Free Practice Questions for AWS Certified Solutions Architect - Professional (SAP-C02) Certification

Knowledge of:

- AWS Global Infrastructure - AWS networking concepts (for example, Amazon Virtual Private Cloud [Amazon VPC], AWS Direct Connect, AWS VPN, transitive routing, AWS container services) - Hybrid DNS concepts (for example, Amazon Route 53 Resolver, on-premises DNS integration) - Network segmentation (for example, subnetting, IP addressing, connectivity among VPCs) - Network traffic monitoring

Skills in:

- Evaluating connectivity options for multiple VPCs - Evaluating connectivity options for on-premises, co-location, and cloud integration - Selecting AWS Regions and Availability Zones based on network and latency requirements - Troubleshooting traffic flows by using AWS tools - Using service endpoints for service integrations

Knowledge of:

- AWS Identity and Access Management (IAM) and AWS IAM Identity Center - Route tables, security groups, and network ACLs - Encryption keys and certificate management (for example, AWS Key Management Service [AWS KMS], AWS Certificate Manager [ACM]) - AWS security, identity, and compliance tools (for example, AWS CloudTrail, AWS Identity and Access Management Access Analyzer, AWS Security Hub, Amazon Inspector)

Skills in:

- Evaluating cross-account access management - Integrating with third-party identity providers - Deploying encryption strategies for data at rest and data in transit - Developing a strategy for centralized security event notifications and auditing

Knowledge of:

- Recovery time objectives (RTOs) and recovery point objectives (RPOs) - Disaster recovery strategies (for example, using AWS Elastic Disaster Recovery, pilot light, warm standby, and multi-site) - Data backup and restoration

Skills in:

- Designing disaster recovery solutions based on RTO and RPO requirements - Implementing architectures to automatically recover from failure - Developing the optimal architecture by considering scale-up and scale-out options - Designing an effective backup and restoration strategy

Knowledge of:

- AWS Organizations and AWS Control Tower - Multi-account event notifications - AWS resource sharing across environments

Skills in:

- Evaluating the most appropriate account structure for organizational requirements - Recommending a strategy for central logging and event notifications - Developing a multi-account governance model

Knowledge of:

- AWS cost and usage monitoring tools (for example, AWS Trusted Advisor, AWS Pricing Calculator, AWS Cost Explorer, AWS Budgets) - AWS purchasing options (for example, Reserved Instances, Savings Plans, Spot Instances) - AWS rightsizing visibility tools (for example, AWS Compute Optimizer, Amazon Simple Storage Service [Amazon S3] Storage Lens)

Skills in:

- Monitoring cost and usage with AWS tools - Developing an effective tagging strategy that maps costs to business units - Understanding how purchasing options affect cost and performance

Knowledge of:

- Infrastructure as code (IaC) (for example, AWS CloudFormation) - Continuous integration and continuous delivery (CI/CD) - Change management processes - Configuration management tools (for example, AWS Systems Manager)

Skills in:

- Determining an application or upgrade path for new services and features - Selecting services to develop deployment strategies and implement appropriate rollback mechanisms - Adopting managed services as needed to reduce infrastructure provisioning and patching overhead - Making advanced technologies accessible by delegating complex development and deployment tasks to AWS

Knowledge of:

- AWS Global Infrastructure - AWS networking concepts (for example, Amazon Route 53, routing methods) - RTOs and RPOs - Disaster recovery scenarios (for example, backup and restore, pilot light, warm standby, multi-site) - Disaster recovery solutions on AWS

Skills in:

- Configuring disaster recovery solutions - Configuring data and database replication - Performing disaster recovery testing - Architecting a backup solution that is automated, is cost-effective, and supports business continuity across multiple Availability Zones or AWS Regions - Designing an architecture that provides application and infrastructure availability in the event of a disruption - Using processes and components for centralized monitoring to proactively recover from system failures

Knowledge of:

- IAM - Route tables, security groups, and network ACLs - Encryption options for data at rest and data in transit - AWS service endpoints - Credential management services - AWS managed security services (for example, AWS Shield, AWS WAF, Amazon GuardDuty, AWS Security Hub)

Skills in:

- Specifying IAM users and IAM roles that adhere to the principle of least privilege access - Specifying inbound and outbound network flows by using security group rules and network ACL rules - Developing attack mitigation strategies for large-scale web applications - Developing encryption strategies for data at rest and data in transit - Specifying service endpoints for service integrations - Developing strategies for patch management to remain compliant with organizational standards

Knowledge of:

- AWS Global Infrastructure - AWS storage services and replication strategies (for example Amazon S3, Amazon RDS, Amazon ElastiCache) - Multi-AZ and multi-Region architectures - Auto scaling policies and events - Application integration (for example, Amazon SNS, Amazon SQS, AWS Step Functions) - Service quotas and limits

Skills in:

- Designing highly available application environments based on business requirements - Using advanced techniques to design for failure and ensure seamless system recoverability - Implementing loosely coupled dependencies - Operating and maintaining high-availability architectures (for example, application failovers, database failovers) - Using AWS managed services for high availability - Implementing DNS routing policies (for example, Route 53 latency-based routing, geolocation routing, simple routing)

Knowledge of:

- Performance monitoring technologies - Storage options on AWS - Instance families and use cases - Purpose-built databases

Skills in:

- Designing large-scale application architectures for a variety of access patterns - Designing an elastic architecture based on business objectives - Applying design patterns to meet performance objectives with caching, buffering, and replicas - Developing a process methodology for selecting purpose-built services for required tasks - Designing a rightsizing strategy

Knowledge of:

