SAA-C03 Online Practice Questions

Home / Amazon / SAA-C03

Latest SAA-C03 Exam Practice Questions

The practice questions for SAA-C03 exam was last updated on 2026-04-10 .

Viewing page 1 out of 19 pages.

Viewing questions 1 out of 98 questions.

Question#1

A company is developing a social media application that must scale rapidly and handle long-running, ordered processes that store large amounts of relational data. Components must scale independently and evolve without downtime.
Which combination of AWS services will meet these requirements?

A. Amazon ECS with Fargate, Amazon RDS, and Amazon SQS
B. Amazon ECS with Fargate, Amazon RDS, and Amazon SNS
C. AWS Lambda, Amazon DynamoDB Streams, and AWS Step Functions
D. AWS Elastic Beanstalk, Amazon RDS, and Amazon SNS

Explanation:
The application requires independent scaling, ordered asynchronous processing, and relational data storage.
Option A provides a microservices-oriented, decoupled architecture using managed services.
Amazon ECS with AWS Fargate enables containerized workloads without server management and allows each component to scale independently. Amazon RDS supports relational data storage for user profiles and content. Amazon SQS ensures reliable, ordered message processing and decouples long-running background tasks, allowing services to evolve independently.
Option B uses SNS, which does not guarantee message ordering.
Option C uses DynamoDB, which does not meet the relational data requirement.
Option D offers less granular scaling and higher coupling.
Therefore, A best meets scalability, resilience, and modularity requirements.

Question#2

A company is building an application on AWS that connects to an Amazon RDS database. The company wants to manage the application configuration and to securely store and retrieve credentials for the database and other services.
Which solution will meet these requirements with the LEAST administrative overhead?

A. Use AWS AppConfig to store and manage the application configuration. Use AWS Secrets Manager to store and retrieve the credentials.
B. Use AWS Lambda to store and manage the application configuration. Use AWS Systems Manager Parameter Store to store and retrieve the credentials.
C. Use an encrypted application configuration file Store the file in Amazon S3 for the application configuration. Create another S3 file to store and retrieve the credentials.
D. Use AWS AppConfig to store and manage the application configuration. Use Amazon RDS to store and retrieve the credentials.

Explanation:
This solution meets the company's requirements with minimal administrative overhead and ensures security and ease of management.
AWS AppConfig: AWS AppConfig is a service designed to manage application configuration in a secure and validated way. It allows you to deploy configurations safely and quickly without affecting the application's performance or availability.
AWS Secrets Manager: AWS Secrets Manager is specifically designed to manage, retrieve, and rotate credentials for databases and other services. It integrates seamlessly with AWS services like Amazon RDS, making it an ideal solution for securely storing and retrieving database credentials. Secrets Manager also provides automatic rotation of credentials, reducing the operational burden.
Why Not Other Options?
Option B (AWS Lambda + Parameter Store): While AWS Lambda can be used for managing configurations and AWS Systems Manager Parameter Store can store credentials, this approach involves more manual setup and does not offer the same level of integrated management and security as AppConfig and Secrets Manager.
Option C (Encrypted S3 Configuration File): Storing configuration and credentials in S3 files involves more manual management and security considerations, increasing the administrative overhead.
Option D (AppConfig + RDS for credentials): RDS is not designed for storing application credentials; it's better suited for managing database instances and their configurations.
AWS
Reference: AWS AppConfig- Describes how to use AWS AppConfig for managing application configurations.
AWS Secrets Manager- Provides details on securely storing and retrieving credentials using AWS Secrets Manager.

Question#3

A company is building a mobile gaming app. The company wants to serve users from around the world with low latency. The company needs a scalable solution to host the application and to route user requests to the location that is nearest to each user.
Which solution will meet these requirements?

A. Use an Application Load Balancer to route requests to Amazon EC2 instances that are deployed across multiple Availability Zones.
B. Use a Regional Amazon API Gateway REST API to route requests to AWS Lambda functions.
C. Use an edge-optimized Amazon API Gateway REST API to route requests to AWS Lambda functions.
D. Use an Application Load Balancer to route requests to containers in an Amazon ECS cluster.

