1. Home
  2. Amazon
  3. SAA-C02

AWS Certified Solutions Architect - Associate (SAA-C02)

Exam Details

  • Exam Code
    :SAA-C02
  • Exam Name
    :AWS Certified Solutions Architect - Associate (SAA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :1080 Q&As
  • Last Updated
    :Jun 04, 2025

Amazon Amazon Certifications SAA-C02 Questions & Answers

  • Question 501:

    An ecommerce application places orders in an Amazon Simple Queue Service (Amazon SQS) queue When a message is received, the Amazon EC2 worker instances process the request The EC2 instancesare in an Auto Scaling group 236 How should the architecture be designed to scale the auto scaling group with the LEAST amount of operational overhead?

    A. Use an Amazon CloudWatch alarm on the EC2 CPU to scale the Auto Scaling group up and down

    B. Use an Amazon EC2 Auto Scaling health check for messages processed on the EC2 instances to scale up or down.

    C. Use an Amazon CloudWatch alarm based on the number of messages in the queue to scale the Auto Scaling group up or down

    D. Use an Amazon CloudWatch alarm based on the CPU to scale the Auto Scaling group up or down

  • Question 502:

    A company is planning to make a series of schema changes to tables on its Amazon Aurora DB cluster A solutions architect needs to test the changes in the most cost-effective manner possible. What should the solutions architect do to meet these requirements?

    A. Create a clone of the current Aurora DB cluster. Perform the schema changes on the clone. Once the changes are tested and performance is acceptable, apply the same changes on the original cluster. Delete the clone.

    B. Create an Amazon RDS for MySQL replica. Perform the schema changes on the replica. Once the changes are tested and performance ius acceptable, apply the same changes on the replica. Once the changes are tested and performance is acceptable, apply the same changes on the primary DB instance. Delete the replica.

    C. Create an additional Aurora Replica Perform the schema changes on the Aurora Replica. Once the changes are tested and performance is acceptable, apply the same changes on the primary DB instance. Delete the Aurora Replica.

    D. Take a snapshot of the current Aurora DB cluster. Restore the snapshot of the cluster to a new cluster. Perform the schema changes on the restored cluster. Once the changes are tested and performance is acceptable, apply the same changes on the origin cluster. Delete the restored cluster.

  • Question 503:

    company's human resources (HR) department saves its sensitive documents in an Amazon S3 bucket named conf>dential_bucket An 1AM policy grants permission for ail S3 actions to a group of which each HR employee is a member A

    solutions architect needs to make the objects secure and raccessible outside the company's AWS account and on-premises IP CIDR range The solutions architect adds the following S3 bucket policy ( "Version": "2008-10-17", "Statement": [

    { "Effect": "Deny", "Principal": { "AWS": -"Action": "s3:"", "Resource": "arn:aws:s3:::confidential_bucket/*", "Condition": {

    "StringNotLike": {

    "aws:sourceVpce": "vpce-C12345789" }, "NotlpAddress": { "aws:SourceIp": [

    "10.100.0.0/24", "172.31.0.0/24"

    J } }

    } J }

    What is the effect of the added bucket policy?

    A. Option A

    B. Option B

    C. Option C

    D. Option D

  • Question 504:

    A company has hired a solutions architect to design a reliable architecture for its application The application consists of one Amazon RDS DB instance and two manually provisioned Amazon EC2 instances that run web servers The EC2 instances are located in a single Availability Zone An employee recently deleted the DB instance and the application was unavailable for 24 hours as a result The company is concerned with the overall reliability of its environment

    What should the solutions architect do to maximize reliability of the application's infrastructure?

