AWS Certified Solutions Architect – Associate
Learn more about this certification and AWS resources that can help you
prepare
This credential helps organizations identify and develop talent with critical
skills for implementing cloud initiatives. Earning AWS Certified Solutions
Architect – Associate validates the ability to design and implement distributed
systems on AWS.
Who should take this exam?
AWS Certified Solutions Architect – Associate is intended for anyone with
one or more years of hands-on experience designing available, cost-efficient,
fault-tolerant, and scalable distributed systems on AWS. Before you take this
exam, we recommend you have:
One year of hands-on experience with AWS technology, including using compute,
networking, storage, and database AWS services as well as AWS deployment and
management services
Experience deploying, managing, and operating workloads on AWS as well as
implementing security controls and compliance requirements
Familiarity with using both the AWS Management Console and the AWS Command Line
Interface (CLI)
Understanding of the AWS Well-Architected Framework, AWS networking, security
services, and the AWS global infrastructure
Ability to identify which AWS services meet a given technical requirement and to
define technical requirements for an AWS-based application
What does it take to earn this certification?
To earn this certification, you’ll need to take and pass the AWS Certified
Solutions Architect – Associate exam (SAA-C02). The exam features a combination
of two question formats: multiple choice and multiple response. Additional
information, such as the exam content outline and passing score, is in the exam
guide.
Review sample questions that demonstrate the format of the questions used on
this exam and include rationales for the correct answers.
Introduction
The AWS Certified Solutions Architect – Associate (SAA-C02) exam is intended
for individuals who perform in a solutions architect role. The exam validates a
candidate’s ability to design secure and robust solutions by using AWS
technologies.
The exam also validates a candidate’s ability to complete the following tasks:
Design a solution by using appropriate AWS services and by following
architectural principles based on requirements
Provide implementation guidance based on best practices to the organization
throughout the workload lifecycle
Target candidate description
The target candidate should have at least 1 year of hands-on experience
designing secure, high-performing, cost-effective, highly available, and
scalable systems by using AWS services.
Recommended AWS knowledge
The target candidate should have the following knowledge:
Hands-on experience using compute, networking, storage, management, and
database AWS services
The ability to identify and define technical requirements for a solution that
involves AWS technology
The ability to identify which AWS services meet a given technical requirement
An understanding of best practices for building well-architected solutions on
AWS
An understanding of the AWS global infrastructure
An understanding of AWS security services and features in relation to
traditional services
What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target
candidate is not expected to be able to perform. These items are out of scope
for the exam:
Design a complex, hybrid network architecture
Design identity federation within multiple accounts
Design an architecture that meets compliance requirements
Incorporate specialized services in a design
Develop deployment strategies
Create a migration strategy for complex multi-tier applications
For a detailed list of specific tools and technologies that might be covered
on the exam, as well as a list of in-scope AWS services, refer to the Appendix.
Exam content Response types
There are two types of questions on the exam:
Multiple choice: Has one correct response and three incorrect responses (distractors)
Multiple response: Has two or more correct responses out of five or more
response options
Select one or more responses that best complete the statement or answer the
question. Distractors, or incorrect answers, are response options that a
candidate with incomplete knowledge or skill might choose. Distractors are
generally plausible responses that match the content area.
Unanswered questions are scored as incorrect; there is no penalty for guessing.
The exam includes 50 questions that will affect your score.
Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS
collects information about candidate performance on these unscored questions to
evaluate these questions for future use as scored questions. These unscored
questions are not identified on the exam.
Exam results
The AWS Certified Solutions Architect – Associate exam is a pass or fail
exam. The exam is scored against a minimum standard established by AWS
professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The
minimum passing score is 720. Your score shows how you performed on the exam as
a whole and whether or not you passed. Scaled scoring models help equate scores
across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance
at each section level. This information provides general feedback about your
exam performance. The exam uses a compensatory scoring model, which means that
you do not need to achieve a passing score in each section. You need to pass
only the overall exam.
Each section of the exam has a specific weighting, so some sections have more
questions than other sections have. The table contains general information that
highlights your strengths and weaknesses. Use caution when interpreting
section-level feedback.
Content outline
This exam guide includes weightings, test domains, and objectives for the exam.
