AWS · SAP-C02
Validates advanced technical skills and experience in designing optimized AWS solutions based on the AWS Well-Architected Framework.
Questions
592
Duration
180 minutes
Passing Score
750/1000
Difficulty
ProfessionalLast Updated
Jan 2025
Use this SAP-C02 practice exam to prepare for AWS Certified Solutions Architect - Professional (SAP-C02) with realistic questions, detailed explanations, and focused study modes. The practice bank includes 592 questions for AWS SAP-C02, so you can review the exam steadily instead of relying on one long cram session.
As you practice, pay extra attention to recurring topics such as Design Solutions for Organizational Complexity, Design for New Solutions, Continuous Improvement for Existing Solutions, and Accelerate Workload Migration and Modernization. Start with short sessions to identify weak areas, then move into timed quizzes once your accuracy is consistent.
The explanations are especially useful when you want to connect exam wording to the responsibilities and scenarios described in the official certification guidance. Use the free preview first, then unlock the full question bank when you are ready to build a complete study routine.
The AWS Certified Solutions Architect – Professional (SAP-C02) is a professional-level certification that validates advanced technical skills and experience in designing optimized, complex AWS solutions. It tests the ability to evaluate cloud application requirements, make architectural recommendations, and provide expert guidance across multiple applications and projects within large, complex organizations — all grounded in the AWS Well-Architected Framework. The credential specifically assesses competency in handling organizational complexity, architecting new solutions from scratch, continuously improving existing workloads, and accelerating migration and modernization initiatives.
The SAP-C02 version of the exam represents the current iteration of this credential and is recognized across the industry as one of the most rigorous cloud certifications available. Unlike the Associate-level counterpart, this exam demands multi-dimensional mastery — candidates must demonstrate judgment in ambiguous, trade-off-heavy scenarios, design for large-scale enterprise environments, and integrate a broad range of AWS services into cohesive, production-ready architectures. The certification is valid for three years, after which recertification is required by passing the then-current version of the exam.
This certification is designed for experienced cloud professionals performing a solutions architect role who have two or more years of hands-on experience designing and implementing cloud solutions on AWS. Ideal candidates include senior cloud architects, principal engineers, and cloud consultants who routinely provide architectural guidance across multiple teams, applications, or projects within complex organizational structures.
Professionals targeting roles such as Enterprise Cloud Architect, Principal Solutions Architect, Cloud Infrastructure Lead, or Senior DevOps Engineer will find this credential directly aligned with their career trajectory. It is also well-suited for individuals responsible for cloud migration strategies, governance frameworks, or leading cloud adoption programs within enterprises. Those who have already earned the AWS Certified Solutions Architect – Associate and have accumulated significant real-world AWS design experience are the most natural candidates.
AWS does not enforce formal prerequisites for the SAP-C02 exam, but the official exam guide recommends that candidates have two or more years of experience using AWS services to design and implement cloud solutions. Candidates should be comfortable evaluating application requirements and translating them into AWS architectural recommendations across diverse use cases.
In practice, most successful candidates hold the AWS Certified Solutions Architect – Associate credential and have deep familiarity with a wide range of AWS services, including networking (VPC, Direct Connect, Transit Gateway), security (IAM, Organizations, SCPs), compute, storage, databases, and messaging. Experience designing multi-account architectures, hybrid connectivity models, disaster recovery strategies, and cost optimization frameworks is strongly recommended before attempting this exam.
The SAP-C02 exam consists of 75 total questions — 65 scored questions that contribute to your final result and 10 unscored experimental questions that are not identified and do not affect your score. Questions are presented in two formats: multiple choice (one correct answer from four options) and multiple response (two or more correct answers from five or more options, requiring all correct selections for full credit). Unanswered questions are scored as incorrect, but there is no penalty for guessing.
Candidates have 180 minutes to complete the exam. It is delivered via Pearson VUE, either at an authorized testing center or through an online proctored session. The exam is available in English, Japanese, Korean, Portuguese (Brazil), Simplified Chinese, and Spanish (Latin America). Scores are reported on a scaled range of 100–1,000, with a minimum passing score of 750. A compensatory scoring model is used, meaning candidates must achieve an overall passing score but are not required to pass each domain individually. Results are reported as Pass or Fail. The exam costs $300 USD, though holders of an active AWS Certification receive a 50% discount on subsequent exams.
