Free AWS SAP-C02 Exam Questions

Core AWS Solutions Architect Professional Technologies:

• Networking & Connectivity - Amazon VPC, AWS Direct Connect, AWS VPN, AWS Transit Gateway, Amazon Route 53, Route 53 Resolver, AWS Global Accelerator, Amazon CloudFront, AWS PrivateLink, hybrid DNS, network segmentation, service endpoints
• Security & Identity - AWS IAM, AWS IAM Identity Center, AWS KMS, AWS Certificate Manager (ACM), AWS CloudTrail, AWS Security Hub, Amazon GuardDuty, Amazon Inspector, AWS Config, AWS Identity and Access Management Access Analyzer, encryption strategies, certificate management, cross-account access, third-party identity providers
• Compute Services - Amazon EC2, AWS Lambda, AWS Fargate, AWS Batch, AWS Elastic Beanstalk, AWS App Runner, AWS Outposts, AWS Wavelength, EC2 Auto Scaling, AWS Auto Scaling, instance families and types
• Container Services - Amazon ECS, Amazon EKS, Amazon ECR, Amazon ECS Anywhere, Amazon EKS Anywhere, Amazon EKS Distro, container orchestration
• Storage Services - Amazon S3, Amazon EBS, Amazon EFS, Amazon FSx (all types), AWS Storage Gateway, AWS Backup, Amazon S3 Glacier, storage tiering, lifecycle policies
• Database Services - Amazon RDS, Amazon Aurora, Amazon Aurora Serverless, Amazon DynamoDB, Amazon ElastiCache, Amazon DocumentDB, Amazon Keyspaces, Amazon Neptune, Amazon Redshift, Amazon Timestream, data replication, read replicas, backup and restoration
• Disaster Recovery & Resilience - AWS Elastic Disaster Recovery, pilot light, warm standby, multi-site strategies, RTOs and RPOs, backup and restoration, automatic recovery, scale-up and scale-out options
• Multi-Account Management - AWS Organizations, AWS Control Tower, multi-account governance, central logging, event notifications, resource sharing
• Cost Management - AWS Cost Explorer, AWS Budgets, AWS Cost and Usage Report, AWS Trusted Advisor, AWS Pricing Calculator, Reserved Instances, Savings Plans, Spot Instances, AWS Compute Optimizer, Amazon S3 Storage Lens, cost allocation tags, rightsizing
• Infrastructure as Code - AWS CloudFormation, AWS CDK, AWS SAM, change management, deployment strategies
• CI/CD & Deployment - AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, continuous integration and continuous delivery, blue/green deployments, canary deployments, rolling deployments, rollback mechanisms
• Configuration Management - AWS Systems Manager, AWS OpsWorks, AWS Config, AWS AppConfig, patch management, configuration automation
• Monitoring & Logging - Amazon CloudWatch, Amazon CloudWatch Logs, AWS CloudTrail, AWS X-Ray, AWS Config, monitoring strategies, alerting, automatic remediation
• Application Integration - Amazon EventBridge, Amazon SNS, Amazon SQS, AWS Step Functions, Amazon AppFlow, AWS AppSync, Amazon MQ, loosely coupled architectures
• Migration & Transfer - AWS Migration Hub, AWS Application Discovery Service, AWS Application Migration Service, AWS Database Migration Service (AWS DMS), AWS DataSync, AWS Transfer Family, AWS Snow Family, AWS Schema Conversion Tool (AWS SCT), migration strategies (7Rs), TCO evaluation
• Analytics Services - Amazon Athena, Amazon Kinesis, AWS Glue, Amazon EMR, Amazon Redshift, Amazon OpenSearch Service, Amazon QuickSight, AWS Lake Formation, Amazon MSK
• Machine Learning - Amazon SageMaker AI, Amazon Comprehend, Amazon Kendra, Amazon Lex, Amazon Polly, Amazon Rekognition, Amazon Textract, Amazon Transcribe, Amazon Translate, Amazon Fraud Detector, Amazon Personalize
• Management & Governance - AWS Systems Manager, AWS Organizations, AWS Control Tower, AWS Service Catalog, AWS Proton, AWS License Manager, AWS Health Dashboard, Amazon Managed Grafana, Amazon Managed Service for Prometheus, AWS Well-Architected Tool

Exam Sections (4 Main Domains with Weightings):

