AWS Certified Solutions Architect Associate Practice Test (SAA-C03)

Amazon EC2 Spot Instances provide the most cost savings for workloads that can tolerate interruptions, offering up to a 90% discount compared to On-Demand pricing. Spot Instances are ideal for workloads with flexible start and end times, such as the client's batch processing tasks that are not time-sensitive. Reserved Instances would not provide as much cost savings and are typically used for steady-state, uninterrupted workloads. Savings Plans offer discounts but require a commitment to a consistent amount of usage (e.g., compute power or instance families) for 1 or 3 years, which may not align with the client's intermittent batches. On-Demand Instances are the most expensive option and are best suited for short-term, irregular, or unpredictable workloads that cannot tolerate interruptions.

Amazon Glacier is the correct service for archiving large sets of infrequently accessed data due to its low cost and reliable long-term storage capabilities. Glacier is designed for data archiving, offering options that balance retrieval times with cost. Amazon S3 Standard is not the best choice for archival purposes because it is designed for frequently accessed data and comes at a higher cost. Amazon EFS and Amazon EBS are file and block storage services designed for active workloads, not for low-cost, infrequently accessed long-term data storage.

The service that manages customer encryption keys offers the capability to automate the rotation of the underlying encryption material used by a managed key, usually on an annual basis. This automation ensures that the material is updated regularly without the need to change the key identifier or associated metadata, thus adhering to strict security protocols. The operation does not demand manual intervention, nor does it rely on a reactive approach to potential key compromises. Moreover, a fixed five-year rotation period is not a feature currently supported by the service provider.

Amazon S3 Glacier Instant Retrieval is designed for data that is infrequently accessed but requires millisecond retrieval. It offers the lowest storage cost for such data while providing immediate access when needed. Although Amazon S3 Standard-Infrequent Access also provides millisecond retrieval, it has a higher storage cost compared to S3 Glacier Instant Retrieval. Amazon S3 Glacier Deep Archive is more cost-effective in terms of storage cost but does not support millisecond retrieval, as retrieval times can take up to 12 hours. Amazon S3 Standard is intended for frequently accessed data and is more expensive for infrequent access patterns.

Auto Scaling policies should not rely solely on CPU utilization for all workloads because different applications may experience bottlenecks in areas other than CPU usage, such as memory, disk I/O, or network throughput. Depending on the specific workload, it may be necessary to configure Auto Scaling to respond to other performance metrics or a combination of metrics to efficiently handle load variations. For instance, a memory-intensive application might require scaling actions based on memory usage rather than CPU utilization. A well-designed scaling strategy takes into account the unique characteristics of the application workload.

The correct service for ensuring ordered message processing and reliable delivery between decoupled components is a managed message queuing service that offers FIFO capabilities. FIFO queues ensure that messages are processed in the exact order they are received, which is crucial for maintaining accurate inventory counts. A publish/subscribe service would not provide the required ordering guarantees for this scenario. Workflow orchestration services offer task coordination but do not inherently queue messages. A serverless compute service running code in response to events is not a messaging queue system and does not guarantee message ordering.

Amazon Simple Notification Service (SNS) is designed for sending messages to multiple subscribers simultaneously using the publish/subscribe messaging model. It allows a publisher to send messages to a topic, which then delivers the messages to all subscribed endpoints. Amazon SQS (Simple Queue Service) is intended for point-to-point messaging, where each message is consumed by a single consumer, making it less suitable for broadcasting messages to multiple recipients. AWS Step Functions orchestrates workflows, and Amazon Kinesis Data Streams is used for real-time data streaming and processing.

