SAA-C03 Free Practice Test

- (Topic 4)
A social media company runs its application on Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is the origin for an Amazon CloudFront distribution. The application has more than a billion images stored in an Amazon S3 bucket and processes thousands of images each second. The company wants to resize the images dynamically and serve appropriate formats to clients.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Install an external image management library on an EC2 instanc
2. B. Use the image management library to process the images.
3. C. Create a CloudFront origin request polic
4. D. Use the policy to automatically resize images and to serve the appropriate format based on the User-Agent HTTP header in the request.
5. E. Use a Lambda@Edge function with an external image management librar
6. F. Associate the Lambda@Edge function with the CloudFront behaviors that serve the images.
7. G. Create a CloudFront response headers polic
8. H. Use the policy to automatically resize images and to serve the appropriate format based on the User-Agent HTTP header in the request.

Correct Answer: C
Lambda@Edge is a service that allows you to run Lambda functions at CloudFront edge locations. It can be used to modify requests and responses that flow through CloudFront. CloudFront origin request policy is a policy that controls the values (URL query strings, HTTP headers, and cookies) that are included in requests that CloudFront sends to the origin. It can be used to collect additional information at the origin or to customize the origin response. CloudFront response headers policy is a policy that specifies the HTTP headers that CloudFront removes or adds in responses that it sends to viewers. It can be used to add security or custom headers to responses.
Based on these definitions, the solution that will meet the requirements with the least operational overhead is:
* C. Use a Lambda@Edge function with an external image management library. Associate the Lambda@Edge function with the CloudFront behaviors that serve the images.
This solution would allow the application to use a Lambda@Edge function to resize the images dynamically and serve appropriate formats to clients based on the User-Agent HTTP header in the request. The Lambda@Edge function would run at the edge locations,
reducing latency and load on the origin. The application code would only need to include an external image management library that can perform image manipulation tasks1.

- (Topic 3)
At part of budget planning. management wants a report of AWS billed dams listed by user. The data will be used to create department budgets. A solution architect needs to determine the most efficient way to obtain this report Information
Which solution meets these requirement?

1. A. Run a query with Amazon Athena to generate the report.
2. B. Create a report in Cost Explorer and download the report
3. C. Access the bill details from the running dashboard and download Via bill.
4. D. Modify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES).

Correct Answer: B
This option is the most efficient because it uses Cost Explorer, which is a tool that allows you to visualize, understand, and manage your AWS costs and usage over time1. You can create a report in Cost Explorer that lists AWS billed items by user, using the user name tag as a filter2. You can then download the report as a CSV file and use it for budget planning. Option A is less efficient because it uses Amazon Athena, which is a serverless interactive query service that allows you to analyze data in Amazon S3 using standard SQL 3. You would need to set up an Athena table that points to your AWS Cost and Usage Report data in S3, and then run a query to generate the report. This would incur additional costs and complexity. Option C is less efficient because it uses the billing dashboard, which provides a high-level summary of your AWS costs and usage. You can access the bill details from the billing dashboard and download them via bill, but this would not list the billed items by user. You would need to use tags to group your costs by user name, which would require additional steps. Option D is less efficient because it uses AWS Budgets, which is a tool that allows you to plan your service usage, service costs, and instance reservations. You can modify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES), but this would not generate a report of AWS billed items by user. This would only notify you when your actual or forecasted costs exceed or are expected to exceed your budgeted amount.

- (Topic 3)
A company hosts a three-tier web application that includes a PostgreSQL database The database stores the metadata from documents The company searches the metadata for key terms to retrieve documents that the company reviews in a report each month The documents are stored in Amazon S3 The documents are usually written only once, but they are updated frequency The reporting process takes a few hours with the use of relational queries The reporting process must not affect any document modifications or the addition of new documents.
What are the MOST operationally efficient solutions that meet these requirements? (Select TWO )

1. A. Set up a new Amazon DocumentDB (with MongoDB compatibility) cluster that includes a read replica Scale the read replica to generate the reports.
2. B. Set up a new Amazon RDS for PostgreSQL Reserved Instance and an On-Demand read replica Scale the read replica to generate the reports
3. C. Set up a new Amazon Aurora PostgreSQL DB cluster that includes a Reserved Instance and an Aurora Replica issue queries to the Aurora Replica to generate the reports.
4. D. Set up a new Amazon RDS for PostgreSQL Multi-AZ Reserved Instance Configure the reporting module to query the secondary RDS node so that the reporting module does not affect the primary node
5. E. Set up a new Amazon DynamoDB table to store the documents Use a fixed write capacity to support new document entries Automatically scale the read capacity to support the reports