- AWS cost and usage monitoring tools (for example, AWS Cost Explorer, AWS Trusted Advisor, AWS Pricing Calculator) - Pricing models (for example, Reserved Instances, AWS Savings Plans) - Storage tiering - Data transfer costs - AWS managed service offerings

Skills in:

- Identifying opportunities to select and rightsize infrastructure for cost-effective resources - Identifying appropriate pricing models - Performing data transfer modeling and selecting services to reduce data transfer costs - Developing a strategy and implementing controls for expenditure and usage awareness

Knowledge of:

- Alerting and automatic remediation strategies - Disaster recovery planning - Monitoring and logging solutions (for example, Amazon CloudWatch) - CI/CD pipelines and deployment strategies (for example, blue/green, all-at-once, rolling) - Configuration management tools (for example, AWS Systems Manager)

Skills in:

- Determining the most appropriate logging and monitoring strategy - Evaluating current deployment processes for improvement opportunities - Prioritizing opportunities for automation within a solution stack - Recommending the appropriate AWS solution to enable configuration management automation - Engineering failure scenario activities to support and exercise an understanding of recovery actions

Knowledge of:

- Data retention, data sensitivity, and data regulatory requirements - Automated monitoring and remediation strategies (for example, AWS Config rules) - Secrets management (for example, Systems Manager, AWS Secrets Manager) - Principle of least privilege access - Security-specific AWS solutions - Patching practices - Backup practices and methods

Skills in:

- Evaluating a strategy for the secure management of secrets and credentials - Auditing an environment for least privilege access - Reviewing implemented solutions to ensure security at every layer - Reviewing comprehensive traceability of users and services - Prioritizing automated responses to the detection of vulnerabilities - Designing and implementing a patch and update process - Designing and implementing a backup process - Employing remediation techniques

Knowledge of:

- High-performing systems architectures (for example, auto scaling, instance fleets, placement groups) - Global service offerings (for example, AWS Global Accelerator, Amazon CloudFront, edge computing services) - Monitoring tool sets and services (for example, CloudWatch) - Service level agreements (SLAs) and key performance indicators (KPIs)

Skills in:

- Translating business requirements to measurable metrics - Testing potential remediation solutions and making recommendations - Proposing opportunities for the adoption of new technologies and managed services - Assessing solutions and applying rightsizing based on requirements - Identifying and examining performance bottlenecks

Knowledge of:

- AWS Global Infrastructure - Data replication methods - Scaling methodologies (for example, load balancing, auto scaling) - High availability and resiliency - Disaster recovery methods and tools - Service quotas and limits

Skills in:

- Understanding application growth and usage trends - Evaluating existing architecture to determine areas that are not sufficiently reliable - Remediating single points of failure - Enabling data replication, self-healing, and elastic features and services

Knowledge of:

- Cost-conscious architecture choices (for example, using Spot Instances, scaling policies, and rightsizing resources) - Price model adoptions (for example, Reserved Instances, AWS Savings Plans) - Networking and data transfer costs - Cost management, alerting, and reporting

Skills in:

- Analyzing usage reports to identify underutilized and overutilized resources - Using AWS solutions to identify unused resources - Designing billing alarms based on expected usage patterns - Investigating AWS Cost and Usage Reports at a granular level - Using tagging for cost allocation and reporting

Knowledge of:

- Migration assessment and tracking tools (for example, AWS Migration Hub) - Portfolio assessment - Asset planning - Prioritization and migration of workloads (for example, wave planning)

Skills in:

- Completing an application migration assessment - Evaluating applications according to the seven common migration strategies (7Rs) - Evaluating total cost of ownership (TCO)

Knowledge of:

- Data migration options and tools (for example, AWS DataSync, AWS Transfer Family, AWS Snow Family, Amazon S3 Transfer Acceleration) - Application migration tools (for example, AWS Application Discovery Service, AWS Application Migration Service) - AWS networking services and DNS (for example, AWS Direct Connect, AWS Site-to-Site VPN, Amazon Route 53) - Identity services (for example, AWS IAM Identity Center, AWS Directory Service) - Database migration tools (for example, AWS DMS, AWS SCT) - Governance tools (for example, AWS Control Tower, AWS Organizations)

Skills in:

- Selecting the appropriate database transfer mechanism - Selecting the appropriate application transfer mechanism - Selecting the appropriate data transfer service and migration strategy - Applying the appropriate security methods to migration tools - Selecting the appropriate governance model

Knowledge of:

- Compute services (for example, Amazon EC2, AWS Elastic Beanstalk) - Containers (for example, Amazon ECS, Amazon EKS, AWS Fargate, Amazon ECR) - AWS storage services (for example, Amazon EBS, Amazon EFS, Amazon FSx, Amazon S3, AWS Storage Gateway Volume Gateway) - Databases (for example, Amazon DynamoDB, Amazon OpenSearch Service, Amazon RDS, self-managed databases on Amazon EC2)

Skills in:

- Selecting the appropriate compute platform - Selecting the appropriate container hosting platform - Selecting the appropriate storage service - Selecting the appropriate database platform

Knowledge of:

- Serverless compute offerings (for example, AWS Lambda) - Containers (for example, Amazon ECS, Amazon EKS, Fargate) - AWS storage services (for example, Amazon S3, Amazon EFS) - Purpose-built databases (for example, DynamoDB, Amazon Aurora Serverless, Amazon ElastiCache) - Integration services (for example, Amazon SQS, Amazon SNS, Amazon EventBridge, AWS Step Functions)

Skills in:

- Identifying opportunities to decouple application components - Identifying opportunities for serverless solutions - Selecting the appropriate service for containers - Identifying opportunities for purpose-built databases - Selecting the appropriate application integration service