DummyExams LogoDummyExams
AWS logo

Free Practice · No Signup Required

30 Free AWS SAA-C03-NEW Practice Questions

Real practice questions for the AWS Solutions Architect Associate (New Pool) (SAA-C03-NEW) exam, with answers and detailed explanations. Updated 2026.

Start Timed Exam ModeUnlock all 490+ Questions

Free questions

30

Passing score

720 out of 1000

Exam time

130 minutes

Question pool

490+ Questions

Below are 30 real practice questions for the AWS Solutions Architect Associate (New Pool) (SAA-C03-NEW) exam. Each question shows the correct answer and a detailed explanation when you reveal it. Use these to benchmark your readiness — if you score below 70% on these 30 questions, plan for at least 4 more weeks of study before booking.

SAA-C03-NEW Practice Questions

  1. Question 1.A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours. The data points must be accessible from a REST API. Which action meets these requirements for storing and retrieving location data?

    • A.Use Amazon Athena with Amazon S3.
    • B.Use Amazon API Gateway with AWS Lambda.
    • C.Use Amazon QuickSight with Amazon Redshift.
    • D.Use Amazon API Gateway with Amazon Kinesis Data Analytics.(correct answer)
    Show answer & explanation

    Correct answer: D

    Use Amazon API Gateway with Amazon Kinesis Data Analytics.

    Explanation

    Amazon Kinesis Data Analytics processes streaming data in real time. API Gateway can expose the processed data through a REST API.

  2. Question 2.A solutions architect needs to implement a solution to reduce a company's storage costs. All data is in S3 Standard. The company must keep data for at least 25 years. Data from the most recent 2 years must be highly available and immediately retrievable.

    • A.Set up an S3 life cycle policy to transition objects to S3 Glacier Deep Archive immediately.
    • B.Set up an S3 life cycle policy to transition objects to S3 Glacier Deep Archive after 2 years.(correct answer)
    • C.Use S3 Intelligent-Tiering and activate the archiving option.
    • D.Set up an S3 life cycle policy to transition objects to S3 One Zone-IA immediately and to S3 Glacier Deep Archive after 2 years.
    Show answer & explanation

    Correct answer: B

    Set up an S3 life cycle policy to transition objects to S3 Glacier Deep Archive after 2 years.

    Explanation

    Objects accessed within the last 2 years must remain immediately available. Moving older objects to Glacier Deep Archive after 2 years minimizes cost.

  3. Question 3.A food delivery service is experiencing scaling problems. The current architecture uses EC2 instances in Auto Scaling groups for order collection and fulfillment. Collection is fast, but fulfillment takes longer. Data must not be lost. How can both processes scale adequately?

    • A.Use CloudWatch to monitor CPU and set minimum capacity to peak workload values.
    • B.Use CloudWatch to invoke SNS to create additional Auto Scaling groups on demand.
    • C.Provision two SQS queues and scale based on notifications sent by the queues.
    • D.Provision two SQS queues and scale the Auto Scaling groups based on the number of messages in each queue.(correct answer)
    Show answer & explanation

    Correct answer: D

    Provision two SQS queues and scale the Auto Scaling groups based on the number of messages in each queue.

    Explanation

    SQS provides durable message storage and allows each workload to scale independently based on queue depth.

  4. Question 4.A company needs to consolidate batch and streaming data into S3 for business analytics (KPIs, one-time queries) with the least operational overhead.

    • A.Use Amazon Athena for one-time queries and Amazon QuickSight for dashboards.(correct answer)
    • B.Use Amazon Kinesis Data Analytics for one-time queries and QuickSight for dashboards.
    • C.Create custom Lambda functions to move records to Redshift.
    • D.Use an AWS Glue ETL job to load data into multiple OpenSearch Service clusters.
    • E.Use blueprints in AWS Lake Formation to ingest data and AWS Glue to load data into S3 in Apache Parquet format.(correct answer)
    Show answer & explanation

    Correct answer: A, E

    Use Amazon Athena for one-time queries and Amazon QuickSight for dashboards. / Use blueprints in AWS Lake Formation to ingest data and AWS Glue to load data into S3 in Apache Parquet format.

