SAP-C02 Exam Details

  • Exam Code
    :SAP-C02
  • Exam Name
    :AWS Certified Solutions Architect - Professional (SAP-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :874 Q&As
  • Last Updated
    :Jul 12, 2026

Amazon SAP-C02 Online Questions & Answers

  • Question 91:

    A company is migrating a containerized Kubernetes app with manifest files to AWS.

    What is the easiest migration path?

    A. App Runner + open-source repo
    B. Amazon EKSwith managed node groups and Aurora
    C. ECS on EC2 + task definitions
    D. Rebuild Kubernetes cluster on EC2 manually

  • Question 92:

    A company has an organization in AWS Organizations that has a large number of AWS accounts. One of the AWS accounts is designated as a transit account and has a transit gateway that is shared with all of the other AWS accounts AWS Site-to-Site VPN connections are configured between ail of the company's global offices and the transit account.

    The company has AWS Config enabled on all of its accounts.

    The company's networking team needs to centrally manage a list of internal IP address ranges that belong to the global offices Developers Will reference this list to gain access to applications securely.

    Which solution meets these requirements with the LEAST amount of operational overhead?

    A. Create a JSON file that is hosted in Amazon S3 and that lists all of the internal IP address ranges Configure an Amazon Simple Notification Service (Amazon SNS) topic in each of the accounts that can be involved when the JSON file is updated. Subscribe an AWS Lambda function to the SNS topic to update all relevant security group rules with Vie updated IP address ranges.
    B. Create a new AWS Config managed rule that contains all of the internal IP address ranges Use the rule to check the security groups in each of the accounts to ensure compliance with the list of IP address ranges. Configure the rule to automatically remediate any noncompliant security group that is detected.
    C. In the transit account, create a VPC prefix list with all of the internal IP address ranges. Use AWS Resource Access Manager to share the prefix list with all of the other accounts. Use the shared prefix list to configure security group rules is the other accounts.
    D. In the transit account create a security group with all of the internal IP address ranges. Configure the security groups in me other accounts to reference the transit account's security group by using a nested security group reference of *<transit-account-id>./sg-1a2b3c4d".

  • Question 93:

    A company wants to send data from its on-premises systems to Amazon S3 buckets. The company created the S3 buckets in three different accounts. The company must send the data privately without the data traveling across the internet.

    The company has no existing dedicated connectivity to AWS

    Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

    A. Establish a networking account in the AWS Cloud Create a private VPC in the networking account Set up an AWS Direct Connect connection with a private VIF between the on-premises environment and the private VPC
    B. Establish a networking account in the AWS Cloud Create a private VPC in the networking account Set up an AWS Direct Connect connection with a public VIF between the on-premises environment and the private VPC
    C. Create an Amazon S3 interface endpoint in the networking account
    D. Create an Amazon S3 gateway endpoint in the networking account
    E. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account Peer VPCs from the accounts that host the S3 buckets with the VPC in the network account

  • Question 94:

    A company needs to optimize the cost of an AWS environment that contains multiple accounts in an organization in AWS Organizations. The company conducted cost optimization activities 3 years ago and purchased Amazon EC2 Standard Reserved Instances that recently expired.

    The company needs EC2 instances for 3 more years. Additionally, the company has deployed a new serverless workload.

    Which strategy will provide the company with the MOST cost savings?

    A. Purchase the same Reserved Instances for an additional 3-year term with All Upfront payment. Purchase a 3-year Compute Savings Plan with All Upfront payment in the management account to cover any additional compute costs.
    B. Purchase a I-year Compute Savings Plan with No Upfront payment in each member account. Use the Savings Plans recommendations in the AWS Cost Management console to choose the Compute Savings Plan.
    C. Purchase a 3-year EC2 Instance Savings Plan with No Upfront payment in the management account to cover EC2 costs in each AWS Region. Purchase a 3- year Compute Savings Plan with No Upfront payment in the management account to cover any additional compute costs.
    D. Purchase a 3-year EC2 Instance Savings Plan with All Upfront payment in each member account. Use the Savings Plans recommendations in the AWS Cost Management console to choose the EC2 Instance Savings Plan.

  • Question 95:

    A company has dozens of AWS accounts for different teams, applications, and environments. The company has defined a custom set of controls that all accounts must have. The company is concerned that potential misconfigurations in the accounts could lead to security issues or noncompliance. A solutions architect must design a solution that deploys the custom controls by using infrastructure as code (IaC) in a repeatable way.

    Which solution will meet these requirements with the LEAST operational overhead?

    A. Configure AWS Config rules in each account to evaluate the account settings against the custom controls. Define AWS Lambda functions in AWS CloudFormation templates. Program the Lambda functions to remediate noncompliant AWS Config rules. Deploy the CloudFormation templates as stack sets during account creation. Configure the stack sets to invoke the Lambda functions.
    B. Configure AWS Systems Manager associations to remediate configuration issues across accounts. Define the desired configuration state in an AWS CloudFormation template by using AWS::SSM::Association. Deploy the CloudFormation templates as stack sets to all accounts during account creation.
    C. Enable AWS Control Tower to set up and govern the multi-account environment. Use blueprints that enforce security best practices. Use Customizations for AWS Control Tower and CloudFormation templates to define the custom controls for each account. Use Amazon EventBridge to deploy Customizations for AWS Control Tower during account-provisioning lifecycle events.
    D. Enable AWS Security Hub in all the accounts to aggregate findings in a central administrator account. Develop AWS CloudFormation templates to create Amazon EventBridge rules, AWS Lambda functions, and CloudFormation stacks in each account to remediate Security Hub findings. Deploy the CloudFormation stacks during account provisioning to set up the automated remediation.

