SGradeSGrade
How it works
Study guideMock testSign inStart free →
🏥 Professional Licensing
Licensure exams with high-stakes scoring.
NCLEX-RN, USMLE Step 1, Bar Exam, CPA
📈 Finance & Accounting
Certifications for analysts and accountants.
CFA Level 1, CPA Exam
🎓 University Admissions
Admissions tests and school-leaving maths.
A-Level Maths, LSAT
📐 Proficiency Assessments
Standardised skills and cloud certification.
NAPLAN Year 9, AWS SAA-C03
💡 How it works👤 Sign inStart free →
Live📚 ······Start free →

SGrade/AWS Solutions Architect Associate/Design Secure Architectures — Fundamentals

AWS SAA-C03 · Design Secure Architectures Domain · 30% of exam

AWS SAA-C03
Design Secure Architectures — Fundamentals
Practice Questions

40 scenario-based questions on Design Secure Architectures — Fundamentals, written to match the AWS Certified Solutions Architect Associate exam. Full architectural explanations with every answer. Track your readiness score as you go.

No credit card · First 25 questions free · Plus tier $5/mo

Readiness score

82%

avg. after completing this set

Questions40
DifficultyMixed
Exam weight30%
UpdatedJan 2026
📋
40 QuestionsScenario-based format
🎯
DifficultyMixed
⚖️
Exam weight30% of SAA-C03
📈
Readiness scoreUpdates after every answer
🔄
Spaced repetitionAuto-scheduled weak topics
82%
pass rate

82% of SGrade users who completed this Design Secure Architectures — Fundamentals set passed their SAA-C03. The global average SAA-C03 pass rate is ~71%. Consistent topic-level drilling, not broad cramming, is what moves that number.

Sample questions

3 of 40 questions shown. Sign in to practise all 40 with full explanations.

Question 1Foundation

A startup is setting up their first AWS environment and needs to understand the basic components of IAM. Which IAM entity is used to grant permissions to AWS services to perform actions on behalf of users?

AIAM User
BIAM Group
CIAM Role
DIAM Policy

Examiner's Design Intent

Tests foundational understanding of IAM entity purposes and ability to distinguish between identity assignment and service delegation in AWS security model

Reveal answer + full AI explanation →
Question 2Foundation

A company wants to encrypt data at rest in Amazon S3 and needs to maintain full control over the encryption keys, including the ability to audit key usage. Which type of KMS key should they use?

AAWS managed keys (aws/s3)
BCustomer managed keys (CMK)
CS3-managed keys (SSE-S3)
DAWS owned keys

Examiner's Design Intent

Tests ability to match encryption control requirements with appropriate KMS key types in Design Secure Architectures domain

Reveal answer + full AI explanation →
Question 3Foundation

A financial services company needs to store database credentials that their applications will retrieve programmatically. The credentials must be automatically rotated every 30 days. Which AWS service provides built-in automatic rotation for database credentials?

AAWS Systems Manager Parameter Store with SecureString
BAWS Secrets Manager
CAWS KMS with custom key rotation
DAWS IAM with temporary credentials

Examiner's Design Intent

Tests candidate's ability to select the correct AWS service for automatic credential rotation - a key architectural decision in secure application design

Reveal answer + full AI explanation →

+ 37 more Design Secure Architectures — Fundamentals questions in this set

Unlock all 40 questions free →

More AWS SAA-C03 topics

Design Resilient Architectures — FundamentalsDesign High-Performing Architectures — FundamentalsDesign Cost-Optimised Architectures — Fundamentals
← View all AWS Solutions Architect Associate topics

Pass AWS SAA-C03. Ship confident architecture.

Scenario-based questions. Predicted scaled score. Free tier — no card required.

Start free →