Amazon Web Services

SAA-C03

AWS Certified
Solutions Architect -
Associate (SAA-C03)
Version: Demo

[ Total Questions: 10]

Web: www.marks4sure.com

Email: [email protected]
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any
suggestions, please feel free to contact us at [email protected]

Support
If you have any questions about our product, please provide the following items:

exam code
screenshot of the question
login id/email

please contact us at [email protected] and our technical experts will provide support within 24 hours.

Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
Practice Test Amazon Web Services - SAA-C03

Exam Topic Breakdown

Exam Topic Number of Questions
Topic 6 : Exam Pool F 2
Topic 4 : Exam Pool D 2
Topic 5 : Exam Pool E 2
Topic 1 : Exam Pool A 2
Topic 3 : Exam Pool C 2
Topic 2 : Exam Pool B 0
TOTAL 10

Pass Your Certification With Marks4sure Guarantee 1 of 13

Practice Test Amazon Web Services - SAA-C03

Topic 6, Exam Pool F

Question #:1 - (Exam Topic 6)

A company is deploying a new gaming application on Amazon EC2 instances. The gaming application needs
to have access to shared storage.

The company requires a high-performance solution to give the application the ability to use an existing
custom protocol to access shared storage. The solution must ensure low latency and must be operationally
efficient.

Which solution will meet these requirements?

A. Create an Amazon FSx File Gateway. Create a file share that uses the existing custom protocol.
Connect the EC2 instances that host the application to the file share.

B. Create an Amazon EC2 Windows instance. Install and configure a Windows file share role on the
instance. Connect the EC2 instances that host the application to the file share.

C. Create an Amazon Elastic File System (Amazon EFS) file system. Configure the file system to support
Lustre. Connect the EC2 instances that host the application to the file system.

D. Create an Amazon FSx for Lustre file system. Connect the EC2 instances that host the application to the
file system.

Answer: D

Explanation
Amazon FSx for Lustre is a high-performance, fully managed file system that is ideal for applications
requiring low-latency access to shared storage, especially in use cases like gaming where high throughput and
low latency are essential. It integrates easily with EC2 instances, providing fast and scalable shared storage,
and supports custom protocols for specific application needs.

Option A (FSx File Gateway): FSx File Gateway is designed for hybrid cloud storage and is not suited
for high-performance gaming workloads.

Option B (EC2 Windows instance): Setting up a file share on a Windows instance would introduce
additional administrative overhead and would not provide the necessary performance.

Option C (EFS with Lustre): While Lustre is integrated with FSx, EFS does not natively support
Lustre.

AWS References:

Amazon FSx for Lustre

Question #:2 - (Exam Topic 6)

Pass Your Certification With Marks4sure Guarantee 2 of 13

Practice Test Amazon Web Services - SAA-C03

A company that has multiple AWS accounts maintains an on-premises Microsoft Active Directory. The
company needs a solution to implement Single Sign-On for its employees. The company wants to use AWS
IAM Identity Center.

The solution must meet the following requirements:

Allow users to access AWS accounts and third-party applications by using existing Active Directory
credentials.

Enforce multi-factor authentication (MFA) to access AWS accounts.

Centrally manage permissions to access AWS accounts and applications.

Options:

A. Create an IAM identity provider for Active Directory in each AWS account. Ensure that Active
Directory users and groups access AWS accounts directly through IAM roles. Use IAM Identity Center
to enforce MFA in each account for all users.

B. Use AWS Directory Service to create a new AWS Managed Microsoft AD Active Directory. Configure
IAM Identity Center in each account to use the new AWS Managed Microsoft AD Active Directory as
the identity source. Use IAM Identity Center to enforce MFA for all users.

C. Use IAM Identity Center with the existing Active Directory as the identity source. Enforce MFA for all
users. Use AWS Organizations and Active Directory groups to manage access permissions for AWS
accounts and application access.

D. Use AWS Lambda functions to periodically synchronize Active Directory users and groups with IAM
users and groups in each AWS account. Use IAM roles and policies to manage application access.
Create a second Lambda function to enforce MFA.

