SAA-C03 Exam Dumps - AWS Certified Solutions Architect - Associate (SAA-C03)

To ensure ALB access only via CloudFront, AWS prescribes restricting the origin to traffic from CloudFront. For ALB origins, the standard pattern is to allow inbound to the ALB only from CloudFront edge IP ranges using security groups or ALB listener rules. Network ACLs are coarse and stateless and add operational burden. CloudFront does not have a “VPC origin” object; instead, CloudFront references the ALB DNS name. By limiting the ALB’s security group to CloudFront IP ranges, direct client access to the ALB is blocked while CloudFront remains permitted. This aligns with security best practices to “restrict origin access to only CloudFront” and use SGs for instance/ALB layer controls.

DynamoDB Accelerator (DAX) is a fully managed, in-memory cache for DynamoDB that delivers up to a 10x performance improvement—even at millions of requests per second. DAX requires minimal changes to existing applications and offloads the read workload from DynamoDB during report generation.

Reference Extract:

" DAX provides in-memory acceleration for DynamoDB tables, reducing response times from milliseconds to microseconds with minimal application changes. "

Source: AWS Certified Solutions Architect – Official Study Guide, DynamoDB and Performance section.

AWS Transit Gateway is purpose-built for large-scale, hub-and-spoke network architectures. It simplifies connectivity between multiple VPCs and on-premises environments, which is ideal for managing hundreds of VPCs.

“AWS Transit Gateway enables you to connect your VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships.”

— Transit Gateway Documentation

Features:

Scales to thousands of VPCs.

Integrates with AWS Direct Connect via Direct Connect Gateway.

Centralized routing control.

Incorrect Options:

A: VPC endpoints are for private access to AWS services—not VPC-to-VPC connectivity.

C: Route 53 is DNS, not a network transport layer.

D: Secrets Manager is for secret storage, not networking.

The most cost-effective way to provide consistent SQL query performance on a heavily structured dataset, where some data is accessed more frequently, is to use Amazon Redshift as your main data warehouse for hot data and Amazon Redshift Spectrum to query cold data that remains in S3. With this approach, frequently queried data is loaded into Redshift for fast, consistent querying, while infrequently accessed data is left in S3 and accessed on demand via Spectrum, avoiding unnecessary data warehousing costs. Amazon Kinesis Data Firehose provides an easy and scalable way to ingest streaming data directly to both S3 and Redshift.

AWS Documentation Extract:

" Amazon Redshift Spectrum allows you to run queries against exabytes of data in Amazon S3 without loading or transforming the data. Load hot data into Redshift for fast access and query cold data in S3 with Spectrum, optimizing both cost and performance. "

(Source: Amazon Redshift documentation, Spectrum)

A: Athena is good for ad hoc queries but not for consistent, high-performance SQL workloads.

B, C: Loading all data into Redshift is not cost-effective if some data is infrequently accessed.

Amazon S3 Multi-Region Access Points allow applications to access S3 buckets in multiple Regions through a single global endpoint. This provides active-active read access with automatic routing to the closest bucket for low latency. With cross-Region replication, writes in the primary Region are automatically copied to the secondary Region, providing fault tolerance. Option A (CloudFront) provides caching and distribution, but does not address write replication or active-active bucket access. Option B (Transfer Acceleration) optimizes uploads across distances but does not enable cross-Region fault tolerance. Option C (AWS Backup) is designed for backup/restore, not real-time multi-Region reads and writes. Therefore, D is the correct solution for active-active read access and disaster recovery.

A spread placement group is designed to deploy each instance on distinct underlying hardware, reducing the risk of simultaneous failures. By spreading instances across multiple Availability Zones, you achieve high availability and fault tolerance, meeting the 99.99% uptime requirement. Spread placement groups are ideal for critical applications that require maximum resilience to single hardware failures. Neither cluster nor partition strategies offer the same guarantee of separation combined with cross-AZ distribution.

Reference Extract from AWS Documentation / Study Guide:

" Spread placement groups are recommended for applications that have a small number of critical instances that should be kept separate from each other. Instances in a spread placement group are placed on distinct underlying hardware, and when deployed across multiple Availability Zones, provide high availability. "

Source: AWS Certified Solutions Architect – Official Study Guide, Compute and High Availability section; Amazon EC2 Placement Groups Documentation.

The application is described as stateful, which means user sessions or state are likely stored in memory on the application server. When migrating to an Auto Scaling group behind a load balancer, a consistent user experience typically requires session stickiness, so a user’s subsequent requests continue to be routed to the same backend instance that holds their session state (unless the application is refactored to externalize session state, which is not stated here). For HTTP/HTTPS web applications, an Application Load Balancer (ALB) is the correct Elastic Load Balancing choice because it operates at Layer 7 and provides built-in support for cookie-based sticky sessions.

On the database side, Aurora PostgreSQL supports scaling read capacity by adding Aurora Replicas, and Aurora Auto Scaling can automatically adjust the number of replicas based on demand. This is the intended mechanism to scale the database tier for growing read traffic while preserving write consistency through a single writer. “Aurora writers” do not scale horizontally the same way; Aurora provides one writer endpoint at a time (with fast failover), so auto-scaling “writers” is not the right construct for demand-based scaling.

Option C combines the correct load balancer type (ALB) with stickiness and the correct database scaling mechanism (Aurora Replicas with auto scaling). Option A uses an NLB, which is Layer 4 and does not provide the same Layer 7 sticky session behavior expected for a web application pattern. Options B and D incorrectly focus on scaling Aurora writers, which does not address scaling demand patterns as effectively as scaling read replicas.

Therefore, C provides the most consistent user experience for a stateful web tier and enables the database tier to scale using Aurora Replica auto scaling.

Amazon Athena enables serverless SQL queries directly on S3 objects, eliminating the need to download or preprocess data. EMR adds operational overhead, and API Gateway/ElastiCache are not data lake query engines.