Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SAA-C03

Amazon SAA-C03 Exam Questions
AWS Certified Solutions Architect - Associate SAA-C03 (Page 25 )

Updated On: 18-Mar-2026
Page 25 of 205
PDF with 824 Questions

A company uses a popular content management system (CMS) for its corporate website. However, the required patching and maintenance are burdensome. The company is redesigning its website and wants anew solution. The website will be updated four times a year and does not need to have any dynamic content available. The solution must provide high scalability and enhanced security.
Which combination of changes will meet these requirements with the LEAST operational overhead? (Choose two.)

  1. Configure Amazon CloudFront in front of the website to use HTTPS functionality.
  2. Deploy an AWS WAF web ACL in front of the website to provide HTTPS functionality.
  3. Create and deploy an AWS Lambda function to manage and serve the website content.
  4. Create the new website and an Amazon S3 bucket. Deploy the website on the S3 bucket with static website hosting enabled.
  5. Create the new website. Deploy the website by using an Auto Scaling group of Amazon EC2 instances behind an Application Load Balancer.

Answer(s): A,D

Explanation:

A) Using CloudFront in front of a static site with HTTPS provides global scalability, DDoS protection, and TLS termination with minimal maintenance.
D) Hosting a static website in an S3 bucket with static website hosting meets low operational overhead, high scalability, and security when paired with CloudFront.
B) AWS WAF adds protection but not necessary for HTTPS termination and introduces extra management for this scenario.
C) Lambda-based content hosting is dynamic and adds complexity and overhead for a static site.
E) EC2 with ASG/ALB increases operational burden and maintenance.



A company stores its application logs in an Amazon CloudWatch Logs log group. A new policy requires the company to store all application logs in Amazon OpenSearch Service (Amazon Elasticsearch Service) in near-real time.
Which solution will meet this requirement with the LEAST operational overhead?

  1. Configure a CloudWatch Logs subscription to stream the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).
  2. Create an AWS Lambda function. Use the log group to invoke the function to write the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).
  3. Create an Amazon Kinesis Data Firehose delivery stream. Configure the log group as the delivery streams sources. Configure Amazon OpenSearch Service (Amazon Elasticsearch Service) as the delivery stream's destination.
  4. Install and configure Amazon Kinesis Agent on each application server to deliver the logs to Amazon Kinesis Data Streams. Configure Kinesis Data Streams to deliver the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).

Answer(s): A

Explanation:

CloudWatch Logs subscription to OpenSearch Service provides near-real-time streaming with minimal setup and fully managed integration, meeting the requirement with the least operational overhead.
A) Correct. Direct CloudWatch Logs subscription filter to OpenSearch is a managed, low-maintenance integration that streams logs in near real time without custom code or additional services.
B) Requires custom Lambda code, handling retries, pagination, and scaling; more operational overhead than a managed subscription.
C) Firehose adds an extra managed service layer and configuration, but is heavier than a direct subscription for near-real-time ingestion.
D) Involves deploying agents on every server, managing agents, and scaling the pipeline; highest operational burden.



A company is building a web-based application running on Amazon EC2 instances in multiple Availability Zones. The web application will provide access to a repository of text documents totaling about 900 TB in size. The company anticipates that the web application will experience periods of high demand. A solutions architect must ensure that the storage component for the text documents can scale to meet the demand of the application at all times. The company is concerned about the overall cost of the solution.
Which storage solution meets these requirements MOST cost-effectively?

  1. Amazon Elastic Block Store (Amazon EBS)
  2. Amazon Elastic File System (Amazon EFS)
  3. Amazon OpenSearch Service (Amazon Elasticsearch Service)
  4. Amazon S3

Answer(s): D

Explanation:

Answer: D
S)3 is object storage designed to scale massively with99.99% durability and pay-as-you-go pricing, ideal for 900 TB of documents accessed by a web app across AZs. It requires no provisioning for capacity and supports concurrent access from EC2 instances.
A) EBS is block storage tied to a single AZ and requires provisioning; not cost-effective or scalable across AZs for large, shared data.
B) EFS offers shared file system across instances but is more expensive at very large scale and higher latency than S3 for static document repositories.
C) OpenSearch is a search service, not a durable document store; inappropriate for primary storage.



