Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SAA-C03

Amazon SAA-C03 Exam Questions
AWS Certified Solutions Architect - Associate SAA-C03 (Page 5 )

Updated On: 15-Mar-2026
Page 5 of 205
PDF with 824 Questions

A company hosts a data lake on AWS. The data lake consists of data in Amazon S3 and Amazon RDS for PostgreSQL. The company needs a reporting solution that provides data visualization and includes all the data sources within the data lake. Only the company's management team should have full access to all the visualizations. The rest of the company should have only limited access.
Which solution will meet these requirements?

  1. Create an analysis in Amazon QuickSight. Connect all the data sources and create new datasets. Publish dashboards to visualize the data. Share the dashboards with the appropriate IAM roles.
  2. Create an analysis in Amazon QuickSight. Connect all the data sources and create new datasets. Publish dashboards to visualize the data. Share the dashboards with the appropriate users and groups.
  3. Create an AWS Glue table and crawler for the data in Amazon S3. Create an AWS Glue extract, transform, and load (ETL) job to produce reports. Publish the reports to Amazon S3. Use S3 bucket policies to limit access to the reports.
  4. Create an AWS Glue table and crawler for the data in Amazon S3. Use Amazon Athena Federated Query to access data within Amazon RDS for PostgreSQL. Generate reports by using Amazon Athena. Publish the reports to Amazon S3. Use S3 bucket policies to limit access to the reports.

Answer(s): B

Explanation:

Amazon QuickSight supports centralized dashboards that can connect to multiple data sources (S3, RDS PostgreSQL), with fine-grained access control via IAM users/groups or in-app permissions, enabling management to have full access while others have restricted access. B) aligns with per-user/group access control and multi-source visualization.
A) Inadequate if it relies on IAM roles instead of per-user/group permissions; may not enforce separate access for the broader user base.
C) ETL and S3-only reporting lacks integrated visualization and per-user access controls across data sources.
D) Federation and cross-service querying add complexity; access control and visualization governance are not as straightforward as in QuickSight dashboards.



A company is implementing a new business application. The application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage. A solutions architect needs to ensure that the EC2 instances can access the S3 bucket.
What should the solutions architect do to meet this requirement?

  1. Create an IAM role that grants access to the S3 bucket. Attach the role to the EC2 instances.
  2. Create an IAM policy that grants access to the S3 bucket. Attach the policy to the EC2 instances.
  3. Create an IAM group that grants access to the S3 bucket. Attach the group to the EC2 instances.
  4. Create an IAM user that grants access to the S3 bucket. Attach the user account to the EC2 instances.

Answer(s): A

Explanation:

A) A is correct because attaching an IAM role to EC2 instances provides temporary credentials via instance metadata, enabling Secure S3 access without embedded keys. Roles are the recommended method for EC2 access to AWS services.
B) Attaching an IAM policy directly to EC2 is invalid; policies grant permissions to principals (users, roles, groups), not to compute resources. You must attach a role (or user) with the policy.
C) IAM groups are for users, not for EC2 instances; there is no mechanism to attach a group to an EC2 instance.
D) IAM users are long-term credentials unsuitable for EC2 without rotating access keys; embedding user credentials is insecure. Roles are preferred.



An application development team is designing a microservice that will convert large images to smaller, compressed images. When a user uploads an image through the web interface, the microservice should store the image in an Amazon S3 bucket, process and compress the image with an AWS Lambda function, and store the image in its compressed form in a different S3 bucket.
A solutions architect needs to design a solution that uses durable, stateless components to process the images automatically.
Which combination of actions will meet these requirements? (Choose two.)

  1. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure the S3 bucket to send a notification to the SQS queue when an image is uploaded to the S3 bucket.
  2. Configure the Lambda function to use the Amazon Simple Queue Service (Amazon SQS) queue as the invocation source. When the SQS message is successfully processed, delete the message in the queue.
  3. Configure the Lambda function to monitor the S3 bucket for new uploads. When an uploaded image is detected, write the file name to a text file in memory and use the text file to keep track of the images that were processed.
  4. Launch an Amazon EC2 instance to monitor an Amazon Simple Queue Service (Amazon SQS) queue. When items are added to the queue, log the file name in a text file on the EC2 instance and invoke the Lambda function.
  5. Configure an Amazon EventBridge (Amazon CloudWatch Events) event to monitor the S3 bucket. When an image is uploaded, send an alert to an Amazon ample Notification Service (Amazon SNS) topic with the application owner's email address for further processing.

