Amazon AWS Certified Solutions Architect - Associate SAA-C03 AWS Certified Solutions Architect - Associate Dumps in PDF

Free Amazon AWS Certified Solutions Architect - Associate Real Questions (page: 93)

A company is running a batch application on Amazon EC2 instances. The application consists of a backend with multiple Amazon RDS databases. The application is causing a high number of reads on the databases. A solutions architect must reduce the number of database reads while ensuring high availability.
What should the solutions architect do to meet this requirement?

  1. Add Amazon RDS read replicas.
  2. Use Amazon ElastiCache for Redis.
  3. Use Amazon Route 53 DNS caching
  4. Use Amazon ElastiCache for Memcached.

Answer(s): B

Explanation:

A) Use Amazon ElastiCache for Redis
ElastiCache Redis provides in-memory caching to reduce read traffic to RDS by serving frequently accessed data from the cache, improving latency and availability through a managed, clustered cache layer. B) ElastiCache for Redis is correct; it supports data structures, persistence options, and high availability with Redis replication and automatic failover. C) Route 53 DNS caching does not reduce database reads or provide a caching layer for database queries. D) ElastiCache Memcached offers caching but Redis generally provides richer data structures and persistence; however, Redis is the recommended option in this scenario for higher availability and features. A) and C) do not meet the requirement.



A company needs to run a critical application on AWS. The company needs to use Amazon EC2 for the application’s database. The database must be highly available and must fail over automatically if a disruptive event occurs.
Which solution will meet these requirements?

  1. Launch two EC2 instances, each in a different Availability Zone in the same AWS Region. Install the database on both EC2 instances. Configure the EC2 instances as a cluster. Set up database replication.
  2. Launch an EC2 instance in an Availability Zone. Install the database on the EC2 instance. Use an Amazon Machine Image (AMI) to back up the data. Use AWS CloudFormation to automate provisioning of the EC2 instance if a disruptive event occurs.
  3. Launch two EC2 instances, each in a different AWS Region. Install the database on both EC2 instances. Set up database replication. Fail over the database to a second Region.
  4. Launch an EC2 instance in an Availability Zone. Install the database on the EC2 instance. Use an Amazon Machine Image (AMI) to back up the data. Use EC2 automatic recovery to recover the instance if a disruptive event occurs.

Answer(s): A

Explanation:

A) Using two EC2s in different Availability Zones with a clustered database and replication provides high availability and automatic failover within a single region, satisfying HA and automatic recovery requirements.
B) Single AZ with manual AMI backups and CloudFormation does not provide automatic failover or multi-AZ resilience for database availability.
C) Cross-region deployment adds complexity and latency; automatic failover across regions is not native for typical EC2-hosted databases and is not standard HA.
D) EC2 automatic recovery applies to the instance, not to application-level failover or database HA; single AZ limits resilience.



A company’s order system sends requests from clients to Amazon EC2 instances. The EC2 instances process the orders and then store the orders in a database on Amazon RDS. Users report that they must reprocess orders when the system fails. The company wants a resilient solution that can process orders automatically if a system outage occurs.
What should a solutions architect do to meet these requirements?

  1. Move the EC2 instances into an Auto Scaling group. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to target an Amazon Elastic Container Service (Amazon ECS) task.
  2. Move the EC2 instances into an Auto Scaling group behind an Application Load Balancer (ALB). Update the order system to send messages to the ALB endpoint.
  3. Move the EC2 instances into an Auto Scaling group. Configure the order system to send messages to an Amazon Simple Queue Service (Amazon SQS) queue. Configure the EC2 instances to consume messages from the queue.
  4. Create an Amazon Simple Notification Service (Amazon SNS) topic. Create an AWS Lambda function, and subscribe the function to the SNS topic. Configure the order system to send messages to the SNS topic. Send a command to the EC2 instances to process the messages by using AWS Systems Manager Run Command.

