Amazon AWS Certified Solutions Architect - Associate SAA-C03 AWS Certified Solutions Architect - Associate Dumps in PDF

Free Amazon AWS Certified Solutions Architect - Associate Real Questions (page: 9)

A hospital recently deployed a RESTful API with Amazon API Gateway and AWS Lambda. The hospital uses API Gateway and Lambda to upload reports that are in PDF format and JPEG format. The hospital needs to modify the Lambda code to identify protected health information (PHI) in the reports.
Which solution will meet these requirements with the LEAST operational overhead?

  1. Use existing Python libraries to extract the text from the reports and to identify the PHI from the extracted text.
  2. Use Amazon Textract to extract the text from the reports. Use Amazon SageMaker to identify the PHI from the extracted text.
  3. Use Amazon Textract to extract the text from the reports. Use Amazon Comprehend Medical to identify the PHI from the extracted text.
  4. Use Amazon Rekognition to extract the text from the reports. Use Amazon Comprehend Medical to identify the PHI from the extracted text.

Answer(s): C

Explanation:

Using Textract for OCR and Comprehend Medical for PHI identification provides a managed, purpose-built solution with minimal operational overhead. Textract handles PDF and JPEG text extraction; Comprehend Medical specializes in PHI/PHI-like aetiology, delivering HIPAA-friendly, scalable PHI detection integrated with AWS services.
A) Manual Python libraries require custom maintenance and OCR/PHI logic, increasing overhead.
B) SageMaker adds operation and model management complexity; PHI detection may require custom labeling and pipelines.
D) Rekognition OCR is not optimized for document-heavy PHI tasks and pairing with Comprehend Medical adds unnecessary mismatch; Textract+Comprehend Medical is a better fit.



A company has an application that generates a large number of files, each approximately 5 MB in size. The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be deleted. Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days.
Which storage solution is MOST cost-effective?

  1. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Glacier 30 days from object creation. Delete the files 4 years after object creation.
  2. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) 30 days from object creation. Delete the files 4 years after object creation.
  3. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation. Delete the files 4 years after object creation.
  4. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation. Move the files to S3 Glacier 4 years after object creation.

Answer(s): C

Explanation:

A) Incorrect. Glacier is not accessible for immediate retrieval; 30 days is fine, but Glacier incurs retrieval latency and may hinder access, plus not the most cost-effective for the 4-year window with frequent access in first 30 days.
B) Incorrect. One Zone-IA has lower durability (Single AZ) and is less ideal for critical data; potential data loss risk and unsupported cross-region resilience.
C) Correct. S3 Standard-IA offers cost savings after 30 days while maintaining immediate retrieval for infrequent access requirements; aligns with 4-year retention and immediate access needs.
D) Incorrect. Moving to Glacier after 4 years adds unnecessary retrieval path and complexity; Standard-IA already provides cost savings during long-term retention with frequent access in early period.



A company hosts an application on multiple Amazon EC2 instances. The application processes messages from an Amazon SQS queue, writes to an Amazon RDS table, and deletes the message from the queue. Occasional duplicate records are found in the RDS table. The SQS queue does not contain any duplicate messages.
What should a solutions architect do to ensure messages are being processed once only?

  1. Use the CreateQueue API call to create a new queue.
  2. Use the AddPermission API call to add appropriate permissions.
  3. Use the ReceiveMessage API call to set an appropriate wait time.
  4. Use the ChangeMessageVisibility API call to increase the visibility timeout.

Answer(s): D

Explanation:

The correct answer is D. Increasing the visibility timeout with ChangeMessageVisibility ensures that once a consumer receives a message, it isn’t delivered to other consumers for the extended period while it’s being processed, reducing duplicates in RDS.
A is incorrect because CreateQueue creates a new queue, not addressing duplicates. B is incorrect because AddPermission manages access rights, not processing deduplication. C is incorrect because ReceiveMessage with wait time (long polling) affects latency, not preventing concurrent processing that can cause duplicates.



A solutions architect is designing a new hybrid architecture to extend a company's on-premises infrastructure to AWS. The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails.
What should the solutions architect do to meet these requirements?

