Free Preparation Discussions
MENU
Amazon SAA-C03 Exam Questions
- Amazon Associate Certifications
- Amazon AWS Certified Solutions Architect Associate Certifications
- Topic 1: Design Secure Architectures: This section of the exam measures skills of Cloud Security Engineers and Solutions Architects and covers the design of secure architectures on AWS. Learners explore secure access to AWS resources, secure workloads and applications, and appropriate data security controls. The content addresses access controls and management across multiple accounts, AWS federated access and identity services, VPC architectures with security components, network segmentation strategies, application security integration, data access and governance, encryption and key management, and compliance requirements. The material focuses on applying AWS security best practices, designing flexible authorization models, implementing role based access control strategies, securing network connections, encrypting data at rest and in transit, and implementing data backup and protection policies.
- Topic 2: Design Resilient Architectures: This section of the exam measures skills of Infrastructure Architects and Solutions Architects and covers the design of resilient architectures that ensure business continuity. Learners study scalable and loosely coupled architectures, highly available and fault tolerant architectures, and disaster recovery strategies. The content addresses API creation and management, caching strategies, microservices design principles, event driven architectures, horizontal and vertical scaling, load balancing concepts, serverless technologies and patterns, container orchestration, AWS global infrastructure, distributed design patterns, failover strategies, and service quotas and throttling. The material focuses on designing event driven and multi tier architectures, determining scaling strategies, achieving loose coupling, implementing automation to ensure infrastructure integrity, mitigating single points of failure, and selecting appropriate disaster recovery strategies to meet business requirements.
- Topic 3: Design High Performing Architectures: This section of the exam measures skills of Performance Engineers and Solutions Architects and covers the design of high performing architectures that meet demanding workload requirements. Learners explore high performing and scalable storage solutions, elastic compute solutions, database solutions, network architectures, and data ingestion and transformation solutions. The content addresses hybrid storage solutions, compute services with appropriate use cases, distributed computing concepts, database capacity planning and replication, caching strategies, edge networking services, network architecture design, data analytics and visualization services, data transfer services, and streaming data services. The material focuses on determining storage configurations that meet performance demands, decoupling workloads for independent scaling, selecting appropriate compute and database options, creating network topologies for various architectures, building and securing data lakes, designing data streaming architectures, and implementing visualization strategies.
- Topic 4: Design Cost Optimized Architectures: This section of the exam measures skills of Cloud Financial Analysts and Solutions Architects and covers the design of cost optimized architectures that maximize value while minimizing expenses. Learners study cost optimized storage solutions, compute solutions, database solutions, and network architectures. The content addresses AWS cost management service features and tools, storage access patterns and tiering, backup strategies, AWS purchasing options, distributed compute strategies, instance types and sizes, compute utilization optimization, scaling strategies, caching strategies, data retention policies, database capacity planning, load balancing concepts, NAT gateways, and network routing and peering. The material focuses on designing appropriate storage strategies, managing object lifecycles, determining cost effective compute and database services, selecting appropriate instance families and sizes, configuring appropriate network connections and routes, minimizing network transfer costs, and reviewing existing workloads for optimization opportunities.
Free Amazon SAA-C03 Exam Actual Questions
Note: Premium Questions for SAA-C03 were last updated On Apr. 14, 2026 (see below)
A company's HTTP application is behind a Network Load Balancer (NLB). The NLB's target group is configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web service.
The company notices that the NLB is not detecting HTTP errors for the application. These errors require a manual restart of the EC2 instances that run the web service. The company needs to improve the application's availability without writing custom scripts or code.
What should a solutions architect do to meet these requirements?
A Network Load Balancer operates at Layer 4 (TCP/UDP/TLS) and is optimized for high performance and static IP use cases. While NLB target groups can perform health checks, they are typically oriented around basic reachability and do not provide the same application-layer (Layer 7) visibility as an Application Load Balancer (ALB). The problem statement says the NLB is ''not detecting HTTP errors,'' which indicates the health signal needs to be based on an HTTP endpoint that can reflect application correctness (for example, returning specific HTTP status codes).
Replacing the NLB with an ALB enables true HTTP/HTTPS health checks against a URL path, including interpretation of HTTP response codes. This is the cleanest managed approach to detect application-layer failure modes that still allow TCP connections but produce bad HTTP responses. Once the ALB detects targets as unhealthy, the target group health status can be used by an Auto Scaling group to take action. With appropriate health check configuration (and, commonly, using ELB health checks as a signal), Auto Scaling can replace unhealthy instances automatically, improving availability without custom scripts.
Option A is misleading: NLB does not provide the same HTTP-aware request routing and rich L7 features; even if an NLB health check is configured, it does not address the broader need for application-layer detection and remediation as directly as ALB. Option B violates the ''no custom scripts'' requirement. Option D reacts to UnhealthyHostCount, but if the NLB isn't marking hosts unhealthy for HTTP error cases, the metric won't reliably trigger replacement; it also still depends on the NLB's limited visibility into HTTP failures.
Therefore, C best meets the requirement by shifting to ALB for application-layer health checks and using Auto Scaling to replace unhealthy instances automatically.
