1. Home
  2. Amazon
  3. SAA-C03

Amazon SAA-C03 Online Practice Questions and Exam Preparation

SAA-C03 Exam Details

  • Exam Code
    :SAA-C03
  • Exam Name
    :AWS Certified Solutions Architect - Associate (SAA-C03)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :1524 Q&As
  • Last Updated
    :Jun 01, 2026

Amazon SAA-C03 Online Questions & Answers

  • Question 1241:

    An Amazon EC2 instance is located in a private subnet in a new VPC. This subnet does not have outbound internet access, but the EC2 instance needs the ability to download monthly security updates from an outside vendor.

    What should a solutions architect do to meet these requirements?

    A. Create an internet gateway, and attach it to the VPC. Configure the private subnet route table to use the internet gateway as the default route.
    B. Create a NAT gateway, and place it in a public subnet. Configure the private subnet route table to use the NAT gateway as the default route.
    C. Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the NAT instance as the default route.
    D. Create an internet gateway, and attach it to the VPC. Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the internet gateway as the default route.

  • Question 1242:

    A company stores sensitive financial reports in an Amazon S3 bucket. To comply with auditing requirements, the company must encrypt the data at rest. Users must not have the ability to change the encryption method or remove encryption when the users upload data. The company must be able to audit all encryption and storage actions.

    Which solution will meet these requirements and provide the MOST granular control?

    A. Enable default server-side encryption with Amazon S3 managed keys (SSE-S3) for the S3 bucket. Apply a bucket policy that denies any upload requests that do not include the x-amz-server-side-encryption header.
    B. Configure server-side encryption with AWS KMS (SSE-KMS) keys. Use an S3 bucket policy to reject any data that is not encrypted by the designated key.
    C. Use client-side encryption before uploading the reports. Store the encryption keys in AWS Secrets Manager.
    D. Enable default server-side encryption with Amazon S3 managed keys (SSE-S3). Use AWS Identity and Access Management (IAM) to prevent users from changing S3 bucket settings.

  • Question 1243:

    A company maintains about 300 TB in Amazon S3 Standard storage month after month. The S3 objects are each typically around 50 GB in size and are frequently replaced with multipart uploads by their global application. The number and size of S3 objects remain constant, but the company's S3 storage costs are increasing each month.

    How should a solutions architect reduce costs in this situation?

    A. Switch from multipart uploads to Amazon S3 Transfer Acceleration.
    B. Enable an S3 Lifecycle policy that deletes incomplete multipart uploads.
    C. Configure S3 inventory to prevent objects from being archived too quickly.
    D. Configure Amazon CloudFront to reduce the number of objects stored in Amazon S3.

  • Question 1244:

    A 4-year-old media company is using the AWS Organizations all features feature set to organize its AWS accounts. According to the company's finance team, the billing information on the member accounts must not be accessible to anyone, including the root user of the member accounts.

    Which solution will meet these requirements?

    A. Add all finance team users to an IAM group. Attach an AWS managed policy named Billing to the group.
    B. Attach an identity-based policy to deny access to the billing information to all users, including the root user.
    C. Create a service control policy (SCP) to deny access to the billing information. Attach the SCP to the root organizational unit (OU).
    D. Convert from the Organizations all features feature set to the Organizations consolidated billing feature set.

  • Question 1245:

    A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs ta share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses an AWS Key Management Service (AWS KMS) customer managed key to encrypt EBS volume snapshots.

    What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?

    A. Make the encrypted AMI and snapshots publicly available. Modify the key policy to allow the MSP Partner's AWS account to use the key.
    B. Modify the launchPermission property of the AMI. Share the AMI with the MSP Partner's AWS account only. Modify the key policy to allow the MSP Partner's AWS account to use the key.
    C. Modify the launchPermission property of the AMI. Share the AMI with the MSP Partner's AWS account only. Modify the key policy to trust a new KMS key that is owned by the MSP Partner for encryption.
    D. Export the AMI from the source account to an Amazon S3 bucket in the MSP Partner's AWS account, Encrypt the S3 bucket with a new KMS key that is owned by the MSP Partner. Copy and launch the AMI in the MSP Partner's AWS account.

