SAA-C03 Exam Details

  • Exam Code
    :SAA-C03
  • Exam Name
    :AWS Certified Solutions Architect - Associate (SAA-C03)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :1524 Q&As
  • Last Updated
    :Jul 11, 2026

Amazon SAA-C03 Online Questions & Answers

  • Question 61:

    A company uses an Amazon EC2 instance to run a script to poll for and process messages in an Amazon Simple Queue Service (Amazon SQS) queue. The company wants to reduce operational overhead while maintaining its ability to process an increasing number of messages that are added to the queue.

    Which solution will meet these requirements?

    A. Increase the size of the EC2 instance to process messages in the SQS queue faster.
    B. Configure an Amazon EventBridge rule to turn off the EC2 instance when the SQS queue is empty.
    C. Migrate the script on the EC2 instance to an AWS Lambda function with an event source of the SQS queue.
    D. Configure an AWS Systems Manager Run Command to run the script on demand.

  • Question 62:

    A company uses Amazon EC2 instances and Amazon Elastic Block Store (Amazon EBS) to run its self-managed database. The company has 350 TB of data spread across all EBS volumes. The company takes daily EBS snapshots and keeps the snapshots for 1 month. The daily change rate is 5% of the EBS volumes. Because of new regulations, the company needs to keep the monthly snapshots for 7 years. The company needs to change its backup strategy to comply with the new regulations and to ensure that data is available with minimal administrative effort.

    Which solution will meet these requirements MOST cost-effectively?

    A. Keep the daily snapshot in the EBS snapshot standard tier for 1 month. Copy the monthly snapshot to Amazon S3 Glacier Deep Archive with a 7-year retention period.
    B. Continue with the current EBS snapshot policy. Add a new policy to move the monthly snapshot to Amazon EBS Snapshots Archive with a 7-year retention period.
    C. Keep the daily snapshot in the EBS snapshot standard tier for 1 month. Keep the monthly snapshot in the standard tier for 7 years. Use incremental snapshots.
    D. Keep the daily snapshot in the EBS snapshot standard tier. Use EBS direct APIs to take snapshots of all the EBS volumes every month. Store the snapshots in an Amazon S3 bucket in the Infrequent Access tier for 7 years.

  • Question 63:

    A solutions architect is designing the network architecture for an application that runs on Amazon EC2 instances in an Auto Scaling group. The application needs to access data that is in Amazon S3 buckets.

    Traffic to the S3 buckets must not use public IP addresses. The solutions architect will deploy the application in a VPC that has public and private subnets.

    Which solutions will meet these requirements? (Choose Two.)

    A. Deploy the EC2 instances in a private subnet. Configure a default route to an egress-only internet gateway.
    B. Deploy the EC2 instances in a public subnet. Create a gateway endpoint for Amazon S3. Associate the endpoint with the subnet's route table.
    C. Deploy the EC2 instances in a public subnet. Create an interface endpoint for Amazon S3. Configure DNS hostnames and DNS resolution for the VPC.
    D. Deploy the EC2 instances in a private subnet. Configure a default route to a NAT gateway in a public subnet.
    E. Deploy the EC2 instances in a private subnet. Configure a default route to a customer gateway.

  • Question 64:

    A company is running a two-tier web-based application in an on-premises data center. The application layer consists of a single server running a stateful application. The application connects to a PostgreSQL database running on a separate server. The user base is expected to grow significantly, so the company is migrating the application and database to AWS. The solution will use Amazon Aurora PostgreSQL, Amazon EC2 Auto Scaling, and Elastic Load Balancing.

    Which solution will provide a consistent user experience that will allow the application and database tiers to scale?

    A. Enable Aurora Auto Scaling for Aurora Replicas. Use a Network Load Balancer with the least outstanding requests routing algorithm and sticky sessions enabled.
    B. Enable Aurora Auto Scaling for Aurora writers. Use an Application Load Balancer with the round robin routing algorithm and sticky sessions enabled.
    C. Enable Aurora Auto Scaling for Aurora Replicas. Use an Application Load Balancer with the round robin routing algorithm and sticky sessions enabled.
    D. Enable Aurora Auto Scaling for Aurora writers. Use a Network Load Balancer with the least outstanding requests routing algorithm and sticky sessions enabled.

  • Question 65:

    A media company uses Amazon CloudFront for its publicly available streaming video content. The company wants to secure the video content that is hosted in Amazon S3 by controlling who has access.

    Some of the company's users are using a custom HTTP client that does not support cookies. Some of the company's users are unable to change the hardcoded URLs that they are using for access.

    Which services or methods will meet these requirements with the LEAST impact to the users? (Choose two.)

