AWS Solutions Architect Associate SAA-C03 Sample Questions - Practice Test ( 2026 )

1. TRUE

2. FALSE

3. False, Amazon Route 53 automatically creates it for you.

4. True, only if you send an XML document with a CreateHostedZoneRequest element for TLD.

1. Data in the instance store will be lost.

2. Data persists in the instance store.

3. Data is deleted from the instance store for security reasons.

4. Data is partially present in the instance store.

1. The total volume of data and number of archives you can store are unlimited.

2. The total volume of data is unlimited but the number of archives you can store are limited.

3. The total volume of data is limited but the number of archives you can store are unlimited.

4. The total volume of data is limited and the number of archives you can store are limited.

1. A user should manually create a launch configuration before creating an Auto Scaling group.

2. Auto Scaling automatically creates a launch configuration directly from an EC2 instance

3. The launch configuration should be created manually from the AWS CLI.

4. The launch configuration can be created only using the Query APIs.

1. 4

2. 16

3. 8

4. 256

1. It has high performance at scale as data and query complexity grows.

2. It prevents reporting and analytic processing from interfering with the performance of OLTP workloads.

3. You don't have the administrative burden of running your own data warehouse and dealing with setup, durability, monitoring, scaling, and patching.

4. All answers listed are a reasonable response to his QUESTION

1. Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3.

2. Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3 but you can change it to AES-256 if you are willing to pay more.

3. Amazon Glacier automatically encrypts the data using AES-256, the same as Amazon S3.

4. There is no encryption on Amazon Glacier, that's why it is cheaper.

1. Amazon Redshift

2. Amazon RDS

3. Amazon SimpIeDB

4. Amazon EIastiCache

1. AWS C|oudHSM

2. AWS VPN CIoudHub

3. Amazon C|oudFront

4. AWS Direct Connect

1. Instances that you launch into a default subnet receive a public IP address and 10 private IP addresses.

2. Instances that you launch into a default subnet receive a public IP address and 5 private IP addresses.

3. Instances that you launch into a default subnet receive both a public IP address and a private IP address.

4. Instances that you launch into a default subnet don't receive any ip addresses and you need to define them manually.

1. 1000

2. 900

3. 950

4. 990

1. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.

2. Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy.

3. Create a S3 bucket policy that lists the C|oudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).

4. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.

1. DB Parameter Groups

2. Multi-AZ DB Instance deployment

3. Database Snapshots

4. Read Replicas

1. Amazon SNS store

2. Amazon Instance Store

3. Amazon AppStream store

4. None of these

1. No, neither increment nor decrement operations.

2. Yes, both increment and decrement operations.

3. Only decrement, since increment are inherently impossible with DynamoDB's data mode

4. Only increment, since decrement are inherently impossible with DynamoDB's data model.

1. Amazon ENIR customers can choose to send data to Amazon S3 using the HTTPS protocol for secure transmission.

2. Every packet sent in the AWS network uses Internet Protocol Security (IPsec).

3. Customers may encrypt the input data before they upload it to Amazon S3.

4. Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access.

1. Using ipconfig

2. Using instance metadata

3. Using tags

4. Using traceroutes

1. Gateway-stored enables you to configure youron-premises gateway to store all your data locally and then asynchronously back up point-in-time snapshots of this data to Amazon S3.

2. Gateway-cached lets you store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets local

3. Gateway-stored lets you store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets local

4. Gateway-cached enables you to configure youron-premises gateway to store all your data locally and then asynchronously back up point-in-time snapshots of this data to Amazon S3.

5. Gateway-cached is free whilst gateway-stored is not.

6. Gateway-cached is up to 10 times faster than gateway-stored.

1. Appstream customizations

2. customized deployments

3. MuIti-AZ deployments

4. log events

1. AWS CloudFormation

2. Amazon Route 53

3. AWS Import/Export

4. Amazon CloudWatch

1. No, you cannot attach EBS volumes to an instance.

2. Yes, they do but only if they are detached from the instance.

3. Yes, they do.

4. No, they are dependent.

1. token

2. endpoint

3. None of these

4. Action

1. Define network interfaces, and attach one or more network interfaces to your instances

2. Change security group membership for your instances while they're running

3. All of the things listed here.

4. Assign static private IP addresses to your instances that persist across starts and stops

1. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.

2. Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your data as it writes it to disks.

3. In server-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools.

4. Amazon S3 server-side encryption employs strong multi-factor encryption.

1. No, CIoudFormation doesn’t support any tagging

2. It depends if the Amazon EC2 tagging has been defined in the template

3. No, it doesn’t support Amazon EC2 tagging

4. Yes, AWS CIoudFormation supports Amazon EC2 tagging

1. Frequent snapshots provide a higher level of data durability and they will not degrade the performance of your application while the snapshot is in progress.

2. There is a relationship between the maximum performance of your EBS volumes, the amount of I/O you are drMng to them, and the amount of time it takes for each transaction to complete.

3. General Purpose (SSD) and Provisioned IOPS (SSD) volumes have a throughput limit of 128 MB/s per volume.

4. There is a 5 to 50 percent reduction in IOPS when you first access each block of data on a newly created or restored EBS volume

1. Invocation role

2. Dynamic role

3. Event Source role

4. Execution role

1. An edge location is referred to the network configured within a Zone or Region

2. An edge location is the location of the data center used for Amazon CIoudFront.

3. An edge location is an AWS Region

4. An edge location is a Zone within an AWS Region

1. Subnet's traffic is not routed to an internet gateway.

2. Subnet's traffic is routed to an internet gateway.

3. None of these answers can be considered a public subnet.

4. Subnet's traffic is not routed to an internet gateway but has its traffic routed to a virtual private gateway.

1. Make sure you submit a separate job request for each device.

2. Make sure your disks are encrypted prior to shipping.

3. Make sure your disks are 1TB or more.

4. Make sure you format your disks prior to shipping.

1. INSUFFICIENT_DATA

2. ALARM

3. STATUS_CHECK_FAILED

4. OK

1. A container instance

2. A task definition

3. A container

4. A cluster

1. Updates to your DB Instance are asynchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

2. Updates to your DB Instance are synchronously replicated across S3 to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

3. Your database will not resume operation without manual administrative intervention.

4. Updates to your DB Instance are synchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

1. Because all EC2 instances are unreachable for 20 minutes when first launched

2. Because all EC2 instances are unreachable for 20 minutes every day when AWS does routine maintenance

3. Because of all the reasons listed here

4. Because most reachability issues are resolved by automated processes in less than 20 minutes

1. You can't improve load and response times to user actions and queries but you can reduce the cost associated with scaling web applications.

2. You can improve load and response times to user actions and queries however the cost associated with scaling web applications will remain the same.

3. You can improve load and response times to user actions and queries and also reduce the cost associated with scaling web applications.

4. You can improve load and response times to user actions and queries however the cost associated with scaling web applications will be more.

1. No, the snapshot would turn off your instance automatically.

2. No

3. Yes

4. No, you only need to shutdown an instance before deleting it.

1. View, download, or watch database log files using the Amazon RDS console or Amazon RDS API

2. Use the free Amazon CloudWatch service to monitor the performance and health of a DB instance.

3. All of the items listed will track the performance and health of a database.

4. You can also query some database log files that are loaded into database tables.

5. Subscribe to Amazon RDS events to be notified when changes occur with a DB instance, DB snapshot, DB parameter group, or DB security group.

1. IAM policies

2. DB security groups

3. EC2 security groups

4. None of these

1. Configure the security group of both instances in the ingress rule of the RDS security group

2. Configure the security group of the US East region to allow traffic from the US West region’s instance and configure the RDS security group’s ingress rule for the US East EC2 group

3. It is not possible to access RDS of the US East region from the US West region

4. Configure the US West region’s security group to allow a request from the US East region’s instance and configure the RDS security group’s ingress rule for the US East EC2 group

1. All the options listed her.

2. Data snapshot.

3. Data replication.

4. Data encryption.

1. A predictable and scalable MySQL database

2. A fast and reliable PL/SQL database cluster

3. A fast, highly scalable managed NoSQL database service

4. A standalone Cassandra database, managed by Amazon Web Services

   
   

