1. Home
  2. Amazon
  3. SAA-C03

Amazon SAA-C03 Online Practice Questions and Exam Preparation

SAA-C03 Exam Details

  • Exam Code
    :SAA-C03
  • Exam Name
    :AWS Certified Solutions Architect - Associate (SAA-C03)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :1524 Q&As
  • Last Updated
    :Jun 01, 2026

Amazon SAA-C03 Online Questions & Answers

  • Question 341:

    An ecommerce company hosts an API that handles sales requests. The company hosts the API frontend on Amazon EC2 instances that run behind an Application Load Balancer (ALB). The company hosts the API backend on EC2 instances that perform the transactions. The backend tiers are loosely coupled by an Amazon Simple Queue Service (Amazon SQS) queue.

    The company anticipates a significant increase in request volume during a new product launch event. The company wants to ensure that the API can handle increased loads successfully.

    A. Double the number of frontend and backend EC2 instances to handle the increased traffic during the product launch event. Create a dead-letter queue to retain unprocessed sales requests when the demand exceeds the system capacity.
    B. Place the frontend EC2 instances into an Auto Scaling group. Create an Auto Scaling policy to launch new instances to handle the incoming network traffic.
    C. Place the frontend EC2 instances into an Auto Scaling group. Add an Amazon ElastiCache cluster in front of the ALB to reduce the amount of traffic the API needs to handle.
    D. Place the frontend and backend EC2 instances into separate Auto Scaling groups. Create a policy for the frontend Auto Scaling group to launch instances based on incoming network traffic. Create a policy for the backend Auto Scaling group to launch instances based on the SQS queue backlog.

  • Question 342:

    A company is designing its production application's disaster recovery (DR) strategy. The application is backed by a MySQL database on an Amazon Aurora cluster in the us-east-1 Region. The company has chosen the us-west-1 Region as its DR Region. The company's target recovery point objective (RPO) is 5 minutes and the target recovery time objective (RTO) is 20 minutes. The company wants to minimize configuration changes.

    Which solution will meet these requirements with the MOST operational efficiency?

    A. Create an Aurora read replica in us-west-1 similar in size to the production application's Aurora MySQL cluster writer instance.
    B. Convert the Aurora cluster to an Aurora global database. Configure managed failover.
    C. Create a new Aurora cluster in us-west-1 that has Cross-Region Replication.
    D. Create a new Aurora cluster in us-west-1. Use AWS Database Migration Service (AWS DMS) to sync both clusters.

  • Question 343:

    A media company hosts a web application on AWS for uploading videos. Only authenticated users should upload within a specified time frame after authentication.

    Which solution will meet these requirements with the LEAST operational overhead?

    A. Configure the application to generate IAM temporary security credentials for authenticated users.
    B. Create an AWS Lambda function that generates pre-signed URLs when a user authenticates.
    C. Develop a custom authentication service that integrates with Amazon Cognito to control and log direct S3 bucket access through the application.
    D. Use AWS Security Token Service (AWS STS) to assume a predefined IAM role that grants authenticated users temporary permissions to upload videos directly to the S3 bucket.

  • Question 344:

    A company creates dedicated AWS accounts in AWS Organizations for its business units. Recently, an important notification was sent to the root user email address of a business unit account instead of the assigned account owner.

    The company wants to ensure that all future notifications can be sent to different employees based on the notification categories of billing, operations, or security.

    Which solution will meet these requirements MOST securely?

    A. Configure each AWS account to use a single email address that the company manages. Ensure that all account owners can access the email account to receive notifications. Configure alternate contacts for each AWS account with corresponding distribution lists for the billing team, the security team, and the operations team for each business unit.
    B. Configure each AWS account to use a different email distribution list for each business unit that the company manages. Configure each distribution list with administrator email addresses that can respond to alerts. Configure alternate contacts for each AWS account with corresponding distribution lists for the billing team, the security team, and the operations team for each business unit.
    C. Configure each AWS account root user email address to be the individual company managed email address of one person from each business unit. Configure alternate contacts for each AWS account with corresponding distribution lists for the billing team, the security team, and the operations team for each business unit.
    D. Configure each AWS account root user to use email aliases that go to a centralized mailbox. Configure alternate contacts for each account by using a single business managed email distribution list each for the billing team, the security team, and the operations team.

