AWS Certified Solutions Architect – Associate SAA-C03

A research lab runs periodic analytics jobs that require large storage throughput for only a few hours a day. They want to avoid paying for unused provisioned storage during idle periods.

Which storage option is best?

A developer team is building an internal web app that should only be accessible from the company’s VPN or office IP addresses. It is hosted on EC2 behind an ALB.

What is the simplest way to restrict access?

A machine learning team uses large EC2 GPU instances for training models. They want to reduce costs but maintain the same performance. Spot interruptions occasionally cause jobs to restart from scratch.

What is the most cost-effective and fault-tolerant solution?

A company uses AWS Organizations with SCPs in place. Developers in a child account report they cannot create EC2 instances, even though their IAM policies allow it.

What should the solutions architect investigate first?

An e-commerce company wants to automatically scale their EC2-based backend when CPU usage exceeds 70% and terminate instances when usage falls below 30%. They also want to prevent scaling too quickly due to sudden traffic spikes.

What should the architect configure?

A company stores logs in S3. They want to run daily queries over 90 days of logs, then archive data for compliance. Queries should be quick, and storage costs must remain low.

What is the best solution?

A SaaS provider offers services to multiple customers. Each customer must be logically isolated, and the application must support thousands of tenants with minimal operational overhead.

Which design approach should the solutions architect choose?

A team is developing a new serverless application that integrates with external APIs. They want to control costs by avoiding unexpected bursts of function execution due to looping calls or malformed events.

What is the best way to enforce these constraints?

A company has a global user base accessing its static website hosted on S3. Users in some regions report high latency. The company wants to reduce latency, protect against DDoS, and support custom domains with HTTPS.

What is the best solution?

A healthcare company is deploying a web application that collects patient data. They require end-to-end encryption, including data in transit and at rest. Additionally, they want to ensure that only clients from trusted IP ranges can access the service.

Which solution best meets these requirements?

A retail company wants to build a product search feature using auto-complete as users type. The solution must scale with usage and offer fast response times with partial match support.

Which service combination is best?

An IoT company uses Kinesis Data Streams to ingest sensor data. They want to ensure every message is processed at least once and stored durably before processing.

What should the architect recommend?

A mobile application uses a Lambda function for backend processing. The function is now hitting concurrency limits during heavy usage. The team wants to handle more requests without significant refactoring.

What should the architect do?

A global enterprise is planning a disaster recovery strategy for a critical web app deployed in us-east-1. They want to achieve <30s failover and <5-minute RTO across Regions.

What should they implement?

A security team wants to ensure that any new IAM user created in the AWS environment cannot make changes until they rotate their access keys and set up MFA.

How should the solutions architect enforce this requirement?

A web application is hosted on EC2 in a public subnet with an attached security group that allows HTTP/HTTPS. However, users report intermittent connection errors. Logs show that some health checks are failing from ALB.

What could be the root cause?

An ecommerce company needs to encrypt data stored in Amazon RDS PostgreSQL. Compliance also requires that they rotate the encryption keys annually.

What is the most secure and manageable solution?

A startup is running a fleet of EC2 Spot Instances for a batch job. Occasionally, the job gets interrupted due to spot termination, and the processing starts over, wasting compute cycles.

What is the best approach to ensure progress is preserved and cost remains low?

A gaming company stores player session data in a DynamoDB table. Occasionally, a developer mistakenly deletes important attributes while updating player stats. The company wants to prevent this going forward.

What should the solutions architect recommend?

A serverless photo sharing app uses Lambda, S3, and DynamoDB. Users report that sometimes uploaded images never appear in the UI. Investigation shows that object metadata is missing from DynamoDB, even though files exist in S3.

How should the architect redesign the workflow for reliability?

A real estate firm uses AWS to host its web and analytics workloads. They require real-time application metrics, anomaly detection for unusual patterns, and automatic alerts without maintaining monitoring infrastructure.

What is the most appropriate solution?

A ride-sharing platform wants to enforce security by restricting developers from launching EC2 instances directly into public subnets, while still allowing them to work within private subnets.

How should a solutions architect implement this control?

A data analytics company stores time-series telemetry data in S3. They need a querying solution that supports partitioning by time and filters large datasets efficiently, without moving data to a database.

What should the architect recommend?

A media company has thousands of archived video files stored in S3 Glacier Deep Archive. Now, they need to generate metadata from these files using a new AI service, but they want to minimize retrieval costs and avoid long delays.

What is the best strategy?

A financial services firm processes sensitive transaction records via a REST API built with API Gateway and Lambda. Regulatory guidelines require complete auditability of each API request, including headers and body payloads, without logging sensitive values in plaintext.

Which solution meets the compliance requirement?