Answer: C

Explanation
Detailed Explanation:

A. IAM identity provider: Does not support centralized management across multiple accounts.

B. AWS Managed AD: Unnecessary if an on-premises Active Directory already exists.

C. IAM Identity Center + Existing AD: Best approach to integrate existing Active Directory for SSO,
with MFA and centralized permissions.

D. Lambda for synchronization: Adds complexity and does not leverage IAM Identity Center
capabilities.

References: AWS IAM Identity Center

Pass Your Certification With Marks4sure Guarantee 3 of 13

Practice Test Amazon Web Services - SAA-C03

Topic 4, Exam Pool D

Question #:3 - (Exam Topic 4)

A company’s compliance team needs to move its file shares to AWS. The shares run on a Windows Server
SMB file share. A self-managed on-premises Active Directory controls access to the files and folders.

The company wants to use Amazon FSx for Windows File Server as part of the solution. The company must
ensure that the on-premises Active Directory groups restrict access to the FSx for Windows File Server SMB
compliance shares, folders, and files after the move to AWS. The company has created an FSx for Windows
File Server file system.

Which solution will meet these requirements?

A. Create an Active Directory Connector to connect to the Active Directory. Map the Active Directory
groups to IAM groups to restrict access.

B. Assign a tag with a Restrict tag key and a Compliance tag value. Map the Active Directory groups to
IAM groups to restrict access.

C. Create an IAM service-linked role that is linked directly to FSx for Windows File Server to restrict
access.

D. Join the file system to the Active Directory to restrict access.

Answer: D

Explanation
Joining the FSx for Windows File Server file system to the on-premises Active Directory will allow the
company to use the existing Active Directory groups to restrict access to the file shares, folders, and files after
the move to AWS. This option allows the company to continue using their existing access controls and
management structure, making the transition to AWS more seamless.

Question #:4 - (Exam Topic 4)

A company stores its data on premises. The amount of data is growing beyond the company's available
capacity.

The company wants to migrate its data from the on-premises location to an Amazon S3 bucket The company
needs a solution that will automatically validate the integrity of the data after the transfer

Which solution will meet these requirements?

A. Order an AWS Snowball Edge device Configure the Snowball Edge device to perform the online data
transfer to an S3 bucket.

Pass Your Certification With Marks4sure Guarantee 4 of 13

Practice Test Amazon Web Services - SAA-C03

B. Deploy an AWS DataSync agent on premises. Configure the DataSync agent to perform the online data
transfer to an S3 bucket.

C. Create an Amazon S3 File Gateway on premises. Configure the S3 File Gateway to perform the online
data transfer to an S3 bucket

D. Configure an accelerator in Amazon S3 Transfer Acceleration on premises. Configure the accelerator to

perform the online data transfer to an S3 bucket.

Answer: B

Explanation
it allows the company to migrate its data from the on-premises location to an Amazon S3 bucket and
automatically validate the integrity of the data after the transfer. By deploying an AWS DataSync agent on
premises, the company can use a fully managed data transfer service that makes it easy to move large amounts
of data to and from AWS. By configuring the DataSync agent to perform the online data transfer to an S3
bucket, the company can take advantage of DataSync’s features, such as encryption, compression, bandwidth
throttling, and data validation. DataSync automatically verifies data integrity at both source and destination
after each transfer task. References:

AWS DataSync

Deploying an Agent for AWS DataSync

How AWS DataSync Works

Pass Your Certification With Marks4sure Guarantee 5 of 13

Practice Test Amazon Web Services - SAA-C03

Topic 5, Exam Pool E

Question #:5 - (Exam Topic 5)

A company has applications that run on Amazon EC2 instances. The EC2 instances connect to Amazon RDS
databases by using an 1AM role that has associated policies. The company wants to use AWS Systems
Manager to patch the EC2 instances without disrupting the running applications.

Which solution will meet these requirements?

