Amazon Web Services passleader pdf Saa-c03 Study Guide by Soraya q40 vce pdf

Page: 13 / 34

Exam Name:	AWS Certified Solutions Architect - Associate (SAA-C03)
Exam Code:	SAA-C03 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	467 Q&A's	Shared By:	soraya

Question 52

A company's expense tracking application gives users the ability to upload images of receipts. The application analyzes the receipts to extract information and stores the raw images in Amazon S3. The application is written in Java and runs on Amazon EC2 On-Demand Instances in an Auto Scaling group behind an Application Load Balancer.

The compute costs and storage costs have increased with the popularity of the application.

Which solution will provide the MOST cost savings without affecting application performance?

Options:

Purchase a Compute Savings Plan for the maximum number of necessary EC2 instances. Store the uploaded files in Amazon Elastic File System (Amazon EFS).

Decrease the minimum number of EC2 instances in the Auto Scaling group. Use On-Demand Instances for peak scaling. Store the uploaded files in Amazon Elastic File System (Amazon EFS).

Decrease the maximum number of EC2 instances in the Auto Scaling group. Set up S3 Lifecycle policies to archive the raw images to lower-cost storage tiers after 30 days.

Purchase a Compute Savings Plan for the minimum number of necessary EC2 instances. Use On-Demand Instances for peak scaling. Set up S3 Lifecycle policies to archive the raw images to lower-cost storage tiers after 30 days.

Discussion

Question 53

A company is building a new web application on AWS. The application needs to consume files from a legacy on-premises application that runs a batch process and outputs approximately 1 GB of data every night to an NFS file mount.

A solutions architect needs to design a storage solution that requires minimal changes to the legacy application and keeps costs low.

Which solution will meet these requirements MOST cost-effectively?

Options:

Deploy an Outpost in AWS Outposts to the on-premises location where the legacy application is stored. Configure the legacy application and the web application to store and retrieve the files in Amazon S3 on the Outpost.

Deploy an AWS Storage Gateway Volume Gateway on premises. Point the legacy application to the Volume Gateway. Configure the web application to use the Amazon S3 bucket that the Volume Gateway uses.

Deploy an Amazon S3 interface endpoint on AWS. Reconfigure the legacy application to store the files directly on an Amazon S3 endpoint. Configure the web application to retrieve the files from Amazon S3.

Deploy an Amazon S3 File Gateway on premises. Point the legacy application to the File Gateway. Configure the web application to retrieve the files from the S3 bucket that the File Gateway uses.

Discussion

Question 54

A company sets up an organization in AWS Organizations that contains 10AWS accounts. A solutions architect must design a solution to provide access to the accounts for several thousand employees. The company has an existing identity provider (IdP). The company wants to use the existing IdP for authentication to AWS.

Which solution will meet these requirements?

Options:

Create IAM users for the employees in the required AWS accounts. Connect IAM users to the existing IdP. Configure federated authentication for the IAM users.

Set up AWS account root users with user email addresses and passwords that are synchronized from the existing IdP.

Configure AWS IAM Identity Center Connect IAM Identity Center to the existing IdP Provision users and groups from the existing IdP

Use AWS Resource Access Manager (AWS RAM) to share access to the AWS accounts with the users in the existing IdP.

Discussion

Answer:

Explanation:

AWS IAM Identity Center:

IAM Identity Centerprovides centralized access management for multiple AWS accounts within an organization and integrates seamlessly with existing identity providers (IdPs) throughSAML 2.0 federation.

It allows users to authenticate using their existing IdP credentials and gain access to AWS resources without the need to create and manage separate IAM users in each account.

IAM Identity Centeralso simplifies provisioning and de-provisioning users, as it can automatically synchronize users and groups from the external IdP to AWS, ensuring secure and managed access.

Integration with Existing IdP:

The solution involves configuringIAM Identity Centerto connect to the company's IdP using SAML. This setup allows employees to log in with their existing credentials, reducing the complexity of managing separate AWS credentials.

Once connected,IAM Identity Centerhandles authentication and authorization, granting users access to the AWS accounts based on their assigned roles and permissions.

Why the Other Options Are Incorrect:

Option A: Creating separateIAM usersfor each employee is not scalable or efficient. Managing thousands of IAM users across multiple AWS accounts introduces unnecessary complexity and operational overhead.

Option B: Using AWSroot userswith synchronized passwords is a security risk and goes against AWS best practices. Root accounts should never be used for day-to-day operations.

Option D:AWS Resource Access Manager (RAM)is used for sharing AWS resources between accounts, not for federating access for users across accounts. It doesn’t provide a solution for authentication via an external IdP.

AWS References:

AWS IAM Identity Center

SAML 2.0 Integration with AWS IAM Identity Center

By setting upIAM Identity Centerand connecting it to the existing IdP, the company can efficiently manage access for thousands of employees across multiple AWS accounts with a high degree of operational efficiency and security. Therefore,Option Cis the best solution.

Question 55

A company wants to implement new security compliance requirements for its development team to limit the use of approved Amazon Machine Images (AMIs).

The company wants to provide access to only the approved operating system and software for all its Amazon EC2 instances. The company wants the solution to have the least amount of lead time for launching EC2 instances.

Which solution will meet these requirements?

Options:

Create a portfolio by using AWS Service Catalog that includes only EC2 instances launched with approved AMIs. Ensure that all required software is preinstalled on the AMIs. Create the necessary permissions for developers to use the portfolio.

Create an AMI that contains the approved operating system and software by using EC2 Image Builder. Give developers access to that AMI to launch the EC2 instances.

Create an AMI that contains the approved operating system Tell the developers to use the approved AMI Create an Amazon EventBridge rule to run an AWS Systems Manager script when a new EC2 instance is launched. Configure the script to install the required software from a repository.

Create an AWS Config rule to detect the launch of EC2 instances with an AMI that is not approved. Associate a remediation rule to terminate those instances and launch the instances again with the approved AMI. Use AWS Systems Manager to automatically install the approved software on the launch of an EC2 instance.

Discussion

Nylah

I've been looking for good study material for my upcoming certification exam. Need help.

Dolly Aug 4, 2025

Then you should definitely give Cramkey Dumps a try. They have a huge database of questions and answers, making it easy to study and prepare for the exam. And the best part is, you can be sure the information is accurate and relevant.

Victoria

Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.

Isabel Aug 20, 2025

Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.

Anaya

I found so many of the same questions on the real exam that I had already seen in the Cramkey Dumps. Thank you so much for making exam so easy for me. I passed it successfully!!!

Nina Aug 19, 2025

It's true! I felt so much more confident going into the exam because I had already seen and understood the questions.

Freddy

I passed my exam with flying colors and I'm confident who will try it surely ace the exam.

Aleksander Aug 20, 2025

Thanks for the recommendation! I'll check it out.

Neve

Will I be able to achieve success after using these dumps?

Rohan Aug 10, 2025

Absolutely. It's a great way to increase your chances of success.

Page: 13 / 34

Title