containers Host the containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use the Kubernetes Cluster Autoscaler to increase and decrease the number of pods to process bursts in traffic Store the data in Amazon RDS for MySQL
  • C. Use Amazon S3 to host the full website in different S3 buckets Add Amazon CloudFront distributions Set the S3 buckets as origins for the distributions Store the order data in Amazon S3
  • D. Use an Amazon S3 bucket to host the website's static content Deploy an Amazon CloudFront distribution. Set the S3 bucket as the origin Use Amazon API Gateway and AWS Lambda functions for the backend APIs Store the data in Amazon DynamoDB

Answer: D

Explanation:
Explanation
To launch a one-deal-a-day website on AWS with millisecond latency during peak hours and with the least operational overhead, the best option is to use an Amazon S3 bucket to host the website's static content, deploy an Amazon CloudFront distribution, set the S3 bucket as the origin, use Amazon API Gateway and AWS Lambda functions for the backend APIs, and store the data in Amazon DynamoDB. This option requires minimal operational overhead and can handle millions of requests each hour with millisecond latency during peak hours. Therefore, option D is the correct answer.
Reference:
https://aws.amazon.com/blogs/compute/building-a-serverless-multi-player-game-with-aws-lambda-and-amazon-


NEW QUESTION # 210
A company uses a legacy application to produce data in CSV format The legacy application stores the output data In Amazon S3 The company is deploying a new commercial off-the-shelf (COTS) application that can perform complex SQL queries to analyze data that is stored Amazon Redshift and Amazon S3 only However the COTS application cannot process the csv files that the legacy application produces The company cannot update the legacy application to produce data in another format The company needs to implement a solution so that the COTS application can use the data that the legacy applicator produces.
Which solution will meet these requirements with the LEAST operational overhead?

  • A. Create a AWS Glue extract, transform, and load (ETL) job that runs on a schedule. Configure the ETL job to process the .csv files and store the processed data in Amazon Redshit.
  • B. Use Amazon EventBridge (Amazon CloudWatch Events) to launch an Amazon EMR cluster on a weekly schedule. Configure the EMR cluster to perform an extract, tractform, and load (ETL) job to process the .csv files and store the processed data in an Amazon Redshift table.
  • C. Develop a Python script that runs on Amazon EC2 instances to convert the. csv files to sql files invoke the Python script on cron schedule to store the output files in Amazon S3.
  • D. Create an AWS Lambda function and an Amazon DynamoDB table. Use an S3 event to invoke the Lambda function. Configure the Lambda function to perform an extract transform, and load (ETL) job to process the .csv files and store the processed data in the DynamoDB table.

Answer: D

Explanation:
Explanation
According to the Amazon website, Amazon S3 Select is an Amazon S3 feature that enables applications to retrieve only a subset of data from an object. It offers an efficient way to access data stored in Amazon S3 and can significantly improve query performance, save money, and increase the scalability of applications that frequently access data in S3. S3 Select allows applications to retrieve only the data that is needed, instead of the entire object, and supports SQL expressions, CSV, and JSON. Additionally, S3 Select can be used to query objects stored in the S3 Glacier storage class. The exact text from the Amazon website about S3 Select is:
"Amazon S3 Select is an Amazon S3 feature that enables applications to retrieve only a subset of data from an object. It offers an efficient way to access data stored in Amazon S3 and can significantly improve query performance, save money, and increase the scalability of applications that frequently access data in S3. S3 Select allows applications to retrieve only the data that is needed, instead of the entire object, and supports SQL expressions, CSV, and JSON. Additionally, S3 Select can be used to query objects stored in the S3 Glacier storage class."


NEW QUESTION # 211
A company needs to minimize the cost of its 1 Gbps AWS Direct Connect connection. The company's average connection utilization is less than 10%. A solutions architect must recommend a solution that will reduce the cost without compromising security.
Which solution will meet these requirements?

  • A. Set up a new 200 Mbps Direct Connect connection in the AWS Management Console.
  • B. Set up a new 1 Gbps Direct Connect connection. Share the connection with another AWS account.
  • C. Contact an AWS Direct Connect Partner to order a 1 Gbps connection. Share the connection with another AWS account.
  • D. Contact an AWS Direct Connect Partner to order a 200 Mbps hosted connection for an existing AWS account.

Answer: D

Explanation:
Explanation
company need to setup a cheaper connection (200 M) but B is incorrect because you can only order port speeds of 1, 10, or 100 Gbps for more flexibility you can go with hosted connection, You can order port speeds between 50 Mbps and 10 Gbps.
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect.html


NEW QUESTION # 212
A company has migrated an application to Amazon EC2 Linux instances. One of these EC2 instances runs several 1-hour tasks on a schedule. These tasks were written by different teams and have no common programming language. The company is concerned about performance and scalability while these tasks run on a single instance. A solutions architect needs to implement a solution to resolve these concerns.
Which solution will meet these requirements with the LEAST operational overhead?