1. Domain 1: Design Solutions for Organizational Complexity (26%) - Architect network connectivity strategies (multiple VPCs, on-premises, co-location, cloud integration, Regions and Availability Zones, service endpoints, traffic flow troubleshooting). Prescribe security controls (cross-account access, third-party identity providers, encryption strategies, centralized security event notifications and auditing). Design reliable and resilient architectures (disaster recovery solutions, RTO/RPO requirements, automatic recovery, scale-up and scale-out options, backup and restoration strategies). Design a multi-account AWS environment (account structure, central logging, event notifications, multi-account governance model). Determine cost optimization and visibility strategies (cost and usage monitoring, tagging strategies, purchasing options, rightsizing).
2. Domain 2: Design for New Solutions (29%) - Design a deployment strategy to meet business requirements (Infrastructure as Code, CI/CD, change management, deployment strategies, rollback mechanisms, managed services, advanced technologies). Design a solution to ensure business continuity (disaster recovery solutions, data and database replication, disaster recovery testing, automated backup solutions, application and infrastructure availability, centralized monitoring, proactive recovery). Determine security controls based on requirements (IAM users and roles, least privilege, network flows, security groups, network ACLs, attack mitigation strategies, encryption strategies, service endpoints, patch management). Design a strategy to meet reliability requirements (highly available application environments, failure design, seamless system recoverability, loosely coupled dependencies, high-availability architectures, AWS managed services, DNS routing policies). Design a solution to meet performance objectives (large-scale application architectures, elastic architectures, design patterns, caching, buffering, replicas, purpose-built services, rightsizing strategy). Determine a cost optimization strategy (infrastructure selection and rightsizing, pricing models, data transfer modeling, expenditure and usage awareness controls).
3. Domain 3: Continuous Improvement for Existing Solutions (25%) - Determine a strategy to improve overall operational excellence (logging and monitoring strategy, deployment process improvements, automation opportunities, configuration management automation, failure scenario activities, recovery actions). Determine a strategy to improve security (secrets and credentials management, least privilege access auditing, security at every layer, comprehensive traceability, automated vulnerability detection responses, patch and update processes, backup processes, remediation techniques). Determine a strategy to improve performance (high-performing systems architectures, auto scaling, instance fleets, placement groups, global service offerings, Global Accelerator, CloudFront, edge computing, monitoring tools, SLAs and KPIs, measurable metrics, remediation solutions, new technologies and managed services, rightsizing, performance bottlenecks). Determine a strategy to improve reliability (application growth and usage trends, reliability evaluation, single points of failure remediation, data replication, self-healing, elastic features and services). Identify opportunities for cost optimizations (cost-conscious architecture choices, Spot Instances, scaling policies, rightsizing, price model adoptions, Reserved Instances, Savings Plans, networking and data transfer costs, cost management, alerting, reporting, usage reports, unused resources, billing alarms, Cost and Usage Reports, tagging for cost allocation).
4. Domain 4: Accelerate Workload Migration and Modernization (20%) - Select existing workloads and processes for potential migration (migration assessment and tracking tools, Migration Hub, portfolio assessment, asset planning, prioritization and migration of workloads, wave planning, application migration assessment, seven common migration strategies (7Rs), TCO evaluation). Determine the optimal migration approach for existing workloads (data migration options and tools, DataSync, Transfer Family, Snow Family, S3 Transfer Acceleration, application migration tools, Application Discovery Service, Application Migration Service, networking services and DNS, Direct Connect, Site-to-Site VPN, Route 53, identity services, IAM Identity Center, Directory Service, database migration tools, DMS, Schema Conversion Tool, governance tools, Control Tower, Organizations, database transfer mechanisms, application transfer mechanisms, data transfer services, security methods, governance models). Determine a new architecture for existing workloads (compute services, EC2, Elastic Beanstalk, containers, ECS, EKS, Fargate, ECR, storage services, EBS, EFS, FSx, S3, Volume Gateway, databases, DynamoDB, OpenSearch Service, RDS, self-managed databases on EC2, appropriate compute platform, container hosting platform, storage service, database platform). Determine opportunities for modernization and enhancements (serverless compute offerings, Lambda, containers, ECS, EKS, Fargate, storage services, S3, EFS, purpose-built databases, DynamoDB, Aurora Serverless, ElastiCache, integration services, SQS, SNS, EventBridge, Step Functions, decoupling application components, serverless solutions, appropriate service for containers, purpose-built databases, application integration services).

Key Skills Tested:

• Design solutions for organizational complexity including multi-account environments, network connectivity, security controls, and cost optimization
• Design new solutions that meet business requirements, ensure business continuity, implement security controls, meet reliability and performance objectives, and optimize costs
• Continuously improve existing solutions through operational excellence, security enhancements, performance optimization, reliability improvements, and cost optimizations
• Accelerate workload migration and modernization by selecting appropriate workloads, determining optimal migration approaches, designing new architectures, and identifying modernization opportunities
• Architect network connectivity strategies for complex, multi-VPC, hybrid, and multi-cloud environments
• Prescribe comprehensive security controls including cross-account access, identity provider integration, encryption strategies, and centralized security management
• Design reliable and resilient architectures with appropriate disaster recovery strategies, RTO/RPO alignment, and automatic recovery capabilities
• Design and implement multi-account AWS environments with appropriate governance, logging, and resource sharing strategies
• Determine cost optimization strategies using AWS cost management tools, purchasing options, and rightsizing techniques
• Design deployment strategies using Infrastructure as Code, CI/CD pipelines, and appropriate deployment patterns
• Design solutions for business continuity with comprehensive disaster recovery and backup strategies
• Determine security controls based on requirements including IAM, network security, encryption, and patch management
• Design strategies to meet reliability and performance objectives using AWS best practices
• Evaluate and improve existing solutions across operational excellence, security, performance, reliability, and cost dimensions
• Select and prioritize workloads for migration using assessment tools and migration strategies
• Determine optimal migration approaches for data, applications, and databases
• Design new architectures for migrated workloads using appropriate AWS services
• Identify opportunities for modernization including serverless, containers, purpose-built databases, and decoupled architectures