Answer(s): C

Explanation:

Moving EC2s into an Auto Scaling group and decoupling processing with SQS enables durable, fault-tolerant reprocessing. Messages persist in SQS until processed, and EC2 instances can scale and continuously poll the queue, ensuring orders are not lost during outages. This supports automatic retries and at-least-once processing.
A) EventBridge triggering ECS task is not addressing persistent retry or queueing; adds complexity without guaranteed ordering/reprocessing semantics.
B) ALB with direct client routing does not provide durable queueing or automatic reprocessing if instances fail.
D) SNS plus Lambda and Run Command introduces tight coupling and operational overhead; not a reliable, scalable reprocessing mechanism for batch order processing.



A company runs an application on a large fleet of Amazon EC2 instances. The application reads and writes entries into an Amazon DynamoDB table. The size of the DynamoDB table continuously grows, but the application needs only data from the last 30 days. The company needs a solution that minimizes cost and development effort.
Which solution meets these requirements?

  1. Use an AWS CloudFormation template to deploy the complete solution. Redeploy the CloudFormation stack every 30 days, and delete the original stack.
  2. Use an EC2 instance that runs a monitoring application from AWS Marketplace. Configure the monitoring application to use Amazon DynamoDB Streams to store the timestamp when a new item is created in the table. Use a script that runs on the EC2 instance to delete items that have a timestamp that is older than 30 days.
  3. Configure Amazon DynamoDB Streams to invoke an AWS Lambda function when a new item is created in the table. Configure the Lambda function to delete items in the table that are older than 30 days.
  4. Extend the application to add an attribute that has a value of the current timestamp plus 30 days to each new item that is created in the table. Configure DynamoDB to use the attribute as the TTL attribute.

Answer(s): D

Explanation:

D) Using DynamoDB Time To Live (TTL) with a per-item 30-day expiry is the simplest, cost-efficient, and low-development approach. TTL automatically deletes items after the specified timestamp, requiring no ongoing processing or Lambda/EC2 maintenance, and minimizes storage costs for aging data.
A) CloudFormation redeploy every 30 days is operationally heavy and unnecessary; it does not automate data expiry.
B) EC2-based monitoring with DynamoDB Streams and custom deletion adds unmanaged maintenance, scaling concerns, and cost.
C) Lambda-driven deletion still incurs invocation costs and requires continuous event handling; TTL is more straightforward and scalable.



A company has a Microsoft .NET application that runs on an on-premises Windows Server. The application stores data by using an Oracle Database Standard Edition server. The company is planning a migration to AWS and wants to minimize development changes while moving the application. The AWS application environment should be highly available.
Which combination of actions should the company take to meet these requirements? (Choose two.)

  1. Refactor the application as serverless with AWS Lambda functions running .NET Core.
  2. Rehost the application in AWS Elastic Beanstalk with the .NET platform in a Multi-AZ deployment.
  3. Replatform the application to run on Amazon EC2 with the Amazon Linux Amazon Machine Image (AMI).
  4. Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Amazon DynamoDB in a Multi-AZ deployment.
  5. Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Oracle on Amazon RDS in a Multi-AZ deployment.

Answer(s): B,E

Explanation:

Rehosting in Elastic Beanstalk with a Multi-AZ deployment preserves existing .NET app architecture and provides high availability, while migrating the Oracle database to Oracle on RDS (Multi-AZ) minimizes changes and maintains Oracle compatibility. This aligns with minimizing development changes and ensures HA across compute and database layers.
A) Refactoring to serverless would require substantial code changes and is not aligned with minimizing changes.
C) EC2 with Amazon Linux AMI would require OS/image changes and is not as compatible with a Windows/.NET on-prem setup.
D) Migrating to DynamoDB is a redesign and not suitable for the existing Oracle workloads.
E) Oracle on RDS in Multi-AZ preserves Oracle features and provides managed HA for the database.



A company runs a containerized application on a Kubernetes cluster in an on-premises data center. The company is using a MongoDB database for data storage. The company wants to migrate some of these environments to AWS, but no code changes or deployment method changes are possible at this time. The company needs a solution that minimizes operational overhead.
Which solution meets these requirements?

