SAP-C02 Amazon Web Services AWS Certified Solutions Architect

AWS Certified Solutions Architect - Professional

Last Update 14 hours ago Total Questions : 674

The AWS Certified Solutions Architect - Professional content is now fully updated, with all current exam questions added 14 hours ago. Deciding to include SAP-C02 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our SAP-C02 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these SAP-C02 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any AWS Certified Solutions Architect - Professional practice test comfortably within the allotted time.

Question # 136

A company has purchased appliances from different vendors. The appliances all have loT sensors. The sensors send status information in the vendors ' proprietary formats to a legacy application that parses the information into JSON. The parsing is simple, but each vendor has a unique format. Once daily, the application parses all the JSON records and stores the records in a relational database for analysis.

The company needs to design a new data analysis solution that can deliver faster and optimize costs.

Which solution will meet these requirements?

Connect the loT sensors to AWS loT Core. Set a rule to invoke an AWS Lambda function to parse the information and save a .csv file to Amazon S3. Use AWS Glue to catalog the files. Use Amazon Athena and Amazon OuickSight for analysis.

Migrate the application server to AWS Fargate, which will receive the information from loT sensors and parse the information into a relational format. Save the parsed information to Amazon Redshift for analysis.

Create an AWS Transfer for SFTP server. Update the loT sensor code to send the information as a .csv file through SFTP to the server. Use AWS Glue to catalog the files. Use Amazon Athena for analysis.

Use AWS Snowball Edge to collect data from the loT sensors directly to perform local analysis. Periodically collect the data into Amazon Redshift to perform global analysis.

Question # 137

A company has an application that generates reports and stores them in an Amazon S3 bucket When a user accesses their report, the application generates a signed URL to allow the user to download the report. The company ' s security team has discovered that the files are public and that anyone can download them without authentication The company has suspended the generation of new reports until the problem is resolved.

Which set of actions will immediately remediate the security issue without impacting the application ' s normal workflow?

Create an AWS Lambda function that applies a deny all policy for users who are not authenticated. Create a scheduled event to invoke the Lambda function

Review the AWS Trusted Advisor bucket permissions check and implement the recommended actions.

Run a script that puts a private ACL on all of the objects in the bucket.

Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcls option to TRUE on the bucket.

Question # 138

A company is deploying AWS Lambda functions that access an Amazon RDS for PostgreSQL database. The company needs to launch the Lambda functions in a QA

environment and in a production environment.

The company must not expose credentials within application code and must rotate passwords automatically.

Which solution will meet these requirements?

Store the database credentials for both environments in AWS Systems Manager Parameter Store. Encrypt the credentials by using an AWS Key ManagementService (AWS KMS) key. Within the application code of the Lambda functions, pull the credentials from the Parameter Store parameter by using the AWS SDKfor Python (Bot03). Add a role to the Lambda functions to provide access to the Parameter Store parameter.

Store the database credentials for both environments in AWS Secrets Manager with distinct key entry for the QA environment and the production environment.Turn on rotation. Provide a reference to the Secrets Manager key as an environment variable for the Lambda functions.

Store the database credentials for both environments in AWS Key Management Service (AWS KMS). Turn on rotation. Provide a reference to the credentialsthat are stored in AWS KMS as an environment variable for the Lambda functions.

Create separate S3 buckets for the QA environment and the production environment. Turn on server-side encryption with AWS KMS keys (SSE-KMS) for theS3 buckets. Use an object naming pattern that gives each Lambda function ' s application code the ability to pull the correct credentials for the function ' scorresponding environment. Grant each Lambda function ' s execution role access to Amazon S3.

Question # 139

A company wants to use a third-party software-as-a-service (SaaS) application. The third-party SaaS application is consumed through several API calls. The third-party SaaS application also runs on AWS inside a VPC.

The company will consume the third-party SaaS application from inside a VPC. The company has internal security policies that mandate the use of private connectivity that does not traverse the internet. No resources that run in the company VPC are allowed to be accessed from outside the company’s VPC. All permissions must conform to the principles of least privilege.

