Free SAA-C03 Exam Braindumps

- (Exam Topic 3)
A company has hired an external vendor to perform work in the company’s AWS account. The vendor uses an automated tool that is hosted in an AWS account that the vendor owns. The vendor does not have IAM access to the company’s AWS account.
How should a solutions architect grant this access to the vendor?

1. A. Create an IAM role in the company’s account to delegate access to the vendor’s IAM rol
2. B. Attach the appropriate IAM policies to the role for the permissions that the vendor requires.
3. C. Create an IAM user in the company’s account with a password that meets the password complexity requirement
4. D. Attach the appropriate IAM policies to the user for the permissions that the vendor requires.
5. E. Create an IAM group in the company’s accoun
6. F. Add the tool’s IAM user from the vendor account to the grou
7. G. Attach the appropriate IAM policies to the group for the permissions that the vendor requires.
8. H. Create a new identity provider by choosing “AWS account” as the provider type in the IAM console.Supply the vendor’s AWS account ID and user nam
9. I. Attach the appropriate IAM policies to the new provider for the permissions that the vendor requires.

Correct Answer: A
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html

- (Exam Topic 3)
A company has a popular gaming platform running on AWS. The application is sensitive to latency because latency can impact the user experience and introduce unfair advantages to some players. The application is deployed in every AWS Region. It runs on Amazon EC2 instances that are part of Auto Scaling groups configured behind Application Load Balancers (ALBs). A solutions architect needs to implement a mechanism to monitor the health of the application and redirect traffic to healthy endpoints.
Which solution meets these requirements?

1. A. Configure an accelerator in AWS Global Accelerato
2. B. Add a listener for the port that the application listens on, and attach it to a Regional endpoint in each Regio
3. C. Add the ALB as the endpoint.
4. D. Create an Amazon CloudFront distribution and specify the ALB as the origin serve
5. E. Configure the cache behavior to use origin cache header
6. F. Use AWS Lambda functions to optimize the traffic.
7. G. Create an Amazon CloudFront distribution and specify Amazon S3 as the origin serve
8. H. Configure the cache behavior to use origin cache header
9. I. Use AWS Lambda functions to optimize the traffic.
10. J. Configure an Amazon DynamoDB database to serve as the data store for the applicatio
11. K. Create a DynamoDB Accelerator (DAX) cluster to act as the in-memory cache for DynamoDB hosting the application data.

Correct Answer: A
AWS Global Accelerator directs traffic to the optimal healthy endpoint based on health checks, it can also route traffic to the closest healthy endpoint based on geographic location of the client. By configuring an accelerator and attaching it to a Regional endpoint in each Region, and adding the ALB as the endpoint, the solution will redirect traffic to healthy endpoints, improving the user experience by reducing latency and ensuring that the application is running optimally. This solution will ensure that traffic is directed to the closest healthy endpoint and will help to improve the overall user experience.

- (Exam Topic 1)
A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database funning on Amazon EC2. The company wants this application to be highly available with tow operational complexity
Which architecture otters the HGHEST availability?

1. A. Add a second ActiveMQ server to another Availably Zone Add an additional consumer EC2 instance in another Availability Zon
2. B. Replicate the MySQL database to another Availability Zone.
3. C. Use Amazon MO with active/standby brokers configured across two Availability Zones Add an additional consumer EC2 instance in another Availability Zon
4. D. Replicate the MySQL database to another Availability Zone.
5. E. Use Amazon MO with active/standby blotters configured across two Availability Zone
6. F. Add an additional consumer EC2 instance in another Availability Zon
7. G. Use Amazon ROS tor MySQL with Multi-AZ enabled.
8. H. Use Amazon MQ with active/standby brokers configured across two Availability Zones Add an Auto Scaling group for the consumer EC2 instances across two Availability Zone
9. I. Use Amazon RDS for MySQL with Multi-AZ enabled.

Correct Answer: D

- (Exam Topic 3)
A company is designing a cloud communications platform that is driven by APIs. The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB). The company uses Amazon API Gateway to provide external users with access to the application through APIs. The company wants to protect the platform against web exploits like SQL injection and also wants to detect and mitigate large, sophisticated DDoS attacks.
Which combination of solutions provides the MOST protection? (Select TWO.)

1. A. Use AWS WAF to protect the NLB.
2. B. Use AWS Shield Advanced with the NLB.
3. C. Use AWS WAF to protect Amazon API Gateway.
4. D. Use Amazon GuardDuty with AWS Shield Standard.
5. E. Use AWS Shield Standard with Amazon API Gateway.

Correct Answer: BC
AWS Shield Advanced provides expanded DDoS attack protection for your Amazon EC2 instances, Elastic Load Balancing load balancers, CloudFront distributions, Route 53 hosted zones, and AWS Global Accelerator standard accelerators.
AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to your protected web application resources. You can protect the following resource types:
Amazon CloudFront distribution Amazon API Gateway REST API Application Load Balancer
AWS AppSync GraphQL API Amazon Cognito user pool
https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html

- (Exam Topic 3)
A company has a three-tier environment on AWS that ingests sensor data from its users' devices The traffic flows through a Network Load Balancer (NIB) then to Amazon EC2 instances for the web tier and finally to EC2 instances for the application tier that makes database calls
What should a solutions architect do to improve the security of data in transit to the web tier?

1. A. Configure a TLS listener and add the server certificate on the NLB
2. B. Configure AWS Shield Advanced and enable AWS WAF on the NLB
3. C. Change the load balancer to an Application Load Balancer and attach AWS WAF to it
4. D. Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances using AWS Key Management Service (AWS KMS)

Correct Answer: A