Download AWS Certified Solutions Architect - Associate Credential (SAA-C03) Exam and more Exams Computer Science in PDF only on Docsity!
2025 Unlock Your Cloud Career: Achieving the
AWS Certified Solutions Architect - Associate
Credential (SAA-C03)
Here are the multiple-choice questions with rationales and the correct answers indicated: Question 1: You are hosting a MySQL database on the root volume of an EC2 instance. The database is using a large amount of IOPs and you need to increase the IOPs available to it. What should you do? A. Migrate the database to an S3 bucket. B. Migrate the database to Glacier. C. Add 4 additional EBS SSD volumes and create a RAID 10 using these volumes. D. Use Cloud Front to cache the database. Correct Answer: C. Add 4 additional EBS SSD volumes and create a RAID 10 using these volumes. Rationale:
- C. Add 4 additional EBS SSD volumes and create a RAID 10 using these volumes: RAID 10 (a stripe of mirrors) combines the performance benefits of striping (RAID
- with the redundancy of mirroring (RAID 1). By adding more SSD EBS volumes and configuring them in a RAID 10 array, you can significantly increase the total IOPS available to the database. The striped nature allows for parallel read and write operations across multiple volumes, boosting performance.
- A. Migrate the database to an S3 bucket: S3 is object storage and is not designed for hosting active, transactional databases that require high IOPs.
- B. Migrate the database to Glacier: Glacier is a low-cost archival storage service with high retrieval latencies, making it unsuitable for hosting a live, performance- sensitive database.
- D. Use Cloud Front to cache the database: CloudFront is a Content Delivery Network (CDN) designed for caching static and dynamic web content closer to
users. It is not a database caching solution and cannot increase the IOPs available to the underlying database storage. Question 2: You have been asked to create VPC for your company. The VPC must support both Internet-facing web applications (ie they need to be publicly accessible) and internal private applications (i.e. they are not publicly accessible and can be accessed only over VPN). The internal private applications must be inside a private subnet. Both the internet-facing and private applications must be able to leverage at least three Availability Zones for high availability. At a minimum, how many subnets must you create within your VPC to achieve this? A. 5 B. 3 C. 4 D. 6 - Correct Answer Rationale:
- D. 6: To achieve high availability across three Availability Zones (AZs) for both internet-facing and private applications, you need separate subnets for each type of application in each AZ: o Internet-facing (Public Subnets): At least one public subnet in each of the three AZs to host resources that need direct internet access (e.g., load balancers). This requires 3 public subnets. o Internal private (Private Subnets): At least one private subnet in each of the three AZs to host resources that should not be directly accessible from the internet and are accessed via VPN (e.g., application servers, databases). This requires 3 private subnets. o Therefore, a minimum of 3 public subnets + 3 private subnets = 6 subnets are necessary. Question 3: You work for a cosmetic company which has their production website on AWS. The site itself is in a two-tier configuration with web servers in the front end and database servers at the back end. The site uses using Elastic Load Balancing and Auto Scaling. The databases maintain consistency by replicating changes to each other as and when they occur. This requires the databases to have extremely low latency. Your website needs to be highly redundant and must be designed so that if one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining Availability
Rationale:
- B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it: Using IAM roles for EC instances is the most secure way to grant permissions to applications running on the instance to access AWS APIs. The credentials are provided to the instance by the EC2 metadata service and are automatically managed by AWS, eliminating the need to store or manage long-term access keys directly on the instance.
- A. Save the API credentials to your php files: Storing credentials directly in code files is highly insecure as they can be easily exposed if the code repository is compromised or if there are vulnerabilities in the application.
- C. Save your API credentials in a public Github repository: Saving credentials in a public repository is extremely insecure, as they would be accessible to anyone.
- D. Pass API credentials to the instance using instance userdata: Instance userdata is often stored in plain text and can be accessed by anyone with access to the instance metadata. This is not a secure way to handle sensitive credentials. Question 5: You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using Cloud Watch, however you notice that you cannot see the health of every important metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch metric for, when monitoring the health of your EC2 instances? A. CPU Usage B. Memory usage - Correct Answer C. Disk read operations D. Network in E. Estimated charges Correct Answer: B. Memory usage Rationale:
- B. Memory usage: By default, Amazon CloudWatch for EC2 provides hypervisor- level metrics such as CPU utilization, disk I/O (at the volume level), and network I/O. Operating system-level metrics like memory usage are not automatically collected. To monitor memory usage, you need to install the CloudWatch agent on the EC2 instances and configure it to collect this custom metric.
- A. CPU Usage: CPU utilization is a basic metric provided by CloudWatch for EC without requiring custom configuration.
