Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SAA-C03

Amazon SAA-C03 Exam Questions
AWS Certified Solutions Architect - Associate SAA-C03 (Page 21 )

Updated On: 16-Mar-2026
Page 21 of 205
PDF with 824 Questions

An Amazon EC2 administrator created the following policy associated with an IAM group containing several users:
What is the effect of this policy?

  1. Users can terminate an EC2 instance in any AWS Region except us-east-1.
  2. Users can terminate an EC2 instance with the IP address 10.100.100.1 in the us-east-1 Region.
  3. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.
  4. Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.

Answer(s): C

Explanation:

The policy allows terminating EC2 instances in us-east-1 only when the source IP matches 10.100.100.254, so option C is correct.
A) Incorrect because it restricts by region and IP; policy does not grant termination in all regions or exclude us-east-1.
B) Incorrect because it allows termination by a specific private IP, not the exact instance IP; IAM policies typically control by source IP range, not instance IP, and the stated IP doesn’t match the condition.
D) Incorrect because it states a prohibition; the policy grants permission under a specific source IP, not a blanket deny for that region.



A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options. The storage solution must be highly available and integrated with Active Directory for access control.
Which solution will satisfy these requirements?

  1. Configure Amazon EFS storage and set the Active Directory domain for authentication.
  2. Create an SMB file share on an AWS Storage Gateway file gateway in two Availability Zones.
  3. Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume.
  4. Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.

Answer(s): D

Explanation:

FSx for Windows File Server provides a fully managed Windows file server with native SMB support and native integration with Active Directory for authentication and access control, meeting high availability through multi-AZ replication. A) EFS supports NFS/SMB with AD integration limited; but not native Windows AD integration for SharePoint workloads. B) Storage Gateway file gateway in two AZs provides SMB access but uses on-prem gateway model and may add complexity; not as seamless as managed FSx for Windows with AD. C) S3 with Windows mounting is not a native Windows file system and lacks integrated AD authentication. D) FSx for Windows File Server directly satisfies Windows-based file shares with AD integration and high availability.



An image-processing company has a web application that users use to upload images. The application uploads the images into an Amazon S3 bucket. The company has set up S3 event notifications to publish the object creation events to an Amazon Simple Queue Service (Amazon SQS) standard queue. The SQS queue serves as the event source for an AWS Lambda function that processes the images and sends the results to users through email.
Users report that they are receiving multiple email messages for every uploaded image. A solutions architect determines that SQS messages are invoking the Lambda function more than once, resulting in multiple email messages.
What should the solutions architect do to resolve this issue with the LEAST operational overhead?

  1. Set up long polling in the SQS queue by increasing the ReceiveMessage wait time to 30 seconds.
  2. Change the SQS standard queue to an SQS FIFO queue. Use the message deduplication ID to discard duplicate messages.
  3. Increase the visibility timeout in the SQS queue to a value that is greater than the total of the function timeout and the batch window timeout.
  4. Modify the Lambda function to delete each message from the SQS queue immediately after the message is read before processing.

Answer(s): C

Explanation:

The correct answer is C. Increasing the SQS queue visibility timeout to exceed the sum of the Lambda function timeout and batch window ensures that a message is not picked up again while still being processed, preventing duplicate Lambda executions and hence duplicate emails. A) Long polling reduces empty receives but does not prevent concurrent processing or duplicate invocations. B) Switching to FIFO with deduplication is unnecessary overhead for this issue and standard SQS already supports at-least-once delivery with potential duplicates; deduplication is time-based and not for idempotency of processing. D) Deleting messages before processing risks losing messages if processing fails, causing data loss and retries.



A company is implementing a shared storage solution for a gaming application that is hosted in an on-premises data center. The company needs the ability to use Lustre clients to access data. The solution must be fully managed.
Which solution meets these requirements?

  1. Create an AWS Storage Gateway file gateway. Create a file share that uses the required client protocol. Connect the application server to the file share.
  2. Create an Amazon EC2 Windows instance. Install and configure a Windows file share role on the instance. Connect the application server to the file share.
  3. Create an Amazon Elastic File System (Amazon EFS) file system, and configure it to support Lustre. Attach the file system to the origin server. Connect the application server to the file system.
  4. Create an Amazon FSx for Lustre file system. Attach the file system to the origin server. Connect the application server to the file system.

Answer(s): D

Explanation:

The correct answer is D.
D) FSx for Lustre provides a fully managed Lustre file system that can be mounted by Lustre clients, meeting the Lustre access and fully managed requirements.
A) Storage Gateway file gateway is not Lustre native and does not provide Lustre client access; it’s for NFS/SMB interfaces to on-prem apps.
B) An EC2 Windows instance is not fully managed and does not deliver a managed Lustre service.
C) EFS can be used for POSIX but does not support Lustre and is not Lustre-compatible.



A company's containerized application runs on an Amazon EC2 instance. The application needs to download security certificates before it can communicate with other business applications. The company wants a highly secure solution to encrypt and decrypt the certificates in near real time. The solution also needs to store data in highly available storage after the data is encrypted.
Which solution will meet these requirements with the LEAST operational overhead?

  1. Create AWS Secrets Manager secrets for encrypted certificates. Manually update the certificates as needed. Control access to the data by using fine-grained IAM access.
  2. Create an AWS Lambda function that uses the Python cryptography library to receive and perform encryption operations. Store the function in an Amazon S3 bucket.
  3. Create an AWS Key Management Service (AWS KMS) customer managed key. Allow the EC2 role to use the KMS key for encryption operations. Store the encrypted data on Amazon S3.
  4. Create an AWS Key Management Service (AWS KMS) customer managed key. Allow the EC2 role to use the KMS key for encryption operations. Store the encrypted data on Amazon Elastic Block Store (Amazon EBS) volumes.

Answer(s): C

Explanation:

The correct answer is C.
A) Secrets Manager adds management overhead for rotating and storing certificates; not as streamlined for near real-time encryption/decryption with EC2 workloads as using KMS. B) A Lambda-based approach increases latency and operational complexity; storing code and managing cryptography locally is less robust than using KMS. C) Uses a KMS customer-managed key with EC2 IAM for on-demand encryption/decryption, and stores encrypted data in S3 for highly available, durable object storage, meeting near real-time needs with minimal ops. D) Storing encrypted data on EBS ties data lifecycle to a single EC2 instance and reduces persistence and availability compared with S3’s object storage.



Viewing page 21 of 205
Viewing questions 101 - 105 out of 824 questions



Post your Comments and Discuss Amazon SAA-C03 exam dumps with other Community members:

SAA-C03 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!