Practice SAP-C02 Design for New Solutions questions with full explanations on every answer.
Start practicing
Design for New Solutions — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A company wants to migrate a monolithic application to AWS and redesign it using microservices. The application uses a MySQL database. The company wants to minimize operational overhead and enable each microservice to have its own database. Which AWS service should the company use to implement the database layer?
2A company is designing a serverless application using AWS Lambda functions. The application processes events from an Amazon SQS queue. The company wants to ensure that the Lambda function can scale to handle a sudden increase in messages without losing any messages. The Lambda function must process each message at least once. Which configuration should the company use?
3A company is designing a multi-account AWS environment using AWS Organizations. The company has several business units that each require their own VPC in shared accounts managed centrally. The company wants to enable VPC sharing to allow business units to create resources in shared subnets while maintaining network isolation. Which combination of steps should the company take to achieve this? (Choose TWO.)
4A company is designing a disaster recovery solution for a critical application that runs on Amazon EC2 instances in a single AWS Region. The application uses an Amazon RDS for MySQL database. The recovery time objective (RTO) is 1 hour and the recovery point objective (RPO) is 15 minutes. Which combination of steps should the company take to meet these requirements? (Choose THREE.)
5A company is designing a serverless data processing pipeline using AWS Step Functions, AWS Lambda, and Amazon DynamoDB. The pipeline must process incoming JSON records from an Amazon Kinesis Data Stream. Each record must be processed exactly once and in order. The company expects a throughput of up to 1,000 records per second. Which combination of services and configurations should the company use to meet these requirements? (Choose TWO.)
6A company is designing a new application that will be deployed on Amazon ECS with Fargate launch type. The application needs to store configuration data, including database connection strings, that must be encrypted at rest. The company wants to follow best practices for managing secrets. Which solution should the company use?
7A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). They want to implement a blue/green deployment strategy with minimal impact on users. Which approach should they use?
8A company is designing a serverless application using AWS Lambda for business logic and Amazon API Gateway for REST APIs. The application needs to store and retrieve user session data. Which service should they use for session state?
9A company is migrating a monolithic application to microservices on Amazon ECS with Fargate. The application has variable traffic patterns, with high traffic during business hours and low traffic at night. They want to optimize costs while maintaining performance. Which scaling strategy should they implement?
10A company needs to design a disaster recovery (DR) solution for a critical database running on Amazon RDS for MySQL. The RTO is 15 minutes and RPO is 5 minutes. The primary region is us-east-1. Which solution meets these requirements?
11A company wants to design a highly available, stateless web application using Amazon ECS with Fargate. They need to distribute traffic across multiple AWS Regions for low latency. Which approach should they use?
12A company is designing a new application that will process sensitive financial data. They need to ensure encryption at rest and in transit. Which of the following should they use? (Select TWO.)
13A company is deploying a microservices architecture on Amazon ECS with Fargate. They need to enable service-to-service communication with mutual TLS (mTLS) and service discovery. Which combination of services should they use? (Select THREE.)
14A company is designing a new application on AWS that requires a relational database with read replicas across multiple AWS Regions. The database must have automated failover and a recovery point objective (RPO) of less than 5 seconds. Which database solution should the company choose?
15A company is designing a serverless event-driven architecture using AWS Lambda, Amazon SQS, and Amazon DynamoDB. The Lambda function processes messages from an SQS queue and writes to DynamoDB. The company expects unpredictable traffic spikes and must ensure that messages are not lost. Which configuration should the company use to meet these requirements?
16A company is designing a microservices architecture on Amazon ECS with AWS Fargate. The services need to communicate with each other using HTTP APIs. The company wants to minimize operational overhead and enable canary deployments. Which solution should the company use for service discovery and traffic routing?
17A company is migrating a monolithic application to a microservices architecture on AWS. The application uses a relational database with complex queries. The company wants to reduce operational overhead and achieve high availability. Which database strategy should the company adopt for the microservices?
18A company is designing a data lake on Amazon S3 for analytics. The data is ingested from multiple sources and must be encrypted at rest. The company requires the ability to audit access to the data lake and enforce fine-grained access control based on tags. Which solution should the company choose?
19A company is designing a new application on AWS that requires a highly available and scalable web tier. The web servers must be stateless and scale automatically based on CPU utilization. Which TWO actions should the company take to meet these requirements?
20A company is designing a new containerized application on Amazon EKS. The application must be able to access secrets (e.g., database credentials) securely. The company requires that secrets be automatically rotated and audited. Which THREE actions should the company take to meet these requirements?
21A company is designing a new real-time analytics platform that ingests data from thousands of IoT devices. The devices send JSON messages every second to an AWS IoT Core topic. The messages must be processed and stored in Amazon S3 for long-term analysis. The processing includes enrichment by calling a third-party API to add location data. The company expects the workload to vary significantly, with peak traffic of 100,000 messages per second. The solution must be cost-effective and minimize operational overhead. The current architecture uses a Lambda function subscribed to the IoT topic, which processes each message and writes to S3. However, during initial testing, the Lambda function frequently times out due to the third-party API latency, causing message loss. What should the company do to resolve this issue while meeting all requirements?
22A company is designing a new microservices architecture on AWS. Each microservice must be independently deployable and scalable. The company expects unpredictable traffic patterns with sudden spikes. Which combination of AWS services should be used to build a decoupled, resilient system?
23A company is migrating a monolithic legacy application to a microservices architecture on AWS. The application currently uses a relational database with complex joins. The migration must minimize application changes. Which database strategy should be used for the new architecture?
24A solutions architect is designing a new serverless application using AWS Lambda to process orders from an API Gateway endpoint and store them in DynamoDB. The architect creates the IAM role shown in the exhibit. When testing, the Lambda function fails to write to DynamoDB with an AccessDeniedException. What is the MOST likely cause?
25A company is designing a new microservices architecture on AWS. They need a solution for service discovery that allows services to register themselves and discover other services dynamically. The solution must be highly available and integrated with AWS-native services. Which AWS service should they use?
26A company is designing a new application that will process sensitive data. The application will run on Amazon ECS with Fargate. The security team requires that all data at rest be encrypted, and that encryption keys be managed by the company's own hardware security module (HSM) in an on-premises data center. Which TWO steps should the company take to meet these requirements? (Choose TWO.)
27A company has attached the above bucket policy to an S3 bucket. The bucket is accessed by an application running on an EC2 instance in the same AWS account. The EC2 instance is in a private subnet and uses an S3 Gateway Endpoint (vpce-12345678) to access the bucket. The application is failing to get objects from the bucket. What is the most likely cause?
28A company is designing a new web application that will be deployed on AWS. The application consists of an Application Load Balancer (ALB) in front of an Auto Scaling group of EC2 instances running a web server. The application must be highly available across multiple Availability Zones. The company expects variable traffic patterns, including sudden spikes. The operations team wants to minimize manual intervention. The application stores session state in a shared data store. The security team requires that all traffic between the ALB and the EC2 instances be encrypted. The company is using AWS Certificate Manager (ACM) to manage SSL/TLS certificates. The ALB must terminate SSL/TLS connections. Which combination of actions should the company take to meet these requirements?
29Drag and drop the steps to migrate an on-premises MySQL database to Amazon RDS using AWS DMS in the correct order.
30Drag and drop the steps to set up a cross-region VPC peering connection in the correct order.
31Drag and drop the steps to recover an Amazon RDS Multi-AZ DB instance after a primary instance failure in the correct order.
32Match each storage class to its description.
33Match each AWS security service to its purpose.
34Match each AWS cost management tool to its use.
35A company is designing a new microservices architecture on AWS. They need to ensure that services can communicate asynchronously without direct coupling. Which AWS service should they use to decouple the services?
36A financial services company needs to store sensitive customer data in Amazon S3 with encryption at rest. They require that the encryption keys be stored in AWS CloudHSM and that the S3 bucket must not be able to access the keys without explicit permission. Which S3 encryption option should they use?
37A startup is building a serverless application using AWS Lambda. They need to store session state that can be shared across multiple Lambda invocations. Which AWS service should they use?
38A company is designing a multi-tier web application on AWS. They want to ensure that the web tier can scale automatically based on CPU utilization. Which AWS service should they use?
39A company is migrating a legacy monolithic application to AWS. They want to refactor the application into microservices and use container orchestration. Which AWS service should they use to manage the containers?
40A company needs to provide a global content delivery solution with low latency. Which AWS service should they use?
41A company is designing a data lake on AWS using Amazon S3. They need to run SQL queries on the data without moving it to a separate database. Which AWS service should they use?
42A company is designing a disaster recovery solution for a critical database using Amazon RDS Multi-AZ. However, they also need to protect against regional failures. Which additional AWS service should they use?
43A company wants to implement a serverless architecture where an AWS Lambda function is triggered whenever a new object is uploaded to an S3 bucket. Which S3 feature should they use?
44A company is designing a new application on AWS that requires a highly available and fault-tolerant architecture. Which TWO design principles should they follow?
45A company is building a serverless application using AWS Lambda and Amazon API Gateway. They need to authenticate users. Which TWO services can be used for authentication?
46A company is designing a new system that will use Amazon S3 to store sensitive data. Which THREE methods can be used to encrypt data at rest in S3?
47An administrator runs the above commands on an S3 bucket. What is the effect of these configurations on an object uploaded to the bucket?
48An IAM policy attached to an S3 bucket is shown. What is the net effect on requests to read objects from the bucket?
49An administrator runs the above commands and observes the outputs. The instance is in a public subnet with an internet gateway. What is the most likely issue preventing users from accessing the web server?
50A company is designing a new microservices-based application on AWS. They want to ensure that services can discover each other dynamically and that traffic can be load balanced across multiple Availability Zones. Which AWS service should they use for service discovery?
51A financial services company needs to design a solution for storing sensitive customer data that must be encrypted at rest using a customer-managed key stored in AWS Key Management Service (KMS). The data will be accessed by multiple EC2 instances in an Auto Scaling group. The company needs to rotate the key every 90 days and ensure that old encrypted data can still be decrypted. Which key strategy should they use?
52A startup is building a serverless application using AWS Lambda. They need to securely store and retrieve database credentials without hardcoding them in the function code. Which AWS service should they use?
53A company is designing a new application that will run on Amazon ECS with Fargate. The application needs to output logs to CloudWatch Logs. Which configuration should be used to send logs from the container to CloudWatch?
54A company is designing a multi-region disaster recovery solution for a critical application using Amazon RDS for MySQL. They need a Recovery Point Objective (RPO) of less than 5 seconds and a Recovery Time Objective (RTO) of less than 1 minute. Which solution should they choose?
55A company is building a new web application that will be accessed by users globally. They want to minimize latency and protect against DDoS attacks. Which AWS service should they use as the entry point?
56A company is designing a new solution that uses Amazon S3 to store large amounts of archival data. The data must be retained for 7 years and then automatically deleted. Which S3 feature should they use?
57A company is migrating a legacy on-premises application to AWS. The application requires a fixed IP address for whitelisting by external partners. The solution must be highly available across multiple Availability Zones. Which design should they use?
58A company wants to share a large dataset stored in Amazon S3 with a partner who has their own AWS account. The partner needs to access the data using their own account credentials. Which approach should the company use?
59Which TWO strategies can be used to reduce the cost of Amazon DynamoDB tables for a new application with unpredictable traffic patterns? (Choose two.)
60Which THREE factors should be considered when designing a VPC for a new application that must be compliant with the Payment Card Industry Data Security Standard (PCI DSS)? (Choose three.)
61Which TWO AWS services can be used to decouple components in a new microservices architecture? (Choose two.)
62A Solutions Architect runs the AWS CLI command shown in the exhibit. Which statement accurately describes the output?
63A Solutions Architect is reviewing the IAM policy shown in the exhibit. The policy is attached to an IAM user. Which of the following is true about this policy?
64A Solutions Architect is reviewing the CloudFormation template snippet shown in the exhibit. What will happen when this template is deployed?
65A company is designing a new application that will run on Amazon EC2 instances behind an Application Load Balancer. The application needs to store session state. Which AWS service provides a fully managed, highly scalable solution for session state management?
66A company is deploying a containerized microservices architecture on Amazon ECS with Fargate. They need to securely store and rotate database credentials. Which AWS service should they use?
67A company is designing a disaster recovery solution that must recover an application in a different AWS Region within 15 minutes of a failure. The application uses an Amazon Aurora MySQL DB cluster. Which combination of strategies will meet the recovery time objective (RTO) while minimizing costs?
68A company wants to serve static content (images and videos) to users worldwide with low latency. The content is stored in an Amazon S3 bucket. What is the most cost-effective solution?
69A company runs a web application on EC2 instances in an Auto Scaling group behind an Application Load Balancer. The application experiences sudden traffic spikes. What is the most effective way to ensure the application can handle the spikes without manual intervention?
70A company is migrating a legacy on-premises application to AWS. The application requires a shared file system that can be mounted by multiple EC2 instances concurrently, with strong consistency and low-latency access. Which AWS storage solution should be used?
71A company wants to decouple a front-end web application from a backend processing service to improve scalability. Which AWS service should be used to send tasks from the web tier to the processing tier?
72A company is designing a new application that will process sensitive financial data. The data must be encrypted at rest and in transit. The application runs on EC2 instances. Which combination of services meets these requirements?
73A company is building a serverless application using AWS Lambda. The function needs to access a private Amazon RDS MySQL database. The Lambda function and the RDS instance are in the same VPC. What is the correct way to configure the Lambda function to connect to the database?
74A company is designing a new application that will be hosted on AWS. The application must be highly available across multiple Availability Zones. Which of the following services provide built-in high availability across AZs? (Choose TWO.)
75A company is designing a new application that will process streaming data from thousands of IoT devices. The data must be ingested in real time and then processed using Apache Flink. Which services should be used? (Choose TWO.)
76A company wants to implement a cost-effective disaster recovery strategy for a production Amazon RDS for PostgreSQL database. The solution must provide a recovery point objective (RPO) of less than 5 minutes and a recovery time objective (RTO) of less than 15 minutes. Which strategies meet these requirements? (Choose THREE.)
77A company is migrating a legacy monolithic application to AWS. The application currently uses a shared filesystem for storing user-uploaded documents. The company wants to decouple storage and compute, ensure high durability, and minimize operational overhead. Which AWS service should the company use to replace the shared filesystem?
78A company runs a high-traffic web application on Amazon EC2 instances behind an Application Load Balancer. The application experiences intermittent latency spikes during peak hours. Analysis shows that the latency spikes correlate with high CPU utilization on the EC2 instances. The company wants to reduce latency without over-provisioning. Which solution is MOST cost-effective and scalable?
79A startup is building a serverless application using AWS Lambda for business logic and Amazon DynamoDB for data storage. The application must process a high volume of writes to a single DynamoDB table. The development team is concerned about throttling due to hot partitions. Which design should the team implement to avoid throttling?
80A company is designing a data lake on AWS using Amazon S3 as the storage layer. The data includes sensitive customer information that must be encrypted at rest. The company also needs to regularly rotate the encryption keys. Which solution meets these requirements with the least operational overhead?
81A media company is building a video transcoding pipeline using AWS Elemental MediaConvert. The source videos are uploaded to an S3 bucket, and the transcoded outputs are stored in another S3 bucket. The company wants to trigger the transcoding job as soon as a new video is uploaded. The pipeline must handle high volumes of uploads and ensure that no upload is missed. Which solution is MOST reliable and scalable?
82A company is deploying a web application on AWS that requires a relational database. The application is read-heavy and expects sudden spikes in traffic. The database must be highly available and perform well under load. Which database configuration meets these requirements?
83A company is running a containerized application on Amazon ECS with Fargate launch type. The application needs to store persistent data that must be shared across multiple containers in the same task. Which storage option should the company use?
84A company is designing a multi-region disaster recovery solution for a critical application. The application uses Amazon RDS for MySQL with Multi-AZ in the primary region. The recovery point objective (RPO) is 5 seconds, and the recovery time objective (RTO) is 1 minute. Which solution meets these requirements?
85A company wants to give its developers access to specific Amazon S3 buckets based on their team membership. The company uses AWS IAM Identity Center (successor to AWS SSO) for user management. Which approach should the company use to grant fine-grained access?
86A company is designing a microservices architecture using Amazon ECS with Fargate. The services need to communicate with each other. The company wants to implement service discovery and load balancing at the application layer. Which TWO services should the company use?
87A company is building a data analytics pipeline. Raw data is ingested into an Amazon S3 bucket. The data must be transformed and loaded into Amazon Redshift for analysis. The pipeline must handle late-arriving data and ensure data consistency. Which THREE AWS services should the company use?
88A company is designing a cost-effective architecture for a batch processing job that runs nightly. The job can tolerate interruptions and requires significant compute power for a few hours. The company wants to minimize costs. Which TWO strategies should the company use?
89An IAM policy is attached to an IAM role that is assumed by an EC2 instance. The EC2 instance has an IP address of 10.0.1.15. The instance is unable to download objects from the S3 bucket 'example-bucket'. What is the MOST likely cause?
90An organization has deployed the above CloudFormation template. They want to ensure that all uploads to the bucket are encrypted in transit. However, users are still able to upload objects over unencrypted HTTP. What is the MOST likely reason?
91A solutions architect is troubleshooting an EC2 instance that is not sending metrics to CloudWatch. The instance is running and has internet connectivity. Based on the exhibit, what is the MOST likely reason?
92A company is designing a new application that will process real-time streaming data from thousands of IoT devices. The data must be ingested, processed with low latency, and stored in Amazon S3 for analytics. Which combination of AWS services should the company use to meet these requirements?
93A company is designing a multi-account AWS environment using AWS Organizations. The security team requires that all Amazon S3 buckets across accounts must have server access logging enabled and must block public access. What is the MOST scalable and secure way to enforce these requirements?
94A company is designing a serverless application using AWS Lambda that processes images uploaded to an S3 bucket. The processing time varies but typically completes within 5 minutes. The Lambda function needs to access a VPC-hosted database. What is the BEST way to configure the Lambda function to access the database while minimizing cold start latency?
95A company is migrating a monolithic application to microservices on Amazon ECS. The application needs to communicate with external partners via HTTPS. The company wants to use mTLS for mutual authentication. Which AWS service should be used to handle the mTLS termination?
96A company is designing a disaster recovery solution for a critical application running on Amazon EC2. The application uses an Amazon RDS for MySQL database. The recovery time objective (RTO) is 15 minutes, and the recovery point objective (RPO) is 1 hour. The primary region is us-east-1, and the secondary region is us-west-2. Which solution meets the requirements with the LOWEST cost?
97A company wants to design a cost-effective solution to store infrequently accessed log files for 7 years. The logs are generated daily and must be available for retrieval within 24 hours. Which Amazon S3 storage class should be used?
98A company is designing an event-driven architecture using Amazon EventBridge. They have multiple AWS accounts that need to receive events from a central account. What is the MOST scalable and secure way to route events to these accounts?
99A company is designing a new application that will run on Amazon EKS. The application requires persistent storage that can be accessed by multiple pods simultaneously. The storage must be highly available and durable. Which storage solution should be used?
100A company is designing a new web application on AWS. The application must be highly available and scale automatically based on traffic. The architecture includes an Application Load Balancer (ALB) and an Auto Scaling group of EC2 instances. The application stores session state. What is the BEST way to handle session state to ensure high availability?
101A company is designing a new data lake on AWS using Amazon S3. The data must be encrypted at rest. Which TWO options comply with the requirement? (Choose TWO.)
102A company is designing a serverless application that uses Amazon API Gateway and AWS Lambda. The API must be secured using AWS WAF. Which TWO actions should the company take to integrate WAF with API Gateway? (Choose TWO.)
103A company is designing a new microservices architecture using Amazon ECS with Fargate. The services need to communicate with each other. Which THREE mechanisms can be used for service-to-service communication? (Choose THREE.)
104Refer to the exhibit. A company has an S3 bucket policy that requires server-side encryption with AES256 for all objects uploaded. However, users can still upload objects without encryption. What is the MOST likely reason?
105Refer to the exhibit. A CloudFormation stack has been deployed with the VPCId and SubnetIds outputs. A developer wants to use these outputs as parameters in another CloudFormation stack. Which AWS service can be used to pass these values to the new stack?
106Refer to the exhibit. An IAM policy allows ec2:Describe* actions on all resources. A developer wants to also allow describing RDS instances. Which action must be added to the policy?
107A company is designing a new microservices application on AWS. Each microservice needs to store and retrieve stateful data with low latency (single-digit milliseconds). The data must be durable and highly available across multiple Availability Zones. Which AWS service should be used for the primary data store for each microservice?
108A company wants to design a serverless event-driven architecture where multiple downstream services need to process events from a single source. Events must be reliably delivered and each downstream service must process every event independently. Which AWS service should be used as the event router?
109A company is designing a new hybrid cloud solution that requires low-latency access to on-premises data from AWS. The connection must be highly available and encrypted. The company has multiple VPCs and on-premises locations. Which combination of services meets these requirements?
110A company is designing a new application that will run on Amazon ECS with Fargate. The application must be able to read and write files to a shared file system that is accessible from multiple tasks simultaneously. The file system must be durable and support NFS protocol. Which storage solution should be used?
111A company is designing a new global application that will serve users worldwide. The application uses an Application Load Balancer (ALB) in a single region. To reduce latency for users in other regions, the company wants to cache static content at edge locations. The dynamic content must still be served from the ALB. Which configuration should be used?
112A company is designing a new application that will process sensitive financial transactions. The application must be deployed in a VPC with no public internet access. The application needs to send logs to Amazon CloudWatch Logs and store files in Amazon S3. Which set of actions should be taken to meet these requirements without allowing internet access?
113A company is designing a new CI/CD pipeline for a containerized application using AWS CodePipeline. The application source code is stored in an Amazon S3 bucket. The pipeline must automatically build a Docker image from the source code and push it to Amazon ECR. Which action should be used as the build provider?
114A company is designing a new application that must be highly available across multiple AWS Regions. The application will run on EC2 instances behind an Application Load Balancer. The company needs a DNS-based routing policy that routes users to the nearest healthy endpoint based on latency. Which Amazon Route 53 routing policy should be used?
115A company is designing a new data lake on AWS using Amazon S3. The data will be ingested from various sources, including IoT devices, application logs, and streaming data. The data must be processed in near real-time as it arrives. Which combination of services should be used for ingestion and processing?
116A company is designing a new multi-tier web application on AWS. The application consists of a public-facing Application Load Balancer, a fleet of EC2 instances in private subnets, and an RDS database in a private subnet. The security team requires that all traffic between the ALB and EC2 instances be encrypted, and that the EC2 instances have no direct internet access. Which TWO actions should the company take to meet these requirements? (Choose TWO.)
117A company is designing a new serverless application using AWS Lambda. The application must process files uploaded to an S3 bucket. Each file can be up to 1 GB in size. The processing time for each file is expected to be up to 15 minutes. The company wants to minimize cost and operational overhead. Which TWO configuration choices should the company make? (Choose TWO.)
118A company is designing a new VPC with public and private subnets. The company wants to ensure that instances in the private subnets can download updates from the internet, but cannot be directly accessed from the internet. Which THREE components are required to meet these requirements? (Choose THREE.)
119A company is designing a new application that requires a fully managed NoSQL database with single-digit millisecond latency. The application needs to handle sudden spikes in read traffic without manual intervention. Which AWS service should the company choose?
120A company is building a serverless data processing pipeline. Data is uploaded to an S3 bucket, which triggers a Lambda function to transform the data and store the result in another S3 bucket. The Lambda function needs to access a VPC-hosted database for enrichment. What is the MOST secure way to allow the Lambda function to access the VPC resources?
121A company is designing a multi-region active-active application using Amazon Aurora Global Database. The application must have Recovery Point Objective (RPO) of less than 1 second and Recovery Time Objective (RTO) of less than 1 minute in case of a regional failure. Which configuration meets these requirements?
122A company is designing a new microservices architecture on Amazon ECS with Fargate. Each microservice must be isolated and able to communicate with others only through defined APIs. Which solution provides the BEST isolation and security?
123A company is designing a new application that will store sensitive user data in Amazon S3. Compliance requirements mandate that all data must be encrypted at rest using a key that is managed by the company and rotated automatically every year. Which solution meets these requirements?
124A company is designing a new data lake on Amazon S3 using AWS Glue for ETL. The data is partitioned by date and sensitive columns must be masked for non-privileged users. The solution must minimize storage costs and allow different masking policies per user. Which approach should the architect recommend?
125A company needs to provide temporary, limited-privilege credentials to mobile app users to access AWS resources. Which AWS service should the architect recommend?
126A company is designing a new web application that requires a scalable, low-latency key-value store for session state. The application runs on EC2 instances in an Auto Scaling group. Which solution is the MOST cost-effective and scalable?
127A company is designing a new real-time analytics platform that processes streaming data from IoT devices. The data must be ingested, processed with windowed aggregations, and stored in Amazon S3 for long-term analytics. The solution must handle late-arriving data and provide exactly-once processing semantics. Which combination of AWS services should the architect use?
128A company is designing a new web application that will run on Amazon EC2 instances behind an Application Load Balancer. The application must be highly available across multiple Availability Zones. Which TWO actions should the architect take? (Choose TWO.)
129A company is designing a new batch processing system that processes large files from Amazon S3. The processing is CPU-intensive and can take up to 2 hours per file. The company wants to minimize cost and avoid idle compute capacity. Which THREE components should the architect include? (Choose THREE.)
130A company is designing a new disaster recovery solution for a critical application that runs on Amazon EC2 with an Amazon RDS for MySQL database. The Recovery Time Objective (RTO) is 15 minutes and Recovery Point Objective (RPO) is 1 hour. Which TWO strategies meet these requirements? (Choose TWO.)
131A solutions architect runs the above CLI command. What is the output format?
132An IAM policy is attached to an IAM user. The user tries to download an object from S3 bucket 'example-bucket' from an IP address 10.0.1.5. What will happen?
133A solutions architect attempts to create this stack but receives an error: "Value of property SecurityGroups must be a list of strings". What is the likely cause?
134A company is designing a new serverless application on AWS. The application consists of multiple AWS Lambda functions that process incoming events from an Amazon SQS queue. The company wants to ensure that each message is processed exactly once. Which configuration should the company use?
135A company is designing a new web application that will be deployed on Amazon ECS with Fargate. The application must scale based on the number of requests per container. The company wants to use a service that can automatically adjust the number of tasks based on a custom metric. Which solution should the company use?
136A company is building a new data lake on AWS. The data is stored in Amazon S3 and will be queried using Amazon Athena. The company wants to minimize query costs. Which S3 storage class should the company use for the data?
137A company is designing a new microservices architecture on AWS. The company wants to use a service mesh to manage service-to-service communication, observability, and security. Which AWS service should the company use?
138A company is designing a disaster recovery solution for a critical application that runs on Amazon EC2 instances in a single AWS Region. The application uses an Amazon RDS for MySQL database. The company wants to achieve a recovery point objective (RPO) of 5 seconds and a recovery time objective (RTO) of 15 minutes. Which solution should the company use?
139A company is designing a new application that will run on Amazon EKS. The development team wants to deploy containers in a way that minimizes operational overhead. Which compute option should the company choose?
140A company is designing a new serverless data processing pipeline. The pipeline uses AWS Lambda to process records from an Amazon Kinesis Data Stream. The company wants to ensure that failed records are automatically retried and sent to a dead-letter queue after three failed attempts. Which configuration should the company use?
141A company is designing a new application that requires low-latency access to a shared dataset across multiple EC2 instances in the same AWS Region. The dataset is updated frequently. Which storage solution should the company use?
142A company is designing a new CI/CD pipeline for a web application that will be deployed on Amazon ECS. Which AWS service should the company use to build and test the application code?
143A company is designing a new application that will run on Amazon EC2 instances behind an Application Load Balancer. The company wants to ensure that traffic to the application is encrypted in transit. Which TWO actions should the company take?
144A company is designing a new serverless application using AWS Lambda. The application must be invoked by an Amazon S3 bucket event. The company wants to ensure that the Lambda function has the necessary permissions to be invoked. Which THREE steps are required?
145A company is designing a new database solution for a global e-commerce application. The database must support high read and write throughput with single-digit millisecond latency. The company expects traffic spikes during peak hours. Which TWO AWS services should the company consider?
146A company has an IAM policy attached to a user. The user is trying to download an object from the S3 bucket 'my-bucket' that was uploaded with SSE-S3 encryption. What will happen?
147A CloudFormation stack output is as above. The company wants to use the SQS queue URL in another stack. Which intrinsic function should be used to reference the queue URL in the second stack?
148An ALB is configured with a target group for HTTP:80. The health check returns a 302 redirect. What is the most likely cause of the unhealthy instances?
149A company is designing a new microservices architecture using Amazon ECS with Fargate. Each service must be isolated within its own VPC and communicate via AWS PrivateLink. The company expects variable traffic and wants to minimize costs. Which solution meets these requirements?
150A financial services company is designing a solution to process real-time stock trade data. The data is ingested via Amazon Kinesis Data Streams with a shard count of 10. Each shard receives 500 records per second, each record is 1 KB. The company needs to archive all raw data to Amazon S3 within 5 minutes of receipt and also run a Lambda function to enrich each record. What is the most cost-effective and scalable approach?
151A startup wants to deploy a web application on AWS with a serverless architecture. The application includes static content (HTML, CSS, JS) and a REST API backend using Lambda and DynamoDB. The company wants low latency and high availability globally. Which combination of services should they use?
152A company is designing a disaster recovery architecture for a critical application. The primary region runs on Amazon EC2 with an RDS database. The recovery time objective (RTO) is 15 minutes, and recovery point objective (RPO) is 1 minute. Which TWO steps should be taken to meet these objectives?
153A company is migrating a monolithic application to microservices on AWS. The current application uses a single Amazon RDS for PostgreSQL database. To avoid tight coupling, each microservice should have its own database. The company needs to minimize downtime during migration. Which THREE strategies should be used?
154A company wants to store configuration data for multiple applications securely. Each application runs on Amazon EC2 instances in an Auto Scaling group. The configuration includes database credentials and API keys. Which TWO services should be used together to achieve this?
155Refer to the exhibit. An IAM policy is attached to a user who needs to upload objects to an S3 bucket owned by another AWS account. The uploads are failing with access denied. What is the most likely cause?
156Refer to the exhibit. A solutions architect runs this CLI command but receives an error: 'Unknown options: --query'. What is the most likely cause?
157Refer to the exhibit. A CloudFormation template creates an S3 bucket with versioning and a public bucket policy. After deployment, users can access objects in the bucket via the internet. However, the security team requires that all access be logged. What is missing from this configuration?
158A company is designing a new application that processes sensitive healthcare data. The application runs on Amazon ECS with Fargate and uses an Application Load Balancer. The company must ensure that all data in transit is encrypted. Which step should be taken?
159A company is designing a data lake on AWS using Amazon S3. The data lake will store petabytes of data from various sources. The company needs to query the data using Amazon Athena and Amazon Redshift Spectrum. The data is highly compressed and stored in Parquet format. Which storage class should be used to minimize costs while maintaining immediate query performance?
160A company wants to deploy a containerized application on AWS. The application requires persistent storage that can be shared across multiple containers running on different EC2 instances. Which AWS service should be used?
161A company is designing a new solution to ingest real-time clickstream data from a website. The data volume varies from 100 to 100,000 events per second. The solution must buffer the data for up to 5 minutes and then deliver it to Amazon S3 for analysis. The company wants to minimize operational overhead and cost. Which service should be used to buffer the data?
162A company is designing a new microservices architecture using AWS Lambda. Each microservice has its own database. The company wants to securely store database credentials and rotate them automatically. Which AWS service should be used?
163A company is designing a multi-region active-active application using Amazon DynamoDB global tables. The application requires strong consistency reads. However, global tables only support eventual consistency. What should the solutions architect do to meet the requirement?
164A company is designing a new serverless application using AWS Lambda to process high-resolution images uploaded to Amazon S3. Each image can be up to 500 MB. The processing must complete within 5 minutes. What is the MOST cost-effective and scalable design to meet these requirements?
165A financial services company is designing a multi-account AWS environment using AWS Organizations. They need to enforce that all newly created S3 buckets in any account have server-side encryption enabled using AWS KMS (SSE-KMS) with a customer managed key. Additionally, they want to prevent any S3 bucket from being publicly accessible. What is the MOST efficient and comprehensive way to enforce these policies?
166A startup is building a web application on AWS that requires a relational database. They expect unpredictable traffic patterns and want to minimize costs while ensuring high availability. Which database solution should they choose?
167A media company is designing a video transcoding pipeline. They receive raw video files in Amazon S3, which need to be transcoded into multiple formats. The pipeline must handle sporadic bursts of uploads and complete processing within 30 minutes for each video. The cost should be minimized. Which design should they use?
168A company is designing a disaster recovery (DR) solution for a critical application running on Amazon EC2 instances in a single AWS Region. The DR site will be in a different Region. The application data is stored in an Amazon RDS for MySQL DB instance with Multi-AZ enabled. The Recovery Point Objective (RPO) is 15 minutes, and the Recovery Time Objective (RTO) is 2 hours. Which strategy meets these requirements MOST cost-effectively?
169A company is designing a microservices architecture on Amazon ECS with Fargate. They want to ensure that services can communicate with each other but are isolated from the internet. What is the MOST secure way to achieve this?
170A company is designing a data lake on Amazon S3. Data is ingested from various sources, including IoT devices, and must be stored in a cost-effective manner. The data access patterns are unpredictable; some data is accessed frequently for a few days, then rarely accessed. The company wants to minimize storage costs while ensuring data is available within minutes when accessed. Which storage class should they use for the data?
171A company is designing a new application on AWS that uses Amazon API Gateway and AWS Lambda to expose a RESTful API. The API must authenticate requests using OAuth 2.0 with an external identity provider (IdP). The company wants to offload the authentication logic to the API Gateway. Which API Gateway feature should they use?
172A company is designing a new web application that will run on Amazon EC2 instances behind an Application Load Balancer (ALB). The application must support sticky sessions. What should they do?
173A company is designing a new serverless data processing pipeline that uses Amazon Kinesis Data Streams to ingest real-time clickstream data. The data must be processed using AWS Lambda and then stored in Amazon S3. The company needs to ensure that records are processed in order within each shard and that each record is processed exactly once. Which configuration should they use? (Choose TWO.)
174A company is designing a new multi-tier web application on AWS. The application uses an Auto Scaling group of EC2 instances for the web tier and an Amazon RDS for PostgreSQL DB instance for the database. To improve security, the company wants to ensure that the web tier instances can connect to the database only through a specific port and that the database is not accessible from the internet. Which steps should the company take? (Choose THREE.)
175A company is designing a new static website hosted on Amazon S3. They want to use Amazon CloudFront as a content delivery network (CDN) to serve the website globally with low latency. The website content must be encrypted in transit. Which configurations should they use? (Choose TWO.)
176A company has an IAM policy attached to a user as shown in the exhibit. The user is trying to stop an EC2 instance in the us-west-2 region. What will happen?
177A solutions architect is troubleshooting an issue where an EC2 instance cannot connect to the internet. The output of the describe-instances CLI command is shown in the exhibit. The instance is in a VPC with a public subnet that has a route table with a default route pointing to an internet gateway. The security group allows outbound traffic to 0.0.0.0/0. What is the MOST likely cause of the problem?
178A company has an S3 bucket policy as shown in the exhibit. The bucket 'my-bucket' is owned by account 111111111111. What access does this policy grant to account 123456789012?
179A company is designing a new application that requires a relational database with automated backups and multi-AZ redundancy. The database workload is predictable with occasional read replicas for reporting. Which AWS service should be used?
180A startup needs a serverless compute service to run code in response to S3 events. The code should execute within milliseconds and require no server management. Which AWS service should be used?
181A company is designing a microservices architecture on ECS with Fargate. Services need to communicate securely within a VPC and be accessible from the internet via an Application Load Balancer. The solution must minimize operational overhead. Which networking configuration should be used?
182A company needs to store configuration files for multiple environments (dev, test, prod) and retrieve them programmatically with versioning and access control. Which AWS service should be used?
183A company is migrating a legacy monolithic application to a microservices architecture on AWS. The application has a relational database with complex queries. The team wants to minimize changes to the existing codebase. Which database migration strategy should be recommended?
184A company wants to decouple a web application frontend from a backend processing service. The frontend sends jobs that are processed asynchronously. Which AWS service is best suited for this decoupling?
185A company is designing a new application that requires a global content delivery network with low latency and DDoS protection. Which combination of AWS services should be used?
186A company needs to provide temporary credentials for users to access an S3 bucket for exactly 1 hour. The solution must not require any custom code or user management. Which AWS service should be used?
187A company is designing a new application that will run on EC2 instances behind an Application Load Balancer. The application must handle sudden spikes in traffic without manual intervention. Which scaling strategy should be used?
188A company is designing a new application that requires a highly available and durable NoSQL database. Which TWO services should be considered? (Choose TWO.)
189A company is designing a new microservices architecture that requires service discovery and API management. Which THREE services can be used together to achieve this? (Choose THREE.)
190A company is designing a data lake on S3 with sensitive data that must be encrypted at rest and audited. Which TWO services should be used? (Choose TWO.)
191An IAM policy is attached to an IAM user. The user is testing from an IP address 10.0.1.5. What is the effect of the policy?
192A developer runs the above AWS CLI command. What is the expected output?
193An S3 bucket is created using the above CloudFormation template. What happens to objects in the bucket after 30 days?
194A company is designing a multi-tier web application on AWS. The application requires high availability across multiple Availability Zones. Which AWS service should be used to distribute incoming traffic across multiple EC2 instances in different Availability Zones?
195A company is migrating a legacy monolithic application to AWS. The application currently runs on a single server and uses a MySQL database. The company wants to decouple the application into microservices while minimizing changes to the existing code. Which design approach is MOST cost-effective and requires the least code changes?
196A company is designing a data lake on AWS using Amazon S3. The data lake will store sensitive customer data that must be encrypted at rest. The company requires that the encryption keys be managed by the company's own hardware security module (HSM) and rotated every 90 days. Which solution meets these requirements?
197A company is designing a serverless application that processes images uploaded to an S3 bucket. The processing must be asynchronous and can take up to 15 minutes per image. Which AWS service should be used to trigger the processing?
198A company is deploying a web application on AWS. The application requires a relational database with read replicas for scaling read queries. The database must support automatic failover and be Multi-AZ. Which database solution meets these requirements?
199A company wants to provide temporary, limited-privilege credentials to its application running on an EC2 instance so that the application can access an S3 bucket. What is the BEST practice for achieving this?
200A company is designing a microservices architecture using Amazon ECS with Fargate. The services need to communicate with each other. Which approach provides the BEST security and performance?
201A company is designing a disaster recovery (DR) strategy for a critical application. The application runs on EC2 instances in a single AWS Region. The company needs a Recovery Time Objective (RTO) of 2 hours and a Recovery Point Objective (RPO) of 15 minutes. Which TWO strategies meet these requirements? (Choose TWO.)
202A company is designing a serverless data processing pipeline using AWS Lambda. The pipeline processes data from an Amazon Kinesis Data Stream. The Lambda function has a memory limit of 512 MB and a timeout of 5 minutes. The data volume is expected to increase significantly. Which TWO strategies should the company implement to improve throughput and reduce processing latency? (Choose TWO.)
203A company is designing a new cloud-native application on AWS. The application will use a microservices architecture and requires a way to manage configuration data and secrets. Which THREE AWS services can be used to meet these requirements? (Choose THREE.)
204A company is designing a real-time analytics platform that ingests data from thousands of IoT devices. The platform must process and store high-velocity data with low latency. Which TWO AWS services should be used together to meet these requirements? (Choose TWO.)
205A company is deploying a containerized application on Amazon EKS. The application requires persistent storage that can be shared across multiple pods in different Availability Zones. Which TWO storage solutions meet this requirement? (Choose TWO.)
206A company is designing a new microservices architecture on AWS. Each service needs to store and retrieve small amounts of configuration data (under 10 KB per item) with low latency. The data is accessed frequently and must be highly available across multiple Availability Zones. Which AWS service should be used?
207A company is designing a new data lake on AWS. The data lake must support SQL queries using Amazon Athena and also allow Amazon SageMaker to access training data. The solution must minimize storage costs for infrequently accessed data while providing immediate access when needed. Which storage tier should be used for the data lake?
208A company is designing a web application that must handle sudden spikes in traffic. The application runs in a VPC and uses an Application Load Balancer (ALB) to distribute traffic to EC2 instances. The solution must be cost-effective for variable traffic patterns. Which scaling strategy should be used?
209A company is designing a serverless application using AWS Lambda. The function needs to process files uploaded to an S3 bucket and store metadata in DynamoDB. The solution must handle up to 1,000 concurrent invocations. Which configuration should be used to avoid throttling?
210A company is designing a new multi-region disaster recovery solution for a critical database. The database runs on Amazon RDS for MySQL in us-east-1. The recovery point objective (RPO) is 1 second, and the recovery time objective (RTO) is 1 minute. Which strategy meets these requirements?
211A company is designing a solution to capture changes from an Amazon RDS database and stream them to a data lake. Which AWS service should be used to capture database changes in real time?
212A company is designing a new microservices application using Amazon ECS with Fargate. The services need to communicate securely within the VPC. Which approach should be used for service discovery?
213A company is designing a real-time analytics pipeline to process streaming data from IoT devices. The solution must be serverless and handle data transformation before storage. Which combination of services is most cost-effective?
214A company is designing a new application that must meet PCI DSS compliance requirements. The application will process credit card transactions and store encrypted data. Which AWS service should be used to manage the encryption keys?
215A company is designing a new hybrid cloud architecture that extends on-premises storage to AWS. The solution must provide low-latency access to frequently accessed data and use AWS storage for backup. Which TWO services should be used together?
216A company is designing a new serverless application using AWS Lambda. The function needs to access an Amazon RDS database. Which THREE practices should be followed to avoid connection exhaustion?
217A company is designing a new data processing pipeline that must transform data from JSON to Parquet format. The pipeline should run daily and handle data up to 10 GB. Which TWO AWS services can be used to perform this transformation?
218A company is designing a new microservices platform on AWS. The platform consists of 50 microservices, each running in its own Amazon ECS service on AWS Fargate. The services communicate via REST APIs. The company wants to implement a service mesh to handle traffic routing, observability, and security (mTLS). They also need to meet compliance requirements that all traffic between services must be encrypted and logged. The solution must be fully managed and reduce operational overhead. After implementing the service mesh, the operations team notices that latency between services has increased by 20%, and some services are experiencing connection timeouts. The team has enabled mTLS and distributed tracing. Which course of action should the team take to diagnose and resolve the latency issues?
219A company is designing a multi-region active-active application using Amazon Aurora Global Database. The application writes to a custom domain endpoint that routes to the primary cluster. To minimize write latency, the application should write to the nearest region. Which configuration should the solutions architect use?
220A data analytics company is building a real-time streaming pipeline using Amazon Kinesis Data Streams. The data is consumed by multiple consumer applications, each with different processing requirements. The company wants to ensure that each consumer can process records independently without affecting others and can reprocess data from a specific point in time. Which feature should the company use?
221Refer to the exhibit. A solutions architect has attached this IAM policy to an IAM role used by an application. The application is trying to upload an object to the S3 bucket example-bucket with server-side encryption using AWS KMS (SSE-KMS). What will happen?
222A company is deploying a containerized application on Amazon ECS with Fargate. The application needs to store session state data that must be highly available and low latency. The data is accessed frequently and can be recreated if lost. Which storage solution should the solutions architect recommend?
223A company is designing a serverless application using AWS Lambda functions that process messages from an Amazon SQS queue. The Lambda function sometimes experiences throttling, causing messages to be sent to the dead-letter queue (DLQ). The company wants to minimize throttling and ensure that messages are processed in order. What should the solutions architect do?
224A company is hosting a static website on Amazon S3. The website uses JavaScript to make API calls to a backend API hosted on Amazon API Gateway. The company wants to reduce latency for users worldwide. Which combination of AWS services should the solutions architect use? (Choose two.)
225A company is running a stateful web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application stores session data locally on the instance. The company wants to make the application highly available and fault-tolerant without rewriting the application code. What should the solutions architect do?
226Refer to the exhibit. A solutions architect has attached this key policy to an AWS KMS key. The IAM role MyAppRole is used by an application running on an EC2 instance in us-east-1. The application tries to decrypt an object stored in the S3 bucket my-bucket using server-side encryption with AWS KMS (SSE-KMS). What will happen?
227A company wants to migrate an on-premises relational database to Amazon RDS for MySQL with minimal downtime. The database is 500 GB in size. Which AWS service should be used for the initial data load and ongoing replication?
228A company is designing a new application that will be deployed on Amazon EKS. The application must meet PCI DSS compliance requirements. Which TWO steps should the solutions architect take to secure the cluster?
229A company is designing a multi-region disaster recovery solution for a critical application running on Amazon EC2. The application uses an Amazon Aurora MySQL database. The RTO is 15 minutes and RPO is 1 minute. Which THREE steps should the solutions architect take to meet these requirements?
230A company is building a serverless data processing pipeline using AWS Lambda, Amazon DynamoDB, and Amazon S3. The pipeline processes JSON files uploaded to an S3 bucket, transforms the data, and writes results to DynamoDB. The company wants to ensure the pipeline can handle bursts of traffic without data loss. Which TWO design decisions should the solutions architect make?
231A company runs a high-traffic e-commerce platform on AWS. The application consists of a web tier, an application tier, and a database tier using Amazon RDS for PostgreSQL with Multi-AZ. During a recent sales event, the database experienced high CPU utilization and read replicas were added to offload read traffic. However, the application team noticed that some product detail pages were showing stale data (prices and inventory levels) even though the primary database had the correct data. The application uses read replicas for read queries. The solutions architect investigated and found that the read replica lag was minimal (under 1 second). The application uses Django ORM with default transaction isolation. What is the most likely cause of the stale data?
232A media company runs a video processing pipeline on AWS. Videos are uploaded to an S3 bucket, which triggers an AWS Lambda function that transcodes the video into multiple formats using FFmpeg. The transcoding job runs on the Lambda function with a 15-minute timeout. Recently, the company started receiving 4K videos that take more than 15 minutes to transcode. The Lambda function times out, and the video is not processed. The company wants to process these large videos without increasing the Lambda timeout and without rewriting the entire pipeline. What should the solutions architect do?
233A financial services company runs a critical application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application is deployed across multiple Availability Zones. The company recently experienced a DDoS attack that overwhelmed the ALB and caused downtime. The security team wants to implement a solution that can absorb DDoS attacks at the edge and only forward legitimate traffic to the ALB. Additionally, the company needs to protect sensitive data in transit using TLS 1.3. What should the solutions architect do?
234A company is designing a serverless application using AWS Lambda and Amazon API Gateway. The application must handle sudden spikes in traffic and ensure that no requests are lost. Which of the following design choices will BEST meet these requirements?
235A healthcare company is storing sensitive patient data in Amazon S3. The compliance team requires that all data be encrypted at rest and that the encryption keys be rotated every 90 days. Additionally, the company must maintain an audit trail of all key usage. Which solution meets these requirements with the LEAST operational overhead?
236A startup is deploying a web application on Amazon EC2 instances behind an Application Load Balancer. The application stores session state in an Amazon DynamoDB table. To improve performance, the team wants to reduce latency for read-heavy workloads. Which design change would be MOST effective?
237A company is migrating a monolithic application to microservices on Amazon ECS with Fargate. The application currently uses a central MySQL database. The architects plan to refactor the database into separate RDS instances per microservice. Which strategy will ensure data consistency across services with minimal application changes?
238A media company is designing a video transcoding pipeline using AWS Lambda and Amazon S3. The pipeline must process videos uploaded to an S3 bucket, transcode them into multiple formats, and store the results in another S3 bucket. The processing time for each video can vary from a few seconds to several minutes. Which architecture will minimize cost and ensure all videos are processed, even if Lambda execution timeout is reached?
239A company is designing a new web application that will be accessed by users globally. The application uses Amazon CloudFront as a CDN and stores static content in Amazon S3. The dynamic content is served from EC2 instances in a single AWS Region. Which of the following will improve performance for users in distant regions with the LEAST operational effort?
240A company is building a data lake on Amazon S3 using Parquet files. The data will be queried by multiple teams using Amazon Athena. The security team requires that access to sensitive columns (e.g., PII) be restricted based on the user's role. Which solution provides column-level access control with the LEAST administrative overhead?
241A financial services company is designing a multi-tier application that must achieve a Recovery Time Objective (RTO) of 1 hour and a Recovery Point Objective (RPO) of 15 minutes for a database tier. The application uses Amazon RDS for MySQL with Multi-AZ deployment. Which disaster recovery strategy meets these requirements at the LOWEST cost?
242A company is migrating its on-premises Oracle database to Amazon RDS for Oracle. The database is 2 TB in size and has a 100 Mbps internet connection. The migration must be completed within a week and have minimal downtime. Which AWS service should the company use to transfer the initial database dump to AWS?