- C. Disk read operations: Disk read operations (and write operations, bytes read/written) are basic metrics provided by CloudWatch for EBS volumes attached to EC2 instances.
- D. Network in: Network inbound traffic (and outbound traffic) is a basic metric provided by CloudWatch for EC2.
- E. Estimated charges: Estimated charges are not a performance or health metric for EC2 instances but rather a cost management metric available in the AWS Billing and Cost Management console. Question 6: You are a student currently learning about the different AWS services. Your employer asks you to tell him a bit about Amazon's glacier service. Which of the following best describes the use cases for Glacier? A. Infrequently accessed data & data archives - Correct Answer B. Hosting active databases C. Replicating Files across multiple availability zones and regions D. Frequently Accessed Data Correct Answer: A. Infrequently accessed data & data archives Rationale:
- A. Infrequently accessed data & data archives: Amazon Glacier (now Amazon S Glacier) is a low-cost storage service specifically designed for long-term data archival and backup of data that is not accessed frequently. Retrieval times can range from minutes to hours, reflecting its purpose for archival rather than active use.
- B. Hosting active databases: Active databases require low-latency read/write operations and are typically hosted on services like Amazon RDS or EC2 with EBS volumes. Glacier's retrieval times make it unsuitable for active database storage.
- C. Replicating Files across multiple availability zones and regions: While AWS offers services for replication (like S3 Cross-Region Replication), Glacier's primary focus is on archival storage, not active replication for availability.
- D. Frequently Accessed Data: Frequently accessed data should be stored on services with lower retrieval latencies and higher availability, such as Amazon S Standard.
- B. Configure Auto Scaling to terminate your newest instances first, then adjust your CloudWatch alarm: Similar to option A, the termination policy doesn't prevent rapid scaling.
- C. Change your Auto Scaling so that it only scales at scheduled times: Scheduled scaling is useful for predictable load changes but might not be responsive enough for unexpected fluctuations in traffic, especially during peak seasons. The goal is to make the scaling more stable and less reactive to short spikes, not to eliminate dynamic scaling entirely. You work in the genomics industry and you process large amounts of genomic data using a nightly Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking longer than anticipated and you have been asked to advise how to reduced the completion time? A. Use four Spot Instances for the task nodes rather than four On-Demand instances. B. You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once. C. Store the file on Elastic File Service instead of S3 and then mount EFS as an independent volume for your core nodes. D. Configure an independent VPC in which to run the EMR jobs and then mount EFS as an independent volume for your core nodes. E. Enable termination protection for th - - correct ans- - B. You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once. By definition a public subnet within a VPC is one that; A. In it's routing table it has at least one route that uses an Internet Gateway (IGW). B. Has at least one route in it's routing table that routes via a Network Address Translation (NAT) instance. C. Where the the Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0.
D. Has had the public subnet check box ticked when setting up this subnet in the VPC console. - - correct ans- - A. In it's routing table it has at least one route that uses an Internet Gateway (IGW). You have been asked to identify a service on AWS that is a durable key value store. Which of the services below meets this definition? A. Mobile Hub B. Kinesis C. Simple Storage Service (S3) D. Elastic File Service (EFS) - - correct ans- - C. Simple Storage Service (S3) You are a security architect working for a large antivirus company. The production environment has recently been moved to AWS and is in a public subnet. You are able to view the production environment over HTTP however when your customers try to update their virus definition files over a custom port, that port is blocked. You log in to the console and you allow traffic in over the custom port. How long will this take to take effect? A. Straight away but to the new instances only. B. Immediately. C. After a few minutes this should take effect. D. Straight away to the new instances, but old instances must be stopped and restarted before the new rules apply. - - correct ans- - B. Immediately. You are a solutions architect working for a biotech company who is pioneering research in immunotherapy. They have developed a new cancer treatment that may be able to cure up to 94% of cancers. They store their research data on S3, however recently an intern accidentally deleted some critical files. You've been asked to prevent this from happening in the future. What options below can prevent this? A. Make sure the interns can only access data on S3 using signed URLs.
