SAA-C03 Free Practice Test

- (Exam Topic 3)
A company is building a new dynamic ordering website. The company wants to minimize server maintenance and patching. The website must be highly available and must scale read and write capacity as quickly as possible to meet changes in user demand.
Which solution will meet these requirements?

1. A. Host static content in Amazon S3 Host dynamic content by using Amazon API Gateway and AWS Lambda Use Amazon DynamoDB with on-demand capacity for the database Configure Amazon CloudFront to deliver the website content
2. B. Host static content in Amazon S3 Host dynamic content by using Amazon API Gateway and AWS Lambda Use Amazon Aurora with Aurora Auto Scaling for the database Configure Amazon CloudFront to deliver the website content
3. C. Host al the website content on Amazon EC2 instances Create an Auto Scaling group to scale the EC2 Instances Use an Application Load Balancer to distribute traffic Use Amazon DynamoDB with provisioned write capacity for the database
4. D. Host at the website content on Amazon EC2 instances Create an Auto Scaling group to scale the EC2 instances Use an Application Load Balancer to distribute traffic Use Amazon Aurora with Aurora Auto Scaling for the database

Correct Answer: A

- (Exam Topic 1)
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs to share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses a customer managed customer master key (CMK) to encrypt EBS volume snapshots.
What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?

1. A. Make the encrypted AMI and snapshots publicly availabl
2. B. Modify the CMK's key policy to allow the MSP Partner's AWS account to use the key
3. C. Modify the launchPermission property of the AM
4. D. Share the AMI with the MSP Partner's AWS account onl
5. E. Modify the CMK's key policy to allow the MSP Partner's AWS account to use the key.
6. F. Modify the launchPermission property of the AMI Share the AMI with the MSP Partner's AWS account onl
7. G. Modify the CMK's key policy to trust a new CMK that is owned by the MSP Partner for encryption.
8. H. Export the AMI from the source account to an Amazon S3 bucket in the MSP Partner's AWS account.Encrypt the S3 bucket with a CMK that is owned by the MSP Partner Copy and launch the AMI in the MSP Partner's AWS account.

Correct Answer: B
Share the existing KMS key with the MSP external account because it has already been used to encrypt the AMI snapshot.
https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html

- (Exam Topic 2)
A gaming company hosts a browser-based application on AWS. The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users.
The application has increased in popularity, and millions of users worldwide are accessing these media files. The company wants to provide the files to the users while reducing the load on the origin.
Which solution meets these requirements MOST cost-effectively?

1. A. Deploy an AWS Global Accelerator accelerator in front of the web servers.
2. B. Deploy an Amazon CloudFront web distribution in front of the S3 bucket.
3. C. Deploy an Amazon ElastiCache for Redis instance in front of the web servers.
4. D. Deploy an Amazon ElastiCache for Memcached instance in front of the web servers.

Correct Answer: B

- (Exam Topic 1)
A solutions architect is developing a multiple-subnet VPC architecture. The solution will consist of six subnets in two Availability Zones. The subnets are defined as public, private and dedicated for databases. Only the Amazon EC2 instances running in the private subnets should be able to access a database.
Which solution meets these requirements?

1. A. Create a now route table that excludes the route to the public subnets' CIDR block
2. B. Associate the route table to the database subnets.
3. C. Create a security group that denies ingress from the security group used by instances in the public subnet
4. D. Attach the security group to an Amazon RDS DB instance.
5. E. Create a security group that allows ingress from the security group used by instances in the private subnet
6. F. Attach the security group to an Amazon RDS DB instance.
7. G. Create a new peering connection between the public subnets and the private subnet
8. H. Create a different peering connection between the private subnets and the database subnets.

Correct Answer: C
Security groups are stateful. All inbound traffic is blocked by default. If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again. You cannot block specific IP address using Security groups (instead use Network Access Control Lists).
"You can specify allow rules, but not deny rules." "When you first create a security group, it has no inbound rules. Therefore, no inbound traffic originating from another host to your instance is allowed until you add inbound rules to the security group." Source: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#VPCSecurityGroups

- (Exam Topic 2)
A company runs a production application on a fleet of Amazon EC2 instances. The application reads the data from an Amazon SQS queue and processes the messages in parallel. The message volume is unpredictable and often has intermittent traffic. This application should continually process messages without any downtime.
Which solution meets these requirements MOST cost-effectively?

1. A. Use Spot Instances exclusively to handle the maximum capacity required.
2. B. Use Reserved Instances exclusively to handle the maximum capacity required.
3. C. Use Reserved Instances for the baseline capacity and use Spot Instances to handle additional capacity.
4. D. Use Reserved Instances for the baseline capacity and use On-Demand Instances to handle additional capacity.

Correct Answer: D
We recommend that you use On-Demand Instances for applications with short-term, irregular workloads that cannot be interrupted.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html