Free Preparation Discussions
MENU
Amazon SAA-C03 Exam Questions
- Amazon Associate Certifications
- Amazon AWS Certified Solutions Architect Associate Certifications
- Topic 1: Design Secure Architectures: This section of the exam measures skills of Cloud Security Engineers and Solutions Architects and covers the design of secure architectures on AWS. Learners explore secure access to AWS resources, secure workloads and applications, and appropriate data security controls. The content addresses access controls and management across multiple accounts, AWS federated access and identity services, VPC architectures with security components, network segmentation strategies, application security integration, data access and governance, encryption and key management, and compliance requirements. The material focuses on applying AWS security best practices, designing flexible authorization models, implementing role based access control strategies, securing network connections, encrypting data at rest and in transit, and implementing data backup and protection policies.
- Topic 2: Design Resilient Architectures: This section of the exam measures skills of Infrastructure Architects and Solutions Architects and covers the design of resilient architectures that ensure business continuity. Learners study scalable and loosely coupled architectures, highly available and fault tolerant architectures, and disaster recovery strategies. The content addresses API creation and management, caching strategies, microservices design principles, event driven architectures, horizontal and vertical scaling, load balancing concepts, serverless technologies and patterns, container orchestration, AWS global infrastructure, distributed design patterns, failover strategies, and service quotas and throttling. The material focuses on designing event driven and multi tier architectures, determining scaling strategies, achieving loose coupling, implementing automation to ensure infrastructure integrity, mitigating single points of failure, and selecting appropriate disaster recovery strategies to meet business requirements.
- Topic 3: Design High Performing Architectures: This section of the exam measures skills of Performance Engineers and Solutions Architects and covers the design of high performing architectures that meet demanding workload requirements. Learners explore high performing and scalable storage solutions, elastic compute solutions, database solutions, network architectures, and data ingestion and transformation solutions. The content addresses hybrid storage solutions, compute services with appropriate use cases, distributed computing concepts, database capacity planning and replication, caching strategies, edge networking services, network architecture design, data analytics and visualization services, data transfer services, and streaming data services. The material focuses on determining storage configurations that meet performance demands, decoupling workloads for independent scaling, selecting appropriate compute and database options, creating network topologies for various architectures, building and securing data lakes, designing data streaming architectures, and implementing visualization strategies.
- Topic 4: Design Cost Optimized Architectures: This section of the exam measures skills of Cloud Financial Analysts and Solutions Architects and covers the design of cost optimized architectures that maximize value while minimizing expenses. Learners study cost optimized storage solutions, compute solutions, database solutions, and network architectures. The content addresses AWS cost management service features and tools, storage access patterns and tiering, backup strategies, AWS purchasing options, distributed compute strategies, instance types and sizes, compute utilization optimization, scaling strategies, caching strategies, data retention policies, database capacity planning, load balancing concepts, NAT gateways, and network routing and peering. The material focuses on designing appropriate storage strategies, managing object lifecycles, determining cost effective compute and database services, selecting appropriate instance families and sizes, configuring appropriate network connections and routes, minimizing network transfer costs, and reviewing existing workloads for optimization opportunities.
Free Amazon SAA-C03 Exam Actual Questions
Note: Premium Questions for SAA-C03 were last updated On Apr. 30, 2026 (see below)
A news company that has reporters all over the world is hosting its broadcast system on AWS. The reporters send live broadcasts to the broadcast system. The reporters use software on their phones to send live streams through the Real Time Messaging Protocol (RTMP).
A solutions architect must design a solution that gives the reporters the ability to send the highest quality streams The solution must provide accelerated TCP connections back to the broadcast system.
What should the solutions architect use to meet these requirements?
AWS Global Accelerator: This service provides a global fixed entry point to your applications and optimizes the path to your application through the AWS global network, reducing latency and improving performance.
Accelerated TCP Connections:
Global Accelerator uses the AWS global network to route traffic to the nearest edge location, improving the performance and reliability of your live streams.
It provides static IP addresses that act as a fixed entry point to your application, simplifying DNS management.
High-Quality Streams:
By leveraging Global Accelerator, reporters can send live streams with the highest quality and low latency.
This service automatically reroutes traffic to the nearest available AWS Region, ensuring consistent performance even during traffic spikes or failures.
Operational Efficiency: Using Global Accelerator simplifies the network setup and provides an optimized path for live streams without the need for complex configurations, making it an efficient solution for real-time streaming applications.
AWS Global Accelerator
How Global Accelerator Works
A company's HTTP application is behind a Network Load Balancer (NLB). The NLB's target group is configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web service.
The company notices that the NLB is not detecting HTTP errors for the application. These errors require a manual restart of the EC2 instances that run the web service. The company needs to improve the application's availability without writing custom scripts or code.
What should a solutions architect do to meet these requirements?
A Network Load Balancer operates at Layer 4 (TCP/UDP/TLS) and is optimized for high performance and static IP use cases. While NLB target groups can perform health checks, they are typically oriented around basic reachability and do not provide the same application-layer (Layer 7) visibility as an Application Load Balancer (ALB). The problem statement says the NLB is ''not detecting HTTP errors,'' which indicates the health signal needs to be based on an HTTP endpoint that can reflect application correctness (for example, returning specific HTTP status codes).