A client is building a highly available web application across two Regions. They want to ensure automatic DNS failover with minimal RTO.

What configuration should the solutions architect choose?

A customer has a website hosted on EC2 and backed by an RDS MySQL database. They report increased latency during marketing campaigns. Database metrics show high read queries.

What is the best short-term fix?

A legacy monolith application running on EC2 needs to be containerized and modernized gradually. The company wants minimal disruption and easy rollback.

Which service is best for incremental migration?

A real-time analytics app uses Kinesis Data Streams and processes millions of events per minute. The development team reports a ProvisionedThroughputExceededException during traffic spikes.

What should a solutions architect recommend?

A financial application must retain logs for 7 years in compliance with industry regulations. Logs are frequently accessed in the first 30 days and rarely after that. The solution should minimize storage cost.

What is the most cost-effective storage class combination?

An e-commerce platform is seeing high read/write traffic on its product catalog stored in DynamoDB. Some reads are consistent, others can tolerate stale data. The company wants to optimize cost while ensuring high performance.

What should a solutions architect do?

Your application architecture uses microservices that must discover each other dynamically. They are deployed across multiple Availability Zones using ECS Fargate. You want to minimize custom configuration and ensure reliable service discovery.

What should the architect recommend?

A SaaS company wants to onboard customer applications in isolated environments. Each customer should have separate VPCs, but the company wants to maintain centralized logging and compliance monitoring across accounts.

What is the most scalable approach?

A healthcare company must store patient records in a secure and compliant manner. They are using S3 and want to enforce encryption in transit and at rest, along with access auditability.

What should a solutions architect configure?

An online education platform stores video content in S3. They want to serve content globally with reduced latency and protect the original URLs from being exposed.

What combination should the solutions architect use?

A company has a hybrid environment with on-premises systems connected to AWS via a Site-to-Site VPN. The VPN frequently experiences latency and packet loss. They plan to migrate critical workloads to AWS.

What is the best recommendation to ensure consistent and low-latency connectivity?

A company wants to deploy a serverless image recognition API. The solution must scale automatically, allow version control, and avoid cold start latency during business hours.

What is the best architectural choice?

A logistics company is developing a real-time tracking system for vehicles. The application must ingest location data every second, store it for 12 months, and support analytics queries on recent and historical data.

Which solution provides the best performance and cost-efficiency?

A startup uses Amazon Aurora MySQL for their backend. They want to deploy a new read-intensive microservice that should not impact write latency. The team is concerned about network cost, latency, and availability across multiple AZs.

What should a solutions architect do?

A media company is developing a video processing pipeline that receives 4K videos uploaded by users into an S3 bucket. These videos must be transcoded into multiple formats and resolutions. The team wants to ensure processing is automatic, scalable, and tolerant to intermittent processing failures. Each job takes 3–4 minutes, and multiple files may be uploaded simultaneously.

What is the most reliable and cost-efficient design?

You’ve deployed a VPC with public and private subnets. The private subnet hosts EC2 instances that need to access the internet but should not be exposed publicly.

Which configuration enables this?

A company is building a mobile app backend using API Gateway and Lambda. They want to securely store user-specific data and retrieve it based on identity.

Which approach meets this requirement?

An application receives large files from customers via HTTPS. Files are stored in S3 and processed by a fleet of EC2 instances. During traffic spikes, the EC2 fleet fails to scale fast enough.

Which design improves scalability and minimizes manual intervention?

A company stores sensitive data in S3 and wants to ensure objects are encrypted using a customer-managed key. They also want to rotate keys every 12 months.

Which solution meets the requirement?

A startup uses ECS Fargate to run a containerized app. They want to reduce costs without rewriting code. App traffic varies drastically throughout the day.

What should the solutions architect recommend?

A developer deployed a Lambda function triggered by S3 PUT events. The function processes large images and stores results in another S3 bucket. Recently, some files are processed multiple times or missed entirely.

What should a solutions architect do?

A financial firm runs a latency-sensitive trading app with low fault tolerance. It requires near-zero downtime even in case of infrastructure failure. Which design provides the highest availability?

Your company is storing billions of images in Amazon S3. A recent audit requires identifying and reporting access patterns for compliance. The team must implement a solution that reports which images are accessed and how often, without impacting performance.

What should you do?

A company is migrating a legacy application to AWS. The app requires static IPs for whitelisting and must run in multiple Availability Zones. The solution should minimize operational overhead.

What is the best solution?

A company is running a multi-tier web application in a single AWS Region. The application layer runs on Amazon EC2 instances behind an Application Load Balancer. The database layer uses Amazon RDS for PostgreSQL. The team notices intermittent application slowness during peak hours, primarily related to long-running queries.

What should a solutions architect recommend to improve performance with minimal application changes?