Free AWS SAA-C03 Practice Questions: Design Cost-Optimized Architectures

Topic snapshot

Sample questions

These are original IT Mastery practice questions aligned to this topic area. They are not official AWS questions, copied live-exam content, or exam dumps. Use them to preview question style and explanation depth before continuing with topic drills, mixed sets, and timed mocks in IT Mastery.

Question 1

Topic: Design Cost-Optimized Architectures

Which AWS database service is a fully managed, serverless key-value and document store that can use an on-demand capacity mode to charge per read and write request, making it well-suited for unpredictable, spiky workloads at a low operational cost?

Options:

• A. Amazon RDS for MySQL

• B. Amazon Aurora MySQL-Compatible Edition with Aurora Serverless v2

• C. Amazon DynamoDB with on-demand capacity mode

• D. Amazon RDS for PostgreSQL with Multi-AZ deployment

Best answer: C

Explanation: Amazon DynamoDB is AWS’s fully managed, serverless NoSQL database service that stores data in key-value and document formats. It can operate in on-demand capacity mode, where you do not provision read/write capacity units in advance; instead, you are billed per read and write request. This makes it particularly cost-effective for workloads with highly variable or unpredictable traffic patterns, because you are not paying for idle capacity.

In contrast, Amazon RDS and Amazon Aurora are managed relational database services. Although Aurora Serverless v2 can automatically scale capacity, it still charges based on the amount of database capacity consumed over time, not per individual request, and it uses a relational data model rather than key-value/documents. RDS engines like MySQL and PostgreSQL require you to choose instance sizes and storage, so you pay for provisioned capacity regardless of usage levels.

For a definition-style question emphasizing a serverless key-value/document store with on-demand, per-request pricing, DynamoDB with on-demand capacity mode is the only AWS service that matches all of these characteristics at once.

Question 2

Topic: Design Cost-Optimized Architectures

A company is designing archival storage for several datasets. The following table summarizes retention and retrieval requirements.

Based only on the information in the exhibit, which S3 storage option is MOST cost-optimized for the Audit logs dataset while meeting the requirements?

Options:

• A. Store Audit logs in S3 Intelligent-Tiering with all archive tiers disabled and a lifecycle rule to delete objects after 7 years.

• B. Store Audit logs in S3 Glacier Flexible Retrieval with a lifecycle rule to delete objects after 7 years.

• C. Store Audit logs directly in S3 Glacier Deep Archive with a lifecycle rule to delete objects after 7 years.

• D. Store Audit logs in S3 Standard-Infrequent Access (S3 Standard-IA) with a lifecycle rule to delete objects after 7 years.

Best answer: C

Explanation: The exhibit row for the Audit logs dataset states: Audit logs | 7 years | Rarely (only during audits) | 48 hours. This clearly indicates long-term retention (7 years), very rare access (only when audits occur), and a generous retrieval time requirement (up to 48 hours).

S3 Glacier Deep Archive is specifically designed for data that must be retained for long periods, is accessed very rarely, and can tolerate retrieval latencies measured in hours (up to 12 hours for standard retrievals). Because the exhibit allows up to 48 hours for retrieval, Deep Archive easily satisfies the performance constraint and provides the lowest ongoing storage cost among S3 storage classes.

Options that use faster retrieval classes like S3 Glacier Flexible Retrieval, S3 Standard-IA, or non-archival Intelligent-Tiering tiers all provide much lower retrieval latency than the 48-hour allowance, but at a higher monthly storage cost. Since the question explicitly asks for the MOST cost-optimized option that still meets the requirements shown in the exhibit, the Deep Archive choice is best.

A common mistake is to over-engineer for speed by focusing on faster retrieval times rather than matching the storage class to the actual SLA in the exhibit. Another misread is to be influenced by other rows in the table (such as Customer file uploads | 90 days | Frequently (user downloads) | 5 minutes), which have very different access and latency needs and are not relevant to the Audit logs decision.

Question 3

Topic: Design Cost-Optimized Architectures

Which of the following statements about the cost and operational characteristics of NAT instances and NAT gateways is INCORRECT?

Options:

• A. NAT gateways are managed services that automatically handle scaling up to their service limits and remove the need to patch or manage underlying instances.

• B. NAT gateways are billed only per GB of data processed with no hourly charge, so they are typically cheaper than NAT instances for low-volume traffic.

• C. For environments with very low and sporadic outbound traffic from private subnets, a small NAT instance can be less expensive than a NAT gateway but requires you to manage availability and OS updates.

• D. At higher sustained outbound traffic volumes, NAT gateways can be more cost-effective overall than scaling and operating multiple large NAT instances, because they provide higher throughput per resource and reduce operational burden.

