Amazon Web Services exactexam saa-c03 Questions Bank by Rosanna q401 vce pdf

Page: 8 / 56

Exam Name:	AWS Certified Solutions Architect - Associate (SAA-C03)
Exam Code:	SAA-C03 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	758 Q&A's	Shared By:	rosanna

Question 32

A data science team requires storage for nightly log processing. The size and number of logs is unknown and the logs will persist for 24 hours only.

What is the MOST cost-effective solution?

Options:

Amazon S3 Glacier Deep Archive

Amazon S3 Standard

Amazon S3 Intelligent-Tiering

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

Discussion

Question 33

A global company is migrating its workloads from an on-premises data center to AWS. The AWS environment includes multiple AWS accounts. IAM roles. AWS Config rules, and a VPC.

The company wants an automated process to provision new accounts on demand when the company ' s business units require new accounts.

Which solution will meet these requirements with LEAST effort?

Options:

Use AWS Control Tower to set up an organization in AWS Organizations. Use AWS Control Tower Account Factory for Terraform (AFT) to provision new AWS accounts.

Create an organization in AWS Organizations. Use the AWS CLI CreateAccount API action to provision new AWS accounts. Organize the business units with organizational units (OUs).

Create an AWS Lambda function that uses the AWS Organizations API to create new accounts. Invoke the Lambda function from an AWS CloudFormation template in AWS Service Catalog.

Create an organization in AWS Organizations. Use AWS Step Functions to orchestrate the account creation process. Send account creation requests to an Amazon API Gateway API endpoint to invoke an AWS Lambda function that creates new accounts.

Discussion

Question 34

A solutions architect is building an Amazon S3 data lake for a company. The company uses Amazon Kinesis Data Firehose to ingest customer personally identifiable information (PII) and transactional data in near real-time to an S3 bucket. The company needs to mask all PII data before storing thedata in the data lake.

Which solution will meet these requirements?

Options:

Create an AWS Lambda function to detect and mask PII. Invoke the function from Kinesis Data Firehose.

Use Amazon Macie to scan the S3 bucket. Configure Macie to detect and mask PII.

Enable server-side encryption (SSE) on the S3 bucket.

Create an AWS Lambda function that integrates with AWS CloudHSM. Configure the function to detect and mask PII.

Discussion

Ayra

How these dumps are necessary for passing the certification exam?

Damian Mar 10, 2026

They give you a competitive edge and help you prepare better.

Annabel

I recently used them for my exam and I passed it with excellent score. I am impressed.

Amirah Mar 19, 2026

I passed too. The questions I saw in the actual exam were exactly the same as the ones in the Cramkey Dumps. I was able to answer the questions confidently because I had already seen and studied them.

Cody

I used Cramkey Dumps to prepare and a lot of the questions on the exam were exactly what I found in their study materials.

Eric Mar 12, 2026

Really? That's great to hear! I used Cramkey Dumps too and I had the same experience. The questions were almost identical.

Anya

I must say they're considered the best dumps available and the questions are very similar to what you'll see in the actual exam. Recommended!!!

Cassius Mar 25, 2026

Yes, they offer a 100% success guarantee. And many students who have used them have reported passing their exams with flying colors.

Question 35

A solutions architect needs to secure an Amazon API Gateway REST API. Users need to be able to log in to the API by using common external social identity providers (IdPs). The social IdPs must use standard authentication protocols such as SAML or OpenID Connect (OIDC). The solutions architect needs to protect the API against attempts to exploit application vulnerabilities.

Which combination of steps will meet these security requirements? (Select TWO.)

Options:

Create an AWS WAF web ACL that is associated with the REST API. Add the appropriate managed rules to the ACL.

Subscribe to AWS Shield Advanced. Enable DDoS protection. Associate Shield Advanced with the REST API.

Create an Amazon Cognito user pool with a federation to the social IdPs. Integrate the user pool with the REST API.

Create an API key in API Gateway. Associate the API key with the REST API.

Create an IP address filter in AWS WAF that allows only the social IdPs. Associate the filter with the web ACL and the API.