1. Home
  2. Amazon
  3. SAA-C03

Amazon SAA-C03 Online Practice Questions and Exam Preparation

SAA-C03 Exam Details

  • Exam Code
    :SAA-C03
  • Exam Name
    :AWS Certified Solutions Architect - Associate (SAA-C03)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :1524 Q&As
  • Last Updated
    :Jun 01, 2026

Amazon SAA-C03 Online Questions & Answers

  • Question 811:

    A company wants to standardize its Amazon Elastic Block Store (Amazon EBS) volume encryption strategy. The company also wants to minimize the cost and configuration effort required to operate the volume encryption check.

    Which solution will meet these requirements?

    A. Write API calls to describe the EBS volumes and to confirm the EBS volumes are encrypted. Use Amazon EventBridge to schedule an AWS Lambda function to run the API calls.
    B. Write API calls to describe the EBS volumes and to confirm the EBS volumes are encrypted. Run the API calls on an AWS Fargate task.
    C. Create an AWS Identity and Access Management (IAM) policy that requires the use of tags on EBS volumes. Use AWS Cost Explorer to display resources that are not properly tagged. Encrypt the untagged resources manually.
    D. Create an AWS Config rule for Amazon EBS to evaluate if a volume is encrypted and to flag the volume if it is not encrypted.

  • Question 812:

    A company runs multiple workloads on virtual machines (VMs) in an on-premises data center. The company is expanding rapidly. The on-premises data center is not able to scale fast enough to meet business needs. The company wants to migrate the workloads to AWS. The migration is time sensitive.

    The company wants to use a lift-and-shift strategy for non-critical workloads.

    Which combination of steps will meet these requirements? (Choose three.)

    A. Use the AWS Schema Conversion Tool (AWS SCT) to collect data about the VMs.
    B. Use AWS Application Migration Service. Install the AWS Replication Agent on the VMs.
    C. Complete the initial replication of the VMs. Launch test instances to perform acceptance tests on the VMs.
    D. Stop all operations on the VMs. Launch a cutover instance.
    E. Use AWS App2Container (A2C) to collect data about the VMs.
    F. Use AWS Database Migration Service (AWS DMS) to migrate the VMs.

  • Question 813:

    A company runs business applications on AWS. The company uses 50 AWS accounts, thousands of VPCs, and three AWS Regions across the United States and Europe. The company has an existing AWS Direct Connect connection that connects an on-premises data center to a single Region.

    A solutions architect needs to establish network connectivity between the on-premises data center and the remaining two Regions. The solutions architect must also establish connectivity between the VPCs. on-premises users and applications must be able to connect to applications that run in the VPCs. The solutions architect creates a transit gateway in each Region and configures the transit gateways as inter-Region peers.

    What should the solutions architect do next to meet these requirements?

    A. Create a private virtual interface (VIF) with a gateway type of virtual private gateway. Configure the private VIF to use a virtual private gateway that is associated with one of the VPCs.
    B. Create a private virtual interface (VIF) to a new Direct Connect gateway. Associate the new Direct Connect gateway with a virtual private gateway in each VPC.
    C. Create a transit virtual interface (VIF) with a gateway association to a new Direct Connect gateway. Associate each transit gateway with the new Direct Connect gateway.
    D. Create an AWS Site-to-Site VPN connection that uses a public virtual interface (VIF) for the Direct Connect connection. Attach the Site-to-Site VPN connection to the transit gateways.

  • Question 814:

    A company manages multiple AWS accounts in an organization in AWS Organizations. The company's applications run on Amazon EC2 instances in multiple AWS Regions. The company needs a solution to simplify the management of security rules across the accounts in its organization. The solution must apply shared security group rules, audit security groups, and detect unused and redundant rules in VPC security groups across all AWS environments.

    Which solution will meet these requirements with the MOST operational efficiency?

    A. Use AWS Firewall Manager to create a set of rules based on the security requirements. Replicate the rules to all the AWS accounts and Regions.
    B. Use AWS CloudFormation StackSets to provision VPC security groups based on the specifications across multiple accounts and Regions. Deploy AWS Network Firewall to define the firewall rules to control network traffic across multiple accounts and Regions.
    C. Use AWS CloudFormation StackSets to provision VPC security groups based on the specifications across multiple accounts and Regions. Configure AWS Config and AWS Lambda to evaluate compliance information and to automate enforcement across all accounts and Regions.
    D. Use AWS Network Firewall to build policies based on the security requirements. Centrally apply the new policies to all the VPCs and accounts.

  • Question 815:

    A marketing company receives a large amount of new clickstream data in Amazon S3 from a marketing campaign. The company needs to analyze the clickstream data in Amazon S3 quickly. Then the company needs to determine whether to process the data further in the data pipeline.

    Which solution will meet these requirements with the LEAST operational overhead?

