Skip to main content
Cloud Computing ⭐ Premium ⭐ Featured

AWS Certified Solutions Architect - Associate (SAA-C03) - 340 Questions

By Webmaster Certland ❤️ 0 likes

Prepare for the AWS Certified Solutions Architect – Associate (SAA-C03) exam with 340 practice questions covering all 4 official domains. This question bank validates your ability to design cost-effective, secure, and highly available cloud architectures on AWS. Topics include designing resilient architectures, high-performing systems, secure applications and infrastructure, and cost-optimized solutions using services such as EC2, S3, RDS, VPC, IAM, Lambda, CloudFront, and Auto Scaling. SAA-C03 is one of the most sought-after AWS certifications globally, serving as the foundation for a career as an AWS Solutions Architect. On CertLand, all 340 questions are scenario-based and mapped to official exam domains, helping you build the confidence needed to pass on exam day.

🔒

Premium Content

This exam is exclusive to Premium users. Upgrade to get unlimited access!

Become Premium

👁️ Free Preview (5 of 340 questions)

1. A company is setting up AWS accounts for the first time and wants to follow IAM best practices. The security team requires that no one should use the root account for day-to-day operations and that all privileged actions must require an additional layer of verification. Which combination of actions should a solutions architect recommend? (Choose the most complete answer.)

A Enable MFA on the root account and create individual IAM users with least-privilege permissions for administrators.
B Share the root account credentials among trusted administrators to limit the number of accounts.
C Store root account credentials in AWS Secrets Manager and rotate them automatically every 30 days.
D Create root account access keys and distribute them only to senior engineers for critical tasks.

2. A solutions architect is designing an application where an Amazon EC2 instance needs to read objects from an Amazon S3 bucket in the same AWS account. The security team requires that no long-term credentials be stored on the instance. Which solution meets these requirements?

A Create an IAM user, generate access keys, and store them as environment variables on the EC2 instance.
B Create an IAM role with the required S3 permissions and attach it to the EC2 instance as an instance profile.
C Hardcode the IAM user access keys directly in the application code deployed on the EC2 instance.
D Store the IAM user access keys in an S3 bucket and have the EC2 instance download them at startup.

3. A company has a web application that allows users to sign in with their existing Google or Facebook accounts. The application must then provide these users with temporary AWS credentials to access a specific Amazon DynamoDB table. Which AWS service should be used to federate social identity providers and vend temporary credentials?

A Use Amazon Cognito User Pools to authenticate users and provide them with AWS temporary credentials.
B Use AWS IAM Identity Center to federate Google and Facebook identities and assign permission sets.
C Use Amazon Cognito Identity Pools to federate social identity providers and vend temporary AWS credentials.
D Use AWS Directory Service to create a managed directory that syncs with Google and Facebook user accounts.

4. A company needs to grant a third-party auditor access to specific AWS resources in the company's account. The auditor has their own AWS account. The company wants to follow security best practices and avoid sharing long-term credentials. Which approach should a solutions architect recommend?

A Create an IAM role in the company's account with a trust policy allowing the auditor's AWS account to assume it.
B Create an IAM user for the auditor in the company's account and share the access key ID and secret access key.
C Share the company's AWS Management Console URL and root account credentials with the auditor.
D Establish VPC peering between the company's account and the auditor's account to grant resource access.

5. A large enterprise uses AWS Organizations to manage 80 AWS accounts. The security team wants to ensure that no account in the organization can disable AWS CloudTrail, regardless of the permissions of any IAM user or role in those accounts. Which solution meets this requirement?

A Apply an IAM permission boundary to all IAM users and roles in each account that denies CloudTrail disable actions.
B Create an SCP at the organization root that explicitly denies CloudTrail disable and stop-logging actions.
C Enable an AWS Config rule in each account that detects CloudTrail being disabled and automatically re-enables it.
D Attach a resource-based policy to each CloudTrail trail that denies delete and stop-logging actions.

Want to test yourself for real?

Create a free account and run our exam simulation engine.

Free No credit card
  • Simulation engine
  • Up to 10 questions per attempt
  • Score & basic stats
Create free account Already have an account? Sign in
Best
Premium 7-day trial
  • All 340 questions
  • Detailed explanations
  • Smart Practice + Focus Mode
⭐ Start 7-day free trial

Information

Questions 340
Time 2h 10min
Difficulty Medium
Minimum Score 72.00%
🤍 Like

Related Exams

Free

AZ-900: Fundamentos do Microsoft Azure – 340 perguntas

340 questions · 1 attempts
Free

Praticante de nuvem certificado pela AWS (CLF-C02) - 340 Questoes

340 questions · 1 attempts
Free

Líder digital do Google Cloud (CDL) - 340 perguntas

340 questions · 0 attempts
Free

Practicante de nube certificado por AWS (CLF-C02) - 340 preguntas

340 questions · 0 attempts

Discussion

No comments yet. Be the first to start the discussion!

Sign in to join the discussion.