Amazon Web Services Updated SAA-C03 Exam Questions and Answers by kobie

The correct answers areA and D. The requirement is to replace third-party middleware with an AWS-native solution that supportsasynchronous communication,exactly-once delivery, and theleast infrastructure management.Amazon SQS FIFO queuesare the best messaging component because FIFO queues are designed for workloads that requireordered processingandexactly-once message deliverysemantics. That makes optionDthe correct messaging choice.

For the compute layer,AWS Lambdaprovides the least infrastructure management because it is a fully managed serverless compute service. Lambda removes the need to manage virtual machines, operating systems, or cluster infrastructure. It integrates naturally with queue-based asynchronous architectures and can be invoked to process messages from SQS while scaling automatically based on queue depth and workload demand. That makes optionAthe best choice for minimizing operational burden.

Option B is incorrect because EC2 instances would require the company to manage instance provisioning, patching, scaling, and availability. Option C is incorrect becauseAmazon SNSis a pub/sub messaging service and does not provide exactly-once delivery guarantees likeSQS FIFO. Option E is incorrect becauseAmazon EKSintroduces Kubernetes management overhead and is not the lowest-management compute option.

AWS best practices recommend using managed messaging and serverless compute to reduce undifferentiated operational work. For a migration that requires asynchronous processing with exactly-once delivery and minimal infrastructure management, the most appropriate architecture isAWS Lambda functionswithAmazon SQS FIFO queues.

AWS recommends multi-Region active-active architectures for applications requiring high availability, automatic failover, and disaster recovery. Route 53 latency-based routing directs users to the Region providing the lowest latency and automatically shifts traffic if Regional endpoints become unhealthy.

Combined with Application Load Balancers and EC2-based microservices deployed in multiple Regions, this architecture delivers fault tolerance, multi-Region resiliency, and automatic recovery.

Option D provides high availability but does not inherently provide multi-Region failover routing without additional configuration. Option B is single-Region. Option A is not resilient.

=====================================================

For bidirectional communication such as chat applications, Amazon API Gateway WebSocket API is the correct service. WebSocket APIs allow clients to establish long-lived connections and exchange messages with the backend Lambda functions in real time.

HTTP APIs and REST APIs are suitable for request-response models, not continuous two-way communication. CloudFront cannot maintain stateful WebSocket connections, so only Option C fits the requirements for a real-time, bidirectional application.

AWS Secrets Manager is a fully managed service specifically designed to securely store and automatically rotate database credentials, API keys, and other secrets. Secrets Manager provides built-in integration with Amazon RDS for automatic credential rotation on a configurable schedule without requiring downtime. It also manages the secure distribution of the credentials to authorized services, such as your web servers, using IAM policies. Manual solutions (S3, files, cron jobs) do not provide the same level of automation, audit, or security.

Reference Extract from AWS Documentation / Study Guide:

" AWS Secrets Manager enables you to rotate, manage, and retrieve database credentials securely. It supports automatic rotation of secrets for supported AWS databases without requiring application downtime. "

Source: AWS Certified Solutions Architect – Official Study Guide, Security and Secrets Management section.