Question 921 of 1,040
Design Resilient ArchitecturesmediumMultiple ChoiceObjective-mapped

Quick Answer

The answer is failover routing with a primary alias record, a secondary alias record, and a Route 53 health check on the primary target. This configuration is correct because Route 53 failover routing is specifically designed for active-passive setups, where the primary resource handles all traffic until a health check failure triggers an automatic shift to the secondary resource. In this scenario, the health check monitors the primary Region’s ALB; only when that check reports unhealthy does Route 53 return traffic to the secondary Region, ensuring traffic does not split or route to the passive site during normal operation. On the SAA-C03 exam, this tests your understanding of how to implement disaster recovery with minimal manual intervention—a common trap is confusing failover routing with weighted or latency routing, which would distribute traffic incorrectly. Remember the key distinction: failover routing is binary, not balanced. Memory tip: “Failover = one active, one passive; health check is the trigger, not the traffic splitter.”

SAA-C03 Design Resilient Architectures Practice Question

This SAA-C03 practice question tests your understanding of design resilient architectures. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

DNS design notes:
  Primary Region: us-east-1
  Primary ALB: alb-prod-east-1.example.internal
  Secondary Region: us-west-2
  Secondary ALB: alb-prod-west-2.example.internal

Health check results:
  /health on us-east-1 returns HTTP 503
  /health on us-west-2 returns HTTP 200

Requirement:
  Clients should use the primary endpoint during normal operations and switch automatically only on primary failure

Based on the exhibit, which Route 53 configuration should be used so traffic automatically returns to the secondary Region only when the primary Region becomes unhealthy?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "primary"

    Why it matters: Asks for the main purpose or function, not a secondary benefit. Eliminate answers that describe side-effects or partial functions.

Question 1mediummultiple choice
Review the full routing breakdown →

Exhibit

DNS design notes:
  Primary Region: us-east-1
  Primary ALB: alb-prod-east-1.example.internal
  Secondary Region: us-west-2
  Secondary ALB: alb-prod-west-2.example.internal

Health check results:
  /health on us-east-1 returns HTTP 503
  /health on us-west-2 returns HTTP 200

Requirement:
  Clients should use the primary endpoint during normal operations and switch automatically only on primary failure

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Use failover routing with a primary alias record, a secondary alias record, and a Route 53 health check on the primary target.

Failover routing in Amazon Route 53 is designed for active-passive configurations. By creating a primary alias record pointing to the ALB in the primary Region and a secondary alias record pointing to the ALB in the secondary Region, and attaching a Route 53 health check to the primary target, traffic automatically fails over to the secondary Region only when the health check detects the primary as unhealthy. This meets the requirement of returning traffic to the secondary Region only upon primary failure.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Use latency-based routing with both ALB records enabled.

    Why it's wrong here

    Latency-based routing chooses the Region with the lowest latency, not a designated primary/secondary pair. It does not provide the explicit health-based failover behavior required here.

  • Use failover routing with a primary alias record, a secondary alias record, and a Route 53 health check on the primary target.

    Why this is correct

    Failover routing is designed for this pattern: Route 53 returns the primary alias while the primary endpoint is healthy, and switches to the secondary alias when the primary health check fails. Alias records integrate cleanly with ALB targets, and the health check provides the signal that drives the failover decision.

    Clue confirmation

    The clue word "primary" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Use geolocation routing so users are always sent to the closest Region.

    Why it's wrong here

    Geolocation routing is based on client location, not the health of the primary Region. It can still direct users to an unhealthy endpoint if that Region matches the location rule.

  • Use a CNAME record that points to both ALBs so DNS can round-robin between Regions.

    Why it's wrong here

    A single DNS record cannot provide health-aware active failover to two targets in that manner. Round-robin behavior also does not guarantee that traffic will move away from a failed primary only when the primary becomes unhealthy.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates often confuse failover routing with latency-based or geolocation routing, assuming that 'closest' or 'fastest' automatically implies health awareness, but Route 53 health checks must be explicitly associated with failover records to trigger automatic traffic redirection.

