Table of Contents of Articles:

  1. Amazon ECS
  2. Amazon EKS
  3. Amazon EC2
  4. Elastic Beanstalk
  5. AWS Fargate
  6. AWS Lambda (serverless)
  7. Amazon EBS
    7.1 EBS Lifecycle
  8. Amazon Elastic File System (EFS) – Shared file system
  9. What is Amazon S3?
    9.1 What is S3
    9.2 Encryption at rest:
    9.3 S3 Best Practices:
  10. What is AWS Backup?
  11. What is AWS DataSync?
  12. What is AWS Snowball Edge?
  13. AWS Transfer Family
  14. What is Amazon Aurora?
  15. What is Amazon RDS?
  16. What is Amazon Redshift?
  17. What is Amazon Virtual Private Cloud?
  18. What is Amazon Route 53?
  19. What is Amazon API Gateway?
  20. What is AWS Direct Connect
  21. Elastic Load Balancing (ELB)
  22. What is Amazon Rekognition?
  23. What is Amazon Comprehend?
  24. What is Amazon SageMaker?
  25. What is Amazon Transcribe?
  26. What is Amazon Translate?
  27. What is Amazon Athena?
  28. What is Amazon QuickSight?
  29. What is Amazon Cognito?
  30. What is Amazon GuardDuty?
  31. What is Amazon Inspector?
  32. What is Amazon Macie?
  33. What is AWS Certificate Manager?
  34. What is AWS Secrets Manager?
  35. What is AWS KMS?
  36. What is AWS Shield?
  37. What are AWS Organizations?
  38. What is the difference between Amazon SQS and Amazon Simple Notification Service (SNS)?
  39. What is Amazon Simple Notification Service (Amazon SNS)?
  40. What is Kinesis Data Streams used for?
  41. What is AWS Service Catalog?
  42. What is AWS WAF?
  43. IAM
  44. Amazon CloudFront
  45. Amazon ElasticCache

Because AWS SAA-C03 basic knowledge contains too much content, it is divided into three parts, the first part (1-14), the second part (14-36), and I will share the remaining parts today.

37.What are AWS Organizations?

AWS Organizations helps you centralize the management of your environment as you scale workloads on AWS. Whether you’re a growing startup or a large enterprise, Organizations helps you programmatically create new accounts and allocate resources, simplify billing by setting up a single payment method for all accounts, create account groups to organize your workflows, and apply policies to those groups for governance. In addition, AWS Organizations integrates with other AWS services to specify central configurations, security mechanisms, and resource sharing across accounts in your organization.

38.What is the difference between Amazon SQS and Amazon Simple Notification Service (SNS)?

Amazon SNS allows applications to send time-critical messages to multiple subscribers via a “push” mechanism without the need to periodically check or “poll” for updates. Amazon SQS is a message queuing service for distributed applications that exchanges messages in a round-robin pattern and can be used to decouple sending and receiving components.

39.What is Amazon Simple Notification Service (Amazon SNS)?

Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy for users to set up, operate, and send notifications from the cloud. It provides developers with the ability to publish messages from applications in a highly scalable, flexible, and cost-effective manner and send them to subscribers or other applications instantly. The service is designed to make web-scale computing easier for developers. Amazon SNS follows a pub-sub messaging paradigm that uses a “push” mechanism to deliver notifications to clients without the need to periodically check or “poll” for new information and updates. Amazon SNS uses a simple API with minimal upfront development effort, no maintenance or management overhead, and pay-as-you-go, enabling developers to incorporate a powerful notification system into their applications through a simple mechanism.

40.What is Kinesis Data Streams used for?

Amazon Kinesis Data Streams are useful for quickly moving data out of the data producer and then for continuous processing. The reason for this is that the data is transformed before it is transferred to the data store, real-time metrics and analytics are run, or more complex data streams are derived for further processing.

