A few real items from the SAA-C03 bank
These are full-fidelity questions with the same rationale treatment every paid item gets. No teaser, no watermark.
Scoping S3 bucket access for a single team
A small analytics team needs read access to objects inside a single S3 bucket. The objects are not public and must remain private to the organization. The architect wants to follow the principle of least privilege. Which approach is the MOST appropriate first step?
Pick a choice to reveal the rationale.
Protecting sensitive data at rest in S3
A company stores customer PII in a new S3 bucket. Regulatory requirements mandate that all objects be encrypted at rest with keys that the company can rotate and audit. The team wants the LEAST operational burden while keeping auditability. Which choice best satisfies these requirements?
Pick a choice to reveal the rationale.
Choosing between security groups and NACLs
An architect must block an abusive single IP from reaching any instance in a VPC, even before the traffic arrives at the instance. Which construct is the most direct fit?
Pick a choice to reveal the rationale.
Storing database credentials for a Lambda function
A Lambda function needs to read a database password on cold start. The team wants automatic rotation of the password and a clear audit trail for every read. Which service fits best?
Pick a choice to reveal the rationale.
Granting EC2 permissions without long-lived keys
An EC2 instance runs an application that must call S3 and DynamoDB. The security team forbids storing AWS access keys on the instance. What is the standard solution?
Pick a choice to reveal the rationale.
Like what you see?
Create a free account to access 25 items on the sample bank and build a study plan, or start an Access subscription to unlock the full bank and mock exams.