AWS Certified Solutions Architect - Associate (SAA-C03) Exam Overview
To assist in your preparations for the exam, it is worth looking at both the format of the exam and the topics that will be covered. This can guide you through your revision by allowing you to focus on the areas you are least confident in.
In this section, you are going to read about the following:
- Exam format: What type of questions here are and how long you will have during the exam
- Exam domains: The areas you will be tested on during the exam
First, let’s look at the exam format so you know what to expect after you have booked the exam.
Exam Format
All AWS exams are taken electronically, either at a test center or remotely via an online proctoring session.
The exam lasts 130 minutes and there will be 65 questions. If English is your second language or you have a disability that may impact your ability to complete the exam in 130 minutes, you can request an additional 30 minutes of exam time.
The pass mark will vary slightly between each exam, but the minimum will always be 720 out of 1,000. This variation is due to the questions being rated with varying difficulty, so they are weighted for fairness. As a rough guide, a pass should be obtained by answering 50 questions correctly.
Each exam has 15 questions that are not scored. These are used to evaluate questions for future versions of the exam. These unscored questions are not identified in the exam, so you should answer every question.
You are not penalized for incorrect answers and therefore you should attempt to answer all questions, even if you do not know the answer.
When you start the exam, you will first need to confirm your details, check that you have the right exam, and then sign a Non-Disclosure Agreement (NDA) that you will not share the exam questions. Once this is done, you will be given a brief overview of the exam and shown how to navigate through the screens.
The majority of the questions are situational, requiring you to be able to interpret the question to work out the correct answer.
The questions are all multiple choice, with two different styles:
- Multiple choice: One correct answer and three incorrect answers.
- Multiple answer: Two or more correct answers out of five or more options. The question will state how many answers are expected.
You can mark any questions for review at the end.
At the end of the exam, there is a survey about the exam and your preparation for it. You must complete this before receiving your exam result.
You will not typically receive your pass or fail result immediately, and you will only receive your full results and score once they have been verified. This verification normally takes three working days. Once the verification is complete, you will receive an email to your registered address and you will be able to obtain your full score report, which shows you how well you performed in each domain. This is particularly useful if you do not meet the passing grade as you will be given areas to focus your studies on for the next attempt.
You have learned the exam format and style of the questions. Now, take a look at the topics that will be covered in the exam, which this book will guide you through.
Exam Domains
The AWS Certified Solutions Architect – Associate (SAA-C03) exam covers four high-level topics encompassing a wide range of subjects and AWS services and solutions. These are as follows:
|
Domain |
Percentage |
|---|---|
|
Domain 1: Design Secure Architectures |
30% |
|
Domain 2: Design Resilient Architectures |
26% |
|
Domain 3: Design High-Performing Architectures |
24% |
|
Domain 4: Design Cost-Optimized Architectures |
20% |
|
TOTAL |
100% |
Table 0.1: The four exam domains in the SAA-C03 exam
The percentage refers to the most likely number of questions that will be asked in the exam. You can expect roughly the following number of questions in each domain:
|
Domain |
Questions |
|---|---|
|
Domain 1: Design Secure Architectures |
19 |
|
Domain 2: Design Resilient Architectures |
17 |
|
Domain 3: Design High-Performing Architectures |
16 |
|
Domain 4: Design Cost-Optimized Architectures |
13 |
|
TOTAL |
65 |
Table 0.2: Rough number of questions from each domain
The AWS Certifications team provides a high-level description of each domain, including the key AWS services and technologies you will need to know to pass the exam. However, this exam expects you to be able to use multiple services to architect solutions based on scenarios, so simply knowing the names of AWS services is unlikely to be enough to earn a pass. In the next section, you are going to learn what each domain really means and the key topics within each. This can be used to help guide you while you study and prepare for the exam. Let’s begin with domain 1: Design Secure Architectures.
Domain 1: Design Secure Architectures
Building secure AWS architectures is vital for protecting data, applications, and infrastructure from threats. This requires knowledge of AWS services, infrastructure, and security best practices, including access control, identity services, and flexible authorization. In this section, we will cover three key task statements for designing secure systems:
- Design Secure Access to AWS Resources
- Design Secure Workloads and Applications
- Determine Appropriate Data Security Controls
Design Secure Access to AWS Resources
Designing secure access to AWS resources requires understanding access controls, federated identity services, AWS infrastructure, security best practices, and the shared responsibility model. Key skills include applying IAM best practices, creating flexible authorization models, implementing role-based access control, managing security for multiple accounts, using resource policies effectively, and integrating directory services with IAM roles when needed.
