Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

AWS Certified Associate SAA-C03 Full Course Free

Page: 11 / 69
Total 954 questions

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Question 41

The company must encrypt finance reports that are stored in an Amazon S3 bucket. An AWS Lambda function must be able to decrypt the reports dynamically. An IAM group that the company ' s security administrators use must manage the encryption keys. The IAM group must manage key rotation, deletion, and creation. The company must grant access to the keys according to the principle of least privilege.

Which solution will meet these requirements?

Options:

A.

Use server-side encryption with Amazon S3 managed keys SSE-S3 to encrypt the reports in the S3 bucket. Use IAM policies to allow the Lambda function execution role to decrypt the reports.

B.

Use customer managed AWS KMS keys to encrypt the reports in the S3 bucket. Use IAM policies to grant the Lambda function execution role permissions to decrypt the files. Use IAM policies to grant the security administrator IAM group permissions to perform only kms:CreateKey, kms:DeleteKey, and kms:RotateKey actions on KMS keys.

C.

Use server-side encryption with AWS KMS keys to encrypt the reports in the S3 bucket. Use IAM policies to grant the Lambda function execution role permissions to decrypt the reports. Grant the security administrator IAM group permissions to generate KMS keys.

D.

Use customer-managed AWS KMS keys to encrypt the reports in the S3 bucket. Grant the Lambda function execution role and the security administrator IAM group full access to perform all transactions on KMS keys.

Question 42

A company is developing a serverless, bidirectional chat application that can broadcast messages to connected clients. The application is based on AWS Lambda functions. The Lambda functions receive incoming messages in JSON format.

The company needs to provide a frontend component for the application.

Which solution will meet this requirement?

Options:

A.

Use an Amazon API Gateway HTTP API to direct incoming JSON messages to backend destinations.

B.

Use an Amazon API Gateway REST API that is configured with a Lambda proxy integration.

C.

Use an Amazon API Gateway WebSocket API to direct incoming JSON messages to backend destinations.

D.

Use an Amazon CloudFront distribution that is configured with a Lambda function URL as a custom origin.

Question 43

A company has an on-premises volume backup solution that has reached its end of life. The company wants to use AWS as part of a new backup solution and wants to maintain local access to all the data while it is backed up on AWS. The company wants to ensure that the data backed up on AWS is automatically and securely transferred.

Which solution meets these requirements?

Options:

A.

Use AWS Snowball to migrate data out of the on-premises solution to Amazon S3. Configure on-premises systems to mount the Snowball S3 endpoint to provide local access to the data.

B.

Use AWS Snowball Edge to migrate data out of the on-premises solution to Amazon S3. Use the Snowball Edge file interface to provide on-premises systems with local access to the data.

C.

Use AWS Storage Gateway and configure a cached volume gateway. Run the Storage Gateway software appliance on premises and configure a percentage of data to cache locally. Mount the gateway storage volumes to provide local access to the data.

D.

Use AWS Storage Gateway and configure a stored volume gateway. Run the Storage Gateway software appliance on premises and map the gateway storage volumes to on-premises storage. Mount the gateway storage volumes to provide local access to the data.

Question 44

A company is running a media store across multiple Amazon EC2 instances distributed across multiple Availability Zones in a single VPC. The company wants a high-performing solution to share data between all the EC2 instances, and prefers to keep the data within the VPC only.

What should a solutions architect recommend?

Options:

A.

Create an Amazon S3 bucket and call the service APIs from each instance ' s application.

B.

Create an Amazon S3 bucket and configure all instances to access it as a mounted volume.

C.

Configure an Amazon Elastic Block Store (Amazon EBS) volume and mount it across all instances.

D.

Configure an Amazon Elastic File System (Amazon EFS) file system and mount It across all instances.

Page: 11 / 69
Total 954 questions