    Explanation

    Athena enables serverless SQL queries directly on S3 data and QuickSight provides dashboards. Lake Formation blueprints and Glue simplify ingestion and ETL.

  5. Question 5.Rotate credentials for Amazon RDS for MySQL databases across multiple regions with the least operational overhead.

    • A.Store credentials in AWS Secrets Manager, use multi-region secret replication, and configure scheduled rotation.(correct answer)
    • B.Store credentials in Systems Manager Parameter Store (Secure String) with multi-region replication.
    • C.Store credentials in an S3 bucket with SSE and use EventBridge with Lambda for rotation.
    • D.Encrypt with KMS multi-region keys, store in DynamoDB, and use Lambda with RDS API for rotation.
    Show answer & explanation

    Correct answer: A

    Store credentials in AWS Secrets Manager, use multi-region secret replication, and configure scheduled rotation.

    Explanation

    AWS Secrets Manager supports automatic credential rotation and multi-region replication with minimal operational effort.

  6. Question 6.Securely integrate Amazon S3 with an application in a private subnet using Amazon Cognito to store user documents.

    • A.Create an Amazon Cognito identity pool to generate temporary S3 access tokens.(correct answer)
    • B.Use the existing user pool to generate S3 access tokens.
    • C.Create an Amazon S3 VPC endpoint in the VPC.(correct answer)
    • D.Create a NAT gateway and an S3 policy denying requests not initiated from Cognito.
    • E.Attach an S3 policy allowing access only from user IP addresses.
    Show answer & explanation

    Correct answer: A, C

    Create an Amazon Cognito identity pool to generate temporary S3 access tokens. / Create an Amazon S3 VPC endpoint in the VPC.

    Explanation

    Cognito identity pools provide temporary AWS credentials for users to access S3 securely. An S3 VPC endpoint allows private subnet applications to access S3 without traversing the internet.

  7. Question 7.When an automobile is sold on a website, the data must be sent to multiple target systems reliably.

    • A.Lambda triggered by RDS update to send information to an SQS queue.
    • B.Lambda triggered by RDS update to send information to an SQS FIFO queue.
    • C.Subscribe to RDS event notifications and send to an SQS queue fanned out to SNS topics.
    • D.Subscribe to RDS event notifications and send to an SNS topic fanned out to multiple SQS queues.(correct answer)
    Show answer & explanation

    Correct answer: D

    Subscribe to RDS event notifications and send to an SNS topic fanned out to multiple SQS queues.

    Explanation

    Amazon SNS provides pub/sub fan-out capabilities. Publishing events to SNS and distributing them to multiple SQS queues ensures reliable delivery to multiple systems.

  8. Question 8.Migrate a small Python application processing JSON documents to the cloud with maximum scalability and minimum maintenance.

    • A.JSON in S3, Python on EC2 instances, results in Aurora.
    • B.JSON in S3, Lambda function triggered by S3 to process documents, results in Aurora.(correct answer)
    • C.JSON in EBS (multi-attach) to EC2 instances, results in RDS.
    • D.JSON in SQS, code as a container on ECS (EC2 launch type), results in RDS.
    Show answer & explanation

    Correct answer: B

    JSON in S3, Lambda function triggered by S3 to process documents, results in Aurora.

    Explanation

    Amazon S3 events can trigger AWS Lambda automatically. Lambda provides automatic scaling and removes server management overhead.

  9. Question 9.Prevent AWS Glue from reprocessing old XML data already processed in an S3 bucket.

    • A.Edit the job to use job bookmarks.(correct answer)
    • B.Edit the job to delete data after processing.
    • C.Set the number of workers to one.
    • D.Use a "Find Matches" ML transform.
    Show answer & explanation

    Correct answer: A

    Edit the job to use job bookmarks.

    Explanation

    AWS Glue job bookmarks track previously processed data and prevent the same files from being processed again.

