SAA-C03 Premium Exam Questions

For logs that are:

Written and processed within a short period (24 hours)

Accessed quickly for compute/analytics

With unknown object count and size

Amazon S3 Standard is the most appropriate and cost-effective. Intelligent-Tiering is designed for data stored for longer periods (typically 30+ days) with changing access patterns and charges a per-object monitoring and automation fee that becomes inefficient for very short-lived objects.

S3 Glacier Deep Archive and S3 One Zone-IA are optimized for long-term archival or infrequently accessed data with retrieval time or availability constraints that are not suitable for nightly active processing.

A VPC gateway endpoint for Amazon S3 enables private connectivity to S3 without routing traffic through a NAT gateway or over the internet, eliminating NAT gateway costs. This solution is secure and redundant, as S3 endpoints are highly available by design.

AWS Documentation Extract:

" A gateway VPC endpoint enables you to privately connect your VPC to supported AWS services without requiring a NAT gateway or internet gateway. "

(Source: Amazon VPC documentation, Gateway Endpoints)

A: NAT instances still incur operational overhead and costs.

B: Internet gateway exposes resources and does not provide private access.

D: Direct Connect is for hybrid networking, not for cost-efficient S3 access.

The requirement has three key elements: high availability with automatic recovery, separation of transactional and analytical workloads, and acceptable reporting lag up to 4 hours. The clean AWS-native pattern for isolating heavy read/reporting traffic from transactional writes in RDS for MySQL is to use read replicas and direct reporting queries to the replica endpoint(s).

Option C meets these requirements well. The primary RDS for MySQL instance handles transactional traffic (reads/writes). One or more RDS read replicas asynchronously replicate data from the primary. Because replication is asynchronous, some lag is expected; the requirement explicitly tolerates up to a 4-hour lag, which fits the read replica model. Directing batch reporting and analytical queries to a replica prevents those expensive queries from consuming CPU, memory, and I/O on the primary, thereby protecting interactive user performance. Deploying replicas across multiple Availability Zones also improves availability of the reporting tier and reduces the risk that an AZ issue prevents reporting access.

Option A is incorrect because a standard Multi-AZ DB instance uses a synchronous standby that is not readable and is intended for failover, not for serving analytical queries. Option B describes a Multi-AZ DB cluster deployment, which does provide readable standbys in some RDS engines; however, for the classic RDS MySQL exam pattern, the most direct and widely used method to isolate analytics is read replicas. Option D creates a nightly snapshot-based read-only copy; this increases operational complexity, can result in stale data for most of the day, and introduces provisioning delays, which is unnecessary when replicas provide continuous near-real-time copies.

Therefore, C is the best fit because it provides HA for the primary, isolates reporting reads to replicas, and meets the allowed replication lag requirement.

The requirement explicitly states that the solution must not involve training a machine learning model, which immediately eliminates options that require custom ML development. Amazon Rekognition is a fully managed computer vision service that can analyze images and detect inappropriate or unwanted content using pretrained models provided by AWS.

Option B correctly uses Amazon Rekognition’s image moderation capabilities to analyze uploaded photos and identify unsafe or unwanted content categories. By invoking Rekognition from an AWS Lambda function, the solution remains serverless, automatically scalable, and operationally efficient. The Lambda function URL provides a secure HTTPS endpoint that the web application can call synchronously during uploads.

Option A violates the requirement because SageMaker Autopilot is designed to build and train ML models. Option C is incorrect because Amazon Comprehend is a natural language processing service for text analysis, not image moderation. CloudFront Functions also do not support calling external AWS services like Rekognition. Option D uses Rekognition Video, which is intended for analyzing video streams, not static images.

Using Lambda and Rekognition together ensures minimal operational overhead, no ML training effort, and immediate enforcement of content moderation policies. The architecture also allows easy extension, such as logging moderation results or blocking uploads based on confidence thresholds.

Therefore, B is the correct solution because it meets the content moderation requirement using AWS-managed ML services without requiring model training.