- A
Use a Network Load Balancer in front of the service.
Correct because NLB is built for high-throughput, low-latency TCP traffic. It avoids HTTP-layer processing and is the right load balancer for a custom binary protocol.
- B
Use a TCP or TLS listener rather than an HTTP listener.
Correct because the application is not speaking HTTP and does not need layer-7 routing. A TCP or TLS listener matches the protocol and keeps the data path lightweight.
- C
Register instance or IP targets so the service can receive the original client source IP for rate limiting.
Correct because NLB preserves source IP for instance and IP targets. That lets the backend enforce rate limits based on the actual caller rather than a proxy address.
- D
Use an Application Load Balancer because path-based routing improves throughput for binary protocols.
Why wrong: Incorrect because ALB is an HTTP/HTTPS layer-7 load balancer. Its routing features do not help a custom TCP protocol and add unnecessary protocol overhead.
- E
Expose the service through API Gateway because it supports raw TCP and UDP pass-through.
Why wrong: Incorrect because API Gateway is for API protocols such as HTTP and WebSocket, not raw TCP or UDP pass-through. It is not the right fit for a custom binary telemetry stream.
Quick Answer
The correct answer is to register instance or IP targets so the service can receive the original client source IP for rate limiting. This works because a Network Load Balancer operates at Layer 4 and, by default, preserves the client source IP when targets are registered directly, unlike Application Load Balancers which terminate the client connection. For a custom TCP protocol that must avoid HTTP header inspection and keep per-request overhead minimal, NLB’s direct packet forwarding is ideal—it adds virtually no latency and passes the original IP untouched, enabling accurate rate limiting without protocol modification. On the SAA-C03 exam, this scenario tests your understanding of when to choose NLB over ALB or Gateway Load Balancer; a common trap is assuming you need Proxy Protocol or X-Forwarded-For headers, but NLB’s default behavior for instance targets already preserves the source IP. Memory tip: “NLB = No Layer 8” — it stays at Layer 4, so the client IP passes through without extra headers.
SAA-C03 Design High-Performing Architectures Practice Question
This SAA-C03 practice question tests your understanding of design high-performing architectures. Match the stated requirement to the specific cloud service, access model, or configuration option — many options are valid in isolation but not for this scenario. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A latency-sensitive telemetry service uses a custom TCP protocol on EC2 instances in private subnets. The service must preserve the client source IP for rate limiting, avoid HTTP header inspection, and keep per-request overhead as low as possible. Which changes should the team make? Select three.
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
Use a Network Load Balancer in front of the service.
Option A is correct because a Network Load Balancer (NLB) operates at Layer 4 and preserves the client source IP by default when instances are registered as targets. This allows the telemetry service to use the original IP for rate limiting without requiring HTTP header inspection, which is critical for a custom TCP protocol. NLB also introduces minimal latency and low per-request overhead, making it ideal for latency-sensitive workloads.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
Use a Network Load Balancer in front of the service.
Why this is correct
Correct because NLB is built for high-throughput, low-latency TCP traffic. It avoids HTTP-layer processing and is the right load balancer for a custom binary protocol.
Related concept
Read the scenario before looking for a memorised answer.
- ✓
Use a TCP or TLS listener rather than an HTTP listener.
- ✓
Register instance or IP targets so the service can receive the original client source IP for rate limiting.
Why this is correct
Correct because NLB preserves source IP for instance and IP targets. That lets the backend enforce rate limits based on the actual caller rather than a proxy address.
Related concept
Read the scenario before looking for a memorised answer.
- ✗
Use an Application Load Balancer because path-based routing improves throughput for binary protocols.
Why it's wrong here
Incorrect because ALB is an HTTP/HTTPS layer-7 load balancer. Its routing features do not help a custom TCP protocol and add unnecessary protocol overhead.
- ✗
Expose the service through API Gateway because it supports raw TCP and UDP pass-through.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates may assume an Application Load Balancer is always better for routing logic, but for non-HTTP protocols and latency-sensitive workloads, the Network Load Balancer is the correct choice because it operates at Layer 4 without protocol inspection.
Detailed technical explanation
How to think about this question
NLB uses flow hash routing based on the 5-tuple (source IP, source port, destination IP, destination port, protocol) to maintain session affinity without inspecting application payloads. When using instance targets, the NLB preserves the client source IP by not performing NAT on the source address, which is essential for rate-limiting logic that relies on the original IP. In contrast, IP targets require enabling proxy protocol to preserve the client IP, but instance targets avoid this overhead.
KKey Concepts to Remember
- Read the scenario before looking for a memorised answer.
- Find the constraint that changes the correct option.
- Eliminate answers that are true in general but not in this case.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A healthcare organisation deploys an application with a public-facing web tier and a private database tier. The database subnet has no public IP and only accepts connections from the web tier's security group. Questions like this test whether you can design cloud network isolation using VNets/VPCs, subnets, and security group rules.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
- →
Design High-Performing Architectures — study guide chapter
Learn the concepts, then practise the questions
- →
Design High-Performing Architectures practice questions
Targeted practice on this topic area only
- →
All SAA-C03 questions
1,040 questions across all exam domains
- →
SAA-C03 study guide
Full concept coverage aligned to exam objectives
- →
SAA-C03 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related SAA-C03 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Design Secure Architectures practice questions
Practise SAA-C03 questions linked to Design Secure Architectures.
Design Resilient Architectures practice questions
Practise SAA-C03 questions linked to Design Resilient Architectures.
Design High-Performing Architectures practice questions
Practise SAA-C03 questions linked to Design High-Performing Architectures.
Design Cost-Optimized Architectures practice questions
Practise SAA-C03 questions linked to Design Cost-Optimized Architectures.
SAA-C03 VPC practice questions
Practise SAA-C03 questions linked to SAA-C03 VPC.
SAA-C03 S3 lifecycle policy questions
Practise SAA-C03 questions linked to SAA-C03 S3 lifecycle policy questions.
SAA-C03 RDS Multi-AZ questions
Practise SAA-C03 questions linked to SAA-C03 RDS Multi-AZ questions.
SAA-C03 IAM policy practice questions
Practise SAA-C03 questions linked to SAA-C03 IAM policy.
SAA-C03 Route 53 failover questions
Practise SAA-C03 questions linked to SAA-C03 Route 53 failover questions.
SAA-C03 CloudFront practice questions
Practise SAA-C03 questions linked to SAA-C03 CloudFront.
SAA-C03 NAT gateway questions
Practise SAA-C03 questions linked to SAA-C03 NAT gateway questions.
SAA-C03 VPC endpoint questions
Practise SAA-C03 questions linked to SAA-C03 VPC endpoint questions.
Practice this exam
Start a free SAA-C03 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this SAA-C03 question test?
Design High-Performing Architectures — This question tests Design High-Performing Architectures — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Use a Network Load Balancer in front of the service. — Option A is correct because a Network Load Balancer (NLB) operates at Layer 4 and preserves the client source IP by default when instances are registered as targets. This allows the telemetry service to use the original IP for rate limiting without requiring HTTP header inspection, which is critical for a custom TCP protocol. NLB also introduces minimal latency and low per-request overhead, making it ideal for latency-sensitive workloads.
What should I do if I get this SAA-C03 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Last reviewed: Jun 11, 2026
This SAA-C03 practice question is part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SAA-C03 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.