  10. Question 10.Scale an image analysis application (EC2 and DynamoDB) to handle varying numbers of concurrent users.

    • A.Use Lambda to process photos and store both photos and metadata in DynamoDB.
    • B.Use Kinesis Data Firehose to process and store photos and metadata.
    • C.Use Lambda to process photos, store photos in S3, and keep metadata in DynamoDB.(correct answer)
    • D.Increase EC2 instances to three and use EBS IO2 volumes.
    Show answer & explanation

    Correct answer: C

    Use Lambda to process photos, store photos in S3, and keep metadata in DynamoDB.

    Explanation

    Amazon S3 is designed for scalable object storage. Lambda provides automatic compute scaling, while DynamoDB stores metadata with high scalability.

  11. Question 11.A static website on S3 via CloudFront must have all traffic inspected by AWS WAF.

    • A.S3 bucket policy accepting only the AWS WAF ARN.
    • B.Configure CloudFront to forward requests to WAF before S3.
    • C.Security group allowing CloudFront IPs to S3 and associate WAF with CloudFront.
    • D.Use an Origin Access Identity (OAI) for S3 and enable WAF on the CloudFront distribution.(correct answer)
    Show answer & explanation

    Correct answer: D

    Use an Origin Access Identity (OAI) for S3 and enable WAF on the CloudFront distribution.

    Explanation

    AWS WAF integrates with CloudFront distributions. Using OAI restricts direct S3 access while CloudFront handles traffic inspection.

  12. Question 12.Improve global performance for uploading and downloading images on an S3-hosted site with minimal effort.

    • A.Configure CloudFront for downloads and enable S3 Transfer Acceleration for uploads.(correct answer)
    • B.Use multi-region EC2 instances with Global Accelerator.
    • C.CloudFront for downloads and configure the app to upload via CloudFront with multi-region S3.
    • D.Configure AWS Global Accelerator for the S3 bucket.
    Show answer & explanation

    Correct answer: A

    Configure CloudFront for downloads and enable S3 Transfer Acceleration for uploads.

    Explanation

    CloudFront improves global download performance through caching. S3 Transfer Acceleration improves upload performance over long distances.

  13. Question 13.Protect REST APIs (API Gateway) in multiple regions and accounts from SQL injection and XSS with minimal administrative effort.

    • A.Set up AWS WAF in both regions and associate regional ACLs with stages.
    • B.Set up AWS Firewall Manager in both regions to centrally configure WAF rules.(correct answer)
    • C.Set up AWS Shield in both regions.
    • D.Set up AWS Shield in one region.
    Show answer & explanation

    Correct answer: B

    Set up AWS Firewall Manager in both regions to centrally configure WAF rules.

    Explanation

    AWS Firewall Manager centrally manages AWS WAF rules across multiple accounts and regions.

  14. Question 14.Improve performance of both real-time and on-demand video streaming for a global audience.

    • A.Amazon CloudFront.(correct answer)
    • B.AWS Global Accelerator.
    • C.Amazon Route 53.
    • D.Amazon S3 Transfer Acceleration.
    Show answer & explanation

    Correct answer: A

    Amazon CloudFront.

    Explanation

    CloudFront is designed for global content delivery including live and on-demand video streaming.

  15. Question 15.Most cost-effective purchasing options for: EC2 (sporadic, interruptible), Fargate (predictable), and Lambda (predictable).

    • A.Use spot instances for the data ingestion layer (EC2).(correct answer)
    • B.Use on-demand instances for the ingestion layer.
    • C.Purchase a one-year Compute Savings Plan for Fargate and Lambda.(correct answer)
    • D.Purchase one-year reserved instances for the ingestion layer.
    • E.Purchase a one-year EC2 Instance Savings Plan for Fargate and Lambda.
    Show answer & explanation

    Correct answer: A, C

    Use spot instances for the data ingestion layer (EC2). / Purchase a one-year Compute Savings Plan for Fargate and Lambda.

    Explanation

    Spot Instances reduce cost for interruptible EC2 workloads. Compute Savings Plans apply to Fargate and Lambda usage.

