Amazon Web Services 2cram all Saa-c03 Test Inside Amazon Web Services Questions by Elspeth q241 vce pdf

Page: 33 / 65

Exam Name:	AWS Certified Solutions Architect - Associate (SAA-C03)
Exam Code:	SAA-C03 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	879 Q&A's	Shared By:	elspeth

Question 132

A company is migrating some of its applications to AWS. The company wants to migrate and modernize the applications quickly after it finalizes networking and security strategies. The company has set up an AWS Direct Connect connection in a central network account.

The company expects to have hundreds of AWS accounts and VPCs in the near future. The corporate network must be able to access the resources on AWS seamlessly and also must be able to communicate with all the VPCs. The company also wants to route its cloud resources to the internet through its on-premises data center.

Which combination of steps will meet these requirements? (Select THREE.)

Options:

Create a Direct Connect gateway in the central account. In each of the accounts, create an association proposal by using the Direct Connect gateway and the account ID for every virtual private gateway.

Create a Direct Connect gateway and a transit gateway in the central network account. Attach the transit gateway to the Direct Connect gateway by using a transit VIF.

Provision an internet gateway. Attach the internet gateway to subnets. Allow internet traffic through the gateway.

Share the transit gateway with other accounts. Attach VPCs to the transit gateway.

Provision VPC peering as necessary.

Provision only private subnets. Open the necessary route on the transit gateway and customer gateway to allow outbound internet traffic from AWS to flow through NAT services that run in the data center.

Discussion

Answer:

B, D, F

Explanation:

For a large-scale multi-account AWS environment with many VPCs and centralized Direct Connect, AWS recommends using a Transit Gateway (TGW) architecture combined with a Direct Connect gateway (DXGW). This setup allows scalable, centralized connectivity between on-premises and multiple VPCs across accounts.

Step B: Creating a Direct Connect gateway and Transit Gateway in a central network account and connecting them via a transit VIF enables the on-premises network to access all connected VPCs.

Step D: Sharing the transit gateway with other accounts via AWS Resource Access Manager (RAM) allows the central TGW to attach VPCs in multiple accounts, simplifying multi-account connectivity.

Step F: To route cloud resources’ internet traffic back through the on-premises data center (for centralized egress), provisioning only private subnets and routing outbound internet traffic through NAT or firewall services in the data center is necessary. This requires configuring transit gateway and customer gateway routes appropriately.

Option A is partially correct in the use of Direct Connect gateway but association proposals are not scalable for hundreds of VPCs and accounts compared to transit gateway. Option C (internet gateway) is irrelevant here as traffic egress is required via on-premises data center, not directly to the internet. Option E (VPC peering) is not scalable for hundreds of VPCs.

[References:, AWS Transit Gateway Overview (https://docs.aws.amazon.com/vpc/latest/tgw/what-is-transit-gateway.html), AWS Direct Connect Gateway (https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways.html), Centralized Egress Architecture with Transit Gateway (https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-set-up-centralized-egress-with-transit-gateway/), AWS Well-Architected Framework — Reliability Pillar (https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf), , , , , ]

Question 133

A company needs to accommodate traffic for a web application that the company hosts on AWS, especially during peak usage hours.

The application uses Amazon EC2 instances as web servers, an Amazon RDS DB instance for database operations, and an Amazon S3 bucket to store transaction documents. The application struggles to scale effectively and experiences performance issues.

The company wants to improve the scalability of the application and prevent future performance issues. The company also wants to improve global access speeds to the transaction documents for the company ' s global users.

Which solution will meet these requirements?

Options:

Place the EC2 instances in Auto Scaling groups to scale appropriately during peak usage hours. Use Amazon RDS read replicas to improve database read performance. Deploy an Amazon CloudFront distribution that uses Amazon S3 as the origin.

Increase the size of the EC2 instances to provide more compute capacity. Use Amazon ElastiCache to reduce database read loads. Use AWS Global Accelerator to optimize the delivery of the transaction documents that are in the S3 bucket.

Transition workloads from the EC2 instances to AWS Lambda functions to scale in response to the usage peaks. Migrate the database to an Amazon Aurora global database to provide cross-Region reads. Use AWS Global Accelerator to deliver the transaction documents that are in the S3 bucket.

Convert the application architecture to use Amazon Elastic Container Service (Amazon ECS) containers. Configure a Multi-AZ deployment of Amazon RDS to support database operations. Replicate the transaction documents that are in the S3 bucket across multiple AWS Regions.

Discussion

Question 134

A company needs to use its on-premises LDAP directory service to authenticate its users to the AWS Management Console. The directory service is not compatible with Security Assertion Markup Language (SAML).

Which solution meets these requirements?

Options:

Enable AWS IAM Identity Center between AWS and the on-premises LDAP.

Create an IAM policy that uses AWS credentials, and integrate the policy into LDAP.

Set up a process that rotates the IAM credentials whenever LDAP credentials are updated.

Develop an on-premises custom identity broker application or process that uses AWS STS to get short-lived credentials.

Discussion

Walter

Yayyy!!! I passed my exam with the help of Cramkey Dumps. Highly appreciated!!!!

Angus Mar 22, 2026

YES….. I saw the same questions in the exam.

Pippa

I was so happy to see that almost all the questions on the exam were exactly what I found in their Dumps.

Anastasia Mar 6, 2026

You are right…It was amazing! The Cramkey Dumps were so comprehensive and well-organized, it made studying for the exam a breeze.

Ernest

That's amazing. I think I'm going to give Cramkey Dumps a try for my next exam. Thanks for telling me about them! CramKey admin please share more questions……You guys are amazing.

Nate Mar 8, 2026

I failed last week, I never know this site , but amazed to see all these questions were in my exam week before. I feel bad now, why I didn’t bother this site. Thanks Cramkey, Excellent Job.

Anya

I must say they're considered the best dumps available and the questions are very similar to what you'll see in the actual exam. Recommended!!!

Cassius Mar 25, 2026

Yes, they offer a 100% success guarantee. And many students who have used them have reported passing their exams with flying colors.

Fatima

Hey I passed my exam. The world needs to know about it. I have never seen real exam questions on any other exam preparation resource like I saw on Cramkey Dumps.

Niamh Mar 23, 2026

That's true. Cramkey Dumps are simply the best when it comes to preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.

Question 135

How can trade data from DynamoDB be ingested into an S3 data lake for near real-time analysis?

Options:

Use DynamoDB Streams to invoke a Lambda function that writes to S3.

Use DynamoDB Streams to invoke a Lambda function that writes to Data Firehose, which writes to S3.

Enable Kinesis Data Streams on DynamoDB. Configure it to invoke a Lambda function that writes to S3.

Enable Kinesis Data Streams on DynamoDB. Use Data Firehose to write to S3.