Amazon SAA-C03 Exam Practice Test Instant Access

Question 1

A company runs a critical public application on Amazon Elastic Kubernetes Service (Amazon EKS) clusters. The application has a microservices architecture. The company needs to implement a solution that collects, aggregates, and summarizes metrics and logs from the application in a centralized location.

Which solution will meet these requirements in the MOST operationally efficient way?

ARun the Amazon CloudWatch agent in the existing EKS cluster. Use a CloudWatch dashboard to view the metrics and logs.

BConfigure a data stream in Amazon Kinesis Data Streams. Use Amazon Kinesis Data Firehose to read events and to deliver the events to an Amazon S3 bucket. Use Amazon Athena to view the events.

CConfigure AWS CloudTrail to capture data events. Use Amazon OpenSearch Service to query CloudTrail.

DConfigure Amazon CloudWatch Container Insights in the existing EKS cluster. Use a CloudWatch dashboard to view the metrics and logs.

Answer : D

Amazon CloudWatch Container Insights is designed for monitoring containerized environments like EKS. It provides native support for collecting and visualizing metrics and logs in a centralized location through CloudWatch dashboards, offering the most operationally efficient solution.

Option A: Using the CloudWatch agent provides basic metrics but lacks the specific insights required for containerized applications.

Option B: Kinesis Data Streams and Firehose add unnecessary complexity for this use case.

Option C: CloudTrail is for auditing API activity and is not designed for application metrics and log aggregation.

AWS Documentation Reference:

Amazon CloudWatch Container Insights

Question 2

An ecommerce company runs an application that uses an Amazon DynamoDB table in a single AWS Region. The company wants to deploy the application to a second Region. The company needs to support multi-active replication with low latency reads and writes to the existing DynamoDB table in both Regions.

Which solution will meet these requirements in the MOST operationally efficient way?

ACreate a DynamoDB global secondary index (GSI) for the existing table. Create a new table in the second Region. Convert the existing DynamoDB table to a global table. Specify the new table as the secondary table.

BEnable Amazon DynamoDB Streams for the existing table. Create a new table in the second Region. Create a new application that uses the DynamoDB Streams Kinesis Adapter and the Amazon Kinesis Client Library (KCL). Configure the new application to read data from the DynamoDB table in the first Region and to write the data to the new table in the second Region.

CConvert the existing DynamoDB table to a global table. Choose the appropriate second Region to achieve active-active write capabilities in both Regions.

DEnable Amazon DynamoDB Streams for the existing table. Create a new table in the second Region. Create an AWS Lambda function in the first Region that reads data from the table in the first Region and writes the data to the new table in the second Region. Set a DynamoDB stream as the input trigger for the Lambda function.

Answer : C

Converting the existing DynamoDB table to a global table provides active-active replication and low-latency reads and writes in both Regions. DynamoDB global tables are specifically designed for multi-Region and multi-active use cases.

Option A: GSIs do not provide multi-Region replication or active-active capabilities.

Option B and D: Using DynamoDB Streams and custom replication is less operationally efficient than global tables and introduces additional complexity.

AWS Documentation Reference:

DynamoDB Global Tables

Question 3

A solutions architect is building an Amazon S3 data lake for a company. The company uses Amazon Kinesis Data Firehose to ingest customer personally identifiable information (PII) and transactional data in near real-time to an S3 bucket. The company needs to mask all PII data before storing the data in the data lake.

Which solution will meet these requirements?

ACreate an AWS Lambda function to detect and mask PII. Invoke the function from Kinesis Data Firehose.

BUse Amazon Macie to scan the S3 bucket. Configure Macie to detect and mask PII.

CEnable server-side encryption (SSE) on the S3 bucket.

DCreate an AWS Lambda function that integrates with AWS CloudHSM. Configure the function to detect and mask PII.

Answer : A

Using a Lambda function as part of the Kinesis Data Firehose pipeline allows for real-time detection and masking of PII before data is written to S3. This ensures that PII is never stored in its raw form in the data lake.

Option B: Amazon Macie can scan and classify data but does not provide in-line PII masking for data ingestion.

Option C: Server-side encryption secures data but does not mask PII.

Option D: CloudHSM is unnecessary for PII masking and adds complexity without addressing the requirements.

AWS Documentation Reference:

Using Lambda with Kinesis Data Firehose

Question 4

A solutions architect needs to optimize a large data analytics job that runs on an Amazon EMR cluster. The job takes 13 hours to finish. The cluster has multiple core nodes and worker nodes deployed on large, compute-optimized instances.

After reviewing EMR logs, the solutions architect discovers that several nodes are idle for more than 5 hours while the job is running. The solutions architect needs to optimize cluster performance.

Which solution will meet this requirement MOST cost-effectively?

AIncrease the number of core nodes to ensure there is enough processing power to handle the analytics job without any idle time.

BUse the EMR managed scaling feature to automatically resize the cluster based on workload.

