SAA-C03 Free Practice Test

- (Exam Topic 1)
A company is launching a new application and will display application metrics on an Amazon CloudWatch dashboard. The company’s product manager needs to access this dashboard periodically. The product manager does not have an AWS account. A solution architect must provide access to the product manager by following the principle of least privilege.
Which solution will meet these requirements?

1. A. Share the dashboard from the CloudWatch consol
2. B. Enter the product manager’s email address, and complete the sharing step
3. C. Provide a shareable link for the dashboard to the product manager.
4. D. Create an IAM user specifically for the product manage
5. E. Attach the CloudWatch Read Only Access managed policy to the use
6. F. Share the new login credential with the product manage
7. G. Share the browser URL of the correct dashboard with the product manager.
8. H. Create an IAM user for the company’s employees, Attach the View Only Access AWS managed policy to the IAM use
9. I. Share the new login credentials with the product manage
10. J. Ask the product manager to navigate to the CloudWatch console and locate the dashboard by name in the Dashboards section.
11. K. Deploy a bastion server in a public subne
12. L. When the product manager requires access to the dashboard, start the server and share the RDP credential
13. M. On the bastion server, ensure that the browser is configured to open the dashboard URL with cached AWS credentials that have appropriate permissions to view the dashboard.

Correct Answer: B

- (Exam Topic 1)
A company has an application that generates a large number of files, each approximately 5 MB in size. The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be
deleted Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days
Which storage solution is MOST cost-effective?

1. A. Create an S3 bucket lifecycle policy to move Mm from S3 Standard to S3 Glacier 30 days from object creation Delete the Tiles 4 years after object creation
2. B. Create an S3 bucket lifecycle policy to move tiles from S3 Standard to S3 One Zone-infrequent Access (S3 One Zone-IA] 30 days from object creatio
3. C. Delete the fees 4 years after object creation
4. D. Create an S3 bucket lifecycle policy to move files from S3 Standard-infrequent Access (S3 Standard-lA) 30 from object creatio
5. E. Delete the ties 4 years after object creation
6. F. Create an S3 bucket Lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation Move the files to S3 Glacier 4 years after object carton.

Correct Answer: B
https://aws.amazon.com/s3/storage-classes/?trk=66264cd8-3b73-416c-9693-ea7cf4fe846a&sc_channel=ps&s_k

- (Exam Topic 3)
A company runs an internal browser-based application The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales up to 20 instances during work hours but scales down to 2 instances overnight Staff are complaining that the application is very slow when the day begins although it runs well by mid-morning.
How should the scaling be changed to address the staff complaints and keep costs to a minimum'?

1. A. Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens
2. B. Implement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period.
3. C. Implement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period.
4. D. Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens

Correct Answer: A

- (Exam Topic 3)
An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

1. A. Use a VPC endpoint for DynamoDB.
2. B. Use a NAT gateway in a public subnet.
3. C. Use a NAT instance in a private subnet.
4. D. Use the internet gateway attached to the VPC.

Correct Answer: A
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints-dynamodb.html
A VPC endpoint for DynamoDB enables Amazon EC2 instances in your VPC to use their private IP addresses to access DynamoDB with no exposure to the public internet. Your EC2 instances do not require public IP addresses, and you don't need an internet gateway, a NAT device, or a virtual private gateway in your VPC. You use endpoint policies to control access to DynamoDB. Traffic between your VPC and the AWS service does not leave the Amazon network.

- (Exam Topic 2)
A company has a mulli-tier application that runs six front-end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer (ALB). A solutions architect needs lo modify the infrastructure to be highly available without modifying the application.
Which architecture should the solutions architect choose that provides high availability?

1. A. Create an Auto Scaling group that uses three Instances across each of tv/o Regions.
2. B. Modify the Auto Scaling group to use three instances across each of two Availability Zones.
3. C. Create an Auto Scaling template that can be used to quickly create more instances in another Region.
4. D. Change the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier.

Correct Answer: B
High availability can be enabled for this architecture quite simply by modifying the existing Auto Scaling group to use multiple availability zones. The ASG will automatically balance the load so you don't actually need to specify the instances per AZ.