Which solution meets these requirements?

Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint.

Create an AWS Site-to-Site VPN connection between the third-party SaaS application and thecompany VPC. Configure network ACLs to limit access across the VPN tunnels.

Create a VPC peering connection between the third-party SaaS application and the company VPUpdate route tables by adding the needed routes for the peering connection.

Create an AWS PrivateLink endpoint service. Ask the third-party SaaS provider to create an interface VPC endpoint for this endpoint service. Grant permissions for the endpoint service to the specific account of the third-party SaaS provider.

Question # 140

A company owns a chain of travel agencies and is running an application in the AWS Cloud. Company employees use the application to search for information about travel destinations. Destination content is updated four times each year.

Two fixed Amazon EC2 instances serve the application. The company uses an Amazon Route 53 public hosted zone with a multivalue record of travel.example.com that returns the Elastic IP addresses for the EC2 instances. The application uses Amazon DynamoDB as its primary data store. The company uses a self-hosted Redis instance as a caching solution.

During content updates, the load on the EC2 instances and the caching solution increases drastically. This increased load has led to downtime on several occasions. A solutions architect must update the application so that the application is highly available and can handle the load that is generated by the content updates.

Which solution will meet these requirements?

Set up DynamoDB Accelerator (DAX) as in-memory cache. Update the application to use DAX. Create an Auto Scaling group for the EC2 instances. Create an Application Load Balancer (ALB). Set the Auto Scaling group as a target for the ALB. Update the Route 53 record to use a simple routing policy that targets the ALB ' s DNS alias. Configure scheduled scaling for the EC2 instances before the content updates.

Set up Amazon ElastiCache for Redis. Update the application to use ElastiCache. Create an Auto Scaling group for the EC2 instances. Create an Amazon CloudFront distribution, and set the Auto Scaling group as an origin for the distribution. Update the Route 53 record to use a simple routing policy that targets the CloudFront distribution ' s DNS alias. Manually scale up EC2 instances before the content updates.

Set up Amazon ElastiCache for Memcached. Update the application to use ElastiCache Create an Auto Scaling group for the EC2 instances. Create an Application Load Balancer (ALB). Set the Auto Scaling group as a target for the ALB. Update the Route 53 record to use a simple routing policy that targets the ALB ' s DNS alias. Configure scheduled scaling for the application before the content updates.

Set up DynamoDB Accelerator (DAX) as in-memory cache. Update the application to use DAX. Create an Auto Scaling group for the EC2 instances. Create an Amazon CloudFront distribution, and set the Auto Scaling group as an origin for the distribution. Update the Route 53 record to use a simple routing policy that targets the CloudFront distribution ' s DNS alias. Manually scale up EC2 instances before the content updates.

Question # 141

A company has migrated an application from on premises to AWS. The application frontend is a static website that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB). The application backend is a Python application that runs on three EC2 instances behind another ALB. The EC2 instances are large, general purpose On-Demand Instances that were sized to meet the on-premises specifications for peak usage of the application.

The application averages hundreds of thousands of requests each month. However, the application is used mainly during lunchtime and receives minimal traffic during the rest of the day.

A solutions architect needs to optimize the infrastructure cost of the application without negatively affecting the application availability.

Which combination of steps will meet these requirements? (Choose two.)

Change all the EC2 instances to compute optimized instances that have the same number of cores as the existing EC2 instances.

Move the application frontend to a static website that is hosted on Amazon S3.

Deploy the application frontend by using AWS Elastic Beanstalk. Use the same instance type for the nodes.

Change all the backend EC2 instances to Spot Instances.

Deploy the backend Python application to general purpose burstable EC2 instances that have the same number of cores as the existing EC2 instances.

Question # 142

A company needs to store sensitive and crucial business data in an Amazon S3 bucket. Because of the criticality of the data, the data must be available in a second AWS Region within 15 minutes. If any object is not available within 15 minutes, an operations team must receive a notification. The company has already enabled S3 Versioning on the S3 bucket, and the company creates a second S3 bucket in the second Region.

