SAP-C02 Exam Details

  • Exam Code
    :SAP-C02
  • Exam Name
    :AWS Certified Solutions Architect - Professional (SAP-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :874 Q&As
  • Last Updated
    :Jul 12, 2026

Amazon SAP-C02 Online Questions & Answers

  • Question 831:

    A company is building an electronic document management system in which users upload their documents. The application stack is entirely serverless and runs on AWS in the eu-central-1 Region. The system includes a web application that uses an Amazon CloudFront distribution for delivery with Amazon

    S3 as the origin. The web application communicates with Amazon API Gateway Regional endpoints. The API Gateway APIs call AWS Lambda functions that store metadata in an Amazon Aurora Serverless database and put the documents into an S3 bucket.

    The company is growing steadily and has completed a proof of concept with its largest customer. The company must improve latency outside of Europe.

    Which combination of actions will meet these requirements? (Select TWO.)

    A. Enable S3 Transfer Acceleration on the S3 bucket. Ensure that the web application uses the Transfer Acceleration signed URLs.
    B. Create an accelerator in AWS Global Accelerator. Attach the accelerator to the CloudFront distribution.
    C. Change the API Gateway Regional endpoints to edge-optimized endpoints.
    D. Provision the entire stack in two other locations that are spread across the world. Use global databases on the Aurora Serverless cluster.
    E. Add an Amazon RDS proxy between the Lambda functions and the Aurora Serverless database.

  • Question 832:

    A company is migrating its three-tier web application from on-premises to the AWS Cloud. The company has the following requirements for the migration process:

    1. Ingest machine images from the on-premises environment.

    2. Synchronize changes from the on-premises environment to the AWS environment until the production cutover.

    3. Minimize downtime when executing the production cutover.

    4. Migrate the virtual machines' root volumes and data volumes.

    Which solution will satisfy these requirements with minimal operational overhead?

    A. Use AWS Server Migration Service (SMS) to create and launch a replication job for each tier of the application. Launch instances from the AMIs created by AWS SMS. After initial testing, perform a final replication and create new instances from the updated AMIs.
    B. Create an AWS CLIVM Import/Export script to migrate each virtual machine. Schedule the script to run incrementally to maintain changes in the application. Launch instances from the AMIs created by VM Import/Export. Once testing is done, rerun the script to do a final import and launch the instances from the AMIs.
    C. Use AWS Server Migration Service (SMS) to upload the operating system volumes. Use the AWS CLI import-snaps hot command 'or the data volumes. Launch instances from the AMIs created by AWS SMS and attach the data volumes to the instances. After initial testing, perform a final replication, launch new instances from the replicated AMIs. and attach the data volumes to the instances.
    D. Use AWS Application Discovery Service and AWS Migration Hub to group the virtual machines as an application. Use the AWS CLI VM Import/Export script to import the virtual machines as AMIs. Schedule the script to run incrementally to maintain changes in the application. Launch instances from the AMIs. After initial testing, perform a final virtual machine import and launch new instances from the AMIs.

  • Question 833:

    Question: A company mandates that all internal AWS communications useprivate IPs. A solutions architect createdinterface VPC endpointsfor public AWS services like S3. However, service names are still resolving topublic IP addresses, and the internal apps cannot connect.

    What should the architect do to resolve this issue?

    A. Update the subnet route table with a route to the interface endpoint.
    B. Enable the private DNS option on the VPC attributes.
    C. Configure the security group on the interface endpoint to allow access.
    D. Configure a private hosted zone with conditional forwarding.

  • Question 834:

    A company needs to migrate a 2 TB MySQL database from an on-premises data center to an Amazon Aurora cluster. The database receives hundreds of updates every minute. The on-premises database server is not accessible through the internet. The migration solution must ensure that no data is lost between the start of migration and cutover. The migration must begin as soon as possible and must minimize downtime.

    Which solution will meet these requirements?