The following are typical scenarios for using Kinesis Data Streams:

  • Accelerated log and data transfer acquisition: Instead of waiting for data to be processed in batches, you can have the producer enter the Kinesis data stream as soon as it is generated, preventing data loss due to data producer failures. For example, system and application logs can be continuously added to a data stream and processed in seconds.
  • Real-time metrics and reports: You can pull metrics from Kinesis dataflow data and generate reports in real-time. For example, your Amazon Kinesis application can handle metrics and reports for system and application logs because data keeps flowing in rather than waiting for bulk data to be received.
  • Real-time data analytics: With Kinesis Data Streams, you can run real-time streaming data analytics. For example, you can add a clickstream to your Kinesis data stream and have your Kinesis application run analytics in real-time to gain important insights from your data in minutes instead of hours or days.
  • Log and event data collection: Collect log and event data from sources such as servers, desktops, and mobile devices. You can then build applications using Amazon Lambda or Amazon Managed Services for Apache Flink to continuously process data, generate metrics, drive real-time dashboards, and send aggregated data to storage such as Amazon Simple Storage Service (Amazon S3).
  • Drive event-driven applications: Quickly pair with AWS Lambda, regardless of size, to respond to or adapt immediate events in your environment’s event-driven applications.

41.What is AWS Service Catalog?

With AWS Service Catalog, IT administrators can create, manage, and distribute approved product catalogs to end users, who can then access the products they need in a personalized portal. Admins can control which users have access to various products, enforcing compliance with the organization’s business policies. Administrators can also set roles that have been accepted so that end users only need IAM access to access AWS Service Catalog to deploy approved resources. AWS Service Catalog allows your organization to benefit from increased flexibility and reduced costs, as end users can find and launch only the products they need from the catalog you control.

42.What is AWS WAF?

AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules to allow, block, or monitor (count) web requests based on conditions that you define. These criteria include IP addresses, HTTP headers, HTTP bodies, URI strings, SQL injection, and cross-site scripting.

43. IAM

The priority of deny in Effect is higher than allow, and deny is the default value, that is, when both deny and allow are defined for the same resource, the final result is deny.

Omit the picture display, if you need it, please contact me

44. Amazon CloudFront

45. Amazon ElasticCache

AWS SAA-C03 certifiction solutions

In addition to learning and mastering the vast amount of basic knowledge step by step, the next step is to practice and practice to ensure that you can effectively pass the SAA-C03 exam.

The most effective exercise programs currently include:

  1. Amazon official training
  2. Other popular online training (Udemy, Whizlabs…)
  3. Use the real-time updated SAA-C03 exam practice questions: https://www.leads4pass.com/saa-c03.html (prepare 3 days before the exam)

Each certification assistance solution has its advantages and disadvantages:

  1. Preparation time
  2. Study time
  3. Exam question coverage rate
  4. Friendliness
  5. Price

Everything needs to be chosen according to your actual needs! Finally, I wish you all easy success.

PS.Comes with free SAA-C03 exam questions and answers

Question 1:

A company is designing its production application\’s disaster recovery (DR) strategy. The application is backed by a MySQL database on an Amazon Aurora cluster in the us-east-1 Region. The company has chosen the us-west-1 Region as

its DR Region.

The company\’s target recovery point objective (RPO) is 5 minutes and the target recovery time objective (RTO) is 20 minutes. The company wants to minimize configuration changes.

Which solution will meet these requirements with the MOST operational efficiency?

A. Create an Aurora read replica in us-west-1 similar in size to the production application\’s Aurora MySQL cluster writer instance.

B. Convert the Aurora cluster to an Aurora global database. Configure managed failover.

C. Create a new Aurora cluster in us-west-1 that has Cross-Region Replication.

D. Create a new Aurora cluster in us-west-1. Use AWS Database Migration Service (AWS DMS) to sync both clusters.

Correct Answer: B

Aurora Global Database: allowing a single Amazon Aurora database to span multiple AWS Regions. It replicates your data with no impact on database performance, enables fast local reads with low latency in each Region, and provides disaster recovery from Region-wide outages.

Question 2:

A company needs to design a resilient web application to process customer orders. The web application must automatically handle increases in web traffic and application usage without affecting the customer experience or losing customer orders.

Which solution will meet these requirements?

A. Use a NAT gateway to manage web traffic. Use Amazon EC2 Auto Scaling groups to receive, process, and store processed customer orders. Use an AWS Lambda function to capture and store unprocessed orders.

