Amazon SAA-C02 AWS Certified Solutions Architect – Associate Online Training
Amazon SAA-C02 Online Training
The questions for SAA-C02 were last updated at Feb 28,2026.
- Exam Code: SAA-C02
- Exam Name: AWS Certified Solutions Architect – Associate
- Certification Provider: Amazon
- Latest update: Feb 28,2026
A company’s near-real-time streaming application is running on AWS. As the data is ingested, a job runs on the data and takes 30 minutes to complete. The workload frequently experiences high latency due to large amounts of incoming data A solutions architect needs to design a scalable and serverless solution to enhance performance.
Which combination of steps should the solutions architect take? (Select TWO.)
- A . Use Amazon Kinesis Data Firehose to ingest the data
- B . Use AWS Lambda with AWS Step Functions to process the data.
- C . Use AWS Database Migration Service (AWS DMS) to ingest the data.
- D . Use Amazon EC2 instances in an Auto Scaling group to process the data
- E . Use AWS Fargate with Amazon Elastic Container Service (Amazon ECS) to process the data.
An administrator of a large company wants to monitor for and prevent any cryptocurrency-related attacks on the company’s AWS accounts.
Which AWS service can the administrator use to protect the company against attacks?
- A . Amazon Cognito
- B . Amazon GuardDuty
- C . Amazon Inspector
- D . Amazon Macie
A company has a custom application running on an Amazon EC2 instance that
• Reads a large amount of data from Amazon S3
• Performs a multi-stage analysis.
Writes the results to Amazon DynamoDB
The application writes a significant number of large, temporary files during the multi-stage analysis. The process performance depends on the temporary storage performance .
What would be the fastest storage option for holding the temporary files?
- A . Multiple Amazon S3 buckets with Transfer Acceleration for storage
- B . Multiple Amazon EBS drives with Provisioned IOPS and EBS optimization
- C . Multiple Amazon EFS volumes using the Network File System version 4 1 (NFSv4 1) protocol
- D . Multiple instance store volumes with software RAID 0.
A solutions architect needs to design a managed storage solution for a company’s application that includes high-performance machine learning This application runs on AWS Fargate, and the connected storage needs to have concurrent access to files and deliver high performance
Which storage option should the solutions architect recommend?
- A . Create an Amazon S3 bucket for the application and establish an IAM role for Fargate to communicate with Amazon S3
- B . Create an Amazon FSx for Lustre file share and establish an IAM role that allows Fargate to communicate with FSx for Lustre
- C . Create an Amazon Elastic File System (Amazon EFS) file share and establish an IAM role that allows Fargate to communicate with Amazon EFS.
- D . Create an Amazon Elastic Block Store (Amazon EBS) volume for the application and establish an IAM role that allows Fargate to communicate with Amazon EBS
A company is launching a new application that will be hosted on Amazon EC2 instances. A solutions architect needs to design a solution that does not allow public IPv4 access that originates from the internet. However, the solution must allow the EC2 instances to make outbound IPv4 internet requests.
The initial design proposal shows that the EC2 instances would be located in two private subnets across two Availability Zones. The entire architecture must be highly available.
How should the solutions architect change the architecture to meet these requirements?
- A . Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure one route table for each private subnet.
- B . Deploy an internet gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.
- C . Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.
- D . Deploy an egress-only internet gateway in public subnets in both Availability Zones.
Create and configure one route table for each private subnet.
A company’s facility has badge readers at every entrance throughout the building. When badges are scanned, the readers send a message over HTTPS to indicate who attempted to access that particular entrance.
A solutions architect must design a system to process these messages from the sensors. The solution must be highly available, and the results must be made available for the company’s security team to analyze.
Which system architecture should the solutions architect recommend?
- A . Launch an Amazon EC2 instance to serve as the HTTPS endpoint and to process the messages Configure the EC2 instance to save the results to an Amazon S3 bucket.
- B . Create an HTTPS endpoint in Amazon API Gateway. Configure the API Gateway endpoint to invoke an AWS Lambda function to process the messages and save the results to an Amazon DynamoDB table.
- C . Use Amazon Route 53 to direct incoming sensor messages to an AWS Lambda function. Configure the Lambda function to process the messages and save the results to an Amazon DynamoDB table.
- D . Create a gateway VPC endpoint for Amazon S3. Configure a Site-to-Site VPN connection from the facility network to the VPC so that sensor data can be written directly to an S3 bucket by way of the VPC endpoint.
A company’s security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently.
What should a solutions architect do to meet these requirements when configuring the logs?
- A . Use Amazon CloudWatch as the target. Set the CloudWatch log group with an expiration of 90 days.
- B . Use Amazon Kinesis as the target Configure the Kinesis stream to always retain the logs for 90 days
- C . Use AWS CloudTrail as the target. Configure CloudTrail to save to an Amazon S3 bucket, and enable S3 Intelligent-Tiering
- D . Use Amazon S3 as the target Enable an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days
A company hosts historical weather records in Amazon S3. The records are downloaded from the company’s website by way of a URL that resolves to a domain name Users all over the world access this content through subscriptions. A third-party provider hosts the company’s root domain name, but the company recently migrated some of its services to Amazon Route 53. The company wants to consolidate contracts, reduce latency for users, and reduce costs related to serving the application to subscribers.
Which solution meets these requirements?
- A . Create a web distribution on Amazon CloudFront to serve the S3 content for the application Create a CNAME record in a Route 53 hosted zone that points to the CloudFront distribution, resolving to the application’s URL domain name.
- B . Create a web distribution on Amazon CloudFront to serve the S3 content for the application Create an ALIAS record in the Amazon Route 53 hosted zone that points to the
CloudFront distribution, resolving to the application’s URL domain name. - C . Create an A record in a Route 53 hosted zone for the application. Create a Route 53 traffic policy for the web application, and configure a geolocation rule. Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is unhealthy.
- D . Create an A record in a Route 53 hosted zone for the application. Create a Route 53 traffic policy for the web application, and configure a geoproximity rule. Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is unhealthy
A company is designing a new web service that will run on Amazon EC2 instances behind an Elastic Load Balancer. However, many of the web service clients can only reach IP addresses whitelisted on their firewalls.
What should a solutions architect recommend to meet the clients’ needs?
- A . A Network Load Balancer with an associated Elastic IP address
- B . An Application Load Balancer with an associated Elastic IP address
- C . An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address
- D . An EC2 instance with a public IP address running as a proxy in front of the load balancer
A company is using AWS Key Management Service (AWS KMS) customer master keys (CMKs) to encrypt AWS Lambda environment variables A solutions architect needs to ensure that the required permissions are in place to decrypt and use the environment variables.
Which steps must the solutions architect take to implement the correct permissions? (Select TWO.)
- A . Add AWS KMS permissions in the Lambda resource policy
- B . Add AWS KMS permissions in the Lambda execution role
- C . Add AWS KMS permissions in the Lambda function policy.
- D . Allow the Lambda execution role in the AWS KMS key policy
- E . Allow the Lambda resource policy in the AWS KMS key policy.
Latest SAA-C02 Dumps Valid Version with 230 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