It is not a comprehensive listing of the content on the exam. However,
additional context for each of the objectives is available to help guide your
preparation for the exam. The following table lists the main content domains and
their weightings. The table precedes the complete exam content outline, which
includes the additional context. The percentage in each domain represents only
scored content.
Domain % of Exam
Domain 1: Design Resilient Architectures 30%
Domain 2: Design High-Performing Architectures 28%
Domain 3: Design Secure Applications and Architectures 24%
Domain 4: Design Cost-Optimized Architectures 18%
TOTAL 100%
| Domain
1: Design Resilient Architectures 1.1 Design a multi-tier architecture solution Determine a solution design based on access patterns. Determine a scaling strategy for components used in a design. Select an appropriate database based on requirements. Select an appropriate compute and storage service based on requirements. 1.2 Design highly available and/or fault-tolerant architectures Determine the amount of resources needed to provide a fault-tolerant architecture across Availability Zones. Select a highly available configuration to mitigate single points of failure. Apply AWS services to improve the reliability of legacy applications when application changes are not possible. Select an appropriate disaster recovery strategy to meet business requirements. Identify key performance indicators to ensure the high availability of the solution. 1.3 Design decoupling mechanisms using AWS services Determine which AWS services can be leveraged to achieve loose coupling of components. Determine when to leverage serverless technologies to enable decoupling. 1.4 Choose appropriate resilient storage Define a strategy to ensure the durability of data. Identify how data service consistency will affect the operation of the application. Select data services that will meet the access requirements of the application. Identify storage services that can be used with hybrid or non-cloud-native applications. Domain 2: Design High-Performing Architectures 2.1 Identify elastic and scalable compute solutions for a workload Select the appropriate instance(s) based on compute, storage, and networking requirements. Choose the appropriate architecture and services that scale to meet performance requirements. Identify metrics to monitor the performance of the solution. 2.2 Select high-performing and scalable storage solutions for a workload Select a storage service and configuration that meets performance demands. Determine storage services that can scale to accommodate future needs. 2.3 Select high-performing networking solutions for a workload Select appropriate AWS connectivity options to meet performance demands. Select appropriate features to optimize connectivity to AWS public services. Determine an edge caching strategy to provide performance benefits. Select appropriate data transfer service for migration and/or ingestion. 2.4 Choose high-performing database solutions for a workload Select an appropriate database scaling strategy. Determine when database caching is required for performance improvement. Choose a suitable database service to meet performance needs. |
Domain
3: Design Secure Applications and Architectures 3.1 Design secure access to AWS resources Determine when to choose between users, groups, and roles. Interpret the net effect of a given access policy. Select appropriate techniques to secure a root account. Determine ways to secure credentials using features of AWS IAM. Determine the secure method for an application to access AWS APIs. Select appropriate services to create traceability for access to AWS resources. 3.2 Design secure application tiers Given traffic control requirements, determine when and how to use security groups and network ACLs. Determine a network segmentation strategy using public and private subnets. Select the appropriate routing mechanism to securely access AWS service endpoints or internet-based resources from Amazon VPC. Select appropriate AWS services to protect applications from external threats. 3.3 Select appropriate data security options Determine the policies that need to be applied to objects based on access patterns. Select appropriate encryption options for data at rest and in transit for AWS services. Select appropriate key management options based on requirements. Domain 4: Design Cost-Optimized Architectures 4.1 Identify cost-effective storage solutions Determine the most cost-effective data storage options based on requirements. Apply automated processes to ensure that data over time is stored on storage tiers that minimize costs. 4.2 Identify cost-effective compute and database services Determine the most cost-effective Amazon EC2 billing options for each aspect of the workload. Determine the most cost-effective database options based on requirements. Select appropriate scaling strategies from a cost perspective. Select and size compute resources that are optimally suited for the workload. Determine options to minimize total cost of ownership (TCO) through managed services and serverless architectures. 4.3 Design cost-optimized network architectures Identify when content delivery can be used to reduce costs. Determine strategies to reduce data transfer costs within AWS. Determine the most cost-effective connectivity options between AWS and on-premises environments. |
Appendix
Which key tools, technologies, and concepts might be covered on the exam?
The following is a non-exhaustive list of the tools and technologies that could
appear on the exam. This list is subject to change and is provided to help you
understand the general scope of services, features, or technologies on the exam.
