Amazon Web Services surepassexam free Saa-c03 Questions Attempt by Lois q321 vce pdf

Page: 16 / 79

Exam Name:	AWS Certified Solutions Architect - Associate (SAA-C03)
Exam Code:	SAA-C03 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	1068 Q&A's	Shared By:	lois

Question 64

How can a law firm make files publicly readable while preventing modifications or deletions until a specific future date?

Options:

Upload files to an Amazon S3 bucket configured for static website hosting. Grant read-only IAM permissions to any AWS principals.

Create an S3 bucket. Enable S3 Versioning. Use S3 Object Lock with a retention period. Create a CloudFront distribution. Use a bucket policy to restrict access.

Create an S3 bucket. Enable S3 Versioning. Configure an event trigger with AWS Lambda to restore modified objects from a private S3 bucket.

Upload files to an S3 bucket for static website hosting. Use S3 Object Lock with a retention period. Grant read-only IAM permissions.

Discussion

Question 65

A company stores user data in AWS. The data is used continuously with peak usage during business hours. Access patterns vary, with some data not being used for months at a time. A solutions architect must choose a cost-effective solution that maintains the highest level of durability while maintaining high availability.

Which storage solution meets these requirements?

Options:

Amazon S3 Standard

Amazon S3 Intelligent-Tiering

Amazon S3 Glacier Deep Archive

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

Discussion

Question 66

A company hosts an application in a private subnet. The company has already integrated the application with Amazon Cognito. The company uses an Amazon Cognito user pool to authenticate users.

The company needs to modify the application so the application can securely store user documents in an Amazon S3 bucket.

Which combination of steps will securely integrate Amazon S3 with the application? (Select TWO.)

Options:

Create an Amazon Cognito identity pool to generate secure Amazon S3 access tokens for users when they successfully log in.

Use the existing Amazon Cognito user pool to generate Amazon S3 access tokens for users when they successfully log in.

Create an Amazon S3 VPC endpoint in the same VPC where the company hosts the application.

Create a NAT gateway in the VPC where the company hosts the application. Assign a policy to the S3 bucket to deny any request that is not initiated from Amazon Cognito.

Attach a policy to the S3 bucket that allows access only from the users' IP addresses.

Discussion

Answer:

A, C

Explanation:

To securely integrate Amazon S3 with an application that uses Amazon Cognito for user authentication, the following two steps are essential:

Step 1: Create an Amazon Cognito Identity Pool (Option A)

Amazon Cognito Identity Poolsallow users to obtain temporary AWS credentials to access AWS resources, such as Amazon S3, after successfully authenticating with the Cognito user pool. The identity pool bridges the gap between user authentication and AWS service access by generating temporary credentials using AWS Identity and Access Management (IAM).

Once a user logs in using theCognito User Pool, the identity pool providesIAM roles with specific permissionsthat the application can use to access S3 securely. This ensures that each user has appropriate access controls while accessing the S3 bucket.

This is a secure way to ensure that users only have temporary and least-privilege access to the S3 bucket for their documents.

Step 2: Create an Amazon S3 VPC Endpoint (Option C)

By creating anAmazon S3 VPC endpoint, the company ensures that communication between the application (which is hosted in a private subnet) and the S3 bucket occurs over theAWS private network, without the need to traverse the internet. This enhances security and prevents exposure of data to public networks.

TheVPC endpointallows the application to access the S3 bucket privately and securely within the VPC. It also ensures that traffic stays within the AWS network, reducing attack surface and improving overall security.

Why the Other Options Are Incorrect:

Option B: This is incorrect becauseAmazon Cognito User Poolsare used for user authentication, not for generating S3 access tokens. To provide S3 access, you need to useAmazon Cognito Identity Pools, which offer AWS credentials.

Option D: ANAT gatewayis unnecessary in this scenario. Using aVPC endpointfor S3 access provides a more secure and cost-effective solution by keeping traffic within AWS.

Option E: Attaching a policy to restrict access based on IP addresses is not scalable or efficient. It would require managing users’ dynamic IP addresses, which is not an effective security measure for this use case.

AWS References:

Amazon Cognito Identity Pools

Amazon VPC Endpoints for S3

Pippa

I was so happy to see that almost all the questions on the exam were exactly what I found in their Dumps.

Anastasia Sep 21, 2024

You are right…It was amazing! The Cramkey Dumps were so comprehensive and well-organized, it made studying for the exam a breeze.

Nadia

Why these dumps are important? Can I pass my exam without these dumps?

Julian Oct 22, 2024

The questions in the Cramkey dumps are explained in detail and there are also study notes and reference materials provided. This made it easier for me to understand the concepts and retain the information better.

Marley

Hey, I heard the good news. I passed the certification exam!

Jaxson Oct 5, 2024

Yes, I passed too! And I have to say, I couldn't have done it without Cramkey Dumps.

Honey

I highly recommend it. They made a big difference for me and I'm sure they'll help you too. Just make sure to use them wisely and not solely rely on them. They should be used as a supplement to your regular studies.

Antoni Oct 25, 2024

Good point. Thanks for the advice. I'll definitely keep that in mind.

Kylo

What makes Cramkey Dumps so reliable? Please guide.

Sami Aug 29, 2024

Well, for starters, they have a team of experts who are constantly updating their material to reflect the latest changes in the industry. Plus, they have a huge database of questions and answers, which makes it easy to study and prepare for the exam.

Question 67

A company needs a cloud-based solution for backup, recovery, and archiving while retaining encryption key material control.

Which combination of solutions will meet these requirements? (Select TWO)

Options:

Create an AWS Key Management Service (AWS KMS) key without key material. Import the company's key material into the KMS key.

Create an AWS KMS encryption key that contains key material generated by AWS KMS.

Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Use S3 Bucket Keyswith AWS KMS keys.

Store the data in an Amazon S3 Glacier storage class. Use server-side encryption with customer-provided keys (SSE-C).

Store the data in AWS Snowball devices. Use server-side encryption with AWS KMS keys (SSE-KMS).