00:20:00

AWS Certified Solutions Architect Associate Practice Test (SAA-C03)

Use the form below to configure your AWS Certified Solutions Architect Associate Practice Test (SAA-C03). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

Logo for AWS Certified Solutions Architect Associate SAA-C03
Questions
Number of questions in the practice test
Free users are limited to 20 questions, upgrade to unlimited
Seconds Per Question
Determines how long you have to finish the practice test
Exam Objectives
Which exam objectives should be included in the practice test

AWS Certified Solutions Architect Associate SAA-C03 Information

AWS Certified Solutions Architect - Associate showcases knowledge and skills in AWS technology, across a wide range of AWS services. The focus of this certification is on the design of cost and performance optimized solutions, demonstrating a strong understanding of the AWS Well-Architected Framework. This certification can enhance the career profile and earnings of certified individuals and increase your credibility and confidence in stakeholder and customer interactions.

The AWS Certified Solutions Architect - Associate (SAA-C03) exam is intended for individuals who perform a solutions architect role. The exam validates a candidate’s ability to design solutions based on the AWS Well-Architected Framework.

The exam also validates a candidate’s ability to complete the following tasks:

  • Design solutions that incorporate AWS services to meet current business requirements and future projected needs
  • Design architectures that are secure, resilient, high-performing, and cost optimized
  • Review existing solutions and determine improvements
AWS Certified Solutions Architect Associate SAA-C03 Logo
  • Free AWS Certified Solutions Architect Associate SAA-C03 Practice Test

  • 20 Questions
  • Unlimited
  • Design Secure Architectures
    Design Resilient Architectures
    Design High-Performing Architectures
    Design Cost-Optimized Architectures
Question 1 of 20

An application running on Amazon EC2 instances needs to read log files that are stored only in the S3 bucket named app-logs. No other S3 actions or buckets are required.

Which IAM policy best implements the principle of least privilege for the application's IAM role?

  • Allow the action s3:GetObject on the resource arn:aws:s3:::app-logs/*.

  • Allow s3:GetObject and s3:PutObject on all S3 buckets in the account.

  • Attach the AWS managed policy AmazonS3ReadOnlyAccess to the role.

  • Allow s3:*" on the resource arn:aws:s3:::app-logs/*.

Question 2 of 20

Which service is commonly utilized to manage policies governing who can use cryptographic keys for securing data stored on the cloud?

  • Key Management Service

  • Secrets Manager

  • Identity and Access Management

  • Certificate Manager

Question 3 of 20

Which capability enables users to append labels to cloud resources to facilitate detailed tracking and categorization of spending?

  • Cost allocation tags

  • Budget alerts

  • Account outlines

  • Resource packs

Question 4 of 20

Which type of AWS database is optimized for scenarios with heavy read traffic and requires high availability of data serving?

  • Amazon DynamoDB without DAX

  • Amazon S3 standard storage class

  • Amazon RDS with Read Replicas

  • Amazon Elastic File System (EFS)

Question 5 of 20

A company needs to store thousands of data files generated daily from hundreds of sensors. Each sensor sends small-size files roughly every minute. To minimize the storage costs on Amazon S3, what is the BEST strategy the company should follow?

  • Batch multiple files together before uploading to reduce the number of PUT requests to S3.

  • Upload each file individually to ensure immediate availability and processing in S3.

  • Configure S3 Intelligent-Tiering to automatically move the files to the most cost-efficient tier.

  • Enable S3 Transfer Acceleration on the bucket to optimize the upload speed of the files.

Question 6 of 20

A company stores large volumes of customer information and is looking for a service to automatically classify and secure sensitive data within their object storage. Which service should be utilized for continuous protection against data loss and to ensure compliance with data privacy regulations?

  • Amazon Macie

  • Amazon GuardDuty

  • AWS Shield

  • Amazon Cognito

Question 7 of 20

A company operates under a multi-account strategy where one account is managed by the security engineers and another is operated by a separate team responsible for network administration. The security team needs to allow the network administration team's account access to a specific Amazon S3 bucket without broadening the access to other accounts. Which of the following is the MOST secure way to grant the required access?

  • Set up a bucket policy that limits access to the S3 bucket based on the source IP range of the network administration team's office location.

  • Edit the S3 bucket's Access Control List (ACL) to include the user identifiers from the team handling network administration.

  • Implement a policy for individual users in the security engineers' account that grants permissions to the network administration team.

  • Attach a resource-based policy directly to the S3 bucket identifying the network administration team's account as the principal with the specified permissions.

Question 8 of 20

To boost the reliability of an aging, traditional software system, a managed solution is needed that pools and streamlines database access, particularly during periods of high utilization. Which service would be the most appropriate to implement?

