AWS Certified Solutions Architect Associate(SAA C03)

The AWS Certified Solutions Architect Associate(SAA C03) were last updated on today.
  • Viewing page 4 out of 198 pages.
  • Viewing questions 16-20 out of 990 questions
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #16 Topic 1

A solutions architect must design a highly available infrastructure for a website. The website is powered by Windows web servers that run on Amazon EC2 instances. The solutions architect must implement a solution that can mitigate a large-scale DDoS attack that originates from thousands of IP addresses. Downtime is not acceptable for the website. Which actions should the solutions architect take to protect the website from such an attack? (Choose two.)

  • A Use AWS Shield Advanced to stop the DDoS attack.
  • B Configure Amazon GuardDuty to automatically block the attackers.
  • C Configure the website to use Amazon CloudFront for both static and dynamic content.
  • D Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.
  • E Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization.
Suggested Answer: AC
NOTE: Answer is :A,C
Explanation :AWS Shield Advanced is specifically designed to help protect an application against DDoS attacks. Amazon CloudFront is used to deliver both static and dynamic website content, and it can use AWS Shield for DDoS protection making it effective against such attacks. While options B, D, and E might provide certain benefits in a broader security context, they are not specifically geared toward mitigating a large-scale DDoS attack.
Question #17 Topic 1

A solutions architect is designing a two-tier web application. The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets. The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet. Security is a high priority for the company. How should security groups be configured in this situation? (Choose two.)

  • A Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.
  • B Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0.
  • C Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.
  • D Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier.
  • E Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier.
Suggested Answer: AC
NOTE: Answer is :A, C
Explanation :Option A ensures that incoming traffic from the internet can reach the public-facing web tier, which is necessary for the operation of the application. Option C allows the web tier to communicate with the Microsoft SQL Server database running on Amazon EC2 in a private subnet, ensuring that the application has the data it needs to function.
Question #18 Topic 1

A hospital recently deployed a RESTful API with Amazon API Gateway and AWS Lambda. The hospital uses API Gateway and Lambda to upload reports that are in PDF format and JPEG format. The hospital needs to modify the Lambda code to identify protected health information (PHI) in the reports. Which solution will meet these requirements with the LEAST operational overhead?

  • A Use existing Python libraries to extract the text from the reports and to identify the PHI from the extracted text.
  • B Use Amazon Textract to extract the text from the reports. Use Amazon SageMaker to identify the PHI from the extracted text.
  • C Use Amazon Textract to extract the text from the reports. Use Amazon Comprehend Medical to identify the PHI from the extracted text.
  • D Use Amazon Rekognition to extract the text from the reports. Use Amazon Comprehend Medical to identify the PHI from the extracted text.
Suggested Answer: C
NOTE: Answer is :C
Explanation :Amazon Textract is designed for extracting text and data from scanned documents. Amazon Comprehend Medical is a Natural Language Processing (NLP) service that uses machine learning to extract information about medical conditions, medications and treatment outcomes from unstructured text, such as doctors' notes, clinical trial reports etc. So, using both services together will be able to efficiently extract the text from the reports and identify the PHI with the least operational overhead.
Question #19 Topic 1

A company wants to run applications in containers in the AWS Cloud. These applications are stateless and can tolerate disruptions within the underlying infrastructure. The company needs a solution that minimizes cost and operational overhead. What should a solutions architect do to meet these requirements?

  • A Use Spot Instances in an Amazon EC2 Auto Scaling group to run the application containers.
  • B Use Spot Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.
  • C Use On-Demand Instances in an Amazon EC2 Auto Scaling group to run the application containers.
  • D Use On-Demand Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.
Suggested Answer: B
NOTE: Answer is :B
Explanation :Using Spot Instances within an Amazon EKS managed node group would be the best solution for running stateless applications in containers within the AWS Cloud, as this will minimize cost and operational overhead. Spot Instances are a cost-effective choice for applications that can tolerate disruptions.
Question #20 Topic 1

A company has a data ingestion workflow that consists of the following: ? An Amazon Simple Notification Service (Amazon SNS) topic for notifications about new data deliveries ? An AWS Lambda function to process the data and record metadata The company observes that the ingestion workflow fails occasionally because of network connectivity issues. When such a failure occurs, the Lambda function does not ingest the corresponding data unless the company manually reruns the job. Which combination of actions should a solutions architect take to ensure that the Lambda function ingests all data in the future? (Choose two.)

  • A Deploy the Lambda function in multiple Availability Zones.
  • B Create an Amazon Simple Queue Service (Amazon SQS) queue, and subscribe it to the SNS topic.
  • C Increase the CPU and memory that are allocated to the Lambda function.
  • D Increase provisioned throughput for the Lambda function.
  • E Modify the Lambda function to read from an Amazon Simple Queue Service (Amazon SQS) queue.
Suggested Answer: BE
NOTE: Answer is :B and E
Explanation :Creating an Amazon Simple Queue Service (Amazon SQS) and subscribing it to the SNS topic, and modifying the Lambda function to read from an Amazon Simple Queue Service (Amazon SQS) queue can prevent data loss during network failures. Amazon SQS is a robust queue system which will hold the messages during any interruption and process the data when Lambda function is ready. This combintion ensures that every data is being processed and no data lose even in the case of network problems.
Previous Questions Next Questions