Question 171 of 1,040
Design Resilient ArchitecturesmediumMultiple ChoiceObjective-mapped

SAA-C03 Design Resilient Architectures Practice Question

This SAA-C03 practice question tests your understanding of design resilient architectures. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Your public API is hosted in two regions. You want Route 53 to automatically send traffic to the secondary region when the primary region’s endpoint fails. The primary API health check is returning failure codes, but clients still reach the primary region for several minutes. Which Route 53 configuration most directly addresses this behavior?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "primary"

    Why it matters: Asks for the main purpose or function, not a secondary benefit. Eliminate answers that describe side-effects or partial functions.

Question 1mediummultiple choice
Review the full routing breakdown →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Use Route 53 failover routing with a primary record and a secondary record, each associated with its own health check, so Route 53 answers with the healthy region.

Option B is correct because Route 53 failover routing with health checks on both primary and secondary records ensures that when the primary health check fails, Route 53 stops returning the primary record's IP and instead returns the secondary record's IP. This directly addresses the observed behavior where clients still reach the primary region for several minutes—likely because the primary record's health check was not configured or associated, or a simple routing policy was used without health check integration, causing stale DNS responses to be served until TTL expires.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Use a single Alias A record with simple routing and a short TTL so Route 53 quickly changes the IP address.

    Why it's wrong here

    Simple routing with an Alias record does not perform health-check-based switching to a different endpoint/record set. TTL affects caching duration, but it does not implement failover logic.

  • Use Route 53 failover routing with a primary record and a secondary record, each associated with its own health check, so Route 53 answers with the healthy region.

    Why this is correct

    Failover routing is designed for this: Route 53 evaluates health checks and returns the primary record while it is healthy. When the primary health check fails, Route 53 automatically returns the secondary record. Note that clients may still see traffic for a few minutes due to DNS caching, but failover routing is the configuration that enables automatic region switching.

    Clue confirmation

    The clue word "primary" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Use weighted routing to send a small percentage of traffic to the secondary region, increasing it manually when the primary fails.

    Why it's wrong here

    Weighted routing distributes traffic but does not automatically switch based on health. Manual changes introduce delay and operational dependencies.

  • Use latency routing only, letting Route 53 choose the lowest-latency region at query time, without health checks.

    Why it's wrong here

    Latency routing optimizes for latency and does not provide deterministic failover semantics based on endpoint health. If the primary is unhealthy but still resolves, clients can keep being directed there.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates assume a short TTL alone (Option A) is sufficient for fast failover, but without health checks, Route 53 has no mechanism to detect endpoint failure and will continue returning the primary record until the TTL expires and the record is manually updated, causing the observed delay.

Detailed technical explanation

How to think about this question

Route 53 failover routing uses active-passive configuration: the primary record is associated with a health check that monitors the endpoint (e.g., via HTTP/S, TCP, or HTTPS). When the health check fails, Route 53 marks the primary record as unhealthy and automatically returns the secondary record's IP in DNS responses. The DNS TTL on the failover records is typically set low (e.g., 60 seconds) to minimize propagation delay, but the failover itself is triggered by health check status changes, not TTL expiry. Under the hood, Route 53 health checkers are distributed globally and evaluate the endpoint every 30 seconds by default; after three consecutive failures, the health check is marked unhealthy, and subsequent DNS queries receive the secondary record.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A company's IT admin needs to give a contractor read-only access to production logs without sharing account credentials. Using role-based access control (RBAC) and temporary scoped permissions — not a permanent shared password — is the correct pattern. Questions like this test whether you can apply least-privilege access across cloud identity services.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related SAA-C03 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SAA-C03 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SAA-C03 question test?

Design Resilient Architectures — This question tests Design Resilient Architectures — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Use Route 53 failover routing with a primary record and a secondary record, each associated with its own health check, so Route 53 answers with the healthy region. — Option B is correct because Route 53 failover routing with health checks on both primary and secondary records ensures that when the primary health check fails, Route 53 stops returning the primary record's IP and instead returns the secondary record's IP. This directly addresses the observed behavior where clients still reach the primary region for several minutes—likely because the primary record's health check was not configured or associated, or a simple routing policy was used without health check integration, causing stale DNS responses to be served until TTL expires.

What should I do if I get this SAA-C03 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "primary". Asks for the main purpose or function, not a secondary benefit. Eliminate answers that describe side-effects or partial functions.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More SAA-C03 practice questions

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This SAA-C03 practice question is part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SAA-C03 exam.