AWS Key Management Service (KMS) provides control over the encryption keys, including key creation, rotation, and usage policies. It supports key rotation, enabling the organization to adhere to security best practices. Using KMS customer managed keys (CMKs), the organization can define rotation policies including automatic rotation of the keys every year. S3 supports server-side encryption with KMS-managed keys (SSE-KMS) for encrypting data at rest. AWS CloudHSM does provide control over encryption keys but typically is used when organizations require dedicated hardware security modules within their AWS environment. Amazon Macie is a data security service focused on data discovery and protection rather than key management. While AWS Certificate Manager manages SSL/TLS certificates, it does not manage keys for data at rest encryption.

Amazon DynamoDB is the optimal solution for this use case as it provides a NoSQL database with the ability to scale automatically to accommodate high ingest rates of transaction records. It is designed for applications that require consistent, single-digit millisecond latency for any scale. Additionally, DynamoDB offers strong consistency, ensuring that after a write, any subsequent read will reflect the change. In contrast, RDS is better suited for structured data requiring relational capabilities, Neptune is tailored for graph database use cases, and DocumentDB is optimized for JSON document storage which, while capable of handling key-value pairs, is not as cost-effective or performant for this specific scenario as DynamoDB.

Amazon EFS is the correct choice because it is a managed file storage service that can be shared between multiple EC2 instances and supports the NFS protocol, which is required by the application. This makes it ideal for concurrent access to shared file systems. Amazon S3, while highly durable and suited for object storage, does not support the NFS protocol natively and would require additional steps to mount as a file system, making it less appropriate for this use case. Amazon EBS is block storage which does not support file-sharing capabilities and typically can be mounted to a single instance. Amazon FSx for Windows File Server provides fully managed file storage but uses the SMB protocol, which is not compatible with the requirement for NFS.

A dedicated, private network connection service offered by the cloud provider is the correct choice as it provides a reliable and low-latency connection compared to internet-based options. A site-to-site VPN relies on the public internet and may not meet the performance and reliability requirements. A content delivery network (CDN) is designed to cache content closer to users, not to establish dedicated connections. A global DNS service is used for routing traffic efficiently but does not provide a private network connection.

File gateway mode of a certain hybrid storage service provides a seamless way to integrate on-premises file systems with cloud storage like Amazon S3, ensuring low-latency access via local caching. It also offers automatic tiering capabilities to transition data to cost-saving storage classes after set periods of inactivity. This makes it a suitable solution for the financial institution's requirements. The alternatives mentioned do not offer the same combined functionality regarding local caching, seamless integration with cloud storage, and automatic tiering based on inactivity, thus, they would not present the most efficient solution for the given scenario.

Using AWS Lambda for the transaction processing feature is most suitable as it allows the company to run code in response to triggers such as user actions or system events without the need for provisioning or managing servers. Lambda is capable of automatically scaling the execution in response to incoming requests, and charges are only incurred for the compute time consumed, which directly aligns with the startup's variable workload and desire for cost alignment with usage. This option also satisfies their preference for minimal infrastructure management.

An Amazon EC2 Auto Scaling group with a target tracking scaling policy is the best solution for the described use case as it allows automatic adjustment of the number of EC2 instances in response to the load on the application. Target tracking scaling policies adjust the capacity to maintain a specific target for a selected metric such as average CPU utilization or number of requests per target. This is suitable for handling unpredictable, spikey traffic because it provides elasticity by automatically increasing or decreasing the number of EC2 instances as required to meet the target. The other options, such as fixed-size EC2 groups or an Application Load Balancer without Auto Scaling, do not offer the same level of elasticity and cannot automatically adjust the compute capacity in response to varying loads.

The correct service to use in this case is AWS Cost Explorer because it allows users to create detailed and customizable reports that include both historical and forecasted data regarding cloud expenses. It can help the financial team understand future costs associated with new and existing cloud resources. While AWS Budgets assists in setting budget thresholds and alerts, it doesn't offer predictive reporting features. AWS Cost and Usage Report delivers comprehensive usage and cost data but lacks forecasting capabilities. Lastly, the AWS Pricing Calculator is designed to estimate costs prior to committing to services and does not produce past usage reports or future spend predictions.