Explanation:
Edge-optimized API Gateway endpoints utilize the Amazon CloudFront global network to decrease latency for clients globally. This setup ensures that the request is routed to the closest edge location, significantly reducing response time and improving performance for worldwide users.
Reference: AWS Documentation C Amazon API Gateway Endpoint Types

Question#4

A company hosts an application on Amazon EC2 instances that are part of a target group behind an Application Load Balancer (ALB). The company has attached a security group to the ALB.
During a recent review of application logs, the company found many unauthorized login attempts from IP addresses that belong to countries outside the company's normal user base. The company wants to allow traffic only from the United States and Australia.

A. Edit the default network ACL to block IP addresses from outside of the allowed countries.
B. Create a geographic match rule in AWS WA
C. Attach the rule to the AL
D. Configure the ALB security group to allow the IP addresses of company employees. Edit the default network ACL to block IP addresses from outside of the allowed countries.
E. Use a host-based firewall on the EC2 instances to block IP addresses from outside of the allowed countries. Configure the ALB security group to allow the IP addresses of company employees.

Explanation:
Why Option B is Correct:
AWS WAF: Provides a simple way to create geographic match rules to block or allow traffic based on country IP ranges.
Least Operational Overhead: Attaching the WAF rule to the ALB ensures centralized control without modifying ACLs or instance firewalls.
Why Other Options Are Not Ideal:
Option A: Network ACLs operate at the subnet level and can become complex to manage for dynamic or evolving IP ranges.
Option C: Managing IP-based rules in security groups and ACLs lacks scalability and does not provide country-based filtering.
Option D: Configuring host-based firewalls increases operational overhead and does not leverage AWS-managed solutions.
AWS
Reference: AWS WAF Geomatch: AWS Documentation - WAF Geomatch

Question#5

A company runs an ecommerce platform with a monolithic architecture on Amazon EC2 instances. The platform runs web and API services. The company wants to decouple the architecture and enhance scalability. The company also wants the ability to track orders and reprocess any failed orders.
Which solution will meet these requirements?

A. Send orders to an Amazon Simple Queue Service (Amazon SQS) queue. Configure AWS Lambda functions to consume the queue and process orders. Implement an SQS dead-letter queue.
B. Send orders to an Amazon Simple Queue Service (Amazon SQS) queue. Configure Amazon Elastic Container Service (Amazon ECS) tasks to consume the queue. Implement SQS visibility timeout.
C. Use Amazon Kinesis Data Streams to queue orders. Use AWS Lambda functions to consume the data stream. Configure Amazon S3 to track and reprocess failed orders.
D. Send orders to an Amazon Simple Queue Service (Amazon SQS) queue. Configure AWS Lambda functions to consume the queue and process orders. Configure the Lambda functions to use SQS long polling.

Explanation:
To decouple the monolith and enhance scalability, AWS best practice is to introduce an asynchronous message queue, such as Amazon SQS, between the web/API tier and the order-processing logic.
AWS Lambda functions consuming from the SQS queue provide serverless, auto-scaling processing without managing servers.
To track and reprocess failed orders, SQS supports dead-letter queues (DLQs). Messages that cannot be processed successfully after a configurable number of attempts are automatically moved to the DLQ, where operations teams or automated processes can inspect and reprocess them.
Why others are not correct:
B: ECS tasks can consume an SQS queue, but this requires managing container infrastructure and does not inherently provide as simple reprocessing/visibility as combining Lambda with a DLQ.
Visibility timeout is not a tracking or archival mechanism.
C: Kinesis is a streaming service designed for ordered event streams, not primarily for order-queue semantics and DLQs; SQS is simpler and purpose-built for this pattern.
D: Long polling reduces empty responses and API calls but does nothing for tracking or reprocessing failed messages; without a DLQ, failed orders are harder to manage

Disclaimer

This page is for educational and exam preparation reference only. It is not affiliated with Amazon, AWS Certified Associate, or the official exam provider. Candidates should refer to official documentation and training for authoritative information.

Exam Code: SAA-C03Q & A: 758 Q&AsUpdated:  2026-04-10

  Get All SAA-C03 Q&As

Top 20 Exams

CertQuestionsBank doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All CertQuestionsBank content is sourced from the Internet.

Important Links

Know Us

Follow Us

Payment Methods

Payment Methods

Copyright © 2026 Certquestionbank.com Limited. All Rights Reserved.