  1. Provision an AWS Direct Connect connection to a Region. Provision a VPN connection as a backup if the primary Direct Connect connection fails.
  2. Provision a VPN tunnel connection to a Region for private connectivity. Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails.
  3. Provision an AWS Direct Connect connection to a Region. Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails.
  4. Provision an AWS Direct Connect connection to a Region. Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.

Answer(s): A

Explanation:

A) Correct: Primary Direct Connect for low latency and high availability; VPN as backup ensures connectivity if DX fails, meeting high availability with lower cost by using VPN over the public internet during failover.
B) VPN only does not provide consistent low latency or the same reliability as Direct Connect for primary; second VPN as backup is acceptable but not as cost-effective for a DX-centric design with low latency requirements.
C) Two Direct Connect connections in the same region increase cost and complexity; failover still requires routing adjustments but VPN is not needed for this requirement.
D) There is no AWS CLI “Direct Connect failover” automatic backup; you must configure an independent backup path (VPN) for failover.



A company is running a business-critical web application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database that is deployed in a single Availability Zone. The company wants the application to be highly available with minimum downtime and minimum loss of data.
Which solution will meet these requirements with the LEAST operational effort?

  1. Place the EC2 instances in different AWS Regions. Use Amazon Route 53 health checks to redirect traffic. Use Aurora PostgreSQL Cross-Region Replication.
  2. Configure the Auto Scaling group to use multiple Availability Zones. Configure the database as Multi-AZ. Configure an Amazon RDS Proxy instance for the database.
  3. Configure the Auto Scaling group to use one Availability Zone. Generate hourly snapshots of the database. Recover the database from the snapshots in the event of a failure.
  4. Configure the Auto Scaling group to use multiple AWS Regions. Write the data from the application to Amazon S3. Use S3 Event Notifications to launch an AWS Lambda function to write the data to the database.

Answer(s): B

Explanation:

A concise explanation of the correct answer and why others are incorrect:
B) Using multi-AZ Auto Scaling with a Multi-AZ database and RDS Proxy provides high availability and durability with minimal operational effort. Multi-AZ protects the database from AZ-level failures, RDS Proxy improves connection management and failover handling for applications behind an ALB. A) cross-region complexity and latency, plus Cross-Region Aurora replication adds complexity and cost for DR rather than HA within a single region. C) Single AZ and hourly snapshots offer poor availability and potential data loss. D) Multi-region writes and S3-based logging add latency, complexity, and do not ensure database durability during region failures.



A company's HTTP application is behind a Network Load Balancer (NLB). The NLB's target group is configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web service.
The company notices that the NLB is not detecting HTTP errors for the application. These errors require a manual restart of the EC2 instances that run the web service. The company needs to improve the application's availability without writing custom scripts or code.
What should a solutions architect do to meet these requirements?

  1. Enable HTTP health checks on the NLB, supplying the URL of the company's application.
  2. Add a cron job to the EC2 instances to check the local application's logs once each minute. If HTTP errors are detected. the application will restart.
  3. Replace the NLB with an Application Load Balancer. Enable HTTP health checks by supplying the URL of the company's application. Configure an Auto Scaling action to replace unhealthy instances.
  4. Create an Amazon Cloud Watch alarm that monitors the UnhealthyHostCount metric for the NLB. Configure an Auto Scaling action to replace unhealthy instances when the alarm is in the ALARM state.

Answer(s): C

Explanation:

The correct answer is C.
A) Incorrect: NLB supports TCP/UDP health checks or HTTP/HTTPS using a target group, but it cannot use an application URL for health checks like an ALB can. Replacing with ALB and enabling HTTP health checks ensures application-level health checks and automatic replacement of unhealthy instances via ASG.
B) Incorrect: A cron job requires custom scripts and ongoing maintenance, contradicting the requirement to avoid writing code or scripts.
D) Incorrect: CloudWatch UnhealthyHostCount monitors platform health, not application-level HTTP errors. It may trigger replacements too late or inappropriately without direct app health checks.



A company runs a shopping application that uses Amazon DynamoDB to store customer information. In case of data corruption, a solutions architect needs to design a solution that meets a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO) of 1 hour.
What should the solutions architect recommend to meet these requirements?

