Last updated on August 22, 2024
Here are 10 AWS Certified Solutions Architect Associate SAA-C03 practice exam questions to help you gauge your readiness for the actual exam.
Question 1
A tech company has a CRM application hosted on an Auto Scaling group of On-Demand EC2 instances with different instance types and sizes. The application is extensively used during office hours from 9 in the morning to 5 in the afternoon. Their users are complaining that the performance of the application is slow during the start of the day but then works normally after a couple of hours.
Which of the following is the MOST operationally efficient solution to implement to ensure the application works properly at the beginning of the day?
- Configure a Dynamic scaling policy for the Auto Scaling group to launch new instances based on the CPU utilization.
- Configure a Dynamic scaling policy for the Auto Scaling group to launch new instances based on the Memory utilization.
- Configure a Scheduled scaling policy for the Auto Scaling group to launch new instances before the start of the day.
- Configure a Predictive scaling policy for the Auto Scaling group to automatically adjust the number of Amazon EC2 instances
Question 2
A financial application is composed of an Auto Scaling group of EC2 instances, an Application Load Balancer, and a MySQL RDS instance in a Multi-AZ Deployments configuration. To protect the confidential data of your customers, you have to ensure that your RDS database can only be accessed using the profile credentials specific to your EC2 instances via an authentication token.
As the Solutions Architect of the company, which of the following should you do to meet the above requirement?
- Enable the IAM DB Authentication.
- Configure SSL in your application to encrypt the database connection to RDS.
- Create an IAM Role and assign it to your EC2 instances which will grant exclusive access to your RDS instance.
- Use a combination of IAM and STS to restrict access to your RDS instance via a temporary token.
Question 3
A company hosted a web application in an Auto Scaling group of EC2 instances. The IT manager is concerned about the over-provisioning of the resources that can cause higher operating costs. A Solutions Architect has been instructed to create a cost-effective solution without affecting the performance of the application.
Which dynamic scaling policy should be used to satisfy this requirement?
- Use simple scaling.
- Use scheduled scaling.
- Use suspend and resume scaling.
- Use target tracking scaling.
Question 4
An online medical system hosted in AWS stores sensitive Personally Identifiable Information (PII) of the users in an Amazon S3 bucket. Both the master keys and the unencrypted data should never be sent to AWS to comply with the strict compliance and regulatory requirements of the company.
Which S3 encryption technique should the Architect use?
- Use S3 client-side encryption with an AWS KMS key.
- Use S3 client-side encryption with a client-side master key.
- Use S3 server-side encryption with a KMS key.
- Use S3 server-side encryption with customer provided key.
Question 5
A Solutions Architect is hosting a website in an Amazon S3 bucket named tutorialsdojo
. The users load the website using the following URL: http://tutorialsdojo.s3-website-us-east-1.amazonaws.com
and there is a new requirement to add a JavaScript on the webpages in order to make authenticated HTTP GET
requests against the same bucket by using the Amazon S3 API endpoint (tutorialsdojo.s3.amazonaws.com
). Upon testing, you noticed that the web browser blocks JavaScript from allowing those requests.
Which of the following options is the MOST suitable solution that you should implement for this scenario?
- Enable cross-account access.
- Enable Cross-Zone Load Balancing.
- Enable Cross-origin resource sharing (CORS) configuration in the bucket.
- Enable Cross-Region Replication (CRR).
Question 6
A company is designing a banking portal that uses Amazon ElastiCache for Redis as its distributed session management component. To secure session data and ensure that Cloud Engineers must authenticate before executing Redis commands, specifically MULTI EXEC
commands, the system should enforce strong authentication by requiring users to enter a password. Additionally, access should be managed with long-lived credentials while supporting robust security practices.
As the Solutions Architect, which of the following should you do to meet the above requirement?
- Generate an IAM authentication token using AWS credentials and provide this token as a password.
- Set up a Redis replication group and enable the
AtRestEncryptionEnabled
parameter. - Authenticate the users using Redis AUTH by creating a new Redis Cluster with both the
--transit-encryption-enabled
and--auth-token
parameters enabled. - Enable the in-transit encryption for Redis replication groups.
Question 7
A company runs an online payments application in an Auto Scaling group of Amazon EC2 instances in multiple Availability Zones. The EC2 instances are all launched in private subnets. An internet-facing Application Load Balancer (ALB) has been provisioned and points to the existing EC2 instances as the target group. The team noticed that the internet traffic was not reaching the Amazon EC2 instances.
What is the MOST operationally efficient solution that meets these requirements?
- Set up a NAT gateway in a public subnet to allow incoming Internet traffic. Use a Gateway Load Balancer instead of an Application Load Balancer.
- Move the existing Amazon EC2 instances that are running from the private subnets to public subnets. Allow outbound traffic to
0.0.0.0/0
in the security groups of the EC2 instances. - Add a rule to allow outbound traffic to
0.0.0.0/0
Fin the security groups of the EC2 instances. Update the route tables of the existing subnets to send all0.0.0.0/0
traffic through the internet gateway route. - Launch public subnets in each Availability Zone and associate them with the Application Load Balancer. Modify the route tables for the public subnets with a route to the private subnets of the EC2 instances.
Question 8
The company that you are working for has a highly available architecture consisting of an elastic load balancer and several EC2 instances configured with auto-scaling in three Availability Zones. You want to monitor your EC2 instances based on a particular metric, which is not readily available in CloudWatch.
Which of the following is a custom metric in CloudWatch which you have to manually set up?
- Memory Utilization of an EC2 instance
- CPU Utilization of an EC2 instance
- Disk Reads activity of an EC2 instance
- Network packets out of an EC2 instance
Question 9
A software development company is using serverless computing with AWS Lambda to build and run applications without having to set up or manage servers. They have a Lambda function that connects to a MongoDB Atlas, which is a popular Database as a Service (DBaaS) platform and also uses a third party API to fetch certain data for their application. One of the developers was instructed to create the environment variables for the MongoDB database hostname, username, and password as well as the API credentials that will be used by the Lambda function for DEV, SIT, UAT, and PROD environments.
Considering that the Lambda function is storing sensitive database and API credentials, how can this information be secured to prevent other developers in the team, or anyone, from seeing these credentials in plain text? Select the best option that provides maximum security.
- There is no need to do anything because, by default, AWS Lambda already encrypts the environment variables using the AWS Key Management Service.
- Enable SSL encryption that leverages on AWS CloudHSM to store and encrypt the sensitive information.
- AWS Lambda does not provide encryption for the environment variables. Deploy your code to an EC2 instance instead.
- Create a new KMS key and use it to enable encryption helpers that leverage on AWS Key Management Service to store and encrypt the sensitive information.
Question 10
There was an incident in your production environment where the user data stored in the S3 bucket has been accidentally deleted by one of the Junior DevOps Engineers. The issue was escalated to your manager and after a few days, you were instructed to improve the security and protection of your AWS resources.
What combination of the following options will protect the S3 objects in your bucket from both accidental deletion and overwriting? (Select TWO.)
- Enable Versioning
- Provide access to S3 data strictly through pre-signed URL only
- Disallow S3 Delete using an IAM bucket policy
- Enable Amazon S3 Intelligent-Tiering
- Enable Multi-Factor Authentication Delete
For more practice questions like these and to further prepare you for the actual AWS Certified Solutions Architect Associate SAA-C03 exam, we recommend that you take our top-notch AWS Certified Solutions Architect Associate Practice Exams, which have been regarded as the best in the market.
Also check out our AWS Certified Solutions Architect Associate SAA-C03 Exam Study Guide here.