  1. Use Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 worker nodes for compute and MongoDB on EC2 for data storage.
  2. Use Amazon Elastic Container Service (Amazon ECS) with AWS Fargate for compute and Amazon DynamoDB for data storage
  3. Use Amazon Elastic Kubernetes Service (Amazon EKS) with Amazon EC2 worker nodes for compute and Amazon DynamoDB for data storage.
  4. Use Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Fargate for compute and Amazon DocumentDB (with MongoDB compatibility) for data storage.

Answer(s): D

Explanation:

F) Actually D is correct: EKS with Fargate provides serverless Kubernetes compute, minimizing operational overhead, and Amazon DocumentDB (MongoDB compatibility) offers MongoDB-compatible storage without managing a database engine. This matches no-code/low-ops migration while preserving Kubernetes workloads.
A) ECS with EC2 and MongoDB on EC2 requires managing MongoDB and compute capacity, increasing ops.
B) ECS with Fargate and DynamoDB changes data storage to a different database, not preserving MongoDB behavior.
C) EKS with EC2 and DynamoDB replaces MongoDB with a different store and requires managing nodes, increasing ops.



A telemarketing company is designing its customer call center functionality on AWS. The company needs a solution that provides multiple speaker recognition and generates transcript files. The company wants to query the transcript files to analyze the business patterns. The transcript files must be stored for 7 years for auditing purposes.
Which solution will meet these requirements?

  1. Use Amazon Rekognition for multiple speaker recognition. Store the transcript files in Amazon S3. Use machine learning models for transcript file analysis.
  2. Use Amazon Transcribe for multiple speaker recognition. Use Amazon Athena for transcript file analysis.
  3. Use Amazon Translate for multiple speaker recognition. Store the transcript files in Amazon Redshift. Use SQL queries for transcript file analysis.
  4. Use Amazon Rekognition for multiple speaker recognition. Store the transcript files in Amazon S3. Use Amazon Textract for transcript file analysis.

Answer(s): B

Explanation:

Amazon Transcribe supports automatic speech recognition with speaker diarization (multiple speaker recognition) and can produce transcript files that can be stored in S3 and later queried with tools like Athena for analysis. B is correct.
A is incorrect because Rekognition is for video/audio face/recognition and not suited for transcription; it does not provide native transcript analysis workflow with Athena. C is incorrect because Translate is for language translation, not transcription or diarization; Redshift is overkill and not suited for transcript analysis workflow. D is incorrect because Textract analyzes text from documents, not audio transcripts; Rekognition alone does not handle transcripts or analytics.



A company hosts its application on AWS. The company uses Amazon Cognito to manage users. When users log in to the application, the application fetches required data from Amazon DynamoDB by using a REST API that is hosted in Amazon API Gateway. The company wants an AWS managed solution that will control access to the REST API to reduce development efforts.
Which solution will meet these requirements with the LEAST operational overhead?

  1. Configure an AWS Lambda function to be an authorizer in API Gateway to validate which user made the request.
  2. For each user, create and assign an API key that must be sent with each request. Validate the key by using an AWS Lambda function.
  3. Send the user’s email address in the header with every request. Invoke an AWS Lambda function to validate that the user with that email address has proper access.
  4. Configure an Amazon Cognito user pool authorizer in API Gateway to allow Amazon Cognito to validate each request.

Answer(s): D

Explanation:

The correct answer is D. A Cognito user pool authorizer allows API Gateway to validate JWTs issued by Cognito, providing built-in, managed authentication with no extra Lambda code, aligning with the requirement to minimize operational overhead.
A is incorrect because a Lambda authorizer adds custom logic and maintenance; it increases overhead compared to built-in Cognito integration.
B is incorrect because API keys are not tied to user authentication and are not intended for per-user access control; this approach is unsuitable for scalable, secure user-level access.
C is incorrect because sending emails in headers and validating in Lambda is custom, brittle, and does not leverage managed authentication or token validation.



