Exam Details

  • Exam Code
    :SAA-C02
  • Exam Name
    :AWS Certified Solutions Architect - Associate (SAA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :1080 Q&As
  • Last Updated
    :Jun 04, 2025

Amazon Amazon Certifications SAA-C02 Questions & Answers

  • Question 651:

    A company recently migrated its entire IT environment to the AWS Cloud. The company discovers that users are provisioning oversized Amazon EC2 instances and modifying security group rules without using the appropriate change control process A solutions architect must devise a strategy to track and audit these inventory and configuration changes.

    Which actions should the solutions architect take to meet these requirements? (Select TWO )

    A. Enable AWS CloudTrail and use it for auditing

    B. Use data lifecycie policies for the Amazon EC2 instances

    C. Enable AWS Trusted Advisor and reference the security dashboard

    D. Enable AWS Config and create rules for auditing and compliance purposes

    E. Restore previous resource configurations with an AWS CloudFormation template

  • Question 652:

    A company runs batch processes on Amazon EC2 instances that are needed only during business hours These processes must preserve the data at alt times but the speed of processing is not important The company needs to run these processes in the MOST cost- effective manner

    Which solution will meet these requirements?

    A. Use EC2 Reserved Instances with the All Upfront payment option

    B. Use EC2 Reserved instances with the Partial Upfront payment option

    C. Use Spot Fleet requests with the allocation strategy set to lowestPnce

    D. Use persistent Spot Instance requests with behaviour that stops interrupted instances

  • Question 653:

    A company wants to implement a disaster recovery plan for its primary on-premises file storage volume. The file storage volume is mounted from an Internet Small Computer Systems Interface (iSCSI) device on a local storage server. The file

    storage volume holds hundreds of terabytes (TB) of data.

    The company wants to ensure that end users retain immediate access to all file types from the on-premises systems without experiencing latency.

    Which solution will meet these requirements with the LEAST amount of change to the company's existing infrastructure?

    A. Provision an Amazon S3 File Gateway as a virtual machine (VM) that is hosted on premises. Set the local cache to 10 TB. Modify existing applications to access the files through the NFS protocol. To recover from a disaster, provision an Amazon EC2 instance and mount the S3 bucket that contains the files.

    B. Provision an AWS Storage Gateway tape gateway. Use a data backup solution to back up all existing data to a virtual tape library. Configure the data backup solution to run nightly after the initial backup is complete. To recover from a disaster, provision an Amazon EC2 instance and restore the data to an Amazon Elastic Block Store (Amazon EBS) volume from the volumes in the virtual tape library.

    C. Provision an AWS Storage Gateway Volume Gateway cached volume. Set the local cache to 10 TB. Mount the Volume Gateway cached volume to the existing file server by using iSCSI. and copy all files to the storage volume. Configure scheduled snapshots of the storage volume. To recover from a disaster, restore a snapshot to an Amazon Elastic Block Store (Amazon EBS) volume and attach the EBS volume to an Amazon EC2 instance.

    D. Provision an AWS Storage Gateway Volume Gateway stored volume with the same amount of disk space as the existing file storage volume. Mount the Volume Gateway stored volume to the existing file server by using iSCSI, and copy all files to the storage volume. Configure scheduled snapshots of the storage volume. To recover from a disaster, restore a snapshot to an Amazon Elastic Block Store (Amazon EBS) volume and attach the EBS volume to an Amazon EC2 instance.

  • Question 654:

    A company is developing an API that mobile apps will use to retneve weather information During beta testing the company ran the API on Amazon EC2 instances and used an Application Load Balancer (ALB) to route requests to a single Auto Scaling group The company used an Amazon DynamoDB table for persistent data storage The company wants to move to an architecture that can scale easily with the least possible operational overhead What should a solutions architect do to meet these requirements?

    A. Use separate Auto Scaling groups for each API request type Change the ALB to route requests to the appropriate Auto Scaling group

    B. Implement an Amazon API Gateway API to replace the ALB Configure each API request method with an AWS Lambda function to process the request

    C. Migrate the API to containers Use an Amazon Elastic Container Service (Amazon ECS) cluster that has services for each API request Configure each service with its own Auto Scaling group

    D. Configure the API to publish to an Amazon Simple Notification Service (Amazon SNS) topic for each API request method Subscribe an Amazon Simple Queue Service (Amazon SQS) queue to the SNS topic Subscribe an AWS Lambda function to the SQS queue to process a request

  • Question 655:

    A company hosts a web application on multiple Amazon EC2 instances The EC2 instances are in an Auto Scaling group that scales in response to user demand The company wants to optimize cost savings without making a long-term commitment

    Which EC2 instance purchasing option should a solutions architect recommend to meet these requirements'?

