SAA-C03 Free Practice Test

- (Topic 1)
A company wants to migrate an on-premises data center to AWS. The data canter hosts an SFTP server that stores its data on an NFS-based file system. The server holds 200 GB of data that needs to be transferred. The server must be hosted on an Amazon EC2 instance that uses an Amazon Elastic File System (Amazon EFS) file system
When combination of steps should a solutions architect take to automate this task? (Select TWO )

1. A. Launch the EC2 instance into the same Avalability Zone as the EFS fie system
2. B. install an AWS DataSync agent m the on-premises data center
3. C. Create a secondary Amazon Elastic Block Store (Amazon EBS) volume on the EC2instance tor the data
4. D. Manually use an operating system copy command to push the data to the EC2 instance
5. E. Use AWS DataSync to create a suitable location configuration for the onprermises SFTP server

Correct Answer: BE
AWS DataSync is an online data movement and discovery service that simplifies data migration and helps users quickly, easily, and securely move their file or object data to, from, and between AWS storage services1. Users can use AWS DataSync to transfer data between on-premises and AWS storage services. To use AWS DataSync, users need to install an AWS DataSync agent in the on-premises data center. The agent is a software appliance that connects to the source or destination storage system and handles the data transfer to or from AWS over the network2. Users also need to use AWS DataSync to create a suitable location configuration for the on-premises SFTP server. A location is a logical representation of a storage system that contains files or objects that users want to transfer using DataSync. Users can create locations for NFS shares, SMB shares, HDFS file systems, self-managed object storage, Amazon S3 buckets, Amazon EFS file systems, Amazon FSx for Windows File Server file systems, Amazon FSx for Lustre file systems, Amazon FSx for OpenZFS file systems, Amazon FSx for NetApp ONTAP file systems, and AWS Snowcone devices3.

- (Topic 1)
A company has thousands of edge devices that collectively generate 1 TB of status alerts each day. Each alert is approximately 2 KB in size. A solutions architect needs to implement a solution to ingest and store the alerts for future analysis.
The company wants a highly available solution. However, the company needs to minimize costs and does not want to manage additional infrastructure. Ad ditionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than 14 days.
What is the MOST operationally efficient solution that meets these requirements?

1. A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3 bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days
2. B. Launch Amazon EC2 instances across two Availability Zones and place them behind an Elastic Load Balancer to ingest the alerts Create a script on the EC2 instances that will store tne alerts m an Amazon S3 bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days
3. C. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon Elasticsearch Service (Amazon ES) duster Set up the Amazon ES cluster to take manual snapshots every day and delete data from the duster that is older than 14 days
4. D. Create an Amazon Simple Queue Service (Amazon SQS i standard queue to ingest the alerts and set the message retention period to 14 days Configure consumers to poll the SQS queue check the age of the message and analyze the message data as needed If the message is 14 days old the consumer should copy the message to an Amazon S3 bucketand delete the message from the SQS queue

Correct Answer: A
https://aws.amazon.com/kinesis/data-firehose/features/?nc=sn&loc=2#:~:text=into Amazon S3, Amazon Redshift, Amazon OpenSearch Service, Kinesis,Delivery streams

- (Topic 1)
A company is deploying a new public web application to AWS. The application will run behind an Application Load Balancer (ALB). The application needs to be encrypted at the edge with an SSL/TLS certificate that is issued by an external certificate authority (CA). The certificate must be rotated each year before the certificate expires.
What should a solutions architect do to meet these requirements?

1. A. Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificat
2. B. Apply the certificate to the AL
3. C. Use the managed renewal feature to automatically rotate the certificate.
4. D. Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificat
5. E. Import the key material from the certificat
6. F. Apply the certificate to the AL
7. G. Use the managed renewal feature to automatically rotate the certificate.
8. H. Use AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root C
9. I. Apply the certificate to the AL
10. J. Use the managed renewal feature to automatically rotate the certificate.
11. K. Use AWS Certificate Manager (ACM) to import an SSL/TLS certificat
12. L. Apply the certificate to the AL
13. M. Use Amazon EventBridge (Amazon CloudWatch Events) to send a notification when the certificate is nearing expiratio
14. N. Rotate the certificate manually.

Correct Answer: D
https://www.amazonaws.cn/en/certificate-manager/faqs/#Managed_renewal_and_deployment

- (Topic 3)
A solutions architect is designing a two-tiered architecture that includes a public subnet and a database subnet. The web servers in the public subnet must be open to the internet on port 443. The Amazon RDS for MySQL D6 instance in the database subnet must be accessible only to the web servers on port 3306.
Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

1. A. Create a network ACL for the public subnet Add a rule to deny outbound traffic to 0 0 0 0/0 on port 3306
2. B. Create a security group for the DB instance Add a rule to allow traffic from the public subnet CIDR block on port 3306
3. C. Create a security group for the web servers in the public subnet Add a rule to allow traffic from 0 0 0 O'O on port 443
4. D. Create a security group for the DB instance Add a rule to allow traffic from the web servers' security group on port 3306
5. E. Create a security group for the DB instance Add a rule to deny all traffic except traffic from the web servers' security group on port 3306

Correct Answer: BC
Security groups are virtual firewalls that protect AWS instances and can be applied to EC2, ELB and RDS1. Security groups have rules for inbound and outbound traffic and are stateful, meaning that responses to allowed inbound traffic are allowed to flow out of the instance2. Network ACLs are different from security groups in several ways. They cover entire subnets, not individual instances, and are stateless, meaning that they require rules for both inbound and outbound traffic2. Network ACLs also support deny rules, while security groups only support allow rules2.
To meet the requirements of the scenario, the solutions architect should create two security groups: one for the DB instance and one for the web servers in the public subnet. The security group for the DB instance should allow traffic from the public subnet CIDR block on port 3306, which is the default port for MySQL3. This way, only the web servers in the public subnet can access the DB instance on that port. The security group for the web servers should allow traffic from 0 0 0 O’O on port 443, which is the default port for HTTPS 4. This way, the web servers can accept secure connections from the internet on that port.

- (Topic 3)
A company provides an API to its users that automates inquiries for tax computations based on item prices. The company experiences a larger number of inquiries during the holiday season only that cause slower response times. A solutions architect needs to design a solution that is scalable and elastic.
What should the solutions architect do to accomplish this?

1. A. Provide an API hosted on an Amazon EC2 instanc
2. B. The EC2 instance performs the required computations when the API request is made.
3. C. Design a REST API using Amazon API Gateway that accepts the item name
4. D. API Gateway passes item names to AWS Lambda for tax computations.
5. E. Create an Application Load Balancer that has two Amazon EC2 instances behind i
6. F. The EC2 instances will compute the tax on the received item names.
7. G. Design a REST API using Amazon API Gateway that connects with an API hosted on an Amazon EC2 instanc
8. H. API Gateway accepts and passes the item names to the EC2 instance for tax computations.

Correct Answer: B
Lambda server-less is scalable and elastic than EC2 api gateway solution