and dev so as to not accidentally break the production environment. You launch an exact replica of your production environment using a CloudFormation template that your company uses in production. However CloudFormation fails. You use the exact same CloudFormation template in production, so the failure is something to do with your new AWS account. The CloudFormation template is trying to launch 60 new EC instances in a single AZ. After some research you discover that the problem is; A. For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased. B. For all new AWS accounts there is a soft limit of 20 EC2 instances per availability zone - - correct ans- - A. For all new AWS accounts there is a soft limit of 20 EC instances per region. You should submit the limit increase form and retry the template after your limit has been increased. You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400 servers will remain on premise within their own datacenter however they will need to be able to communicate to the AWS environment over a site to site VPN connection. What do you need to do to establish the VPN connection? A. Connect to the environment using AWS Direct Connect. B. Assign a public IP address to your Amazon VPC Gateway. C. Create a dedicated NAT and deploy this to the public subnet. D. Update your route table to add a route for the NAT to 0.0.0.0/0. - - correct ans- - B. Assign a public IP address to your Amazon VPC Gateway. You work for a major news network in Europe. They have just released a new app which allows users to report on events as and when they happen using their mobile phone. Users are able to upload pictures from the app and then other users will be able to view these pics. Your organization expects this app to grow very quickly, essentially doubling it's user base every month. The app uses S3 to store the media and you are expecting sudden and large increases in traffic to S3 when a major news event takes place (as people will be uploading content in huge numbers). You need to keep your storage costs to a minimum however and it does not matter if some objects are lost. Which storage media should you use to keep costs as low as possible?
A. S3 - Infrequently Accessed Storage. B. S3 - Reduced Redundancy Storage (RRS). C. Glacier. D. S3 - Provisioned IOPS. - - correct ans- - B. S3 - Reduced Redundancy Storage (RRS). You have developed a new web application in us-west-2 that requires six Amazon Elastic Compute Cloud (EC2) instances running at all times. You have three availability zones available in that region (us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance if any single Availability Zone in us-west-2 becomes unavailable. How would you do this, each answer has 2 answers, select the answer with BOTH correct answers. A. Answer 1 - Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances. Answer 2 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Answer 2 - Us-west-2a with three EC instances, us-west-2b with three EC2 instances, and us-west-2c with three EC instances. C. - - correct ans- - B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. You need to add a route to your routing table in order to allow connections to the internet from your subnet. What route should you add? A. Destination: 192.168.1.258/0 --> Target: your Internet gateway B. Destination: 0.0.0.0/33 --> Target: your virtual private gateway C. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/ D. Destination: 10.0.0.0/32 --> Target: your virtual private gateway
Measure of how fast we can read and write to a device (i.e. fast sports car) - - correct ans- - IOPS Measure of how much data can be moved at a time (i.e. Dump truck). - - correct ans- - Throughput What does the Consistency Model ACID stand for? - - correct ans- - Atomic, Consistent, Isolated, Durable What does the Consistency Model BASE stand for? - - correct ans- - Basically available, soft state, eventually consistent Once you initiate a Glacier Vault lock, you have ____ hrs to _________ the vault lock or ______ the lock. - - correct ans- - 24, complete, abort What are some use cases for Instance Stores? - - correct ans- - caches, buffers, work areas Why might you use an instance store volume over an EBS volume? - - correct ans- - Instance store may provide better performance because it is directly attached vs EBS volume access resides over the network. Each subsequent EBS Snapshot is ____________. Meaning it only records the changes you've made since the previous snapshot which saves storage space. - - correct ans- - incremental. An EFS can be mounted from on-premise ONLY if using ________ __________. - - correct ans- - Direct Connect What is the alternative to using a direct connect to mount on premise to EFS? - - correct ans- - EFS File Sync Agent
What are the 4 types of Storage Gateway and describe each? - - correct ans- - File Gateway - store objects in S3 via NFS/SMB Volume Gateway Stored Mode - Async replication to S Volume Gateway Cached mode - Primary data stored in S3, frequently accessed data cached on-prem Tape Gateway - use with existing backup software A secure, fully managed file collaboration service that can integrate with AD for SSO. It contains web, mobile, and native clients and is HIPAA, PCI, DSS, and ISO compliant. - - correct ans- - Amazon WorkDocs Read Replicas support ___________ synchronization, which means data may be lagging behind slightly on some of your read nodes. - - correct ans- - Asynchronous Multi-AZ supports __________ synchronization, which means data will be up-to-date with your master node. - - correct ans- - Synchronous True/False: In the catastrophic event of a region failure, you can promote a Read Replica to a standalone DB and then enable Multi-AZ from there. - - correct ans- - True DynamoDB feature which allows you to maintain ACID compliance to make coordinate all-or-nothing changes to multiple items both within and across tables. - - correct ans- - DynamoDB Transactions (DynamoDB) When you want a fast query of attributes outside the primary key (without having to do table scan), what index type would you use? - - correct ans- - GSI (Global Secondary Index) (DynamoDB) When you already know the partition key and want to quickly query on some other attribute, what index type would you use? - - correct ans- - LSI (Local Secondary Index)
