Free SAP-C02 Practice Questions
(AWS Certified Solutions Architect - Professional)

The SAP-C02 exam tests your knowledge of AWS Solutions Architecture. Practice real-world scenarios to prepare for the fundamentals of AWS architecture and best practices.

SAP-C02 Practice Questions

10 Free Questions • Updated for 2026 • No dumps

Designed by experts and updated regularly based on exam changes.

1

A large enterprise with multiple AWS accounts and on-premises data centers requires secure, high-bandwidth connectivity to AWS. All VPCs across accounts must communicate with on-premises resources and with each other. The solution must minimize network latency and operational complexity.

A Establish individual VPN connections from each VPC to the on-premises network.
B Create a mesh of VPC Peering connections and connect each to on-premises via VPN.
C Deploy AWS Direct Connect with a Direct Connect Gateway and AWS Transit Gateway.
D Use AWS Site-to-Site VPN connections over the internet with multiple tunnels.

✅ Correct Answer: C

Explanation: Direct Connect provides high-bandwidth, low-latency private connectivity. Combining it with a Direct Connect Gateway and Transit Gateway enables centralized, transitive routing between all VPCs and on-premises, minimizing operational overhead compared to a complex mesh of individual VPNs or VPC peerings. Individual VPNs are not high-bandwidth.
2

A global company needs to ensure that all AWS accounts within its AWS Organizations can only deploy resources in approved regions, enforce specific tagging policies, and prevent root user access. The solution must be centrally managed and highly scalable.

A Use AWS Config rules to audit resource deployments and tag compliance.
B Implement AWS Control Tower and configure Service Control Policies (SCPs).
C Deploy custom Lambda functions to enforce regional restrictions and tagging.
D Manually configure IAM policies for each account and region.

✅ Correct Answer: B

Explanation: AWS Control Tower provides a multi-account environment with preventative and detective controls, including SCPs to enforce regional restrictions and tagging policies across all accounts. Manually configuring IAM policies is not scalable. AWS Config is detective, not preventative. Custom Lambdas add operational overhead.
3

A critical application has an RTO of 15 minutes and an RPO of 5 minutes. It uses Amazon RDS for its database and EC2 instances for application servers. The solution must be cost-effective for failover to another region.

A Use a backup and restore strategy to an S3 bucket in a different region.
B Configure a hot standby deployment with active-active EC2 and RDS Multi-AZ.
C Implement a warm standby strategy with RDS Cross-Region Read Replicas and AMIs.
D Periodically synchronize all application data to a separate region using custom scripts.

✅ Correct Answer: C

Explanation: A warm standby with RDS Cross-Region Read Replicas (for RPO) and pre-baked AMIs (for RTO) offers a cost-effective solution meeting the specified RTO/RPO. Backup and restore is too slow for a 15-minute RTO. Hot standby is more expensive than required. Custom scripts add significant operational overhead.
4

A company running hundreds of EC2 instances across various accounts has identified significant idle resources and inconsistent instance types. They need to optimize compute costs without impacting performance, requiring a centralized, automated approach.

A Utilize AWS Compute Optimizer and integrate with AWS Organizations for recommendations.
B Purchase Reserved Instances and Savings Plans based on current utilization.
C Manually review CloudWatch metrics for each instance and resize them accordingly.
D Implement custom Lambda functions to terminate idle EC2 instances nightly.

✅ Correct Answer: A

Explanation: AWS Compute Optimizer provides data-driven recommendations across multiple accounts via AWS Organizations to right-size EC2 instances and identify idle resources, offering the most automated and effective approach for large-scale optimization. Custom Lambdas for termination could lead to data loss. Manual review is not scalable. Reserved Instances require informed decisions.
5

An organization is migrating a legacy monolithic application to AWS. The application has strict compliance requirements and requires minimal downtime. A complete re-architecture is not feasible initially. The goal is to move to AWS quickly and then modernize incrementally.

A Immediately Refactor (re-architect) the entire application to serverless.
B Perform a Rehost (lift-and-shift) to EC2 instances without any changes.
C Retire the application, as it is too complex to migrate.
D Use the Replatform (lift-and-reshift) strategy, moving to EC2 and then containerizing.

✅ Correct Answer: D

Explanation: Replatforming allows moving the application to AWS while making some AWS-native optimizations (e.g., containerizing, database migration) without a full re-architecture, balancing speed of migration with initial modernization. Rehosting delays modernization. Refactoring fully upfront is often too time-consuming. Retiring is not a migration strategy.
6

A company needs to consolidate petabytes of diverse data from various sources (relational databases, IoT devices, application logs) for analytics and machine learning. The solution must support schema-on-read, handle unpredictable data volumes, and be highly scalable and cost-effective.

A Use a large Amazon Redshift cluster for all data storage and analytics.
B Build a data lake on Amazon S3 with AWS Glue and Amazon Athena.
C Store all data in a single large Amazon RDS instance.
D Deploy a self-managed Hadoop cluster on EC2 instances.

