1. Home
  2. Amazon
  3. SAA-C02

Amazon SAA-C02 Online Practice Questions and Exam Preparation

SAA-C02 Exam Details

  • Exam Code
    :SAA-C02
  • Exam Name
    :AWS Certified Solutions Architect - Associate (SAA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :1080 Q&As
  • Last Updated
    :Jun 04, 2025

Amazon SAA-C02 Online Questions & Answers

  • Question 681:

    A company is using AWS Key Management Service (AWS KMS) customer master keys (CMKs) to encrypt AWS Lambda environment variables A solutions architect needs to ensure that the required permissions are in place to decrypt and use the environment variables

    Which steps must the solutions architect take to implement the correct permissions? (Select TWO )

    A. Add AWS KMS permissions in the Lambda resource policy
    B. Add AWS KMS permissions in the Lambda execution role
    C. Add AWS KMS permissions in the Lambda function policy.
    D. Allow the Lambda execution role in the AWS KMS key policy
    E. Allow the Lambda resource policy in the AWS KMS key policy

  • Question 682:

    A company needs to store data for 6 years. The company will need to have immediate and highly available access to the data at any point in time, but will not require frequent access What lifecycle action should be taken to meet these requirements while reducing costs?

    A. Transition objects from Amazon S3 Standard to Amazon S3 Standard Infrequent Access (S3 Standard IA)
    B. Transition objects to expire after 5 years
    C. Transition objects from Amazon S3 Standard to Amazon S3 One Zone-Infrequent Access (S3 One Zone IA)
    D. Transition objects from Amazon S3 Standard to the Amazon S3 Glacier

  • Question 683:

    A large international university has deployed all of its compute services in the AWS Cloud. These services include Amazon EC2. Amazon RDS. and Amazon DynamoDB. The university currently relies on many custom scripts to back up its infrastructure. However, the university wants to centralize management and automate data backups as much as possible by using AWS native options.

    Which solution will meet these requirements?

    A. Use third-party backup software with an AWS Storage Gateway tape gateway virtual tape library.
    B. Use AWS Backup to configure and monitor all backups for the services in use.
    C. Use AWS Config to set lifecycle management to take snapshots of all data sources on a schedule.
    D. Use AWS Systems Manager State Manager to manage the configuration and monitoring of backup tasks.

  • Question 684:

    A company is building an online multiplayer game. The game communicates by using UDP, and low latency between the client and the backend is important. The backend is hosted on Amazon EC2 instances that can be deployed to multiple AWS Regions to meet demand. The company needs the game to be highly available so that users around the world can access the game at all times.

    What should a solutions architect do to meet these requirements?

    A. Deploy Amazon CloudFront to support the global traffic. Configure CloudFront with an origin group to allow access to EC2 instances in multiple Regions.
    B. Deploy an Application Load Balancer in one Region to distribute traffic to EC2 instances in each Region that hosts the game's backend instances.
    C. Deploy Amazon CloudFront to support an origin access identity (OAI). Associate the OAI with EC2 instances in each Region to support global traffic.
    D. Deploy a Network Load Balancer in each Region to distribute the traffic. Use AWS Global Accelerator to route traffic to the correct Regional endpoint.

  • Question 685:

    An Amazon EC2 instance is located in a private subnet in a new VPC. This subnet does not have outbound internet access, but the EC2 instance needs the ability to download monthly security updates from an outside vendor. What should a solutions architect do to meet these requirements?

    A. Create an internet gateway, and attach it to the VPC. Configure the private subnet route table to use the internet gateway as the default route.
    B. Create a NAT gateway, and place it in a public subnet. Configure the private subnet route table to use the NAT gateway as the default route.
    C. Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the NAT instance as the default route.
    D. Create an internet gateway, and attach it to the VPC. Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the internet gateway as the default route.

  • Question 686:

    A company's ecommerce website has unpredictable traffic and uses AWS Lambda functions to directly access a private Amazon RDS for PostgreSQL DB instance. The company wants to maintain predictable database performance and ensure that the Lambda invocations do not overload the database with too many connections.

    What should a solutions architect do to meet these requirements?

    A. Point the client driver at an RDS custom endpoint Deploy the Lambda functions inside a VPC
    B. Point the client driver at an RDS proxy endpoint Deploy the Lambda functions inside a VPC
    C. Point the client driver at an RDS custom endpoint Deploy the Lambda functions outside a VPC
    D. Point the client driver at an RDS proxy endpoint Deploy the Lambda functions outside a VPC

  • Question 687:

    A company is planning to migrate a TCP-based application into the company's VPC The application is publicly accessible on a nonstandard TCP port through a hardware appliance in the company's data centre. This public endpoint can process up to 3 million requests per second with low latency. The company requires the same level of performance for the new public endpoint in AWS.

    What should a solutions architect recommend to meet this requirement?

    A. Deploy a Network Load Balancer (NLB). Configure the NLB to be publicly accessible over the TCP port that the application requires.
    B. Deploy an Application Load Balancer (ALB). Configure the ALB to be publicly accessible over the TCP port that the application requires
    C. Deploy an Amazon CloudFront distribution that listens on the TCP port that the application requires Use an Application Load Balancer as the origin.
    D. Deploy an Amazon API Gateway API that is configured with the TCP port that the application requires. Configure AWS Lambda functions with provisioned concurrency to process the requests.

  • Question 688:

    A company has more than 5 TB of file data on Windows file servers that run on premises Users and applications interact with the data each day The company is moving its Windows workloads to AWS. As the company continues this process, the company requires access to AWS and on-premises file storage with minimum latency The company needs a solution that minimizes operational overhead and requires no significant changes to the existing file access patterns. The company uses an AWS Site-to-Site VPN connection for connectivity to AWS.

    What should a solutions architect do to meet these requirements?

    A. Deploy and configure Amazon FSx for Windows File Server on AWS. Move the on- premises file data to FSx for Windows File Server. Reconfigure the workloads to use FSx for Windows File Server on AWS.
    B. Deploy and configure an Amazon S3 File Gateway on premises Move the on-premises file data to the S3 File Gateway Reconfigure the on-premises workloads and the cloud workloads to use the S3 File Gateway
    C. Deploy and configure an Amazon S3 File Gateway on premises Move the on-premises file data to Amazon S3 Reconfigure the workloads to use either Amazon S3 directly or the S3 File Gateway, depending on each workload's location
    D. Deploy and configure Amazon FSx for Windows File Server on AWS Deploy and configure an Amazon FSx File Gateway on premises Move the on-premises file data to the FSx File Gateway Configure the cloud workloads to use FSx for Windows File Server on AWS Configure the on-premises workloads to use the FSx File Gateway

  • Question 689:

    A company Is reviewing Its AWS Cloud deployment to ensure its data is not accessed by anyone without appropriate authorization. A solutions architect is tasked with identifying all open Amazon S3 buckets and recording any S3 bucket configuration changes.

    What should the solutions architect do to accomplish this?

    A. Enable AWS Config service with the appropriate rules
    B. Enable AWS Trusted Advisor with the appropriate checks.
    C. Write a script using an AWS SDK to generate a bucket report
    D. Enable Amazon S3 server access logging and configure Amazon CloudWatch Events.

  • Question 690:

    A media streaming company collects real-time data and stores it in a disk-optimized database system The company is not getting the expected throughput and wants an in-memory database storage solution that performs faster and provides high availability using data replication. Which database should a solutions architect recommend'?

    A. Amazon RDS for MySQL
    B. Amazon RDS for PostgreSQL
    C. Amazon ElastiCache for Redis
    D. Amazon ElastiCache for Memcached

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.