CMigrate the analytics job to a set of AWS Lambda functions. Configure reserved concurrency for the functions.

DMigrate the analytics job core nodes to a memory-optimized instance type to reduce the total job runtime.

Answer : B

EMR managed scaling dynamically resizes the cluster by adding or removing nodes based on the workload. This feature helps minimize idle time and reduces costs by scaling the cluster to meet processing demands efficiently.

Option A: Increasing the number of core nodes might increase idle time further, as it does not address the root cause of underutilization.

Option C: Migrating the job to Lambda is infeasible for large analytics jobs due to resource and runtime constraints.

Option D: Changing to memory-optimized instances may not necessarily reduce idle time or optimize costs.

AWS Documentation Reference:

EMR Managed Scaling

Question 5

A company wants to run big data workloads on Amazon EMR. The workloads need to process terabytes of data in memory.

A solutions architect needs to identify the appropriate EMR cluster instance configuration for the workloads.

Which solution will meet these requirements?

AUse a storage optimized instance for the primary node. Use compute optimized instances for core nodes and task nodes.

BUse a memory optimized instance for the primary node. Use storage optimized instances for core nodes and task nodes.

CUse a general purpose instance for the primary node. Use memory optimized instances for core nodes and task nodes.

DUse general purpose instances for the primary, core, and task nodes.

Answer : C

Big data workloads that need to process terabytes of data in memory require memory-optimized instances for the core and task nodes to ensure sufficient memory for processing data efficiently.

Primary Node: A general purpose instance is suitable because it manages cluster operations, including coordination and monitoring, and does not process data directly.

Core and Task Nodes: These nodes handle data storage and processing. Memory-optimized instances are ideal because they provide high memory-to-CPU ratios, which is critical for in-memory big data workloads.

Why Other Options Are Incorrect:

Option A: Storage optimized and compute optimized instances are not suitable for workloads that rely heavily on in-memory processing.

Option B: A memory-optimized primary node is unnecessary because the primary node does not process data.

Option D: General purpose instances for all nodes will not provide sufficient memory for processing terabytes of data in memory.

AWS Documentation Reference:

Amazon EMR Instance Types

Memory-Optimized Instances

Question 6

A company is developing a public web application that needs to access multiple AWS services. The application will have hundreds of users who must log in to the application first before using the services.

The company needs to implement a secure and scalable method to grant the web application temporary access to the AWS resources.

Which solution will meet these requirements?

ACreate an IAM role for each AWS service that the application needs to access. Assign the roles directly to the instances that the web application runs on.

BCreate an IAM role that has the access permissions the web application requires. Configure the web application to use AWS Security Token Service (AWS STS) to assume the IAM role. Use STS tokens to access the required AWS services.

CUse AWS IAM Identity Center to create a user pool that includes the application users. Assign access credentials to the web application users. Use the credentials to access the required AWS services.

DCreate an IAM user that has programmatic access keys for the AWS services. Store the access keys in AWS Systems Manager Parameter Store. Retrieve the access keys from Parameter Store. Use the keys in the web application.

Answer : B

Option B is the correct solution because:

AWS Security Token Service (STS) allows the web application to request temporary security credentials that grant access to AWS resources. These temporary credentials are secure and short-lived, reducing the risk of misuse.

Using STS and IAM roles ensures scalability by enabling the application to dynamically assume roles with the required permissions for each AWS service.

Option A: Assigning IAM roles directly to instances is less flexible and would grant the same permissions to all applications on the instance, which is not ideal for a multi-service web application.

Option C: AWS IAM Identity Center is used for managing single sign-on (SSO) for workforce users and is not designed for granting programmatic access to web applications.

Option D: Storing long-term access keys, even in AWS Systems Manager Parameter Store, is less secure and does not scale well compared to temporary credentials from STS.

AWS Documentation Reference:

AWS Security Token Service (STS)

IAM Roles for Temporary Credentials

Question 7

A company is designing a new Amazon Elastic Kubernetes Service (Amazon EKS) deployment to host multi-tenant applications that use a single cluster. The company wants to ensure that each pod has its own hosted environment. The environments must not share CPU, memory, storage, or elastic network interfaces.

Which solution will meet these requirements?

AUse Amazon EC2 instances to host self-managed Kubernetes clusters. Use taints and tolerations to enforce isolation boundaries.

BUse Amazon EKS with AWS Fargate. Use Fargate to manage resources and to enforce isolation boundaries.

CUse Amazon EKS and self-managed node groups. Use taints and tolerations to enforce isolation boundaries.

DUse Amazon EKS and managed node groups. Use taints and tolerations to enforce isolation boundaries.

Answer : B

AWS Fargate provides per-pod isolation for CPU, memory, storage, and networking, making it ideal for multi-tenant use cases.

AWS Documentation Reference:

EKS with Fargate

Amazon SAA-C03 AWS Certified Solutions Architect - Associate Exam Practice Test