A. Create a new 1AM role. Attach the AmazonSSMManagedlnstanceCore policy to the new 1AM role.
Attach the new 1AM role to the EC2 instances and the existing 1AM role.

B. Create an 1AM user. Attach the AmazonSSMManagedlnstanceCore policy to the 1AM user. Configure
Systems Manager to use the 1AM user to manage the EC2 instances.

C. Enable Default Host Configuration Management in Systems Manager to manage the EC2 instances.

D. Remove the existing policies from the existing 1AM role. Add the AmazonSSMManagedlnstanceCore
policy to the existing 1AM role.

Answer: C

Explanation
The most suitable solution for the company’s requirements is to enable Default Host Configuration
Management in Systems Manager to manage the EC2 instances. This solution will allow the company to
patch the EC2 instances without disrupting the running applications and without manually creating or
modifying IAM roles or users.

Default Host Configuration Management is a feature of AWS Systems Manager that enables Systems
Manager to manage EC2 instances automatically as managed instances. A managed instance is an EC2
instance that is configured for use with Systems Manager. The benefits of managing instances with Systems
Manager include the following:

Connect to EC2 instances securely using Session Manager.

Perform automated patch scans using Patch Manager.

View detailed information about instances using Systems Manager Inventory.

Track and manage instances using Fleet Manager.

Keep SSM Agent up to date automatically.

Default Host Configuration Management makes it possible to manage EC2 instances without having to
manually create an IAM instance profile. Instead, Default Host Configuration Management creates and

Pass Your Certification With Marks4sure Guarantee 6 of 13

Practice Test Amazon Web Services - SAA-C03

applies a default IAM role to ensure that Systems Manager has permissions to manage all instances in the
Region and account where it is activated. If the permissions provided are not sufficient for the use case, the
default IAM role can be modified or replaced with a custom role1.

The other options are not correct because they either have more operational overhead or do not meet the
requirements. Creating a new IAM role, attaching the AmazonSSMManagedInstanceCore policy to the new
IAM role, and attaching the new IAM role and the existing IAM role to the EC2 instances is not correct
because this solution requires manual creation and management of IAM roles, which adds complexity and
cost to the solution. The AmazonSSMManagedInstanceCore policy is a managed policy that grants
permissions for Systems Manager core functionality2. Creating an IAM user, attaching the
AmazonSSMManagedInstanceCore policy to the IAM user, and configuring Systems Manager to use the
IAM user to manage the EC2 instances is not correct because this solution requires manual creation and
management of IAM users, which adds complexity and cost to the solution. An IAM user is an identity within
an AWS account that has specific permissions for a single person or application3. Removing the existing
policies from the existing IAM role and adding the AmazonSSMManagedInstanceCore policy to the existing
IAM role is not correct because this solution may disrupt the running applications that rely on the existing
policies for accessing RDS databases. An IAM role is an identity within an AWS account that has specific
permissions for a service or entity4.

References:

AWS managed policy: AmazonSSMManagedInstanceCore

IAM users

IAM roles

Default Host Management Configuration - AWS Systems Manager

Question #:6 - (Exam Topic 5)

A company uses Amazon S3 to store high-resolution pictures in an S3 bucket. To minimize application

changes, the company stores the pictures as the latest version of an S3 object

The company needs to retain only the two most recent versions ot the pictures.

The company wants to reduce costs. The company has identified the S3 bucket as a large expense.

Which solution will reduce the S3 costs with the LEAST operational overhead?

A. Use S3 Lifecycle to delete expired object versions and retain the two most recent versions.

B. Use an AWS Lambda function to check for older versions and delete all but the two most recent
versions

C. Use S3 Batch Operations to delete noncurrent object versions and retain only the two most recent
versions

D. Deactivate versioning on the S3 bucket and retain the two most recent versions.

Pass Your Certification With Marks4sure Guarantee 7 of 13

Practice Test Amazon Web Services - SAA-C03

Answer: A

Explanation
S3 Lifecycle is a feature that allows you to automate the management of your S3 objects based on predefined
rules. You can use S3 Lifecycle to delete expired object versions and retain the two most recent versions by
creating a lifecycle configuration rule that applies to all objects in the bucket and specifies the expiration
action for noncurrent versions. This way, you can reduce the storage costs of your S3 bucket without
requiring any application changes or manual intervention. S3 Lifecycle runs once a day and marks the eligible
object versions for deletion. You are no longer charged for the objects that are marked for deletion. S3
Lifecycle is the most cost-effective and simple solution among the options.