    A. Create external tables in a Spark catalog. Configure jobs in AWS Glue to query the data.
    B. Configure an AWS Glue crawler to crawl the data. Configure Amazon Athena to query the data.
    C. Create external tables in a Hive metastore. Configure Spark jobs in Amazon EMR to query the data.
    D. Configure an AWS Glue crawler to crawl the data. Configure Amazon Kinesis Data Analytics to use SQL to query the data.

  • Question 816:

    A solutions architect is designing a two-tiered architecture that includes a public subnet and a database subnet. The web servers in the public subnet must be open to the internet on port 443. The Amazon RDS for MySQL DB instance in the database subnet must be accessible only to the web servers on port 3306.

    Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

    A. Create a network ACL for the public subnet. Add a rule to deny outbound traffic to 0.0.0.0/0 on port 3306.
    B. Create a security group for the DB instance. Add a rule to allow traffic from the public subnet CIDR block on port 3306.
    C. Create a security group for the web servers in the public subnet. Add a rule to allow traffic from 0.0.0.0/0 on port 443.
    D. Create a security group for the DB instance. Add a rule to allow traffic from the web servers' security group on port 3306.
    E. Create a security group for the DB instance. Add a rule to deny all traffic except traffic from the web servers' security group on port 3306.

  • Question 817:

    A company uses Amazon EC2, AWS Fargate, and AWS Lambda to run multiple workloads in the company's AWS account. The company wants to fully make use of its Compute Savings Plans. The company wants to receive notification when coverage of the Compute Savings Plans drops.

    Which solution will meet these requirements with the MOST operational efficiency?

    A. Create a daily budget for the Savings Plans by using AWS Budgets. Configure the budget with a coverage threshold to send notifications to the appropriate email message recipients.
    B. Create a Lambda function that runs a coverage report against the Savings Plans. Use Amazon Simple Email Service (Amazon SES) to email the report to the appropriate email message recipients.
    C. Create an AWS Budgets report for the Savings Plans budget. Set the frequency to daily.
    D. Create a Savings Plans alert subscription. Enable all notification options. Enter an email address to receive notifications.

  • Question 818:

    A company is creating a REST API. The company has strict requirements for the use of TLS. The company requires TLSv1.3 on the API endpoints. The company also requires a specific public third-party certificate authority (CA) to sign the TLS certificate.

    Which solution will meet these requirements?

    A. Use a local machine to create a certificate that is signed by the third-party CImport the certificate into AWS Certificate Manager (ACM). Create an HTTP API in Amazon API Gateway with a custom domain. Configure the custom domain to use the certificate.
    B. Create a certificate in AWS Certificate Manager (ACM) that is signed by the third-party CA. Create an HTTP API in Amazon API Gateway with a custom domain. Configure the custom domain to use the certificate.
    C. Use AWS Certificate Manager (ACM) to create a certificate that is signed by the third-party CA. Import the certificate into AWS Certificate Manager (ACM). Create an AWS Lambda function with a Lambda function URL. Configure the Lambda function URL to use the certificate.
    D. Create a certificate in AWS Certificate Manager (ACM) that is signed by the third-party CA. Create an AWS Lambda function with a Lambda function URL. Configure the Lambda function URL to use the certificate.

  • Question 819:

    A company runs a container application on a Kubernetes cluster in the company's data center. The application uses Advanced Message Queuing Protocol (AMQP) to communicate with a message queue.

    The data center cannot scale fast enough to meet the company's expanding business needs. The company wants to migrate the workloads to AWS.

    Which solution will meet these requirements with the LEAST operational overhead?

    A. Migrate the container application to Amazon Elastic Container Service (Amazon ECS). Use Amazon Simple Queue Service (Amazon SQS) to retrieve the messages.
    B. Migrate the container application to Amazon Elastic Kubernetes Service (Amazon EKS). Use Amazon MQ to retrieve the messages.
    C. Use highly available Amazon EC2 instances to run the application. Use Amazon MQ to retrieve the messages.
    D. Use AWS Lambda functions to run the application. Use Amazon Simple Queue Service (Amazon SQS) to retrieve the messages.

  • Question 820:

    A company currently runs a Linux-based application in a self-managed Docker container that runs on Amazon EC2 instances. The application runs a lightweight data processing tool that always completes its job within 3 minutes. The company wants an alternative deployment solution for the application to reduce infrastructure management overhead. The company is willing to make any required changes to the image.

    Which solution will meet this requirement with the LEAST operational overhead?

    A. Deploy the application as an AWS Lambda function that uses the container image.
    B. Deploy the application on Amazon EKS with the AWS Fargate launch type.
    C. Deploy the application on Amazon ECS with the AWS Fargate launch type.
    D. Deploy the application as a custom Amazon Machine Image (AMI) by using AWS Batch.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C03 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.