B. Use a Network Load Balancer (NLB) to manage web traffic. Use an Application Load Balancer to receive customer orders from the NLUse Amazon Redshift with a Multi-AZ deployment to store unprocessed and processed customer orders.

C. Use a Gateway Load Balancer (GWLB) to manage web traffic. Use Amazon Elastic Container Service (Amazon ECS) to receive and process customer orders. Use the GWLB to capture and store unprocessed orders. Use Amazon DynamoDB to store processed customer orders.

D. Use an Application Load Balancer to manage web traffic. Use Amazon EC2 Auto Scaling groups to receive and process customer orders. Use Amazon Simple Queue Service (Amazon SQS) to store unprocessed orders. Use Amazon RDS with a Multi-AZ deployment to store processed customer orders.

Correct Answer: D

Question 3:

A company is deploying a new application to Amazon Elastic Kubernetes Service (Amazon EKS) with an AWS Fargate cluster. The application needs a storage solution for data persistence. The solution must be highly available and fault tolerant. The solution also must be shared between multiple application containers.

Which solution will meet these requirements with the LEAST operational overhead?

A. Create Amazon Elastic Block Store (Amazon EBS) volumes in the same Availability Zones where EKS worker nodes are placed. Register the volumes in a StorageClass object on an EKS cluster. Use EBS Multi-Attach to share the data between containers.

B. Create an Amazon Elastic File System (Amazon EFS) file system. Register the file system in a StorageClass object on an EKS cluster. Use the same file system for all containers.

C. Create an Amazon Elastic Block Store (Amazon EBS) volume. Register the volume in a StorageClass object on an EKS cluster. Use the same volume for all containers.

D. Create Amazon Elastic File System (Amazon EFS) file systems in the same Availability Zones where EKS worker nodes are placed. Register the file systems in a StorageClass object on an EKS cluster. Create an AWS Lambda function to synchronize the data between file systems.

Correct Answer: B

Question 4:

A company is deploying an application that processes large quantities of data in parallel. The company plans to use Amazon EC2 instances for the workload. The network architecture must be configurable to prevent groups of nodes from sharing the same underlying hardware.

Which networking solution meets these requirements?

A. Run the EC2 instances in a spread placement group.

B. Group the EC2 instances in separate accounts.

C. Configure the EC2 instances with dedicated tenancy.

D. Configure the EC2 instances with shared tenancy.

Correct Answer: A

Spread Placement Group strictly places a small group of instances across distinct underlying hardware to reduce correlated failures.

Question 5:

A company is using AWS Key Management Service (AWS KMS) keys to encrypt AWS Lambda environment variables. A solutions architect needs to ensure that the required permissions are in place to decrypt and use the environment variables.

Which steps must the solutions architect take to implement the correct permissions? (Choose two.)

A. Add AWS KMS permissions in the Lambda resource policy.

B. Add AWS KMS permissions in the Lambda execution role.

C. Add AWS KMS permissions in the Lambda function policy.

D. Allow the Lambda execution role in the AWS KMS key policy.

E. Allow the Lambda resource policy in the AWS KMS key policy.

Correct Answer: BD

Question 6:

A rapidly growing global ecommerce company is hosting its web application on AWS. The web application includes static content and dynamic content. The website stores online transaction processing (OLTP) data in an Amazon RDS database The website\’s users are experiencing slow page loads.

Which combination of actions should a solutions architect take to resolve this issue? (Choose two.)

A. Configure an Amazon Redshift cluster.

B. Set up an Amazon CloudFront distribution.

C. Host the dynamic web content in Amazon S3.

D. Create a read replica for the RDS DB instance.

E. Configure a Multi-AZ deployment for the RDS DB instance.

Correct Answer: BD

To resolve the issue of slow page loads for a rapidly growing e-commerce website hosted on AWS, a solutions architect can take the following two actions:

1.

Set up an Amazon CloudFront distribution

2.

Create a read replica for the RDS DB instance

Configuring an Amazon Redshift cluster is not relevant to this issue since Redshift is a data warehousing service and is typically used for the analytical processing of large amounts of data.

