Exam Details

  • Exam Code
    :SAA-C03
  • Exam Name
    :AWS Certified Solutions Architect - Associate (SAA-C03)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :1304 Q&As
  • Last Updated
    :Jun 07, 2025

Amazon Amazon Certifications SAA-C03 Questions & Answers

  • Question 811:

    A company runs a public three-Tier web application in a VPC The application runs on Amazon EC2 instances across multiple Availability Zones. The EC2 instances that run in private subnets need to communicate with a license server over the internet The company needs a managed solution that minimizes operational maintenance

    Which solution meets these requirements''

    A. Provision a NAT instance in a public subnet Modify each private subnets route table with a default route that points to the NAT instance

    B. Provision a NAT instance in a private subnet Modify each private subnet's route table with a default route that points to the NAT instance

    C. Provision a NAT gateway in a public subnet Modify each private subnet's route table with a default route that points to the NAT gateway

    D. Provision a NAT gateway in a private subnet Modify each private subnet's route table with a default route that points to the NAT gateway .

  • Question 812:

    A company runs an application that receives data from thousands of geographically dispersed remote devices that use UDP The application processes the data immediately and sends a message back to the device if necessary No data is stored.

    The company needs a solution that minimizes latency for the data transmission from the devices. The solution also must provide rapid failover to another AWS Region

    Which solution will meet these requirements?

    A. Configure an Amazon Route 53 failover routing policy Create a Network Load Balancer (NLB) in each of the two Regions Configure the NLB to invoke an AWS Lambda function to process the data

    B. Use AWS Global Accelerator. Create a Network Load Balancer (NLB) in each of the two Regions as an endpoint. Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type. Create an ECS service on the cluster. Set the ECS service as the target for the NLProcess the data in Amazon ECS.

    C. Use AWS Global Accelerator Create an Application Load Balancer (ALB) in each of the two Regions as an endpoint Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster. Set the ECS service as the target for the ALB Process the data in Amazon ECS

    D. Configure an Amazon Route 53 failover routing policy Create an Application Load Balancer (ALB) in each of the two Regions Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster Set the ECS service as the target for the ALB Process the data in Amazon ECS

  • Question 813:

    A media company hosts its website on AWS. The website application's architecture includes a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) and a database that is hosted on Amazon Aurora The company's cyber security teem reports that the application is vulnerable to SOL injection.

    How should the company resolve this issue?

    A. Use AWS WAF in front of the ALB Associate the appropriate web ACLs with AWS WAF.

    B. Create an ALB listener rule to reply to SQL injection with a fixed response

    C. Subscribe to AWS Shield Advanced to block all SQL injection attempts automatically.

    D. Set up Amazon Inspector to block all SOL injection attempts automatically

  • Question 814:

    An application runs on an Amazon EC2 instance that has an Elastic IP address in VPC A. The application requires access to a database in VPC B. Both VPCs are in the same AWS account.

    Which solution will provide the required access MOST securely?

    A. Create a DB instance security group that allows all traffic from the public IP address of the application server in VPC A.

    B. Configure a VPC peering connection between VPC A and VPC B.

    C. Make the DB instance publicly accessible. Assign a public IP address to the DB instance.

    D. Launch an EC2 instance with an Elastic IP address into VPC B. Proxy all requests through the new EC2 instance.

  • Question 815:

    A company's web application consists o( an Amazon API Gateway API in front of an AWS Lambda function and an Amazon DynamoDB database. The Lambda function handles the business logic, and the DynamoDB table hosts the data. The application uses Amazon Cognito user pools to identify the individual users of the application. A solutions architect needs to update the application so that only users who have a subscription can access premium content.

    A. Enable API caching and throttling on the API Gateway API

    B. Set up AWS WAF on the API Gateway API Create a rule to filter users who have a subscription

    C. Apply fine-grained IAM permissions to the premium content in the DynamoDB table

    D. Implement API usage plans and API keys to limit the access of users who do not have a subscription.

  • Question 816:

    A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that is located in the same AWS account. Which solution will meet these requirement in the MOST secure manner?

    A. Apply an S3 bucket pokey that grants road access to the S3 bucket

    B. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to the S3 bucket.

    C. Embed an access key and a secret key In the Lambda function's coda to grant the required IAM permissions for read access to the S3 bucket

    D. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to all S3 buckets In the account

  • Question 817:

    A company is implementing new data retention policies for all databases that run on Amazon RDS DB instances. The company must retain daily backups for a minimum period of 2 years. The backups must be consistent and restorable.

    Which solution should a solutions architect recommend to meet these requirements?

    A. Create a backup vault in AWS Backup to retain RDS backups. Create a new backup plan with a daily schedule and an expiration period of 2 years after creation. Assign the RDS DB instances to the backup plan.

    B. Configure a backup window for the RDS DB instances for daily snapshots. Assign a snapshot retention policy of 2 years to each RDS DB instance. Use Amazon Data Lifecycle Manager (Amazon DLM) to schedule snapshot deletions.

    C. Configure database transaction logs to be automatically backed up to Amazon CloudWatch Logs with an expiration period of 2 years.

    D. Configure an AWS Database Migration Service (AWS DMS) replication task. Deploy a replication instance, and configure a change data capture (CDC) task to stream database changes to Amazon S3 as the target. Configure S3 Lifecycle policies to delete the snapshots after 2 years.

  • Question 818:

    A company is designing a shared storage solution for a gaming application that is hosted in the AWS Cloud The company needs the ability to use SMB clients to access data solution must be fully managed.

    Which AWS solution meets these requirements?

    A. Create an AWS DataSync task that shares the data as a mountable file system Mount the file system to the application server

    B. Create an Amazon EC2 Windows instance Install and configure a Windows file share role on the instance Connect the application server to the file share

    C. Create an Amazon FSx for Windows File Server file system Attach the file system to the origin server Connect the application server to the file system

    D. Create an Amazon S3 bucket Assign an IAM role to the application to grant access to the S3 bucket Mount the S3 bucket to the application server

  • Question 819:

    A company's compliance team needs to move its file shares to AWS. The shares run on a Windows Server SMB file share. A self-managed on-premises Active Directory controls access to the files and folders.

    The company wants to use Amazon FSx for Windows File Server as part of the solution. The company must ensure that the on-premises Active Directory groups restrict access to the FSx for Windows File Server SMB compliance shares, folders, and files after the move to AWS. The company has created an FSx for Windows File Server file system.

    Which solution will meet these requirements?

    A. Create an Active Directory Connector to connect to the Active Directory. Map the Active Directory groups to IAM groups to restrict access.

    B. Assign a tag with a Restrict tag key and a Compliance tag value. Map the Active Directory groups to IAM groups to restrict access.

    C. Create an IAM service-linked role that is linked directly to FSx for Windows File Server to restrict access.

    D. Join the file system to the Active Directory to restrict access.

  • Question 820:

    A company provides an online service for posting video content and transcoding it for use by any mobile platform. The application architecture uses Amazon Elastic File System (Amazon EFS) Standard to collect and store the videos so that multiple Amazon EC2 Linux instances can access the video content for processing As the popularity of the service has grown over time, the storage costs have become too expensive.

    Which storage solution is MOST cost-effective?

    A. Use AWS Storage Gateway for files to store and process the video content

    B. Use AWS Storage Gateway for volumes to store and process the video content

    C. Use Amazon EFS for storing the video content Once processing is complete transfer the files to Amazon Elastic Block Store (Amazon EBS)

    D. Use Amazon S3 for storing the video content Move the files temporarily over to an Amazon Elastic Block Store (Amazon EBS) volume attached to the server for processing

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C03 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.