Detailed technical explanation

How to think about this question

Route 53 failover routing relies on DNS TTL and health check intervals to control failover timing. When the primary health check fails, Route 53 returns the secondary record's value in DNS responses, and clients cache the result based on the TTL (default 60 seconds), meaning failover is not instantaneous but typically completes within a few minutes. In a real-world scenario, you might combine failover routing with a low TTL (e.g., 10 seconds) to speed up recovery, but this increases DNS query volume and cost.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A cloud solutions architect for a retail company is evaluating services for a new workload. The correct answer here reflects best practice for the specific scenario described — not a general cloud recommendation. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Cloud exam questions reward reading the constraint carefully: the same technology can be right or wrong depending on the use case.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related SAA-C03 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SAA-C03 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SAA-C03 question test?

Design Resilient Architectures — This question tests Design Resilient Architectures — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Use failover routing with a primary alias record, a secondary alias record, and a Route 53 health check on the primary target. — Failover routing in Amazon Route 53 is designed for active-passive configurations. By creating a primary alias record pointing to the ALB in the primary Region and a secondary alias record pointing to the ALB in the secondary Region, and attaching a Route 53 health check to the primary target, traffic automatically fails over to the secondary Region only when the health check detects the primary as unhealthy. This meets the requirement of returning traffic to the secondary Region only upon primary failure.

What should I do if I get this SAA-C03 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "primary". Asks for the main purpose or function, not a secondary benefit. Eliminate answers that describe side-effects or partial functions.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

3 more ways this is tested on SAA-C03

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. A company hosts a public API using two AWS regions behind a single custom domain. Route 53 is configured with latency-based routing and health checks. During a regional outage, application metrics confirm the primary API is unhealthy, but clients still resolve to the primary region for most requests. Which DNS configuration change will most directly ensure automatic failover to the secondary region when the primary fails?

medium
  • A.Change the record type to A/AAAA alias with an active-active routing policy so both regions always receive equal traffic.
  • B.Switch to Route 53 failover routing: configure the primary record with the primary health check and the secondary record with the secondary failover health check.
  • C.Keep latency-based routing but shorten the health check interval to 5 seconds.
  • D.Use geolocation routing so requests from each country route to the nearest region.

Why B: Option B is correct because Route 53 failover routing with health checks explicitly directs traffic to the secondary region when the primary health check fails. This ensures automatic failover at the DNS level, whereas latency-based routing does not guarantee failover even with health checks—it only reduces latency and may still return unhealthy records if no healthier alternative exists.

Variation 2. An internal API is hosted in two AWS Regions behind Route 53. Under normal conditions, clients should use the primary region. If the primary endpoint becomes unhealthy, traffic must automatically switch to the secondary region. Which Route 53 setup best meets this requirement?

easy
  • A.Use latency-based routing with one record per region and no health checks.
  • B.Use failover routing policy: create two alias records for the same name (primary and failover) and associate health checks with the primary record.
  • C.Use weighted routing and manually change the weights during incidents.
  • D.Create a single alias record only for the primary region and rely on client-side DNS retries.

Why B: Route 53 failover routing policy is designed for active-passive failover scenarios. By creating two alias records (primary and secondary) for the same DNS name and associating a health check with the primary record, Route 53 automatically directs traffic to the secondary region if the primary health check fails. This meets the requirement of automatic failover without manual intervention.

Variation 3. Based on the exhibit, DNS still sends traffic to the primary Region even though Route 53 health checks show the primary endpoint is unhealthy. What is the best change to make failover work as intended?

hard
  • A.Change both records to weighted routing with a 50/50 split so Route 53 can shift traffic gradually.
  • B.Use a failover routing policy with a primary record and a secondary record, and attach the health check to the primary record.
  • C.Switch to latency-based routing so users are always directed to the lowest-latency Region.
  • D.Use geolocation routing so clients in one Region are sent to the healthier endpoint.

Why B: Option B is correct because a failover routing policy with a health check attached to the primary record is the only configuration that allows Route 53 to automatically stop sending traffic to an unhealthy primary endpoint and redirect it to the secondary endpoint. Without the health check attached to the primary record, Route 53 has no mechanism to detect the failure and will continue routing traffic to the primary Region, even if the health check status shows unhealthy.

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This SAA-C03 practice question is part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SAA-C03 exam.