Amazon Web Services Updated SAA-C03 Exam Questions and Answers by sufyan

AWS CloudFormationallows for the automated, repeatable setup of infrastructure, reducing human error and ensuring consistency.AWS Configprovides the ability to track changes in the infrastructure, ensuring that all changes are logged and auditable, which satisfies the requirement for tracking incremental changes.

Option A and C (AWS Organizations): AWS Organizations manage multiple accounts, but they are not designed for infrastructure setup or change tracking.

Option D (Service Catalog): Service Catalog is used for deploying products, not for setting up infrastructure or tracking changes.

AWS References:

AWS Config

AWS CloudFormation

Comprehensive and Detailed 250 to 300 words of Explanation (AWS documentation-based, no links):

The requirement is an automated notification 30 days before an imported ACM certificate expires, delivered to the security team via an existing SNS topic with email subscription. The most operationally efficient approach is to use Amazon EventBridge with the managed event type for ACM certificate expiration. ACM publishes an event when a certificate is approaching expiration, and EventBridge can match that event and route it directly to a target service without custom polling logic.

Option D uses an EventBridge rule for the ACM Certificate Approaching Expiration event and sets the SNS topic as the target. This directly delivers an alert to the existing notification channel (email via SNS) and requires minimal code and minimal ongoing maintenance. It also avoids building and scheduling a scanner that must enumerate certificates, calculate dates, handle pagination, and manage failures.

Option C sends the event to SQS. While SQS is useful for decoupling and buffering, the requirement is to notify the security team, and SNS is already configured for email delivery. Using SQS would add an extra consumer component to read from the queue and publish notifications, which is additional operational overhead.

Options A and B require a custom Lambda-based scanning solution. That introduces scheduling (for example, EventBridge schedule), logic to detect “30 days remaining,” error handling, and ongoing maintenance. Since ACM already emits a purpose-built event for expiring certificates, polling is unnecessary and less efficient.

Therefore, D is the best solution: it uses a native event from ACM, routes it through EventBridge, and notifies the security team through the existing SNS topic with the least operational effort.

The requirement combines two key goals: reduce post-migration database administration/maintenance cost and minimize application rewrites for an existing Microsoft SQL Server application that relies heavily on T-SQL and stored procedures. Amazon Aurora PostgreSQL-Compatible with Babelfish is designed for this exact migration pattern: it helps applications written for SQL Server to run with reduced code changes by providing compatibility for commonly used SQL Server semantics, including T-SQL constructs, procedural logic, and SQL Server-style connectivity patterns (depending on feature usage). Aurora itself is a managed database service that reduces operational overhead compared to self-managed databases by offloading tasks such as provisioning, patching (within service capabilities), backups, and high availability patterns.

Option C (RDS for SQL Server) would indeed minimize rewrites because it keeps the engine the same, but it typically does not optimize operating costs as effectively as migrating off commercial SQL Server licensing/edition costs; it also keeps you on the same engine family, which often carries higher license implications and may not meet the “minimize operating costs” intent as strongly as moving to Aurora PostgreSQL with Babelfish. Option B is not suitable because Redshift Spectrum is for analytics over data in S3, not for running an OLTP ecommerce database with stored procedures. Option D is also a mismatch: EMR is for big data processing frameworks, not a relational OLTP database replacement for SQL Server.

Therefore, A best balances lower ongoing operational cost with reduced refactoring effort by using Aurora’s managed capabilities while leveraging Babelfish to ease SQL Server-to-PostgreSQL migration friction.

Deploying the web application on EC2 instances in private subnets behind an internal ALB ensures that the application is not directly accessible from the internet. By setting up a Site-to-Site VPN connection, the application can be accessed securely from the company ' s office network. Deploying NAT gateways in public subnets allows instances in private subnets to initiate outbound connections to the internet for downloading security patches.