Amazon Web Services Updated SAA-C03 Exam Questions and Answers by ryder

Correct Approach:

AWS Security Groups:

Security groups operate at the instance level, making them the ideal tool for controlling access to specific resources such as an Amazon RDS database.

By default, security groups deny all incoming traffic. You can allow access by explicitly specifying another security group.

Associating an RDS database security group with the EC2 instances' security group ensures only the specified EC2 instances can access the RDS database.

Incorrect Options Analysis:

Option A: Using CIDR blocks for IP-based access is less secure and more difficult to manage. Additionally, Auto Scaling groups dynamically allocate IP addresses, making this approach impractical.

Option B: Network ACLs (NACLs) operate at the subnet level and are stateless. While NACLs can deny or allow traffic, they are not suited to application-specific access control.

Option D: Similar to Option B, using a NACL with CIDR ranges for EC2 IPs is difficult to manage and not application-specific.

Comprehensive Explanation:Deploying the frontend as a CloudFront distribution with multiple origins provides an efficient and scalable solution. Using WAF rules with CloudFront protects against web vulnerabilities, while the multi-origin configuration allows traffic routing to the on-premises backend APIs. This approach minimizes operational overhead compared to managing EC2 instances.

AmazonS3 with the Standard storage classis the best solution:

Encryption: SSE-S3 ensures server-side encryption of the data, meeting compliance requirements.

Immediate access: The Standard storage class provides low-latency and high-throughput access to data.

Multi-location storage: Cross-Region replication ensures data is stored in multiple AWS Regions for redundancy.

Why Other Options Are Not Ideal:

Option B:

Amazon EFS is more costly and suited for file systems rather than object storage.Not cost-effective.

Option C:

Amazon EBS is block storage and not optimized for object storage like PDFs. Backup schedules do not ensure immediate availability.Not suitable.

Option D:

S3 Glacier Flexible Retrieval is designed for archival, not immediate access.Does not meet access requirements.

AWS References:

Amazon S3 Standard Storage:AWS Documentation - S3 Storage Classes

Amazon S3 Cross-Region Replication:AWS Documentation - Cross-Region Replication

AWS Encryption Options:AWS Documentation - S3 Encryption

This solution is designed to provide high availability and low-latency access to block storage across multiple Availability Zones with minimal implementation effort.

Windows Server Cluster Across AZs: Configuring a Windows Server Failover Cluster (WSFC) that spans two Availability Zones ensures that the application can failover from one instance to another in case of a failure, meeting the high availability requirement.

Amazon FSx for Windows File Server: FSx for Windows File Server provides fully managed Windows file storage that is accessible via the SMB protocol, which is suitable for Windows-based applications. It offers high availability and can be used as shared storage between the cluster nodes, ensuring that both nodes have access to the same data with low latency.

Why Not Other Options?:

Option B (EBS with application-level replication): This requires complex configuration and management, as EBS volumes cannot be directly shared across AZs. Application-level replication is more complex and prone to errors.

Option C (FSx for NetApp ONTAP with iSCSI): While this is a viable option, it introduces additional complexity with iSCSI and requires more specialized knowledge for setup and management.

Option D (EBS with EBS-level replication): EBS-level replication is not natively supported across AZs, and setting up a custom replication solution would increase the implementation effort.

AWS References:

Amazon FSx for Windows File Server- Overview and benefits of using FSx for Windows File Server.

Windows Server Failover Clustering on AWS- Guide on setting up a Windows Server cluster on AWS.