Amazon Web Services udemy selected Saa-c03 Aws Certified Associate Questions Answers by Alaia q120 vce pdf

Page: 4 / 87

Exam Name:	AWS Certified Solutions Architect - Associate (SAA-C03)
Exam Code:	SAA-C03 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	1168 Q&A's	Shared By:	alaia

Question 16

A solutions architect is designing a two-tiered architecture that includes a public subnet and a database subnet. The web servers in the public subnet must be open to the internet on port 443. TheAmazon RDS for MySQL D6 instance in the database subnet must be accessible only to the web servers on port 3306.

Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

Options:

Create a network ACL for the public subnet Add a rule to deny outbound traffic to 0 0 0 0/0 on port 3306

Create a security group for the DB instance Add a rule to allow traffic from the public subnet CIDR block on port 3306

Create a security group for the web servers in the public subnet Add a rule to allow traffic from 0 0 0 O'O on port 443

Create a security group for the DB instance Add a rule to allow traffic from the web servers' security group on port 3306

Create a security group for the DB instance Add a rule to deny all traffic except traffic from the web servers' security group on port 3306

Discussion

Question 17

A hospital is designing a new application that gathers symptoms from patients. The hospital has decided to use Amazon Simple Queue Service (Amazon SOS) and Amazon Simple Notification Service (Amazon SNS) in the architecture.

A solutions architect is reviewing the infrastructure design Data must be encrypted at test and in transit. Only authorized personnel of the hospital should be able to access the data.

Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

Options:

Turn on server-side encryption on the SQS components Update tie default key policy to restrict key usage to a set of authorized principals.

Turn on server-side encryption on the SNS components by using an AWS Key Management Service (AWS KMS) customer managed key Apply a key policy to restrict key usage to a set of authorized principals.

Turn on encryption on the SNS components Update the default key policy to restrict key usage to a set of authorized principals. Set a condition in the topic pokey to allow only encrypted connections over TLS.

Turn on server-side encryption on the SOS components by using an AWS Key Management Service (AWS KMS) customer managed key Apply a key pokey to restrict key usage to a set of authorized principals. Set a condition in the queue pokey to allow only encrypted connections over TLS.

Turn on server-side encryption on the SOS components by using an AWS Key Management Service (AWS KMS) customer managed key. Apply an IAM pokey to restrict key usage to a set of authorized principals. Set a condition in the queue pokey to allow only encrypted connections over TLS

Discussion

Peyton

Hey guys. Guess what? I passed my exam. Thanks a lot Cramkey, your provided information was relevant and reliable.

Coby Sep 6, 2024

Thanks for sharing your experience. I think I'll give Cramkey a try for my next exam.

Vienna

I highly recommend them. They are offering exact questions that we need to prepare our exam.

Jensen Oct 9, 2024

That's great. I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!

Lennie

I passed my exam and achieved wonderful score, I highly recommend it.

Emelia Oct 2, 2024

I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!

Mylo

Excellent dumps with authentic information… I passed my exam with brilliant score.

Dominik Aug 29, 2024

That's amazing! I've been looking for good study material that will help me prepare for my upcoming certification exam. Now, I will try it.

Question 18

A company runs a fleet of web servers using an Amazon RDS for PostgreSQL DB instance After a routine compliance check, the company sets a standard that requires a recovery pant objective (RPO) of less than 1 second for all its production databases.

Which solution meets these requirement?

Options:

Enable a Multi-AZ deployment for the DB Instance

Enable auto scaling for the OB instance m one Availability Zone.

Configure the 06 instance in one Availability Zone and create multiple read replicas in a separate Availability Zone

Configure the 06 instance in one Availability Zone, and configure AWS Database Migration Service (AWS DMS) change data capture (CDC) tasks

Discussion

Question 19

A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon ECS) cluster and is using the Fargate launch type tor ECS tasks The company is monitoring CPU and memory usage because it is expecting high traffic to the application upon its launch However the company wants to reduce costs when utilization decreases

What should a solutions architect recommend?

Options:

Use Amazon EC2 Auto Scaling to scale at certain periods based on previous traffic patterns

Use an AWS Lambda function to scale Amazon ECS based on metric breaches that trigger an Amazon CloudWatch alarm

Use Amazon EC2 Auto Scaling with simple scaling policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm

Use AWS Application Auto Scaling with target tracking policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm