SAA-C03 Exam Dumps - Amazon Web Services AWS Certified Associate Questions and Answers

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html#:~:text=The%20CloudTrail%20trail,time%20has%20passed.

Workload Discovery on AWS (formerly called AWS Perspective) is a tool that visualizes AWS Cloud workloads. It maintains an inventory of the AWS resources across your accounts and Regions, mapping relationships between them, and displaying them in a web UI. It also allows you to query AWS Cost and Usage Reports, search for resources, save and export architecture diagrams, and more1. By using Workload Discovery on AWS, the solution can build and map the relationship details of the various workloads across all accounts with the least operational effort.

A. Use AWS Systems Manager Inventory to generate a map view from the detailed view report. This solution will not meet the requirement of building and mapping the relationship details of the various workloads across all accounts, as AWS Systems Manager Inventory is a feature thatcollects metadata from your managed instances and stores it in a central Amazon S3 bucket. It does not provide a map view or architecture diagrams of the workloads2.

B. Use AWS Step Functions to collect workload details Build architecture diagrams of the work-loads manually. This solution will not meet the requirement of the least operational effort, as it involves creating and managing state machines to orchestrate the workload details collection, and building architecture diagrams manually.

D. Use AWS X-Ray to view the workload details Build architecture diagrams with relationships. This solution will not meet the requirement of the least operational effort, as it involves instrumenting your applications with X-Ray SDKs to collect workload details, and building architecture diagrams manually.

Reference URL: https://aws.amazon.com/solutions/implementations/workload-discovery-on-aws/

An Application Load Balancer is a type of Elastic Load Balancer that operates at the application layer (layer 7) of the OSI model. It can distribute incoming traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can also route requests based on the content of the request, such as the host name, path, or query parameters1.

The AWS Load Balancer Controller is a controller that helps you manage Elastic Load Balancers for your Kubernetes cluster. It can provision Application Load Balancers or Network Load Balancers when you create Kubernetes Ingress or Service resources2.

By using the AWS Load Balancer Controller to provision an Application Load Balancer for your Amazon EKS cluster, you can achieve the following benefits:

You can route incoming requests to the appropriate microservices based on the rules you define in your Ingress resource. For example, you can route requests with different host names or paths to different microservices that handle customers and orders2.

You can improve the performance and availability of your container applications by distributing the load across multiple targets and enabling health checks and automatic scaling1.

You can reduce the cost and complexity of managing your load balancers by using a single controller that integrates with Amazon EKS and Kubernetes. You do not need to manually create or configure load balancers or update them when your cluster changes2.

To store and view engineering drawings with caching support, Amazon S3 and Amazon CloudFront are suitable solutions. Amazon S3 can store any amount of data with high durability, availability, and performance. Amazon CloudFront can distribute the engineering drawings to edge locations closer to the users, which can reduce the latency and improve the user experience. Amazon CloudFront can also cache the engineering drawings at the edge locations, which can minimize the amount of time that users wait for the drawings to load.

Option B suggests creating an IAM role that includes Lambda as a trusted service, meaning the role is specifically designed for Lambda functions. The role should have a policy attached to it that grants the required read and write access to the DynamoDB table.

To use an SSL/TLS certificate that is issued by an external CA, the certificate must be imported to AWS Certificate Manager (ACM). ACM can send a notification when the certificate is nearing expiration, but it cannot automatically rotate the certificate. Therefore, the certificate must be rotated manually by importing a new certificate and applying it to the ALB.

AWS ParallelCluster is a service that allows you to create and manage high-performance computing (HPC) clusters on AWS. It supports multiple schedulers, including AWS Batch, which can run distributed workloads across multiple EC2 instances1.

MPI is a standard for message passing between processes in parallel computing. It provides functions for sending and receiving data, synchronizing processes, and managingcommunication groups2.

By using AWS ParallelCluster and MPI libraries, you can take advantage of the following benefits:

You can easily create and configure HPC clusters that meet your specific requirements, such as instance type, number of nodes, network configuration, and storage options1.

You can leverage the scalability and elasticity of AWS to run large-scale parallel workloads without worrying about provisioning or managing servers1.

You can use MPI libraries to optimize the performance and efficiency of your parallel applications by enabling inter-process communication and data exchange2.

You can choose from a variety of MPI implementations that are compatible with AWS ParallelCluster, such as Open MPI, Intel MPI, and MPICH3.

The AWS Health API provides programmatic access to the AWS Health information that is presented in the AWS Personal Health Dashboard. You can use the API operations to get information about AWS Health events that affect your AWS services and resources. You can also use the API to enable or disable health-based insights for your organization. You can use the AWS Health API at the start of each deployment to check on AWS infrastructure health andpause all new deployments if the API returns any issues.References:https://docs.aws.amazon.com/health/latest/APIReference/Welcome.html

https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteHosting.html

https://aws.amazon.com/rds/features/multi-az/ To convert an existing Single-AZ DB Instance to a Multi-AZ deployment, use the "Modify" option corresponding to your DB Instance in the AWS Management Console.

