30 Free AWS SAA-C03 Practice Questions

SAA-C03 Practice Questions

1. Question 1.Which set of Amazon S3 features helps to prevent and recover from accidental data loss?

   • A.Object lifecycle and service access logging.
   • B.Object versioning and Multi-factor authentication.(correct answer)
   • C.Access controls and server-side encryption.
   • D.Website hosting and Amazon S3 policies.
   Show answer & explanationHide answer

   Correct answer: B

   Object versioning and Multi-factor authentication.

   Explanation

   Object versioning allows you to preserve, retrieve, and restore every version of every object stored in S3. Multi-factor authentication (MFA) delete adds an extra layer of security by requiring MFA to delete an object version or change the versioning state.

2. Question 2.What is the minimum time interval for the data that Amazon CloudWatch receives and aggregates?

   • A.One second.
   • B.Five seconds.
   • C.One minute.(correct answer)
   • D.Three minutes.
   • E.Five minutes.
   Show answer & explanationHide answer

   Correct answer: C

   One minute.

   Explanation

   Standard resolution for CloudWatch metrics is 1-minute intervals. High-resolution metrics (like for custom metrics or some specific services) can go down to 1 second, but 1 minute is the standard minimum for default aggregation.

3. Question 3.A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the below mentioned options is not a possible reason for this?

   • A.The user account has reached the maximum volume limit.
   • B.The AMI is missing. It is the required part.
   • C.The snapshot is corrupt.
   • D.The user account has reached the maximum EC2 instance limit.(correct answer)
   Show answer & explanationHide answer

   Correct answer: D

   The user account has reached the maximum EC2 instance limit.

   Explanation

   If a user has reached the maximum EC2 instance limit, AWS will not allow the instance to launch at all (it will fail with an 'InstanceLimitExceeded' error). If an instance launches and *then* immediately terminates, it's usually due to EBS volume limits, missing AMIs, or corrupt snapshots.

4. Question 4.Your website is serving on-demand training videos to your workforce. Videos are uploaded monthly in high resolution MP4 format. Your workforce is distributed globally often on the move and using company-provided tablets that require the HTTP Live Streaming (HLS) protocol to watch a video. Your company has no video transcoding expertise and it required you may need to pay for a consultant. How do you implement the most cost-efficient architecture without compromising high availability and quality of video delivery?

   • A.A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust the number of nodes depending on the length of the queue. EBS volumes to host videos and EBS snapshots to incrementally backup original files after a few days. CloudFront to serve HLS transcoded videos from EC2.
   • B.Elastic Transcoder to transcode original high-resolution MP4 videos to HLS. EBS volumes to host videos and EBS snapshots to incrementally backup original files after a few days. CloudFront to serve HLS transcoded videos from EC2.
   • C.Elastic Transcoder to transcode original high-resolution MP4 videos to HLS. S3 to host videos with Lifecycle Management to archive original files to Glacier after a few days. CloudFront to serve HLS transcoded videos from S3.(correct answer)
   • D.A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust the number of nodes depending on the length of the queue. S3 to host videos with Lifecycle Management to archive all files to Glacier after a few days. CloudFront to serve HLS transcoded videos from Glacier.
   Show answer & explanationHide answer

   Correct answer: C

   Elastic Transcoder to transcode original high-resolution MP4 videos to HLS. S3 to host videos with Lifecycle Management to archive original files to Glacier after a few days. CloudFront to serve HLS transcoded videos from S3.

   Explanation

   Amazon Elastic Transcoder is a managed service that eliminates the need to manage EC2 instances. Using S3 for storage with Lifecycle policies to Glacier, and CloudFront for global delivery, provides a highly available and cost-efficient serverless solution.