The AWS Certified Solutions Architect – Professional is consistently ranked among the highest-paying IT certifications globally. According to Skillsoft's IT Skills and Salary Survey (2024), professionals holding this credential earn an average of approximately $155,000 per year in the United States, with ZipRecruiter reporting an average of around $146,000 annually. AWS-certified professionals overall earn an average of $12,000 more per year than non-certified peers, according to Global Knowledge salary survey data. The certification is recognized as one of the top-ten most pursued cloud credentials and frequently appears on lists of the top-paying certifications in the IT industry.
Job roles directly aligned with this credential include Enterprise Cloud Architect, Principal Solutions Architect, Cloud Infrastructure Lead, and Senior Cloud Consultant. With AWS holding approximately 32% of the global cloud market share as of 2024, demand for validated AWS expertise — especially at the professional level — remains strong across industries including financial services, healthcare, retail, and government. Compared to the Associate-level credential, the Professional designation signals the ability to handle enterprise-scale complexity, making it particularly valuable for senior-level hiring and promotion decisions. The certification also serves as a prerequisite or strong differentiator for AWS Specialty certifications.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 592 questions.
Preview — answers shown1. A rapidly expanding tech startup, 'GlobalMart Inc.', is launching a new global mobile marketplace application using AWS Amplify for front-end development and AWS Mobile Hub (now part of Amplify) for backend configuration. To minimize latency for users worldwide, the backend APIs responsible for processing sales and financial transactions will be deployed to multiple AWS regions, ensuring transactions are handled in the region closest to the user. The solutions architect must design the system architecture to ensure that any transaction made in one region is automatically and reliably replicated to all other active regions to maintain data consistency. The marketplace is expected to attract millions of users across North America, South America, Europe, and Asia in the coming months. Which of the following database and replication strategies provides the MOST scalable, cost-effective, and highly available architecture for this global transactional data?
Explanation
The DynamoDB global tables solution is specifically designed for this type of multi-region, active-active data replication requirement. Here's why: - Amazon DynamoDB Global Tables: This feature provides a fully managed, multi-region, and multi-master (multi-active) database solution. You create a global table by specifying the AWS regions where you want replica tables. - Automatic Replication: When your application writes data to a replica table in one region, DynamoDB automatically propagates that write to all other replica tables in the global table, typically within seconds. This ensures data consistency across regions. - Low Latency Access: Applications in each region can read and write data to their local DynamoDB replica table with low latency. - Scalability and High Availability: DynamoDB itself is highly scalable and available. Global tables extend these benefits across multiple regions, providing resilience against regional outages. - Cost-Effective: While there are costs associated with replicated write capacity units (rWCUs) and inter-region data transfer for global tables, it's often more cost-effective and significantly less operational overhead than building and managing a custom replication solution. Why other approaches are less suitable: - S3 for Transactions with S3 CRR: Amazon S3 is an object storage service, not a transactional database. While S3 CRR can replicate objects, S3 is not designed for the frequent, low-latency reads and writes typically associated with financial transactions, nor does it offer database features like atomic counters, conditional writes, or indexing in the same way DynamoDB does. - Control Tower, Connect, and separate DynamoDB tables without native replication: AWS Control Tower is for setting up and governing a multi-account AWS environment. Amazon Connect is a contact center service. Neither of these is directly relevant to multi-region database replication. Using separate DynamoDB tables in each region without a built-in replication mechanism like global tables means you'd have to build replication yourself, which is complex. - Local DynamoDB tables with Lambda for replication: While this is a possible way to build custom replication using DynamoDB Streams and Lambda, it's significantly more complex to develop, manage, and scale compared to using the fully managed DynamoDB global tables feature. Ensuring exactly-once delivery, handling errors, managing conflicts (if writes can occur in multiple regions simultaneously on the same item without proper design), and maintaining low latency across many regions would be a substantial engineering effort.