  • Question 345:

    A company is preparing to launch a public-facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third-party service is used for the DNS. The company's solutions architect must recommend a solution to detect and protect against large-scale DDoS attacks.

    Which solution meets these requirements?

    A. Enable Amazon GuardDuty on the account.
    B. Enable Amazon Inspector on the EC2 instances.
    C. Enable AWS Shield and assign Amazon Route 53 to it.
    D. Enable AWS Shield Advanced and assign the ELB to it.

  • Question 346:

    A company has an organization in AWS Organizations that has all features enabled. The company has multiple Amazon S3 buckets in multiple AWS Regions around the world. The S3 buckets contain sensitive data.

    The company needs to ensure that no personally identifiable information (PII) is stored in the S3 buckets.

    The company also needs a scalable solution to identify PII.

    Which solution will meet these requirements?

    A. In the Organizations management account, configure an Amazon Macie administrator IAM user as the delegated administrator for the global organization. Use the Macie administrator user to configure Macie settings to scan for PII.
    B. For each Region in the Organizations management account, designate a delegated Amazon Macie administrator account. In the Macie administrator account, add all accounts in the organization. Use the Macie administrator account to enable Macie. Configure automated sensitive data discovery for all accounts in the organization.
    C. For each Region in the Organizations management account, configure a service control policy (SCP) to identify PII. Apply the SCP to the organization root.
    D. In the Organizations management account, configure AWS Lambda functions to scan for PII in each Region.

  • Question 347:

    A company is developing a real-time multiplayer game that uses UDP for communications between the client and servers in an Auto Scaling group. Spikes in demand are anticipated during the day, so the game server platform must adapt accordingly. Developers want to store gamer scores and other non-relational data in a database solution that will scale without intervention.

    Which solution should a solutions architect recommend?

    A. Use Amazon Route 53 for traffic distribution and Amazon Aurora Serverless for data storage.
    B. Use a Network Load Balancer for traffic distribution and Amazon DynamoDB on-demand for data storage.
    C. Use a Network Load Balancer for traffic distribution and Amazon Aurora Global Database for data storage.
    D. Use an Application Load Balancer for traffic distribution and Amazon DynamoDB global tables for data storage.

  • Question 348:

    A large international university has deployed all of its compute services in the AWS Cloud. These services include Amazon EC2, Amazon RDS, and Amazon DynamoDB. The university currently relies on many custom scripts to back up its infrastructure. However, the university wants to centralize management and automate data backups as much as possible by using AWS native options.

    Which solution will meet these requirements?

    A. Use third-party backup software with an AWS Storage Gateway tape gateway virtual tape library.
    B. Use AWS Backup to configure and monitor all backups for the services in use.
    C. Use AWS Config to set lifecycle management to take snapshots of all data sources on a schedule.
    D. Use AWS Systems Manager State Manager to manage the configuration and monitoring of backup tasks.

  • Question 349:

    A company runs a shopping application that uses Amazon DynamoDB to store customer information. In case of data corruption, a solutions architect needs to design a solution that meets a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO) of 1 hour.

    What should the solutions architect recommend to meet these requirements?

    A. Configure DynamoDB global tables. For RPO recovery, point the application to a different AWS Region.
    B. Configure DynamoDB point-in-time recovery. For RPO recovery, restore to the desired point in time.
    C. Export the DynamoDB data to Amazon S3 Glacier on a daily basis. For RPO recovery, import the data from S3 Glacier to DynamoDB.
    D. Schedule Amazon Elastic Block Store (Amazon EBS) snapshots for the DynamoDB table every 15 minutes. For RPO recovery, restore the DynamoDB table by using the EBS snapshot.

  • Question 350:

    A group requires permissions to list an Amazon S3 bucket and delete objects from that bucket. An administrator has created the following IAM policy to provide access to the bucket and applied that policy to the group. The group is not able to delete objects in the bucket. The company follows least-privilege access rules.

    Which statement should a solutions architect add to the policy to correct bucket access?

    A. "Action": [ "s3:*Object" ], "Resource": [ "arn:aws:s3:::bucket-name/*" ], "Effect": "Allow"
    B. "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::bucket-name/*" ], "Effect": "Allow"
    C. "Action": [ "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::bucket-name*" ], "Effect": "Allow"
    D. "Action": [ "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::bucket-name/*" ], "Effect": "Allow"

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C03 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.