CertsTopics Logo

Pre-Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Amazon Web Services SAA-C03 Questions Answers

Page: 30 / 64
Total 879 questions
Get SAA-C03 Full Access Download SAA-C03 PDF

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Question 117

A company uses an organization in AWS Organizations to manage multiple AWS accounts. Multiple teams access each AWS account by assuming IAM roles. Each team has a unique IAM role. Each IAM role has a unique set of permissions.

A security team wants to automate some security tasks by deploying AWS Lambda functions within each AWS account. The security team wants to ensure that only members of the security team can modify the Lambda functions directly.

Which solution will meet these requirements?

Options:

A.

Create a service control policy SCP that prevents any entity from making changes to Lambda functions except for the IAM role of the security team that is specified in the Principal key. Attach the SCP to the root of the organization.

B.

Create an IAM policy that denies all changes to the Amazon Resource Names ARNs of the Lambda functions. Attach the IAM policy to the root user of each AWS account.

C.

Create a service control policy SCP that denies all changes to Lambda functions. Attach the SCP to the root of the organization.

D.

Create a service control policy SCP that prevents any entity from making changes to Lambda functions except for the IAM role of the security team that is specified in the Condition clause. Attach the SCP to the root of the organization.

Question 118

A multinational company operates in multiple AWS Regions. The company must ensure that its developers and administrators have secure, role-based access to AWS resources.

The roles must be specific to each user ' s geographic location and job responsibilities.

The company wants to implement a solution to ensure that each team can access only resources within the team ' s Region. The company wants to use its existing directory service to manage user access. The existing directory service organizes users into roles based on location. The system must be capable of integrating seamlessly with multi-factor authentication (MFA).

Which solution will meet these requirements?

Options:

A.

Use AWS Security Token Service (AWS STS) to generate temporary access tokens. Integrate STS with the directory service. Assign Region-specific roles.

B.

Configure AWS IAM Identity Center with federated access. Integrate IAM Identity Center with the directory service to set up Region-specific IAM roles.

C.

Create IAM managed policies that restrict access by location. Apply policies based on group membership in the directory.

D.

Use custom Lambda functions to dynamically assign IAM policies based on login location and job function.

Question 119

A company wants to migrate its accounting system from an on-premises data center to the AWS Cloud in a single AWS Region. Data security and an immutable audit log are the top priorities. The company must monitor all AWS activities for compliance auditing. The company has enabled AWS CloudTrail but wants to make sure it meets these requirements.

Which actions should a solutions architect take to protect and secure CloudTrail? (Select TWO.)

Options:

A.

Enable CloudTrail log file validation.

B.

Install the CloudTrail Processing Library.

C.

Enable logging of Insights events in CloudTrail.

D.

Enable custom logging from the on-premises resources.

E.

Create an AWS Config rule to monitor whether CloudTrail is configured to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS).

Question 120

A company runs a custom application on Amazon EC2 On-Demand Instances. The application has frontend nodes that must run 24/7. The backend nodes only need to run for short periods depending on the workload.

Frontend nodes accept jobs and place them in queues. Backend nodes asynchronously process jobs from the queues, and jobs can be restarted. The company wants to scale infrastructure based on workload, using the most cost-effective option.

Which solution meets these requirements MOST cost-effectively?

Options:

A.

Use Reserved Instances for the frontend nodes. Use AWS Fargate for the backend nodes.

B.

Use Reserved Instances for the frontend nodes. Use Spot Instances for the backend nodes.

C.

Use Spot Instances for the frontend nodes. Use Reserved Instances for the backend nodes.

D.

Use Spot Instances for the frontend nodes. Use AWS Fargate for the backend nodes.

Page: 30 / 64
Total 879 questions
Get SAA-C03 Full Access Download SAA-C03 PDF