  1. Configure DynamoDB global tables. For RPO recovery, point the application to a different AWS Region.
  2. Configure DynamoDB point-in-time recovery. For RPO recovery, restore to the desired point in time.
  3. Export the DynamoDB data to Amazon S3 Glacier on a daily basis. For RPO recovery, import the data from S3 Glacier to DynamoDB.
  4. Schedule Amazon Elastic Block Store (Amazon EBS) snapshots for the DynamoDB table every 15 minutes. For RPO recovery, restore the DynamoDB table by using the EBS snapshot.

Answer(s): B

Explanation:

D) B) reason
B) Point-in-time recovery provides continuous backups and allows restore to any second within the last 35 days, meeting 15-minute RPO and 1-hour RTO when combined with fast restoration of the table. A) Global tables address cross-region replication, not RPO/RTO in a single-region failure. C) Daily export to S3 Glacier introduces long restore times and does not meet 15-minute RPO. D) DynamoDB uses managed backups; EBS snapshots are not applicable to DynamoDB since DynamoDB is a managed service, and backups are not tied to EBS.



A company runs a photo processing application that needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region. A solutions architect has noticed an increased cost in data transfer fees and needs to implement a solution to reduce these costs.
How can the solutions architect meet this requirement?

  1. Deploy Amazon API Gateway into a public subnet and adjust the route table to route S3 calls through it.
  2. Deploy a NAT gateway into a public subnet and attach an endpoint policy that allows access to the S3 buckets.
  3. Deploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets.
  4. Deploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that allows access to the S3 buckets.

Answer(s): D

Explanation:

S3 VPC endpoint provides private, region-local connectivity to S3 without data traversing the public internet, eliminating inter‑region and NAT data transfer costs between the VPC and S3.
A) API Gateway does not route S3 traffic; it adds unnecessary public exposure and cost.
B) NAT gateway adds egress charges and does not provide private, region‑local S3 access; endpoint is more cost-effective.
C) Routing through an internet gateway uses public internet paths and incurs data transfer costs and potential exposure.
D) Correct: S3 VPC endpoint with appropriate policy enables private, low‑cost access to S3 in the same region.



Share your comments for Amazon AWS Certified Solutions Architect - Associate exam with other users:

A
AI Tutor Explanation
4/25/2026 1:53:46 PM

Question 7:

  • Correct answer: B — A risk score is computed based on the number of remediations needed compared to the industry peer average.

Explanation:
  • Risk360 uses a remediation-based score. It benchmarks how many actions are required to fix issues against peers, giving a relative risk posture.
  • Why not the others:
- A: Not just total risk events by location. - C: Time to mitigate isn’t the primary scoring method. - D: Not a four-stage breach scoring approach.
Note: The page text shows a mismatch (it lists D as the answer), but the study guide describes the remediation-based scoring (B) as the correct concept.

A
AI Tutor Explanation
4/25/2026 1:42:20 PM

Question 104:

  • Correct answer: D) Multi-Terabyte (TB) Range

  • Brief explanation:
- clustering keys organize data into micro-partitions to improve pruning when queries filter on those columns. - The performance benefit is most significant for very large tables; for small tables the overhead of maintaining clustering outweighs gains. - Therefore, as a best practice, define clustering keys on tables at the TB scale.

C
Community Helper
4/25/2026 2:03:10 AM

Q23: Fabric Admin is correct. Because Domain admin cannot create domains. Only Fabric Admin can among the given options. Q51: Wrapping @pipeline.parameter.param1 inside {} will return a string. But question requires the expression to return Int, so correct answer should be @pipeline.parameter.param1 (no {})

A
AI Tutor Explanation
4/23/2026 3:07:03 PM

Question 62:

  • Correct answer: D (per the page)

  • Note: The explanation text on the page describes option B (use ZDX score and Analyze Score to trigger the Y Engine analysis), indicating a mismatch between the stated answer and the rationale.

  • Key concept: For fast root-cause analysis, leverage telemetry and auto-correlated insights:
- Use the user’s ZDX score for AWS and run Analyze Score to activate the Y Engine, which correlates metrics across network, client, and application to pinpoint the issue quickly.
  • Why the other options are less effective:
- A: Only checks for outages; doesn’t provide actionable root-cause analysis. - C: Deep Trace helps visibility but is manual and time-consuming. - D: Packet capture is invasive and slow; not the quickest path to root cause.