2. A major financial services corporation, 'SecureFinance International,' operates multiple AWS accounts that are all centrally managed under one AWS Organization. To ensure compliance with internal governance policies and facilitate accurate departmental cost allocation, the central cloud governance team mandates that a standard set of tags (e.g., `DepartmentID`, `ProjectCode`, `DataClassification`) must be applied to all AWS resources at the moment of their creation. This policy must be enforced across all accounts within the organization. The solutions architect is tasked with recommending an approach that ensures this tagging policy is automatically enforced during resource provisioning, ideally leveraging centralized provisioning tools and infrastructure-as-code (IaC) templates. Which TWO of the following AWS services or features are MOST recommended for achieving this mandatory and automated tagging requirement at the point of resource creation across all organizational accounts?
Multiple correct answersExplanation
The CloudFormation template approach and AWS Service Catalog solution are correct because they enforce tagging *at the time of resource creation* through governed provisioning. CloudFormation templates can have tags defined directly for resources, ensuring they are applied on deployment. AWS Service Catalog allows administrators to define products (often CloudFormation templates) that automatically apply tags when users provision them. This provides controlled, compliant self-service. The AWS Config rules approach is reactive (fixes tags after creation). The Systems Manager Automation documents method relies on users using specific automation docs. The AWS-generated cost allocation tags use AWS-generated tags, not custom company-specific tags.
3. A leading financial technology firm, 'GlobalPay Solutions,' recently completed patching a significant security vulnerability in its core web application, which is hosted on AWS. As a proactive measure, the solutions architect has been mandated to substantially enhance the overall security posture of the company’s AWS resources. This includes fortifying their web applications against common web vulnerabilities and sophisticated cyber-attacks. A primary area of concern is the effective mitigation of Distributed Denial of Service (DDoS) attacks, where a high volume of malicious traffic, originating from numerous and geographically diverse sources, simultaneously targets the company's web application, attempting to overwhelm both network bandwidth and application server resources. Which TWO of the following AWS services or architectural strategies are MOST recommended to create a comprehensive defense against DDoS attacks, covering both network/transport layers and the application layer, thereby reducing the attack surface and minimizing the potential impact of such incidents on their cloud infrastructure?
Multiple correct answersExplanation
The correct solutions describe a defense-in-depth strategy that addresses DDoS attacks at multiple layers. CloudFront and Shield Advanced protect against volumetric and sophisticated DDoS attacks at the edge and network/transport layers, while Security Groups provide instance-level firewalls that restrict traffic to essential ports and trusted sources only. Network Access Control Lists (NACLs) offer subnet-level IP blocking as an initial stateless filtering layer, while AWS WAF protects against application-layer attacks including SQL injection and Cross-Site Scripting (XSS), and can effectively mitigate application-layer DDoS attacks through custom rules and rate limiting. The approach using Elastic Load Balancing with oversized instances and Session Manager is incorrect because Session Manager is designed for secure instance access management, not for filtering or validating web sessions to prevent DDoS attacks. Oversizing instances alone is also an inefficient and costly approach to DDoS mitigation. The solution focusing on Multi-Factor Authentication, Amazon Fraud Detector, AWS Config, and AWS Trusted Advisor addresses governance, compliance, and fraud detection rather than providing direct DDoS mitigation capabilities. While these services enhance overall security posture, they don't specifically defend against DDoS attacks. The approach emphasizing S3 versioning and Systems Manager Patch Manager addresses data integrity and vulnerability management, which are important security practices but not primary defenses against DDoS attacks. These measures don't prevent or mitigate the high-volume malicious traffic characteristic of DDoS incidents.
4. A data science firm runs a monthly analytics job on a cluster of hundreds of EC2 instances. The job reads from a 200 TB shared file system, which is currently hosted on several continuously running EC2 instances. The job runs for 72 hours and only reads a subset of the total data. An architect needs to replace the self-managed file system to reduce costs, while still providing high-performance access during the 72-hour job run. Which solution offers the largest cost savings?