A company needs to store confidential files on AWS. The company accesses the files every week. The company must encrypt the files by using envelope encryption, and the encryption keys must be rotated automatically. The company must have an audit trail to monitor encryption key usage.
Which combination of solutions will meet these requirements? (Select TWO.)
Amazon S3 is suitable for storing data that needs to be accessed weekly and integrates with AWS Key Management Service (KMS) to provide encryption at rest with server-side encryption using KMS-managed keys (SSE-KMS).
SSE-KMS uses envelope encryption and allows automatic key rotation and logging through AWS CloudTrail, satisfying the requirements for audit trails and compliance.
S3 Glacier Deep Archive is unsuitable due to its high retrieval latency. SSE-C requires customer-side management of encryption keys, with no support for automatic rotation or audit. SSE-S3 does not use customer-managed keys and lacks fine-grained control and auditing.
A company has a web application that uses several web servers that run on Amazon EC2 instances. The instances use a shared Amazon RDS for MySQL database.
The company requires a secure method to store database credentials. The credentials must be automatically rotated every 30 days without affecting application availability.
Which solution will meet these requirements?
AWS Secrets Manager is a fully managed service specifically designed to securely store and automatically rotate database credentials, API keys, and other secrets. Secrets Manager provides built-in integration with Amazon RDS for automatic credential rotation on a configurable schedule without requiring downtime. It also manages the secure distribution of the credentials to authorized services, such as your web servers, using IAM policies. Manual solutions (S3, files, cron jobs) do not provide the same level of automation, audit, or security.
Reference Extract from AWS Documentation / Study Guide:
'AWS Secrets Manager enables you to rotate, manage, and retrieve database credentials securely. It supports automatic rotation of secrets for supported AWS databases without requiring application downtime.'
Source: AWS Certified Solutions Architect -- Official Study Guide, Security and Secrets Management section.
A company runs an internet-facing web application on AWS and uses Amazon Route 53 with a public hosted zone.
The company wants to log DNS response codes to support future root cause analysis.
Which solution will meet these requirements?
To capture DNS query and response data, including response codes, Amazon Route 53 provides query logging, which is the most precise and AWS-supported solution for this requirement.
Option A enables Route 53 query logging, which records detailed information about DNS queries, such as the queried domain, record type, source IP, and DNS response code. These logs are delivered to Amazon CloudWatch Logs, where administrators can search, analyze, and retain them for forensic investigation and root cause analysis.
Option B is incorrect because AWS CloudTrail records API calls to AWS services, not DNS query traffic. Option C provides aggregated metrics (such as query counts and health checks) but does not include per-query response codes. Option D offers best-practice recommendations but does not collect or analyze DNS query data.
Therefore, A is the correct solution because Route 53 query logging provides the detailed, low-level DNS visibility required for troubleshooting and operational analysis.
A company is designing an application on AWS that provides real-time dashboards. The dashboard data comes from on-premises databases that use a variety of schemas and formats. The company needs a solution to transfer and transform the data to AWS with minimal latency.
Which solution will meet these requirements?
Amazon MSK is a fully managed, highly available Apache Kafka service for streaming data with low latency. Kafka Connect and stream processors enable ingest from heterogeneous sources and perform in-stream transformation before delivery to consumers (e.g., the dashboard service). This satisfies real-time updates from diverse schemas and formats. Kinesis alternatives could work, but among the given choices, MSK is the only streaming option designed for sub-second, continuous pipelines. Kinesis Data Firehose (B) buffers and batches data to S3 and is optimized for delivery to storage, not low-latency dashboards. AWS DMS schema conversion (C) focuses on database migration, not ongoing real-time, multi-format streaming for dashboards. AWS DataSync (D) is for file/object transfer, not database change streams. Hence, MSK best meets minimal-latency, transform-in-flight needs with managed operations.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Lindsey
2 days agoJannette
10 days agoAron
17 days agoAmmie
24 days agoGwen
1 month agoKeneth
1 month agoJunita
2 months agoFranklyn
2 months agoJanet
2 months agoSylvie
2 months agoTeri
3 months agoCordelia
3 months agoBelen
3 months agoEleonore
3 months agoNoel
4 months agoClement
4 months agoIra
4 months agoTayna
4 months agoCharlene
5 months agoJohna
5 months agoBelen
5 months agoHuey
5 months agoTrinidad
6 months agoJuliann
6 months agoErnest
6 months agoRoyce
6 months agoYoko
7 months agoKris
7 months agoAlishia
7 months agoMiesha
7 months agoBarb
9 months agoGussie
10 months agoEna
12 months agoBlondell
1 year agoGilbert
1 year agoPearlene
1 year agoJosue
1 year agoNakita
1 year agoLaurena
1 year agoVirgie
1 year agoRenea
1 year agoFloyd
1 year agoHan
1 year agoNarcisa
1 year agoJerry
1 year agoParis
2 years agoLamonica
2 years agoBette
2 years agoRoxane
2 years agoJesus
2 years agoJustine
2 years agoWilliam
2 years agoAbraham
2 years agoCyril
2 years agoSharee
2 years agoBrandon
2 years agoYuette
2 years agoPrecious
2 years agoAlease
2 years agoSimona
2 years agoRose
2 years agoCecilia
2 years ago