  • Amazon Simple Notification Service (SNS)

  • Amazon RDS Proxy

  • AWS Lambda

  • AWS Global Accelerator

Question 9 of 20

An application publishes events to an Amazon SNS topic. One subscription delivers notifications to an Amazon SQS queue and has a JSON filter policy configured. What happens when a published message does not match the subscription's filter policy?

  • The message is delivered to the SQS queue regardless of its attributes.

  • The message is delivered, but SNS flags it as unmatched and deletes it after 24 hours.

  • The message is filtered out and not delivered to that subscription.

  • The SNS Publish API call fails with an error indicating an attribute mismatch.

Question 10 of 20

Which Amazon S3 storage class offers the lowest cost for data that is accessed infrequently but must still be retrieved with millisecond latency when needed?

  • Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

  • Amazon S3 Glacier Deep Archive

  • Amazon S3 Standard

  • Amazon S3 Glacier Flexible Retrieval

Question 11 of 20

An architect must devise a solution that allows a fleet of ephemeral compute instances to efficiently open and maintain connections to a relational database during unpredictable traffic spikes. Which service should the architect employ to ensure scalable and resilient database connectivity?

  • Deploy a fully managed database proxy service for connection pooling.

  • Increase the compute capacity of the database instance to handle more connections.

  • Create additional read replicas to distribute the load across multiple instances.

  • Initiate a Multi-AZ deployment strategy for the database to ensure connectivity.

Question 12 of 20

An application running in an Amazon EC2 instance requires access to an Amazon S3 bucket to read and write data. What is the most secure method to grant the application the required permissions?

  • Assign an IAM role to the EC2 instance with the required permissions.

  • Embed AWS access keys in the application source code.

  • Use environment variables to store AWS access keys on the instance.

  • Store AWS credentials in the instance in an encrypted file.

Question 13 of 20

Considering a scenario where an e-commerce company wants to perform daily ETL (Extract, Transform, Load) jobs on their transactional data stored in Amazon RDS, which service should be used for a fully managed, scalable, and serverless data transformation solution?

  • AWS Lambda

  • AWS Glue

  • AWS Batch

  • Amazon Kinesis Data Firehose

Question 14 of 20

Which AWS component acts as a virtual firewall for controlling traffic at the instance level within an Amazon VPC?

  • Route Table

  • Network Access Control List (NACL)

  • Subnet CIDR

  • Security Group

Question 15 of 20

Which Amazon S3 storage class is specifically optimized for data that is very rarely accessed, must be retained for many years to satisfy regulatory compliance requirements, and offers the lowest storage cost?

  • Amazon S3 One Zone-IA

  • Amazon S3 Glacier Flexible Retrieval

  • Amazon S3 Intelligent-Tiering

  • Amazon S3 Glacier Deep Archive

Question 16 of 20

An e-commerce company needs to store a large number of product images and videos that customers will access frequently via their website and mobile app. The storage solution should be highly scalable, cost-effective, and accessible over HTTP(S). Which AWS storage service should the company use to meet these requirements?

  • Store the files using Amazon EFS.

  • Store the data in Amazon S3.

  • Use Amazon EBS volumes for storage.

  • Use Amazon ElastiCache for storage.

Question 17 of 20

An e-commerce company is expecting a significant spike in users accessing product images during an upcoming promotional event. They need a storage service that can serve these images with low latency at scale to enhance customer experience. Which of the following AWS services is the BEST choice to meet these requirements?

  • Amazon EFS with provisioned throughput configured to serve files directly to users

  • Amazon Elastic File System (EFS) mounted on high-memory EC2 instances

  • Amazon Elastic Block Store (EBS) with Provisioned IOPS SSD (io1) volumes attached to EC2 instances serving the images

  • Amazon Simple Storage Service (S3) with an Amazon CloudFront distribution

Question 18 of 20

Your client is managing a global application that serves various independent stakeholders, requiring strict data segregation. To maintain a robust security posture, what method should they implement to ensure each stakeholder can access only their designated information while adhering to best practices for secure architecture design?

  • Create dedicated roles for each stakeholder with tailored policies enforcing exclusive access to their own sets of resources.

  • Federate an on-premises directory with roles to manage stakeholder access within the platform's environment.

  • Organize stakeholders into groups and manage their permissions collectively based on established group roles.

  • Implement broad policies that manage the access rights of stakeholders at the organizational level.

Question 19 of 20

Which service facilitates the setup and governance of a multi-account environment by offering automated deployment of baseline environments and compliance auditing against standard best practices?

  • Control Tower

  • Organizations

  • Security Hub

  • Identity and Access Management

Question 20 of 20

A company is designing a web application that must route requests to different microservices based on values found in HTTP headers and URL paths. Which Elastic Load Balancing option provides this advanced request routing in the most cost-effective way without adding extra proxy instances?

  • Application Load Balancer (ALB)

  • Network Load Balancer (NLB)

  • Classic Load Balancer (CLB)

  • Gateway Load Balancer (GLB)