AWS Certified Solutions Architect - Associate (SAA-C03)

This page breaks SAA-C03 (Oracle Cloud Infrastructure 2025 DevOps Professional) into 10 focused sections aligned to the exam topic areas. Use each section to build mastery of OCI DevOps Service workflows, then move to mixed practice to simulate real exam conditions.

Vendor: Oracle Credential: AWS Certified Solutions Architect - Associate Exam: SAA-C03 Practice: domain then mixed
Start practicing Back to hub ↗

SAA-C03 coverage (10 sections)

Use the practice button on each card to open the quiz set for that domain in a new tab.

Identity, Authentication, and Secure Access Design (IAM, multi-account)

S01

What you will practice:

Design secure access at scale using IAM, federation, Identity Center, cross-account roles, and least-privilege policy reasoning.

  • (From Domain 1, Task 1.1: secure access to AWS resources.)
  • Multi-account access control
  • Access management across multiple accounts (centralized governance vs per-account autonomy)
  • Cross-account access patterns (role assumption, role switching, delegated admin concepts)
  • Federated access and identity services
  • IAM and IAM Identity Center (SSO) use cases and when to federate directories to roles
  • Least privilege architecture
  • Designing a flexible authorization model: users, groups, roles, policies
  • Choosing when to use resource policies vs identity policies
  • Root user protections
  • MFA and root-credential hardening expectations
  • Shared Responsibility Model
  • Security responsibilities split between AWS and the customer (common scenario framing)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Workload and Application Security Architecture (VPC security, segmentation, edge protection)

S02

What you will practice:

Secure workloads using VPC segmentation, edge protection, private endpoints, threat modeling, and security service selection.

  • (From Domain 1, Task 1.2: secure workloads and applications.)
  • VPC security components
  • Security groups, NACLs, route tables, NAT gateways as security-relevant design controls
  • Public vs private subnet segmentation strategies (and why)
  • Service endpoints and connectivity exposure
  • AWS service endpoints and controlling traffic paths (public endpoint vs private access patterns)
  • Threat modeling basics
  • Common threat vectors referenced by AWS (DDoS, SQL injection)
  • Security services and integrations
  • When to use GuardDuty/Macie/Cognito-type services (scenario-driven)
  • Application protection and access control integration (Shield/WAF/Secrets Manager/Identity Center)
  • Securing external connections
  • VPN vs Direct Connect decisions and security implications
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Data Security Controls (encryption, keys, retention, recovery)

S03

What you will practice:

Apply data security controls: encryption at rest and in transit, KMS key policy design, retention, backups, and compliance alignment.

  • (From Domain 1, Task 1.3: data security controls.)
  • Data governance
  • Data access controls, classification, and retention requirements
  • Encryption
  • Encryption at rest (KMS patterns)
  • Encryption in transit (TLS via ACM patterns)
  • Key policy design for encryption keys (who can use/manage keys)
  • Recovery and durability controls
  • Backups and replication strategies as security + continuity controls
  • Lifecycle and hygiene
  • Key rotation and certificate renewal expectations
  • Compliance alignment
  • Selecting AWS controls/services to meet compliance requirements
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Scalable and Loosely Coupled Architectures (event-driven, microservices, decoupling)

S04

What you will practice:

Design scalable architectures using decoupling, event-driven patterns, containers and serverless, and workflow orchestration.

  • (From Domain 2, Task 2.1: scalable and loosely coupled architectures.)
  • Loose coupling patterns
  • Queues/messaging and pub/sub concepts to decouple components
  • Event-driven architectures and when they fit better than synchronous coupling
  • Microservices design
  • Stateless vs stateful workload design tradeoffs (scaling and resiliency implications)
  • Multi-tier architecture design patterns
  • API layer
  • API creation/management via API Gateway-style services (REST API patterns)
  • Compute style choices
  • When to use containers vs serverless patterns (and what drives that choice)
  • Container orchestration concepts (ECS/EKS)
  • Scaling strategy design
  • Horizontal vs vertical scaling decisions at component level
  • Edge acceleration awareness
  • Appropriate use of CDN/edge accelerators to improve scalability and experience
  • Workflow orchestration
  • Step Functions-style orchestration and when workflows beat “glue code”
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

High Availability, Fault Tolerance, and Disaster Recovery Strategy

S05

What you will practice:

Build HA and DR strategies using Region and AZ choices, SPOF elimination, RPO/RTO mapping, and failover planning.

  • (From Domain 2, Task 2.2: highly available / fault-tolerant architectures.)
  • AWS global infrastructure usage
  • Region/AZ design choices and DNS routing considerations (Route 53 appears explicitly)
  • DR strategies and objectives
  • DR patterns: backup/restore, pilot light, warm standby, active-active
  • RPO and RTO interpretation and mapping to services
  • Failover strategy design
  • Cross-AZ vs cross-Region failover reasoning
  • Eliminating single points of failure (SPOFs)
  • Immutable infrastructure
  • Replacing vs repairing as a resiliency control (design intent)
  • Reliability instrumentation
  • Workload visibility (X-Ray style tracing is referenced) and selecting metrics aligned to business requirements
  • Quotas/throttling in DR
  • Designing standby environments with service quotas and throttling awareness
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

High-Performing Storage Architecture (scale, throughput, hybrid choices)

S06

What you will practice:

Choose storage architectures based on performance and scaling: S3, EBS, EFS, and hybrid considerations.