5. Question 5.You are designing an intrusion detection prevention (IDS/IPS) solution for a customer web application in a single VPC. You are considering the options for implementing IOS IPS protection for traffic coming from the Internet. Which of the following options would you consider? (Choose 2 answers)

   • A.Implement IDS/IPS agents on each Instance running in VPC.(correct answer)
   • B.Configure an instance in each subnet to switch its network interface card to promiscuous mode and analyze network traffic.
   • C.Implement Elastic Load Balancing with SSL listeners in front of the web applications.
   • D.Implement a reverse proxy layer in front of web servers and configure IDS/ IPS agents on each reverse proxy server.(correct answer)
   Show answer & explanationHide answer

   Correct answer: A, D

   Implement IDS/IPS agents on each Instance running in VPC. / Implement a reverse proxy layer in front of web servers and configure IDS/ IPS agents on each reverse proxy server.

   Explanation

   AWS VPC networking does not support promiscuous mode. Therefore, you must either install security agents on the instances themselves or use a reverse proxy layer (like an NGINX/Snort rig) to inspect traffic before it reaches the application servers.

6. Question 6.Which of the following are valid statements about Amazon S3? (Choose 2 answers)

   • A.Amazon S3 provides read-after-write consistency for any type of PUT or DELETE.
   • B.Consistency is not guaranteed for any type of PUT or DELETE.
   • C.A successful response to a PUT request only occurs when a complete object is saved.(correct answer)
   • D.Partially saved objects are immediately readable with a GET after an overwrite PU.
   • E.S3 provides eventual consistency for overwrite PUTS and DELETE.(correct answer)
   Show answer & explanationHide answer

   Correct answer: C, E

   A successful response to a PUT request only occurs when a complete object is saved. / S3 provides eventual consistency for overwrite PUTS and DELETE.

   Explanation

   Historically, S3 provided read-after-write consistency for PUTS of new objects but eventual consistency for overwrite PUTS and DELETEs. (Note: S3 now provides strong consistency as of Dec 2020, but exam questions may still reflect the older model).

7. Question 7.How can the domain's zone apex, for example, 'myzoneapexdomain.com', be pointed towards an Elastic Load Balancer?

   • A.By using an Amazon Route 53 Alias record.(correct answer)
   • B.By using an AAAA record.
   • C.By using an Amazon Route 53 CNAME record.
   • D.By using an A record.
   Show answer & explanationHide answer

   Correct answer: A

   By using an Amazon Route 53 Alias record.

   Explanation

   DNS standards do not allow a CNAME record for the zone apex (the root domain). Route 53 Alias records provide a way to point the zone apex to an AWS resource like an ELB, S3 bucket, or CloudFront distribution.

8. Question 8.When should I choose Provisioned IOPS over Standard RDS storage?

   • A.If you have batch-oriented workloads.
   • B.If you use production online transaction processing (OLTP) workloads.(correct answer)
   • C.If you have workloads that are not sensitive to consistent performance.
   Show answer & explanationHide answer

   Correct answer: B

   If you use production online transaction processing (OLTP) workloads.

   Explanation

   Provisioned IOPS (PIOPS) storage is designed to deliver fast, predictable, and consistent I/O performance. It is the best choice for production OLTP workloads that require low latency.

9. Question 9.Your department creates regular analytics reports from your company's log files All log data is collected in Amazon S3 and processed by daily Amazon Elastic MapReduce (EMR) jobs that generate daily PDF reports and aggregated tables in CSV format for an Amazon Redshift data warehouse. Which of the following alternatives will lower costs without compromising average performance of the system or data integrity for the raw data?

   • A.Use reduced redundancy storage (RRS) for all data in S3. Use a combination of Spot Instances and Reserved Instances for Amazon EMR jobs. Use Reserved Instances for Amazon Redshift.
   • B.Use reduced redundancy storage (RRS) for PDF and .csv data in S3. Add Spot Instances to EMR jobs. Use Spot Instances for Amazon Redshift.
   • C.Use reduced redundancy storage (RRS) for PDF and .csv data in Amazon S3. Add Spot Instances to Amazon EMR jobs. Use Reserved Instances for Amazon Redshift.(correct answer)
   • D.Use reduced redundancy storage (RRS) for all data in Amazon S3. Add Spot Instances to Amazon EMR jobs. Use Reserved Instances for Amazon Redshift.
   Show answer & explanationHide answer

   Correct answer: C

   Use reduced redundancy storage (RRS) for PDF and .csv data in Amazon S3. Add Spot Instances to Amazon EMR jobs. Use Reserved Instances for Amazon Redshift.