✅ Correct Answer: B

Explanation: An S3-based data lake with AWS Glue for ETL and Athena for querying provides a scalable, cost-effective solution for diverse, high-volume data, supporting schema-on-read. Redshift is for structured data warehousing. Self-managed Hadoop has high operational overhead. RDS is for transactional, relational data and cannot handle petabytes of diverse data.
7

A global SaaS application needs to maintain continuous availability even during a regional outage. It serves users worldwide and requires low latency for all users. The solution must provide active-active resiliency with minimal data loss.

A Use a single-region deployment with Auto Scaling Groups and Multi-AZ databases.
B Implement a warm standby in a secondary region with manual failover.
C Deploy an active-active multi-region architecture using Amazon Route 53 and global databases.
D Configure cross-region S3 replication and snapshot EC2 instances.

✅ Correct Answer: C

Explanation: An active-active multi-region architecture with Route 53 for global routing and global databases (e.g., Aurora Global Database, DynamoDB Global Tables) provides continuous availability and low latency. Warm standby has higher RTO. S3 replication and EC2 snapshots are for disaster recovery, not active-active. Single-region doesn't protect against regional outages.
8

A development team frequently deploys infrastructure updates to multiple environments using CloudFormation. They need to automate the testing and deployment process, ensuring that changes are validated before reaching production and can be rolled back if issues occur.

A Create custom Lambda functions to validate CloudFormation templates.
B Implement an AWS CodePipeline with CodeCommit, CodeBuild, and CodeDeploy.
C Use a third-party CI/CD tool integrated with CloudFormation.
D Manually execute CloudFormation templates and monitor changes.

✅ Correct Answer: B

Explanation: AWS CodePipeline provides an end-to-end CI/CD solution that integrates with CodeCommit for source control, CodeBuild for testing, and CodeDeploy for automated deployments and rollbacks, enabling efficient and reliable infrastructure updates. Manual execution is error-prone. Third-party tools might add complexity. Custom Lambdas offer limited scope.
9

A legacy application running on EC2 instances processes batch jobs nightly, which are CPU-intensive and vary in duration. The company wants to modernize this workload to a serverless architecture to reduce operational costs and improve scalability without managing servers.

A Migrate batch jobs to AWS Lambda with SQS for asynchronous processing.
B Refactor the application into microservices and deploy on EC2 instances.
C Convert EC2 instances to Amazon ECS containers and run on Fargate.
D Use AWS Batch with EC2 Spot Instances for cost optimization.

✅ Correct Answer: A

Explanation: Migrating batch jobs to AWS Lambda triggered by SQS allows for fully serverless, event-driven processing, scaling automatically and only incurring costs when executed, significantly reducing operational overhead. ECS on Fargate is also serverless but typically for longer-running tasks. AWS Batch requires more configuration than Lambda for simple batch jobs. Refactoring to microservices on EC2 still involves server management.
10

An enterprise stores highly sensitive customer data in Amazon S3 buckets. Regulatory compliance requires that all data be encrypted with customer-managed keys (CMK) and that access to these keys be strictly controlled and auditable. How can this be achieved with the highest security and compliance?

A Encrypt data on-premises before uploading to S3 using client-side encryption.
B Store encryption keys in AWS Secrets Manager and retrieve them programmatically.
C Use AWS KMS for CMK creation and S3 bucket policies for key usage.
D Enable S3 default encryption with Amazon S3-managed keys (SSE-S3).

✅ Correct Answer: C

Explanation: AWS KMS allows for creating and managing CMKs, providing granular control over key policies and auditing key usage via CloudTrail, which is essential for compliance. SSE-S3 uses AWS-managed keys, not CMKs. Client-side encryption adds operational complexity. Secrets Manager is for credentials, not for managing CMKs for S3 encryption at rest.

Practice More Questions

Take full-length timed quizzes and track your performance.

Start Free Practice

Frequently Asked Questions

Are these questions real exam dumps?

No, examOS does not use or promote exam dumps. All questions are concept-focused, scenario-based, and designed to help you understand architectural decisions and real-world trade-offs.

How does ExamOS help me prepare better?

ExamOS provides short, timed quizzes aligned with official exam domains. Each question includes detailed explanations so you can learn the reasoning behind the correct answer, not just memorize it.

Is ExamOS free to use?

Yes. You get free credits when you register, which you can use to take practice quizzes. You can earn additional credits through referrals or upgrade later for unlimited practice.

Related Practice Exams

AWS Solutions Architect Associate (SAA-C03) Practice Questions AWS CloudOps Engineer - Professional (SOA_CC03) Practice Questions AWS Developer Associate (DVA-C02) Practice Questions Azure Solution Architect Associate (AZ-305) Practice Questions Google Cloud Professional Cloud Architect (PCA) Practice Questions Google Cloud Associate Cloud Engineer (ACE) Practice Questions