  • (From Domain 3, Task 3.1: high-performing/scalable storage.)
  • Storage type selection
  • Object vs file vs block based on access pattern and performance needs
  • Service selection for performance
  • S3 vs EFS vs EBS use cases and performance constraints
  • Scalability planning
  • Designing storage configurations that meet current throughput/latency and scale with growth
  • Hybrid storage solutions
  • When hybrid storage is required to meet business needs
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

High-Performing and Elastic Compute Architecture (right compute for the workload)

S07

What you will practice:

Select compute for performance and elasticity: instance choice, serverless sizing, batch and container patterns, scaling strategies.

  • (From Domain 3, Task 3.2: high-performing/elastic compute.)
  • Compute service selection
  • Choosing among compute options (examples referenced include Batch, EMR, Fargate) based on workload type
  • Distributed computing concepts
  • Designing with global infrastructure and edge services in mind for performance and scale
  • Decoupling for compute elasticity
  • Messaging/pub-sub concepts to smooth spikes and protect backends
  • Sizing and resource selection
  • Selecting instance types vs right-sizing serverless resources (example: Lambda memory sizing is explicitly called out)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

High-Performing Database and Caching Architecture

S08

What you will practice:

Design database and caching layers: relational vs NoSQL, Aurora and DynamoDB patterns, caching placement and HA behavior.

  • (From Domain 3, Task 3.3: high-performing database solutions.)
  • Data access patterns
  • Read-heavy vs write-heavy pattern recognition and design consequences
  • Database type and engine selection
  • Relational vs non-relational choices
  • Example services/types referenced include Aurora and DynamoDB, plus engine selection (MySQL vs PostgreSQL, etc.)
  • Caching integration
  • When caching is required and what it solves (ElastiCache explicitly referenced)
  • Placement and HA for databases
  • Designing databases with AZ/Region realities (global infrastructure awareness is explicitly referenced)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

High-Performing Networking, Edge Design, and Data Ingestion/Transformation

S09

What you will practice:

Optimize networking and edge designs: load balancing, latency placement, edge services, ingestion patterns, and analytics awareness.

  • (From Domain 3, Tasks 3.4 and 3.5.)
  • Network architecture performance
  • Selecting load balancing strategy appropriate to traffic profile
  • Placement of resources to meet latency/performance constraints
  • Edge networking services (explicitly mentioned as a knowledge area)
  • Data ingestion patterns
  • Batch vs streaming-style thinking; ingestion frequency as a design variable
  • Analytics/visualization service awareness
  • Services referenced include Athena, Lake Formation, QuickSight (use-case selection and pipeline fit)
  • ETL / transformation concerns
  • Transforming formats (example given: .csv to .parquet)
  • Choosing compute for processing (EMR referenced)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Cost-Optimized Architecture Across Storage, Compute, Database, and Network

S10

What you will practice:

Architect for cost optimization across storage, compute, database, and network using lifecycle, purchasing options, and transfer tradeoffs.

  • (From Domain 4, Tasks 4.1–4.4.)
  • 10A) Cost-optimized storage (4.1)
  • Storage tiering and lifecycle management (cold tiering, object lifecycle)
  • Backup/archival selection and lifecycle alignment
  • Hybrid data movement and migration choices (DataSync / Transfer Family / Storage Gateway referenced)
  • Choosing lowest cost data transfer method into AWS storage, and when storage auto scaling is needed
  • 10B) Cost-optimized compute (4.2)
  • Using cost tools and cost allocation mechanisms (Budgets, Cost Explorer, CUR, tags, multi-account billing)
  • Purchasing options (Spot, Reserved Instances, Savings Plans) and matching them to workload patterns
  • Right-sizing: instance family + instance size selection, and balancing availability needs for prod vs non-prod
  • 10C) Cost-optimized databases (4.3)
  • Backup and retention policies (snapshot frequency)
  • Choosing database types/services cost-effectively (example comparisons include DynamoDB vs RDS; serverless considerations are referenced)
  • Migration implications: schema/data movement across engines/locations
  • 10D) Cost-optimized networking (4.4)
  • NAT cost tradeoffs (NAT instances vs NAT gateways)
  • Transit and peering topology choices (Transit Gateway vs VPC peering) and routing to minimize transfer costs
  • Choosing connectivity (Direct Connect vs VPN vs internet) based on cost and requirements
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

FAQ

What is SAA-C03 in AWS certifications?

SAA-C03 is the exam code for AWS Certified Solutions Architect - Associate, focused on designing secure, resilient, high-performing, and cost-optimized architectures on AWS.

How long is the SAA-C03 exam?

AWS lists associate-level exams such as SAA-C03 with a 130-minute exam time. Check your AWS certification portal for the latest exam delivery details.

Does AWS publish a passing score for SAA-C03?

AWS does not publicly disclose passing scores. Results are reported as pass or fail based on a scaled scoring model.

What is the best way to study SAA-C03?

Practice each domain until you can justify service choices and tradeoffs (security, reliability, performance, cost), then do mixed scenario sets to simulate the exam.