Share your comments for Amazon AWS Certified Solutions Architect - Associate exam with other users:

A
Anonymous User
4/15/2026 4:42:07 AM

Question 528:

  • Correct answer: NSG flow logs for NSG1 (Option B)

  • Why:
- Traffic Analytics uses NSG flow logs to analyze traffic patterns. You must have NSG flow logs enabled for the NSGs you want to monitor. - An Azure Log Analytics workspace is also required to store and query the traffic data. - Network Watcher must be available in the subscription for traffic analytics to function.
  • What to configure (brief steps):
- Ensure Network Watcher is enabled in the East US region (for the subscription/region). - Enable NSG flow logs on NSG1. - Ensure a Log Analytics workspace exists and is accessible (read/write) so Traffic Analytics can store and query logs.
  • Why other options aren’t correct:
- “Diagnostic settings for VM1” or “Diagnostic settings for NSG1” alone don’t guarantee flow logs are captured and sent to Log Analytics, which Traffic Analytics relies on. - “Insights for VM1” is not how Traffic Analytics collects traffic data.

A
Anonymous User
4/15/2026 2:43:53 AM

Question 23:
The correct answer is Domain admin (option B), not Fabric admin.

  • Domain admin provides domain-level management: create domains/subdomains and assign workspaces within those domains, which matches the tasks while following least privilege.
  • Fabric admin is global-level access and is more privileges than needed for this scenario (it would grant broader control across the Fabric environment).

A
Anonymous User
4/14/2026 12:31:34 PM

Question 2:
For question 2, the key concept is the Longest Prefix Match. Routers pick the route whose subnet mask is the most specific (largest prefix length) that still matches the destination IP.
From the options:

  • A) 10.10.10.0/28 ? 10.10.10.0–10.10.10.15
  • B) 10.10.13.0/25 ? 10.10.13.0–10.10.13.127
  • C) 10.10.13.144/28 ? 10.10.13.144–10.10.13.159
  • D) 10.10.13.208/29 ? 10.10.13.208–10.10.13.215

The destination Host A’s IP must fall within 10.10.13.208–10.10.13.215 for the /29 to be the best match. Since /29 is the longest prefix among the matching options, Router1 will use 10.10.13.208/29.
Thus, the correct answer is D.

S
srameh
4/14/2026 10:09:29 AM

Question 3:

  • Correct answer: Phase 4, Post Accreditation

  • Explanation:
- In DITSCAP, the four phases are: - Phase 1: Definition (concept and requirements) - Phase 2: Verification (design and testing) - Phase 3: Validation (fielding and evaluation) - Phase 4: Post Accreditation (ongoing operations and lifecycle management) - The description—continuing operation of an accredited IT system and addressing changing threats throughout its life cycle—fits the Post Accreditation phase, which covers operations, maintenance, monitoring, and reauthorization as threats and environment evolve.

O
onibokun10
4/13/2026 7:50:14 PM

Question 129:
Correct answer: CNAME

  • A CNAME record creates an alias for a domain, so newapplication.comptia.org will resolve to whatever IP address www.comptia.org resolves to. This ensures both names point to the same resource without duplicating the IP.
  • Why not the others:
- SOA defines authoritative information for a zone. - MX specifies mail exchange servers. - NS designates name servers for a zone.
  • Notes: The alias name (newapplication.comptia.org) should not have other records if you use a CNAME for it, and CNAMEs aren’t used for the zone apex (root) domain. This scenario uses a subdomain, so a CNAME is appropriate.

A
Anonymous User
4/13/2026 6:29:58 PM

Question 1:

  • Correct answer: C

  • Why this is best:
- Uses OS Login with IAM, so SSH access is granted via Google accounts rather than distributing per-user SSH keys. - Granting the compute.osAdminLogin role to a Google group gives admin access to all team members in a centralized, auditable way. - Access is auditable: Cloud Audit Logs show who accessed which VM, satisfying the security requirement to determine who accessed a given instance.
  • How it works:
- Enable OS Login on the project/instances (enable-oslogin metadata). - Add the team’s

A
Anonymous User
4/13/2026 1:00:51 PM

Question 2:

  • Answer: D. Azure Advisor

  • Why: To view security-related recommendations for resources in the Compute and Apps area (including App Service Web Apps and Functions), you use Azure Advisor. Advisor surfaces personalized best-practice recommendations across resources, including security, and shows which resources are affected and the severity.