You will need to know how to design and appropriately apply the following:
- Adhering to AWS security best practices for IAM users and root users, which includes the use of multi-factor authentication (MFA) when appropriate.
- Designing a flexible authorization model. This includes IAM users, groups, roles, and policies.
- Creating a role-based access control strategy that incorporates AWS Security Token Service (AWS STS), role switching, and cross-account access.
- Creating a security strategy for multiple AWS accounts, including AWS Control Tower and service control policies (SCPs).
- Deciding the right use of resource policies for AWS services.
- Deciding when to integrate a directory service with IAM roles.
Design Secure Workloads and Applications
Designing secure workloads and applications requires understanding application security, AWS service endpoints, protocols, network traffic, secure access, and external threats. Key skills include creating secure VPC architectures, planning network segmentation, integrating AWS security services, and securing external connections to and from AWS.
This includes the following topics:
- Creating virtual private cloud (VPC) architectures with security components, including security groups, route tables, network access control lists (NACLs), and network address translation (NAT) gateways.
- Planning network segmentation strategies, which involves determining how to structure your network using public and private subnets.
- Integrating various AWS services to enhance the security of applications. This includes AWS Shield, AWS Web Application Firewall (AWS WAF), AWS Single Sign On (AWS SSO), and AWS Secrets Manager.
- Securing external network connections to and from the AWS cloud, including VPN and AWS Direct Connect.
Determine Appropriate Data Security Controls
Determining appropriate data security controls requires knowledge of data access, governance, recovery, retention, classification, and encryption with key management. Key skills include meeting compliance requirements with AWS technologies, encrypting data at rest and in transit, managing access policies for encryption keys, implementing backups and data lifecycle policies, rotating encryption keys, and renewing certificates.
The following areas are covered in this section:
- Aligning AWS technologies to meet compliance requirements
- Using AWS Key Management Service (KMS) to encrypt data stored on AWS
- Encrypting data in transit using AWS Certificate Manager (AWS ACM) and Transport Layer Security (TLS)
- Setting up access policies for encryption keys
- Setting up automated backup and data replication strategies
- Implementing policies for data access, lifecycle, and protection
- Regularly rotating encryption keys and renewing certificates to maintain security
In conclusion, domain 1 of the SAA-C03 exam covers the design of secure architectures on AWS. It requires knowledge of various AWS services, security best practices, and the shared responsibility model. It also tests your skills in designing secure access to AWS resources and secure workloads and applications. To succeed in this domain, you will need to have a deep understanding of AWS security, networking, and identity and access management.
Let’s now look at the second domain in the exam, Design Resilient Architectures.
Domain 2: Design Resilient Architectures
Designing resilient architectures is crucial for organizations utilizing AWS to ensure their systems can withstand failures and maintain high availability. Resilient architectures are designed to be scalable, fault-tolerant, and capable of handling disruption, allowing businesses to deliver reliable services to their users. In this section, you will explore two task statements within the domain of designing resilient architectures:
- Design Scalable and Loosely Coupled Architectures
- Design Highly Available and/or Fault-Tolerant Architectures
Design Scalable and Loosely Coupled Architectures
Creating scalable and loosely coupled architectures involves designing systems that can handle varying workloads and adapt to changing demands. It entails building components that can scale independently, enabling resource adjustments based on specific requirements. Important considerations in this area include the following:
- Leveraging AWS services such as Auto Scaling to automatically scale resources based on workload fluctuations
- Implementing loosely coupled architectures using services such as AWS Lambda, Amazon Simple Queue Service (SQS), or Amazon Simple Notification Service (SNS) to decouple components and enhance flexibility and scalability
- Utilizing services such as Amazon Elastic Container Service (ECS) or Amazon Elastic Kubernetes Service (EKS) to manage containerized workloads efficiently and facilitate scaling
Design High Availability and/or Fault-Tolerant Architectures
Designing highly available and fault-tolerant architectures ensures system operability even in the face of failure or disruption. It involves implementing redundancy, fault isolation, and automated failover mechanisms. Key considerations in this area include the following:
- Deploying solutions such as AWS Elastic Load Balancer (ELB) or Amazon Route 53 to distribute traffic across multiple instances or regions, ensuring continuous availability
- Utilizing AWS services such as Amazon RDS Multi-AZ, which provides automated synchronous replication of databases to ensure data availability during failures
- Incorporating fault isolation principles using concepts such as Availability Zones (AZs) or multi-region deployments to mitigate the impact of failures
- Implementing automated failover mechanisms through services such as Amazon Route 53 DNS failover or AWS Elastic Beanstalk rolling deployments
In summary, domain 2 of the SAA-C03 exam focuses on designing resilient architectures on AWS. It requires expertise in designing multi-tier architectures for high availability and fault tolerance, as well as ensuring business continuity through disaster recovery and failover strategies. To succeed in this domain, you will need to have a thorough understanding of AWS services such as EC2, ELB, Route 53, and CloudFormation, as well as experience in designing highly available and fault-tolerant architectures.