The general tools and technologies in this list appear in no particular order.
AWS services are grouped according to their primary functions. While some of
these technologies will likely be covered more than others on the exam, the
order and placement of them in this list is no indication of relative weight or
importance:
Compute
Cost management
Database
Disaster recovery
High availability
Management and governance
Microservices and component decoupling
Migration and data transfer
Networking, connectivity, and content delivery
Security
Serverless design principles
Storage
AWS services and features Analytics: Amazon Athena Amazon Elasticsearch Service (Amazon ES) Amazon EMR AWS Glue Amazon Kinesis Amazon QuickSight AWS Billing and Cost Management: AWS Budgets Cost Explorer Application Integration: Amazon Simple Notification Service (Amazon SNS) Amazon Simple Queue Service (Amazon SQS) Compute: Amazon EC2 AWS Elastic Beanstalk Amazon Elastic Container Service (Amazon ECS) Amazon Elastic Kubernetes Service (Amazon EKS) Elastic Load Balancing AWS Fargate AWS Lambda Database: Amazon Aurora Amazon DynamoDB Amazon ElastiCache Amazon RDS Amazon Redshift Management and Governance: AWS Auto Scaling AWS Backup AWS CloudFormation AWS CloudTrail Amazon CloudWatch AWS Config Amazon EventBridge (Amazon CloudWatch Events) AWS Organizations AWS Resource Access Manager AWS Systems Manager AWS Trusted Advisor |
Migration and Transfer: AWS Database Migration Service (AWS DMS) AWS DataSync AWS Migration Hub AWS Server Migration Service (AWS SMS) AWS Snowball AWS Transfer Family Networking and Content Delivery: Amazon API Gateway Amazon CloudFront AWS Direct Connect AWS Global Accelerator Amazon Route 53 AWS Transit Gateway Amazon VPC (and associated features) Security, Identity, and Compliance: AWS Certificate Manager (ACM) AWS Directory Service Amazon GuardDuty AWS Identity and Access Management (IAM) Amazon Inspector AWS Key Management Service (AWS KMS) Amazon Macie AWS Secrets Manager AWS Shield AWS Single Sign-On AWS WAF Storage: Amazon Elastic Block Store (Amazon EBS) Amazon Elastic File System (Amazon EFS) Amazon FSx Amazon S3 Amazon S3 Glacier AWS Storage Gateway |
QUESTION 1
A solutions architect is designing a solution where users will be directed to a
backup static error page if the
primary website is unavailable. The primary website’s DNS records are hosted in
Amazon Route 53 where
their domain is pointing to an Application Load Balancer (ALB).
Which configuration should the solutions architect use to meet the company’s
needs while minimizing changes
and infrastructure overhead?
A. Point a Route 53 alias record to an Amazon CloudFront distribution with the
ALB as one of its origins.
Then, create custom error pages for the distribution.
B. Set up a Route 53 active-passive failover configuration. Direct traffic to a
static error page hosted within an
Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is
unhealthy.
C. Update the Route 53 record to use a latency-based routing policy. Add the
backup static error page hosted
within an Amazon S3 bucket to the record so the traffic is sent to the most
responsive endpoints.
D. Set up a Route 53 active-active configuration with the ALB and an Amazon EC2
instance hosting a static
error page as endpoints. Route 53 will only send requests to the instance if the
health checks fail for the ALB.
Answer: B
QUESTION 2
A solutions architect is designing a high performance computing (HPC)
workload on Amazon EC2. The EC2
instances need to communicate to each other frequently and require network
performance with low latency and high throughput.
Which EC2 configuration meets these requirements?
A. Launch the EC2 instances in a cluster placement group in one Availability
Zone.
B. Launch the EC2 instances in a spread placement group in one Availability
Zone.
C. Launch the EC2 instances in an Auto Scaling group in two Regions and peer the
VPCs.
D. Launch the EC2 instances in an Auto Scaling group spanning multiple
Availability Zones.
Answer: A
QUESTION 3
A company wants to host a scalable web application on AWS. The application
will be accessed by users from
different geographic regions of the world. Application users will be able to
download and upload unique data
up to gigabytes in size. The development team wants a cost-effective solution to
minimize upload and
download latency and maximize performance.
