Amazon Web Services Updated SAA-C03 Exam Questions and Answers by ralphie

DynamoDB on-demand capacity mode is the best fit when traffic is unpredictable and the application must automatically scale read and write throughput without capacity planning. In on-demand mode, DynamoDB instantly accommodates changing request rates and charges based on actual read and write requests, which avoids over-provisioning for unknown traffic patterns. The DynamoDB Standard table class is appropriate because the workload expects moderate to high read and write activity. DynamoDB Standard-IA is designed for tables where storage is dominant and access is infrequent, so it is not the best match for an actively used web application backend. Provisioned capacity with auto scaling can be cost-effective for predictable workloads, but unpredictable traffic makes on-demand mode the safer and more operationally efficient choice.

EC2 Image Builder is the AWS-managed service specifically designed to automate the creation, patching, hardening, and testing of AMIs.

For this scenario, best practice is to:

Use EC2 Image Builder pipelines to generate new golden AMIs whenever features are deployed or on a schedule.

Include build components such as update-linux to automatically apply OS security patches and updates during image creation.

Deploy the new AMIs through existing Auto Scaling groups, ensuring that every newly launched instance is already patched and compliant.

This approach:

Prevents OS vulnerabilities from being introduced at deployment time.

Scales across dozens of applications because AMI pipelines are reusable and automated.

Minimizes manual effort and reduces drift between instances.

Amazon Inspector (Option A) identifies vulnerabilities but does not itself patch AMIs.

AWS Backup (Option B) is for data protection, not vulnerability management.

Patch Manager (Option C) patches running instances, but the requirement is to ensure vulnerabilities are not introduced with new AMIs; golden image pipelines with EC2 Image Builder are the recommended solution.

A spread placement group is designed to deploy each instance on distinct underlying hardware, reducing the risk of simultaneous failures. By spreading instances across multiple Availability Zones, you achieve high availability and fault tolerance, meeting the 99.99% uptime requirement. Spread placement groups are ideal for critical applications that require maximum resilience to single hardware failures. Neither cluster nor partition strategies offer the same guarantee of separation combined with cross-AZ distribution.

Reference Extract from AWS Documentation / Study Guide:

" Spread placement groups are recommended for applications that have a small number of critical instances that should be kept separate from each other. Instances in a spread placement group are placed on distinct underlying hardware, and when deployed across multiple Availability Zones, provide high availability. "

Source: AWS Certified Solutions Architect – Official Study Guide, Compute and High Availability section; Amazon EC2 Placement Groups Documentation.

TooManyRequestsException errors occur when Lambda exceeds concurrency limits. The recommended pattern is to use Amazon SQS with Lambda to decouple and buffer traffic, ensuring that bursts of requests are queued and processed smoothly. Enabling provisioned concurrency for Lambda ensures that functions are pre-initialized and ready to handle spikes in load with low latency. Step Functions (B) is designed for workflow orchestration, not high-throughput request buffering. SNS with Lambda (C) does not provide buffering and may overwhelm Lambda during bursts. Reserved concurrency (D) limits function scaling instead of improving resilience. Therefore, option A provides a scalable and resilient solution, minimizing errors during traffic surges.