Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon SAP-C02 Exam

Certification Provider: Amazon
Exam Name: AWS Certified Solutions Architect - Professional Exam
Duration: 180 Minutes
Number of questions in our database: 435
Exam Version: Apr. 01, 2024
SAP-C02 Exam Official Topics:
  • Topic 1: Determine cost optimization and visibility strategies/ Architect network connectivity strategies
  • Topic 2: Determine a cost optimization strategy to meet solution goals and objectives/ Determine security controls based on requirements
  • Topic 3: Determine a strategy to improve overall operational excellence/ Identify opportunities for cost optimizations
  • Topic 4: Determine opportunities for modernization and enhancements/ Select existing workloads and processes for potential migration
  • Topic 5: Determine a strategy to improve reliability/ Determine a strategy to improve security
  • Topic 6: Design a solution to meet performance objectives/ Design a deployment strategy to meet business requirements
  • Topic 7: Design reliable and resilient architectures/ Design Solutions for Organizational Complexity
  • Topic 8: Determine the optimal migration approach for existing workloads/ Accelerate Workload Migration and Modernization
  • Topic 9: Determine a strategy to improve performance/ Continuous Improvement for Existing Solutions
  • Topic 10: Design a strategy to meet reliability requirements/ Design a solution to ensure business continuity
  • Topic 11: Design a multi-account AWS environment/ Determine a new architecture for existing workloads
Disscuss Amazon SAP-C02 Topics, Questions or Ask Anything Related

Currently there are no comments in this discussion, be the first to comment!

Free Amazon SAP-C02 Exam Actual Questions

The questions for SAP-C02 were last updated On Apr. 01, 2024

Question #1

A company wants to establish a dedicated connection between its on-premises infrastructure and AWS. The company is setting up a 1 Gbps AWS Direct Connect connection to its account VPC. The architecture includes a transit gateway and a Direct Connect gateway to connect multiple VPCs and the on-premises infrastructure.

The company must connect to VPC resources over a transit VIF by using the Direct Connect connection.

Which combination of steps will meet these requirements? (Select TWO.)

Reveal Solution Hide Solution
Correct Answer: B, C

To connect VPC resources over a transit Virtual Interface (VIF) using a Direct Connect connection, the company should advertise the on-premises network prefixes over the transit VIF and advertise the VPC prefixes from the Direct Connect gateway to the on-premises network over the same VIF. This configuration ensures seamless connectivity between the on-premises infrastructure and the AWS VPCs through the transit gateway, facilitating efficient and secure communication across the network.


Question #2

A company has Linux-based Amazon EC2 instances. Users must access the instances by using SSH with EC2 SSH Key pairs. Each machine requires a unique EC2 Key pair.

The company wants to implement a key rotation policy that will, upon request, automatically rotate all the EC2 key pairs and keep the key in a securely encrypted place. The company will accept less than 1 minute of downtime during key rotation.

Which solution will meet these requirement?

Reveal Solution Hide Solution
Correct Answer: A

To meet the requirements for automatic key rotation of EC2 SSH key pairs with minimal downtime, storing the keys in AWS Secrets Manager and defining a rotation schedule is the most suitable solution. AWS Secrets Manager supports automatic rotation of secrets, including SSH keys, by invoking a Lambda function that can handle the creation of new key pairs and the replacement of public keys on EC2 instances. Updating the corresponding private keys in Secrets Manager ensures secure and centralized management of SSH keys, complying with the key rotation policy and minimizing operational overhead.


AWS Secrets Manager Documentation: Describes how to store and rotate secrets, including SSH keys, using Secrets Manager and Lambda functions.

AWS Lambda Documentation: Provides information on creating Lambda functions for custom secret rotation logic.

AWS Best Practices for Security: Highlights the importance of key rotation and how AWS services like Secrets Manager can facilitate secure and automated key management.

Question #3

A company has many services running in its on-premises data center. The data center is connected to AWS using AWS Direct Connect (DX)and an IPsec VPN. The service data is sensitive and connectivity cannot traverse the interne. The company wants to expand to a new market segment and begin offering Is services to other companies that are using AWS.

Which solution will meet these requirements?

Reveal Solution Hide Solution
Correct Answer: B

To offer services to other companies using AWS without traversing the internet, creating a VPC Endpoint Service hosted behind an Application Load Balancer (ALB) and making it available over AWS Direct Connect (DX) is the most suitable solution. This approach ensures that the service traffic remains within the AWS network, adhering to the requirement that connectivity must not traverse the internet. An ALB is capable of handling HTTP/HTTPS traffic, making it appropriate for web-based services. Utilizing DX for connectivity between the on-premises data center and AWS further secures and optimizes the network path.


AWS Direct Connect Documentation: Explains how to set up DX for private connectivity between AWS and an on-premises network.

Amazon VPC Endpoint Services (AWS PrivateLink) Documentation: Provides details on creating and configuring endpoint services for private, secure access to services hosted in AWS.

AWS Application Load Balancer Documentation: Offers guidance on configuring ALBs to distribute HTTP/HTTPS traffic efficiently.

Question #4

A financial company needs to create a separate AWS account for a new digital wallet application. The company uses AWS Organizations to manage its accounts. A solutions architect uses the 1AM user Supportl from the management account to create a new member account with finance1@example.com as the email address.

What should the solutions architect do to create IAM users in the new member account?

Reveal Solution Hide Solution
Question #5

A company is currently in the design phase of an application that will need an RPO of less than 5 minutes and an RTO of less than 10 minutes. The solutions architecture team is forecasting that the database will store approximately 10 TB of dat

a. As part of the design, they are looking for a database solution that will provide the company with the ability to fail over to a secondary Region.

Which solution will meet these business requirements at the LOWEST cost?

Reveal Solution Hide Solution
Correct Answer: B

The best solution is to deploy an Amazon RDS instance with a cross-Region read replica in a secondary Region. This will provide the company with a database solution that can fail over to the secondary Region in case of a disaster. The read replica will have minimal replication lag and can be promoted to become the primary in less than 10 minutes, meeting the RTO requirement. The RPO requirement of less than 5 minutes can also be met by using synchronous replication within the primary Region and asynchronous replication across Regions. This solution will also have the lowest cost compared to the other options, as it does not involve additional services or resources.Reference:[Amazon RDS User Guide], [Amazon Aurora User Guide]



Unlock all SAP-C02 Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now

Save Cancel