  • Question 1246:

    A genomics research company is designing a scalable architecture for a loosely coupled workload. Tasks in the workload are independent and can be processed in parallel. The architecture needs to minimize management overhead and provide automatic scaling based on demand.

    Which solution will meet these requirements?

    A. Use a cluster of Amazon EC2 instances. Use AWS Systems Manager to manage the workload.
    B. Implement a serverless architecture that uses AWS Lambda functions.
    C. Use AWS ParallelCluster to deploy a dedicated high-performance cluster.
    D. Implement vertical scaling for each workload task.

  • Question 1247:

    A company recently started using Amazon Aurora as the data store for its global ecommerce application.

    When large reports are run, developers report that the ecommerce application is performing poorly. After reviewing metrics in Amazon CloudWatch, a solutions architect finds that the ReadIOPS and CPUUtilizalion metrics are spiking when monthly reports run.

    What is the MOST cost-effective solution?

    A. Migrate the monthly reporting to Amazon Redshift.
    B. Migrate the monthly reporting to an Aurora Replica.
    C. Migrate the Aurora database to a larger instance class.
    D. Increase the Provisioned IOPS on the Aurora instance.

  • Question 1248:

    A company receives 10 TB of instrumentation data each day from several machines located at a single factory. The data consists of JSON files stored on a storage area network (SAN) in an on-premises data center located within the factory.

    The company wants to send this data to Amazon S3 where it can be accessed by several additional systems that provide critical near-real-time analytics. A secure transfer is important because the data is considered sensitive.

    Which solution offers the MOST reliable data transfer?

    A. AWS DataSync over public internet
    B. AWS DataSync over AWS Direct Connect
    C. AWS Database Migration Service (AWS DMS) over public internet
    D. AWS Database Migration Service (AWS DMS) over AWS Direct Connect

  • Question 1249:

    A company operates a food delivery service. Because of recent growth, the company's order processing system is experiencing scaling problems during peak traffic hours. The current architecture includes Amazon EC2 instances in an Auto Scaling group that collect orders from an application. A second group of EC2 instances in an Auto Scaling group fulfills the orders. The order collection process occurs quickly, but the order fulfillment process can take longer. Data must not be lost because of a scaling event.

    A solutions architect must ensure that the order collection process and the order fulfillment process can both scale adequately during peak traffic hours.

    Which solution will meet these requirements?

    A. Use Amazon CloudWatch to monitor the CPUUtilization metric for each instance in both Auto Scaling groups. Configure each Auto Scaling group's minimum capacity to meet its peak workload value.
    B. Use Amazon CloudWatch to monitor the CPUUtilization metric for each instance in both Auto Scaling groups. Configure a CloudWatch alarm to invoke an Amazon Simple Notification Service (Amazon SNS) topic to create additional Auto Scaling groups on demand.
    C. Provision two Amazon Simple Queue Service (Amazon SQS) queues. Use one SQS queue for order collection. Use the second SQS queue for order fulfillment. Configure the EC2 instances to poll their respective queues. Scale the Auto Scaling groups based on notifications that the queues send.
    D. Provision two Amazon Simple Queue Service (Amazon SQS) queues. Use one SQS queue for order collection. Use the second SQS queue for order fulfillment. Configure the EC2 instances to poll their respective queues. Scale the Auto Scaling groups based on the number of messages in each queue.

  • Question 1250:

    A company is storing backup files by using Amazon S3 Standard storage. The files are accessed frequently for 1 month. However, the files are not accessed after 1 month. The company must keep the files indefinitely.

    Which storage solution will meet these requirements MOST cost-effectively?

    A. Configure S3 Intelligent-Tiering to automatically migrate objects.
    B. Create an S3 Lifecycle configuration to transition objects from S3 Standard to S3 Glacier Deep Archive after 1 month.
    C. Create an S3 Lifecycle configuration to transition objects from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) after 1 month.
    D. Create an S3 Lifecycle configuration to transition objects from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 month.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C03 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.