Amazon AWS

AWS Certified Solutions Architect – Associate

SAA-C03
Popular Trending

The AWS Certified Solutions Architect – Associate (SAA-C03) exam tests your ability to design distributed systems on AWS. It is one of the most sought-after certifications in the cloud domain.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 401–410 of 483

Q401

A company needs to improve the security of IAM user access keys. What strategy should they implement?

  • A Rotate keys regularly
  • B Leave them unchanged
  • C Use strong passwords only
  • D Share keys with trusted vendors
Explanation Regular key rotation improves security by minimizing risk, unlike the other options that offer poor practices.
Q402

You are configuring a VPC. What happens if you select 'Default Security Group'?

  • A Access is completely blocked
  • B All traffic is allowed
  • C All inbound traffic is denied
  • D Only traffic from the same group is allowed
Explanation The default security group allows only traffic from the same group, while others do not accurately describe its behavior.
Q403

Which AWS service allows you to run containerized applications with minimal management?

  • A AWS Fargate
  • B Amazon EC2
  • C AWS Lambda
  • D Amazon S3
Explanation AWS Fargate manages container execution, while others require more setup.
Q404

A company needs to analyze logs from multiple AWS accounts. What should they use?

  • A AWS CloudTrail
  • B Amazon Athena
  • C AWS Glue
  • D Amazon CloudWatch
Explanation Amazon Athena allows querying data across accounts without ingesting.
Q405

What happens when an Amazon S3 bucket policy denies access to IAM users?

  • A Access is granted to users
  • B Users can still access objects
  • C Access is denied
  • D Only specific users can access
Explanation A deny in the policy always takes precedence, blocking access.
Q406

Which service is best for serverless application deployment?

  • A AWS Lambda
  • B Amazon EC2
  • C Amazon RDS
  • D AWS Elastic Beanstalk
Explanation AWS Lambda runs code without provisioning servers, while others require infrastructure setup.
Q407

A company requires highly available archives with low retrieval frequency. What should they use?

  • A S3 Standard
  • B S3 Glacier
  • C EBS
  • D RDS
Explanation S3 Glacier is designed for infrequent access, unlike others meant for frequent access.
Q408

What happens when an IAM user is deleted?

  • A User permissions are lost only
  • B Associated resources are deleted
  • C User's policies remain intact
  • D Access keys become invalid
Explanation Access keys are immediately invalidated upon user deletion, while other changes are not applicable.
Q409

Which service allows you to create serverless applications?

  • A AWS Lambda
  • B Amazon EC2
  • C AWS Elastic Beanstalk
  • D Amazon RDS
Explanation AWS Lambda allows execution of code without provisioning servers; EC2 requires managing servers, Elastic Beanstalk is more PaaS, and RDS is for databases.
Q410

A company needs to securely share S3 data across AWS accounts. What should they use?

  • A IAM Policy
  • B S3 Bucket Policy
  • C VPC Peering
  • D CloudFront
Explanation S3 Bucket Policies can define access controls for shared resources across accounts; IAM Policies are user-specific, VPC Peering is for networking, and CloudFront is for content delivery.