AWS Solutions Architect Professional

SAP-C02 Exam Study Portal

Questions75
Duration180 min
Passing750/1000
Cost$300 USD

Exam Domains

1

Design Solutions for Organizational Complexity

26%

Key Topics:

  • Multi-account strategies — AWS Organizations, SCPs, Control Tower, delegated admin
  • Cross-account access — IAM roles, resource-based policies, RAM
  • Hybrid connectivity — Direct Connect, Site-to-Site VPN, Transit Gateway
  • Network design — VPC peering, PrivateLink, multi-region VPC architectures
  • Compliance — AWS Config, CloudTrail org trails, centralized logging

💡 Pro Tips:

  • Know when to use SCP vs IAM policy vs permission boundary
  • Transit Gateway vs VPC Peering — cost, scale, transitive routing
  • Direct Connect + VPN as backup for HA hybrid connectivity
2

Design for New Solutions

29%

Key Topics:

  • Compute — EC2 placement groups, ECS vs EKS, Lambda concurrency, Fargate
  • Storage — S3 classes, EFS vs FSx, Storage Gateway types
  • Databases — Aurora Global, DynamoDB Global Tables, ElastiCache strategies
  • Serverless — API Gateway, Step Functions, EventBridge, SQS/SNS fan-out
  • Analytics — Kinesis Data Streams vs Firehose, Athena, Redshift, Lake Formation

💡 Pro Tips:

  • Aurora Global DB: 1-second replication, promote for DR
  • DynamoDB Global Tables: multi-active, last-writer-wins
  • Know Kinesis Data Streams (real-time) vs Firehose (near real-time, managed delivery)
3

Migration Planning

15%

Key Topics:

  • Migration strategies — 7 Rs (Rehost, Replatform, Refactor, Repurchase, Retire, Retain, Relocate)
  • Data transfer — Snowball, DataSync, Transfer Family, DMS + SCT
  • Application migration — MGN (Application Migration Service), VM Import/Export
  • Database migration — DMS, SCT, homogeneous vs heterogeneous
  • Network migration — Direct Connect setup, VPN as interim

💡 Pro Tips:

  • Snowball Edge for >10TB, Snowmobile for >10PB
  • DMS supports continuous replication for minimal downtime
  • MGN = preferred lift-and-shift tool (replaced SMS)
4

Cost Optimization

10%

Key Topics:

  • Pricing models — Reserved, Savings Plans, Spot, On-Demand capacity reservations
  • Storage optimization — S3 Intelligent-Tiering, lifecycle policies, EBS gp3 vs gp2
  • Compute optimization — Right-sizing, Compute Optimizer, Graviton instances
  • Data transfer costs — VPC endpoints, CloudFront, same-AZ placement
  • Monitoring — Cost Explorer, Budgets, Cost Anomaly Detection

💡 Pro Tips:

  • Savings Plans: Compute SP (most flexible) vs EC2 Instance SP (biggest discount)
  • S3 Intelligent-Tiering has no retrieval fees — ideal for unpredictable access
  • VPC Gateway Endpoints (S3/DynamoDB) are free — always use them
5

Continuous Improvement for Existing Solutions

20%

Key Topics:

  • Reliability — Multi-AZ, multi-Region, Route 53 failover, pilot light vs warm standby
  • Performance — CloudFront, Global Accelerator, DAX, read replicas
  • Security — WAF, Shield Advanced, GuardDuty, Security Hub, Macie
  • Operational excellence — CloudFormation StackSets, Systems Manager, Config rules
  • Observability — CloudWatch, X-Ray, OpenSearch dashboards

💡 Pro Tips:

  • DR strategies by RTO: Backup & Restore > Pilot Light > Warm Standby > Multi-Site Active
  • Global Accelerator = static IPs + TCP/UDP; CloudFront = HTTP caching
  • Shield Advanced: DDoS cost protection + 24/7 DRT access

Practice Quiz

Quick Reference Cheat Sheet

🌐 Networking

VPC PeeringNon-transitive, cross-region/account
Transit GatewayHub-spoke, transitive, 5000 attachments
PrivateLinkExpose service to other VPCs privately
Direct ConnectDedicated 1/10/100 Gbps, 1-month lead
Global AcceleratorAnycast IPs, TCP/UDP, health-check failover

💾 Storage

S3 StandardFrequently accessed, 99.99% availability
S3 IAInfrequent, 30-day min, retrieval fee
S3 Glacier InstantMillisecond retrieval, quarterly access
S3 Glacier Deep12-48hr retrieval, cheapest archive
EFSNFS, Linux, multi-AZ, elastic
FSx LustreHPC, ML, S3 integration
FSx NetAppMulti-protocol (NFS/SMB/iSCSI)

🗄️ Databases

Aurora5x MySQL, 3x Postgres, 6 copies/3 AZs
Aurora Global<1s replication, cross-region DR
DynamoDBSingle-digit ms, auto-scaling, DAX cache
ElastiCache RedisPub/sub, sorted sets, persistence
RedshiftOLAP, columnar, Spectrum for S3
NeptuneGraph DB, social networks, fraud

🔒 Security

SCPOrg-wide guardrails, deny-list pattern
Permission BoundaryMax permissions for IAM entity
WAFLayer 7, SQL injection, XSS, rate limit
Shield AdvancedDDoS, cost protection, DRT
GuardDutyThreat detection, VPC/DNS/CloudTrail
MacieS3 PII/sensitive data discovery
KMSCMK, auto-rotation, cross-account grants

Study Resources

📘 Well-Architected Framework 🏗️ AWS Architecture Center 📄 AWS Whitepapers 🎯 Official Exam Guide 🎓 AWS Skill Builder 📝 AWS Architecture Blog