Skip to main content
Cloud Computing ⭐ Premium ⭐ Featured

AWS Certified Solutions Architect Associate - SAA-C03

By Webmaster Certland English 📝 380 questions ❤️ 0 likes

Practice exam for the AWS Certified Solutions Architect - Associate (SAA-C03) certification. Covers secure architectures, resilient architectures, high-performing architectures, and cost-optimized architectures based on the AWS Well-Architected Framework. 380 scenario-based questions with detailed explanations.

⭐ Premium Updated Mar 2026

Unlock all 380 AWS Certified Solutions Architect Associate - SAA-C03 questions

Full simulation · Detailed explanations · Unlimited attempts

  • 380 questions — ~5 full-length simulations
  • Detailed explanations — why each answer is right or wrong
  • Unlimited attempts — retake as many times as needed
  • Smart Practice + Focus Mode + no ads
380
Questions
All certifications
from $4.90/mo
⭐ Get Premium — $4.90/mo ▶ Try 5 questions free

Sample Questions — AWS Certified Solutions Architect Associate - SAA-C03

5 free sample questions from this practice exam. Correct answers are highlighted.

1. A company is setting up AWS accounts for the first time and wants to follow IAM best practices. The security team requires that no one should use the root account for day-to-day operations and that all privileged actions must require an additional layer of verification. Which combination of actions should a solutions architect recommend? (Choose the most complete answer.)

A Enable MFA on the root account and create individual IAM users with least-privilege permissions for administrators. ✓ Correct
B Share the root account credentials among trusted administrators to limit the number of accounts.
C Store root account credentials in AWS Secrets Manager and rotate them automatically every 30 days.
D Create root account access keys and distribute them only to senior engineers for critical tasks.

2. A solutions architect is designing an application where an Amazon EC2 instance needs to read objects from an Amazon S3 bucket in the same AWS account. The security team requires that no long-term credentials be stored on the instance. Which solution meets these requirements?

A Create an IAM user, generate access keys, and store them as environment variables on the EC2 instance.
B Create an IAM role with the required S3 permissions and attach it to the EC2 instance as an instance profile. ✓ Correct
C Hardcode the IAM user access keys directly in the application code deployed on the EC2 instance.
D Store the IAM user access keys in an S3 bucket and have the EC2 instance download them at startup.

3. A company has a web application that allows users to sign in with their existing Google or Facebook accounts. The application must then provide these users with temporary AWS credentials to access a specific Amazon DynamoDB table. Which AWS service should be used to federate social identity providers and vend temporary credentials?

A Use Amazon Cognito User Pools to authenticate users and provide them with AWS temporary credentials.
B Use AWS IAM Identity Center to federate Google and Facebook identities and assign permission sets.
C Use Amazon Cognito Identity Pools to federate social identity providers and vend temporary AWS credentials. ✓ Correct
D Use AWS Directory Service to create a managed directory that syncs with Google and Facebook user accounts.

4. A company needs to grant a third-party auditor access to specific AWS resources in the company's account. The auditor has their own AWS account. The company wants to follow security best practices and avoid sharing long-term credentials. Which approach should a solutions architect recommend?

A Create an IAM role in the company's account with a trust policy allowing the auditor's AWS account to assume it. ✓ Correct
B Create an IAM user for the auditor in the company's account and share the access key ID and secret access key.
C Share the company's AWS Management Console URL and root account credentials with the auditor.
D Establish VPC peering between the company's account and the auditor's account to grant resource access.

5. A large enterprise uses AWS Organizations to manage 80 AWS accounts. The security team wants to ensure that no account in the organization can disable AWS CloudTrail, regardless of the permissions of any IAM user or role in those accounts. Which solution meets this requirement?

A Apply an IAM permission boundary to all IAM users and roles in each account that denies CloudTrail disable actions.
B Create an SCP at the organization root that explicitly denies CloudTrail disable and stop-logging actions. ✓ Correct
C Enable an AWS Config rule in each account that detects CloudTrail being disabled and automatically re-enables it.
D Attach a resource-based policy to each CloudTrail trail that denies delete and stop-logging actions.

Want to test yourself for real?

Create a free account and run our exam simulation engine.

Free No credit card
  • Simulation engine
  • Up to 10 questions per attempt
  • Score & basic stats
Create free account Already have an account? Sign in
Best
Premium Premium
  • All 380 questions
  • Detailed explanations
  • Smart Practice + Focus Mode
⭐ Get Premium

Information

Questions 380
Time 2h 10min
Difficulty Medium
Minimum Score 72.00%
▶ Try 5 questions — no account needed ⭐ Unlock all questions — Premium 🤍 Like

💰 ROI

Official exam $150.00
CertLand $4.90/mo
Prepare for $150 for less than a coffee/mo

Related Exams

Free

AZ-900: Fundamentos do Microsoft Azure – 340 perguntas

340 questions · Português
Free

Praticante de nuvem certificado pela AWS (CLF-C02) - 340 Questoes

340 questions · Português
Free

Líder digital do Google Cloud (CDL) - 340 perguntas

340 questions · Português
Free

Líder digital de Google Cloud (CDL) - 340 preguntas

340 questions · Español

Discussion

No comments yet. Be the first to start the discussion!

Sign in to join the discussion.