AWS Certified Solutions Architect Associate Practice Test (SAA-C03)

AWS Snowball Edge Storage Optimized is designed for transferring large amounts of data (up to petabytes) to AWS efficiently and securely. By physically shipping the Snowball Edge device to AWS, the company can avoid the limitations and costs associated with network bandwidth. AWS DataSync can transfer data over the Internet or via dedicated network, but moving 100 TB may be slower and incur higher network costs. AWS Storage Gateway enables hybrid storage integration but is not intended for one-time, bulk data migrations. AWS Direct Connect provides a dedicated network connection, but setting it up can be time-consuming and costly for a one-time transfer.

Amazon S3 Glacier is designed for long-term backup and archival storage with infrequent access patterns. It provides cost-efficient storage pricing and is most closely aligned with the requirement for storing backups and archival data that are infrequently accessed. Amazon EBS volumes are suited for block-level storage and are not optimized for infrequent access or archival purposes. Amazon EFS provides file storage solutions that can scale automatically, but it is more expensive than Amazon S3 Glacier for archival use cases. Amazon S3 Standard offers high durability, availability, and performance object storage for frequently accessed data, making it less cost-effective for archival storage when compared to Glacier.

The service that enables logging of account actions and automatic detection of top-level user API activity is the correct answer, which is Amazon CloudTrail. It records events that are made within an account and can be set up to generate alerts when specific activities, including those by the top-level account user, are detected. The service known for configuration tracking is not suitable for monitoring account activities directly. The service responsible for identity management does not offer automated detection or alerting for specific user actions. The service focused on threat detection primarily monitors for unusual activity but is not specifically designed for tracking the usages of top-level user credentials.

Extending the Auto Scaling group to span two or more Availability Zones within the same AWS Region keeps at least one healthy instance available if a zone fails. The ALB automatically routes traffic only to healthy AZs, and the Auto Scaling group launches replacement instances in the remaining zones, providing seamless failover with no manual intervention.

Backup and Restore and Pilot Light are cross-Region strategies; both need time to restore or scale infrastructure, resulting in higher recovery-time objectives for an AZ-level event.

An Active-Active deployment across two cloud providers can also achieve high availability, but it is significantly more complex and costly than required for protection against a single-AZ outage. AWS's own guidance recommends starting with Multi-AZ high availability before adopting multi-provider or multi-Region Active-Active designs.

An Application Load Balancer operates at the application layer (Layer 7 of the OSI model) and can direct traffic based on the content of the HTTP/HTTPS request, such as the URL path. This makes it suitable for routing client requests to different targets based on URL paths. It also supports distribution of traffic across multiple Availability Zones, ensuring high availability and scalability. Network Load Balancers make routing decisions based on network protocol data, which does not allow for routing based on URL paths. Gateway Load Balancers operate at the network layer (Layer 3 of the OSI model) and are designed for deploying, scaling, and managing virtual appliances such as firewalls, not for content-based routing. Classic Load Balancers provide basic load balancing across instances but lack advanced request routing capabilities based on URL paths that the Application Load Balancer offers.

Publishing order events to an Amazon SNS topic and subscribing a separate AWS Lambda function for each downstream microservice provides high-throughput fan-out, loose coupling, and serverless compute with almost no infrastructure to manage. The REST-endpoint option is tightly coupled and synchronous; the single SQS queue with one Lambda function introduces a bottleneck and additional logic; and the scheduled EventBridge query of a DynamoDB table is inefficient and not event-driven.

Deploying resources in the AWS Region that is physically located inside Country X keeps customer data within national borders by default. All Availability Zones in a Region reside in the same country, and AWS systems are designed so that customer data does not leave the Region unless the customer enables cross-Region features (for example, S3 cross-Region replication). Choosing this Region therefore meets the residency mandate with minimal extra controls.

Using CloudFront edge locations does not control where the origin data is stored. Selecting a Region in a neighboring country clearly violates the residency requirement. AWS Global Accelerator optimizes traffic routing but cannot guarantee that data is stored only inside Country X.

Amazon EC2 Spot Instances offer the most cost-effective approach to utilizing a significant amount of compute power for tasks that can be interrupted and have flexible start and end times, such as batch processing jobs or background tasks. Given that the company's workload is periodic and occurs at well-defined times, with an ability to handle interruptions (resumption of simulations), Spot Instances provide the required compute capacity at lower costs than On-Demand or Reserved Instances. EC2 Dedicated Hosts are more targeted towards licensing requirements and consistent performance, and T3 instances, while providing burstable performance, may not offer consistent high performance throughout the simulation period, making both of these options less aligned with the company's combination of a high-compute, cost-effective, and periodic processing routine.