Hosting the dynamic web content in Amazon S3 may not necessarily improve performance since S3 is an object storage service, not a web application server. While S3 can be used to host static web content, it may not be suitable for hosting

dynamic web content since S3 doesn\’t support server-side scripting or processing.

Configuring a Multi-AZ deployment for the RDS DB instance will improve high availability but may not necessarily improve performance.

Question 7:

A company hosts its multi-tier applications on AWS. For compliance, governance, auditing, and security, the company must track configuration changes on its AWS resources and record a history of API calls made to these resources. What should a solutions architect do to meet these requirements?

A. Use AWS CloudTrail to track configuration changes and AWS Config to record API calls

B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls

C. Use AWS Config to track configuration changes and Amazon CloudWatch to record API calls

D. Use AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls

Correct Answer: B

Question 8:

A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet.

Which capability should the solutions architect use to meet the compliance requirements?

A. AWS Key Management Service (AWS KMS)

B. VPC endpoint

C. Private subnet

D. Virtual private gateway

Correct Answer: B

A VPC endpoint enables you to privately access AWS services without requiring internet gateways, NAT gateways, VPN connections, or AWS Direct Connect connections. It allows you to connect your VPC directly to supported AWS services, such as Amazon S3, over a private connection within the AWS network.

By creating a VPC endpoint for Amazon S3, the traffic between your EC2 instances and S3 will stay within the AWS network and won\’t traverse the public internet. This provides a more secure and compliant solution, as the data transfer remains within the private network boundaries.

https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints.html

Question 9:

A solutions architect observes that a nightly batch processing job is automatically scaled up for 1 hour before the desired Amazon EC2 capacity is reached. The peak capacity is the `same every night and the batch jobs always start at 1 AM. The solutions architect needs to find a cost-effective solution that will allow for the desired EC2 capacity to be reached quickly and allow the Auto Scaling group to scale down after the batch jobs are complete.

What should the solutions architect do to meet these requirements?

A. Increase the minimum capacity for the Auto Scaling group.

B. Increase the maximum capacity for the Auto Scaling group.

C. Configure scheduled scaling to scale up to the desired compute level.

D. Change the scaling policy to add more EC2 instances during each scaling operation.

Correct Answer: C

By configuring scheduled scaling, the solutions architect can set the Auto Scaling group to automatically scale up to the desired compute level at a specific time (IAM) when the batch job starts and then automatically scale down after the job is complete. This will allow the desired EC2 capacity to be reached quickly and also help in reducing the cost.

Question 10:

A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week.

What should the company do to guarantee the EC2 capacity?

A. Purchase Reserved instances that specify the Region needed

B. Create an On Demand Capacity Reservation that specifies the Region needed

C. Purchase Reserved instances that specify the Region and three Availability Zones needed

D. Create an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed

Correct Answer: D

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html

Reserve instances: You will have to pay for the whole term (1 year or 3years) which is not cost effective

Question 11:

A 4-year-old media company is using the AWS Organizations all features feature set to organize its AWS accounts. According to the company\’s finance team, the billing information on the member accounts must not be accessible to anyone, including the root user of the member accounts.

Which solution will meet these requirements?

A. Add all finance team users to an IAM group. Attach an AWS managed policy named Billing to the group.

B. Attach an identity-based policy to deny access to the billing information to all users, including the root user.

C. Create a service control policy (SCP) to deny access to the billing information. Attach the SCP to the root organizational unit (OU).

D. Convert from the Organizations all features feature set to the Organizations consolidated billing feature set.

Correct Answer: C

Service Control Policies (SCP): SCPs are an integral part of AWS Organizations and allow you to set fine-grained permissions on the organizational units (OUs) within your AWS Organization. SCPs provide central control over the maximum permissions that can be granted to member accounts, including the root user.

Denying Access to Billing Information: By creating an SCP and attaching it to the root OU, you can explicitly deny access to billing information for all accounts within the organization. SCPs can be used to restrict access to various AWS services and actions, including billing-related services.

Granular Control: SCPs enable you to define specific permissions and restrictions at the organizational unit level. By denying access to billing information at the root OU, you can ensure that no member accounts, including root users, have access to the billing information.