A
AI Tutor Explanation
4/23/2026 12:26:21 PM

Question 32:

  • Answer: A (2.4GHz)

  • Why: Lower-frequency signals have longer wavelengths and experience less attenuation when passing through walls and obstacles. Higher frequencies (5GHz, 6GHz) are more easily blocked by walls. NFC operates over very short distances and is not meant to penetrate walls. So 2.4 GHz best penetrates physical objects like walls.

A
AI Tutor Explanation
4/21/2026 8:48:36 AM

Question 3:

  • False is the correct answer (Option B).

Why:
  • In Snowflake, a database is a metadata object that exists within a single Snowflake account. Accounts are isolated—there isn’t one database that lives in multiple accounts.
  • You can access data across accounts via data sharing or database replication, but these create separate database objects in the other accounts (e.g., a database in the consumer account created from a share), not a single shared database across accounts.

So a single database cannot exist in more than one Snowflake account.

A
Anonymous User
4/16/2026 10:54:18 AM

Question 1:

  • Correct answer: Edate = sys.argv[1]
  • Why this is correct:
- When a Databricks Job passes parameters to a notebook, those parameters are supplied to the notebook's Python process as command-line arguments. The first argument after the script name is sys.argv[1], so date = sys.argv[1] captures the passed date value directly.
  • How it compares to other options:
- date = spark.conf.get("date") reads from Spark config, not from job parameters. - input() waits for user input at runtime, which isn’t how job parameters are provided. - date = dbutils.notebooks.getParam("date") would work if the notebook were invoked via dbutils.notebook.run with parameters, not

A
Anonymous User
4/15/2026 4:42:07 AM

Question 528:

  • Correct answer: NSG flow logs for NSG1 (Option B)

  • Why:
- Traffic Analytics uses NSG flow logs to analyze traffic patterns. You must have NSG flow logs enabled for the NSGs you want to monitor. - An Azure Log Analytics workspace is also required to store and query the traffic data. - Network Watcher must be available in the subscription for traffic analytics to function.
  • What to configure (brief steps):
- Ensure Network Watcher is enabled in the East US region (for the subscription/region). - Enable NSG flow logs on NSG1. - Ensure a Log Analytics workspace exists and is accessible (read/write) so Traffic Analytics can store and query logs.
  • Why other options aren’t correct:
- “Diagnostic settings for VM1” or “Diagnostic settings for NSG1” alone don’t guarantee flow logs are captured and sent to Log Analytics, which Traffic Analytics relies on. - “Insights for VM1” is not how Traffic Analytics collects traffic data.

A
Anonymous User
4/15/2026 2:43:53 AM

Question 23:
The correct answer is Domain admin (option B), not Fabric admin.

  • Domain admin provides domain-level management: create domains/subdomains and assign workspaces within those domains, which matches the tasks while following least privilege.
  • Fabric admin is global-level access and is more privileges than needed for this scenario (it would grant broader control across the Fabric environment).

A
Anonymous User
4/14/2026 12:31:34 PM

Question 2:
For question 2, the key concept is the Longest Prefix Match. Routers pick the route whose subnet mask is the most specific (largest prefix length) that still matches the destination IP.
From the options:

  • A) 10.10.10.0/28 ? 10.10.10.0–10.10.10.15
  • B) 10.10.13.0/25 ? 10.10.13.0–10.10.13.127
  • C) 10.10.13.144/28 ? 10.10.13.144–10.10.13.159
  • D) 10.10.13.208/29 ? 10.10.13.208–10.10.13.215

The destination Host A’s IP must fall within 10.10.13.208–10.10.13.215 for the /29 to be the best match. Since /29 is the longest prefix among the matching options, Router1 will use 10.10.13.208/29.
Thus, the correct answer is D.

S
srameh
4/14/2026 10:09:29 AM

Question 3:

  • Correct answer: Phase 4, Post Accreditation

  • Explanation:
- In DITSCAP, the four phases are: - Phase 1: Definition (concept and requirements) - Phase 2: Verification (design and testing) - Phase 3: Validation (fielding and evaluation) - Phase 4: Post Accreditation (ongoing operations and lifecycle management) - The description—continuing operation of an accredited IT system and addressing changing threats throughout its life cycle—fits the Post Accreditation phase, which covers operations, maintenance, monitoring, and reauthorization as threats and environment evolve.