Correct Answer: BC
These options are operationally efficient because they use Amazon RDS read replicas to offload the reporting workload from the primary DB instance and avoid affecting any document modifications or the addition of new documents1. They also use Reserved Instances for the primary DB instance to reduce costs and On-Demand or Aurora Replicas for the read replicas to scale as needed. Option A is less efficient because it uses Amazon S3 Glacier Flexible Retrieval, which is a cold storage class that has higher retrieval costs and longer retrieval times than Amazon S3 Standard. It also uses EventBridge rules to invoke the job nightly, which does not meet the requirement of processing incoming data files as soon as possible. Option D is less efficient because it uses AWS Lambda to process the files, which has a maximum execution time of 15 minutes per invocation, which might not be enough for processing each file that needs 3-8 minutes. It also uses S3 event notifications to invoke the Lambda function when the files arrive, which could cause concurrency issues if there are thousands of small data files arriving periodically. Option E is less efficient because it uses Amazon DynamoDB, which is a NoSQL database service that does not support relational queries, which are needed for generating the reports. It also uses fixed write capacity, which could cause throttling or underutilization depending on the incoming data files.

- (Topic 4)
A solutions architect wants to use the following JSON text as an identity-based policy to grant specific permissions:

Which IAM principals can the solutions architect attach this policy to? (Select TWO.)

1. A. Role
2. B. Group
3. C. Organization
4. D. Amazon Elastic Container Service (Amazon ECS) resource
5. E. Amazon EC2 resource

Correct Answer: AB
This JSON text is an identity-based policy that grants specific permissions. The IAM principals that the solutions architect can attach this policy to are Role and Group. This is because the policy is written in JSON and is an identity-based policy, which can be attached to IAM principals such as users, groups, and roles. Identity-based policies are permissions policies that you attach to IAM identities (users, groups, or roles) and explicitly state what that identity is allowed (or denied) to do1. Identity-based policies are different from resource-based policies, which define the permissions around the specific resource1. Resource-based policies are attached to a resource, such as an Amazon S3 bucket or an Amazon EC2 instance1. Resource-based policies can also specify a principal, which is the entity that is allowed or denied access to the resource1. Organization is not an IAM principal, but a feature of AWS Organizations that allows you to manage multiple AWS accounts centrally2. Amazon ECS resource and Amazon EC2 resource are not IAM principals, but AWS resources that can have resource-based policies attached to them34. References:
✑ Identity-based policies and resource-based policies
✑ AWS Organizations
✑ Amazon ECS task role
✑ Amazon EC2 instance profile

- (Topic 4)
A company hosts an application used to upload files to an Amazon S3 bucket Once uploaded, the files are processed to extract metadata which takes less than 5 seconds The volume and frequency of the uploads varies from a few files each hour to hundreds of concurrent uploads The company has asked a solutions architect to design a cost-effective architecture that will meet these requirements.
What should the solutions architect recommend?

1. A. Configure AWS CloudTrail trails to tog S3 API calls Use AWS AppSync to process the files.
2. B. Configure an object-created event notification within the S3 bucket to invoke an AWS Lambda function to process the files.
3. C. Configure Amazon Kinesis Data Streams to process and send data to Amazon S3. Invoke an AWS Lambda function to process the files.
4. D. Configure an Amazon Simple Notification Service (Amazon SNS) topic to process the files uploaded to Amazon S3 Invoke an AWS Lambda function to process the files.

Correct Answer: B
This option is the most cost-effective and scalable way to process the files uploaded to S3. AWS CloudTrail is used to log API calls, not to trigger actions based on them. AWS AppSync is a service for building GraphQL APIs, not for processing files. Amazon Kinesis Data Streams is used to ingest and process streaming data, not to send data to S3. Amazon SNS is a pub/sub service that can be used to notify subscribers of events, not to process files. References:
✑ Using AWS Lambda with Amazon S3
✑ AWS CloudTrail FAQs
✑ What Is AWS AppSync?
✑ [What Is Amazon Kinesis Data Streams?]
✑ [What Is Amazon Simple Notification Service?]