Mastering the AWS Solutions Architect Associate (SAA-C03)

A company is storing sensitive documents in an S3 bucket and needs to ensure that the objects cannot be deleted or overwritten by any user, including the root user, for a specified retention period. Which S3 feature should be used?

What is the primary purpose of an EC2 instance profile?

A data analytics application processes large files (50-100 GB) sequentially. The workload requires high, consistent throughput. Which EBS volume type is the most cost-effective and suitable for this use case?

To enhance security, an organization wants to automatically discover, classify, and protect sensitive data like personally identifiable information (PII) stored in their Amazon S3 buckets. Which service uses machine learning for this purpose?

A company is deploying a critical application and must ensure that it can withstand the failure of an entire AWS Availability Zone. Which is the minimum architecture required to achieve this?

What is the primary function of an IAM Role?

A company wants to migrate their on-premises file server to a fully managed, cloud-native file system on AWS that is accessible from their Windows servers via the SMB protocol and integrated with their existing Microsoft Active Directory. Which service should they use?

A company is designing a new cloud-native application using microservices running in Docker containers. They want to use a managed container orchestration service but do not want to manage the underlying EC2 instances for the control plane or the worker nodes. Which combination of services should they use?

Which of the following services can be used to protect a web application running on an Application Load Balancer from common web exploits like SQL injection and cross-site scripting (XSS)?

An application running on an EC2 instance must securely access a database password stored in AWS Secrets Manager. What is the recommended approach to grant this access?

A company wants to store long-term archival data that is rarely accessed but must be retained for 7 years for compliance. Retrieval times of up to 12 hours are acceptable. Which Amazon S3 storage class offers the lowest storage cost for this scenario?

To improve the performance of a global web application, a company wants to cache static content like images and CSS files closer to its users. Which service is designed for this purpose?

An EC2 Auto Scaling group is configured with a desired capacity of 3, a minimum of 2, and a maximum of 6. A target tracking scaling policy is set to maintain an average CPU utilization of 50%. If the average CPU utilization across the 3 instances spikes to 75%, what will Auto Scaling do?

Which EC2 pricing model offers the most significant long-term discount in exchange for a 1- or 3-year commitment to a consistent amount of compute usage (measured in $/hour)?

A solutions architect needs to design a cost-effective storage solution for S3 objects that are accessed frequently for the first 30 days, then infrequently for the next 90 days, and finally archived. The access patterns are predictable. What is the most automated and cost-effective way to manage this data lifecycle?

What is the purpose of a VPC endpoint?

A company wants to monitor their AWS costs and receive an alert when their monthly spending is forecasted to exceed a specific budget. Which tool should they use?

A company wants to improve the availability and performance of its TCP-based global application by directing user traffic through the AWS global network. The solution should provide static IP addresses that act as a fixed entry point for the application. Which service is best suited for this?

A solutions architect is creating a custom VPC. After creating the VPC and a public subnet, they launch an EC2 instance into the subnet. However, the instance cannot reach the internet. What is a likely missing component?

An application needs to publish messages to a large number of diverse subscribers, including SQS queues, Lambda functions, and HTTP endpoints, using a single action. Which service is best suited for this fan-out messaging pattern?

A global application serves users in both Europe and North America. To provide the best performance, a solutions architect needs to route users to the AWS Region that provides the lowest network latency. Which Route 53 routing policy should be used?

An Amazon Aurora DB cluster is configured with a primary instance and two Aurora Replicas. What is the purpose of the reader endpoint?

What is the primary benefit of deploying an application behind an Application Load Balancer (ALB) across multiple Availability Zones?

An application requires a database that provides single-digit millisecond latency for reads and writes at any scale. The data model is key-value. Which database service is the best choice?

An organization needs a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect their AWS accounts, workloads, and data stored in Amazon S3. Which service should they enable?

A solutions architect is designing a system that requires decoupling of a monolithic application into smaller services. One service produces messages that need to be consumed by another service. The messages must be persisted for up to 7 days if the consumer service is down and must guarantee at-least-once delivery. Which service should be used?

A company needs to establish a dedicated, private, high-speed network connection between their on-premises data center and their AWS VPC. The connection must provide consistent bandwidth and lower latency than a standard internet-based VPN. Which AWS service should they use?

A financial services company needs to process a large batch job daily that can be interrupted. The primary goal is to minimize compute costs. The job can run at any time during a 24-hour window and takes approximately 3 hours to complete. Which EC2 purchasing option is the most cost-effective for this scenario?

An application writes data to a DynamoDB table. For auditing purposes, every change to the items in the table must be captured in near real-time and sent to a data processing pipeline. Which DynamoDB feature enables this?

A solutions architect is designing a stateless web application. Where is the most appropriate place to store user session state to ensure scalability and high availability?

An application requires a shared, scalable file storage solution for a fleet of Linux EC2 instances running in multiple Availability Zones. The file system must support the NFS protocol and automatically grow as data is added. Which storage service is the most appropriate choice?

A company needs to implement a backup strategy for their EBS volumes. The backups should be automated, and older backups should be automatically deleted to save costs. Which combination of services provides the most automated solution?