Replacing the NLB with an ALB enables true HTTP/HTTPS health checks against a URL path, including interpretation of HTTP response codes. This is the cleanest managed approach to detect application-layer failure modes that still allow TCP connections but produce bad HTTP responses. Once the ALB detects targets as unhealthy, the target group health status can be used by an Auto Scaling group to take action. With appropriate health check configuration (and, commonly, using ELB health checks as a signal), Auto Scaling can replace unhealthy instances automatically, improving availability without custom scripts.
Option A is misleading: NLB does not provide the same HTTP-aware request routing and rich L7 features; even if an NLB health check is configured, it does not address the broader need for application-layer detection and remediation as directly as ALB. Option B violates the ''no custom scripts'' requirement. Option D reacts to UnhealthyHostCount, but if the NLB isn't marking hosts unhealthy for HTTP error cases, the metric won't reliably trigger replacement; it also still depends on the NLB's limited visibility into HTTP failures.
Therefore, C best meets the requirement by shifting to ALB for application-layer health checks and using Auto Scaling to replace unhealthy instances automatically.
A company needs to store confidential files on AWS. The company accesses the files every week. The company must encrypt the files by using envelope encryption, and the encryption keys must be rotated automatically. The company must have an audit trail to monitor encryption key usage.
Which combination of solutions will meet these requirements? (Select TWO.)
Amazon S3 is suitable for storing data that needs to be accessed weekly and integrates with AWS Key Management Service (KMS) to provide encryption at rest with server-side encryption using KMS-managed keys (SSE-KMS).
SSE-KMS uses envelope encryption and allows automatic key rotation and logging through AWS CloudTrail, satisfying the requirements for audit trails and compliance.
S3 Glacier Deep Archive is unsuitable due to its high retrieval latency. SSE-C requires customer-side management of encryption keys, with no support for automatic rotation or audit. SSE-S3 does not use customer-managed keys and lacks fine-grained control and auditing.
A company has a web application that uses several web servers that run on Amazon EC2 instances. The instances use a shared Amazon RDS for MySQL database.
The company requires a secure method to store database credentials. The credentials must be automatically rotated every 30 days without affecting application availability.
Which solution will meet these requirements?
AWS Secrets Manager is a fully managed service specifically designed to securely store and automatically rotate database credentials, API keys, and other secrets. Secrets Manager provides built-in integration with Amazon RDS for automatic credential rotation on a configurable schedule without requiring downtime. It also manages the secure distribution of the credentials to authorized services, such as your web servers, using IAM policies. Manual solutions (S3, files, cron jobs) do not provide the same level of automation, audit, or security.
Reference Extract from AWS Documentation / Study Guide:
'AWS Secrets Manager enables you to rotate, manage, and retrieve database credentials securely. It supports automatic rotation of secrets for supported AWS databases without requiring application downtime.'
Source: AWS Certified Solutions Architect -- Official Study Guide, Security and Secrets Management section.
A company runs an internet-facing web application on AWS and uses Amazon Route 53 with a public hosted zone.
The company wants to log DNS response codes to support future root cause analysis.
Which solution will meet these requirements?
To capture DNS query and response data, including response codes, Amazon Route 53 provides query logging, which is the most precise and AWS-supported solution for this requirement.
Option A enables Route 53 query logging, which records detailed information about DNS queries, such as the queried domain, record type, source IP, and DNS response code. These logs are delivered to Amazon CloudWatch Logs, where administrators can search, analyze, and retain them for forensic investigation and root cause analysis.
Option B is incorrect because AWS CloudTrail records API calls to AWS services, not DNS query traffic. Option C provides aggregated metrics (such as query counts and health checks) but does not include per-query response codes. Option D offers best-practice recommendations but does not collect or analyze DNS query data.
Therefore, A is the correct solution because Route 53 query logging provides the detailed, low-level DNS visibility required for troubleshooting and operational analysis.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Richard Robinson
4 days agoCrystal Stewart
10 days agoDorothy Flores
15 days agoEmily Morgan
6 days agoKimberly Young
5 days agoSandra Green
13 days agoSharon Phillips
5 hours agoLindsey
1 month agoJannette
1 month agoAron
2 months agoAmmie
2 months agoGwen
2 months agoKeneth
2 months agoJunita
3 months agoFranklyn
3 months agoJanet
3 months agoSylvie
3 months agoTeri
4 months agoCordelia
4 months agoBelen
4 months agoEleonore
4 months agoNoel
5 months agoClement
5 months agoIra
5 months agoTayna
5 months agoCharlene
6 months agoJohna
6 months agoBelen
6 months agoHuey
6 months agoTrinidad
7 months agoJuliann
7 months agoErnest
7 months agoRoyce
7 months agoYoko
8 months agoKris
8 months agoAlishia
8 months agoMiesha
8 months agoBarb
10 months agoGussie
11 months agoEna
1 year agoBlondell
1 year agoGilbert
1 year agoPearlene
1 year agoJosue
1 year agoNakita
1 year agoLaurena
1 year agoVirgie
1 year agoRenea
1 year agoFloyd
1 year agoHan
2 years agoNarcisa
2 years agoJerry
2 years agoParis
2 years agoLamonica
2 years agoBette
2 years agoRoxane
2 years agoJesus
2 years agoJustine
2 years agoWilliam
2 years agoAbraham
2 years agoCyril
2 years agoSharee
2 years agoBrandon
2 years agoYuette
2 years agoPrecious
2 years agoAlease
2 years agoSimona
2 years agoRose
2 years agoCecilia
2 years ago