Let’s now learn what domain 3, Design High-Performing Architectures, covers.
Domain 3: Design High-Performing Architectures
Designing high-performance architectures is vital for ensuring the smooth and efficient functioning of workloads on AWS. It involves identifying and selecting the right compute, storage, and networking solutions for your workload. To design high-performance architectures, you need to be familiar with various AWS services and understand their capabilities and limitations.
In this section, you will read about the five task statements related to designing high-performance architectures:
- Determine High-Performance and/or Scalable Storage Solutions
- Design High-Performance and Elastic Compute Solutions
- Determine High-Performance Database Solutions
- Determine High-Performance and/or Scalable Network Architectures
- Determine High-Performance Data Ingestion and Transformation Solutions
Determine High-Performance and/or Scalable Storage Solutions
Selecting the right storage solutions is essential to achieve high performance and scalability in your architecture, ensuring efficient data storage, retrieval, and durability. When designing high-performance architectures, you need to consider the specific requirements of your workload, including data volume, access patterns, latency needs, and durability expectations.
You will need to understand how to do the following:
- Evaluate AWS storage services such as Amazon S3, Amazon EBS, and Amazon EFS based on the specific performance needs of your workload
- Implement caching mechanisms using services such as Amazon ElastiCache and Amazon CloudFront to enhance storage performance
- Utilize sharding or partitioning techniques to distribute data across multiple storage instances for improved scalability
Design High-Performance and Elastic Compute Solutions
Designing high-performance and elastic compute solutions involves a careful evaluation of various compute resources provided by AWS and optimizing their performance to meet the requirements of your workload. This includes considering factors such as computational power, memory capacity, storage options, and networking capabilities.
You will be tested on your knowledge of the following:
- Choosing AWS compute services such as Amazon EC2, AWS Lambda, and AWS Fargate based on workload characteristics and performance requirements
- Implementing auto-scaling configurations to dynamically adjust compute resources based on workload demands
- Leveraging AWS services such as Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS) to efficiently manage containerized workloads and enhance performance
Determine High-Performance Database Solutions
Selecting the right database solutions is crucial for achieving high performance and scalability in your architecture, enabling efficient data storage, retrieval, and management. When designing high-performance architectures, it is essential to consider factors such as data volume, throughput requirements, latency sensitivity, and scalability needs.
The exam will feature questions on how to do the following:
- Evaluate AWS database services such as Amazon RDS, Amazon DynamoDB, and Amazon Aurora based on the specific performance and scalability requirements of your workload
- Implement read replicas or sharding techniques to distribute database load and improve performance
- Utilize caching mechanisms using services such as Amazon ElastiCache to reduce database access latency and enhance performance
Determine High-Performance and/or Scalable Network Architectures
Designing high-performance and scalable network architectures is vital for achieving optimal performance across your infrastructure, ensuring reliable and efficient communication between various components of your system. A well-designed network architecture can minimize latency, reduce bottlenecks, and provide high bandwidth to support the demands of your workload.
You will need to learn how to do the following:
- Design your network using Amazon VPC to provide isolated and secure communication between resources
- Implement AWS services such as AWS Direct Connect and AWS Global Accelerator to optimize network connectivity and reduce latency
- Utilize content delivery networks (CDNs) such as Amazon CloudFront to cache and deliver content closer to end users, improving performance
Determine High-Performance Data Ingestion and Transformation Solutions
Efficiently handling data ingestion and transformation is crucial for high-performance architectures, enabling seamless and timely processing of data to drive actionable insights and meet business requirements. In today’s data-driven landscape, organizations need to effectively handle the continuous influx of data from various sources and transform it into valuable information.
