Courseiva
Back to SAA-C03

Amazon Web Services exam questions

SAA-C03 SAA-C03 practice test

Use this page to practise SAA-C03 SAA-C03 practice test. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.

Start full practice testRead exam guide
988
practice questions
Mapped
topics covered
SAA-C03
exam code
Amazon Web Services
vendor

Practice sessions

Start a focused practice session

Choose a question count to begin. Longer sessions build deeper familiarity; shorter sessions are ideal for daily warm-ups or targeting a specific weak area before moving on.

10 questions20 questions30 questions50 questions100 questions120 questionsFull 50-question session

Practice set

SAA-C03 questions

Start full practice test
Question 1easymultiple choice
Full question →

A team needs to distribute TCP traffic (not HTTP) across multiple services. The services must see the original client source IP for auditing. Which AWS load balancer is the best fit?

Full question →
Question 2easymultiple choice
Full question →

A team wants to run containerized services with AWS-managed orchestration and autoscaling. They do NOT require Kubernetes compatibility. Which AWS service choice is most appropriate to meet these goals?

Full question →
Question 3mediummultiple choice
Full question →

A solutions architect is designing an S3 bucket for a IoT ingestion API. The objects must never be publicly accessible, even if a developer later adds an overly broad bucket policy. What should the architect configure? The design must avoid adding custom operational scripts.

Full question →
Question 4mediummultiple choice
Full question →

A solutions architect is designing an S3 bucket for a claims portal. The objects must never be publicly accessible, even if a developer later adds an overly broad bucket policy. What should the architect configure?

Full question →
Question 5easymultiple choice
Full question →

A team wants to delegate IAM management to developers, but must ensure developers can never grant themselves permissions beyond a specific limit. Which AWS mechanism best matches this requirement?

Full question →
Question 6mediummultiple choice
Full question →

A solutions architect is designing an S3 bucket for a healthcare document service. The objects must never be publicly accessible, even if a developer later adds an overly broad bucket policy. What should the architect configure?

Full question →
Question 7mediummultiple choice
Full question →

A team wants to remove a bastion host used for administrative access to EC2 instances in private subnets. The instances should be reachable only for occasional troubleshooting by engineers who authenticate with AWS SSO. What is the best secure alternative within AWS, assuming the instances already have an instance profile attached?

Full question →
Question 8mediummultiple choice
Full question →

A team wants to remove a bastion host used for administrative access to EC2 instances in private subnets. The instances should be reachable only for occasional troubleshooting by engineers who authenticate with AWS SSO. What is the best secure alternative within AWS, assuming the instances already have an instance profile attached?

Full question →
Question 9mediummultiple choice
Full question →

A solutions architect is designing an S3 bucket for a claims portal. The objects must never be publicly accessible, even if a developer later adds an overly broad bucket policy. What should the architect configure? The design must avoid adding custom operational scripts.

Full question →
Question 10mediummultiple choice
Full question →

A solutions architect is designing an S3 bucket for a IoT ingestion API. The objects must never be publicly accessible, even if a developer later adds an overly broad bucket policy. What should the architect configure?

Full question →
Question 11easymultiple choice
Full question →

You want to protect an Application Load Balancer (ALB) from common web exploits using AWS WAF. The application is not using CloudFront. Which AWS WAF deployment scope should you choose so the WAF rules apply to the ALB?

Full question →
Question 12mediummultiple choice
Full question →

A solutions architect is designing an S3 bucket for a healthcare document service. The objects must never be publicly accessible, even if a developer later adds an overly broad bucket policy. What should the architect configure? The design must avoid adding custom operational scripts.

Full question →
Question 13mediummulti select
Full question →

A team is splitting a new workload into two fronts. The first front serves HTTPS microservices that need host- and path-based routing plus health checks. The second front must handle TCP and UDP traffic for a real-time service and preserve static IP addresses for firewall allowlisting. Which two AWS load balancer choices best match these requirements? Select two.

Full question →
Question 14easymultiple choice
Full question →

You need to run batch jobs on EC2. The jobs can tolerate interruptions: if an instance is terminated, the job can restart from checkpoints. To reduce compute cost as much as possible, what is the best choice?

