Amazon SAA-C02 AWS Certified Solutions Architect – Associate Online Training
Amazon SAA-C02 Online Training
The questions for SAA-C02 were last updated at Feb 27,2026.
- Exam Code: SAA-C02
- Exam Name: AWS Certified Solutions Architect – Associate
- Certification Provider: Amazon
- Latest update: Feb 27,2026
A solutions architect is designing the architecture for a company website that is composed of static content. The company’s target customers are located in the United States and Europe.
Which architecture should the solutions architect recommend to MINIMIZE cost?
- A . Store the website files on Amazon S3 in the us-east-2 Region. Use an Amazon CloudFront distribution with the price class configured to limit the edge locations in use.
- B . Store the website files on Amazon S3 in the us-east-2 Region. Use an Amazon CloudFront distribution with the price class configured to maximize the use of edge locations.
- C . Store the website files on Amazon S3 in the us-east-2 Region and the eu-west-1 Region. Use an Amazon CloudFront geolocation routing policy to route requests to the closest Region to the user.
- D . Store the website files on Amazon S3 in the us-east-2 Region and the eu-west-1 Region. Use an Amazon CloudFront distribution with an Amazon Route 53 latency routing policy to route requests to the closest Region to the user.
An Amazon EC2 administrator created the following policy associated with an IAM group containing several users
What is the effect of this policy?
- A . Users can terminate an EC2 instance in any AWS Region except us-east-1.
- B . Users can terminate an EC2 instance with the IP address 10 100 100 1 in the us-east-1 Region
- C . Users can terminate an EC2 instance in the us-east-1 Region when the user’s source IP is 10.100.100.254.
- D . Users cannot terminate an EC2 instance in the us-east-1 Region when the user’s source IP is 10.100 100 254
A company has created an isolated backup of its environment in another Region. The application is running in warm standby mode and is fronted by an Application Load Balancer (ALB). The current failover process is manual and requires updating a DNS alias record to point to the secondary ALB in another Region
What should a solutions architect do to automate the failover process?
- A . Enable an ALB health check
- B . Enable an Amazon Route 53 health check
- C . Create a CNAME record on Amazon Route 53 pointing to the ALB endpoint.
- D . Create conditional forwarding rules on Amazon Route 53 pointing to an internal BIND DNS server
A company’s legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption. Due to new compliance requirements all existing and new data in this database must be encrypted.
How should this be accomplished?
- A . Create an Amazon S3 bucket with server-side encryption enabled Move all the data to Amazon S3 Delete the RDS instance
- B . Enable RDS Multi-AZ mode with encryption at rest enabled. Perform a failover to the standby instance to delete the original instance
- C . Take a snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.
- D . Create an RDS read replica with encryption at rest enabled Promote the read replica to master and switch the application over to the new master Delete the old RDS instance
A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company’s security policy requires that all website traffic be inspected by AWS WAF.
How should the solutions architect comply with these requirements?
- A . Configure an S3 bucket policy to accept requests coming from the AWS WAF Amazon Resource Name (ARN) only.
- B . Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin.
- C . Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only. Associate AWS WAF to CloudFront.
- D . Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket Enable AWS WAF on the distribution
A company is running a web application on Amazon EC2 instances in an Auto Scaling group. The application uses a database that runs on an Amazon RDS for PostgreSQL DB instance. The application performs slowly as traffic increases, and the database experiences a heavy read load during periods of high traffic.
Which actions should a solutions architect take to resolve these performance issues? (Select TWO.)
- A . Enable auto scaling for the DB instance.
- B . Create a read replica for the DB instance. Configure the application to send read traffic to the read replica.
- C . Enable Multi-AZ for the DB instance. Configure the application to send read traffic to the standby DB instance.
- D . Create an Amazon ElastiCache cluster. Configure the application to cache query results in the ElastiCache cluster.
- E . Configure the Auto Scaling group subnets to ensure that the EC2 instances are provisioned in the same Availability Zone as the DB instance.
A solutions architect must design a database solution for a high-traffic ecommerce web application. The database stores customer profiles and shopping cart information. The database must support a peak load of several million requests each second and deliver responses in milliseconds. The operational overhead for managing and scaling the database must be minimized
Which database solution should the solutions architect recommend?
- A . Amazon Aurora
- B . Amazon DynamoDB
- C . Amazon RDS
- D . Amazon Redshift
A solutions architect is redesigning a monolithic application to be a loosely coupled application composed of two microservices: Microservice A and Microservice B Microservice A places messages in a mam Amazon Simple Queue Service (Amazon SOS) queue for Microservice B to consume When Microservice B fails to process a message after four retries, the message needs to be removed from the queue and stored for further investigation.
What should the solutions architect do to meet these requirements?
- A . Create an SQS dead-letter queue Microservice B adds failed messages to that queue after it receives and fails to process the message four times.
- B . Create an SQS dead-letter queue Configure the main SQS queue to deliver messages to the dead-letter queue after the message has been received four times.
- C . Create an SQS queue for failed messages Microservice A adds failed messages to that queue after Microservice B receives and fails to process the message four times.
- D . Create an SQS queue for failed messages. Configure the SQS queue for failed messages to pull messages from the main SQS queue after the original message has been received four times.
B
Explanation:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html#sqs-dead-letter-queues-how-they-work
A company currently has 250 TB of backup files stored in Amazon S3 in a vendor’s proprietary format. Using a Linux-based software application provided by the vendor, the company wants to retrieve files from Amazon S3, transform the files to an industry-standard format, and re-upload them to Amazon S3. The company wants to minimize the data transfer charges associated with this conversion
What should a solutions architect do to accomplish this?
- A . Install the conversion software as an Amazon S3 batch operation so the data is transformed without leaving Amazon S3
- B . Install the conversion software onto an on-premises virtual machine. Perform the transformation and re-upload the files to Amazon S3 from the virtual machine.
- C . Use AWS Snowball Edge devices to export the data and install the conversion software onto the devices. Perform the data transformation and re-upload the files to Amazon S3 from the Snowball Edge devices
- D . Launch an Amazon EC2 instance in the same Region as Amazon S3 and install the conversion software onto the instance. Perform the transformation and re-upload the files to Amazon S3 from the EC2 instance.
A company is deploying a two-tier web application in a VPC. The web tier is using an Amazon EC2 Auto Scaling group with public subnets that span multiple Availability Zones. The database tier consists of an Amazon RDS for MySQL DB instance in separate private subnets. The web tier requires access to the database to retrieve product information.
The web application is not working as intended. The web application reports that it cannot connect to the database. The database is confirmed to be up and running. All configurations for the network ACLs. security groups, and route tables are still in their default states.
What should a solutions architect recommend to fix the application?
- A . Add an explicit rule to the private subnet’s network ACL to allow traffic from the web tier’s EC2 instances.
- B . Add a route in the VPC route table to allow traffic between the web tier’s EC2 instances and Ihe database tier.
- C . Deploy the web tier’s EC2 instances and the database tier’s RDS instance into two separate VPCs. and configure VPC peering.
- D . Add an inbound rule to the security group of the database tier’s RDS instance to allow traffic from the web tier’s security group.
Latest SAA-C02 Dumps Valid Version with 230 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