What should a solutions architect do to accomplish this?
A. Use Amazon S3 with Transfer Acceleration to host the application.
B. Use Amazon S3 with CacheControl headers to host the application.
C. Use Amazon EC2 with Auto Scaling and Amazon CloudFront to host the
application.
D. Use Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the
application.
Answer: C
QUESTION 4
A company is migrating from an on-premises infrastructure to the AWS Cloud.
One of the company’s
applications stores files on a Windows file server farm that uses Distributed
File System Replication (DFSR) to
keep data in sync. A solutions architect needs to replace the file server farm.
Which service should the solutions architect use?
A. Amazon Elastic File System (Amazon EFS)
B. Amazon FSx
C. Amazon S3
D. AWS Storage Gateway
Answer: B
QUESTION 5
A company has a legacy application that processes data in two parts. The
second part of the process takes
longer than the first, so the company has decided to rewrite the application as
two microservices running on
Amazon ECS that can scale independently.
How should a solutions architect integrate the microservices?
A. Implement code in microservice 1 to send data to an Amazon S3 bucket. Use S3
event notifications to
invoke microservice 2.
B. Implement code in microservice 1 to publish data to an Amazon SNS topic.
Implement code in microservice
2 to subscribe to this topic.
C. Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose.
Implement code in
microservice 2 to read from Kinesis Data Firehose.
D. Implement code in microservice 1 to send data to an Amazon SQS queue.
Implement code in microservice
2 to process messages from the queue.
Answer: D
QUESTION 6
A company captures clickstream data from multiple websites and analyzes it
using batch processing. The data
is loaded nightly into Amazon Redshift and is consumed by business analysts. The
company wants to move
towards near-real-time data processing for timely insights. The solution should
process the streaming data with
minimal effort and operational overhead.
Which combination of AWS services are MOST cost-effective for this solution?
(Choose two.)
A. Amazon EC2
B. AWS Lambda
C. Amazon Kinesis Data Streams
D. Amazon Kinesis Data Firehose
E. Amazon Kinesis Data Analytics
Answer: B,D
QUESTION 7
A company’s application runs on Amazon EC2 instances behind an Application Load
Balancer (ALB). The
instances run in an Amazon EC2 Auto Scaling group across multiple Availability
Zones. On the first day of
every month at midnight, the application becomes much slower when the month-end
financial calculation batch
executes. This causes the CPU utilization of the EC2 instances to immediately
peak to 100%, which disrupts
the application.
What should a solutions architect recommend to ensure the application is able to
handle the workload and
avoid downtime?
A. Configure an Amazon CloudFront distribution in front of the ALB.
B. Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization.
C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly
schedule.
D. Configure Amazon ElastiCache to remove some of the workload from the EC2
instances.
Answer: C
QUESTION 8
A company runs a multi-tier web application that hosts news content. The
application runs on Amazon EC2
instances behind an Application Load Balancer. The instances run in an EC2 Auto
Scaling group across
multiple Availability Zones and use an Amazon Aurora database. A solutions
architect needs to make the
application more resilient to periodic increases in request rates.
Which architecture should the solutions architect implement? (Choose two.)
A. Add AWS Shield.
B. Add Aurora Replica.
C. Add AWS Direct Connect.
D. Add AWS Global Accelerator.
E. Add an Amazon CloudFront distribution in front of the Application Load
Balancer.
Answer: D,E
QUESTION 9
An application running on AWS uses an Amazon Aurora Multi-AZ deployment for
its database. When
evaluating performance metrics, a solutions architect discovered that the
database reads are causing high I/O
and adding latency to the write requests against the database.
What should the solutions architect do to separate the read requests from the
write requests?
A. Enable read-through caching on the Amazon Aurora database.
B. Update the application to read from the Multi-AZ standby instance.
C. Create a read replica and modify the application to use the appropriate
endpoint.
D. Create a second Amazon Aurora database and link it to the primary database as
a read replica.
Answer: C
Examkingdom AWS Solution Architect Associate Exam SAA-C02 Exam pdf, Certkingdom AWS Solution Architect Associate Exam SAA-C02 PDF
Best AWS Solution Architect Associate Exam SAA-C02 Certification, AWS Solution Architect Associate Exam SAA-C02 Training at certkingdom.com