Full question →
Question 15easymultiple choice
Full question →

A website serves versioned JavaScript and CSS files through CloudFront, but origin fetches are still high and the CloudFront bill increased. Developers confirm that URLs include a version in the filename (for example, app.1.4.2.js). What CloudFront behavior/configuration is most likely to reduce origin fetches and associated costs?

Full question →
Question 16mediummultiple choice
Full question →

A batch analytics job has unpredictable DynamoDB traffic with long idle periods and occasional spikes. Which capacity mode should minimize operational overhead and avoid paying for idle provisioned capacity? The architecture review board prefers a managed AWS-native control.

Full question →
Question 17hardmultiple choice
Full question →

A claims workflow uses Amazon SQS. Poison messages are repeatedly failing and blocking useful retries. What should the architect configure?

Full question →
Question 18hardmultiple choice
Full question →

A claims workflow uses Amazon SQS. Poison messages are repeatedly failing and blocking useful retries. What should the architect configure? The architecture review board prefers a managed AWS-native control.

Full question →
Question 19hardmultiple choice
Full question →

A claims workflow uses Amazon SQS. Poison messages are repeatedly failing and blocking useful retries. What should the architect configure? The design must avoid adding custom operational scripts.

Full question →
Question 20mediummultiple choice
Full question →

A claims workflow uses an RDS MySQL database and must remain available during an Availability Zone failure with minimal application changes. What should the architect enable?

Full question →
Question 21hardmultiple choice
Full question →

A claims workflow uses Amazon SQS. Poison messages are repeatedly failing and blocking useful retries. What should the architect configure? The team wants the control to be enforceable during normal operations.

Full question →
Question 22mediummultiple choice
Full question →

A claims workflow uses an RDS MySQL database and must remain available during an Availability Zone failure with minimal application changes. What should the architect enable? The design must avoid adding custom operational scripts.

Full question →
Question 23mediummultiple choice
Full question →

A company hosts a image sharing application on EC2. Administrators must connect without opening SSH or RDP ports to the internet. What should the architect use?

Full question →
Question 24mediummultiple choice
Full question →

A company hosts a image sharing application on EC2. Administrators must connect without opening SSH or RDP ports to the internet. What should the architect use? The design must avoid adding custom operational scripts.

Full question →
Continue with full practice testRead the study guide

Exam question guide

How to use these SAA-C03 questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

Routing questions usually test route selection (administrative distance, metric), how static routes are configured and when they are preferred over dynamic routing.

Administrative distance comparing routing sources.

Static route configuration: next-hop vs exit interface.

Default route propagation and the gateway of last resort.

Recursive routing table lookups.

Related practice questions

Related SAA-C03 topic practice pages

Use these pages to study the exact topics behind the exam questions — one weak area at a time.

SAA-C03 VPC practice questions

Practise SAA-C03 questions linked to SAA-C03 VPC.

SAA-C03 S3 lifecycle policy questions

Practise SAA-C03 questions linked to SAA-C03 S3 lifecycle policy questions.

SAA-C03 RDS Multi-AZ questions

Practise SAA-C03 questions linked to SAA-C03 RDS Multi-AZ questions.

SAA-C03 IAM policy practice questions

Practise SAA-C03 questions linked to SAA-C03 IAM policy.

SAA-C03 Route 53 failover questions

Practise SAA-C03 questions linked to SAA-C03 Route 53 failover questions.

SAA-C03 CloudFront practice questions

Practise SAA-C03 questions linked to SAA-C03 CloudFront.

SAA-C03 NAT gateway questions

Practise SAA-C03 questions linked to SAA-C03 NAT gateway questions.

SAA-C03 VPC endpoint questions

Practise SAA-C03 questions linked to SAA-C03 VPC endpoint questions.

SAA-C03 Auto Scaling practice questions

Practise SAA-C03 questions linked to SAA-C03 Auto Scaling.

SAA-C03 disaster recovery questions

Practise SAA-C03 questions linked to SAA-C03 disaster recovery questions.

SAA-C03 high availability questions

Practise SAA-C03 questions linked to SAA-C03 high availability questions.

SAA-C03 cost optimization questions

Practise SAA-C03 questions linked to SAA-C03 cost optimization questions.