O
onibokun10
4/13/2026 7:50:14 PM

Question 129:
Correct answer: CNAME

  • A CNAME record creates an alias for a domain, so newapplication.comptia.org will resolve to whatever IP address www.comptia.org resolves to. This ensures both names point to the same resource without duplicating the IP.
  • Why not the others:
- SOA defines authoritative information for a zone. - MX specifies mail exchange servers. - NS designates name servers for a zone.
  • Notes: The alias name (newapplication.comptia.org) should not have other records if you use a CNAME for it, and CNAMEs aren’t used for the zone apex (root) domain. This scenario uses a subdomain, so a CNAME is appropriate.

A
Anonymous User
4/13/2026 6:29:58 PM

Question 1:

  • Correct answer: C

  • Why this is best:
- Uses OS Login with IAM, so SSH access is granted via Google accounts rather than distributing per-user SSH keys. - Granting the compute.osAdminLogin role to a Google group gives admin access to all team members in a centralized, auditable way. - Access is auditable: Cloud Audit Logs show who accessed which VM, satisfying the security requirement to determine who accessed a given instance.
  • How it works:
- Enable OS Login on the project/instances (enable-oslogin metadata). - Add the team’s

A
Anonymous User
4/13/2026 1:00:51 PM

Question 2:

  • Answer: D. Azure Advisor

  • Why: To view security-related recommendations for resources in the Compute and Apps area (including App Service Web Apps and Functions), you use Azure Advisor. Advisor surfaces personalized best-practice recommendations across resources, including security, and shows which resources are affected and the severity.

  • Why not the others:
- Azure Log Analytics is for ad-hoc querying of telemetry, not for viewing security recommendations. - Azure Event Hubs is for streaming telemetry data, not for security recommendations.
  • Quick tip: In the portal, navigate to Azure Advisor and check the Security recommendations for App Services to see actionable items and affe

D
Don
4/11/2026 5:36:42 AM

Recommend using AI for Solutions rather the Answer(s) submitted here

M
Mogae Malapela
4/8/2026 6:37:56 AM

This is very interesting

A
Anon
4/6/2026 5:22:54 PM

Are these the same questions you have to pay for in ExamTopics?

L
LRK
3/22/2026 2:38:08 PM

For Question 7 - while the answer description indicates the correct answer, the option no. mentioned is incorrect. Nice and Comprehensive. Thankyou

R
Rian
3/19/2026 9:12:10 AM

This is very good and accurate. Explanation is very helpful even thou some are not 100% right but good enough to pass.

G
Gerrard
3/18/2026 6:58:37 AM

The DP-900 exam can be tricky if you aren't familiar with Microsoft’s specific cloud terminology. I used the practice questions from free-braindumps.com and found them incredibly helpful. The site breaks down core data concepts and Azure services in a way that actually mirrors the real test. As a resutl I passed my exam.

V
Vineet Kumar
3/6/2026 5:26:16 AM

interesting

J
Joe
1/20/2026 8:25:24 AM

Passed this exam 2 days ago. These questions are in the exam. You are safe to use them.

N
NJ
12/24/2025 10:39:07 AM

Helpful to test your preparedness before giving exam

A
Ashwini
12/17/2025 8:24:45 AM

Really helped

J
Jagadesh
12/16/2025 9:57:10 AM

Good explanation

S
shobha
11/29/2025 2:19:59 AM

very helpful

P
Pandithurai
11/12/2025 12:16:21 PM

Question 1, Ans is - Developer,Standard,Professional Direct and Premier

E
Einstein
11/8/2025 4:13:37 AM

Passed this exam in first appointment. Great resource and valid exam dump.

D
David
10/31/2025 4:06:16 PM

Today I wrote this exam and passed, i totally relay on this practice exam. The questions were very tough, these questions are valid and I encounter the same.

T
Thor
10/21/2025 5:16:29 AM

Anyone used this dump recently?

V
Vladimir
9/25/2025 9:11:14 AM

173 question is A not D

K
khaos
9/21/2025 7:07:26 AM

nice questions

K
Katiso Lehasa
9/15/2025 11:21:52 PM

Thanks for the practice questions they helped me a lot.

E
Einstein
9/2/2025 7:42:00 PM

Passed this exam today. All questions are valid and this is not something you can find in ChatGPT.

AI Tutor 👋 I’m here to help!