Amazon Web Services dumpskey helping Hand Questions For Saa-c03 by Amari q241 vce pdf

Page: 42 / 50

Exam Name:	AWS Certified Solutions Architect - Associate (SAA-C03)
Exam Code:	SAA-C03 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	683 Q&A's	Shared By:	amari

Question 168

A financial company hosts a web application on AWS. The application uses an Amazon API Gateway Regional API endpoint to give users the ability to retrieve current stock prices. The company's security team has noticed an increase in the number of API requests. The security team is concerned that HTTP flood attacks might take the application offline.

A solutions architect must design a solution to protect the application from this type of attack.

Which solution meats these requirements with the LEAST operational overhead?

Options:

Create an Amazon CloudFront distribution in front of the API Gateway Regional API endpoint with a maximum TTL of 24 hours

Create a Regional AWS WAF web ACL with a rate-based rule. Associate the web ACL with the API Gateway stage.

Use Amazon CloudWatch metrics to monitor the Count metric and alert the security team when the predefined rate is reached

Create an Amazon CloudFront distribution with Lambda@Edge in front of the API Gateway Regional API endpoint Create an AWS Lambda function to block requests from IP addresses that exceed the predefined rate.

Discussion

Question 169

A company stores confidential data in an Amazon Aurora PostgreSQL database in the ap-southeast-3 Region The database is encrypted with an AWS Key Management Service (AWS KMS) customer managed key The company was recently acquired and must securely share a backup of the database with the acquiring company's AWS account in ap-southeast-3.

What should a solutions architect do to meet these requirements?

Options:

Create a database snapshot Copy the snapshot to a new unencrypted snapshot Share the new snapshot with the acquiring company's AWS account

Create a database snapshot Add the acquiring company's AWS account to the KMS key policy Share the snapshot with the acquiring company's AWS account

Create a database snapshot that uses a different AWS managed KMS key Add the acquiring company's AWS account to the KMS key alias. Share the snapshot with the acquiring company's AWS account.

Create a database snapshot Download the database snapshot Upload the database snapshot to an Amazon S3 bucket Update the S3 bucket policy to allow access from the acquiring company's AWS account

Discussion

Question 170

A company is developing a new mobile app. The company must implement proper traffic filtering to protect its Application Load Balancer (ALB) against common application-level attacks, such as cross-site scripting or SQL injection. The company has minimal infrastructure and operational staff. The company needs to reduce its share of the responsibility in managing, updating, and securing servers for its AWS environment.

What should a solutions architect recommend to meet these requirements?

Options:

Configure AWS WAF rules and associate them with the ALB.

Deploy the application using Amazon S3 with public hosting enabled.

Deploy AWS Shield Advanced and add the ALB as a protected resource.

Create a new ALB that directs traffic to an Amazon EC2 instance running a third-party firewall, which then passes the traffic to the current ALB.

Discussion

Yusra

I passed my exam. Cramkey Dumps provides detailed explanations for each question and answer, so you can understand the concepts better.

Alisha (not set)

I recently used their dumps for the certification exam I took and I have to say, I was really impressed.

Hendrix

Great website with Great Exam Dumps. Just passed my exam today.

Luka (not set)

Absolutely. Cramkey Dumps only provides the latest and most updated exam questions and answers.

Billy

It was like deja vu! I was confident going into the exam because I had already seen those questions before.

Vincent (not set)

Definitely. And the best part is, I passed! I feel like all that hard work and preparation paid off. Cramkey is the best resource for all students!!!

Ivan

I tried these dumps for my recent certification exam and I found it pretty helpful.

Elis (not set)

Agree!!! The questions in the dumps were quite similar to what came up in the actual exam. It gave me a good idea of the types of questions to expect and helped me revise efficiently.

Question 171

A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that is located in the same AWS account. Which solution will meet these requirement in the MOST secure manner?

Options:

Apply an S3 bucket pokey that grants road access to the S3 bucket

Apply an IAM role to the Lambda function Apply an IAM policy to the role to grant read access to the S3 bucket

Embed an access key and a secret key In the Lambda function's coda to grant the required IAM permissions for read access to the S3 bucket

Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to all S3 buckets In the account