  16. Question 16.Ensure all notifications in an SNS -> Lambda workflow are eventually processed despite network failures.

    • A.Deploy Lambda across multiple availability zones.
    • B.Increase Lambda CPU and memory.
    • C.Increase SNS retry attempts and wait time.
    • D.Configure an SQS queue as an on-failure destination for Lambda.(correct answer)
    Show answer & explanation

    Correct answer: D

    Configure an SQS queue as an on-failure destination for Lambda.

    Explanation

    Lambda destinations allow failed asynchronous invocations to be stored in SQS for later processing.

  17. Question 17.Steps for a "lift and shift" migration of on-premises VMs to AWS.

    • A.Use AWS SCT.
    • B.Use AWS Application Migration Service (MGN) and install the replication agent.(correct answer)
    • C.Complete initial replication and launch test instances.(correct answer)
    • D.Stop operations on VMs and launch a cutover instance.(correct answer)
    • E.Use AWS App2Container (A2C).
    • F.Use AWS DMS.
    Show answer & explanation

    Correct answer: B, C, D

    Use AWS Application Migration Service (MGN) and install the replication agent. / Complete initial replication and launch test instances. / Stop operations on VMs and launch a cutover instance.

    Explanation

    AWS Application Migration Service supports rehosting by replicating servers, testing migrated instances, and performing cutover.

  18. Question 18.Scalable and centralized way to limit access to specific services/actions for all accounts in an organization.

    • A.Create an ACL.
    • B.Create a security group.
    • C.Create cross-account roles in each account.
    • D.Create a Service Control Policy (SCP) in the root organizational unit.(correct answer)
    Show answer & explanation

    Correct answer: D

    Create a Service Control Policy (SCP) in the root organizational unit.

    Explanation

    SCPs in AWS Organizations centrally control available permissions across accounts.

  19. Question 19.Retain 10 TB of logs monthly for 10 years. Logs are frequent for 1 month, then rare. Most cost-effective storage.

    • A.S3, then use AWS Backup to move logs to Glacier Deep Archive after 1 month.
    • B.S3, then use S3 life cycle policies to move logs to Glacier Deep Archive after 1 month.(correct answer)
    • C.CloudWatch Logs, then use AWS Backup.
    • D.CloudWatch Logs, then use S3 life cycle policies.
    Show answer & explanation

    Correct answer: B

    S3, then use S3 life cycle policies to move logs to Glacier Deep Archive after 1 month.

    Explanation

    S3 lifecycle policies automatically transition objects to Glacier Deep Archive at the required time with minimal management.

  20. Question 20.Ensure network traffic for file transfers between EC2 and S3 takes a private route.

    • A.Create a NAT gateway.
    • B.Restrict the EC2 security group to the S3 prefix list.
    • C.Move EC2 to private subnets and create a VPC endpoint for S3.(correct answer)
    • D.Remove the internet gateway and use Direct Connect.
    Show answer & explanation

    Correct answer: C

    Move EC2 to private subnets and create a VPC endpoint for S3.

    Explanation

    An S3 Gateway VPC Endpoint enables private connectivity between EC2 and S3 without using the internet.

  21. Question 21.Reduce the risk of DDoS attacks against a public web application using an ALB.

    • A.Add an Amazon Inspector agent to the ALB.
    • B.Configure Amazon Macie.
    • C.Enable AWS Shield Advanced.(correct answer)
    • D.Configure Amazon GuardDuty.
    Show answer & explanation

    Correct answer: C

    Enable AWS Shield Advanced.

    Explanation

    AWS Shield Advanced provides enhanced DDoS protection for public-facing applications.

  22. Question 22.Redesign an architecture (RabbitMQ, App, PostgreSQL) running on single-AZ EC2 for highest availability with least overhead.