Best answer: B

Explanation: NAT gateways and NAT instances both allow resources in private subnets to access the internet, but they differ in pricing models and operational overhead.

A NAT gateway is a fully managed service. You are charged a fixed hourly rate per gateway plus a per-GB data processing fee for traffic that passes through it. AWS takes care of scaling within the published limits and handles the underlying infrastructure, so there is no OS-level patching or instance maintenance.

A NAT instance is a self-managed EC2 instance configured for NAT. You pay for the EC2 instance type per hour (or per second, depending on billing granularity) plus standard data transfer, but there is no separate NAT data processing fee. At very low traffic volumes, a small NAT instance can be cheaper than a NAT gateway. However, you must manage instance health, patching, scaling, and high availability. As traffic grows, the operational complexity and potential need for multiple larger instances can make NAT gateways more attractive overall.

The incorrect statement is the one claiming that NAT gateways are billed only per GB of data processed with no hourly charge, and that this makes them typically cheaper for low-volume traffic. In reality, NAT gateways do have an hourly cost, which is exactly why a small NAT instance can be more cost-effective at low traffic levels despite the added operational burden.

Question 4

Topic: Design Cost-Optimized Architectures

Which of the following statements about using AWS tools to monitor and analyze network-related (data transfer) charges are correct? (Select TWO.)

Options:

• A. You can use AWS Cost Explorer and filter by usage type to identify which services and Regions generate the highest data transfer charges.

• B. VPC Flow Logs include per-GB transfer pricing details for each connection, allowing you to calculate exact data transfer cost from the log entries alone.

• C. Creating an AWS Budget on “total EC2 instance hours” will automatically notify you when your inter-Region data transfer charges exceed a chosen threshold.

• D. The AWS Cost and Usage Report (CUR) can be delivered to Amazon S3 and queried (for example, with Amazon Athena) to get per-usage-type line items for data transfer costs.

• E. The AWS Pricing Calculator is the primary tool to obtain an hourly, historical breakdown of your past data transfer charges across all accounts.

Correct answers: A and D

Explanation: Monitoring network-related spend on AWS focuses on analyzing data transfer usage and cost across services and Regions. At the Associate level, the two primary billing tools for this are AWS Cost Explorer and the AWS Cost and Usage Report (CUR).

Cost Explorer lets you interactively explore historical spend by filtering and grouping on dimensions such as service, Region, and usage type. Data transfer is represented by specific usage types (for example, DataTransfer-Regional-Bytes, USE2-DataTransfer-Out-Bytes), so you can surface which workloads and locations are driving network charges.

For deeper analysis, the AWS Cost and Usage Report provides line-item data at the most granular level available. You can configure CUR to deliver CSV or Parquet files to an S3 bucket and then query them with Amazon Athena, Amazon Redshift, or other tools. This allows detailed attribution of data transfer cost by account, tag, usage type, and more.

Other services like VPC Flow Logs, AWS Budgets, and the AWS Pricing Calculator are useful but do not, by themselves, provide detailed historical breakdowns of network charges in the ways described by the incorrect statements.

Question 5

Topic: Design Cost-Optimized Architectures

A company has 8 VPCs in the same AWS Region. All VPCs must communicate with each other and with the on-premises data center. The network team’s primary goal is to minimize ongoing data transfer and connectivity costs while keeping the design simple. Which design should the solutions architect AVOID?

Options:

• A. Use AWS Transit Gateway as the hub and additionally create a single VPC peering connection between two VPCs that exchange very high volumes of traffic to avoid Transit Gateway data processing charges for that pair.

• B. Create a full mesh of VPC peering connections between all 8 VPCs and configure a separate VPN connection from each VPC to the on-premises data center.

• C. Use AWS Transit Gateway with an attachment from each VPC and a single VPN or AWS Direct Connect connection from the Transit Gateway to the on-premises network.

• D. Place shared services (for example, centralized NAT gateways and interface VPC endpoints) in a dedicated VPC attached to AWS Transit Gateway so that all other VPCs access those services through the Transit Gateway.

Best answer: B

Explanation: The scenario requires full-mesh connectivity among 8 VPCs and connectivity to an on-premises data center, with an explicit focus on minimizing ongoing network costs. For many VPCs, hub-and-spoke architectures using AWS Transit Gateway are generally more cost-effective and operationally simpler than full-mesh VPC peering and per-VPC VPN connections.

Transit Gateway allows each VPC to have a single attachment to a central hub. The on-premises network connects once (via VPN or AWS Direct Connect) to the Transit Gateway. This reduces the total number of connections, simplifies routing, and avoids paying for multiple VPN endpoints and duplicated data paths.

