Exam Logo

Amazon (SAA-C03) Exam Questions And Answers page 26

A company is preparing to deploy a data lake on AWS. A solutions architect must define the encryption strategy tor data at rest m Amazon S3/ The company s security policy states:

• Keys must be rotated every 90 days.
• Strict separation of duties between key users and key administrators must be implemented.
• Auditing key usage must be possible.

What should the solutions architect recommend?
Specify Secure Applications and Architectures
A company is preparing to deploy a new serverless workload. A solutions architect needs to configure permissions for invoking an AWS Lambda function. The function will be triggered by an Amazon EventBridge (Amazon CloudWatch Events) rule. Permissions should be configured using the principle of least privilege.

Which solution will meet these requirements?
Define Performant Architectures Specify Secure Applications and Architectures
A company is preparing to deploy a new serverless workload. A solutions architect needs to configure permissions for invoking an AWS Lambda function. The function will be triggered by an Amazon EventBridge (Amazon CloudWatch Events) rule. Permissions should be configured using the principle of least privilege.

Which solution will meet these requirements?
Define Performant Architectures Specify Secure Applications and Architectures
A company is preparing to launch a public-facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third party service is used for the DNS. The company s solutions architect must recommend a solution to detect and protect against largescale DDoS attacks.

Which solution meets these requirements?
Specify Secure Applications and Architectures Design Cost-Optimized Architectures
A company is preparing to migrate its on-premises application to AWS. The application consists of application servers and a Microsoft SQL Server database The database cannot be migrated to a different engine because SQL Server features are used in the application s NET code. The company wants to attain the greatest availability possible while minimizing operational and management overhead.

What should a solutions architect do to accomplish this?
Design Resilient Architectures Define Performant Architectures
A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year.

Which solution meets these requirements and is the MOST operationally efficient?
Specify Secure Applications and Architectures Design Cost-Optimized Architectures
A company is processing data on a daily basis. The results of the operations are stored in an Amazon S3 bucket, analyzed daily for one week, and then must remain immediately accessible for occasional analysis.

What is the MOST cost-effective storage solution alternative to the current configuration?
Design Cost-Optimized Architectures
A company is Re-architecting a strongly coupled application to be loosely coupled. Previously the application used a request/response pattern to communicate between tiers. The company plans to use Amazon Simple Queue Service (Amazon SQS) to achieve decoupling requirements. The initial design contains one queue for requests and one for responses. However, this approach is not processing all the messages as the application scales.

What should a solutions architect do to resolve this issue?
Design Resilient Architectures Define Performant Architectures
A company is relocating its data center and wants to securely transfer 50 TB of data to AWS within 2 weeks. The existing data center has a Site-to-Site VPN connection to AWS that is 90% utilized.

Which AWS service should a solutions architect use to meet these requirements?
Specify Secure Applications and Architectures
A company is reviewing a recent migration of a three-tier application to a VPC. The security team discovers that the principle of least privilege is not being applied to Amazon EC2 security group ingress and egress rules between the application tiers.

What should a solutions architect do to correct this issue?
Specify Secure Applications and Architectures