You will be tested on how to do the following:
- Evaluate AWS services such as Amazon Kinesis and AWS Data Pipeline for real-time or batch data ingestion
- Utilize services such as AWS Glue or Amazon EMR for data transformation and processing at scale
- Implement parallel processing techniques and distributed computing frameworks to optimize data ingestion and transformation performance
To summarize, domain 3 of the SAA-C03 exam delves into the design of high-performance architectures on AWS. This domain encompasses a broad range of topics, including determining high-performing and scalable storage solutions, designing high-performing and elastic compute solutions, selecting high-performing database solutions, crafting high-performing and scalable network architectures, and determining efficient data ingestion and transformation solutions. To excel in this domain, you need to possess a comprehensive understanding of AWS services such as Amazon S3, Amazon EC2, Amazon RDS, Amazon VPC, and AWS Glue. Additionally, hands-on experience in designing architectures that prioritize performance, scalability, and efficiency will prove invaluable.
We will now look at domain 4, Design Cost-Optimized Architectures, the final exam domain.
Domain 4: Design Cost-Optimized Architectures
Designing cost-optimized architectures is an important aspect of cloud computing, as it can help organizations maximize the value of their AWS investments while reducing unnecessary expenses. In order to design cost-effective architectures, you need to be familiar with various AWS services, understand how to balance performance requirements with cost, and have expertise in data lifecycle management. In this section, we will cover four task statements related to designing cost-optimized architectures:
- Design Cost-Optimized Storage Solutions
- Design Cost-Optimized Compute Solutions
- Design Cost-Optimized Database Solutions
- Design Cost-Optimized Network Architectures
Design Cost-Optimized Storage Solutions
Designing cost-optimized storage solutions involves a meticulous approach to selecting the most suitable storage services and strategies that not only meet the performance requirements of the workload but also optimize costs. It requires a thorough understanding of the data access patterns, usage frequency, and expected growth of the storage needs. By considering these factors, organizations can make informed decisions to strike the right balance between performance and cost. Key considerations in this area include the following:
- Assessing data access patterns and leveraging appropriate storage classes, such as Amazon S3 Standard, Amazon S3 Glacier, and Amazon EBS, to match the needs of different data types
- Implementing data lifecycle management techniques, such as transitioning infrequently accessed data to lower-cost storage tiers or archiving data for long-term retention
- Utilizing AWS storage services such as Amazon S3 Intelligent-Tiering to automatically optimize costs by moving data between storage tiers based on usage patterns
Design Cost-Optimized Compute Solutions
Designing cost-optimized compute solutions involves a strategic approach to selecting compute resources that align with the performance requirements of the workload while optimizing costs. It entails understanding the specific needs of the application or workload and making informed decisions to maximize efficiency and cost-effectiveness. Consider the following:
- Choosing the appropriate instance types based on workload characteristics, such as CPU, memory, and networking requirements
- Utilizing AWS services such as Amazon EC2 Spot Instances, which offers cost savings by leveraging spare capacity
- Implementing auto-scaling configurations to dynamically adjust compute resources based on demand, avoiding over-provisioning and reducing costs
Design Cost-Optimized Database Solutions
Designing cost-optimized database solutions requires the careful evaluation of database services and configurations to ensure they align with the performance needs of the workload while optimizing costs. It involves considering factors such as data volume, query patterns, and desired response times to make informed decisions that strike the right balance between performance and cost efficiency. Consider the following:
- Choosing the appropriate database service based on workload characteristics, such as Amazon RDS, Amazon DynamoDB, or Amazon Aurora
- Right-sizing database instances to match workload demands and avoid unnecessary costs
- Implementing database caching techniques, such as Amazon ElastiCache, to improve performance and reduce database load
Design Cost-Optimized Network Architectures
Designing cost-optimized network architectures involves a comprehensive approach to optimizing network configurations and services in order to minimize costs while meeting the performance and security requirements of the workload. It requires a deep understanding of the network infrastructure and the specific needs of the applications or services running on it. Consider the following:
- Utilizing AWS networking services, such as Amazon VPC, to design efficient and cost-effective network topologies
- Implementing traffic management strategies, such as CDNs like Amazon CloudFront, to reduce data transfer costs and improve content delivery performance
- Leveraging AWS Direct Connect or VPN connections effectively to optimize network connectivity costs
Domain 4 of the exam covers the design of cost-optimized architectures on AWS. This domain requires you to identify cost-effective compute and database services, use cost-effective storage solutions, and design solutions that can optimize costs for operational efficiency based on business requirements. To succeed in this domain, you will need to have a solid understanding of AWS pricing models, cost optimization strategies, and how to balance cost with performance and other business needs.
Now that you have learned about all the domains of the exam, it’s time to dive in and learn all about AWS.