    A. Delete one EC2 instance and enable termination protection on the other EC2 instance Update the DB instance to be Muto-AZ and enable deletion protection

    B. Update the DB instance to be Multiple-AZ and enable deletion protection Place the EC2 instances behind an Application Load Balancer and run them m an EC2 Auto Seating group across multiple Availability Zones

    C. Create an additional DB instance along with an Amazon API Gateway and an AWS Lambda function Configure the application to invoke the Lambda function through API Gateway Have the Lambda function write the data to the two DB instances

    D. Place the EC2 instances in an EC2 Auto Scaling group that has multiple subnets located in multiple Availability Zones Use Spot Instances instead of On-Demand instances Set up Amazon CloudWatch alarms to monitor the health of the instances Update the DB instance to be Multi-AZ and enable deletion protection

  • Question 505:

    A restaurant reservation application needs to access a waiting list. When a customer tries to reserve atable, and none are available, the customer application will put the user on the waiting list, and theapplication will notify the customer when a table becomes free. The waiting list must preserve the order in which customers were added to the waiting list. Which service should the solutions architect recommend to store this waiting list?

    A. Amazon Simple Notification Service (Amazon SNS)

    B. AWS Step Functions invoking AWS Lambda functions

    C. A FIFO queue in Amazon Simple Queue Service (Amazon SQS)

    D. A standard queue in Amazon Simple Queue Service (Amazon SQS)

  • Question 506:

    A solutions architect is designing an architecture that includes web application and database tiers The web tier must be capable of auto scaling. The solutions architect has decided to separate each tier into itsown subnets. The design includes two public subnets and four private subnets. The security team requires that tiers be able to communicate with each other only when there is a business need and that all other network traffic be blocked What should the solutions architect do to meet these requirements?

    A. Create an Amazon GuardDuty source'destmation rule set to control communication

    B. Create one security group for all tiers to limit traffic to only the required source and destinations

    C. Create specific security groups for each tier to limit traffic to only the required source and destinations

    D. Create network ACLs in all six subnets to limit traffic to the sources and destinations required for the application to function

  • Question 507:

    A company fails an AWS security review conducted by a third party. The review finds that some of the company's methods to access the Amazon EMR API are not secure Developers are using AWS Cloud9, and access keys are connecting to the Amazon EMR API through the public internet Which combination of steps should the company take to MOST improve its security'' (Select TWO)

    A. Set up a VPC peering connection to the Amazon EMR API

    B. Set up VPC endpoints to connect to the Amazon EMR API

    C. Set up a NAT gateway to connect to the Amazon EMR API.

    D. Set up 1AM roles to be used to connect to the Amazon EMR API

    E. Set up each developer with AWS Secrets Manager to store access keys

  • Question 508:

    A company is rolling out a new web service, but is unsure how many customers the service will attract However, the company is unwilling to accept any downtime. What could a solutions architect recommend to the company to keep.\

    A. Amazon EC2

    B. Amazon RDS

    C. AWS CtoudTrail

    D. Amazon DynamoDB

  • Question 509:

    An application launched on Amazon EC2 instances needs to publish personally identifiable information (PH) about customers using Amazon Simple Notification Service (Amazon SNS) The application is launched in private subnets within an Amazon VPC. What is the MOST secure way to allow the application to access service endpoints in the same AWS Region?

    A. Use an internet gateway

    B. Use AWS PrivateLink

    C. Use a NAT gateway.

    D. Use a proxy instance

  • Question 510:

    A company wants to launch a new application using Amazon Route 53, an Application Load Balancer (ALB), and an Amazon EC2 Auto Scaling group. The company is preparing to perform user experience testing and has a limited budget for

    this phase of the project. Although the company plans to do a load test in the future, it wants to prevent users from load testing at this time because it wants to limit unnecessary EC2 automatic scaling.

    What should a solutions architect do to minimize costs of the user experience testing?

    A. Configure AWS Shield's client request threshold to 100 connections per client.

    B. Deploy AWS WAF on the ALB with a rate-based rule configured to limit the number of requests each client can make.

    C. Configure the ALB with an advanced request routing policy to throttle the client connections being sent to the Auto Scaling group.

    D. Deploy Amazon Simple Queue Service (Amazon SQS) between the ALB and Auto Scaling group to queue client requests and change the Auto Scaling group maximum size to one.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.