Which combination of solutions will meet these requirements? (Select TWO.)

Create a new S3 replication rule. Configure the rule to replicate all objects to the second S3 bucket.

Create an AWS DataSync task. Set the appropriate source and destination S3 buckets for the task.

Enable S3 Replication Time Control (S3 RTC), and configure the replication metrics and events. Create an Amazon SNS topic and set it as the target for the OperationMissedThreshold S3 event notification. Use the SNS topic to notify the operations team.

Enable S3 Transfer Acceleration on both S3 buckets. Create an Amazon CloudWatch alarm for the S3 5xxErrors metric. Create an Amazon SNS topic and set it as the target for the alarm. Use the SNS topic to notify the operations team.

Enable AWS DataSync enhanced transfer mode. Create an Amazon CloudWatch alarm for the DataSync FilesFailed metric. Create an Amazon SNS topic and set it as the target for the alarm. Use the SNS topic to notify the operations team.

Question # 143

A company ' s AWS environment includes an Amazon RDS for MySQL database in a Multi-AZ deployment and an Amazon EC2 Auto Scaling group behind an Application Load Balancer (ALB). The Auto Scaling group spans two Availability Zones. The company also uses Amazon Route 53 for DNS hosting.

The company runs an application in its AWS environment. More than 95% of the application ' s operations are read operations. A solutions architect needs to deploy the workload to a second AWS Region. The solution must reduce application latency while maintaining business continuity.

What combination of solutions will meet these requirements? (Select TWO.)

Migrate the RDS for MySQL database to an Amazon Aurora MySQL global database. Create an ALB in the new Region. Deploy a new EC2 Auto Scaling group behind the new ALB.

Migrate the RDS for MySQL database to a Multi-AZ deployment in a new Region. Create an ALB in the new Region. Deploy an Amazon CloudFront distribution in front of the new ALB.

Configure latency-based routing in Route 53. Add a new record that points to both ALBs.

Configure geolocation routing in Route 53. Add a new alias record that points to both ALBs.

Migrate the RDS for MySQL database to Amazon Aurora Serverless v2. Create a new ALB. Deploy an EC2 Auto Scaling group behind the new ALB.

Answer:

A, C

Explanation:

The workload must be deployed to a second AWS Region to reduce latency for users while maintaining business continuity. Because more than 95% of operations are read operations, the database layer must efficiently support low-latency reads in multiple Regions without introducing complex replication logic or sacrificing availability.

Amazon Aurora MySQL global database is specifically designed for multi-Region deployments. It provides a single primary Region for writes and up to multiple secondary Regions with read-only replicas that use low-latency, storage-based replication. This architecture is well suited for read-heavy workloads because read traffic can be served locally in each Region while writes are centralized. Aurora global database also supports fast recovery and promotes a secondary Region in the event of a primary Region failure, which satisfies business continuity requirements.

Option A correctly migrates the existing RDS for MySQL database to an Aurora MySQL global database and deploys application infrastructure (ALB and Auto Scaling group) in the second Region. This enables applications in each Region to read from the closest Aurora replica, reducing read latency while preserving a managed, highly available database architecture.

To route users to the closest healthy Region, DNS-based traffic management is required. Route 53 latency-based routing directs users to the endpoint (ALB) with the lowest latency from their location. This directly addresses the requirement to reduce application latency while also supporting multi-Region availability.

Option C provides this routing capability by configuring latency-based routing with Route 53 and pointing records to both ALBs. Route 53 continuously evaluates latency and health checks to route traffic appropriately, which supports both performance and business continuity.

Option B is not sufficient because migrating to a separate Multi-AZ database in another Region does not provide a shared data layer or managed cross-Region replication. This would require custom replication and conflict resolution and does not maintain a single logical dataset across Regions. CloudFront improves content delivery for static assets but does not solve database read latency or data consistency.

Option D uses geolocation routing, which routes traffic based on user location rather than actual measured latency. This is less precise than latency-based routing and does not automatically adapt to changing network conditions or Region health.

Option E introduces Aurora Serverless v2, which is not designed for multi-Region global database replication. Aurora Serverless v2 focuses on scaling capacity within a Region, not on reducing latency across Regions or providing managed global read replicas.

Therefore, migrating to an Aurora MySQL global database and using Route 53 latency-based routing provides low-latency reads, high availability, and business continuity with minimal operational overhead.

[References:AWS documentation on Amazon Aurora global databases for multi-Region, low-latency read scaling and disaster recovery.AWS documentation on Amazon Route 53 latency-based routing for directing users to the lowest-latency endpoints across Regions., , , ]

Question # 144

A company stores a static website on Amazon S3. AWS Lambda functions retrieve content from an S3 bucket and serve the content as a website. An Application Load Balancer (ALB) directs incoming traffic to the Lambda functions. An Amazon CloudFront distribution routes requests to the ALB.

The company has set up an AWS Certificate Manager (ACM) certificate on the HTTPS listener of the ALB. The company needs all users to communicate with the website through HTTPS. HTTP users must not receive an error.

Which combination of steps will meet these requirements? (Select THREE.)

Configure the ALB with a TCP listener on port 443 for passthrough to backend systems.

Create an S3 bucket policy that denies access to the S3 bucket if the aws:SecureTransport request is false.

Configure HTTP to HTTPS redirection on the S3 bucket.

Set the origin protocol policy to HTTPS Only for CloudFront.

Set the viewer protocol policy to HTTPS Only for CloudFront.

Set the viewer protocol policy to Redirect HTTP to HTTPS for CloudFront.

Question # 145

A retail company wants to improve its application architecture. The company ' s applications register new orders, handle returns of merchandise, and provide analytics. The applications store retail data in a MySQL database and an Oracle OLAP analytics database. All the applications and databases are hosted on Amazon EC2 instances.

Each application consists of several components that handle different parts of the order process. These components use incoming data from different sources. A separate ETL job runs every week and copies data from each application to the analytics database.

A solutions architect must redesign the architecture into an event-driven solution that uses serverless services. The solution must provide updated analytics in near real time.

Which solution will meet these requirements?

Migrate the individual applications as microservices to Amazon ECS containers that use AWS Fargate. Keep the retail MySQL database on Amazon EC2. Move the analytics database to Amazon Neptune. Use Amazon SQS to send all the incoming data to the microservices and the analytics database.

Create an Auto Scaling group for each application. Specify the necessary number of EC2 instances in each Auto Scaling group. Migrate the retail MySQL database and the analytics database to Amazon Aurora MySQL. Use Amazon SNS to send all the incoming data to the correct EC2 instances and the analytics database.

Migrate the individual applications as microservices to Amazon EKS containers that use AWS Fargate. Migrate the retail MySQL database to Amazon Aurora Serverless MySQL. Migrate the analytics database to Amazon Redshift Serverless. Use Amazon EventBridge to send all the incoming data to the microservices and the analytics database.

Migrate the individual applications as microservices to Amazon AppStream 2.0. Migrate the retail MySQL database to Amazon Aurora MySQL. Migrate the analytics database to Amazon Redshift Serverless. Use AWS IoT Core to send all the incoming data to the microservices and the analytics database.

Answer:

Explanation:

The requirements call for an event-driven redesign that uses serverless services and provides near real-time analytics updates. The current architecture relies on weekly ETL jobs, which is incompatible with near real-time analytics.

A serverless, event-driven architecture on AWS typically uses a managed event bus for decoupling producers and consumers and enabling routing/filtering to multiple targets. The analytics requirement suggests that events (orders, returns, updates) should be streamed to an analytics store continuously rather than copied on a weekly schedule.

Option C aligns with these goals. It modernizes the application components into microservices on a serverless compute substrate (AWS Fargate) and modernizes the databases to managed serverless offerings where possible. Aurora Serverless for MySQL provides an on-demand relational database option that reduces operational overhead for the transactional store. Redshift Serverless provides a managed data warehousing service suitable for analytics without provisioning clusters. Using Amazon EventBridge provides a serverless event routing layer that can deliver events from multiple sources to multiple targets, which supports near real-time propagation of business events from the applications into analytics ingestion and processing.

Option A is not fully aligned: it retains the transactional MySQL database on EC2 (not serverless/managed for the database layer) and moves analytics to Amazon Neptune, which is a graph database, not the typical replacement for an OLAP analytics database. SQS is a queue suited for point-to-point message processing, not a flexible event bus for fan-out to multiple analytics consumers and routing based on event patterns.

Option B is not serverless because it uses EC2 Auto Scaling groups for application compute. Although SNS can distribute messages, this option keeps compute server-based and does not directly provide a near real-time analytics warehouse pattern; it also uses Aurora MySQL for analytics, which is not a typical OLAP warehouse replacement compared to Redshift.

Option D is not appropriate: Amazon AppStream 2.0 is a service for streaming desktop applications to users, not for hosting microservices. AWS IoT Core is optimized for IoT device messaging and telemetry and is not the standard integration backbone for business application event routing across microservices and analytics.

Therefore, option C best satisfies the requirement for an event-driven, serverless architecture with near real-time analytics.

[References:AWS documentation on event-driven architectures using Amazon EventBridge for routing events from producers to multiple consumers with filtering rules.AWS documentation on Amazon Aurora Serverless for managed, on-demand relational database capacity with reduced operational management.AWS documentation on Amazon Redshift Serverless as a managed analytics warehouse that supports near real-time ingestion and querying without provisioning clusters., , , , ]

Question # 146

A company deploys an AI agent on Amazon Bedrock AgentCore Runtime. The agent processes customer requests. Some agent actions are classified as high risk and must receive human approval before proceeding. The workflow must pause the agent, notify a human approver, and resume or cancel the action based on the approver ' s decision. Approvals typically take between 5 minutes and 60 minutes.

Which solution will meet these requirements?

Configure the agent to write high-risk action requests to an Amazon SQS queue. Create a separate polling application that reads the queue and sends approval email messages by using Amazon SES. Configure the application to invoke the agent by providing the approval result.

Configure an AWS Step Functions workflow that invokes the agent. Use a task token callback pattern to pause the workflow when the agent identifies a high-risk action. Send the task token to an approver by using Amazon SNS. Resume or cancel the workflow when the approver responds with the task token.

Configure the agent to invoke an AWS Lambda function for high-risk actions. Configure the Lambda function to send an approval email message by using Amazon SNS. Configure the Lambda function to poll an Amazon DynamoDB table until the approver updates the approval status.

Configure an Amazon EventBridge rule that intercepts all agent actions. Route high-risk actions to a separate approval queue. Create a second agent that monitors the queue and automatically approves or rejects actions without human input based on predefined rules.

Question # 147

A company has an organization in AWS Organizations that includes a separate AWS account for each of the company ' s departments. Application teams from different

departments develop and deploy solutions independently.

The company wants to reduce compute costs and manage costs appropriately across departments. The company also wants to improve visibility into billing for individual departments. The company does not want to lose operational flexibility when the company selects compute resources.

Which solution will meet these requirements?

Use AWS Budgets for each department. Use Tag Editor to apply tags to appropriate resources. Purchase EC2 Instance Savings Plans.

Configure AWS Organizations to use consolidated billing. Implement a tagging strategy that identifies departments. Use SCPs to apply tags to appropriateresources. Purchase EC2 Instance Savings Plans.

Configure AWS Organizations to use consolidated billing. Implement a tagging strategy that identifies departments. Use Tag Editor to apply tags to appropriate resources. Purchase Compute Savings Plans.

Use AWS Budgets for each department. Use SCPs to apply tags to appropriate resources. Purchase Compute Savings Plans.

Question # 148

A company plans to migrate a legacy on-premises application to AWS. The application is a Java web application that runs on Apache Tomcat with a PostgreSQL database.

The company does not have access to the source code but can deploy the application Java Archive (JAR) files. The application has increased traffic at the end of each month.

Which solution will meet these requirements with the LEAST operational overhead?

Launch Amazon EC2 instances in multiple Availability Zones. Deploy Tomcat and PostgreSQL to all the instances by using Amazon EFS mount points. Use AWS Step Functions to deploy additional EC2 instances to scale for increased traffic.

Provision Amazon EKS in an Auto Scaling group across multiple AWS Regions. Deploy Tomcat and PostgreSQL in the container images. Use a Network Load Balancer to scale for increased traffic.

Refactor the Java application into Python-based containers. Use AWS Lambda functions for the application logic. Store application data in Amazon DynamoDB global tables. Use AWS Storage Gateway and Lambda concurrency to scale for increased traffic.

Use AWS Elastic Beanstalk to deploy the Tomcat servers with auto scaling in multiple Availability Zones. Store application data in an Amazon RDS for PostgreSQL database. Deploy Amazon CloudFront and an Application Load Balancer to scale for increased traffic.

Question # 149

A delivery company needs to migrate its third-party route planning application to AWS. The third party supplies a supported Docker image from a public registry. The image can run in as many containers as required to generate the route map.

The company has divided the delivery area into sections with supply hubs so that delivery drivers travel the shortest distance possible from the hubs to the customers. To reduce the time necessary to generate route maps, each section uses its own set of Docker containers with a custom configuration that processes orders only in the section ' s area.

The company needs the ability to allocate resources cost-effectively based on the number of running containers.

Which solution will meet these requirements with the LEAST operational overhead?

Create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on Amazon EC2. Use the Amazon EKS CLI to launch the planning application in pods by using the -tags option to assign a custom tag to the pod.

Create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on AWS Fargate. Use the Amazon EKS CLI to launch the planning application. Use the AWS CLI tag-resource API call to assign a custom tag to the pod.

Create an Amazon Elastic Container Service (Amazon ECS) cluster on Amazon EC2. Use the AWS CLI with run-tasks set to true to launch the planning application by using the -tags option to assign a custom tag to the task.

Create an Amazon Elastic Container Service (Amazon ECS) cluster on AWS Fargate. Use the AWS CLI run-task command and set enableECSManagedTags to true to launch the planning application. Use the --tags option to assign a custom tag to the task.

Question # 150

A retail company is operating its ecommerce application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses an Amazon RDS DB instance as the database backend. Amazon CloudFront is configured with one origin that points to the ALB. Static content is cached. Amazon Route 53 is used to host all public zones.

After an update of the application, the ALB occasionally returns a 502 status code (Bad Gateway) error. The root cause is malformed HTTP headers that are returned to the ALB. The webpage returns successfully when a solutions architect reloads the webpage immediately after the error occurs.

While the company is working on the problem, the solutions architect needs to provide a custom error page instead of the standard ALB error page to visitors.

Which combination of steps will meet this requirement with the LEAST amount of operational overhead? (Choose two.)

Create an Amazon S3 bucket. Configure the S3 bucket to host a static webpage. Upload the custom error pages to Amazon S3.

Create an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Target.FailedHealthChecks is greater than 0. Configure the Lambda function to modify the forwarding rule at the ALB to point to a publicly accessible web server.

Modify the existing Amazon Route 53 records by adding health checks. Configure a fallback target if the health check fails. Modify DNS records to point to a publicly accessible webpage.

Create an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Elb.InternalError is greater than 0. Configure the Lambda function to modify the forwarding rule at the ALB to point to a public accessible web server.

Add a custom error response by configuring a CloudFront custom error page. Modify DNS records to point to a publicly accessible web page.