SAP-C02 Exam Details

  • Exam Code
    :SAP-C02
  • Exam Name
    :AWS Certified Solutions Architect - Professional (SAP-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :874 Q&As
  • Last Updated
    :Jul 12, 2026

Amazon SAP-C02 Online Questions & Answers

  • Question 31:

    A company hosts an intranet web application on Amazon EC2 instances behind an Application Load Balancer (ALB). Currently, users authenticate to the application against an internal user database.

    The company needs to authenticate users to the application by using an existing AWS Directory Service for Microsoft Active Directory directory. All users with accounts in the directory must have access to the application.

    Which solution will meet these requirements?

    A. Create a new app client in the directory. Create a listener rule for the ALB. Specify the authenticate-oidc action for the listener rule. Configure the listener rule with the appropriate issuer, client ID and secret, and endpoint details for the Active Directory service. Configure the new app client with the callback URL that the ALB provides.
    B. Configure an Amazon Cognito user pool. Configure the user pool with a federated identity provider (ldP) that has metadata from the directory. Create an app client. Associate the app client with the user pool. Create a listener rule for the ALSpecify the authenticate-cognito action for the listener rule. Configure the listener rule to use the user pool and app client.
    C. Add the directory as a new IAM identity provider (ldP). Create a new IAM role that has an entity type of SAML 2.0 federation. Configure a role policy that allows access to the ALB. Configure the new role as the default authenticated user role for the ldP. Create a listener rule for the ALB. Specify the authenticate-oidc action for the listener rule.
    D. Enable AWS IAM Identity Center (AWS Single Sign-On). Configure the directory as an external identity provider (ldP) that uses SAML. Use the automatic provisioning method. Create a new IAM role that has an entity type of SAML 2.0 federation. Configure a role policy that allows access to the ALB. Attach the new role to all groups. Create a listener rule for the ALB. Specify the authenticate-cognito action for the listener rule.

  • Question 32:

    A company has a sales system that stores transactions as .csv files in an Amazon S3 bucket. The S3 bucket is configured to use S3 Intelligent-Tiering. Most of the .csv files are between 64 KB and 100 KB in size. All rows and columns of the .csv files must be read when the data is processed. The company must keep the data for 5 years.

    The company stores several million xsv files every day. The company must minimize the cost of storing and querying the xsv files.

    Which solution will meet these requirements?

    A. Create an AWS Glue job to convert the .csv files into Apache Parquet format. Use Amazon S3 to invoke the AWS Glue job every time a .csv file arrives.
    B. Create an AWS Glue job to compress the .csv files. Schedule the AWS Glue job every hour to compress the files for the previous hour into one .csv file.
    C. Create an AWS Lambda function to convert the .csv files into Apache Parquet format. Use Amazon S3 to invoke the Lambda function every time a .csv file arrives.
    D. Create an AWS Lambda function to compress the .csv files. Use Amazon S3 to invoke the Lambda function every time a .csv file arrives.

  • Question 33:

    A company is designing an AWS environment for a manufacturing application. The application has been successful with customers, and the application's user base has increased. The company has connected the AWS environment to the company's on-premises data center through a 1 Gbps AWS Direct Connect connection. The company has configured BGP for the connection.

    The company must update the existing network connectivity solution to ensure that the solution is highly available, fault tolerant, and secure.

    Which solution will meet these requirements MOST cost-effectively?

    A. Add a dynamic private IP AWS Site-to-Site VPN as a secondary path to secure data in transit and provide resilience for the Direct Connect connection. Configure MACsec to encrypt traffic inside the Direct Connect connection.
    B. Provision another Direct Connect connection between the company's on-premises data center and AWS to increase the transfer speed and provide resilience. Configure MACsec to encrypt traffic inside the Direct Connect connection.
    C. Configure multiple private VIFs. Load balance data across the VIFs between the on-premises data center and AWS to provide resilience.
    D. Add a static AWS Site-to-Site VPN as a secondary path to secure data in transit and to provide resilience for the Direct Connect connection.

