1. Home
  2. Amazon
  3. SAP-C02

Amazon SAP-C02 Online Practice Questions and Exam Preparation

SAP-C02 Exam Details

  • Exam Code
    :SAP-C02
  • Exam Name
    :AWS Certified Solutions Architect - Professional (SAP-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :761 Q&As
  • Last Updated
    :May 25, 2026

Amazon SAP-C02 Online Questions & Answers

  • Question 181:

    A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect must implement a solution that the company can use to share a common network across multiple accounts.

    The company's infrastructure team has a dedicated infrastructure account that has a VPC. The infrastructure team must use this account to manage the network. Individual accounts cannot have the ability to manage their own networks. However, individual accounts must be able to create AWS resources within subnets.

    Which combination of actions should the solutions architect perform to meet these requirements? (Select TWO.)

    A. Create a transit gateway in the infrastructure account.
    B. Enable resource sharing from the AWS Organizations management account.
    C. Create VPCs in each AWS account within the organization in AWS Organizations. Configure the VPCs to share the same CIDR range and subnets as the VPC in the infrastructure account. Peer the VPCs in each individual account with the VPC in the infrastructure account,
    D. Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to associate with the resource share.
    E. Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each prefix list to associate with the resource share.

  • Question 182:

    A company has an asynchronous HTTP application that is hosted as an AWS Lambda function. A public Amazon API Gateway endpoint invokes the Lambda function. The Lambda function and the API Gateway endpoint reside in the us-east1 Region. A solutions architect needs to redesign the application to support failover to another AWS Region.

    Which solution will meet these requirements?

    A. Create an API Gateway endpoint in the us-west-2 Region to direct traffic to the Lambda function in us-east-1. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.
    B. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure API Gateway to direct traffic to the SQS queue instead of to the Lambda function. Configure the Lambda function to pull messages from the queue for processing.
    C. Deploy the Lambda function to the us-west-2 Region. Create an API Gateway endpoint in us-west-2 to direct traffic to the Lambda function in us-west-2. Configure AWS Global Accelerator and an Application Load Balancer to manage traffic across the two API Gateway endpoints.
    D. Deploy the Lambda function and an API Gateway endpoint to the us-west-2 Region.Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.

  • Question 183:

    A large payroll company recently merged with a small staffing company. The unified company now has multiple business units, each with its own existing AWS account.

    A solutions architect must ensure that the company can centrally manage the billing and access policies for all the AWS accounts. The solutions architect configures AWS Organizations by sending an invitation to all member accounts of the company from a centralized management account.

    What should the solutions architect do next to meet these requirements?

    A. Create the OrganizationAccountAccess IAM group in each member account. Include the necessary IAM roles for each administrator.
    B. Create the OrganizationAccountAccessPolicy IAM policy in each member account. Connect the member accounts to the management account by using cross-account access.
    C. Create the OrganizationAccountAccessRole IAM role in each member account. Grant permission to the management account to assume the IAM role.
    D. Create the OrganizationAccountAccessRole IAM role in the management account Attach the Administrator Access AWS managed policy to the IAM role. Assign the IAM role to the administrators in each member account.

  • Question 184:

    A company has an application that runs on Amazon EC2 instances. A solutions architect is designing VPC infrastructure in an AWS Region where the application needs to access an Amazon Aurora DB cluster. The EC2 instances are all associated with the same security group. The DB cluster is associated with its own security group.

    The solutions architect needs to add rules to the security groups to provide the application with least privilege access to the DB cluster.

    Which combination of steps will meet these requirements? (Select TWO.)

    A. Add an inbound rule to the EC2 instances' security group. Specify the DB cluster's security group as the source over the default Aurora port.
    B. Add an outbound rule to the EC2 instances' security group. Specify the DB cluster's security group as the destination over the default Aurora port.
    C. Add an inbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the source over the default Aurora port.
    D. Add an outbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the destination over the default Aurora port.
    E. Add an outbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the destination over the ephemeral ports.

  • Question 185:

    A company runs a popular public-facing ecommerce website. Its user base is growing quickly from a local market to a national market. The website is hosted in an on-premises data center with web servers and a MySQL database. The company wants to migrate its workload (o AWS. A solutions architect needs to create a solution to:

    1.Improve security

    2.Improve reliability

    3.mprove availability

    4.Reduce latency

    5.Reduce maintenance

    Which combination of steps should the solutions architect take to meet these requirements? (Select THREE.)

    A. Use Amazon EC2 instances in two Availability Zones for the web servers in an Auto Scaling group behind an Application Load Balancer.
    B. Migrate the database to a Multi-AZ Amazon Aurora MySQL DB cluster.
    C. Use Amazon EC2 instances in two Availability Zones to host a highly available MySQL database cluster.
    D. Host static website content in Amazon S3. Use S3 Transfer Acceleration to reduce latency while serving webpages. Use AWS WAF to improve website security.
    E. Host static website content in Amazon S3. Use Amazon CloudFronl to reduce latency while serving webpages. Use AWS WAF to improve website security
    F. Migrate the database to a single-AZ Amazon RDS for MySQL DB instance.

  • Question 186:

    A large mobile gaming company has successfully migrated all of its on-premises infrastructure to the AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework.

    While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions architect finds out that the company's developers are launching new Amazon EC2 instances as part of their testing and that the developers are not using the appropriate instance types.

    The solutions architect must implement a control mechanism to limit the instance types that only the developers can launch.

    Which solution will meet these requirements?

    A. Create a desired-instance-type managed rule in AWS Config. Configure the rule with the instance types that are allowed. Attach the rule to an event to run each time a new EC2 instance is launched.
    B. In the EC2 console, create a launch template that specifies the instance types that are allowed. Assign the launch template to the developers' IAM accounts.
    C. Create a new IAM policy. Specify the instance types that are allowed. Attach the policy to an IAM group that contains the IAM accounts for the developers
    D. Use EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image.

  • Question 187:

    A company is designing an AWS Organizations structure. The company wants to standardize a process to apply tags across the entire organization. The company will require tags with specific values when a user creates a new resource. Each of the company's OUs will have unique tag values.

    Which solution will meet these requirements?

    A. Use an SCP to deny the creation of resources that do not have the required tags. Create a tag policy that Includes the tag values that the company has assigned to each OU. Attach the tag policies to the OUs.
    B. Use an SCP to deny the creation of resources that do not have the required tags. Create a tag policy that includes the tag values that the company has assigned to each OU. Attach the tag policies to the organization's management account.
    C. Use an SCP to allow the creation of resources only when the resources have the required tags. Create a tag policy that includes the tag values that the company has assigned to each OU. Attach the tag policies to the OUs.
    D. Use an SCP to deny the creation of resources that do not have the required tags. Define the list of tags. Attach the SCP to the OUs

  • Question 188:

    A company needs to migrate its on-premises database fleet to Amazon RDS. The company is currently using a mixture of Microsoft SQL Server, MySQL, and Oracle databases. Some of the databases have custom schemas and stored procedures.

    Which combination of steps should the company take for the migration? (Choose two.)

    A. Use Migration Evaluator Quick Insights to analyze the source databases and to identify the stored procedures that need to be migrated.
    B. Use AWS Application Migration Service to analyze the source databases and to identify the stored procedures that need to be migrated.
    C. Use the AWS Schema Conversion Tool (AWS SCT) to analyze the source databases for changes that are required
    D. Use AWS Database Migration Service (AWS DMS) to migrate the source databases to Amazon RDS.
    E. Use AWS DataSync to migrate the data from the source databases to Amazon RDS.

  • Question 189:

    A company has several applications running in an on-premises data center. The data center runs a mix of Windows and Linux VMs managed by VMware vCenter. A solutions architect needs to create a plan to migrate the applications to

    AWS. However, the solutions architect discovers that the document for the applications is not up to date and that there are no complete infrastructure diagrams. The company's developers lack time to discuss their applications and current

    usage with the solutions architect.

    What should the solutions architect do to gather the required information?

    A. Deploy the AWS Server Migration Service (AWS SMS) connector using the OVA image on the VMware cluster to collect configuration and utilization data from the VMs
    B. Use the AWS Migration Portfolio Assessment (MPA) tool to connect to each of the VMs to collect the configuration and utilization data.
    C. Install the AWS Application Discovery Service on each of the VMs to collect the configuration and utilization data
    D. Register the on-premises VMs with the AWS Migration Hub to collect configuration and utilization data

  • Question 190:

    A company is planning to migrate its on-premises data analysis application to AWS. The application is hosted across a fleet of servers and requires consistent system time.

    The company has established an AWS Direct Connect connection from its on-premises data center to AWS. The company has a high-precision stratum-0 atomic dock network appliance that acts as an NTP source for all on-premises servers.

    After the migration to AWS is complete, the clock on all Amazon EC2 instances that host the application must be synchronized with the on-premises atomic clock network appliance.

    Which solution will meet these requirements with the LEAST administrative overhead?

    A. Configure a DHCP options set with the on-premises NTP server address Assign the options set to the VPC. Ensure that NTP traffic is allowed between AWS and the on- premises networks.
    B. Create a custom AMI to use the Amazon Time Sync Service at 169.254.169.123 Use this AMI for the application Use AWS Config to audit the NTP configuration.
    C. Deploy a third-party time server from the AWS Marketplace. Configure the time server to synchronize with the on-premises atomic clock network appliance. Ensure that NTP traffic is allowed inbound in the network ACLs for the VPC that contains the third-party server. D Create an IPsec VPN tunnel from the on-premises atomic clock network appliance to the VPC to encrypt the traffic over the Direct Connect connection. Configure the VPC route tables to direct NTP traffic over the tunnel.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAP-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.