    A. Dedicated Instances only

    B. On-Demand Instances only

    C. A mix of On-Demand instances and Spot Instances

    D. A mix of On-Demand instances and Reserved instances

  • Question 656:

    A company has hundreds of Amazon EC2 Linux-based instances in the AWS Cloud. Systems administrators have used shared SSH keys to manage the instances After a recent audit, the company's security team is mandating the removal of all shared keys. A solutions architect must design a solution that provides secure access to the EC2 instances.

    Which solution will meet this requirement with the LEAST amount of administrative overhead?

    A. Use AWS Systems Manager Session Manager to connect to the EC2 instances.

    B. Use AWS Security Token Service (AWS STS) to generate one-time SSH keys on demand.

    C. Allow shared SSH access to a set of bastion instances. Configure all other instances to allow only SSH access from the bastion instances

    D. Use an Amazon Cognito custom authorizer to authenticate users. Invoke an AWS Lambda function to generate a temporary SSH key.

  • Question 657:

    A company wants to deploy a new public web application on AWS The application includes a web server tier that uses Amazon EC2 instances The application also includes a database tier that uses an Amazon RDS for MySQL DB instance The application must be secure and accessible for global customers that have dynamic IP addresses How should a solutions architect configure the security groups to meet these requirements'?

    A. Configure the security group tor the web servers lo allow inbound traffic on port 443 from 0.0.0. 0/0) Configure the security group for the DB instance to allow inbound traffic on port 3306 from the security group of the web servers

    B. Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers Configure the security group for the DB instance lo allow inbound traffic on port 3306 from the security group of the web servers

    C. Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers Configure the security group for the DB instance to allow inbound traffic on port 3306 from the IP addresses of the customers

    D. Configure the security group for the web servers to allow inbound traffic on port 443 from 0.0.0.0.0 Configure the security group for the DB instance to allow inbound traffic on port 3306 from 0.0.0.0/0)

  • Question 658:

    A company has migrated a fleet of hundreds of on-premises virtual machines (VMs) to Amazon EC2 instances. The instances run a diverse fleet of Windows Server versions along with several Linux distributions. The company wants a solution that will automate inventory and updates of the operating systems. The company also needs a summary of common vulnerabilities of each instance for regular monthly reviews.

    What should a solutions architect recommend to meet these requirements?

    A. Set upAWS Systems Manager Patch Manager to manage all the EC2 instances. Configure AWS Security Hub to produce monthly reports.

    B. Set up AWS Systems Manager Patch Manager to manage all the EC2 instances. Deploy Amazon Inspector, and configure monthly reports.

    C. Set up AWS Shield Advanced, and configure monthly reports. Deploy AWS Config to automate patch installations on the EC2 instances.

    D. Set up Amazon GuardDuty in the account to monitor all EC2 instances. Deploy AWS Config to automate patch installations on the EC2 instances.

  • Question 659:

    A company is planning to store data on Amazon RDS DB instances. The company must encrypt the data at rest

    What should a solutions architect do to meet this requirement?

    A. Create an encryption key and store the key in AWS Secrets Manager Use the key to encrypt the DB instances

    B. Generate a certificate in AWS Certificate Manager (ACM). Enable SSL/TLS on the DB instances by using the certificate

    C. Create a customer master key (CMK) in AWS Key Management Service (AWS KMS) Enable encryption for the DB instances

    D. Generate a certificate in AWS Identity and Access Management {IAM) Enable SSUTLS on the DB instances by using the certificate

  • Question 660:

    A company hosts a three-tier ecommerce application on a fleet of Amazon EC2 instances. The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) All ecommerce data is stored in an Amazon RDS for ManaDB Multi-AZ DB instance The company wants to optimize customer session management during transactions The application must store session data durably Which solutions will meet these requirements? (Select TWO )

    A. Turn on the sticky sessions feature (session affinity) on the ALB

    B. Use an Amazon DynamoOB table to store customer session information

    C. Deploy an Amazon Cognito user pool to manage user session information

    D. Deploy an Amazon ElastiCache for Redis cluster to store customer session information

    E. Use AWS Systems Manager Application Manager in the application to manage user session information

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.