← Back to exam page

SAA-C03 AWS Certified Solutions Architect - Associate (SAA-C03)

Loading demo links...

Showing 1–3 of 20 questions

Question 1 (Exam Pool A)

A company wants to migrate an on-premises data center to AWS. The data canter hosts an SFTP server that stores its data on an NFS-based file system. The server holds 200 GB of data that needs to be transferred. The server must be hosted on an Amazon EC2 instance that uses an Amazon Elastic File System (Amazon EFS) file system

When combination of steps should a solutions architect take to automate this task? (Select TWO )

Select all that apply, then click Submit answer.

  • Launch the EC2 instance into the same Avalability Zone as the EFS fie system

  • install an AWS DataSync agent m the on-premises data center

  • Create a secondary Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instance tor the data

  • Manually use an operating system copy command to push the data to the EC2 instance

  • Use AWS DataSync to create a suitable location configuration for the onprermises SFTP server
Question 2 (Exam Pool C)

A hospital is designing a new application that gathers symptoms from patients. The hospital has decided to use Amazon Simple Queue Service (Amazon SOS) and Amazon Simple Notification Service (Amazon SNS) in the architecture.

A solutions architect is reviewing the infrastructure design Data must be encrypted at test and in transit. Only authorized personnel of the hospital should be able to access the data.

Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

Select all that apply, then click Submit answer.

  • Turn on server-side encryption on the SQS components Update tie default key policy to restrict key usage to a set of authorized principals.

  • Turn on server-side encryption on the SNS components by using an AWS Key Management Service (AWS KMS) customer managed key Apply a key policy to restrict key usage to a set of authorized principals.

  • Turn on encryption on the SNS components Update the default key policy to restrict key usage to a set of authorized principals. Set a condition in the topic pokey to allow only encrypted connections over TLS.

  • Turn on server-side encryption on the SOS components by using an AWS Key Management Service (AWS KMS) customer managed key Apply a key pokey to restrict key usage to a set of authorized principals. Set a condition in the queue pokey to allow only encrypted connections over TLS.

  • Turn on server-side encryption on the SOS components by using an AWS Key Management Service (AWS KMS) customer managed key. Apply an IAM pokey to restrict key usage to a set of authorized principals. Set a condition in the queue pokey to allow only encrypted connections over TLS
Question 3 (Exam Pool A)

A solutions architect is designing a two-tier web application The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet Security is a high priority for the company

How should security groups be configured in this situation? (Select TWO )

Select all that apply, then click Submit answer.

  • Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.

  • Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0.

  • Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.

  • Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier.

  • Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier.