Amazon SAP-C02 Exam Questions

Exam Name: AWS Certified Solutions Architect – Professional Exam

Exam Code: SAP-C02

Related Certification(s): Amazon Professional Certifications, Amazon AWS Certified Solutions Architect Professional Certifications

Certification Provider: Amazon

Actual Exam Duration: 180 Minutes

Number of SAP-C02 Practice Questions: 629 (updated: )

Expected SAP-C02 Exam Topics, as suggested by Amazon:

Note: AWS SAP-C02 Premium Questions were last updated on

Question #1

A company hosts a metadata API on Amazon EC2 instances behind an internet-facing Application Load Balancer (ALB).
Only internal applications that run on EC2 instances in separate AWS accounts need to access the metadata API.
All the internal EC2 instances use NAT gateways.
A new policy requires that traffic between internal applications must not travel across the public internet.

Which solution will meet this requirement?

A. Create an HTTP API in Amazon API Gateway and configure a VPC link. B. Create a private REST API in Amazon API Gateway and share endpoints using AWS RAM. C. Create an internal ALB and use an NLB with AWS PrivateLink. D. Create an internal ALB and configure AWS PrivateLink endpoint service for the ALB.

Creating an internal ALB and configuring it as a PrivateLink endpoint service enables private connectivity between internal applications and the metadata API, ensuring traffic does not traverse the public internet. PrivateLink provides secure, private access across AWS accounts.

Question #2

An EC2-based ticketing service pulls a frequently updated pricing file (stored in S3) on startup.
Sometimes EC2 instances have stale pricing, causing charge issues.

Which solution will resolve this issue?

A. Lambda updates DynamoDB with new prices. B. Lambda updates Amazon EFS. C. Use Mountpoint for S3 to mount the pricing file to EC2. D. Use Multi-Attach EBS volume.

Mountpoint for Amazon S3 allows EC2 instances to mount S3 buckets as POSIX file systems so they always read the latest file without copying or syncing data.

Question #3

A company runs a web application on EC2 instances behind an ALB with AWS WAF.
External customers must connect using IP addresses instead of DNS.

Which solution provides static IPs with the least operational overhead?

A. Replace the ALB with a Network Load Balancer. B. Assign an Elastic IP to the ALB. C. Create an AWS Global Accelerator with the ALB as the endpoint. D. Use Amazon CloudFront and provide the distribution IP.

AWS Global Accelerator provides static Anycast IP addresses while routing traffic to ALB endpoints globally with high availability and low latency.

Question #4

A company deploys applications across multiple VPCs connected through a Transit Gateway.
Security audit shows EC2 instances can communicate with all VPCs.
Traffic must be limited so VPCs can communicate only with authorized VPCs.

Which solution will meet this requirement?

A. Update subnet network ACL rules. B. Update security groups to deny unauthorized traffic. C. Create a dedicated transit gateway route table for each VPC attachment. D. Update the VPC route tables.

Transit Gateway supports multiple route tables. By creating dedicated route tables per VPC attachment you can segment traffic and allow communication only with authorized VPCs.

Question #5

A company uses AWS Organizations and has a central VPC with a Site-to-Site VPN to on-premises.
A new AWS account must use the same networking resources.

Which solution is the most cost-effective?

A. Create a new VPC and new VPN connection. B. Share the VPN connection using AWS RAM. C. Create a VPC and connect via virtual private gateway. D. Share subnets in the central VPC using AWS Resource Access Manager.

AWS Resource Access Manager allows sharing VPC subnets across accounts so multiple accounts can use centralized networking resources.

Get All Amazon SAP-C02 Exam Questions