Question 12:

A company runs an AWS Lambda function in private subnets in a VPC. The subnets have a default route to the internet through an Amazon EC2 NAT instance. The Lambda function processes input data and saves its output as an object to

Amazon S3.

Intermittently, the Lambda function times out while trying to upload the object because of saturated traffic on the NAT instance\’s network. The company wants to access Amazon S3 without traversing the internet.

Which solution will meet these requirements?

A. Replace the EC2 NAT instance with an AWS managed NAT gateway.

B. Increase the size of the EC2 NAT instance in the VPC to a network optimized instance type.

C. Provision a gateway endpoint for Amazon S3 in the VPUpdate the route tables of the subnets accordingly.

D. Provision a transit gateway. Place transit gateway attachments in the private subnets where the Lambda function is running.

Correct Answer: C

By provisioning a gateway endpoint for Amazon S3 in the VPC, you enable the Lambda function running in the private subnets to access S3 directly without needing to go through the NAT instance or traverse the internet. This solution helps alleviate the network congestion issue and reduces latency since the traffic between Lambda and S3 stays within the AWS network. Additionally, updating the route tables of the subnets to route S3 traffic through the gateway endpoint ensures that the Lambda function can seamlessly communicate with S3 without encountering timeouts caused by network saturation on the NAT instance.

Question 13:

A global ecommerce company runs its critical workloads on AWS. The workloads use an Amazon RDS for PostgreSQL DB instance that is configured for a Multi-AZ deployment.

Customers have reported application timeouts when the company undergoes database failovers. The company needs a resilient solution to reduce failover time.

Which solution will meet these requirements?

A. Create an Amazon RDS Proxy. Assign the proxy to the DB instance.

B. Create a read replica for the DB instance. Move the read traffic to the read replica.

C. Enable Performance Insights. Monitor the CPU load to identify the timeouts.

D. Take regular automatic snapshots. Copy the automatic snapshots to multiple AWS Regions.

Correct Answer: A

Question 14:

A company has an Amazon S3 data lake. The company needs a solution that transforms the data from the data lake and loads the data into a data warehouse every day. The data warehouse must have massively parallel processing (MPP) capabilities.

Data analysts then need to create and train machine learning (ML) models by using SQL commands on the data. The solution must use serverless AWS services wherever possible.

Which solution will meet these requirements?

A. Run a daily Amazon EMR job to transform the data and load the data into Amazon Redshift. Use Amazon Redshift ML to create and train the ML models.

B. Run a daily Amazon EMR job to transform the data and load the data into Amazon Aurora Serverless. Use Amazon Aurora ML to create and train the ML models.

C. Run a daily AWS Glue job to transform the data and load the data into Amazon Redshift Serverless. Use Amazon Redshift ML to create and train the ML models.

D. Run a daily AWS Glue job to transform the data and load the data into Amazon Athena tables. Use Amazon Athena ML to create and train the ML models.

Correct Answer: C

Question 15:

A solutions architect is designing a multi-tier application for a company. The application\’s users upload images from a mobile device. The application generates a thumbnail of each image and returns a message to the user to confirm that the image was uploaded successfully.

The thumbnail generation can take up to 60 seconds, but the company wants to provide a faster response time to its users to notify them that the original image was received. The solutions architect must design the application to asynchronously dispatch requests to the different application tiers.

What should the solutions architect do to meet these requirements?

A. Write a custom AWS Lambda function to generate the thumbnail and alert the user. Use the image upload process as an event source to invoke the Lambda function.

B. Create an AWS Step Functions workflow Configure Step Functions to handle the orchestration between the application tiers and alert the user when thumbnail generation is complete

C. Create an Amazon Simple Queue Service (Amazon SQS) message queue. As images are uploaded, place a message on the SQS queue for thumbnail generation. Alert the user through an application message that the image was received

D. Create Amazon Simple Notification Service (Amazon SNS) notification topics and subscriptions Use one subscription with the application to generate the thumbnail after the image upload is complete. Use a second subscription to message the user\’s mobile app by way of a push notification after thumbnail generation is complete.

Correct Answer: C

Creating an Amazon Simple Queue Service (SQS) message queue and placing messages on the queue for thumbnail generation can help separate the image upload and thumbnail generation processes.