SAA-C03 Free Practice Test

- (Topic 4)
A company is using AWS Key Management Service (AWS KMS) keys to encrypt AWS Lambda environment variables. A solutions architect needs to ensure that the required permissions are in place to decrypt and use the environment variables.
Which steps must the solutions architect take to implement the correct permissions? (Choose two.)

1. A. Add AWS KMS permissions in the Lambda resource policy.
2. B. Add AWS KMS permissions in the Lambda execution role.
3. C. Add AWS KMS permissions in the Lambda function policy.
4. D. Allow the Lambda execution role in the AWS KMS key policy.
5. E. Allow the Lambda resource policy in the AWS KMS key policy.

Correct Answer: BD
B and D are the correct answers because they ensure that the Lambda execution role has the permissions to decrypt and use the environment variables, and that the AWS KMS key policy allows the Lambda execution role to use the key. The Lambda execution role is an IAM role that grants the Lambda function permission to access AWS resources, such as AWS KMS. The AWS KMS key policy is a resource-based policy that controls access to the key. By adding AWS KMS permissions in the Lambda execution role and allowing the Lambda execution role in the AWS KMS key policy, the solutions architect can implement the correct permissions for encrypting and decrypting environment variables. References:
✑ AWS Lambda Execution Role
✑ Using AWS KMS keys in AWS Lambda

- (Topic 1)
An Amazon EC2 administrator created the following policy associated with an IAM group containing several users

What is the effect of this policy?

1. A. Users can terminate an EC2 instance in any AWS Region except us-east-1.
2. B. Users can terminate an EC2 instance with the IP address 10 100 100 1 in the us-east-1 Region
3. C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.
4. D. Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100 100 254

Correct Answer: C
as the policy prevents anyone from doing any EC2 action on any region except us-east-1 and allows only users with source ip 10.100.100.0/24 to terminate instances. So user with source ip 10.100.100.254 can terminate instances in us-east-1 region.

- (Topic 4)
An online retail company has more than 50 million active customers and receives more than 25,000 orders each day. The company collects purchase data for customers and stores this data in Amazon S3. Additional customer data is stored in Amazon RDS.
The company wants to make all the data available to various teams so that the teams can perform analytics. The solution must provide the ability to manage fine-grained permissions for the data and must minimize operational overhead.
Which solution will meet these requirements?

1. A. Migrate the purchase data to write directly to Amazon RD
2. B. Use RDS access controls to limit access.
3. C. Schedule an AWS Lambda function to periodically copy data from Amazon RDS toAmazon S3. Create an AWS Glue crawle
4. D. Use Amazon Athena to query the dat
5. E. Use S3 policies to limit access.
6. F. Create a data lake by using AWS Lake Formatio
7. G. Create an AWS Glue JDBC connection to Amazon RD
8. H. Register the S3 bucket in Lake Formatio
9. I. Use Lake Formation access controls to limit access.
10. J. Create an Amazon Redshift cluste
11. K. Schedule an AWS Lambda function to periodically copy data from Amazon S3 and Amazon RDS to Amazon Redshif
12. L. Use Amazon Redshift access controls to limit access.

Correct Answer: C
https://aws.amazon.com/blogs/big-data/manage-fine-grained-access-control-using-aws-lake-formation/

- (Topic 4)
A solutions architect is designing a highly available Amazon ElastiCache for Redis based solution. The solutions architect needs to ensure that failures do not result in performance degradation or loss of data locally and within an AWS Region. The solution needs to provide high availability at the node level and at the Region level.
Which solution will meet these requirements?

1. A. Use Multi-AZ Redis replication groups with shards that contain multiple nodes.
2. B. Use Redis shards that contain multiple nodes with Redis append only files (AOF) tured on.
3. C. Use a Multi-AZ Redis cluster with more than one read replica in the replication group.
4. D. Use Redis shards that contain multiple nodes with Auto Scaling turned on.

Correct Answer: A
This answer is correct because it provides high availability at the node level and at the Region level for the ElastiCache for Redis solution. A Multi-AZ Redis replication group consists of a primary cluster and up to five read replica clusters, each in a different Availability Zone. If the primary cluster fails, one of the read replicas is automatically promoted to be the new primary cluster. A Redis replication group with shards enables partitioning of the data across multiple nodes, which increases the scalability and performance of the solution. Each shard can have one or more replicas to provide redundancy and read scaling.
References:
✑ https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html
✑ https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Shards.html

- (Topic 2)
A company is running a multi-tier web application on premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records. The operational overhead of maintaining the infrastructure and capacity planning is limiting the company's growth. A solutions architect must improve the application's infrastructure.
Which combination of actions should the solutions architect take to accomplish this? (Choose two.)

1. A. Migrate the PostgreSQL database to Amazon Aurora
2. B. Migrate the web application to be hosted on Amazon EC2 instances.
3. C. Set up an Amazon CloudFront distribution for the web application content.
4. D. Set up Amazon ElastiCache between the web application and the PostgreSQL database.
5. E. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS).

Correct Answer: AE
Amazon Aurora is a fully managed, scalable, and highly available relational database service that is compatible with PostgreSQL. Migrating the database to Amazon Aurora would reduce the operational overhead of maintaining the database infrastructure and allow the company to focus on building and scaling the application. AWS Fargate is a fully managed container orchestration service that enables users to run containers without the need to manage the underlying EC2 instances. By using AWS Fargate with Amazon Elastic Container Service (Amazon ECS), the solutions architect can improve the scalability and efficiency of the web application and reduce the operational overhead of maintaining the underlying infrastructure.