243Which TWO actions will improve the security posture of an Amazon S3 bucket used to store sensitive data? (Choose two.)
244A company is designing a high-performance computing (HPC) workload on AWS. The workload requires tightly coupled inter-node communication with low latency and high bandwidth. Which THREE services or features should the architect consider to meet these requirements? (Choose three.)
245Which TWO strategies can reduce the cost of storing infrequently accessed data in Amazon S3 while maintaining millisecond retrieval latency? (Choose two.)
246Which THREE design patterns can help a microservices application achieve loose coupling and independent deployability? (Choose three.)
247A company runs a critical web application on EC2 instances in an Auto Scaling group across three Availability Zones. The application uses an Application Load Balancer (ALB) with a target group that has health checks configured. Recently, the operations team noticed that during a deployment, the ALB started routing traffic to a new instance before it was ready to serve requests, causing a brief period of errors. The team wants to ensure that new instances are fully initialized and ready before receiving traffic. The application takes about 30 seconds to start up. Current health check settings: health check protocol HTTP, path /, interval 30 seconds, timeout 5 seconds, healthy threshold 2, unhealthy threshold 2. The deployment uses the Auto Scaling group's instance refresh feature. Which of the following is the MOST effective way to prevent traffic from being sent to instances that are not ready?
248A company is designing a data processing pipeline for real-time analytics. The pipeline ingests data from IoT devices that send JSON messages via MQTT to AWS IoT Core. The messages must be processed in real-time to detect anomalies and the results must be stored in Amazon S3 for later analysis. The company currently uses a Lambda function to process each message, but as the number of devices grows, the Lambda function is being throttled due to concurrency limits. The company needs a solution that scales to handle thousands of devices per second without losing messages. The processed data must be available in S3 within 1 minute of ingestion. Which architecture should the company use?
249A company is designing a microservices architecture on AWS. Each service needs its own DynamoDB table, and services must be fully isolated. Which networking design ensures that services can only communicate through APIs and not directly to each other's databases?
250A company is migrating a legacy application to AWS. The application requires a shared file system that can be mounted by hundreds of EC2 instances across multiple Availability Zones. The file system must provide high throughput and low latency. Which storage solution meets these requirements?
251A solutions architect is designing a disaster recovery plan for a critical application. The application runs on EC2 instances behind an Application Load Balancer (ALB) in us-east-1. The recovery time objective (RTO) is 15 minutes, and the recovery point objective (RPO) is 1 hour. Which approach meets these requirements?
252A company is deploying a serverless application using AWS Lambda. The application processes high-resolution images and stores them in Amazon S3. The processing time for each image is variable, but some images require more than 15 minutes to process. Lambda has a maximum execution time of 15 minutes. How can the company process these long-running image transformations?
253A company is designing a new web application that will be accessed by users worldwide. The application should have low latency and high availability. The application uses a stateless web tier and a relational database. Which architecture minimizes latency for global users?
254A company is deploying a containerized application on Amazon ECS. The application must be highly available and scale automatically based on CPU utilization. The application also needs to be accessible from the internet via a single endpoint. Which combination of services should the solutions architect use?
255A company is designing a new system to ingest and process real-time streaming data from thousands of IoT devices. The system must be able to handle variable throughput and provide durable storage for the data. The data will be processed by a Lambda function and then stored in Amazon S3. Which two services should be used together to build this ingestion pipeline?
256A company is designing a new solution to host a static website with global low latency. The website content is stored in an S3 bucket and must be secured with HTTPS. Which three services or features should be used together to meet these requirements?
257A company is building a new application that requires a relational database with high availability across multiple Availability Zones. The database must automatically failover with minimal downtime. Which two AWS services or features meet these requirements?
258A company is designing a new data lake on AWS. The data lake will store raw data from various sources in Amazon S3. The data will be processed using AWS Glue ETL jobs and queried using Amazon Athena. To optimize costs and performance, which three practices should the solutions architect implement?
259A company runs a critical e-commerce platform on AWS. The application is deployed across multiple Availability Zones in a single region (us-east-1). The architecture includes an Application Load Balancer (ALB), an EC2 Auto Scaling group, and an Amazon RDS for MySQL Multi-AZ database. The application experiences periodic spikes in traffic, and the Auto Scaling group scales out successfully. However, during a recent traffic spike, the database CPU utilization reached 90%, causing increased latency and some database connection timeouts. The company needs to improve the database performance to handle the spikes without over-provisioning. The solutions architect must design a solution that reduces the load on the primary database instance and improves read scalability. The application is read-heavy, with a read-to-write ratio of 80:20. Which solution should the architect implement?
260A company is designing a new microservices application on AWS. The application consists of several services that need to communicate asynchronously. One service generates orders and sends them to a processing service. The order volume can vary significantly, and the processing service must scale independently. The company wants to use a managed service to decouple the services and ensure that messages are not lost. The processing service is written in Python and runs on AWS Lambda. The solutions architect needs to design the message delivery mechanism. The architect decides to use Amazon SQS. However, the Lambda function sometimes fails to process a message due to a transient error, and the message should be retried. After a maximum of three retries, the message should be moved to a dead-letter queue for analysis. Which configuration should the architect use?
261A company is migrating a legacy on-premises application to AWS. The application requires a shared file system that supports the NFS protocol and must be accessible from multiple EC2 instances across different Availability Zones. The file system must provide high durability and low latency. The company also needs to control access to the file system using IAM policies. The solutions architect needs to choose the appropriate AWS storage service. Which service should the architect use?
262A company is migrating a monolithic e-commerce application to a microservices architecture on AWS. The application consists of several services that need to communicate asynchronously. The company wants to decouple the services and ensure that messages are processed exactly once and in order. The current solution uses a single Amazon SQS queue with multiple consumers, but messages are sometimes processed out of order or duplicated. The company needs a solution that guarantees order and exactly-once processing without introducing significant latency. Which approach should be used?
263A healthcare startup is building a HIPAA-compliant application on AWS. The application uses Amazon RDS for MySQL to store patient data. The compliance team requires that all database changes be audited, including SELECT statements. The current solution enables general query logs on the RDS instance, but the logs are stored locally and are lost when the instance is rebooted. Additionally, the logs are consuming significant storage on the instance. The startup needs a durable, scalable, and cost-effective solution for storing and querying database audit logs. Which solution meets these requirements?
264A company is running a web application on AWS Elastic Beanstalk with an Auto Scaling group behind an Application Load Balancer. The application stores session state in an Amazon DynamoDB table. During a traffic spike, the application becomes slow and some users are logged out unexpectedly. The operations team notices that the DynamoDB table's read capacity utilization is consistently at 100%. The company needs to improve the performance of the session store without over-provisioning capacity. Which solution should be implemented?
265A company is deploying a new microservices application on Amazon ECS using Fargate. The application consists of several services that need to communicate with each other. The company wants to use service discovery so that services can find each other by name. Additionally, the company needs to ensure that traffic between services is encrypted in transit. The security team requires that all inter-service traffic uses TLS. Which combination of services should be used to meet these requirements?
266A financial services company is designing a new application that processes sensitive transactions. The application runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The application writes transaction logs to an Amazon EFS file system. The company needs to ensure that the logs are encrypted at rest using a customer-managed AWS KMS key. Additionally, the logs must be retained for 7 years and should not be accessible after that period. Which solution meets the encryption and retention requirements?
267A company is building a new serverless application using AWS Lambda functions. The application processes images uploaded to an Amazon S3 bucket. Each image triggers a Lambda function that resizes the image and stores the result in another S3 bucket. The company expects a high volume of uploads, up to 10,000 images per minute. The current Lambda function is configured with a timeout of 5 minutes and 1024 MB of memory. During testing, the Lambda function times out for large images. What should the company do to ensure the function can process large images without timing out?
268A company is designing a new application that will run on AWS. The application needs to store and retrieve user session data with low latency. The session data is small (less than 1 KB per user) and must be highly available. The company expects up to 10 million active users per day. Which AWS service should be used as the session store?
269A company is deploying a new web application on AWS that requires a highly available and scalable architecture. The application consists of a stateless web tier and a stateful database tier. The web tier runs on Amazon EC2 instances behind an Application Load Balancer. The database tier uses Amazon Aurora MySQL. The company expects variable traffic patterns and wants to automatically scale the web tier based on CPU utilization. Additionally, the company wants to ensure that the database can handle increased read traffic without manual intervention. Which combination of actions should the company take?
