File Info
| Exam | AWS Certified Solutions Architect - Associate |
| Number | SAA-C03 |
| File Name | Amazon.SAA-C03.CertExams.2024-04-29.760q.tqb |
| Size | 4 MB |
| Posted | Apr 29, 2024 |
| Download | Amazon.SAA-C03.CertExams.2024-04-29.760q.tqb |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
A company must deploy all its Amazon RDS DB instances by using AWS CloudFormation templates as part of AWS continuous integration and continuous delivery (CI/CD) automation. The primary password for the DB instance must be automatically generated as part of the deployment process.
Which solution will meet mese requirements with the LEAST development effort?
- Create an AWS Lambda-backed CloudFormation custom resource. Write Lambda code that generates a secure string. Return the value of the secure string as a data field of the custom resource response object. Use the CloudFormation Fn::GetAtt intrinsic function to get the value of the secure string. Use the value to create the DB instance.
- Use the AWS CodeBuild actions of to generate a secure string by using the following AWS CLI command:aws secretsmanager Pass the generated secure as a CloudFormation parameter with the NoEcho attribute set to true. Use the paramotor reference to create the DB instance.
- Create an AWS Lambda-backed CloudFormation custom resource. Write Lambda code that generates a secure string. Retum the value of the secure string as a data field of custom resource response object. Use the CloudFormation Fn::GetAtt intrinsic function to get a value of the secure string. Create secrets in AWS Secrets Manager. Use the secretsmanager dynamic reference to use the value stored in the secret to create the DB instance.
- Use the AWS::SecretsManager::Secret resource to generate a secure string. Store the secure string as a secret in AWS Secrets Manager. Use the secretsmanager dynamic reference to use the value in the secret to create the DB instance.
Correct answer: A
Question 2
A company runs workloads on AWS. The company needs to connect to a service from an external provider. The service is hosted in the provider's VPC. According to the company's security team, the connectivity must be private and must be restricted to the target service. The connection must be initiated only from the company's VPC.
Which solution will meet these requirements?
- Create a VPC peering connection between the company’s VPC and the provider's VPC. Update the route table to connect to the target service.
- Ask the provider to create a virtual private gateway in its VPC. Use AWS PrivateLink to connect to the target service.
- Create a NAT gateway in a public subnet of the company’s VPC. Update the route table to connect to the target service.
- Ask the provider to create a VPC endpoint for the target service. Use AWS PrivateLink to connect to the target service.
Correct answer: D
Question 3
A company uses Amazon S3 as its data lake. The company has a new partner that must use SFTP to upload data files. A solutions architect needs to implement a highly available SFTP solution that minimizes overhead.
Which solution will meet these requirements?
- Use AWS Transfer Family to configure an SFTP-enabled server with a publicly accessible endpoint. Choose the S3 data lake as the destination.
- Use Amazon S3 File Gateway as an SFTP server. Expose the S3 File Gateway endpoint URL to the new partner. Share the S3 File Gateway endpoint with the new partner.
- Launch an Amazon EC2 instance in a private subnet in a VPC. Instruct the new partner to upload files to the EC2 instance by using a VPN. Run a cron job script on the EC2 instance to upload files to the S3 data lake.
- Launch Amazon EC2 instances in a private subnet in a VPC. a Network Load Balancer (NLB) in front of the EC2 Create an SFTP listener for the NLB. Share the NIB hostname with the new partner. Run a cron job script on the EC2 to upload files to the S3 data lake.
Correct answer: A