for "Highly available": Multi-AZ & for "least amount of changes to the application": Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring

it allows the company to encrypt the Kubernetes secrets object in the EKS cluster with the least operational overhead. By enabling secrets encryption in the EKS cluster, the company can use AWS Key Management Service (AWS KMS) to generate and manage encryption keys for encrypting and decrypting secrets at rest. This is a simple and secure way to protect sensitive information in EKS clusters. References:

Encrypting Kubernetes secrets with AWS KMS

Kubernetes Secrets

https://docs.aws.amazon.com/efs/latest/ug/transfer-data-to-efs.html

https://aws.amazon.com/ko/premiumsupport/knowledge-center/dms-memory-optimization/

AWS Backup is a fully managed service that enables users to centralize and automate the backup of data across AWS services. It can create and manage backup plans that specify the frequency and retention period of backups. It can also assign backup resources to backup vaults, which are containers that store backup data1. By using AWS Backup, the solution can ensure that the RDS backups are consistent, restorable, and retained for a minimum period of 2 years.

B. Configure a backup window for the RDS DB instances for daily snapshots. Assign a snapshot retention policy of 2 years to each RDS DB instance. Use Amazon Data Lifecycle Manager (Amazon DLM) to schedule snapshot deletions. This solution will not meet the requirement of ensuring that the backupsare consistent and restorable, as Amazon DLM is not compatible with RDS snapshots and cannot be used to schedule snapshot deletions2.

C. Configure database transaction logs to be automatically backed up to Amazon CloudWatch Logs with an expiration period of 2 years. This solution will not meet the requirement of ensuring that the backups are consistent and restorable, as database transaction logs are not sufficient to restore a database to a point in time. They only capture the changes made to the database, not the full state of the database3.

D. Configure an AWS Database Migration Service (AWS DMS) replication task. Deploy a replication instance, and configure a change data capture (CDC) task to stream database changes to Amazon S3 as the target. Configure S3 Lifecycle policies to delete the snapshots after 2 years. This solution will not meet the requirement of ensuring that the backups are consistent and restorable, as AWS DMS is a service that helps users migrate databases to AWS, not back up databases. It also requires additional resources and configuration, such as replication instances and CDC tasks.

Reference URL: https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html

AWS Backup provides a centralized, fully managed solution to automate and manage backups for a wide range of AWS resources, including Aurora databases. Configuring a backup plan with daily backups and a 90-day retention policy ensures operational efficiency and simplicity for compliance purposes.

Option A:Aurora automated backups support point-in-time recovery but do not provide the operational efficiency of a centralized backup management system like AWS Backup.

Option B:AWS Backup with point-in-time recovery is a valid solution but does not specify daily backups with retention, which is the most operationally efficient approach.

Option C:Manual backups require significant operational overhead to create and delete backups regularly, which is not efficient.

Option D:Using AWS Backup with a daily backup plan and 90-day retention provides an automated and efficient solution.

AWS Documentation References:

AWS Backup Overview

Backing Up Aurora Databases

 it allows the EC2 instances to read and write rapidly and concurrently to shared storage across two Availability Zones. Amazon EFS provides a scalable, elastic, and highly available file system that can be mounted from multiple EC2 instances. Amazon EFS supports high levels of throughput and IOPS, and consistent low latencies. Amazon EFS also supports NFSv4 lock upgrading and downgrading, which enables high levels of concurrency. References:

Amazon EFS Features

Using Amazon EFS with Amazon EC2

{

"Version": "2012-10-17",

"Statement": [

{

"Action": [

"s3:ListBucket",

"s3:DeleteObject"

],

"Resource": [

"arn:aws:s3:::"

],

"Effect": "Allow",

},

{

"Action": "s3:*DeleteObject",

"Resource": [

"arn:aws:s3:::/*" # <- The policy clause kludge "added" to match the solution (Q248.1) example

],

"Effect": "Allow"

}

]

}

This solution will meet the requirements with the least operational overhead as it uses Amazon Kinesis Data Firehose, which is a fully managed service that can automatically handle the data collection, data transformation, encryption, and data storage in near-real time. Kinesis Data Firehose can automatically store the data in Amazon S3 in Apache Parquet format for further processing. Additionally, it allows you to create an Amazon Kinesis Data Analytics application to analyze the data in near real-time, with no need to manage any infrastructure or invoke any Lambda function. This way you can process a large amount of data with the least operational overhead.

https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/three-aws-glue-etl-job-types-for-converting-data-to-apache-parquet.html

AWS Glue is a serverless, fully managed ETL (Extract, Transform, and Load) service. It is specifically designed for data transformation tasks such as converting .csv files to Apache Parquet format. Using AWS Glue requires minimal development effort because it includes prebuilt transformations and integrates seamlessly with Amazon S3.

Option A:While Amazon EMR with Apache Spark offers extensive flexibility, it requires setting up and managing a cluster, writing custom Spark code, and handling resource scaling, which increases development effort compared to AWS Glue.

Option C:AWS Batch requires creating job definitions, specifying execution environments, and potentially writing custom scripts for the transformation process, which involves more setup compared to AWS Glue.

Option D:AWS Lambda could handle the transformation but is better suited for smaller-scale processing or real-time transformations. Handling hundreds of files daily with Lambda would require more complex orchestration and is not the most efficient solution for this scale of batch processing.

AWS Documentation References:

AWS Glue Overview

Transforming Data Using AWS Glue