  • Question 96:

    A company needs a hybrid DNS architecture. The architecture must include the company's on-premises network and a VPC. An AWS Site-to-Site VPN connection connects the VPC to the on-premises network.

    The company already hosts the onprem.mydc.com domain name on premises. The company wants to host the myvpc.example.com domain name in the company's AWS account and resolve it to the VPC. The company also needs the on-premises devices to resolve DNS queries to the myvpc. example.com domain.

    Which combination of steps will meet these requirements? Select THREE.

    A. Create an Amazon Route 53 private hosted zone for the myvpc.example.com domain. Associate the domain with the VPC.
    B. Create an Amazon Route 53 public hosted zone for the myvpc.example.com domain. Associate the domain with the VPC.
    C. Use Amazon Route 53 Resolver to create an inbound endpoint in the AWS Region of the VPC.
    D. Use Amazon Route 53 Resolver to create an outbound endpoint in the AWS Region of the VPC.
    E. Use Amazon Route 53 Resolver to create a forwarding rule for the Route 53 private hosted zone domain and IP addresses of the outbound endpoint.
    F. Configure the on-premises DNS resolvers with a conditional forwarding rule for DNS queries for the Amazon Route 53 private hosted zone domain and IP addresses of the inbound endpoint.

  • Question 97:

    A company runs an application across three AWS accounts. The company uses an organization in AWS Organizations to manage the AWS accounts. One account hosts a development environment. The second account hosts a testing environment. The third account hosts a production environment. The application runs on Amazon ECS with the AWS Fargate launch type. The application stores data in an Amazon Aurora MySQL database. The company expects production environment traffic to be consistent and predictable for the next year. The production environment remains active throughout each week. However, the development environment and the testing environment shut down during weekends and 12 hours each weekday. The company wants to optimize costs for the application.

    Which solution will meet this requirement?

    A. In the organization management account, purchase Reserved Instances for a 1-year term for the databases. Purchase a 1-year EC2 Instance Savings Plan that will meet the compute usage demand.
    B. In the organization management account, purchase Reserved Instances for a 1-year term for the production environment database. Purchase a 1-year Compute Savings Plan that will meet the compute usage demand.
    C. In each account, purchase Reserved Instances for a 3-year term for the database. Purchase a 3-year Compute Savings Plan that will meet the compute usage demand.
    D. In the production account, purchase Reserved Instances for a 3-year term for the database. Purchase a 3-year EC2 Instance Savings Plan that will meet the compute usage demand.

  • Question 98:

    A company has several Amazon DynamoDB tables in an AWS Region. Each table has more than 100,000 records and was created with default table settings.

    To reduce costs, the company needs to identify unused tables. However, the company must maintain the availability and current performance capability of the tables in case the company must use the tables in the future.

    Which combination of steps will meet these requirements? (Select THREE.)

    A. In Amazon CloudWatch, graph the sum of the ReadThrottleEvents metric and the sum of the WriteThrottleEvents metric for each table over a period of 1 month.
    B. In Amazon CloudWatch, graph the sum of the ConsumedReadCapacityUnits metric and the sum of the ConsumedWriteCapacityUnits metric for each table over a period of 1 month.
    C. Change the provisioned RCUs to 1 for the unused tables. Change the provisioned WCUs to 1 for the unused tables.
    D. Change the capacity mode of the unused tables to on-demand mode.
    E. Change the table class of the unused tables to DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA).
    F. Purchase a reserved capacity of 1 RCU and 1 WCU for each unused table.

  • Question 99:

    A company runs a software-as-a-service (SaaS ) application on AWS. The application comets of AWS Lambda function and an Amazon RDS for MySQL Multi-AZ database During market events the application has a much higher workload than normal Users notice slow response times during the peak periods because of many database connections. The company needs to improve the scalable performance and availability of the database.

    Which solution meets these requirements?

    A. Create an Amazon CloudWatch alarm action that triggers a Lambda function to add an Amazon RDS for MySQL read replica when resource utilization hits a threshold.
    B. Migrate the database to Amazon Aurora and add a read replica Add a database connection pool outside of the Lambda hardier function.
    C. Migrate the database to Amazon Aurora and add a read replica. Use Amazon Route 53 weighted records
    D. Migrate the database to Amazon Aurora and add an Aurora Replica. Configure Amazon RDS Proxy to manage database connection pools.

  • Question 100:

    A company that develops consumer electronics with offices in Europe and Asia has 60 TB of software images stored on premises in Europe. The company wants to transfer the images to an Amazon S3 bucket in the ap-northeast-1 Region. New software images are created daily and must be encrypted in transit. The company needs a solution that does not require custom development to automatically transfer all existing and new software images to Amazon S3.

    What is the next step in the transfer process?

    A. Deploy an AWS DataSync agent and configure a task to transfer the images to the S3 bucket.
    B. Configure Amazon Kinesis Data Firehose to transfer the images using S3 Transfer Acceleration.
    C. Use an AWS Snowball device to transfer the images with the S3 bucket as the target.
    D. Transfer the images over a Site-to-Site VPN connection using the S3 API with multipart upload.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAP-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.