Amazon Web Services Updated SAA-C03 Exam Questions and Answers by katie

Understanding the Requirement: The company needs to automate inventory and updates of diverse OS versions on EC2 instances and summarize common vulnerabilities for monthly reviews.

Analysis of Options:

Systems Manager Patch Manager and Security Hub: Patch Manager automates patching, but Security Hub is more focused on compliance and security posture rather than inventory and vulnerability management.

Systems Manager Patch Manager and Amazon Inspector: Patch Manager automates OS updates, and Amazon Inspector provides vulnerability assessments, making this a comprehensive solution for the requirements.

AWS Shield Advanced and AWS Config: Shield Advanced is for DDoS protection, not suitable for OS patch management and vulnerability reporting.

Amazon GuardDuty and AWS Config: GuardDuty is for threat detection and monitoring, not specifically for patch management and vulnerability assessments.

Best Solution:

Systems Manager Patch Manager and Amazon Inspector: This combination automates OS updates and provides detailed vulnerability assessments, meeting both the inventory and security reporting needs effectively.

References:

AWS Systems Manager Patch Manager

Amazon Inspector

Understanding the Requirement: The company anticipates a spike in traffic during a holiday and wants to ensure the Auto Scaling group can handle the increased load without impacting performance.

Analysis of Options:

CloudWatch Alarm: This reacts to spikes based on metrics like CPU utilization but does not proactively scale before the anticipated demand.

Recurring Scheduled Action: This allows the Auto Scaling group to scale up based on a known schedule, ensuring additional capacity is available before the expected spike.

Increase Min/Max Instances: This could result in unnecessary costs by maintaining higher capacity even when not needed.

SNS Notification: Alerts on scaling events but does not proactively manage scaling to prevent performance issues.

Best Solution for Proactive Scaling:

Create a recurring scheduled action: This approach ensures that the Auto Scaling group scales up before the peak demand, providing the necessary capacity proactively without manual intervention.

References:

Scheduled Scaling for Auto Scaling

Amazon S3 Standard-IA: This storage class is designed for data that is accessed less frequently but requires rapid access when needed. It offers lower storage costs compared to S3 Standard while still providing high availability and durability.

Access Patterns: Since the files are frequently accessed in the first 30 days and rarely accessed afterward, transitioning them to S3 Standard-IA after 30 days aligns with their access patterns and reduces storage costs significantly.

Lifecycle Policy: Implementing a lifecycle policy to transition the files to S3 Standard-IA ensures automatic management of the data lifecycle, moving files to a lower-cost storage class without manual intervention. Deleting the files after 4 years further optimizes costs by removing data that is no longer needed.

References:

Amazon S3 Storage Classes

S3 Lifecycle Configuration

Key Requirements:

Private subnets need to access an API on the internet.

Solution must be cost-effective.

Analysis of Options:

Option A: A transit gateway is a robust and scalable solution but involves higher costs compared to other options for this use case.

Option B: A NAT gateway allows instances in private subnets to access the internet while keeping them private. It is a simple and cost-effective solution.

Option C: AWS PrivateLink is designed for private service-to-service communications within AWS or between AWS and on-premises, but it is not cost-effective for this specific scenario.

Option D: A Site-to-Site VPN is not required because the API is hosted on the internet. VPN connections add unnecessary complexity and cost.

AWS References:

NAT Gateways

VPC Internet Connectivity Options