Answer(s): A,B

Explanation:

The correct options A and B implement a durable, stateless, event-driven flow using S3 to trigger SQS and Lambda to process and store results without servers.
A) S3 event to SQS decouples uploader from processing and provides durable, retriable messaging for Lambda.
B) Lambda consuming from SQS ensures automatic scaling, stateless processing, and proper message deletion after success.
C) Not stateless or durable (in-memory tracking) and misses event-driven reliability.
D) EC2 introduces stateful management and server provisioning, breaking durability and scalability.
E) SNS alerting is not a processing trigger or durable workflow for image transformation.



A company has a three-tier web application that is deployed on AWS. The web servers are deployed in a public subnet in a VPC. The application servers and database servers are deployed in private subnets in the same VPC. The company has deployed a third-party virtual firewall appliance from AWS Marketplace in an inspection VPC. The appliance is configured with an IP interface that can accept IP packets.
A solutions architect needs to integrate the web application with the appliance to inspect all traffic to the application before the traffic reaches the web server.
Which solution will meet these requirements with the LEAST operational overhead?

  1. Create a Network Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection.
  2. Create an Application Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection.
  3. Deploy a transit gateway in the inspection VPConfigure route tables to route the incoming packets through the transit gateway.
  4. Deploy a Gateway Load Balancer in the inspection VPC. Create a Gateway Load Balancer endpoint to receive the incoming packets and forward the packets to the appliance.

Answer(s): D

Explanation:

Gateway Load Balancer (GWLB) with a GWLB endpoint provides transparent, scalable traffic steering to the inline inspection appliance in an inspection VPC, allowing all traffic to be inspected before reaching the web tier with minimal operational overhead. It supports autoscaling and preserves source IP, and integrates with third-party appliances via standard inline networking.
A) NLB would route at layer 4 but not provide built-in integration with a centralized inline appliance in a separate inspection VPC.
B) ALB is application-layer and not suitable for transparent inline inspection of all traffic to the web tier.
C) Transit Gateway adds complexity and does not inherently provide inline inspection with a dedicated appliance endpoint.



A company wants to improve its ability to clone large amounts of production data into a test environment in the same AWS Region. The data is stored in Amazon EC2 instances on Amazon Elastic Block Store (Amazon EBS) volumes. Modifications to the cloned data must not affect the production environment. The software that accesses this data requires consistently high I/O performance.
A solutions architect needs to minimize the time that is required to clone the production data into the test environment.
Which solution will meet these requirements?

  1. Take EBS snapshots of the production EBS volumes. Restore the snapshots onto EC2 instance store volumes in the test environment.
  2. Configure the production EBS volumes to use the EBS Multi-Attach feature. Take EBS snapshots of the production EBS volumes. Attach the production EBS volumes to the EC2 instances in the test environment.
  3. Take EBS snapshots of the production EBS volumes. Create and initialize new EBS volumes. Attach the new EBS volumes to EC2 instances in the test environment before restoring the volumes from the production EBS snapshots.
  4. Take EBS snapshots of the production EBS volumes. Turn on the EBS fast snapshot restore feature on the EBS snapshots. Restore the snapshots into new EBS volumes. Attach the new EBS volumes to EC2 instances in the test environment.

Answer(s): D

Explanation:

The correct answer D is right because EBS Fast Snapshot Restore pre-wills data to SSD storage, allowing immediate high IOPS-attached volumes in the test environment after restoring from snapshots, meeting the isolation and performance requirements and minimizing clone time.
A is incorrect because restoring to instance store volumes loses EBS durability and requires rebuilding; not suitable for high I/O or consistent production data cloning.
B is incorrect because Multi-Attach is for attaching a single volume to multiple instances for shared access, not for isolating test data; it risks data corruption when the production volume is modified.
C is incorrect because restoring from snapshots to new volumes is valid but slower without Fast Snapshot Restore; it increases clone time.



Viewing page 5 of 205
Viewing questions 21 - 25 out of 824 questions



Post your Comments and Discuss Amazon SAA-C03 exam dumps with other Community members:

SAA-C03 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!