Explanation
This solution provides the best of both worlds: low-cost object storage for data at rest and a high-performance file system for data in use. The Amazon S3 with FSx for Lustre lazy loading approach is the most cost-effective solution. Storing the 200 TB of data in Amazon S3 is significantly cheaper than keeping it on a continuously running file server or on high-performance EBS volumes. Amazon FSx for Lustre is a high-performance file system designed for compute-intensive workloads. The key is creating it 'on-demand' just for the job run and then deleting it, so you only pay for 72 hours of high-performance storage. 'Lazy loading' is an additional cost-saver because it only pulls data from S3 into the file system as it's requested by the application, meaning you don't have to pay to store all 200 TB in the more expensive FSx file system if the job only reads a subset. The EBS io2 Block Express volume approach is incorrect because a large, high-performance EBS volume would be extremely expensive to maintain, even if only used for 72 hours a month. It is not as cost-effective as the S3/FSx combination. Pre-loading all data into FSx for Lustre is a good solution, but less cost-effective than lazy loading. Pre-loading all 200 TB of data into the FSx for Lustre file system means you pay for 200 TB of high-performance storage for 72 hours, even if the job only uses a fraction of it. Lazy loading avoids this by only loading what's needed. The AWS Storage Gateway File Gateway approach is incorrect because a File Gateway is designed for providing on-premises access to S3 or for low-latency access to frequently used data. It is not designed to be a high-performance, parallel file system for a large compute cluster and would likely be a performance bottleneck.
5. A premier online travel and booking agency, 'Wanderlust Journeys Ltd.', operates its flagship trip planner website on the AWS cloud. This highly interactive website provides users globally with real-time public transportation information, including dynamic timetables, live travel alerts, and detailed route planning for trains, buses, ferries, and trams across numerous international cities. The application's front-end tier is efficiently served by an Application Load Balancer (ALB) that intelligently distributes incoming user traffic across a robust Auto Scaling group of Amazon EC2 instances. These instances are strategically deployed across three distinct Availability Zones (AZs) within a single AWS Region to ensure high availability and fault tolerance. The backend data persistence layer relies on a Multi-AZ Amazon RDS instance. During peak travel seasons, major international sporting events, or popular city-wide concerts, the trip planner application experiences dramatic and often sudden usage spikes. These spikes frequently cause the application server EC2 instances to reach critical CPU utilization levels, often exceeding 90%. The solutions architect has been tasked with a critical mission: ensure that the website can recover swiftly and maintain impeccable high availability in the unfortunate event that one of its Availability Zones becomes entirely unavailable, especially during these crucial peak usage periods. Which of the following architectural design choices represents the MOST cost-effective and resilient strategy for this website to maintain continuous high availability and gracefully handle such demanding peak loads and potential AZ failures?
Explanation
The solution combining responsive Auto Scaling across multiple Availability Zones with a cost-effective mix of Reserved Instances for baseline load, and On-Demand/Spot Instances (with diversification) for peak loads is correct. This approach ensures high availability because the Auto Scaling group automatically rebalances instances across remaining Availability Zones if one fails, provides scalability for peak traffic periods, and optimizes costs by using the right pricing models for different load characteristics.\n\nThe large fixed fleet approach is not cost-effective due to significant over-provisioning of resources that remain idle during normal operations. The small fixed fleet configuration lacks the dynamic scaling capability necessary to handle sudden peak loads effectively. The all-Spot-Instance strategy with Auto Scaling restricted to a single Availability Zone introduces unacceptable risks for high availability and production stability, as Spot Instances can be interrupted and concentrating resources in one AZ creates a single point of failure.
AWS Certified CloudOps Engineer - Associate (SOA-C03)
SOA-C03 · 2141 questions
AWS Certified SysOps Administrator - Associate (SOA-C02)
SOA-C02 · 2141 questions
AWS Certified Security - Specialty (SCS-C03)
SCS-C03 · 2069 questions
AWS Certified Generative AI Developer - Professional (AIP-C01)
AIP-C01 · 1978 questions
AWS Certified Advanced Networking - Specialty (ANS-C01)
ANS-C01 · 1453 questions
AWS Certified Data Engineer - Associate (DEA-C01)
DEA-C01 · 1120 questions
$17.99
One-time access to this exam