B. Use an AWS Lambda function to check for older versions and delete all but the two most recent versions.
This option is not optimal because it requires you to write, test, and maintain a custom Lambda function that
scans the S3 bucket for older versions and deletes them. This can incur additional costs for Lambda
invocations and increase the operational complexity and overhead. Moreover, you need to ensure that your
Lambda function has the appropriate permissions and error handling mechanisms to perform the deletion
operation.

C. Use S3 Batch Operations to delete noncurrent object versions and retain only the two most recent versions.
This option is not ideal because S3 Batch Operations is designed for performing large-scale operations on S3
objects, such as copying, tagging, restoring, or invoking a Lambda function. To use S3 Batch Operations to
delete noncurrent object versions, you need to provide a manifest file that lists the object versions that you
want to delete. This can be challenging and time-consuming to generate and update. Moreover, S3 Batch
Operations charges you for each operation that you perform, which can increase your costs.

D. Deactivate versioning on the S3 bucket and retain the two most recent versions. This option is not feasible
because deactivating versioning on an S3 bucket does not delete the existing object versions. Instead, it
prevents new versions from being created. Therefore, you still need to delete the older versions manually or
use another method to do so. Additionally, deactivating versioning can compromise the data protection and
recovery capabilities of your S3 bucket.

References:

1 Considering four different replication options for data in Amazon S3 | AWS Storage Blog

2 Using AWS Lambda with Amazon S3 batch operations - AWS Lambda

3 Empty an Amazon S3 bucket with a lifecycle configuration rule

4 Amazon S3 - Lifecycle Management - GeeksforGeeks

Pass Your Certification With Marks4sure Guarantee 8 of 13

Practice Test Amazon Web Services - SAA-C03

Topic 1, Exam Pool A

Question #:7 - (Exam Topic 1)

A company is storing sensitive user information in an Amazon S3 bucket The company wants to provide
secure access to this bucket from the application tier running on Ama2on EC2 instances inside a VPC.

Which combination of steps should a solutions architect take to accomplish this? (Select TWO.)

A. Configure a VPC gateway endpoint for Amazon S3 within the VPC

B. Create a bucket policy to make the objects to the S3 bucket public

C. Create a bucket policy that limits access to only the application tier running in the VPC

D. Create an IAM user with an S3 access policy and copy the IAM credentials to the EC2 instance

E. Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket

Answer: A C

Explanation
https://aws.amazon.com/premiumsupport/knowledge-center/s3-private-connection-no-authentication/

Question #:8 - (Exam Topic 1)

A company has thousands of edge devices that collectively generate 1 TB of status alerts each day. Each alert
is approximately 2 KB in size. A solutions architect needs to implement a solution to ingest and store the
alerts for future analysis.

The company wants a highly available solution. However, the company needs to minimize costs and does not
want to manage additional infrastructure. Ad ditionally, the company wants to keep 14 days of data available
for immediate analysis and archive any data older than 14 days.

