☁︎SAA-C03

Week4 Serverless Scaling — SAA-C03 Mock Test

Mock Test — Week 4 Scalability, Decoupling & Serverless (15 questions)

  • Date: 2026-06-15
  • Topics: ELB (ALB/NLB/GWLB), Auto Scaling, Lambda, API Gateway, ECS/EKS/Fargate, SQS, SNS, EventBridge, Step Functions, Kinesis
  • Difficulty: exam-realistic
  • Suggested time: ~25 min

Q1.

A team must expose a serverless HTTP API to thousands of users with JWT-based authentication via Cognito User Pool and pay only when invoked. Which combination fits?

  • A) ALB + Lambda + custom auth in Lambda
  • B) API Gateway HTTP API + Lambda + Cognito JWT authorizer
  • C) NLB + EC2 + Cognito ID Provider
  • D) CloudFront + S3 + signed cookies

Q2.

A microservices app needs path-based routing (/users, /orders, /products) to three different service groups, with WebSocket support. Which load balancer is best?

  • A) Classic Load Balancer
  • B) Network Load Balancer
  • C) Application Load Balancer
  • D) Gateway Load Balancer

Q3.

An e-commerce site must process orders in strict per-customer sequence and never duplicate processing. Which AWS service should the architect choose?

  • A) SQS Standard queue
  • B) SQS FIFO queue with MessageGroupId = customerId
  • C) SNS Standard topic
  • D) Kinesis Data Streams

Q4.

An async system fanouts events to three independent SQS queues so that each downstream service can process at its own pace. Which AWS service is most appropriate as the fanout entry point?

  • A) Kinesis Data Streams
  • B) SQS Standard queue
  • C) SNS topic with three SQS subscribers
  • D) Step Functions

Q5.

A Lambda function runs for 20 minutes processing a CSV file from S3. The 15-minute timeout is hit. Which is the best fix?

  • A) Increase Lambda memory to 10,240 MB to speed up
  • B) Move processing to AWS Fargate or AWS Batch
  • C) Split the file into chunks and invoke Lambda per chunk
  • D) Use Lambda Provisioned Concurrency

Q6.

A workload spikes to 5,000 concurrent Lambda executions that all open connections to an Aurora DB, exhausting connections. Which solution mitigates this best?

  • A) Add Aurora Read Replicas
  • B) Increase max_connections in DB cluster parameter group
  • C) Deploy RDS Proxy in front of Aurora
  • D) Migrate to DynamoDB

Q7.

A solutions architect needs an event-driven workflow with human approval that may take 24 hours before continuing. Which AWS service fits best?

  • A) Step Functions Standard workflow with .waitForTaskToken
  • B) Step Functions Express workflow
  • C) SQS with long polling for 24 h
  • D) EventBridge cron rule

Q8.

A solutions architect wants to insert an inline third-party firewall appliance transparently between application traffic and downstream subnets. Which AWS load balancer enables this?

  • A) ALB
  • B) NLB
  • C) GWLB
  • D) CLB

Q9.

A real-time stream of clickstream events must be analyzed with multiple independent consumers (one writes to S3, one runs anomaly detection). The data must be replayable for 7 days. Which service is most appropriate?

  • A) SQS Standard
  • B) Kinesis Data Streams
  • C) Kinesis Data Firehose
  • D) SNS topic

Q10.

A solutions architect needs to deliver streaming records to S3 in Parquet with minimal code. Which service fits?

  • A) Kinesis Data Streams + Lambda
  • B) Kinesis Data Firehose with Lambda transform + Parquet conversion
  • C) EventBridge with S3 target
  • D) SQS + Lambda

Q11.

An Auto Scaling Group runs a stateless web tier. The architect wants to mix On-Demand and Spot to save cost while keeping the service available. Which feature?

  • A) Multiple ASGs with manual coordination
  • B) Mixed Instances Policy on a single ASG
  • C) Two Launch Templates merged at runtime
  • D) AWS Compute Optimizer

Q12.

You need to route AWS service events (EC2 state changes, S3 events, CodePipeline events) into a central monitoring account, with rich JSON pattern matching and archive/replay. Which service?

  • A) Amazon EventBridge
  • B) Amazon SNS
  • C) AWS Step Functions
  • D) Amazon Kinesis Data Streams

Q13.

A Lambda function runs in a VPC and must reach the public DynamoDB API privately, without using a NAT Gateway. What should you add?

  • A) Gateway VPC endpoint for DynamoDB
  • B) Public IP on the Lambda ENI
  • C) Direct Connect Public VIF
  • D) Internet Gateway

Q14.

A solutions architect wants the simplest way to deploy a containerized web service to AWS with automatic HTTPS, auto-scaling, and no node management. Which service fits best?

  • A) Amazon EKS with EC2 worker nodes
  • B) Amazon ECS on EC2
  • C) AWS App Runner
  • D) Amazon EMR

Q15.

A REST API behind API Gateway has tiered customers — Free users get 100 req/s, Premium users get 1,000 req/s. Which API Gateway feature enforces this per-customer quota?

  • A) Resource policies
  • B) WAF rate-based rules
  • C) Usage plans + API keys
  • D) Lambda authorizer with custom counter

Your answers

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
Answer Key & Explanations — don't peek!

Q1 — Correct: B

HTTP API + Cognito JWT authorizer is the native serverless pattern. ALB (A) doesn't natively validate Cognito JWTs without extra logic; HTTP API does.

Q2 — Correct: C

Path-based routing and WebSocket are L7 ALB features. NLB is L4 only.

Q3 — Correct: B

FIFO queue with MessageGroupId provides strict order per group and 5-minute dedup window. Standard does not preserve order; SNS Standard fanouts; Kinesis is for analytics streams.

Q4 — Correct: C

SNS → SQS fanout is the textbook pattern for one-to-many reliable delivery to multiple queues.

Q5 — Correct: B

Lambda has a hard 15-minute timeout. Long-running work belongs on Fargate or Batch. Splitting into chunks (C) can also work but Fargate/Batch is the clean architectural answer for the 20-minute job described.

Q6 — Correct: C

RDS Proxy pools connections, accommodates Lambda spikes, and preserves failover.

Q7 — Correct: A

Step Functions Standard supports executions up to 1 year, with .waitForTaskToken for human approval / external callback.

Q8 — Correct: C

Gateway Load Balancer is purpose-built for inline 3rd-party appliances using GENEVE encapsulation.

Q9 — Correct: B

KDS supports multi-consumer replay with retention up to 365 days. Firehose is a delivery service, not a stream.

Q10 — Correct: B

Firehose can transform via Lambda and convert to Parquet/ORC before writing to S3 with no infrastructure.

Q11 — Correct: B

Mixed Instances Policy combines On-Demand and Spot in a single ASG and distributes across instance types.

Q12 — Correct: A

EventBridge matches the rich JSON event pattern, cross-account, archive/replay description exactly. SNS is for pub/sub with limited filtering.

Q13 — Correct: A

DynamoDB supports a free Gateway VPC endpoint (and S3 too). Interface endpoints are for most other services.

Q14 — Correct: C

App Runner is the simplest managed container deployment with built-in HTTPS, scaling, and zero node management.

Q15 — Correct: C

REST API usage plans + API keys give per-customer rate limits and quotas. WAF rate-based rules are global, not per-customer.