  • A. Use AWS Batch to run the tasks as jobs. Schedule the jobs by using Amazon EventBridge (Amazon CloudWatch Events).
  • B. Copy the tasks into AWS Lambda functions. Schedule the Lambda functions by using Amazon EventBridge (Amazon CloudWatch Events).
  • C. Convert the EC2 instance to a container. Use AWS App Runner to create the container on demand to run the tasks as jobs.
  • D. Create an Amazon Machine Image (AMI) of the EC2 instance that runs the tasks. Create an Auto Scaling group with the AMI to run multiple copies of the instance.

Answer: B


NEW QUESTION # 213
A company is designing a web application on AWS The application will use a VPN connection between the company's existing data centers and the company's VPCs. The company uses Amazon Route 53 as its DNS service. The application must use private DNS records to communicate with the on-premises services from a VPC. Which solution will meet these requirements in the MOST secure manner?

  • A. Create a Route 53 public hosted zone. Create a record for each service to allow service communication.
  • B. Create a Route 53 Resolver outbound endpoint. Create a resolver rule. Associate the resolver rule with the VPC
  • C. Create a Route 53 Resolver inbound endpoint. Create a resolver rule. Associate the resolver rule with the VPC.
  • D. Create a Route 53 private hosted zone. Associate the private hosted zone with the VPC.

Answer: B

Explanation:
To meet the requirements of the web application in the most secure manner, the company should create a Route 53 Resolver outbound endpoint, create a resolver rule, and associate the resolver rule with the VPC.
This solution will allow the application to use private DNS records to communicate with the on-premises services from a VPC. Route 53 Resolver is a service that enables DNS resolution between on-premises networks and AWS VPCs. An outbound endpoint is a set of IP addresses that Resolver uses to forward DNS queries from a VPC to resolvers on an on-premises network. A resolver rule is a rule that specifies the domain names for which Resolver forwards DNS queries to the IP addresses that you specify in the rule. By creating an outbound endpoint and a resolver rule, and associating them with the VPC, the company can securely resolve DNS queries for the on-premises services using private DNS records12.
The other options are not correct because they do not meet the requirements or are not secure. Creating a Route 53 Resolver inbound endpoint, creating a resolver rule, and associating the resolver rule with the VPC is not correct because this solution will allow DNS queries from on-premises networks to access resources in a VPC, not vice versa. An inbound endpoint is a set of IP addresses that Resolver uses to receive DNS queries from resolvers on an on-premises network1. Creating a Route 53 private hosted zone and associating it with the VPC is not correct because this solution will only allow DNS resolution for resources within the VPC or other VPCs that are associated with the same hosted zone. A private hosted zone is a container for DNS records that are only accessible from one or more VPCs3. Creating a Route 53 public hosted zone and creating a record for each service to allow service communication is not correct because this solution will expose the on-premises services to the public internet, which is not secure. A public hosted zone is a container for DNS records that are accessible from anywhere on the internet3.
References:
Resolving DNS queries between VPCs and your network - Amazon Route 53
Working with rules - Amazon Route 53
Working with private hosted zones - Amazon Route 53


NEW QUESTION # 214
A company is building an application that consists of several microservices. The company has decided to use container technologies to deploy its software on AWS. The company needs a solution that minimizes the amount of ongoing effort for maintenance and scaling. The company cannot manage additional infrastructure.
Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)

  • A. Deploy the Kubernetes control plane on Amazon EC2 instances that span multiple Availability Zones.
  • B. Deploy an Amazon Elastic Container Service (Amazon ECS) cluster.
  • C. Deploy an Amazon Elastic Container Service (Amazon ECS) service with a Fargate launch type.
    Specify a desired task number level of greater than or equal to 2.
  • D. Deploy Kubernetes worker nodes on Amazon EC2 instances that span multiple Availability Zones.
    Create a deployment that specifies two or more replicas for each microservice.
  • E. Deploy an Amazon Elastic Container Service (Amazon ECS) service with an Amazon EC2 launch type.
    Specify a desired task number level of greater than or equal to 2.

Answer: B,C

Explanation:
AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers.
https://docs.aws.amazon.com/AmazonECS/latest/userguide/what-is-fargate.html


NEW QUESTION # 215
A solutions architect is implementing a complex Java application with a MySQL database. The Java application must be deployed on Apache Tomcat and must be highly available.
What should the solutions architect do to meet these requirements?

