Amazon Web Services Updated SAA-C03 Exam Questions and Answers by teddie

Amazon SES is a cost-effective and scalable email service that enables businesses to send and receive email using their own email addresses and domains. Configuring the web instance to send email through Amazon SES is a simple and effective solution that can reduce the time spent resolving complex email delivery issues and minimize operational overhead.

The solution that meets the requirements with the least operational overhead is to create a **Regional AWS WAF web ACL with a rate-based rule** and associate the web ACL with the API Gateway stage. This solution will protect the application from HTTP flood attacks by monitoring incoming requests and blocking requests from IP addresses that exceed the predefined rate. Amazon CloudFront distribution with Lambda@Edge in front of the API Gateway Regional API endpoint is also a good solution but it requires more operational overhead than the previous solution. Using Amazon CloudWatch metrics to monitor theCount metric and alerting the security team when the predefined rate is reached is not a solution that can protect against HTTP flood attacks. Creating an Amazon CloudFront distribution in front of the API Gateway Regional API endpoint with a maximum TTL of 24 hours is not a solution that can protect against HTTP flood attacks.

This option is the most efficient because it uses AWS Storage Gateway, which is a service that connects an on-premises software appliance with cloud-based storage to provide seamless integrationwith data security features between your on-premises ITenvironment and the AWS storage infrastructure1. It also uses a stored volume gateway, which is a type of volume gateway that stores your primary data locally and asynchronously backs up point-in-time snapshots of your data to Amazon S32. It also runs the Storage Gateway software application on premises and maps the gateway storage volumes to on-premises storage,which enables you to use your existing storage hardware and network infrastructure. It also mounts the gateway storage volumes to provide local access to the data, which ensures that your data is available for low latency access on premises while also getting backed up to AWS. This solution meets the requirement of maintaining local access to all the data while it is backed up on AWS and ensuring that the data backed up on AWS is automatically and securely transferred. Option A is less efficient because it uses AWS Snowball, which is a physical device that lets you transfer large amounts of data into and out of AWS3. However, this does not provide a periodic backup solution, as it requires manual handling and shipping of the device. It also configures on-premises systems to mount the Snowball S3 endpoint to provide local access to the data, which could introduce additional complexity and latency. Option B is less efficient because it uses AWS Snowball Edge, which is a physical device that has onboard storage and compute capabilities for select AWS capabilities. However, this does not provide a periodic backup solution, as it requires manual handling and shipping of the device. It also uses the Snowball Edge file interface to provide on-premises systems with local access to the data, which could introduce additional complexity and latency. Option C is less efficient because it uses AWS Storage Gateway and configures a cached volume gateway, which is a type of volume gateway that stores your primary data in Amazon S3 and retains a copy of frequently accessed data subsets locally. However, this does not provide local access to all the data, as only some datasubsets are cached locally. It also configures a percentage of data to cache locally, which could incur higher costs and complexity than using a stored volume gateway.

Session Manager is a fully managed AWS Systems Manager capability. With Session Manager, you can manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, on-premises servers, and virtual machines (VMs). You can use either an interactive one-click browser-based shell or the AWS Command Line Interface (AWS CLI). Session Manager provides secure and auditable node management without the need to open inbound ports, maintainbastion hosts, or manage SSH keys. Session Manager also allows you to comply with corporate policies that require controlled access to managed nodes, strict security practices, and fully auditable logs with node access details, while providing end users with simple one-click cross-platform access to your managed nodes.https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html