Welcome to AWS Certified Solutions Architect (SAA-C03)
AWS certification test score and correct answers are provided at end of quiz.
1.
For encrypted EBS volumes with automatic key rotation, which is the best option?
2.
How is traffic routed when default VPC endpoints are deployed?
3.
A development team wants to allow temporary access to an S3 bucket from a CI/CD pipeline running outside AWS, without sharing long-term credentials.
4.
Security teams want a centralized dashboard of all security findings (threats, compliance issues, vulnerabilities) across multiple AWS accounts. Which service provides this capability?
5.
You want your Route 53 DNS to automatically route traffic to a healthy endpoint during regional failures. Which routing policy should you use?
6.
A company wants to prevent accidental deletion of critical S3 objects. They require a solution that enforces multi-factor authentication for delete operations. What is the recommended solution?
7.
A company runs a critical RDS database in one Availability Zone (AZ) and wants to improve availability in case of an AZ failure. They require automatic failover and minimal downtime. Which configuration should they implement?
8.
Select three IAM best practices?
9.
Your VPCs in multiple accounts need to communicate with each other using a central routing hub instead of managing many peering connections. Which AWS service simplifies this architecture?
10.
Your web application experiences occasional DDoS attempts at the network layer. You want automatic protection without requiring manual intervention. Which service provides this capability?
11.
A web application is accessible over the internet. The security team wants to protect it against automated bots and web application attacks, such as SQL injection, XSS, and scraping. Which AWS service combination best meets this requirement?
12.
A company uses multiple EC2 instances in private subnets to host sensitive applications. The security team wants to ensure all outbound traffic is monitored and restricted, and only approved patch repositories are accessible. Which solution best meets this requirement?
13.
A company wants to ensure its SaaS application communicates with AWS services privately without traversing the public internet. What is the best solution?
14.
Where should a NAT Gateway be deployed to allow private subnet instances to access the Internet?
15.
Your organization has multiple VPN tunnels to AWS. They want to ensure that if one tunnel fails, traffic automatically reroutes through the backup. Which design features improve VPN resilience? (Choose TWO)