1. It can export from Amazon S3

2. It can Import to Amazon EBS

3. It can export from Amazon Glacier.

4. It can Import to Amazon Glacier

1. Active-active-passive and other mixed configuration

2. Active-passive failover.

3. None. Route 53 can’t failover.

4. Active-active failover.

1. You change a static parameter in a DB parameter group.

2. You change the DB instance class, and Apply Immediately is set to false.

3. You change storage type from standard to PIOPS, and Apply Immediately is set to true.

4. You change the backup retention period for a DB instance from 0 to a nonzero value or from a nonzero value to 0, and Apply Immediately is set to false.

1. Yes, they are automatically made public by the system.

2. Yes, but only for US-based providers.

3. No, they cannot be made public.

4. Yes, they can be public.

1. Because they provide unrestricted access to your AWS resource.

2. Because the root access keys will expire as soon as you log out.

3. Because the root access keys are the same for all users.

4. Because the root access keys expire after 1 week.

1. AWS reformats the disks and uses them again.

2. AWS uses the techniques detailed in DoD 5220.22-M to destroy data as part of the decommissioning process.

3. AWS uses a 3rd party security organization to destroy data as part of the decommissioning process.

4. AWS uses their own proprietary software to destroy data as part of the decommissioning process.

1. Yes.

2. Yes, but only for small db instances.

3. Yes, but you need to request the service from AW

4. No.

1. Amazon RDS

2. Amazon SimpIeDB

3. Amazon DynamoDB

4. Amazon Redshift

1. Add a bucket policy to the bucket.

2. Move the files to a new bucket.

3. Move the bucket to a new region

4. Use Amazon EBS instead of S3

1. Proxy protocol

2. Connection draining

3. Tagging

4. Sticky session

1. Hadoop is an open-source python web framework

2. Hadoop is 3rd Party software which can be installed using AMI

3. Hadoop is an open-source Java software framework

4. Hadoop is an open-source JavaScript framework

1. Magnetic or Provisioned IOPS (SSD)

2. Magnetic

3. Any, as they all perform the same and cost the same.

4. General Purpose (SSD)

1. It is a group of EC2 instances within a single Availability Zone.

2. It is the AWS region where you run the EC2 instance of your web content.

3. It is a group used to span multiple Availability Zone

4. It the edge location of your web content.

1. EBS backed instance with low utilized reserved instance pricing.

2. EBS backed instance with on-demand instance pricing.

3. Instance store backed instance with spot instance pricing.

4. EBS backed instance with heavy utilized reserved instance pricing.

1. HTTP

2. ICMP

3. HTTPS

4. IPv6

1. Amazon SWF

2. Amazon SES

3. Amazon CIoudSearch

4. Amazon AppStream

1. A scalable service is capable of handling heterogeneity.

2. A scalable architecture won't be cost effective as it grows.

3. Increasing resources results in a proportional increase in performance.

4. A scalable service is resilient.

1. A placement group can span peered VPCs

2. A placement group can span multiple Availability Zones.

3. Although launching multiple instance types into a placement group is possible, this reduces the likelihood that the required capacity will be available for your launch to succeed.

4. You can't move an existing instance into a placement group.

1. In VPC, once instance is launched with Security Group, it cannot be changed.

2. In EC2 Classic, once instance is launched with Security Group, it cannot be changed.

3. User can add custom allow or deny rules in Security Group.

4. Every instance must be associated with Security Group.

1. snapshots

2. mirrors

3. instance backups

4. images 

1. 6 Months upon signup

2. Forever

3. 12 Months upon signup

4. 1 Month upon signup

1. VPC security groups, and EC2 security groups.

2. EC2 security groups only.

3. DB security groups only.

4. DB security groups, VPC security groups, and EC2 security groups

1. Exadata Database Machine, Real Application Clusters (RAC), Data Guard, Table and Index Partitioning, and Data Pump Compression

2. Instances, Amazon Machine Images (AMIs), Key Pairs, Amazon EBS Volumes, Firewall, Elastic IP address, Tags, and Virtual Private Clouds (VPCs)