A global company is using Amazon API Gateway to design REST APIs for its loyalty club users in the us-east-1 Region and the ap-southeast-2 Region. A solutions architect must design a solution to protect these API Gateway managed REST APIs across multiple accounts from SQL injection and cross-site scripting attacks.
Which solution will meet these requirements with the LEAST amount of administrative effort?

  1. Set up AWS WAF in both Regions. Associate Regional web ACLs with an API stage.
  2. Set up AWS Firewall Manager in both Regions. Centrally configure AWS WAF rules.
  3. Set up AWS Shield in bath Regions. Associate Regional web ACLs with an API stage.
  4. Set up AWS Shield in one of the Regions. Associate Regional web ACLs with an API stage.

Answer(s): B

Explanation:

AWS Firewall Manager allows centrally configuring and enforcing WAF rules across multiple accounts and regions, minimizing administrative overhead for protecting API Gateway REST APIs in us-east-1 and ap-southeast-2. This matches the requirement for cross-account, multi-region protection with least admin effort.
A) Requires configuring WAF in each region separately per account; more administrative work than centralized FMS.
C) AWS Shield focuses on DDoS protection, not general WAF rule sets for SQLi/XSS.
D) Shield applies regionally but does not provide centralized multi-account rule management; not optimal for multi-region, multi-account scope.
B) Correct: central, cross-account, multi-region WAF rule enforcement via Firewall Manager.



A company has implemented a self-managed DNS solution on three Amazon EC2 instances behind a Network Load Balancer (NLB) in the us-west-2 Region. Most of the company's users are located in the United States and Europe. The company wants to improve the performance and availability of the solution. The company launches and configures three EC2 instances in the eu-west-1 Region and adds the EC2 instances as targets for a new NLB.
Which solution can the company use to route traffic to all the EC2 instances?

  1. Create an Amazon Route 53 geolocation routing policy to route requests to one of the two NLBs. Create an Amazon CloudFront distribution. Use the Route 53 record as the distribution’s origin.
  2. Create a standard accelerator in AWS Global Accelerator. Create endpoint groups in us-west-2 and eu-west-1. Add the two NLBs as endpoints for the endpoint groups.
  3. Attach Elastic IP addresses to the six EC2 instances. Create an Amazon Route 53 geolocation routing policy to route requests to one of the six EC2 instances. Create an Amazon CloudFront distribution. Use the Route 53 record as the distribution's origin.
  4. Replace the two NLBs with two Application Load Balancers (ALBs). Create an Amazon Route 53 latency routing policy to route requests to one of the two ALBs. Create an Amazon CloudFront distribution. Use the Route 53 record as the distribution’s origin.

Answer(s): B

Explanation:

Route 53 Global Accelerator with endpoint groups in us-west-2 and eu-west-1 provides fast, global, healthy routing to multiple NLBs across regions, improving both performance and availability for users in US/Europe.
A) Geolocation routing to two NLBs plus CloudFront is not optimal for WAN health/latency across regions; CloudFront origin would be regional, not ideal for self-managed DNS behind NLBs.
C) Attaching Elastic IPs to six instances is impractical for multi-region global traffic and lacks health-aware routing; CloudFront origin would still not leverage regional NLB health.
D) Latency routing to ALBs requires replacing NLBs and rerouting; adds unnecessary complexity and does not centralize traffic optimization like Global Accelerator.



Viewing page 25 of 205
Viewing questions 121 - 125 out of 824 questions



Post your Comments and Discuss Amazon SAA-C03 exam dumps with other Community members:

SAA-C03 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!