SAA-C03 Free Practice Test

- (Topic 2)
A company has an AWS account used for software engineering. The AWS account has access to the company's on-premises data center through a pair of AWS Direct Connect connections. All non-VPC traffic routes to the virtual private gateway.
A development team recently created an AWS Lambda function through the console. The development team needs to allow the function to access a database that runs in a private subnet in the company's data center.
Which solution will meet these requirements?

1. A. Configure the Lambda function to run in the VPC with the appropriate security group.
2. B. Set up a VPN connection from AWS to the data cente
3. C. Route the traffic from the Lambda function through the VPN.
4. D. Update the route tables in the VPC to allow the Lambda function to access the on- premises data center through Direct Connect.
5. E. Create an Elastic IP addres
6. F. Configure the Lambda function to send traffic through theElastic IP address without an elastic network interface.

Correct Answer: A
https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-managing-eni

- (Topic 1)
A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Use the EC2 serial console to directly access the terminal interface of each instance foradministration.
2. B. Attach the appropriate IAM role to each existing instance and new instanc
3. C. Use AWS Systems Manager Session Manager to establish a remote SSH session.
4. D. Create an administrative SSH key pai
5. E. Load the public key into each EC2 instanc
6. F. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.
7. G. Establish an AWS Site-to-Site VPN connectio
8. H. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.

Correct Answer: B
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-launch-managed-instance.html

- (Topic 4)
A solutions architect is designing an AWS Identity and Access Management (1AM) authorization model for a company's AWS account. The company has designated five specific employees to have full access to AWS services and resources in the AWS account.
The solutions architect has created an 1AM user for each of the five designated employees and has created an 1AM user group.
Which solution will meet these requirements?

1. A. Attach the AdministratorAccess resource-based policy to the 1AM user grou
2. B. Place each of the five designated employee IAM users in the 1AM user group.
3. C. Attach the SystemAdministrator identity-based policy to the IAM user grou
4. D. Place each of the five designated employee IAM users in the IAM user group.
5. E. Attach the AdministratorAccess identity-based policy to the IAM user grou
6. F. Place each of the five designated employee IAM users in the IAM user group.
7. G. Attach the SystemAdministrator resource-based policy to the IAM user grou
8. H. Place each of the five designated employee IAM users in the IAM user group.

Correct Answer: C
This solution meets the requirements because it uses the following components and features:
✑ AdministratorAccess identity-based policy: This is an AWS managed policy that
provides full access to AWS services and resources1. By attaching this policy to the IAM user group, the solutions architect can grant the permissions needed for the designated employees to perform any task in the AWS account.
✑ IAM user group: This is a collection of IAM users that share common
permissions2. By creating a user group and adding the five designated employees as members, the solutions architect can simplify the management of permissions and reduce the risk of human errors or inconsistencies.
✑ IAM users: These are identities that represent the designated employees in AWS2.
By creating an IAM user for each employee and requiring them to sign in with their own credentials, the solutions architect can enhance the security and accountability of the AWS account.

- (Topic 1)
A company's application integrates with multiple software-as-a-service (SaaS) sources for data collection. The company runs Amazon EC2 instances to receive the data and to upload the data to an Amazon S3 bucket for analysis. The same EC2 instance that receives and uploads the data also sends a notification to the user when an upload is complete. The company has noticed slow application performance and wants to improve the performance as much as possible.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Create an Auto Scaling group so that EC2 instances can scale ou
2. B. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
3. C. Create an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucke
4. D. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
5. E. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for each SaaS source to send output dat
6. F. Configure the S3 bucket as the rule's targe
7. G. Create a second EventBridge (CloudWatch Events) rule to send events when the upload to the S3 bucket is complet
8. H. Configure an Amazon Simple Notification Service (Amazon SNS) topic as the second rule's target.
9. I. Create a Docker container to use instead of an EC2 instanc
10. J. Host the containerized application on Amazon Elastic Container Service (Amazon ECS). Configure Amazon CloudWatch Container Insights to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

Correct Answer: B
Amazon AppFlow is a fully managed integration service that enables you to securely transfer data between Software-as-a-Service (SaaS) applications like Salesforce, SAP, Zendesk, Slack, and ServiceNow, and AWS services like Amazon S3 and Amazon Redshift, in just a few clicks. https://aws.amazon.com/appflow/

- (Topic 3)
A developer has an application that uses an AWS Lambda function to upload files to Amazon S3 and needs the required permissions to perform the task The developer already has an IAM user with valid IAM credentials required for Amazon S3
What should a solutions architect do to grant the permissions?

1. A. Add required IAM permissions in the resource policy of the Lambda function
2. B. Create a signed request using the existing IAM credentials n the Lambda function
3. C. Create a new IAM user and use the existing IAM credentials in the Lambda function.
4. D. Create an IAM execution role with the required permissions and attach the IAM rote to the Lambda function

Correct Answer: D
To grant the necessary permissions to an AWS Lambda function to upload files to Amazon S3, a solutions architect should create an IAM execution role with the required permissions and attach the IAM role to the Lambda function. This approach follows the principle of least privilege and ensures that the Lambda function can only access the resources it needs to perform its specific task.