   Explanation

   Using Spot Instances for EMR worker nodes and Reserved Instances for the long-running Redshift cluster provides the best cost optimization. PDF and CSV files are reproducible (non-original), making them candidates for cheaper storage (historically RRS).

10. Question 10.Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a [...] DB Instance.

    • A.SQL Server.(correct answer)
    • B.MySQL.
    • C.Oracle.
    Show answer & explanationHide answer

    Correct answer: A

    SQL Server.

    Explanation

    Historically, RDS for SQL Server had limitations on expanding storage capacity due to its underlying Windows storage architecture (though these limits have been significantly expanded in recent years).

11. Question 11.In regards to IAM you can edit user properties later, but you cannot use the console to change the [...].

    • A.user name.(correct answer)
    • B.password.
    • C.default group.
    Show answer & explanationHide answer

    Correct answer: A

    user name.

    Explanation

    In the IAM console, you can change a user's password, groups, and permissions, but you cannot change their user name once it has been created. You would need to use the CLI or create a new user.

12. Question 12.In Amazon EC2 Container Service, are other container types supported?

    • A.Yes, EC2 Container Service supports any container service you need.
    • B.Yes, EC2 Container Service also supports Microsoft container service.
    • C.No, Docker is the only container platform supported by EC2 Container Service presently.(correct answer)
    • D.Yes, EC2 Container Service supports Microsoft container service and Openstack.
    Show answer & explanationHide answer

    Correct answer: C

    No, Docker is the only container platform supported by EC2 Container Service presently.

    Explanation

    Amazon Elastic Container Service (ECS) is built to run Docker containers. While it can run containers on Windows or Linux, Docker is the fundamental container technology used by the service.

13. Question 13.Content and Media Server is the latest requirement that you need to meet for a client. The client has been very specific about his requirements such as low latency, high availability, durability, and access control. Potentially there will be millions of views on this server and because of 'spiky' usage patterns, operations teams will need to provision static hardware, network, and management resources to support the maximum expected need. The Customer base will be initially low but is expected to grow and become more geographically distributed. Which of the following would be a good solution for content distribution?

    • A.Amazon S3 as both the origin server and for caching.
    • B.AWS Storage Gateway as the origin server and Amazon EC2 for caching.
    • C.AWS CloudFront as both the origin server and for caching.
    • D.Amazon S3 as the origin server and Amazon CloudFront for caching.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    Amazon S3 as the origin server and Amazon CloudFront for caching.

    Explanation

    Using Amazon S3 for durable object storage as the origin and Amazon CloudFront for global, low-latency distribution with automatic scaling is the optimal choice for spiky media traffic.

14. Question 14.Name the disk storage supported by Amazon Elastic Compute Cloud (EC2)

    • A.None of these.
    • B.Amazon AppStream store.
    • C.Amazon SNS store.
    • D.Amazon Instance Store.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    Amazon Instance Store.

    Explanation

    Amazon EC2 fundamentally supports two types of disk storage: Amazon EBS and Amazon Instance Store (ephemeral storage that is physically attached to the host server).

15. Question 15.After an Amazon VPC instance is launched, can I change the VPC security groups it belongs to?

    • A.Only if the tag 'VPC_Change_Group' is true.
    • B.Yes. You can.(correct answer)
    • C.No. You cannot.
    • D.Only if the tag 'VPC Change Group' is true.
    Show answer & explanationHide answer

    Correct answer: B

    Yes. You can.

    Explanation

    Security groups in a VPC are dynamic. You can add or remove an instance from security groups at any time, and the changes take effect almost immediately without needing to restart the instance.

16. Question 16.If I want an instance to have a public IP address, which IP address should I use?

    • A.Elastic IP Address.(correct answer)
    • B.Class B IP Address.
    • C.Class A IP Address.
    • D.Dynamic IP Address.
    Show answer & explanationHide answer

    Correct answer: A

    Elastic IP Address.