    • A.RabbitMQ on Amazon MQ (active/standby), Multi-AZ ASG for the app, and Multi-AZ ASG for PostgreSQL on EC2.
    • B.RabbitMQ on Amazon MQ (active/standby), Multi-AZ ASG for the app, and Multi-AZ RDS for PostgreSQL.(correct answer)
    • C.Multi-AZ ASG for RabbitMQ on EC2, Multi-AZ ASG for the app, and Multi-AZ RDS.
    • D.Multi-AZ ASGs for all three components on EC2.
    Show answer & explanation

    Correct answer: B

    RabbitMQ on Amazon MQ (active/standby), Multi-AZ ASG for the app, and Multi-AZ RDS for PostgreSQL.

    Explanation

    Amazon MQ removes RabbitMQ management overhead and RDS Multi-AZ provides managed PostgreSQL high availability.

  23. Question 23.Aggregate 500 GB of daily data from global sites into one S3 bucket as quickly as possible with low complexity.

    • A.Turn on S3 Transfer Acceleration and use multi-part uploads.(correct answer)
    • B.Upload to the closest regional S3 bucket and use Cross-Region Replication.
    • C.Use daily AWS Snowball Edge jobs.
    • D.Upload to a regional EC2 instance, use EBS snapshots, and copy them.
    Show answer & explanation

    Correct answer: A

    Turn on S3 Transfer Acceleration and use multi-part uploads.

    Explanation

    S3 Transfer Acceleration optimizes long-distance uploads using AWS edge locations.

  24. Question 24.Improve a containerized web app + PostgreSQL infrastructure to reduce overhead from maintenance and capacity planning.

    • A.Migrate the PostgreSQL database to Amazon Aurora.(correct answer)
    • B.Migrate the app to EC2 instances.
    • C.Set up CloudFront for content.
    • D.Set up ElastiCache.
    • E.Migrate the app to AWS Fargate with Amazon ECS.(correct answer)
    Show answer & explanation

    Correct answer: A, E

    Migrate the PostgreSQL database to Amazon Aurora. / Migrate the app to AWS Fargate with Amazon ECS.

    Explanation

    Aurora reduces database management overhead and ECS Fargate removes container infrastructure management.

  25. Question 25.Store confidential data in S3 with encryption at rest, auditing (logged key usage), and annual rotation (most efficient).

    • A.SSE-C.
    • B.SSE-S3.
    • C.SSE-KMS with manual rotation.
    • D.SSE-KMS with automatic rotation.(correct answer)
    Show answer & explanation

    Correct answer: D

    SSE-KMS with automatic rotation.

    Explanation

    SSE-KMS provides encryption, CloudTrail auditing of key usage, and automatic annual key rotation.

  26. Question 26.A company is migrating its on-premises PostgreSQL database to Amazon Aurora PostgreSQL. The on-premises database must remain online and accessible during the migration. The Aurora database must remain synchronized with the on-premises database. Which combination of actions must a solutions architect take?

    • A.Create an ongoing replication task.(correct answer)
    • B.Create a database backup of the on-premises database.
    • C.Create an AWS Database Migration Service (AWS DMS) replication server.(correct answer)
    • D.Convert the database schema by using the AWS Schema Conversion Tool (AWS SCT).
    • E.Create an Amazon EventBridge rule to monitor the database synchronization.
    Show answer & explanation

    Correct answer: A, C

    Create an ongoing replication task. / Create an AWS Database Migration Service (AWS DMS) replication server.

    Explanation

    AWS DMS uses a replication instance and an ongoing replication task to perform continuous data replication with minimal downtime.

  27. Question 27.A company runs a stateless web application in production on Amazon EC2 on-demand instances behind an ALB. Usage is heavy for 8 hours a day, moderate and steady overnight, and low on weekends. How can they minimize EC2 costs without affecting availability?

    • A.Use spot instances for the entire workload.
    • B.Use reserved instances for the baseline level of usage; use spot instances for any additional capacity.(correct answer)
    • C.Use on-demand instances for the baseline level; use spot instances for additional capacity.
    • D.Use dedicated instances for the baseline; use on-demand instances for additional capacity.
    Show answer & explanation

    Correct answer: B

    Use reserved instances for the baseline level of usage; use spot instances for any additional capacity.