A company wants to consolidate billing and management for its multiple AWS accounts. It also needs to apply security policies centrally to all accounts. Which service should be used to achieve this?

A company wants to provide its developers with a fully managed source control service to host private Git repositories. The service should integrate natively with other AWS services like CodePipeline and CodeBuild. Which service meets these requirements?

A web application experiences high read traffic to its relational database, causing performance degradation. The application’s data can tolerate slightly stale reads (a few seconds of replication lag). What is the most effective way to improve database performance for this workload?

A serverless application uses an AWS Lambda function to process images uploaded to an S3 bucket. What is the most secure way to grant the Lambda function permission to read objects from the S3 bucket?

What is the primary use case for AWS Storage Gateway’s File Gateway?

A company wants to use a managed Chef and Puppet configuration management service to automate the configuration of its EC2 instances. Which AWS service provides this capability?

A solutions architect needs to improve the read performance of a global DynamoDB table for users in Asia, while the primary table is in North America. What feature should be implemented?

A company has a stateful application that requires a user’s session to be handled by the same EC2 instance for the duration of the session. The instances are in a target group behind an Application Load Balancer. What feature should be enabled?

A company needs to provide federated access to its AWS Management Console for its employees who are managed in an on-premises Active Directory. The company uses SAML 2.0. What is the process for enabling this?

Which pillar of the AWS Well-Architected Framework focuses on the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues?

Which of the following is an example of the ‘Security *of* the Cloud’ under the AWS Shared Responsibility Model?

A new security policy requires that all data stored in a specific S3 bucket must be encrypted at rest. What is the simplest way to enforce this policy for all future objects uploaded to the bucket?

An organization needs to ensure that developers cannot launch EC2 instances larger than the `t3.large` type. An administrator has already attached a policy to the developers’ IAM group allowing all EC2 actions (`ec2:*`). What is the most effective way to enforce this new size restriction without altering the existing permissions policy?

A company needs to analyze its VPC network traffic to identify potential security threats and troubleshoot connectivity issues. They require a log of all accepted and rejected IP traffic going to and from their EC2 instances. Which feature should be enabled?

A team is building a serverless API. They are using AWS Lambda for the business logic and need a service to act as the front door for the API, handling request routing, authorization, throttling, and caching. Which service should they use?

An application running on EC2 instances inside a private subnet needs to download software patches from the internet. The instances must not be directly accessible from the internet. How can the instances securely access the internet?

A company needs to audit all API calls made to their AWS account, including who made the call, from what IP address, and when. This information must be stored for several years. Which service should be used to record this information?

An organization is launching a new application on AWS and wants to automate the provisioning of the entire infrastructure stack, including VPC, subnets, EC2 instances, and security groups, using a declarative template. Which AWS service should be used?

An Application Load Balancer is configured with a listener rule that forwards requests with the path `/api/*` to one target group, and all other requests to a different target group. What type of routing is this?

A solutions architect needs to quickly deploy a web application written in Python. They want to focus on the code and not manage the underlying infrastructure such as EC2 instances, load balancers, or Auto Scaling groups. Which service provides the highest level of abstraction for this purpose?

Which of the following services is serverless? (Choose two)

A company hosts a static website in an Amazon S3 bucket. They want to use their own domain name (e.g., `www.example.com`) and provide HTTPS access to users globally with low latency. Which combination of AWS services should be used?

A solutions architect needs to design an architecture that can recover from a regional disaster. The business has defined a Recovery Time Objective (RTO) of 15 minutes and a Recovery Point Objective (RPO) of 1 hour. Which disaster recovery strategy BEST meets these requirements?

What is the most significant advantage of using an Amazon Aurora database over a standard Amazon RDS for MySQL database?

A developer needs programmatic access to AWS services from their local machine using the AWS CLI. What type of IAM credentials are required?

A company is deploying a multi-tier web application in a single AWS Region. The application requires a database that can automatically fail over to a standby instance in a different Availability Zone with minimal data loss. Which RDS configuration should be used to meet this requirement?

A company wants to migrate a 10 TB Oracle database to Amazon Aurora. The migration must occur with minimal downtime. The source database will remain online and in use during the migration process. Which AWS service is best suited for this task?

An application requires an in-memory data store for caching user session data to improve performance. The data does not need to be persistent, and the solution should be simple to manage and scale. Which service is the best fit?

Which design principle supports the idea of replacing a failing EC2 instance with a new one rather than attempting to repair the failing instance in place?

A company is using an Application Load Balancer to distribute traffic to a fleet of EC2 instances. How can they ensure that traffic is encrypted between the client’s browser and the load balancer?

Which of the following describes Amazon S3’s data consistency model for new objects?

What is the function of AWS CloudFormation stack policies?

When designing a VPC, what is the key difference between a security group and a network access control list (NACL)?

A company needs to analyze terabytes of data stored in Amazon S3 using standard SQL queries, without loading the data into a data warehouse. Which service allows for this type of ad-hoc, serverless querying of data directly in S3?

A company is using AWS Organizations to manage multiple AWS accounts. They need to enforce a rule that prevents any IAM user in any member account from disabling AWS CloudTrail. Which is the best tool to enforce this?