    Explanation

    An Elastic IP address is a static, public IPv4 address designed for dynamic cloud computing. Unlike a dynamic public IP, it remains associated with your account even if the instance is stopped or terminated.

17. Question 17.Amazon RDS supports SOAP only through [...].

    • A.HTTP or HTTPS.
    • B.TCP/IP.
    • C.HTTP.
    • D.HTTPS.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    HTTPS.

    Explanation

    Amazon RDS originally supported a SOAP interface for administrative commands, which was strictly limited to secure HTTPS requests.

18. Question 18.Which of the following services natively encrypts data at rest within an AWS region? (Choose 2 answers)

    • A.AWS Storage Gateway.(correct answer)
    • B.Amazon DynamoDB.
    • C.Amazon CloudFront.
    • D.Amazon Glacier.(correct answer)
    • E.Amazon Simple Queue Service.
    Show answer & explanationHide answer

    Correct answer: A, D

    AWS Storage Gateway. / Amazon Glacier.

    Explanation

    AWS Storage Gateway and Amazon S3 Glacier natively encrypt data at rest by default. While DynamoDB and SQS now also support encryption at rest, historically this was a key differentiator for Glacier and Storage Gateway.

19. Question 19.Which one of the following can't be used as an origin server with Amazon CloudFront?

    • A.A web server running in your infrastructure.
    • B.Amazon S3.
    • C.Amazon Glacier.(correct answer)
    • D.A web server running on Amazon EC2 instances.
    Show answer & explanationHide answer

    Correct answer: C

    Amazon Glacier.

    Explanation

    CloudFront origins must be HTTP/HTTPS endpoints (like S3 buckets, EC2 instances, or custom servers). Amazon S3 Glacier is an archival service and does not provide direct HTTP access to CloudFront.

20. Question 20.Select the most correct The device name /dev/sdal (within Amazon EC2) is [...].

    • A.possible for EBS volumes.
    • B.reserved for the root device.(correct answer)
    • C.recommended for EBS volumes.
    • D.recommended for instance store volumes.
    Show answer & explanationHide answer

    Correct answer: B

    reserved for the root device.

    Explanation

    In Amazon EC2, `/dev/sda1` is the traditional convention for the root device name (where the operating system resides) for Linux instances.

21. Question 21.How can I change the security group membership for interfaces owned by other AWS, such as Elastic Load Balancing?

    • A.By using the service specific console or APICLI commands.(correct answer)
    • B.None of these.
    • C.Using Amazon EC2 API/CLI.
    • D.Using all these methods.
    Show answer & explanationHide answer

    Correct answer: A

    By using the service specific console or APICLI commands.

    Explanation

    For network interfaces owned by other AWS services (like ELB), you must use the management console or API/CLI specific to that service to modify security settings, as they are not directly manageable via standard EC2 instance commands.

22. Question 22.You have created a Route 53 latency record set from your domain to a machine in Northern Virginia and a similar record to a machine in Sydney. When a user located in US visits your domain he will be routed to

    • A.Northern Virginia.(correct answer)
    • B.Sydney.
    • C.Both, Northern Virginia and Sydney.
    • D.Depends on the Weighted Resource Record Sets.
    Show answer & explanationHide answer

    Correct answer: A

    Northern Virginia.

    Explanation

    Route 53 latency-based routing directs traffic to the AWS Region that provides the lowest latency for the user. For a user in the US, the Northern Virginia region will typically have much lower latency than Sydney.

23. Question 23.In the context of MySQL, version numbers are organized as MySQL version = X.Y.Z. What does X denote here?

    • A.Release level.
    • B.Minor version.
    • C.Version number.
    • D.Major version.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    Major version.

    Explanation

    In standard versioning for services like MySQL, the first number (X) denotes the major version, which typically includes significant architectural changes.

24. Question 24.Which one of the below doesn't affect Amazon CloudFront billing?

    • A.Distribution Type.(correct answer)
    • B.Data Transfer Out.
    • C.Dedicated IP SSL Certificates.
    • D.Requests.
    Show answer & explanationHide answer

    Correct answer: A

    Distribution Type.

