CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SAA-C03

Free SAA-C03 Exam Braindumps (page: 24)

Page 23 of 247
PDF with 1019 Questions

A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.

What should a solutions architect do to secure the audit documents?

  1. Enable the versioning and MFA Delete features on the S3 bucket.
  2. Enable multi-factor authentication (MFA) on the IAM user credentials for each audit team IAM user account.
  3. Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3:DeleteObject action during audit dates.
  4. Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit team IAM user accounts from accessing the KMS key.

Answer(s): A



A company is using a SQL database to store movie data that is publicly accessible. The database runs on an Amazon RDS Single-AZ DB instance. A script runs queries at random intervals each day to record the number of new movies that have been added to the database. The script must report a final total during business hours.

The company's development team notices that the database performance is inadequate for development tasks when the script is running. A solutions architect must recommend a solution to resolve this issue.

Which solution will meet this requirement with the LEAST operational overhead?

  1. Modify the DB instance to be a Multi-AZ deployment.
  2. Create a read replica of the database. Configure the script to query only the read replica.
  3. Instruct the development team to manually export the entries in the database at the end of each day.
  4. Use Amazon ElastiCache to cache the common queries that the script runs against the database.

Answer(s): B



A company has applications that run on Amazon EC2 instances in a VPC. One of the applications needs to call the Amazon S3 API to store and read objects. According to the company's security regulations, no traffic from the applications is allowed to travel across the internet.

Which solution will meet these requirements?

  1. Configure an S3 gateway endpoint.
  2. Create an S3 bucket in a private subnet.
  3. Create an S3 bucket in the same AWS Region as the EC2 instances.
  4. Configure a NAT gateway in the same subnet as the EC2 instances.

Answer(s): A



A company is storing sensitive user information in an Amazon S3 bucket. The company wants to provide secure access to this bucket from the application tier running on Amazon EC2 instances inside a VPC.

Which combination of steps should a solutions architect take to accomplish this? (Choose two.)

  1. Configure a VPC gateway endpoint for Amazon S3 within the VPC.
  2. Create a bucket policy to make the objects in the S3 bucket public.
  3. Create a bucket policy that limits access to only the application tier running in the VP
  4. Create an IAM user with an S3 access policy and copy the IAM credentials to the EC2 instance.
  5. Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket.

Answer(s): A,C






Post your Comments and Discuss Amazon SAA-C03 exam with other Community members:

SAA-C03 Discussions & Posts