    A. Create an AWS Site-to-Site VPN connection between the on-premises data center and the VPC that hosts the Aurora duster. Create a dump of the on-premises database by using mysqldump. Upload the dump to Amazon S3 by using multipart upload. Use an Amazon EC2 instance with appropriate permissions to import the dump to the Aurora cluster.
    B. Create an AWS Site-to-Site VPN connection between the on-premises data center and the VPC that hosts the Aurora cluster. Specify the on-premises database as the source endpoint in AWS DMS. Specify the Aurora duster as the target endpoint. Configure a DMS task with ongoing replication.
    C. Set up an AWS Direct Connect connection between the on-premises data center and the VPC that hosts the Aurora duster. Create a dump of the on-premises database by using mysqldump. Upload the dump to Amazon S3 by using multipart upload. Use an Amazon EC2 instance with appropriate permissions to import the dump to the Aurora cluster. Set up replication between the data center and the Aurora cluster.
    D. Set up an AWS Direct Connect connection between the on-premises data center and the VPC that hosts the Aurora cluster. Specify the on-premises database as the source endpoint in AWS DMS. Specify the Aurora duster as the target endpoint Configure a DMS task with ongoing replication.

  • Question 835:

    Example Corp uses an organization in AWS Organizations with all features enabled to manage multiple AWS accounts. Example Corp acquires AnyCompany, which currently hosts its AWS environment in a single AWS account. Example Corp wants to add AnyCompany's AWS account to Example Corp's existing organization.

    Which solution will meet this requirement?

    A. From AnyCompany's AWS account, invite Example Corp's existing AWS management account to start the join process. Ensure that Organizations creates the OrganizationAccountAccessRole IAM role with the required permissions.
    B. From Example Corp's management AWS account, send an AWS Support request to AWS to add AnyCompany's AWS account to the existing organization. Ensure that Organizations creates the OrganizationAccountAccessRole IAM role with the required permissions.
    C. From Example Corp's management AWS account, send an invitation to AnyCompany's AWS account. Accept the invitation in AnyCompany's account. Create an OrganizationAccountAccessRole IAM role with the appropriate managed IAM policy.
    D. From AnyCompany's AWS account, create an OrganizationAccountAccessRole IAM role with the appropriate managed IAM policy. Configure AnyCompany's AWS account to be a member of Example Corp's organization.

  • Question 836:

    A retail company runs a business-critical web service on an Amazon Elastic Container Service (Amazon ECS) cluster that runs on Amazon EC2 instances.

    The web service receives POST requests from end users and writes data to a MySQL database that runs on a separate EC2 instance.

    The company needs to ensure that data loss does not occur. The current code deployment process includes manual updates of the ECS service During a recent deployment, end users encountered intermittent 502 Bad Gateway errors in response to valid web requests

    The company wants to implement a reliable solution to prevent this issue from recurring. The company also wants to automate code deployments. The solution must be highly available and must optimize cost-effectiveness.

    Which combination of steps will meet these requirements? (Select THREE.)

    A. Run the web service on an ECS cluster that has a Fargate launch type Use AWS CodePipeline and AWS CodeDeploy to perform a blue/green deployment with validation testing to update the ECS service.
    B. Migrate the MySQL database to run on an Amazon RDS for MySQL Multi-AZ DB instance that uses Provisioned IOPS SSD (io2) storage
    C. Configure an Amazon Simple Queue Service (Amazon SQS) queue as an event source to receive the POST requests from the web service Configure an AWS Lambda function to poll the queue Write the data to the database.
    D. Run the web service on an ECS cluster that has a Fargate launch type Use AWS CodePipeline and AWS CodeDeploy to perform a canary deployment to update the ECS service.

  • Question 837:

    A company has implemented a global multiplayer gaming platform.

    The platform requires gaming clients to have reliable, low-latency access to the server infrastructure that is hosted on a fleet of Amazon EC2 instances in a single AWS Region

    The gaming clients use a custom TCP protocol to connect to the server infrastructure.

    The application architecture requires client IP addresses to be available to the server software.

    Which solution meets these requirements?

