Amazon Web Services exactexam saa-c03 Questions Bank by Rosanna q401 vce pdf

Page: 8 / 77

Exam Name:	AWS Certified Solutions Architect - Associate (SAA-C03)
Exam Code:	SAA-C03 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	1039 Q&A's	Shared By:	rosanna

Question 32

A company is deploying a new application on Amazon EC2 instances. The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes. The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.

Which solution wil meet this requirement?

Options:

Create an IAM role that specifies EBS encryption. Attach the role to the EC2 instances.

Create the EBS volumes as encrypted volumes Attach the EBS volumes to the EC2 instances.

Create an EC2 instance tag that has a key of Encrypt and a value of True. Tag all instances that require encryption at the ESS level.

Create an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account Ensure that the key policy is active.

Discussion

Honey

I highly recommend it. They made a big difference for me and I'm sure they'll help you too. Just make sure to use them wisely and not solely rely on them. They should be used as a supplement to your regular studies.

Antoni Oct 25, 2024

Good point. Thanks for the advice. I'll definitely keep that in mind.

Nadia

Why these dumps are important? Can I pass my exam without these dumps?

Julian Oct 22, 2024

The questions in the Cramkey dumps are explained in detail and there are also study notes and reference materials provided. This made it easier for me to understand the concepts and retain the information better.

Sarah

Yeah, I was so relieved when I saw that the question appeared in the exam were similar to their exam dumps. It made the exam a lot easier and I felt confident going into it.

Aaliyah Aug 27, 2024

Same here. I've heard mixed reviews about using exam dumps, but for us, it definitely paid off.

Miriam

Highly recommended Dumps. 100% authentic and reliable. Passed my exam with wonderful score.

Milan Sep 24, 2024

I see. Thanks for the information. I'll definitely keep Cramkey in mind for my next exam.

Madeleine

Passed my exam with my dream score…. Guys do give these dumps a try. They are authentic.

Ziggy Sep 3, 2024

That's really impressive. I think I might give Cramkey Dumps a try for my next certification exam.

Question 33

A company hosts a multi-tier web application that uses an Amazon Aurora MySQL DB cluster for storage. The application tier is hosted on Amazon EC2 instances. The company's IT security guidelines mandate that the database credentials be encrypted and rotated every 14 days

What should a solutions architect do to meet this requirement with the LEAST operational effort?

Options:

Create a new AWS Key Management Service (AWS KMS) encryption key Use AWS Secrets Manager to create a newsecret that uses the KMS key with the appropriate credentials Associate the secret with the Aurora DB cluster Configure a custom rotation period of 14 days

Create two parameters in AWS Systems Manager Parameter Store one for the user name as a string parameter and one that uses the SecureStnng type for the password Select AWS Key ManagementService (AWS KMS) encryption for the password parameter, and load these parameters in the application tier Implement an AWS Lambda function that rotates the password every 14 days.

Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon Elastic File System (Amazon EFS) file system Mount the EFS file system inall EC2 instances of the application tier. Restrict the access to the file on the file system so that the application can read the file and that only super users can modify the file Implement an AWS Lambda function that rotates the key in Aurora every 14 days and writ

Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon S3 bucket that the application uses to load the credentials Download the file to the application regularly to ensure that the correct credentials are used Implement an AWS Lambda function that rotates the Aurora credentials every 14 days and uploads these credentials to the file in the S3 bucket

Discussion

Question 34

A solution architect must create a disaster recovery (DR) plan for a high-volume software as a service (SaaS) platform. All data for the platform is stored in an Amazon Aurora MySQL DB cluster.

The DR plan must replcate data to a secondary AWS Region.

Which solution will meet these requirements MOST cost-effectively?

Use MySQL binary log replication to an Aurora cluster

Options:

Use MySQL binary log replication to an Aurora cluster in the secondary Region Provision one DB instance for the Aurora cluster in the secondary Region.

Set up an Aurora global database for the DB cluster. When setup is complete, remove the DB instance from the secondary Region.

Use AWS Database Migration Service (AWS QMS) to continuously replicate data to an Aurora cluster in the secondary Region Remove theDB instance from the secondary Region.

Set up an Aurora global database for the DB cluster Specify a minimum of one DB instance in the secondary Region

Discussion

Question 35

A company is hosting a web application from an Amazon S3 bucket. The application uses Amazon Cognito as an identity provider lo authenticate users and return a JSON Web Token (JWT) that provides access to protected resources that am restored in another S3 bucket.

Upon deployment of the application, users report errors and are unable to access the protected content. A solutions architect must resolve this issue by providing proper permissions so that users can access the protected content.

Which solution meets these requirements?

Options:

Update the Amazon Cognito identity pool to assume the proper IAM role for access to the protected consent.

Update the S3 ACL to allow the application to access the protected content

Redeploy the application to Amazon 33 to prevent eventually consistent reads m the S3 bucket from affecting the ability of users to access the protected content.

Update the Amazon Cognito pool to use custom attribute mappings within tie Identity pool and grant users the proper permissions to access the protected content