What data store would you use if your relationships between your data objects is a major portion of your data's value? - - correct ans- - Neptune What data store would you use if you require fast temporary stores for data which may be highly volatile? - - correct ans- - Elasticache Name same features of Memcached - - correct ans- --Simplicity
- Object caching
- Scale out as demand changes (horizontal scaling)
- Run multiple CPU cores and threads Name some features of Redis - - correct ans- --Advanced data types (lists, hashes, sets)
- HIPAA Compliance
- Clustering
- HA True/False: You must initialize the storage blocks on volumes that were restored from SNAPSHOTS before you can access the block. - - correct ans- - True True/False: You must initialize the storage blocks on newly created EBS volumes. - - correct ans- - False (newly created EBS volumes receive their max performance upon creation) For EBS volumes, you are charged for ____________ storage. For EBS snapshots, you are charged only for ___________ storage. - - correct ans- - Provisioned, consumed Because of the way that EC2 virtualizes disks, the ____ write operation to any location on an instance store volume performs more _______ than subsequent writes. - - correct ans- - first, slowly
True/False: Snowball might not be the ideal solution if your data can be transferred over the internet in less than one week. - - correct ans- - True SaaS model in which the storage of tenant data is fully isolated from any other tenant data. - - correct ans- - Silo Model SaaS model in which all of the tenant's data is moved into a single database, while allowing some degree of variation and separation for each tenant. - - correct ans- - Bridge Model SaaS model in which tenants share all of the systems storage constructs. - - correct ans- - Pool Model Which caching engine currently supports encryption at rest (3.2.6 and 4.0.10 and later) -
- correct ans- - Redis Glacier ________ ________ is an immutable way to set policies on Glacier vaults. - - correct ans- - Vault Lock Which caching engine is multi-threaded, meaning it makes good use of larger Amazon EC2 instance sizes with multiple cores? - - correct ans- - Memcached Describes the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan's maximum allowable threshold or "tolerance." - - correct ans- - Recovery Point Objective (RPO) The duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity. - - correct ans- - Recovery Time Objective (RTO)
Layer 4 protocol which is used by network devices to exchange information. - - correct ans- - ICMP Short-lived, transport protocol ports used in IP-communications. These ports live above the well-known IP ports and have NACL and Security Group limitations. These ports are required to allow the server to communicate back to the client. - - correct ans- - Ephemeral Ports IPsec VPN connection over your existing internet. Quick and usually simple way to establish a secure tunneled connection to a VPC. - - correct ans- - AWS Managed VPN Dedicated network connection over private links straight into AWS. Useful for customers that require a "big pipe" into AWS. - - correct ans- - AWS Direct Connect IPsec VPN connection over private lines. Useful for customers who want added security of having an encrypted tunnel over direct connect. - - correct ans- - AWS Direct Connect
- VPN Connect locations in a hub and spoke manner using AWS's virtual Private Gateway Useful for linking remote offices for backup or primary WAN access to AWS resources and each other. - - correct ans- - AWS VPN Cloud Hub VPN connection in which you provide your own VPN endpoint and software. You must manage both ends of the VPN connection for compliance reasons or your VPN software is not supported by AWS. - - correct ans- - Software VPN Common strategy for connecting geographically disperse VPC's and locations in order to create a global network transit center. - - correct ans- - Transit VPC. AWS-provided network connectivity between VPCs and/or AWS services using interface endpoints. Allows you to keep your private subnets truly private utilizing the AWS backbone to reach other services rather than through the internet. - - correct ans- - AWS Private Link
Elastic network interface (ENI) with a private IP which uses DNS entries to redirect traffic. - - correct ans- - Interface Endpoint Gateway that is a target for a specific route which uses prefix lists in a route table to redirect traffic. - - correct ans- - Gateway Endpoint What are the only two AWS services you can connect to with a Gateway Endpoint? - - correct ans- - S DynamoDB Popular routing protocol for the internet which propagates information about the network to allow for dynamic routing. Allows the assignment of weights with the higher weight being the preferred path. - - correct ans- - Border Gateway Protocol (BGP) Horizontally scaled, redundant and highly available component that allows communication between a VPC and the internet. - - correct ans- - Internet Gateway Provides outbound internet access for IPV6 addressed instances and prevents inbound access to those IPV6 instances. - - correct ans- - Egress Only IGW EC2 instance from a special AWS Linux AMI that translates traffic from many private IP instances to a single public IP and back. - - correct ans- - NAT Instance Fully managed NAT service that replaces the need for NAT instance on EC2. - - correct ans- - NAT Gateway What is a Pro of Clustered Placement Groups? - - correct ans- - Get most out of enhanced networking instances