    A. Create a Network Load Balancer (NLB), and add the EC2 instances to a target group Create an Amazon CloudFront Real Time Messaging Protocol (RTMP) distribution and configure the origin to point to the DNS endpoint of the NLB Use proxy protocol version 2 headers to preserve client IP addresses
    B. Use an AWS Direct Connect gateway to connect multiple Direct Connect locations in different Regions globally Configure Amazon Route 53 with geolocation routing to send traffic to the nearest Direct Connect location Associate the VPC that contains the EC2 instances with the Direct Connect gateway
    C. Create an accelerator in AWS Global Accelerator and configure the listener to point to a single endpoint group Add each of the EC2 instances as endpoints to the endpoint group Configure the endpoint group weighting equally across all of the EC2 endpoints
    D. Create an Application Load Balancer (ALB) and add the EC2 instances to a target group Create a set of Amazon Route 53 latency-based alias records that point to the DNS endpoint of the ALB Use X- Forwarded-For headers to preserve client IP addresses

  • Question 838:

    An enterprise company is building an infrastructure services platform for its users. The company has the following requirements:

    1. Provide least privilege access to users when launching AWS infrastructure so users cannot provision unapproved services.

    2. Use a central account to manage the creation of infrastructure services. Provide the ability to distribute infrastructure services to multiple accounts in AWS Organizations.

    3. Provide the ability to enforce tags on any infrastructure that is started by users.

    Which combination of actions using AWS services will meet these requirements? (Choose three.)

    A. Develop infrastructure services using AWS Cloud Formation templates. Add the templates to a central Amazon S3 bucket and add the-IAM roles or users that require access to the S3 bucket policy.
    B. Develop infrastructure services using AWS Cloud Formation templates. Upload each template as an AWS Service Catalog product to portfolios created in a central AWS account. Share these portfolios with the Organizations structure created for the company.
    C. Allow user IAM roles to have AWSCloudFormationFullAccess and AmazonS3ReadOnlyAccess permissions. Add an Organizations SCP at the AWS account root user level to deny all services except AWS CloudFormation and Amazon S3.
    D. Allow user IAM roles to have ServiceCatalogEndUserAccess permissions only. Use an automation script to import the central portfolios to local AWS accounts, copy the TagOption assign users access and apply launch constraints.
    E. Use the AWS Service Catalog TagOption Library to maintain a list of tags required by the company. Apply the TagOption to AWS Service Catalog products or portfolios.
    F. Use the AWS CloudFormation Resource Tags property to enforce the application of tags to any CloudFormation templates that will be created for users.

  • Question 839:

    A company is running a large containerized workload in the AWS Cloud using Amazon ECS. The development team recently started using AWS Fargate instead of EC2 in the ECS cluster. The company is worried about reaching the maximum number of ECS tasks allowed in the account.

    A solutions architect must implement a solution that notifies the development team when Fargate usage reaches 80% of the quota.

    What should the architect do?

    A. Use CloudWatch to monitor the Sample Count for each service. Alert when usage exceeds 80%.
    B. Use CloudWatch to monitor ECS service quotas under the AWS/Usage namespace. Create an alarm when utilization exceeds 80%. Notify via SNS.
    C. Use a Lambda function to poll Fargate metrics. Notify via SES when usage exceeds 80%.
    D. Use AWS Config to monitor Fargate quotas. Notify via SES if non-compliant.

  • Question 840:

    A company needs to create and manage multiple AWS accounts for a number of departments from a central location. The security team requires read-only access to all accounts from its own AWs account.

    The company is using AWS Organizations and created an account tor the security team.

    How should a solutions architect meet these requirements?

    A. Use the OrganizationAccountAccessRole IAM role to create a new IAM policy with read-only access in each member account. Establish a trust relationship between the IAM policy in each member account and the security account. Ask the security team to use the IAM policy to gain access.
    B. Use the OrganizationAccountAccessRole IAM role to create a new IAM role with read-only access in each member account. Establish a trust relationship between the IAM role in each member account and the security account. Ask the security team to use the IAM role to gain access.
    C. Ask the security team to use AWS Security Token Service (AWS STS) lo call the AssumeRole API tor the Organization AccountAccessRole IAM role in the management account from the security account. Use the generated temporary credentials to gain access.
    D. Ask the security team to use AWS Security Token Service (AWS STS) to call the AssumeRole API for the Organization AccountAccessRole IAM role in the member account from the security account. Use the generated temporary credentials to gain access.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAP-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.