AWS Certified Solutions Architect - Associate (SAA-C03) #15 Exam Tips and Frequently Missed Patterns

4 min read

From #2 through #14 we made a full pass over all four domains. This post is the step that turns knowledge into score. SAA-C03 doesn’t reward raw knowledge alone. Time management and how you read each question, plus clearly distinguishing the confusing concept pairs, determine where you land relative to the pass line.

Time Management #

  • 130 minutes / 65 questions = about 2 minutes per question. Scenarios are long, so it feels even tighter.
  • Mark questions you don’t know with Mark for Review and move on. If you stay on one question for more than 3 minutes, you won’t get to later ones.
  • Solve all the way through on the first pass, then revisit marked questions with the remaining time.
  • Of the 65 questions, 15 are unscored. There’s no need to be rattled if one or two stump you.

Filter Options by Constraint Keywords #

Most SAA options “do work.” The correct answer is decided by the constraint keywords in the question. Find the keyword first, then filter options by that criterion.

Constraint KeywordDirection the Answer Leans
most cost-effectiveCheapest option (Spot, IA/Glacier, serverless)
least operational overheadManaged , serverless (Lambda, Fargate, Aurora, managed services)
highly availableMulti-AZ, ELB + ASG
minimal latencyCloudFront, caching, nearby region, Global Accelerator
decoupleSQS, SNS, EventBridge
durableS3 (replicated across AZs), multi-AZ storage

In particular, when you see “least operational overhead,” a managed/serverless answer is more likely correct than one based on self-managed EC2.

Elimination Strategy #

  1. First remove options that clearly don’t work or violate the requirement.
  2. Among the rest, pick the one that best fits the constraint keyword.
  3. Always check for a “Choose TWO/THREE” note (miss the count and it’s an automatic wrong answer).
  4. When two options are similar, the simpler one with less management burden is often correct.

The Most Frequently Confused Concept Pairs #

Here are the pairs that repeatedly draw wrong answers on the exam, gathered into one table. Mastering just this table protects a substantial number of points.

Concept PairKey Distinction
Multi-AZ vs. read replicaHigh availability/automatic failover vs. read scaling (asynchronous)
Security group vs. NACLInstance , stateful , allow-only vs. subnet , stateless , can deny
Gateway vs. Interface EndpointS3 , DynamoDB only , free vs. other services , PrivateLink
Pilot Light vs. Warm StandbyOnly the core (DB) running vs. a scaled-down full stack running
User Pool vs. Identity PoolAuthentication (JWT) vs. temporary AWS credentials
Redis vs. MemcachedPersistence , replication , Multi-AZ vs. simple , multithreaded
ALB vs. NLBL7 path routing vs. L4 ultra-high performance , static IP
CloudFront vs. ElastiCacheEdge CDN (close to users) vs. in-memory next to the app
CloudFront vs. Global AcceleratorContent caching vs. network path optimization , static IP
Cost Explorer vs. BudgetsAnalysis , forecasting vs. threshold alerting
Trusted Advisor vs. Compute OptimizerComprehensive check vs. right-sizing recommendations
SCP vs. Permission BoundaryAccount-level cap vs. per-identity cap (both restrict, not grant)
Standard-IA vs. One Zone-IAMulti-AZ vs. single AZ (lower durability)
Glacier Instant vs. Deep ArchiveInstant access vs. lowest cost , ~12-hour retrieval
Trust policy vs. permissions policyWho can assume vs. what they can do
RTO vs. RPORecovery time vs. amount of data loss
DAXDynamoDB-only cache (not RDS)

Domain-by-Domain Keyword → Service Quick Mapping #

ClueService to Recall
Block web attacks (SQLi/XSS)WAF
Basic DDoS (free)Shield Standard
Access S3 without the internetGateway Endpoint
Connect without inbound portsSession Manager
Automatic DNS failoverRoute 53 Failover
Decouple , asynchronousSQS / SNS / EventBridge
Microsecond DynamoDB readsDAX
Unknown access pattern (S3)Intelligent-Tiering
Interruption-tolerant batchSpot
Least-overhead containersFargate

Final Exam Strategy #

  • After finishing domain study (#2–14), practice time allocation and trap identification with the #16 practice exam.
  • For each missed question, review until you can explain “why that option is correct and mine is wrong” in terms of constraint keywords.
  • Drill the heavily weighted security (30%) domain and the frequently tested Multi-AZ vs. read replica and SG vs. NACL distinctions right up to exam day.

Wrap-up #

What this post locked in:

  • Time — 2 minutes per question, hold blocked questions with Mark for Review, 15 unscored questions exist
  • Constraint keywords decide the answer. In particular, “least operational overhead” means managed/serverless
  • After elimination, pick the option that fits the constraint, and check the Choose TWO/THREE count
  • The confusing concept-pair table is the core of this post — be sure to recheck it right before the exam

Next — Full-Scale Practice Exam #

Now it’s the real thing. In the last post, we solve 50 questions spanning all domains and finish with the explanations.

In #16 Full-Scale Multiple-Choice Practice Exam we provide 50 questions matched to the four domain weights, with an explanation for each. Solve them on the clock and find your weak domains.

X