SAA-C03 Free Practice Test

- (Exam Topic 1)
A company uses AWS Organizations to manage multiple AWS accounts for different departments. The management account has an Amazon S3 bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations.
Which solution meets these requirements with the LEAST amount of operational overhead?

1. A. Add the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy.
2. B. Create an organizational unit (OU) for each departmen
3. C. Add the aws:PrincipalOrgPaths global condition key to the S3 bucket policy.
4. D. Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization event
5. E. Update the S3 bucket policy accordingly.
6. F. Tag each user that needs access to the S3 bucke
7. G. Add the aws:PrincipalTag global condition key to the S3 bucket policy.

Correct Answer: A
https://aws.amazon.com/blogs/security/control-access-to-aws-resources-by-using-the-aws-organization-of-iam-p The aws:PrincipalOrgID global key provides an alternative to listing all the account IDs for all AWS accounts in an organization. For example, the following Amazon S3 bucket policy allows members of any account in the XXX organization to add an object into the examtopics bucket.
{"Version": "2020-09-10",
"Statement": {
"Sid": "AllowPutObject", "Effect": "Allow",
"Principal": "*", "Action": "s3:PutObject",
"Resource": "arn:aws:s3:::examtopics/*", "Condition": {"StringEquals":
{"aws:PrincipalOrgID":["XXX"]}}}} https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html

- (Exam Topic 3)
A development team has launched a new application that is hosted on Amazon EC2 instances inside a development VPC. A solution architect needs to create a new VPC in the same account. The new VPC will be peered with the development VPC. The VPC CIDR block for the development VPC is 192. 168. 00/24. The solutions architect needs to create a CIDR block for the new VPC. The CIDR block must be valid for a VPC peering connection to the development VPC.
What is the SMALLEST CIOR block that meets these requirements?

1. A. 10.0.1.0/32
2. B. 192.168.0.0/24
3. C. 192.168.1.0/32
4. D. 10.0.1.0/24

Correct Answer: A

- (Exam Topic 3)
A company wants to use Amazon S3 for the secondary copy of its on-premises dataset. The company would rarely need to access this copy. The storage solution’s cost should be minimal.
Which storage solution meets these requirements?

1. A. S3 Standard
2. B. S3 Intelligent-Tiering
3. C. S3 Standard-Infrequent Access (S3 Standard-IA)
4. D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Correct Answer: C

- (Exam Topic 3)
A company stores its data objects in Amazon S3 Standard storage. A solutions architect has found that 75% of the data is rarely accessed after 30 days. The company needs all the data to remain immediately accessible with the same high availability and resiliency, but the company wants to minimize storage costs.
Which storage solution will meet these requirements?

1. A. Move the data objects to S3 Glacier Deep Archive after 30 days.
2. B. Move the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
3. C. Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
4. D. Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately.

Correct Answer: B

- (Exam Topic 3)
A company sells datasets to customers who do research in artificial intelligence and machine learning (Al/ML) The datasets are large, formatted files that are stored in an Amazon S3 bucket in the us-east-1 Region The company hosts a web application that the customers use to purchase access to a given dataset The web application is deployed on multiple Amazon EC2 instances behind an Application Load Balancer After a purchase is made customers receive an S3 signed URL that allows access to the files.
The customers are distributed across North America and Europe The company wants to reduce the cost that is associated with data transfers and wants to maintain or improve performance.
What should a solutions architect do to meet these requirements?

1. A. Configure S3 Transfer Acceleration on the existing S3 bucket Direct customer requests to the S3 Transfer Acceleration endpoint Continue to use S3 signed URLs for access control
2. B. Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin Direct customer requests to the CloudFront URL Switch to CloudFront signed URLs for access control
3. C. Set up a second S3 bucket in the eu-central-1 Region with S3 Cross-Region Replication between the buckets Direct customer requests to the closest Region Continue to use S3 signed URLs for accesscontrol
4. D. Modify the web application to enable streaming of the datasets to end user
5. E. Configure the web application to read the data from the existing S3 bucket Implement access control directly in the application

Correct Answer: B
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html