By contrast, building a full mesh of VPC peering connections and separate VPNs from each VPC to on-premises greatly increases the number of connections and their associated hourly and data transfer costs. This is an anti-pattern when a scalable hub-and-spoke option such as Transit Gateway is available.

Other optimizations, such as adding a single direct VPC peering link for a specific high-volume VPC pair or centralizing shared services into one VPC accessible via Transit Gateway, can further reduce both data processing and fixed hourly charges while maintaining simple routing.

Question 6

Topic: Design Cost-Optimized Architectures

A company uses a 1 Gbps AWS Direct Connect connection from its on-premises data center to a VPC for development and test workloads. Link utilization is consistently below 50 Mbps. All traffic must be encrypted, but the business can tolerate occasional latency spikes and brief outages. The company’s priority is to reduce ongoing network costs while still meeting these requirements. Which change should a solutions architect make to the current design?

Options:

• A. Upgrade the existing Direct Connect connection from 1 Gbps to 10 Gbps to accommodate future growth and reduce latency.

• B. Replace the Direct Connect link with an AWS Site-to-Site VPN connection over the existing internet link, using both VPN tunnels for redundancy.

• C. Add a second 1 Gbps Direct Connect connection in another facility and configure BGP for active/passive failover.

• D. Remove the Direct Connect link and allow users to access AWS resources over the public internet using only security groups and network ACLs for protection.

Best answer: B

Explanation: The current design uses a 1 Gbps AWS Direct Connect connection for low-bandwidth development and test traffic. Direct Connect is ideal for high-throughput, latency-sensitive, or predictable workloads, but it comes with fixed port-hour and circuit costs. In this scenario, utilization is low and the business explicitly prioritizes reducing ongoing network costs, while stating that occasional latency spikes and short outages are acceptable.

Replacing the Direct Connect connection with an AWS Site-to-Site VPN over the existing internet circuit leverages the company’s current ISP link, removing the dedicated Direct Connect port and circuit charges. Site-to-Site VPN encrypts traffic using IPsec and provides two redundant tunnels for basic high availability. For sub-50 Mbps traffic that can tolerate variable internet latency, this is typically much more cost-effective than a dedicated Direct Connect link while still meeting security and availability needs.

The other options all either increase cost or break explicit requirements. Upgrading or adding Direct Connect connections increases fixed cost without a matching business need, and removing encryption violates the stated security requirement. Thus, moving to Site-to-Site VPN is the only change that is strictly better on cost while still satisfying all constraints.

Question 7

Topic: Design Cost-Optimized Architectures

A company runs a read-heavy product catalog on Amazon RDS for MySQL. During flash sales, CPU on the database spikes and product page latency exceeds 400ms. The company wants to reduce monthly database cost, keep product page read latency under 100ms during peak traffic, avoid migrating away from RDS MySQL or changing the database schema, and minimize ongoing operational effort. Which solution best meets these requirements?

Options:

• A. Migrate the product catalog from RDS MySQL to Amazon DynamoDB with DynamoDB Accelerator (DAX) and decommission the RDS instance.

• B. Introduce Amazon ElastiCache for Redis as a read-through cache for frequently accessed product data in front of the existing RDS MySQL instance and then right-size the RDS instance to a smaller class.

• C. Increase the RDS MySQL instance size to a larger class and add multiple read replicas behind an Auto Scaling group of read endpoints.

• D. Convert the RDS MySQL database to an Amazon Aurora MySQL-Compatible cluster with Aurora Serverless v2 to scale capacity automatically during flash sales.

Best answer: B

Explanation: Adding an in-memory cache with Amazon ElastiCache for Redis in front of RDS offloads read traffic, improves response time, and enables downsizing the database instance, delivering both performance and cost benefits without changing the engine or schema.

Question 8

Topic: Design Cost-Optimized Architectures

An analytics team stores 80TB of CSV files in S3 Standard. Files are written once, kept for at least 5 years, and are accessed unpredictably a few times per month. Retrieval must be milliseconds. The team wants to reduce storage cost without managing lifecycle policies. Which change meets these requirements?

Options:

• A. Migrate all data to S3 Glacier Flexible Retrieval and restore objects when analysts need them.

• B. Create a lifecycle rule to transition objects from S3 Standard to S3 Standard-IA after 30 days.

• C. Add a lifecycle rule to move data to S3 Glacier Deep Archive after 30 days.

• D. Change the bucket’s storage class to S3 Intelligent-Tiering for all existing and new objects.

Best answer: D

Explanation: The current design uses S3 Standard for 80TB of long-lived data that is written once and accessed unpredictably a few times per month. This is an ideal pattern for S3 Intelligent-Tiering, which is designed for data with unknown or changing access patterns.