  • A. Deploy the application by using AWS Elastic Beanstalk. Configure a load-balanced environment and a rolling deployment policy.
  • B. Yauch an Amazon EC2 instance. Install a MySQL server on the EC2 instance. Configure the application on the server. Create an AMI. Use the AMI to create a launch template with an Auto caling group.
  • C. Deploy the application in AWS Lambda. Configure an Amazon API Gateway API to connect with the Lambda functions.
  • D. Migrate the database to Amazon ElastiCache. Configure the ElastiCache security group to allow access from the application.

Answer: A

Explanation:
AWS Elastic Beanstalk provides an easy and quick way to deploy, manage, and scale applications. It supports a variety of platforms, including Java and Apache Tomcat. By using Elastic Beanstalk, the solutions architect can upload the Java application and configure the environment to run Apache Tomcat.


NEW QUESTION # 216
A company is developing an application that provides order shipping statistics for retrieval by a REST API. The company wants to extract the shipping statistics, organize the data into an easy-to-read HTML format, and send the report to several email addresses at the same time every morning.
Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

  • A. Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that invokes an AWS Lambda function to query the application's API for the data.
  • B. Use Amazon Simple Email Service (Amazon SES) to format the data and to send the report by email.
  • C. Configure the application to send the data to Amazon Kinesis Data Firehose.
  • D. Store the application data in Amazon S3. Create an Amazon Simple Notification Service (Amazon SNS) topic as an S3 event destination to send the report by
  • E. Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that invokes an AWS Glue job to query the application's API for the data.

Answer: A,B

Explanation:
https://docs.aws.amazon.com/ses/latest/dg/send-email-formatted.html
d) Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that invokes an AWS Lambda function to query the application's API for the data. This step can be done using AWS Lambda to extract the shipping statistics and organize the data into an HTML format.
b) Use Amazon Simple Email Service (Amazon SES) to format the data and send the report by email. This step can be done by using Amazon SES to send the report to multiple email addresses at the same time every morning.
Therefore, options D and B are the correct choices for this question. Option A is incorrect because Kinesis Data Firehose is not necessary for this use case. Option C is incorrect because AWS Glue is not required to query the application's API. Option E is incorrect because S3 event notifications cannot be used to send the report by email.


NEW QUESTION # 217
A Docker application, which is running on an Amazon ECS cluster behind a load balancer, is heavily using DynamoDB. You are instructed to improve the database performance by distributing the workload evenly and using the provisioned throughput efficiently.
Which of the following would you consider to implement for your DynamoDB table?

  • A. Avoid using a composite primary key, which is composed of a partition key and a sort key.
  • B. Use partition keys with high-cardinality attributes, which have a large number of distinct values for each item.
  • C. Reduce the number of partition keys in the DynamoDB table.
  • D. Use partition keys with low-cardinality attributes, which have a few number of distinct values for each item.

Answer: B

Explanation:
The partition key portion of a table's primary key determines the logical partitions in which a table's data is stored. This in turn affects the underlying physical partitions. Provisioned I/O capacity for the table is divided evenly among these physical partitions. Therefore a partition key design that doesn't distribute I/O requests evenly can create "hot" partitions that result in throttling and use your provisioned I/O capacity inefficiently.
The optimal usage of a table's provisioned throughput depends not only on the workload patterns of individual items, but also on the partition-key design. This doesn't mean that you must access all partition key values to achieve an efficient throughput level, or even that the percentage of accessed partition key values must be high. It does mean that the more distinct partition key values that your workload accesses, the more those requests will be spread across the partitioned space. In general, you will use your provisioned throughput more efficiently as the ratio of partition key values accessed to the total number of partition key values increases.
One example for this is the use of partition keys with high-cardinality attributes, which have a large number of distinct values for each item.
Reducing the number of partition keys in the DynamoDB table is incorrect. Instead of doing this, you should actually add more to improve its performance to distribute the I/O requests evenly and not avoid
"hot" partitions.
Using partition keys with low-cardinality attributes, which have a few number of distinct values for each item is incorrect because this is the exact opposite of the correct answer. Remember that the more distinct partition key values your workload accesses, the more those requests will be spread across the partitioned space. Conversely, the less distinct partition key values, the less evenly spread it would be across the partitioned space, which effectively slows the performance.
The option that says: Avoid using a composite primary key, which is composed of a partition key and a sort key is incorrect because as mentioned, a composite primary key will provide more partition for the table and in turn, improves the performance. Hence, it should be used and not avoided. References:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-uniform-load.ht ml
https://aws.amazon.com/blogs/database/choosing-the-right-dynamodb-partition-key/ Check out this Amazon DynamoDB Cheat Sheet:
https://tutorialsdojo.com/amazon-dynamodb/
Amazon DynamoDB Overview:
https://www.youtube.com/watch?v=3ZOyUNIeorU


NEW QUESTION # 218
A company uses a popular content management system (CMS) for its corporate website.
However, the required patching and maintenance are burdensome.
The company is redesigning its website and wants anew solution.
The website will be updated four times a year and does not need to have any dynamic content available.
The solution must provide high scalability and enhanced security.
Which combination of changes will meet these requirements with the LEAST operational overhead? (Choose two.)