270A company is building a new data analytics platform on AWS. The platform ingests streaming data from multiple sources, processes it in real time, and stores the results in Amazon S3 for later analysis. The data volume is expected to be up to 50 GB per day. The company needs to choose a service for real-time stream processing. Which AWS service is most appropriate for this use case?
271A company is designing a new application that requires secure storage of secrets such as database passwords and API keys. The application runs on Amazon EC2 instances. The company wants to centralize secret management and automatically rotate secrets. Which AWS service should be used?
272A company is building a new microservices architecture on AWS using Amazon ECS with Fargate. The services need to communicate with each other using RESTful APIs. The company wants to implement an API gateway to handle authentication, rate limiting, and request routing. Which AWS service should be used as the API gateway?
273A company is migrating a legacy on-premises application to AWS. The application uses a monolithic architecture and a MySQL database. The company wants to refactor the application into microservices and use a NoSQL database for better scalability. The new application will be deployed on Amazon EKS. The database must be highly available and support automatic scaling. Which database service should the company use?
274A company is building a new application that will run on AWS Lambda. The application needs to store and retrieve user preferences in a key-value format. The data is accessed frequently and must be highly available. The company expects low latency for reads and writes. Which AWS service should be used as the data store?
275A company is deploying a new web application that uses Amazon S3 to store static content and Amazon CloudFront for content delivery. The application also uses an API Gateway with Lambda for backend logic. The company wants to protect the API from common web exploits like SQL injection and cross-site scripting. Which AWS service should be added to the architecture?
276A company is designing a new data lake on AWS. The data lake will store structured and unstructured data from various sources. The company needs a solution that can automatically catalog the data and make it searchable. Data will be stored in Amazon S3. Which AWS service should be used to catalog and enable search across the data lake?
277A company is designing a new application that will run on Amazon EC2 instances. The application needs to access an Amazon S3 bucket to read and write objects. The company wants to ensure that the EC2 instances can access the S3 bucket without storing AWS credentials on the instances. Which TWO steps should the company take?
278A company is designing a new application that will run on Amazon ECS with Fargate. The application must process messages from an Amazon SQS queue and store results in an Amazon DynamoDB table. The workload is unpredictable and can scale from 0 to thousands of messages per second. What is the MOST cost-effective and scalable architecture?
279A company is designing a multi-region active-active application using Amazon Route 53 latency-based routing. The application runs on Amazon EC2 instances behind Application Load Balancers (ALBs) in two AWS Regions. The company needs to ensure that if one region becomes unavailable, traffic is automatically routed to the healthy region with minimal disruption. Which configuration meets these requirements?
280A company is designing a new solution to store and analyze large amounts of log data from multiple sources. The logs must be retained for 90 days for recent analysis, and then archived to a more cost-effective storage class for an additional 5 years. The solution must support SQL-based queries. Which combination of AWS services should the company use?
281A company is designing a serverless application using AWS Lambda that needs to access a private Amazon RDS for MySQL database. The Lambda function is deployed in a VPC with the appropriate security groups. The database is in a private subnet. The company wants to avoid storing database credentials in the Lambda function code. What should the company do to securely access the database?
282A company is designing a new data lake on Amazon S3. The data is ingested from various sources and must be encrypted at rest. The company has a strict requirement to use an AWS KMS customer master key (CMK) that is stored in a different AWS account for additional security. The S3 bucket is in Account A, and the KMS key is in Account B. Which steps are necessary to enable server-side encryption with AWS KMS (SSE-KMS) for objects in the S3 bucket?
283A company is designing a highly available web application on AWS. The application consists of an Application Load Balancer (ALB) that distributes traffic to EC2 instances in an Auto Scaling group across multiple Availability Zones. The application state is stored in an Amazon ElastiCache for Redis cluster. The company wants to minimize downtime during patching of the Redis cluster. What should the company do?
284A company is designing a new microservices architecture on Amazon ECS with Fargate. The services need to communicate with each other securely. The company wants to use service discovery so that services can find each other using DNS names. Which AWS service should the company use?
285A company is designing a new application that will use Amazon DynamoDB as its primary database. The application has two access patterns: one requires strongly consistent reads, and the other requires eventually consistent reads. The company wants to minimize costs while meeting the read consistency requirements. How should the company configure DynamoDB reads?
286A company is designing a new solution to host a static website on AWS. The website content is stored in an Amazon S3 bucket. The company wants to use a custom domain name (e.g., www.example.com) and enforce HTTPS. Which combination of AWS services should the company use?
287A company is designing a disaster recovery solution for a critical application that runs on Amazon EC2 instances in a single AWS Region. The application data is stored on Amazon EBS volumes. The recovery point objective (RPO) is 15 minutes, and the recovery time objective (RTO) is 2 hours. Which TWO actions should the company take to meet these objectives? (Choose two.)
288A company is designing a new serverless application using AWS Lambda. The application needs to access an Amazon RDS for PostgreSQL database. The database credentials must be rotated automatically every 30 days. Which THREE steps should the company take to securely manage the credentials? (Choose three.)
289A company is designing a new web application that will be deployed on Amazon EC2 instances behind an Application Load Balancer (ALB). The application must be highly available and fault-tolerant across multiple Availability Zones. Which THREE actions should the company take to meet these requirements? (Choose three.)
290Refer to the exhibit. An IAM policy is attached to a user. When the user tries to upload an object to the S3 bucket 'my-bucket' using the AWS CLI without specifying server-side encryption, the upload fails. What is the MOST likely reason?
291Refer to the exhibit. A solutions architect is designing a new application that requires three EC2 instances running in different Availability Zones in us-east-1. The architect runs the AWS CLI command shown and sees three instances running in three AZs. However, the application is not highly available because if one AZ fails, the application loses one-third of its capacity. The architect needs to ensure that the application can survive the loss of an entire AZ without manual intervention. What should the architect do?
292Refer to the exhibit. A company is designing a new solution and uses this AWS CloudFormation template to create an S3 bucket. The company wants to ensure that objects are automatically deleted after 1 year. However, the current template does not delete objects. What is the reason?
293A company is designing a new application that will run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The application requires that users' session data be stored durably and with low latency. The session data is accessed frequently but is rarely updated. Which solution is MOST cost-effective?
294A company is designing a multi-region active-active architecture for a web application using Amazon Route 53 latency-based routing. The application runs on EC2 instances in Auto Scaling groups with Application Load Balancers in each region. The application uses an Amazon Aurora global database for its data tier. The architecture must provide the lowest possible RTO and RPO for regional failures. What should the company do to meet these requirements?
295A company is designing a serverless data processing pipeline using AWS Lambda functions. The pipeline processes messages from an Amazon SQS queue. Each message takes approximately 30 seconds to process, and the pipeline must handle bursts of up to 10,000 messages per minute. The messages must be processed in the order they are received. Which solution meets these requirements?
296A company is designing a new solution to store and analyze large volumes of IoT sensor data. The data is time-series and must be retained for 90 days. The company needs to run complex SQL queries on the data and expects low latency for the most recent 7 days of data. Which TWO solutions meet these requirements? (Choose TWO.)
297A company is designing a hybrid cloud solution that extends its on-premises data center to AWS. The company has a 10 Gbps AWS Direct Connect connection and needs to securely connect multiple VPCs and on-premises networks with transitive routing. The solution must be highly available and use AWS managed services. Which TWO components should the company include in the design? (Choose TWO.)
298A company is designing a new application that will run on Amazon ECS with Fargate. The application needs to store files in Amazon S3. The company has a strict security requirement that the application must not have any long-term credentials stored in the container image or environment variables. Which THREE steps should the company take to meet this requirement? (Choose THREE.)
299A company has an S3 bucket with server-side encryption using S3-Managed Keys (SSE-S3). The IAM policy shown in the exhibit is attached to a user. When the user attempts to download an object using the AWS CLI with no encryption headers, the request fails. What is the MOST likely reason?
300A CloudFormation stack creation failed with the status shown in the exhibit. The stack was created using a template that defines an EC2 instance, a security group, and an Elastic IP address. What is the MOST likely cause of the failure?
The Design for New Solutions domain covers the key concepts tested in this area of the SAP-C02 exam blueprint published by Amazon Web Services. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all SAP-C02 domains — no account required.
The Courseiva SAP-C02 question bank contains 300 questions in the Design for New Solutions domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Design for New Solutions domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included