    A. Signed cookies
    B. Signed URLs
    C. AWS AppSync
    D. JSON Web Token (JWT)
    E. AWS Secrets Manager

  • Question 66:

    A security team needs to enforce rotation of all IAM users' access keys every 90 days. Keys older than 90 days must be automatically deactivated and removed. A solutions architect must create a remediation solution with minimal operational effort.

    Which solution meets these requirements?

    A. Create an AWS Config rule to check key age. Configure the rule to run an AWS Batch job to remove the key.
    B. Create an Amazon EventBridge rule to check key age. Configure it to run an AWS Batch job to remove the key.
    C. Create an AWS Config rule to check key age. Define an EventBridge rule that schedules an AWS Lambda function to remove the key.
    D. Create an EventBridge rule to check key age. Define a second EventBridge rule to run an AWS Batch job to remove the key.

  • Question 67:

    A company is migrating some of its applications to AWS. The company wants to migrate and modernize the applications quickly after it finalizes networking and security strategies. The company has set up an AWS Direct Connect connection in a central network account. The company expects to have hundreds of AWS accounts and VPCs in the near future. The corporate network must be able to access the resources on AWS seamlessly and also must be able to communicate with all the VPCs. The company also wants to route its cloud resources to the internet through its on-premises data center.

    Which combination of steps will meet these requirements? (Choose Three.)

    A. Create a Direct Connect gateway in the central account. In each of the accounts, create an association proposal by using the Direct Connect gateway and the account ID for every virtual private gateway.
    B. Create a Direct Connect gateway and a transit gateway in the central network account. Attach the transit gateway to the Direct Connect gateway by using a transit VIF.
    C. Provision an internet gateway. Attach the internet gateway to subnets. Allow internet traffic through the gateway.
    D. Share the transit gateway with other accounts. Attach VPCs to the transit gateway.
    E. Provision VPC peering as necessary.
    F. Provision only private subnets. Open the necessary route on the transit gateway and customer gateway to allow outbound internet traffic from AWS to flow through NAT services that run in the data center.

  • Question 68:

    A company is migrating applications to AWS. The applications are deployed in different accounts. The company manages the accounts centrally by using AWS Organizations. The company's security team needs a single sign-on (SSO) solution across all the company's accounts. The company must continue managing the users and groups in its on-premises self-managed Microsoft Active Directory.

    Which solution will meet these requirements?

    A. Enable AWS Single Sign-On (AWS SSO) from the AWS SSO console. Create a one-way forest trust or a one-way domain trust to connect the company's self-managed Microsoft Active Directory with AWS SSO by using AWS Directory Service for Microsoft Active Directory.
    B. Enable AWS Single Sign-On (AWS SSO) from the AWS SSO console. Create a two-way forest trust to connect the company's self-managed Microsoft Active Directory with AWS SSO by using AWS Directory Service for Microsoft Active Directory.
    C. Use AWS Directory Service. Create a two-way trust relationship with the company's self-managed Microsoft Active Directory.
    D. Deploy an identity provider (IdP) on premises. Enable AWS Single Sign-On (AWS SSO) from the AWS SSO console.

  • Question 69:

    A company wants to run a gaming application on Amazon EC2 instances that are part of an Auto Scaling group in the AWS Cloud. The application will transmit data by using UDP packets. The company wants to ensure that the application can scale out and in as traffic increases and decreases.

    What should a solutions architect do to meet these requirements?

    A. Attach a Network Load Balancer to the Auto Scaling group.
    B. Attach an Application Load Balancer to the Auto Scaling group.
    C. Deploy an Amazon Route 53 record set with a weighted policy to route traffic appropriately.
    D. Deploy a NAT instance that is configured with port forwarding to the EC2 instances in the Auto Scaling group.

  • Question 70:

    A software company needs to upgrade a critical web application. The application currently runs on a single Amazon EC2 instance that the company hosts in a public subnet. The EC2 instance runs a MySQL database. The application's DNS records are published in an Amazon Route 53 zone.

    A solutions architect must reconfigure the application to be scalable and highly available. The solutions architect must also reduce MySQL read latency.

    Which combination of solutions will meet these requirements? (Choose two.)

    A. Launch a second EC2 instance in a second AWS Region. Use a Route 53 failover routing policy to redirect the traffic to the second EC2 instance.
    B. Create and configure an Auto Scaling group to launch private EC2 instances in multiple Availability Zones. Add the instances to a target group behind a new Application Load Balancer.
    C. Migrate the database to an Amazon Aurora MySQL cluster. Create the primary DB instance and reader DB instance in separate Availability Zones.
    D. Create and configure an Auto Scaling group to launch private EC2 instances in multiple AWS Regions. Add the instances to a target group behind a new Application Load Balancer.
    E. Migrate the database to an Amazon Aurora MySQL cluster with cross-Region read replicas.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C03 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.