  • Why not the others:
- Azure Log Analytics is for ad-hoc querying of telemetry, not for viewing security recommendations. - Azure Event Hubs is for streaming telemetry data, not for security recommendations.
  • Quick tip: In the portal, navigate to Azure Advisor and check the Security recommendations for App Services to see actionable items and affe

D
Don
4/11/2026 5:36:42 AM

Recommend using AI for Solutions rather the Answer(s) submitted here

M
Mogae Malapela
4/8/2026 6:37:56 AM

This is very interesting

A
Anon
4/6/2026 5:22:54 PM

Are these the same questions you have to pay for in ExamTopics?

L
LRK
3/22/2026 2:38:08 PM

For Question 7 - while the answer description indicates the correct answer, the option no. mentioned is incorrect. Nice and Comprehensive. Thankyou

R
Rian
3/19/2026 9:12:10 AM

This is very good and accurate. Explanation is very helpful even thou some are not 100% right but good enough to pass.

G
Gerrard
3/18/2026 6:58:37 AM

The DP-900 exam can be tricky if you aren't familiar with Microsoft’s specific cloud terminology. I used the practice questions from free-braindumps.com and found them incredibly helpful. The site breaks down core data concepts and Azure services in a way that actually mirrors the real test. As a resutl I passed my exam.

V
Vineet Kumar
3/6/2026 5:26:16 AM

interesting

J
Joe
1/20/2026 8:25:24 AM

Passed this exam 2 days ago. These questions are in the exam. You are safe to use them.

N
NJ
12/24/2025 10:39:07 AM

Helpful to test your preparedness before giving exam

A
Ashwini
12/17/2025 8:24:45 AM

Really helped

J
Jagadesh
12/16/2025 9:57:10 AM

Good explanation

S
shobha
11/29/2025 2:19:59 AM

very helpful

P
Pandithurai
11/12/2025 12:16:21 PM

Question 1, Ans is - Developer,Standard,Professional Direct and Premier

E
Einstein
11/8/2025 4:13:37 AM

Passed this exam in first appointment. Great resource and valid exam dump.

D
David
10/31/2025 4:06:16 PM

Today I wrote this exam and passed, i totally relay on this practice exam. The questions were very tough, these questions are valid and I encounter the same.

T
Thor
10/21/2025 5:16:29 AM

Anyone used this dump recently?

V
Vladimir
9/25/2025 9:11:14 AM

173 question is A not D

K
khaos
9/21/2025 7:07:26 AM

nice questions

K
Katiso Lehasa
9/15/2025 11:21:52 PM

Thanks for the practice questions they helped me a lot.

E
Einstein
9/2/2025 7:42:00 PM

Passed this exam today. All questions are valid and this is not something you can find in ChatGPT.

V
vito
8/22/2025 4:16:51 AM

i need to pass exam for VMware 2V0-11.25

M
Matt
7/31/2025 11:44:40 PM

Great questions.

O
OLERATO
7/1/2025 5:44:14 AM

great dumps to practice for the exam

A
Adekunle willaims
6/9/2025 7:37:29 AM

How reliable and relevant are these questions?? also i can see the last update here was January and definitely new questions would have emerged.

A
Alex
5/24/2025 12:54:15 AM

Can I trust to this source?

S
SPriyak
3/17/2025 11:08:37 AM

can you please provide the CBDA latest test preparation

C
Chandra
11/28/2024 7:17:38 AM

This is the best and only way of passing this exam as it is extremely hard. Good questions and valid dump.

AI Tutor 👋 I’m here to help!