SAA-C03 Exam Dumps - AWS Certified Solutions Architect - Associate (SAA-C03)

BothAmazon KinesisandSQS FIFOqueues ensure the sequential processing of messages. By using the payment ID as the partition key in Kinesis or as the message group in the SQS FIFOqueue, messages are processed in order. Both solutions also allow for long-term retention (up to 10 days) of messages, making them suitable for this payment processing use case.

Option A (DynamoDB): DynamoDB does not guarantee message ordering for real-time processing.

Option C (ElastiCache): ElastiCache is for caching, not suitable for sequential message processing.

Option D (Standard SQS queue): A standard SQS queue does not guarantee ordering of messages.

AWS References:

Amazon Kinesis

Amazon SQS FIFO Queues

The correct answer is B because the company already runs the application on Kubernetes , and the application uses AMQP to communicate with a message queue. Amazon EKS is the AWS managed Kubernetes service, so migrating the containerized workload to Amazon EKS allows the company to preserve its existing Kubernetes-based deployment model while reducing the operational burden of managing the Kubernetes control plane. This is the most straightforward migration path for a Kubernetes application and avoids the need for significant re-architecture.

The messaging requirement is equally important. Because the application specifically uses AMQP , the best AWS managed service is Amazon MQ , which supports industry-standard messaging protocols including AMQP. This means the company can migrate the application with minimal code changes and without replacing the messaging pattern already built into the application.

Option A is incorrect because Amazon SQS does not support AMQP and would require application changes. Option C is incorrect because running the application on EC2 instances creates more infrastructure management overhead than using a managed container orchestration service. Option D is incorrect because AWS Lambda is not a natural fit for an existing containerized Kubernetes application that depends on AMQP-based messaging, and SQS again does not satisfy the AMQP requirement.

AWS architectural best practices favor managed services that minimize undifferentiated operational work. Amazon EKS reduces Kubernetes control plane management, and Amazon MQ preserves protocol compatibility. Together, they provide the required scalability on AWS with the least operational overhead while supporting the company’s current architecture.

To analyze the performance of the web application with granularity of no more than 2 minutes, enablingdetailed monitoringon EC2 instances is the best solution. By default, CloudWatch provides metrics at a 5-minute interval. Enabling detailed monitoring allows you to collect metrics at 1-minute intervals, which will give you the level of granularity you need to analyze performance during peak traffic.

Amazon CloudWatch metrics can then be used to analyze CPU utilization, memory usage, disk I/O, and network throughput, among other performance-related metrics, at the desired granularity.

Option A: Sending CloudWatch logs to Redshift for analysis is unnecessary and overcomplicated for simple performance analysis, which can be done using CloudWatch metrics alone.

Option C: Fetching EC2 logs via Lambda adds complexity, and CloudWatch metrics already provide the required data for performance analysis.

Option D: Sending logs to S3 and using Redshift for analysis is also more complex than necessary for simple performance monitoring.

AWS References:

Monitoring Amazon EC2 with CloudWatch

Amazon CloudWatch Detailed Monitoring

AWS Step Functions is the recommended service for orchestrating multi-step, long-running workflows with state tracking, retries, and external API calls. It reduces operational overhead by eliminating the need for custom orchestration logic.

API Gateway receiving work items and sending them to SQS (Option E) provides buffering, elasticity, and decoupling, ensuring immediate ingestion regardless of backend load.

Option A forces Lambda to handle long execution paths, which is not optimal for 30-minute tasks and multi-state workflows. Option C triggers Lambda directly without buffering. Option D uses fixed EC2 instances, which does not scale dynamically.

=====================================================

A Stored Volume Gateway stores the entire dataset locally on-premises while asynchronously and securely backing up the data to AWS. This meets the requirement for full local access and automatic transfer to AWS.

Cached Volume Gateway (Option C) keeps only frequently accessed data locally; the full dataset is stored in AWS, not on-premises.

Snowball and Snowball Edge (Options A and B) are migration tools, not ongoing backup solutions.

=====================================================

The correct answer is D because the company needs to authenticate users from an on-premises LDAP directory to the AWS Management Console , but the directory is not SAML-compatible . In this scenario, the AWS-recommended pattern is to use a custom identity broker that authenticates users against the existing LDAP directory and then requests temporary AWS credentials from AWS Security Token Service (AWS STS) . This enables federated access to AWS without creating long-term IAM user credentials for each person.

A custom identity broker serves as the intermediary between the non-SAML directory and AWS. After validating a user with LDAP, the broker can call AWS STS to issue short-lived credentials or console sign-in access. This approach preserves the use of the company’s existing identity source while meeting AWS security best practices for temporary credentials and centralized identity management.

Option A is incorrect because AWS IAM Identity Center typically relies on supported identity sources and federation methods, and the question explicitly states that the LDAP directory is not SAML-compatible. Option B is incorrect because IAM policies do not integrate directly into LDAP as an authentication mechanism. Option C is incorrect because rotating IAM credentials tied to LDAP changes still relies on long-term credentials and does not provide a proper federated sign-in model.

AWS federation guidance supports the use of a custom identity broker when an organization has a non-SAML-compatible identity system. Therefore, the best solution is to develop an on-premises custom identity broker that uses AWS STS to obtain short-lived credentials for AWS Management Console access.

Amazon EMR provides a managed big data framework that supports Apache Spark, which is ideal for distributed and compute-intensive data transformations. Managed scaling dynamically adjusts cluster resources, ensuring high performance with minimal management.

From AWS Documentation:

“Amazon EMR provides a managed environment for big data frameworks such as Apache Spark and Hadoop. With managed scaling, EMR automatically resizes clusters to meet workload demands.”

(Source: Amazon EMR Developer Guide)

Why B is correct:

Provides distributed parallel processing for large datasets.

Reduces operational overhead with managed scaling and auto-termination.

Integrates easily with S3, Glue, and ML pipelines.

Optimized for heavy ETL and analytics workloads.

Why others are incorrect:

A: Manual scaling and limited processing capacity.

C & D: Lambda has execution time and memory limits unsuitable for 30-minute compute-intensive tasks.

Comprehensive and Detailed 250 to 300 words of Explanation (AWS documentation-based, no links):

Routing requests to the “appropriate microservices” implies Layer 7 (HTTP/HTTPS) routing such as host-based or path-based rules (for example, /customers to one service and /orders to another). In EKS, the most direct and cost-efficient way to provide this style of routing is to use Kubernetes Ingress with the AWS Load Balancer Controller to provision an Application Load Balancer (ALB). An ALB natively supports HTTP/HTTPS request routing features (paths, hosts, headers), which map cleanly to microservices patterns and reduce the need for additional infrastructure components.

A Network Load Balancer (NLB) (Option A) is primarily Layer 4 and is best for TCP/UDP/TLS pass-through and ultra-high performance. It does not provide the same native HTTP path-based routing behavior required to steer requests between microservices based on URL structure, so it often forces you to add another routing layer (like an in-cluster ingress gateway), which can increase cost and operational complexity.

Option C is not an appropriate request routing mechanism; Lambda is compute, not an ingress/routing layer for EKS. Option D (API Gateway) can front services, but for simple microservice routing into EKS it typically adds per-request costs and additional configuration compared with using an ALB that is purpose-built for HTTP load balancing and routing. API Gateway is a great fit for API management features (throttling, usage plans, keys, transformations), but those are not requirements here.

Therefore, B is the most cost-effective and architecturally aligned solution for HTTP routing across EKS-hosted microservices using managed AWS-native ingress integration.