  • Question 34:

    A company hosts a blog post application on AWS using Amazon API Gateway. Amazon DynamoDB, and AWS Lambda.

    The application currently does not use API keys to authorize requests.

    The API model is as follows:

    1. GET /posts/Jpostld) to get post details

    2. GET /users/{userld}. to get user details

    3. GET /comments/{commentld}: to get comments details

    The company has noticed users are actively discussing topics in the comments section, and the company wants to increase user engagement by making the comments appear in real time.

    Which design should be used to reduce comment latency and improve user experience?

    A. Use edge-optimized API with Amazon CloudFront to cache API responses.
    B. Modify the blog application code to request GET/commentsV{commentld} every 10 seconds
    C. Use AWS AppSync and leverage WebSockets to deliver comments
    D. Change the concurrency limit of the Lambda functions to lower the API response time.

  • Question 35:

    A company is migrating internal business applications to Amazon EC2 and Amazon RDS in a VPC. The migration requires connecting the cloud-based applications to the on-premises internal network. The company wants to set up an AWS 5ite-to-5ite VPN connection. The company has created two separate customer gateways. The gateways are configured for static routing and have been assigned distinct public

    IP addresses.

    Which solution will meet these requirements?

    A. Create one virtual private gateway. Associate the virtual private gateway with the VPC. Enable route propagation for the virtual private gateway in all VPC route tables. Create two Site-to-Slte VPN connections with two tunnels for each connection. Configure the Site-to-Slte VPN connections to use the virtual private gateway and to use separate customer gateways.
    B. Create one customer gateway. Associate the customer gateway with the VPC. Enable route propagation for the customer gateway in all VPC route tables. Create two Site-to-Site VPN connections with two tunnels for each connection. Configure the Site-to-Site VPN connections to use the customer gateway.
    C. Create two virtual private gateways. Associate the virtual private gateways with the VPC. Enable route propagation for both customer gateways in all VPC route tables. Create two Site-to-Site VPN connections with two tunnels for each connection. Configure the Site- to-Site VPN connections to use separate virtual private gateways and separate customer gateways.
    D. Create two virtual private gateways. Associate the virtual private gateways with the VPC. Enable route propagation for both customer gateways in all VPC route tables. Create four Site-to-Site VPN connections with one tunnel for each connection. Configure the Site- to-Site VPN connections into groups of two. Configure each group to connect to separate customer gateways and separate virtual private gateways.

  • Question 36:

    A company hosts a payment processing platform across multiple AWS Regions. The processing platform exposes payment processing API endpoints. The company uses Amazon Route 53 to route traffic to an Application Load Balancer (ALB) in each Region to distribute requests to backend payment gateways. The company has implemented Auto Scaling for the payment gateways. The company needs to improve reliability and availability by handling application failures quickly.

    Which solution will meet this requirement with the LEAST response time for global users?

    A. Configure Route 53 to use a geolocation routing policy to resolve DNS to an Amazon CloudFront distribution. Configure the distribution with an origin group that includes the ALBs from each Region as origins.
    B. Create an accelerator in AWS Global Accelerator. Create an endpoint group and add each ALB as an endpoint in the group. Update the Route 53 alias records to point to the accelerator.
    C. Configure Route 53 to use a latency-based routing policy and health checks for each Regional endpoint.
    D. Set up cross-Region connectivity by using AWS Cloud WAN to connect VPCs across Regions. Use network policies to route traffic from each Region to the Region that is closest to the origin Region.

  • Question 37:

    A company has multiple lines of business (LOBs) that roll up to the parent company. The company has asked its solutions architect to develop a solution with the following requirements: ? Produce a single AWS invoice for all of the AWS accounts used by its LOBs.

    ? The costs for each LOB account should be broken out on the invoice.

    ? Provide the ability to restrict services and features in the LOB accounts, as defined by the company's governance policy.

    ? Each LOB account should be delegated full administrator permissions, regardless of the governance policy.

    Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

    A. Use AWS Organizations to create an organization in the parent account for each LOB. Then invite each LOB account to the appropriate organization.
    B. Use AWS Organizations to create a single organization in the parent account. Then, invite each LOB's AWS account to join the organization.
    C. Implement service quotas to define the services and features that are permitted and apply the quotas to each LOB. as appropriate.
    D. Create an SCP that allows only approved services and features, then apply the policy to the LOB accounts.
    E. Enable consolidated billing in the parent account's billing console and link the LOB accounts.

  • Question 38:

    A machine learning (ML) company continuously develops new versions of its models. The models are integrated into a web application that uses a RESTful API to call custom Python code to invoke the models. The application runs in an Amazon EC2 Auto Scaling group. Customer feedback indicates that new model versions sometimes perform worse than previous versions. The company wants to implement a gradual deployment approach in which 10% of traffic is initially routed to new models to verify performance. The solution must also reduce operational overhead for infrastructure management.

    Which solution will meet these requirements with the LEAST operational overhead?

    A. Deploy model versions to an Amazon SageMaker AI multi-model endpoint. Configure the weight for the new version to 10% and the previous version to 90%. Migrate the Python code to an AWS Lambda function. Use Amazon API Gateway to invoke the Lambda function.
    B. Deploy each model version to a separate Amazon SageMaker Serverless Inference endpoint. Configure an AWS Lambda function to route 10% of invocation calls to the new endpoint and 90% to the previous version based on weighted random selection. Use Amazon API Gateway to invoke the Lambda function.
    C. Deploy each model version to a separate Amazon SageMaker AI single-model endpoint. Configure an AWS Lambda function to route 10% of invocation calls to the new endpoint ' s URL and 90% to the previous version. Use Amazon API Gateway to invoke the Lambda function.
    D. Deploy model versions to an Amazon SageMaker Serverless Inference endpoint. Use Amazon API Gateway with a canary deployment to gradually shift 10% of traffic to the new model version while maintaining 90% of traffic on the previous version.

  • Question 39:

    A financial services company has an asset management product that thousands of customers use around the world. The customers provide feedback about the product through surveys. The company is building a new analytical solution that runs on Amazon EMR to analyze the data from these surveys.

    The following user personas need to access the analytical solution to perform different actions:

    1. Administrator: Provisions the EMR cluster for the analytics team based on the team's requirements

    2. Data engineer: Runs E TL scripts to process, transform, and enrich the datasets

    3. Data analyst: Runs SQL and Hive queries on the data

    A solutions architect must ensure that all the user personas have least privilege access to only the resources that they need. The user personas must be able to launch only applications that are approved and authorized. The solution also must ensure tagging for all resources that the user personas create.

    Which solution will meet these requirements?

    A. Create IAM roles for each user persona. Attach identity-based policies to define which actions the user who assumes the role can perform. Create an AWS Config rule to check for noncompliant resources. Configure the rule to notify the administrator to remediate the noncompliant resources.
    B. Set up Kerberos-based authentication for EMR clusters upon launch. Specify a Kerberos security configuration along with cluster-specific Kerberos options.
    C. Use AWS Service Catalog to control the Amazon EMR versions available for deployment, the cluster configuration, and the permissions for each user persona.
    D. Launch the EMR cluster by using AWS CloudFormation. Attach resource-based policies to the EMR cluster during cluster creation. Create an AWS Config rule to check for noncompliant clusters and noncompliant Amazon S3 buckets. Configure the rule to notify the administrator to remediate the noncompliant resources.

  • Question 40:

    A global ecommerce company has many data centers worldwide. The company needs scalable cloud storage for legacy file applications. Requirements: Must support iSCSI access from on-premises servers.

    Must support point-in-time snapshots via AWS Backup. Must retain low-latency access to frequently accessed data.

    Which solution will meet these requirements?

    A. Provision an AWS Storage Gateway tape gateway with S3 and AWS Backup.
    B. Use Amazon FSx File Gateway and S3 File Gateway. Use AWS Backup.
    C. Provision an AWS Storage Gateway volume gateway in cache mode. Back up the volumes using AWS Backup.
    D. Provision an AWS Storage Gateway file gateway in cache mode. Use AWS Backup.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAP-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.