SAA-C03 Exam Dumps - AWS Certified Solutions Architect - Associate (SAA-C03)

DynamoDB Global Tables provide a fully managed, multi-region, and multi-master database solution that allows you to deploy DynamoDB tables in multiple AWS Regions. This ensures high availability and resiliency across different geographical locations, providing a seamless gaming experience for users. Using provisioned capacity mode with auto-scaling ensures cost-efficiency by scaling up or down based on actual demand.

Option A: While on-demand capacity mode is flexible, provisioned capacity with auto-scaling is more cost-effective for predictable workloads.

Option B (DAX): DAX improves read performance, but it doesn't provide the multi-region replication needed for high availability and resiliency.

Option C: DynamoDB Streams with manual cross-region replication adds more complexity and operational overhead compared to Global Tables.

AWS References:

DynamoDB Global Tables

Edge-optimized API endpoints route requests through CloudFront, reducing latency for global users.

Option A correctly implements edge-optimization, caching, and compression to minimize latency.

Options B and D do not use edge optimization, leading to higher latency for global users.

Reserved concurrency in Options C and D improves backend scaling but does not address global latency directly.

Setting the RDS backup retention policy to 30 days for automated backups through AWS Backup allows the company to retain backups cost-effectively. Manual backups, however, are not automatically managed by RDS's retention policy, so they need to be manually deleted if they are older than 30 days to avoid unnecessary storage costs.

Key AWS features:

Automated Backups: Can be configured with a retention policy of up to 35 days, ensuring that older automated backups are deleted automatically.

Manual Backups: These are not subject to the automated retention policy and must be manually managed to avoid extra costs.

AWS Documentation: AWS recommends using backup retention policies for automated backups while manually managing manual backups​.

Key Requirements:

Serverless architecture.

Handle traffic bursts with high availability.

Process orders asynchronously in the order they are received.

Analysis of Options:

Option A: Amazon SNS delivers messages to subscribers. However, SNS does not ensure ordering, making it unsuitable for FIFO (First In, First Out) requirements.

Option B: Amazon SQS FIFO queues support ordering and ensure messages are delivered exactly once. AWS Lambda functions can be triggered by SQS to process messages asynchronously and efficiently. This satisfies all requirements.

Option C: Amazon SQS standard queues do not guarantee message order and have "at-least-once" delivery, making them unsuitable for the FIFO requirement.

Option D: Similar to Option A, SNS does not ensure message ordering, and using AWS Batch adds complexity without directly addressing the requirements.

AWS References:

Amazon SQS FIFO Queues

AWS Lambda and SQS Integration

Option A is the most automated and cost-efficient solution for exporting data to S3 for analytics.

Option B involves manual setup of Streams to S3.

Options C and D introduce complexity with EMR.

This option is the most efficient because it uses AWS Key Management Service (AWS KMS), which is a service that makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and with your applications running on AWS1. It also uses AWS KMS to encrypt the EBS volumes and Aurora database storage at rest, which provides data protection by encrypting your data with encryption keys that you manage23. It also uses AWS Certificate Manager (ACM), which is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. It also attaches an ACM certificate to the ALB to encrypt data in transit, which provides data protection by enabling SSL/TLS encryption for connections between clients and the load balancer. This solution meets the requirement of encrypting all data for the application at rest and in transit. Option A is less efficient because it uses AWS KMS certificates on the ALB to encrypt data in transit, which is not possible as AWS KMS does not provide certificates but only keys. It also uses AWS Certificate Manager (ACM) to encrypt the EBS volumes and Aurora database storage at rest, which is not possible as ACM does not provide encryption but only certificates. Option B is less efficient because it uses the AWS root account to log in to the AWS Management Console, which is not recommended as it has unrestricted access to all resources in your account. It also uploads the company’s encryption certificates, which is not necessary as ACM can provide certificates for free. It also selects the option to turn on encryption for all data at rest and in transit for the account, which is not possible as encryption settings are specific to each service and resource. Option D is less efficient because it uses BitLocker to encrypt all data at rest, which is a Windows feature that provides encryption for volumes on Windows servers. However, this does not provide encryption for Aurora database storage at rest, as Aurora runs on Linux servers. It also imports the company’s TLS certificate keys to AWS KMS, which is not necessary as ACM can provide certificates for free. It also attaches the KMS keys to the ALB to encrypt data in transit, which is not possible as ALB requires certificates and not keys.

To grant the necessary permissions to an AWS Lambda function to upload files to Amazon S3, a solutions architect should create an IAM execution role with the required permissions and attach the IAM role to the Lambda function. This approach follows the principle of least privilege and ensures that the Lambda function can only access the resources it needs to perform its specific task.

Point-in-time recovery (PITR) for DynamoDB is a feature that enables you to restore your table data to any point in time during the last 35 days. PITR helps protect your table from accidental write or delete operations, such as a test script writing to a production table or a user issuing a wrong command. PITR is easy to use, fully managed, fast, and scalable. You can enable PITR with a single click in the DynamoDB console or with a simple API call. You can restore a table to a new table using the console, the AWS CLI, or the DynamoDB API. PITR does not consume any provisioned table capacity and has no impact on the performance or availability of your production applications. PITR meets the requirements of the company with the least operational overhead, as it does not require any manual backup creation, scheduling, or maintenance. It also provides per-second granularity for restoring the table to any point within the last 24 hours.

References:

Point-in-time recovery for DynamoDB - Amazon DynamoDB

Amazon DynamoDB point-in-time recovery (PITR)

Enable Point-in-Time Recovery (PITR) for Dynamodb global tables

Restoring a DynamoDB table to a point in time - Amazon DynamoDB

Point-in-time recovery: How it works - Amazon DynamoDB