AWS Certified Solutions Architect - Associate (SAA-C03) #15 Exam Tips and Frequently Missed Patterns
From #2 through #14 we made a full pass over all four domains. This post is the step that turns knowledge into score. SAA-C03 doesn’t reward raw knowledge alone. Time management and how you read each question, plus clearly distinguishing the confusing concept pairs, determine where you land relative to the pass line.
Time Management #
- 130 minutes / 65 questions = about 2 minutes per question. Scenarios are long, so it feels even tighter.
- Mark questions you don’t know with Mark for Review and move on. If you stay on one question for more than 3 minutes, you won’t get to later ones.
- Solve all the way through on the first pass, then revisit marked questions with the remaining time.
- Of the 65 questions, 15 are unscored. There’s no need to be rattled if one or two stump you.
Filter Options by Constraint Keywords #
Most SAA options “do work.” The correct answer is decided by the constraint keywords in the question. Find the keyword first, then filter options by that criterion.
| Constraint Keyword | Direction the Answer Leans |
|---|---|
| most cost-effective | Cheapest option (Spot, IA/Glacier, serverless) |
| least operational overhead | Managed , serverless (Lambda, Fargate, Aurora, managed services) |
| highly available | Multi-AZ, ELB + ASG |
| minimal latency | CloudFront, caching, nearby region, Global Accelerator |
| decouple | SQS, SNS, EventBridge |
| durable | S3 (replicated across AZs), multi-AZ storage |
In particular, when you see “least operational overhead,” a managed/serverless answer is more likely correct than one based on self-managed EC2.
Elimination Strategy #
- First remove options that clearly don’t work or violate the requirement.
- Among the rest, pick the one that best fits the constraint keyword.
- Always check for a “Choose TWO/THREE” note (miss the count and it’s an automatic wrong answer).
- When two options are similar, the simpler one with less management burden is often correct.
The Most Frequently Confused Concept Pairs #
Here are the pairs that repeatedly draw wrong answers on the exam, gathered into one table. Mastering just this table protects a substantial number of points.
| Concept Pair | Key Distinction |
|---|---|
| Multi-AZ vs. read replica | High availability/automatic failover vs. read scaling (asynchronous) |
| Security group vs. NACL | Instance , stateful , allow-only vs. subnet , stateless , can deny |
| Gateway vs. Interface Endpoint | S3 , DynamoDB only , free vs. other services , PrivateLink |
| Pilot Light vs. Warm Standby | Only the core (DB) running vs. a scaled-down full stack running |
| User Pool vs. Identity Pool | Authentication (JWT) vs. temporary AWS credentials |
| Redis vs. Memcached | Persistence , replication , Multi-AZ vs. simple , multithreaded |
| ALB vs. NLB | L7 path routing vs. L4 ultra-high performance , static IP |
| CloudFront vs. ElastiCache | Edge CDN (close to users) vs. in-memory next to the app |
| CloudFront vs. Global Accelerator | Content caching vs. network path optimization , static IP |
| Cost Explorer vs. Budgets | Analysis , forecasting vs. threshold alerting |
| Trusted Advisor vs. Compute Optimizer | Comprehensive check vs. right-sizing recommendations |
| SCP vs. Permission Boundary | Account-level cap vs. per-identity cap (both restrict, not grant) |
| Standard-IA vs. One Zone-IA | Multi-AZ vs. single AZ (lower durability) |
| Glacier Instant vs. Deep Archive | Instant access vs. lowest cost , ~12-hour retrieval |
| Trust policy vs. permissions policy | Who can assume vs. what they can do |
| RTO vs. RPO | Recovery time vs. amount of data loss |
| DAX | DynamoDB-only cache (not RDS) |
Domain-by-Domain Keyword → Service Quick Mapping #
| Clue | Service to Recall |
|---|---|
| Block web attacks (SQLi/XSS) | WAF |
| Basic DDoS (free) | Shield Standard |
| Access S3 without the internet | Gateway Endpoint |
| Connect without inbound ports | Session Manager |
| Automatic DNS failover | Route 53 Failover |
| Decouple , asynchronous | SQS / SNS / EventBridge |
| Microsecond DynamoDB reads | DAX |
| Unknown access pattern (S3) | Intelligent-Tiering |
| Interruption-tolerant batch | Spot |
| Least-overhead containers | Fargate |
Final Exam Strategy #
- After finishing domain study (#2–14), practice time allocation and trap identification with the #16 practice exam.
- For each missed question, review until you can explain “why that option is correct and mine is wrong” in terms of constraint keywords.
- Drill the heavily weighted security (30%) domain and the frequently tested Multi-AZ vs. read replica and SG vs. NACL distinctions right up to exam day.
Wrap-up #
What this post locked in:
- Time — 2 minutes per question, hold blocked questions with Mark for Review, 15 unscored questions exist
- Constraint keywords decide the answer. In particular, “least operational overhead” means managed/serverless
- After elimination, pick the option that fits the constraint, and check the Choose TWO/THREE count
- The confusing concept-pair table is the core of this post — be sure to recheck it right before the exam
Next — Full-Scale Practice Exam #
Now it’s the real thing. In the last post, we solve 50 questions spanning all domains and finish with the explanations.
In #16 Full-Scale Multiple-Choice Practice Exam we provide 50 questions matched to the four domain weights, with an explanation for each. Solve them on the clock and find your weak domains.