Amazon SAA-C02 AWS Certified Solutions Architect – Associate Online Training
Amazon SAA-C02 Online Training
The questions for SAA-C02 were last updated at Mar 02,2026.
- Exam Code: SAA-C02
- Exam Name: AWS Certified Solutions Architect – Associate
- Certification Provider: Amazon
- Latest update: Mar 02,2026
A healthcare computer stores highly sensitive records. Compliance requires that multiple copies be stored in different locations. Each record must be stored for 7 years. The company has a service level agreement (SLA) to provide records to government agencies immediately for the first 30 days and thin within 4 hours of a request thereafter.
What should a solutions architect recommend?
- A . Use Amazon S3 with cross-Region Region replication enabled. After 30 days. Transition the data to Amazon S3 Glacier using lifecycle policy.
- B . Use Amazon S3 with cross-origin resource sharing (CCRS) enabled. After 30 days. Transition on the data to Amazon S3 Glacier using a lifecycle policy.
- C . Use Amazon S3 with cross-origin replication enabled. After 30 days, transition the data to Amazon S3 Glacier Deep Archive a lifecycle policy.
- D . Use Amazon S3 with cross-origin resource sharing (CCRS) enabled. After 30 days, transition on the data to Amazon S3 Glacier Deep Archive using a lifecycle policy.
A solutions architect is designing the architecture for a new web application. The application will run on AWS Fargate containers with an Application Load Balancer (ALB) and an Amazon Aurora PostgreSQL database. The web application will perform primarily read queries against the database.
What should the solutions architect do to ensure that the website can scale with increasing traffic? (Select TWO.)
- A . Enable auto scaling on the ALB to scale the load balancer horizontally.
- B . Configure Aurora Auto Scaling to adjust the number of Aurora Replicas in the Aurora cluster dynamically.
- C . Enable cross-zone load balancing on the ALB to distribute the load evenly across containers in all Availability Zones.
- D . Configure an Amazon Elastic Container Service (Amazon ECS) cluster in each Availability Zone to distribute the load across multiple Availability Zones.
- E . Configure Amazon Elastic Container Service (Amazon ECS) Service Auto Scaling with a target tracking scaling policy that is based on CPU utilization.
A company is building a mobile app on AWS. The company wants to expand its reach to millions of users. The company needs to build a platform so that authorized users can watch the company’s content on their mobile devices
What should a solutions architect recommend to meet these requirements?
- A . Publish content to a public Amazon S3 bucket. Use AWS Key Management Service (AWS KMS) keys to stream content.
- B . Set up IPsec VPN between the mobile app and the AWS environment to stream content
- C . Use Amazon CloudFront Provide signed URLs to stream content.
- D . Set up AWS Client VPN between the mobile app and the AWS environment to stream content.
A company’s database is hosted on an Amazon Aurora MySQL DB cluster in the us-east-1 Region. The database is 4 TB in size. The company needs to expand its disaster recovery strategy to the us-west-2 Region. The company must have the ability to fail over to us-west-2 with a recovery time objective (RTO) of 15 minutes.
What should a solutions architect recommend to meet these requirements?
- A . Create a Multi-Region Aurora MySQL DB cluster in us-east-1 and us-west-2 Use an Amazon Route 53 health check to monitor us-east-1 and fail over to us-west-2 upon failure
- B . Take a snapshot of the DB cluster in us-east-1. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource events Configure the Lambda function to copy the snapshot to us-west-2 and restore the snapshot in us-west-2 when failure is detected.
- C . Create an AWS CloudFormation script to create another Aurora MySQL DB cluster in us-west-2 in case of failure Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource events. Configure the Lambda function to deploy the AWS CloudFormation stack in us-west-2 when failure is detected.
- D . Recreate the database as an Aurora global database with the primary DB cluster in us-east-1 and a secondary DB cluster in us-west-2 Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource events Configure the Lambda function to promote the DB cluster in us-west-2 when failure is detected.
A company wants to run an in-memory database for a latency-sensitive application that runs on Amazon EC2 instances. The application processes more than 100,000 transactions each minute and requires high network throughput. A solutions architect needs to provide a cost-effective network design that minimizes data transfer charges.
Which solution meets these requirements?
- A . Launch all EC2 instances in the same Availability Zone within the same AWS Region. Specify a placement group with cluster strategy when launching EC2 instances.