AWS PrivateLink establishes private connections between the internal network of the cloud environment and specific services or applications. This is cost-effective because it keeps the data within the Amazon network, avoiding the public internet which can incur additional costs. Although AWS Direct Connect helps reduce costs for on-premises to cloud data transfer, it's not the primary service for connecting to individual applications within the cloud environment. VPC Peering is used for interconnecting networks, but does not address application-specific routing needs. Internet Gateways and NAT Gateways facilitate public internet access and are contrary to the purpose of minimizing costs through avoidance of public routes.

General Purpose SSD (gp3) volumes strike the right balance of price and performance for most transactional or interactive workloads. They deliver single-digit-millisecond latency, include 3,000 baseline IOPS at no extra charge, and let you scale IOPS and throughput independently-making them cost-efficient for workloads with frequent random reads. Provisioned IOPS SSD (io1/io2) can achieve higher performance but at a higher cost per GiB and per provisioned IOPS. Throughput Optimized HDD (st1) and Cold HDD (sc1) are HDD-backed; they emphasize sequential throughput, not random I/O, and have higher latency, so they do not meet the application's low-latency requirement.

Amazon Elastic File System (Amazon EFS) is the most appropriate storage service for this scenario. EFS provides a scalable, fully managed Network File System (NFS) for use with AWS Cloud services and on-premises resources. It supports standard file system semantics such as file locking and hierarchical directories, which are essential for applications that require shared file storage. EFS is designed for low-latency access to data and scales automatically as files are added and removed, making it both scalable and cost-effective. Amazon Simple Storage Service (Amazon S3) is object storage and does not support file system semantics like file locking or hierarchical directories. Amazon Elastic Block Store (Amazon EBS) provides block storage for EC2 instances and does not offer shared storage across multiple instances unless using EBS Multi-Attach, which has limitations and may not suit shared file system needs. Amazon S3 Glacier is intended for archival storage and is not suitable for frequently accessed data requiring low-latency access.

Using a microservices architecture where services communicate via Amazon Simple Queue Service (Amazon SQS) allows each component to function independently. This approach enhances scalability since each service can scale separately to handle load and ensures that if one component fails, it doesn't directly affect the overall architecture. Monolithic architectures, even when using Amazon EC2 Auto Scaling, are less flexible and can become bottlenecks. Deploying on a single large EC2 instance introduces a single point of failure, hence, lacks both scalability and fault tolerance. A tightly coupled multi-tier architecture increases the risk that a failure in one service will impact others due to direct dependencies.

Security Groups in AWS are used to control inbound and outbound traffic at the instance level within an Amazon VPC. They act as a virtual firewall for EC2 instances to regulate traffic. Network ACLs, on the other hand, are used at the subnet level and not primarily for individual instances. Route tables are used to control the routing of traffic between subnets and the Internet, but do not directly control traffic at the instance level. Amazon GuardDuty is a threat detection service, not a traffic control mechanism.

AWS Budgets lets you create custom monthly (or other period) budgets, tracks both actual and forecasted costs, and sends notifications via email or Amazon SNS when a threshold is reached or forecasted to be exceeded. Cost Explorer is primarily for interactive visualization, the Cost and Usage Report provides raw data files, and AWS Compute Optimizer gives resource-rightsizing recommendations-none of these services let you set automatic budget alerts.

Using Amazon Elastic File System (Amazon EFS) with storage auto scaling enabled allows the file system to automatically adjust its capacity as data grows or shrinks. This provides seamless scalability without manual intervention and is cost-effective since the company only pays for the storage used. Manually increasing Amazon Elastic Block Store (Amazon EBS) volumes requires ongoing management and does not support concurrent access from multiple EC2 instances as effectively as Amazon EFS. AWS Storage Gateway is intended for hybrid storage scenarios where on-premises applications can seamlessly use Cloud storage. While it is possible to deploy Storage Gateway appliance in EC2 instances, building a shared file system on top of Amazon storage, this architecture is complex and way costly and have no additional benefits as compared to using Amazon EFS for the same use case.
Instance store volumes are ephemeral and not suitable for persistent storage needs.