SAA-C03 Free Practice Test

- (Topic 4)
The following IAM policy is attached to an IAM group. This is the only policy applied to the group.

1. A. Group members are permitted any Amazon EC2 action within the us-east-1 Regio
2. B. Statements after the Allow permission are not applied.
3. C. Group members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA).
4. D. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members arepermitted any other Amazon EC2 action.
5. E. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action within the us-east-1 Region.

Correct Answer: D
This answer is correct because it reflects the effect of the IAM policy on the group members. The policy has two statements: one with an Allow effect and one with a Deny effect. The Allow statement grants permission to perform any EC2 action on any resource within the us-east-1 Region. The Deny statement overrides the Allow statement and denies permission to perform the ec2:StopInstances and ec2:TerminateInstances actions on any resource within the us-east-1 Region, unless the group member is logged in with MFA. Therefore, the group members can perform any EC2 action except stopping or terminating instances in the us-east-1 Region, unless they use MFA.

- (Topic 4)
A company sends AWS CloudTrail logs from multiple AWS accounts to an Amazon S3 bucket in a centralized account. The company must keep the CloudTrail logs. The company must also be able to query the CloudTrail logs at any time
Which solution will meet these requirements?

1. A. Use the CloudTraiI event history in the centralized account to create an Amazon Athena tabl
2. B. Query the CloudTrail logs from Athena.
3. C. Configure an Amazon Neptune instance to manage the CloudTrail log
4. D. Query the CloudTraiI logs from Neptune.
5. E. Configure CloudTrail to send the logs to an Amazon DynamoDB tabl
6. F. Create a dashboard in Amazon QulCkSight to query the logs in the table.
7. G. use Amazon Athena to create an Athena noteboo
8. H. Configure CloudTrail to send the logs to the noteboo
9. I. Run queries from Athena.

Correct Answer: A
it allows the company to keep the CloudTrail logs and query them at any time. By using the CloudTrail event history in the centralized account, the company can view, filter, and download recent API activity across multiple AWS accounts. By creating an Amazon Athena table from the CloudTrail event history, the company can use a serverless interactive query service that makes it easy to analyze data in S3 using standard SQL. By querying the CloudTrail logs from Athena, the company can gain insights into user activity and resource changes. References:
✑ Viewing Events with CloudTrail Event History
✑ Querying AWS CloudTrail Logs
✑ Amazon Athena

- (Topic 4)
A company recently announced the deployment of its retail website to a global audience. The website runs on multiple Amazon EC2 instances behind an Elastic Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones.
The company wants to provide its customers with different versions of content based on the devices that the customers use to access the website.
Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)

1. A. Configure Amazon CloudFront to cache multiple versions of the content.
2. B. Configure a host header in a Network Load Balancer to forward traffic to different instances.
3. C. Configure a Lambda@Edge function to send specific objects to users based on the User-Agent header.
4. D. Configure AWS Global Accelerato
5. E. Forward requests to a Network Load Balancer (NLB). Configure the NLB to set up host-based routing to different EC2 instances.
6. F. Configure AWS Global Accelerato
7. G. Forward requests to a Network Load Balancer (NLB). Configure the NLB to set up path-based routing to different EC2 instances.

Correct Answer: AC
For C: IMPROVED USER EXPERIENCE Lambda@Edge can help improve your users' experience with your websites and web applications across the world, by letting you personalize content for them without sacrificing performance. Real-time Image Transformation You can customize your users' experience by transforming images on the fly based on the user characteristics. For example, you can resize images based on the viewer's device type—mobile, desktop, or tablet. You can also cache the transformed images at CloudFront Edge locations to further improve performance when delivering images. https://aws.amazon.com/lambda/edge/

- (Topic 4)
A company needs to configure a real-time data ingestion architecture for its application. The company needs an API. a process that transforms data as the data is streamed, and a storage solution for the data.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Deploy an Amazon EC2 instance to host an API that sends data to an Amazon Kinesis data strea
2. B. Create an Amazon Kinesis Data Firehose delivery stream that uses the Kinesis data stream as a data sourc
3. C. Use AWS Lambda functions to transform the dat
4. D. Use the Kinesis Data Firehose delivery stream to send the data to Amazon S3.
5. E. Deploy an Amazon EC2 instance to host an API that sends data to AWS Glu
6. F. Stop source/destination checking on the EC2 instanc
7. G. Use AWS Glue to transform the data and to send the data to Amazon S3.
8. H. Configure an Amazon API Gateway API to send data to an Amazon Kinesis datastrea
9. I. Create an Amazon Kinesis Data Firehose delivery stream that uses the Kinesis data stream as a data sourc
10. J. Use AWS Lambda functions to transform the dat
11. K. Use the Kinesis Data Firehose delivery stream to send the data to Amazon S3.
12. L. Configure an Amazon API Gateway API to send data to AWS Glu
13. M. Use AWS Lambda functions to transform the dat
14. N. Use AWS Glue to send the data to Amazon S3.

Correct Answer: C
It uses Amazon Kinesis Data Firehose which is a fully managed service for delivering real-time streaming data to destinations such as Amazon S3. This service requires less operational overhead as compared to option A, B, and D. Additionally, it also uses Amazon API Gateway which is a fully managed service for creating, deploying, and managing APIs. These services help in reducing the operational overhead and automating the data ingestion process.

- (Topic 4)
A company is creating an application that runs on containers in a VPC. The application stores and accesses data in an Amazon S3 bucket During the development phase, the application will store and access 1 TB of data in Amazon S3 each day. The company wants to minimize costs and wants to prevent traffic from traversing the internet whenever possible.
Which solution will meet these requirements?

1. A. Enable S3 Intelligent-Tiering for the S3 bucket.
2. B. Enable S3 Transfer Acceleration for the S3 bucket.
3. C. Create a gateway VPC endpoint for Amazon S3. Associate this endpoint with all route tables in the VPC.
4. D. Create an interface endpoint for Amazon S3 in the VP
5. E. Associate this endpoint with all route tables in the VPC.

Correct Answer: C
A gateway VPC endpoint for Amazon S3 enables private connections between the VPC and Amazon S3 that do not require an internet gateway or NAT device. This minimizes costs and prevents traffic from traversing the internet. A gateway VPC endpoint uses a prefix list as the route target in a VPC route table to route traffic privately to Amazon S31. Associating the endpoint with all route tables in the VPC ensures that all subnets can access Amazon S3 through the endpoint.
Option A is incorrect because S3 Intelligent-Tiering is a storage class that optimizes storage costs by automatically moving objects between two access tiers based on changing access patterns. It does not affect the network traffic between the VPC and Amazon S32.
Option B is incorrect because S3 Transfer Acceleration is a feature that enables fast, easy, and secure transfers of files over long distances between clients and an S3 bucket. It does not prevent traffic from traversing the internet3.
Option D is incorrect because an interface VPC endpoint for Amazon S3 is powered by AWS PrivateLink, which requires an elastic network interface (ENI) with a private IP address in each subnet. This adds complexity and cost to the solution. Moreover, an interface VPC endpoint does not support cross-Region access to Amazon S3. Reference URL: 1: https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html 2: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html#sc- dynamic-data-access 3: https://docs.aws.amazon.com/AmazonS3/latest/userguide/transfer-acceleration.html : https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for- amazon-s3/