- B . Launch all EC2 instances in different Availability Zones within the same AWS Region. Specify a placement group with partition strategy when launching EC2 instances.
- C . Deploy an Auto Scaling group to launch EC2 instances in different Availability Zones based on a network utilization target.
- D . Deploy an Auto Scaling group with a step scaling policy to launch EC2 instances in different Availability Zones.
A company allows its developers to attach existing IAM policies to existing IAM roles to enable faster experimentation and agility. However, the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies.
How should a solution architect address this issue?
- A . Create an Amazon SNS topic to send an alert every time a developer create a new policy.
- B . Use service control policies to disable IAM across all account in the organizational unit.
- C . Prevent the developers from attaching any policies and duties to the security option team.
- D . Set an IAM permission boundary on the developer IAM role that explicitly denies of attaching the administrator policy
A website runs a web application that receives a burst of traffic each day at noon. The users upload new pictures and context daily, but have complaining of timeout. The architect uses Amazon EC2 Auto Scaling groups, and the custom application consistently takes 1 minutes to initiate upon boot up before responding to user requests.
How should a solutions architect redesign the architect to better respond to changing traffic?
- A . Configure a Network Load Balancer with a slow start configuration.
- B . Configure AWS ElastiCache for Redis to offload direct requests to the servers.
- C . Configure an Auto Scaling step scaling policy with an instance warmup condition.
- D . Configure Amazon CloudFront to use an Application Load Balancer as the origin.
C
Explanation:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html#as-step-scaling-warmup
"If you are creating a step policy, you can specify the number of seconds that it takes for a newly launched instance to warm up. Until its specified warm-up time has expired, an instance is not counted toward the aggregated metrics of the Auto Scaling group. Using the example in the Step Adjustments section, suppose that the metric gets to 60, and then it gets to 62 while the new instance is still warming up. The current capacity is still 10 instances, so 1 instance is added (10 percent of 10 instances). However, the desired capacity of the group is already 11 instances, so the scaling policy does not increase the desired capacity further. If the metric gets to 70 while the new instance is still warming up, we should add 3 instances (30 percent of 10 instances). However, the desired capacity of the group is already 11, so we add only 2 instances, for a new desired capacity of 13 instances"
A company is planning to migrate a TCP-based application into the company’s VPC. The application is publicly accessible on a nonstandard TCP port through a hardware appliance in the company’s data centre. This public endpoint can process up to 3 million requests per second with low latency. The company requires the same level of performance for the new public endpoint in AWS.
What should a solutions architect recommend to meet this requirement?
- A . Deploy a Network Load Balancer (NLB). Configure the NLB to be publicly accessible over the TCP port that the application requires.
- B . Deploy an Application Load Balancer (ALB). Configure the ALB to be publicly accessible over the TCP port that the application requires
- C . Deploy an Amazon CloudFront distribution that listens on the TCP port that the application requires Use an Application Load Balancer as the origin.
- D . Deploy an Amazon API Gateway API that is configured with the TCP port that the application requires. Configure AWS Lambda functions with provisioned concurrency to process the requests.
A company is automating an order management application. The company’s development team has decided to use SFTP to transfer and store the business-critical information files. The files must be encrypted and must be highly available. The files also must be automatically deleted a month after they are created.
Which solution meets these requirements with the LEAST operational overhead?
- A . Configure an Amazon S3 bucket with encryption enabled. Use AWS transfer for SFTP to securely transfer the files to the S3 bucket Apply an AWS Transfer for SFTP file retention policy to delete the files after a month
- B . Install an SFTP service on an Amazon EC2 instance Mount an Amazon Elastic File System (Amazon EFS) file share on the EC2 instance. Enable cron to delete the files after a month
- C . Configure an Amazon Elastic File System (Amazon EFS) file system with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the EFS file system. Apply an EFS lifecycle policy to automatically delete the files after a month.
- D . Configure an Amazon S3 bucket with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the S3 bucket. Apply S3 Lifecycle rules to automatically delete the files after a month.
A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining standard security controls Because the individual developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified.
Which action meets these requirements?
- A . Create an IAM policy that prohibits changes to CloudTrail, and attach it to the root user
- B . Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled.
- C . Create a service control policy (SCP) the prohibits changes to CloudTrail, and attach it the developer accounts
- D . Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the master account
Latest SAA-C02 Dumps Valid Version with 230 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