  • A. Create the new website. Deploy the website by using an Auto Scaling group of Amazon EC2 instances behind an Application Load Balancer.
  • B. Deploy an AWS WAF web ACL in front of the website to provide HTTPS functionality
  • C. Create and deploy an AWS Lambda function to manage and serve the website content
  • D. Create the new website and an Amazon S3 bucket Deploy the website on the S3 bucket with static website hosting enabled

Answer: A,B


NEW QUESTION # 219
A solutions architect is designing a two-tiered architecture that includes a public subnet and a database subnet.
The web servers in the public subnet must be open to the internet on port 443. The Amazon RDS for MySQL D6 instance in the database subnet must be accessible only to the web servers on port 3306.
Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

  • A. Create a network ACL for the public subnet Add a rule to deny outbound traffic to 0 0 0 0/0 on port
    3306
  • B. Create a security group for the DB instance Add a rule to deny all traffic except traffic from the web servers' security group on port 3306
  • C. Create a security group for the DB instance Add a rule to allow traffic from the web servers' security group on port 3306
  • D. Create a security group for the web servers in the public subnet Add a rule to allow traffic from 0 0 0 O'O on port 443
  • E. Create a security group for the DB instance Add a rule to allow traffic from the public subnet CIDR block on port 3306

Answer: D,E

Explanation:
Security groups are virtual firewalls that protect AWS instances and can be applied to EC2, ELB and RDS1
. Security groups have rules for inbound and outbound traffic and are stateful, meaning that responses to allowed inbound traffic are allowed to flow out of the instance2. Network ACLs are different from security groups in several ways. They cover entire subnets, not individual instances, and are stateless, meaning that they require rules for both inbound and outbound traffic2. Network ACLs also support deny rules, while security groups only support allow rules2.
To meet the requirements of the scenario, the solutions architect should create two security groups: one for the DB instance and one for the web servers in the public subnet. The security group for the DB instance should allow traffic from the public subnet CIDR block on port 3306, which is the default port for MySQL3. This way, only the web servers in the public subnet can access the DB instance on that port. The security group for the web servers should allow traffic from 0 0 0 O'O on port 443, which is the default port for HTTPS4. This way, the web servers can accept secure connections from the internet on that port.


NEW QUESTION # 220
A company plans to build a web architecture using On-Demand EC2 instances and a database in AWS. However, due to budget constraints, the company instructed the Solutions Architect to choose a database service in which they no longer need to worry about database management tasks such as hardware or software provisioning, setup, configuration, scaling, and backups.
Which of the following services should the Solutions Architect recommend?

  • A. Amazon ElastiCache
  • B. Amazon RDS
  • C. Amazon Redshift
  • D. Amazon DynamoDB

Answer: D

Explanation:
Basically, a database service in which you no longer need to worry about database management tasks such as hardware or software provisioning, setup, and configuration is called a fully managed database.
This means that AWS fully manages all of the database management tasks and the underlying host server. The main differentiator here is the keyword "scaling" in the question. In RDS, you still have to manually scale up your resources and create Read Replicas to improve scalability while in DynamoDB, this is automatically done.
Amazon DynamoDB is the best option to use in this scenario. It is a fully managed non-relational database service - you simply create a database table, set your target utilization for Auto Scaling, and let the service handle the rest. You no longer need to worry about database management tasks such as hardware or software provisioning, setup, and configuration, software patching, operating a reliable, distributed database cluster, or partitioning data over multiple instances as you scale. DynamoDB also lets you backup and restore all your tables for data archival, helping you meet your corporate and governmental regulatory requirements.

Amazon RDS is incorrect because this is just a "managed" service and not "fully managed". This means that you still have to handle the backups and other administrative tasks such as when the automated OS patching will take place.
Amazon ElastiCache is incorrect. Although ElastiCache is fully managed, it is not a database service but an In-Memory Data Store.
Amazon Redshift is incorrect. Although this is fully managed, it is not a database service but a Data Warehouse.
References:
https://aws.amazon.com/dynamodb/
https://aws.amazon.com/products/databases/
Check out this Amazon DynamoDB Cheat Sheet:
https://tutorialsdojo.com/amazon-dynamodb/


NEW QUESTION # 221
......

Updated Amazon Study Guide SAA-C03 Dumps Questions: https://www.validtorrent.com/SAA-C03-valid-exam-torrent.html

Valid SAA-C03 exam with Amazon Real Exam Questions: https://drive.google.com/open?id=1fndHjGKhPpPgaXQ_YOyEA9KMHomtbs8J

Related Articles

more
Amazon SAA-C03 Certification Practice Exam

Copyright © 2026 ValidTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy