1. Home
  2. Amazon
  3. SAA-C02

Amazon SAA-C02 Online Practice Questions and Exam Preparation

SAA-C02 Exam Details

  • Exam Code
    :SAA-C02
  • Exam Name
    :AWS Certified Solutions Architect - Associate (SAA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :1080 Q&As
  • Last Updated
    :Jun 04, 2025

Amazon SAA-C02 Online Questions & Answers

  • Question 471:

    A company serves content to its subscribers across the world using an application running on AWS The application has several Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB) Due to a recent change in copyright restrictions the chief information officer (CIO) wants to block access for certain countries Which action will meet these requirements?

    A. Modify the ALB security group to deny incoming traffic from blocked countries.
    B. Modify the security group for EC2 instances to deny incoming traffic from blocked countries.
    C. Use Amazon CloudFront to serve the application and deny access to blocked countries.
    D. Use ALB listener rules to return access denied responses to incoming traffic from blocked countries.

  • Question 472:

    A company has a three-tier application image sharing. The application uses an Amazon EC2 instance for the front-end layer, another EC2 instance tor the application layer, and a third EC2 instance for a MySQL database A solutions architect must design a scalable and nighty available solution mat requires the least amount of change to the application.

    Which solution meets these requirement?

    A. Use Amazon S3 to host the front-end layer. Use AWS Lambda functions for the application layer. Move the database to an Amazon DynamoDB table Use Amazon S3 to store and service users' images.
    B. Use toad-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end layer and the application layer. Move the database to an Amazon RDS OB instance with multiple read replicas to serve users' images.
    C. Use Amazon S3 to host the front-end layer. Use a fleet of EC2 instances in an Auto Scaling group for the application layer. Move the database to a memory optimized instance type to store and serve users' images.
    D. Use toad-balanced Multi-AZ AWS Elastic Beanstark environments for tie front-end layer and the application layer. Move the database to an Amazon ROS Multi-AZ DB instance Use Amazon S3 to store and serve users' images.

  • Question 473:

    A company is building an application that consists of several microservices. The company has decided to use container technologies to deploy its software on AWS. The company needs a solution that minimizes the amount of ongoing effort for maintenance and scaling. The company cannot manage additional infrastructure

    Which combination of actions should a solutions architect

    take to meet these requirements? (Select TWO.)

    A. Deploy an Amazon Elastic Container Service (Amazon ECS) cluster.
    B. Deploy the Kubernetes control plane on Amazon EC2 instances that span multiple Availability Zones
    C. Deploy an Amazon Elastic Container Service (Amazon ECS) service with an Amazon EC2 launch type Specify a desired task number level of greater than or equal to 2
    D. Deploy an Amazon Elastic Container Service (Amazon ECS) service with a Fargate launch type Specify a desired task number level of greater than or equal to 2
    E. Deploy Kubernetes worker nodes on Amazon EC2 instances that span multiple Availability Zones Create a deployment that specifies two or more replicas for each microservice

  • Question 474:

    A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not traverse the internet What should the solutions architect do to accomplish this? (Select TWO )

    A. Create a route table entry for the endpoint
    B. Create a gateway endpoint for DynamoDB
    C. Create a new DynamoDB table that uses the endpoint
    D. Create an ENI for the endpoint in each of the subnets of the VPC
    E. Create a security group entry in the default security group to provide access

  • Question 475:

    A company wants to run a gaming application on Amazon EC2 instances that are part of an Auto Scaling group in the AWS Cloud. The application will transmit data by using UDP packets. The company wants to ensure that the application can scale out and in as traffic increases and decreases.

    What should a solutions architect do to meet these requirements?

    A. Attach a Network Load Balancer to the Auto Scaling group
    B. Attach an Application Load Balancer to the Auto Scaling group.
    C. Deploy an Amazon Route 53 record set with a weighted policy to route traffic appropriately
    D. Deploy a NAT instance that is configured with port forwarding to the EC2 instances in the Auto Scaling group.

  • Question 476:

    A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials tor its Amazon ROS tor MySQL databases across multiple AWS Regions Which solution will meet these requirements with the LEAST operational overhead?

    A. Store the credentials as secrets in AWS Secrets Manager Use multi-Region secret replication for the required Regions Configure Secrets Manager to rotate the secrets on a schedule
    B. Store the credentials as secrets in AWS Systems Manager by creating a secure string parameter Use multi-Region secret replication for the required Regions Configure Systems Manager to rotate the secrets on a schedule
    C. Store the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled Use Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function to rotate the credentials
    D. Encrypt the credentials as secrets by using AWS Key Management Service (AWS KMS) multi-Region customer managed keys Store the secrets in an Amazon DynamoDB global table Use an AWS Lambda function to retrieve the secrets from DynamoDB Use the RDS API to rotate the secrets.

  • Question 477:

    A company is migrating its application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster behind an Application Load Balancer (ALB). The disaster recovery (DR) requirements for the application include the ability to fail over to another AWS Region with minimal downtime.

    Which combination of actions should a solutions architect take to meet this requirement? (Select TWO.)

    A. Create a scaled-down clone environment in the DR Region. Use auto scaling policies with the EKS nodes.
    B. Create an Amazon Route 53 record that points to the ALB. Configure an active-passive failover routing policy on the record.
    C. Create an AWS Resource Access Manager policy that grants the application users access to the DR environment when the DR environment is needed.
    D. Create an AWS Lambda function that monitors the availability of the main environment and deploys the DR environment when the DR environment is needed.
    E. Create an AWS CIoudFormation template that deploys the stack. Deploy the same template in the DR Region when the main environment is unavailable.

  • Question 478:

    A disaster relief company is designing a new solution to analyze real-time csv data. The data is collected by a network of thousands of research stations met are distributed across the world. The data volume is consistent and constant, and the size of each data We is 512 KB. The company needs to stream the data and analyze the data in real time.

    Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.)

    A. Provision an appropriately sized Amazon Simple Queue Service (Amazon SQS) queue. Use the AWS SDK at the research stations to write the data into the SQS queue
    B. Provision an appropriately sized Amazon Kinesis Data Firehose delivery stream. Use the AWS SDK at the research stations to write the data into the delivery stream and then into an Amazon S3 bucket.
    C. Provision an appropriately sized Amazon Kinesis Data Analytics application. Use the AWS CLI to configure Kinesis Data Analytics with SOL queries
    D. Provision an AWS Lambda function to process the data. Set up the BatchSize property on the Lambda event source.
    E. Provision an AWS Lambda function to process the data. Set up an Amazon EventBridge (Amazon CloudWatch Events) cron expression rule to invoke the Lambda function

  • Question 479:

    A pharmaceutical company is developing a new drug. The volume of data that the company generates has grown exponentially over the past few months. The company's researchers regularly require a subset of the entire dataset to be immediately available with minimal lag. However, the entire dataset does not need to be accessed on a daily basis. All the data currently resides in on-premises storage arrays, and the company wants to reduce ongoing capital expenses.

    Which storage solution should a solutions architect recommend to meet these requirements?

    A. Run AWS DataSync as a scheduled cron job to migrate the data to an Amazon S3 bucket on an ongoing basis.
    B. Deploy an AWS Storage Gateway file gateway with an Amazon S3 bucket as the target storage. Migrate the data to the Storage Gateway appliance.
    C. Deploy an AWS Storage Gateway volume gateway with cached volumes with an Amazon S3 bucket as the target storage. Migrate the data to the Storage Gateway appliance.
    D. Configure an AWS Site-to-Site VPN connection from the on-premises environment to AWS. Migrate data to an Amazon Elastic File System (Amazon EFS) file system.

  • Question 480:

    A company's web application consists of multiple Amazon EC2 instances that run behind an Application Load Balancer in a VPC. An Amazon ROS for MySQL DB instance contains the data. The company needs the ability to automatically detect and respond to suspicious or unexpected behaviour in its AWS environment the company already has added AWS WAF to its architecture.

    What should a solutions architect do next lo protect against threats?

    A. Use Amazon GuardDuty to perform threat detection. Configure Amazon EventBridge (Amazon CloudWatch Events) to filler for GuardDuty findings and to invoke pin AWS Lambda function to adjust the AWS WAF rules
    B. Use AWS Firewall Manager to perform threat detection Configure Amazon EventBridge (Amazon CloudWatch Events) to filter for Firewall Manager findings and to invoke an AWS Lambda function to adjust the AWS WAF web ACL
    C. Use Amazon Inspector to perform three! detection and to update the AWS WAT rules Create a VPC network ACL to limit access to the web application
    D. Use Amazon Macie to perform throat detection and to update the AWS WAF rules Create a VPC network ACL to limit access to the web application

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.