S3 Intelligent-Tiering automatically moves objects between frequent and infrequent access tiers based on observed access, without any performance impact on retrieval and without requiring lifecycle rules. For large, long-lived datasets with low but variable access, the storage savings from infrequent tiers generally outweigh the small per-object monitoring fee. This makes it a Pareto-superior option over S3 Standard in this scenario: lower cost with the same durability, availability, and millisecond latency, and no extra operational burden.

The Glacier storage classes (Flexible Retrieval and Deep Archive) are much cheaper for storage but impose minutes-to-hours retrieval latency and require explicit restore operations, which conflicts with the millisecond access requirement. Standard-IA with lifecycle can reduce cost, but it adds lifecycle management overhead that the team explicitly wants to avoid, so it does not improve operations relative to the baseline requirement.

Question 9

Topic: Design Cost-Optimized Architectures

A company runs identical production and QA web stacks on AWS: ALB, multi-AZ Auto Scaling, and Multi-AZ RDS. Production requires 99.9% availability; QA can tolerate full downtime outside business hours and data loss. Which change best reduces cost while meeting requirements?

Options:

• A. For QA only, change the Auto Scaling group to a single instance in one AZ and use a smaller Single-AZ RDS instance, both stopped outside business hours with scheduled actions.

• B. Remove the dedicated QA stack and instead reuse the production Auto Scaling group and RDS instance from a separate QA VPC.

• C. Change both production and QA Auto Scaling groups and RDS databases to Single-AZ deployments to cut capacity in half.

• D. Run both production and QA Auto Scaling groups entirely on Spot Instances across two AZs, keeping Multi-AZ RDS for each.

Best answer: A

Explanation: The key requirement is to maintain high availability (99.9%) for production while aggressively reducing cost for the QA environment, which can tolerate downtime and data loss. This means production’s multi-AZ design should remain, and optimizations should focus on QA where availability and durability needs are much lower.

Adjusting the QA environment to run in a single AZ with a single EC2 instance and a smaller Single-AZ RDS instance immediately reduces both compute and database costs: fewer instances, no multi-AZ premium, and smaller sizing. Adding scheduled actions to scale the Auto Scaling group to zero and stop the RDS instance outside business hours further reduces spend, often by more than half, because QA is only needed during working hours.

This approach is aligned with cost optimization and reliability: it avoids overengineering QA for availability it does not need, while preserving the robust multi-AZ setup for production. The distractors all reduce cost but either undermine production availability, rely on unreliable capacity for critical workloads, or break environment isolation.

Question 10

Topic: Design Cost-Optimized Architectures

A company stores 50 TB of application logs in Amazon S3. Most queries use only the last 30 days, and regulations require logs to be retained for 1 year. The company wants to minimize storage cost. Which approach is NOT appropriate?

Options:

• A. Store logs in S3 Standard for 30 days, then transition them to S3 Standard-Infrequent Access and configure expiration after 1 year.

• B. Use S3 Intelligent-Tiering for new logs, transition objects older than 30 days to S3 Glacier Deep Archive, and configure a lifecycle rule to delete them after 1 year.

• C. Store all logs indefinitely in S3 Standard with no lifecycle rules for transition or expiration.

• D. Keep logs in S3 Standard for 30 days, then transition them to S3 Glacier Deep Archive and configure expiration after 1 year.

Best answer: C

Explanation: Cost-optimized data retention on S3 means matching storage class and lifetime to how often data is accessed and how long it must be kept. For logs that are actively queried for only 30 days and must be retained for 1 year, the design should:

• Keep recent data in a performance-appropriate class (such as S3 Standard or Intelligent-Tiering).
• Transition older, rarely accessed data to lower-cost classes (S3 Standard-IA, S3 Glacier Flexible Retrieval, or S3 Glacier Deep Archive).
• Configure lifecycle expiration so that data is deleted when the regulatory retention period ends, avoiding unnecessary long-term storage costs.

The approach that leaves all data in S3 Standard indefinitely with no lifecycle rules fails all of these practices: it retains data beyond the regulatory requirement and uses the most expensive general-purpose tier for cold and eventually useless data. This is an obvious cost-optimization anti-pattern.

The other approaches apply S3 Lifecycle rules to move data to cheaper storage as it ages and to delete it after 1 year, aligning storage cost with both access patterns and compliance needs.

Continue in the web app

Use IT Mastery for interactive AWS SAA-C03 practice with mixed sets, timed mocks, topic drills, explanations, and progress tracking.

Try AWS SAA-C03 on Web

Related focused pages

• Free AWS SAA-C03 Full-Length Practice Exam
• Design Secure Architectures
• Design Resilient Architectures
• Design High-Performing Architectures