    Explanation

    CloudFront billing is primarily driven by Data Transfer Out, HTTP/HTTPS Requests, and optional features like Dedicated IP SSL. The 'Distribution Type' itself is not a direct billing factor.

25. Question 25.Just when you thought you knew every possible storage option on AWS you hear someone mention Reduced Redundancy Storage (RRS) within Amazon S3. What is the ideal scenario to use Reduced Redundancy Storage (RRS)?

    • A.Huge volumes of data.
    • B.Sensitive data.
    • C.Non-critical or reproducible data.(correct answer)
    • D.Critical data.
    Show answer & explanationHide answer

    Correct answer: C

    Non-critical or reproducible data.

    Explanation

    Reduced Redundancy Storage (RRS) was designed for non-critical, reproducible data (like thumbnails or logs) that could be stored at a lower durability than standard S3 to save costs. (Note: standard S3 is now usually more cost-effective).

26. Question 26.Which of the following AWS CLI commands is syntactically incorrect?

    • A.`$ aws ec2 describe-instances`.
    • B.`$ aws ec2 start-instances --instance-ids i-1348636c`.
    • C.`$ aws sns publish --topic-arn arn:aws:sns:us-east-1:546419318123:OperationsError -message "Script Failure"`.(correct answer)
    • D.`$ aws sqs receive-message --queue-url https://queue.amazonaws.com/546419318123/Test`.
    Show answer & explanationHide answer

    Correct answer: C

    `$ aws sns publish --topic-arn arn:aws:sns:us-east-1:546419318123:OperationsError -message "Script Failure"`.

    Explanation

    The SNS publish command is incorrect because the flag for the message should be `--message`, not `-message`. AWS CLI flags generally use double hyphens.

27. Question 27.When running my DB Instance as a Multi-AZ deployment, can I use the standby for read or write operations?

    • A.Yes.
    • B.Only with MSSQL based RDS.
    • C.Only for Oracle RDS instances.
    • D.No.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    No.

    Explanation

    In a standard Multi-AZ deployment, the standby instance is purely for failover and high availability. It does not serve read or write traffic. For read scaling, you should use Read Replicas.

28. Question 28.In the Launch Db Instance Wizard, where can I select the backup and maintenance options?

    • A.Under DB INSTANCE DETAILS.
    • B.Under REVI EW.
    • C.Under MANAGEMENT OPTIONS.(correct answer)
    • D.Under ENGINE SELECTION.
    Show answer & explanationHide answer

    Correct answer: C

    Under MANAGEMENT OPTIONS.

    Explanation

    Backup, maintenance, and monitoring settings for RDS are typically found under the 'Management Options' or 'Additional Configuration' section of the launch wizard.

29. Question 29.What is the network performance offered by the c4.8xlarge instance in Amazon EC2?

    • A.20 Gigabit.
    • B.10 Gigabit.(correct answer)
    • C.Very High but variable.
    • D.5 Gigabit.
    Show answer & explanationHide answer

    Correct answer: B

    10 Gigabit.

    Explanation

    The C4.8xlarge instance type provides dedicated network throughput of 10 Gbps and is designed for compute-intensive workloads with consistent network performance.

30. Question 30.In Amazon EC2, if your EBS volume stays in the detaching state, you can force the detachment by clicking [...].

    • A.Force Detach.(correct answer)
    • B.Detach Instance.
    • C.AttachVolume.
    • D.AttachInstance.
    Show answer & explanationHide answer

    Correct answer: A

    Force Detach.

    Explanation

    If a volume is stuck in a 'detaching' state, you can use the 'Force Detach' option to detach it from the instance. This should be done with caution to avoid data loss or filesystem corruption.

Frequently Asked Questions

Keep studying

Study guide

How to Pass the AWS Solutions Architect Associate (SAA-C03) on Your First Attempt

Full exam

AWS Solutions Architect Associate (SAA-C03) details

Free practice

AWS DVA-C02

Free practice

AWS SOA-C03

Free practice

AWS SCS-C02