    Explanation

    Reserved capacity covers the predictable baseline while Spot Instances provide significant savings for variable capacity.

  28. Question 28.A company runs an OLTP workload on an unencrypted Amazon RDS DB instance. Daily snapshots are taken. How can a solutions architect ensure the database and snapshots are always encrypted moving forward?

    • A.Encrypt a copy of the latest DB snapshot; replace the existing DB instance by restoring the encrypted snapshot.(correct answer)
    • B.Create a new encrypted Amazon EBS volume and copy snapshots to it.
    • C.Copy snapshots and enable encryption using AWS KMS; restore to an existing DB instance.
    • D.Copy snapshots to an S3 bucket encrypted with SSE-KMS.
    Show answer & explanation

    Correct answer: A

    Encrypt a copy of the latest DB snapshot; replace the existing DB instance by restoring the encrypted snapshot.

    Explanation

    RDS encryption cannot be enabled on an existing instance. Restore a new encrypted DB instance from an encrypted snapshot.

  29. Question 29.Ringtones are stored in S3 Standard and are at least 128 KB. Downloads are frequent for the first 90 days and infrequent thereafter. What is the most cost-effective way to manage this?

    • A.Configure S3 Standard-IA for the initial storage tier.
    • B.Move files to S3 Intelligent-Tiering to move objects after 90 days.
    • C.Configure S3 Inventory to move objects to S3 Standard-IA after 90 days.
    • D.Implement an S3 lifecycle policy that moves objects from S3 Standard to S3 Standard-IA after 90 days.(correct answer)
    Show answer & explanation

    Correct answer: D

    Implement an S3 lifecycle policy that moves objects from S3 Standard to S3 Standard-IA after 90 days.

    Explanation

    Lifecycle policies automatically transition objects from S3 Standard to Standard-IA after a defined period.

  30. Question 30.A highly dynamic batch processing job is stateless, can be interrupted with no impact, and takes over 60 minutes. What is the most cost-effective EC2 option?

    • A.Implement EC2 spot instances.(correct answer)
    • B.Purchase EC2 reserved instances.
    • C.Implement EC2 on-demand instances.
    • D.Implement the processing on AWS Lambda.
    Show answer & explanation

    Correct answer: A

    Implement EC2 spot instances.

    Explanation

    Spot Instances are ideal for fault-tolerant, interruptible batch workloads and offer the lowest compute cost.

Ready for the full SAA-C03-NEW exam?

Get all 490+ Questions, timed simulation, and weak-area analytics. Plans from $2.99 — credits never expire.

See pricing

Frequently Asked Questions

Are these real SAA-C03-NEW practice questions?+
Yes. These 30 questions are taken directly from our 490+ Questions pool, written and reviewed by certified practitioners. They mirror the style, difficulty, and scope of the official AWS SAA-C03-NEW exam.
Is the SAA-C03-NEW exam hard?+
The AWS Solutions Architect Associate (New Pool) (SAA-C03-NEW) is considered a pass-mark exam (passing score: 720 out of 1000). Most candidates need 4–8 weeks of focused preparation. Use these free questions to gauge where you stand before committing to a full study plan.
How many questions are on the real SAA-C03-NEW exam?+
The official SAA-C03-NEW exam has 65 questions (50 scored, 15 unscored).
Do I need to sign up to use these questions?+
No. These 30 questions are free and require no signup. If you want timed simulation, performance analytics, and access to all 490+ Questions, our paid plans start at $2.99 per exam with credits that never expire.

Keep studying

Full exam

AWS Solutions Architect Associate (New Pool) (SAA-C03-NEW) details

AWS

Free practice

AWS SAA-C03

AWS

Free practice

AWS DVA-C02

AWS

Free practice

AWS SOA-C03

Pass SAA-C03-NEW on your first try

Join candidates using DummyExams to practice with realistic timed exams, detailed explanations, and weak-area analytics.

Start full SAA-C03-NEW practice exam