Amazon Web Services exactexam saa-c03 Questions Bank by Rosanna q401 vce pdf

Page: 8 / 56

Exam Name:	AWS Certified Solutions Architect - Associate (SAA-C03)
Exam Code:	SAA-C03 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	758 Q&A's	Shared By:	rosanna

Question 32

A data science team requires storage for nightly log processing. The size and number of logs is unknown and the logs will persist for 24 hours only.

What is the MOST cost-effective solution?

Options:

Amazon S3 Glacier Deep Archive

Amazon S3 Standard

Amazon S3 Intelligent-Tiering

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

Discussion

Question 33

A global company is migrating its workloads from an on-premises data center to AWS. The AWS environment includes multiple AWS accounts. IAM roles. AWS Config rules, and a VPC.

The company wants an automated process to provision new accounts on demand when the company ' s business units require new accounts.

Which solution will meet these requirements with LEAST effort?

Options:

Use AWS Control Tower to set up an organization in AWS Organizations. Use AWS Control Tower Account Factory for Terraform (AFT) to provision new AWS accounts.

Create an organization in AWS Organizations. Use the AWS CLI CreateAccount API action to provision new AWS accounts. Organize the business units with organizational units (OUs).

Create an AWS Lambda function that uses the AWS Organizations API to create new accounts. Invoke the Lambda function from an AWS CloudFormation template in AWS Service Catalog.

Create an organization in AWS Organizations. Use AWS Step Functions to orchestrate the account creation process. Send account creation requests to an Amazon API Gateway API endpoint to invoke an AWS Lambda function that creates new accounts.

Discussion

Question 34

A solutions architect is building an Amazon S3 data lake for a company. The company uses Amazon Kinesis Data Firehose to ingest customer personally identifiable information (PII) and transactional data in near real-time to an S3 bucket. The company needs to mask all PII data before storing thedata in the data lake.

Which solution will meet these requirements?

Options:

Create an AWS Lambda function to detect and mask PII. Invoke the function from Kinesis Data Firehose.

Use Amazon Macie to scan the S3 bucket. Configure Macie to detect and mask PII.

Enable server-side encryption (SSE) on the S3 bucket.

Create an AWS Lambda function that integrates with AWS CloudHSM. Configure the function to detect and mask PII.

Discussion

Elise

I've heard that Cramkey is one of the best websites for exam dumps. They have a high passing rate and the questions are always up-to-date. Is it true?

Cian Feb 1, 2026

Definitely. The dumps are constantly updated to reflect the latest changes in the certification exams. And I also appreciate how they provide explanations for the answers, so I could understand the reasoning behind each question.

Esmae

I highly recommend Cramkey Dumps to anyone preparing for the certification exam.

Mollie Feb 8, 2026

Absolutely. They really make it easier to study and retain all the important information. I'm so glad I found Cramkey Dumps.

Carson

Yeah, definitely. I would definitely recommend Cramkey Dumps to anyone who is preparing for an exam.

Rufus Feb 2, 2026

Me too. They're a lifesaver!

Annabel

I recently used them for my exam and I passed it with excellent score. I am impressed.

Amirah Feb 10, 2026

I passed too. The questions I saw in the actual exam were exactly the same as the ones in the Cramkey Dumps. I was able to answer the questions confidently because I had already seen and studied them.

Question 35

A solutions architect needs to secure an Amazon API Gateway REST API. Users need to be able to log in to the API by using common external social identity providers (IdPs). The social IdPs must use standard authentication protocols such as SAML or OpenID Connect (OIDC). The solutions architect needs to protect the API against attempts to exploit application vulnerabilities.

Which combination of steps will meet these security requirements? (Select TWO.)

Options:

Create an AWS WAF web ACL that is associated with the REST API. Add the appropriate managed rules to the ACL.

Subscribe to AWS Shield Advanced. Enable DDoS protection. Associate Shield Advanced with the REST API.

Create an Amazon Cognito user pool with a federation to the social IdPs. Integrate the user pool with the REST API.

Create an API key in API Gateway. Associate the API key with the REST API.

Create an IP address filter in AWS WAF that allows only the social IdPs. Associate the filter with the web ACL and the API.