Medium SAA-C03 practice questions
Applied — put a concept to work in a realistic situation. 136 medium questions available — no sign-up, always free.
A company hosts a public web application behind an Application Load Balancer. The security team imported a third-party TLS certificate into AWS Certificate Manager (ACM) to use on the ALB. They are concerned about an unplanned outage caused by the certificate expiring without notice. What is the MOST operationally efficient way to be alerted before this imported certificate expires?
A financial services company runs a web application behind an Application Load Balancer (ALB) in a public subnet, with EC2 instances in private subnets. Compliance requires that all client traffic to the application be encrypted in transit using a publicly trusted certificate, and the security team wants to minimize the operational overhead of certificate renewal. Which solution meets these requirements?
A retail company runs three microservices (product catalog, shopping cart, and user profile) as separate Amazon ECS services behind a single public entry point. The team wants customers to reach each microservice through the same domain name, with requests routed to the correct service based on the URL path (for example, /catalog, /cart, and /profile). The solution must scale automatically and require minimal operational overhead. Which approach BEST meets these requirements?
A gaming company runs a real-time multiplayer backend on Amazon ECS. The workload communicates over raw TCP, requires the ability to handle millions of requests per second with ultra-low latency, and the company's enterprise customers require a set of static IP addresses to allowlist in their firewalls. Which load balancing solution best meets these requirements?
A company runs a public e-commerce web application behind an Application Load Balancer (ALB) in a VPC. Recently, security logs revealed repeated SQL injection attempts and malicious HTTP requests targeting the application's login and search pages. The security team needs a managed solution that inspects incoming HTTP/HTTPS requests at the application layer and blocks these attack patterns before they reach the backend instances, while allowing legitimate traffic. Which approach best meets these requirements?
A company runs a serverless REST API using Amazon API Gateway backed by AWS Lambda functions that write to a small Amazon RDS for PostgreSQL Multi-AZ instance. During marketing campaigns, sudden traffic spikes cause thousands of concurrent Lambda invocations to open connections to the database simultaneously, exhausting the connection limit and causing widespread request failures. The team wants to smooth out these bursts so the database is never overwhelmed, while ensuring no write requests are lost. Which solution best meets these requirements?
A company exposes a public REST API through Amazon API Gateway to several partner organizations. Each partner has purchased a different subscription tier, and the company must enforce a distinct monthly request quota and per-second rate limit for each partner while identifying which partner made each call. The solution should require minimal custom code. What should the solutions architect implement?
A company runs a stateless web application on EC2 instances behind an Application Load Balancer. All instances currently launch in a single Availability Zone within one Region. During a recent AZ outage, the entire application became unavailable for several hours. The team wants to improve fault tolerance so the application survives the loss of a single Availability Zone with no manual intervention, while keeping costs reasonable. Which change should the solutions architect make?
A media company runs a stateless web application on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. Traffic is unpredictable, with sudden spikes during breaking news events. The operations team currently manages capacity manually and often over-provisions to be safe, wasting money during quiet periods. They want the group to automatically maintain healthy performance while minimizing cost, using the simplest configuration to manage. Which scaling approach best meets these requirements?
A company runs a production Aurora MySQL cluster. To meet an internal policy, the team set the automated backup retention period to the maximum 35 days and also created hundreds of manual snapshots over the past year that are never deleted. The finance team notices rising 'backup storage' charges on the monthly bill. Auditors only require the ability to restore data from the last 7 days. Which action will MOST effectively reduce backup storage costs while still meeting the audit requirement?
A financial services company runs a reporting platform on an Amazon Aurora MySQL cluster with one writer and four reader replicas. Two of the readers are large, memory-optimized instances dedicated to heavy analytical queries, while the other two smaller readers serve the customer-facing dashboard. Currently the application uses the built-in reader endpoint, which round-robins connections across all four readers, causing the dashboard to occasionally hit the large analytics instances and analytical queries to land on the small instances, resulting in inconsistent performance. The team wants to ensure dashboard traffic only uses the two small readers and analytics traffic only uses the two large readers, without managing connection logic in application code. What should the solutions architect recommend?
A financial services company runs its primary transactional workload on an Amazon Aurora MySQL cluster in the us-east-1 Region. Regulatory requirements dictate that the application must be able to recover in a second Region with an RPO of less than 1 second and an RTO of under 5 minutes in the event of a full Region outage. The solution must minimize replication lag and avoid impacting the performance of the primary cluster. Which approach best meets these requirements?