What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data
Firehose stream to deliver the alerts to an Amazon S3 bucket Set up an S3 Lifecycle configuration to
transition data to Amazon S3 Glacier after 14 days

B. Launch Amazon EC2 instances across two Availability Zones and place them behind an Elastic Load
Balancer to ingest the alerts Create a script on the EC2 instances that will store tne alerts m an Amazon
S3 bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days

Pass Your Certification With Marks4sure Guarantee 9 of 13

Practice Test Amazon Web Services - SAA-C03

C. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data
Firehose stream to deliver the alerts to an Amazon Elasticsearch Service (Amazon ES) duster Set up the
Amazon ES cluster to take manual snapshots every day and delete data from the duster that is older
than 14 days

D. Create an Amazon Simple Queue Service (Amazon SQS i standard queue to ingest the alerts and set the
message retention period to 14 days Configure consumers to poll the SQS queue check the age of the
message and analyze the message data as needed If the message is 14 days old the consumer should
copy the message to an Amazon S3 bucket and delete the message from the SQS queue

Answer: A

Explanation
https://aws.amazon.com/kinesis/data-firehose/features/?nc=sn&loc=2#:~:text=into%20Amazon%20S3%2C%
20Amazon%20Redshift%2C%20Amazon%20OpenSearch%20Service%2C%20Kinesis,Delivery%20streams

Pass Your Certification With Marks4sure Guarantee 10 of 13

Practice Test Amazon Web Services - SAA-C03

Topic 3, Exam Pool C

Question #:9 - (Exam Topic 3)

A company hosts a frontend application that uses an Amazon API Gateway API backend that is integrated
with AWS Lambda When the API receives requests, the Lambda function loads many libranes Then the
Lambda function connects to an Amazon RDS database processes the data and returns the data to the frontend
application. The company wants to ensure that response latency is as low as possible for all its users with the
fewest number of changes to the company's operations

Which solution will meet these requirements'?

A. Establish a connection between the frontend application and the database to make queries faster by
bypassing the API

B. Configure provisioned concurrency for the Lambda function that handles the requests

C. Cache the results of the queries in Amazon S3 for faster retneval of similar datasets.

D. Increase the size of the database to increase the number of connections Lambda can establish at one time

Answer: B

Explanation
Configure provisioned concurrency for the Lambda function that handles the requests. Provisioned
concurrency allows you to set the amount of compute resources that are available to the Lambda function, so
that it can handle more requests at once and reduce latency. Caching the results of the queries in Amazon S3
could also help to reduce latency, but it would not be as effective as setting up provisioned concurrency.
Increasing the size of the database would not help to reduce latency, as this would not increase the number of
connections the Lambda function could establish, and establishing a direct connection between the frontend
application and the database would bypass the API, which would not be the best solution either.

Using AWS Lambda with Amazon API Gateway - AWS Lambda

https://docs.aws.amazon.com/lambda/latest/dg/services-apigateway.html

AWS Lambda FAQs

https://aws.amazon.com/lambda/faqs/

Question #:10 - (Exam Topic 3)

A company stores its data objects in Amazon S3 Standard storage. A solutions architect has found that 75% of
the data is rarely accessed after 30 days. The company needs all the data to remain immediately accessible
with the same high availability and resiliency, but the company wants to minimize storage costs.

Which storage solution will meet these requirements?

Pass Your Certification With Marks4sure Guarantee 11 of 13

Practice Test Amazon Web Services - SAA-C03

A. Move the data objects to S3 Glacier Deep Archive after 30 days.

B. Move the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

C. Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.

D. Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately.

Answer: B

Explanation
Move the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days - will meet the
requirements of keeping the data immediately accessible with high availability and resiliency, while
minimizing storage costs. S3 Standard-IA is designed for infrequently accessed data, and it provides a lower
storage cost than S3 Standard, while still offering the same low latency, high throughput, and high durability
as S3 Standard.

Pass Your Certification With Marks4sure Guarantee 12 of 13

Practice Test Amazon Web Services - SAA-C03

Topic 2, Exam Pool B

Pass Your Certification With Marks4sure Guarantee 13 of 13

About Marks4sure.com
marks4sure.com was founded in 2007. We provide latest & high quality IT / Business Certification Training Exam
Questions, Study Guides, Practice Tests.

We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.

View list of all certification exams: All vendors

We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses
listed below.

Sales: [email protected]
Feedback: [email protected]
Support: [email protected]

Any problems about IT certification or our products, You can write us back and we will get back to you within 24
hours.