3. Exadata Database Machine, Optimized Storage Management, Flashback Technology, and Data Warehousing

4. Real Application Clusters (RAC), Elasticache Machine Images (EMIs), Data Warehousing, Flashback Technology, Dynamic IP address

1. Connect multiple volumes and stripe them with RAID 6 configuration.

2. Attach one more volume with RAID 1 configuration.

3. Attach one more volume with RAID 0 configuration.

4. Use the EBS volume as a root device.

1. Amazon CIoudFront

2. Amazon Glacier

3. Amazon EBS

4. Amazon S3

1. AWS Simple Notification Service

2. AWS Elastic Transcoder

3. AWS Glacier

4. AWS Simple Queue Service

1. As many as you nee

2. 4

3. 16

4. 2

1. Yes, EC2 Container Service supports any container service you need.

2. No, Docker is the only container platform supported by EC2 Container Service presently.

3. Yes, EC2 Container Service also supports Microsoft container service.

4. Yes, EC2 Container Service supports Microsoft container service and OpenStack.

1. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purpose.

2. Private IP address 10.201.31.6 is not part of the associated subnet's IP address range.

3. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.

4. Private address IP 10.201.31.6 is currently assigned to another interface.

1. as full hours

2. per minute used

3. by combining partial segments into full hours

4. per second used in the hour

1. All services support resource-level permissions for all actions

2. Resource-level permissions are supported by Amazon CIoudFront

3. Some services support resource-level permissions only for some action

4. All services support resource-level permissions only for some actions

1. You can use multiple layers of security, including security groups and network access control lists (ACL).

2. You can use multiple layers of security, including security groups, network access control lists (ACL) and CIoudHSM.

3. You can only use access control lists (ACL).

4. You don't need any security in subnets.

1. STARTING

2. RUNNING

3. STOPPED

4. WAITING

1. The user can zoom a particular period by specifying the aggregation data for that period

2. The user can zoom a particular period by specifying the period in the Time Range

3. The user can zoom a particular period by selecting that period with the mouse and then releasing the mouse

4. The user can zoom a particular period by double clicking on that period with the mouse

It’s an entry-level cloud certification from AWS that validates your ability to design distributed systems on the AWS platform.

Yes, it remains one of the most valuable cloud certifications for building foundational knowledge and boosting career prospects.

Aspiring cloud architects, developers, IT admins, and professionals wanting to validate their AWS design skills should consider it.

As of 2025, the current exam version is SAA-C03.

It’s moderately challenging and requires a solid understanding of AWS services, architecture principles, and real-world scenarios.

The official exam code is SAA-C03.

The exam has 65 questions in total.

Expect multiple choice and multiple response questions that test real-world cloud scenarios.

The passing score is 720 out of 1000.

The exam duration is 130 minutes.

Use CertiMaan’s practice tests and follow AWS’s official training paths and whitepapers.

CertiMaan’s dumps and mock exams, and AWS official study guides and online training materials are most effective.

Yes. AWS offers sample questions and CertiMaan provides free and premium practice sets.

Yes, self-study using CertiMaan resources and AWS whitepapers can be enough with dedication.

Most learners take 4 to 8 weeks, depending on prior experience.

Yes, CertiMaan offers high-quality dumps and mock exams aligned with the latest syllabus.

Focus on networking, storage, compute services, cost optimization, security, and best practice architecture design.

The exam fee is $150 USD.

Register through the AWS Certification portal using your AWS account.

Yes, the exam is available online via Pearson VUE or PSI proctoring services.

You can retake the exam after 14 days by paying the full fee again.

There is no limit to retakes, but each attempt requires full payment.

It is valid for three years.

You must retake the latest version of the exam before expiration.

Yes, it expires after three years if not renewed.

You can work as a Cloud Architect, Solutions Architect, Cloud Engineer, or AWS Consultant.

Certified professionals earn between $110,000 and $140,000 annually on average.

Yes, it’s ideal for those starting in cloud computing and AWS.

Absolutely. It demonstrates validated skills in designing reliable AWS-based solutions.

Top companies like Amazon, Deloitte, Accenture, Capgemini, Infosys, and startups actively hire certified professionals.