Amazon Web Services Updated SAA-C03 Exam Questions and Answers by casey

Amazon RDS Performance Insights is a “database performance tuning and monitoring feature” that can be enabled with a few clicks and “helps you quickly assess the load on your database” and identify bottlenecks. It surfaces key metrics, including DB load, top SQL, waits, and host metrics such as CPU utilization, which are commonly used indicators for right-sizing (up or down). This provides the lowest operational effort compared to building log pipelines or querying CloudTrail (which does not capture SQL workload characteristics). AWS X-Ray traces application requests, not database internals, and CloudWatch Logs aggregation requires custom ingestion and analysis. Enabling Performance Insights directly on the RDS instance provides actionable utilization data to right-size with minimal setup.

CloudFront geographic restrictions (also known as geo-blocking) allow you to allow or deny content delivery to specific countries with minimal configuration.

“You can use geo restriction, also known as geoblocking, to prevent users in specific geographic locations from accessing content that you're distributing through a CloudFront web distribution.”

— CloudFront Geo Restriction

This is the most operationally efficient approach — no code, no signed URL logic.

Incorrect Options:

A/C: Signed URLs/cookies are for individual access control, not geo-blocking.

D: OAC controls access between CloudFront and S3, not to block specific countries.

Amazon RDS Proxy is a fully managed database proxy for RDS that makes applications more scalable, more resilient to database failures, and more secure. RDS Proxy pools and shares database connections, allowing applications to open and close connections as needed without overwhelming the database. This is the recommended solution when the application cannot be modified to use connection pooling itself.

AWS Documentation Extract:

"Amazon RDS Proxy helps manage database connections to improve application scalability and performance. It pools connections and shares them among application clients, which can mitigate issues caused by opening and closing many database connections."

(Source: Amazon RDS Proxy documentation)

A: Upgrading the instance does not solve connection inefficiency and can be cost-ineffective.

B: Increasing IOPS only helps if storage is a bottleneck, not if connections are the issue.

D: Multi-AZ improves availability, not connection management.

Amazon S3 is suitable for storing data that needs to be accessed weekly and integrates with AWS Key Management Service (KMS) to provide encryption at rest with server-side encryption using KMS-managed keys (SSE-KMS).

SSE-KMS uses envelope encryption and allows automatic key rotation and logging through AWS CloudTrail, satisfying the requirements for audit trails and compliance.

S3 Glacier Deep Archive is unsuitable due to its high retrieval latency. SSE-C requires customer-side management of encryption keys, with no support for automatic rotation or audit. SSE-S3 does not use customer-managed keys and lacks fine-grained control and auditing.