A financial reporting application runs on Amazon Aurora MySQL. During business hours, analysts generate large numbers of read-only dashboard queries that overwhelm the primary database instance, causing write transactions from the core application to slow down. The team wants to offload the reporting queries and improve availability without changing the application's write path. Which solution best meets these requirements?
A company runs an internal reporting application used only during business hours, with unpredictable spikes when analysts run ad-hoc queries. Traffic drops to near zero on nights and weekends. The team wants a fully managed relational database that automatically scales compute capacity up and down to match demand and minimizes cost during idle periods, without requiring them to manually resize instances. Which solution best meets these requirements?
A company runs an internal expense-reporting application that is used heavily for a few hours at the end of each month but sees almost no traffic for the remaining three weeks. The application uses a MySQL-compatible relational database. Currently they pay for a provisioned Amazon Aurora instance running 24/7, and finance has flagged the database as a major source of wasted spend. The team wants to minimize cost while keeping full relational capabilities and automatically matching capacity to the unpredictable monthly spikes. Which approach is the MOST cost-effective?
A company runs a stateless web application on an Amazon EC2 Auto Scaling group behind an Application Load Balancer (ALB) across three Availability Zones. Occasionally, an instance's application process hangs and returns HTTP 500 errors, but the EC2 instance itself continues running and passes the default EC2 status checks. The Auto Scaling group therefore does not replace these unhealthy instances, and users intermittently receive errors. What should the solutions architect do to ensure unhealthy instances are automatically replaced?
A company runs an internal reporting application on EC2 instances backed by an Amazon RDS for PostgreSQL database in the us-east-1 Region. Management wants a disaster recovery plan for a full Regional outage but has stated the application is non-critical: a recovery time of up to 24 hours and data loss of up to a few hours are acceptable. The primary goal is to keep ongoing DR costs as low as possible. Which disaster recovery strategy best meets these requirements?
A financial services company must retain database and file server backups in an immutable state for seven years to satisfy a regulatory requirement. Auditors demand assurance that no user — including administrators with full IAM permissions — can shorten the retention period or delete backups before they expire. The company already uses AWS Backup to centralize backups of Amazon EBS, Amazon RDS, and Amazon EFS resources. Which approach meets these requirements with the least ongoing operational effort?
A media company serves a global single-page application from Amazon S3 through Amazon CloudFront. The product team wants to insert a custom HTTP security header and modify the response object based on the viewer's country before content is returned to the browser, without changing the origin. The logic must run at CloudFront edge locations with minimal added latency and must not require managing servers. Which solution best meets these requirements?
A media company hosts static website assets and downloadable files in an Amazon S3 bucket, distributed globally through Amazon CloudFront. Security requires that the S3 bucket must NOT be publicly accessible, and objects should only be reachable through the CloudFront distribution. Which approach meets these requirements with the least ongoing management effort?
A media company hosts a popular photo-sharing website. Static images are stored in an Amazon S3 bucket and served directly to millions of users worldwide. The finance team reports that S3 data transfer out to the internet has become the single largest line item on the monthly bill, because the same popular images are downloaded repeatedly by users across many Regions. Which change will MOST effectively reduce the data transfer costs?
A media company hosts an educational video platform on an Application Load Balancer backed by an Auto Scaling group of EC2 instances in the us-east-1 Region. Users worldwide report slow initial load times and buffering, especially in Asia and Europe. The videos are large static MP4 files stored on the instances, and the origin is being overwhelmed by repeated downloads of the same files. Which solution BEST improves global performance while reducing load on the origin?
A company is launching a mobile application that must allow users to sign up and sign in using their email address, and also offer the option to sign in with their existing Google or Facebook accounts. After authentication, the app calls a backend API fronted by Amazon API Gateway. The solutions architect must implement user authentication and secure the API with the least operational overhead. Which approach should the architect recommend?
A company runs a serverless data-processing pipeline built on hundreds of AWS Lambda functions. The finance team reports that Lambda charges have grown steadily, and engineers suspect many functions are configured with more memory than they actually need. The team wants a low-effort, data-driven way to identify functions whose memory allocation could be reduced to lower cost without impacting performance. Which approach best meets this requirement?
A company runs a fleet of 40 On-Demand EC2 instances hosting an internal application. Finance reports the monthly EC2 bill is high, and the operations team suspects the instances were oversized during initial deployment. Average CPU utilization sits around 8% and memory usage around 20%. The team wants specific, data-driven recommendations on which instance types to move to, based on actual historical usage, before making any changes. Which AWS service should they use to obtain these recommendations at the lowest effort?