Back to AWS Certified Solutions Architect Professional SAP-C02

Amazon Web Services exam questions

AWS Certified Solutions Architect Professional SAP-C02 practice test

Practise identifying storage device types, interfaces, form factors, and RAID levels for the SAP-C02 exam.

1,746
practice questions
4
topics covered
SAP-C02
exam code
Amazon Web Services
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 1,746 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 1,746 SAP-C02 questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

24 pages · 75 questions per page · 1,746 total

Domain practice

Study SAP-C02 by domain

Each domain has its own study sheet and practice test. Target the areas where you're weakest instead of repeating questions you already know.

All domains with question counts →

Related practice questions

Study SAP-C02 by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

AWS Certified Solutions Architect Professional SAP-C02 practice questions

Start practice test

Match each AWS compute service to its use case.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Serverless compute for event-driven applications

Run Docker containers without managing servers

Managed Kubernetes for container orchestration

Serverless compute for containers

Virtual servers for full control over the environment

Question 2mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new microservices architecture on AWS. They need a solution for service discovery that allows services to register themselves and discover other services dynamically. The solution must be highly available and integrated with AWS-native services. Which AWS service should they use?

A company has a centralized logging account and multiple application accounts. All VPC Flow Logs are sent to a central S3 bucket in the logging account. The security team needs to analyze the logs using Amazon Athena. The team must ensure queries are cost-effective and return results quickly for recent logs. Which configuration should be used?

A company is implementing AWS Control Tower to manage a multi-account environment. The security team needs to ensure that all accounts in the organization follow the principle of least privilege for IAM roles. Which TWO actions should the team take?

Question 5mediummultiple choice
Review the full routing breakdown →

A company is designing a cross-account network architecture. The security team requires that all traffic between VPCs in different accounts must be inspected by a centralized firewall appliance in the security account. The network team wants to minimize complexity and avoid route table manipulation. Which solution meets these requirements?

A company is using AWS Organizations with multiple accounts. The central IT team wants to deploy a set of common VPCs in each account using AWS CloudFormation StackSets. The StackSets must be managed from the management account. Which THREE permissions are required for the StackSets to successfully deploy stacks into member accounts?

Question 7mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new microservices architecture on AWS. Each microservice must be independently deployable and scalable. The company expects unpredictable traffic patterns with sudden spikes. Which combination of AWS services should be used to build a decoupled, resilient system?

A company is migrating a monolithic application to a microservices architecture on AWS. The application uses a relational database with complex queries. The company wants to reduce operational overhead and achieve high availability. Which database strategy should the company adopt for the microservices?

Question 9easymultiple choice
Review the full routing breakdown →

A company is designing a microservices architecture on Amazon ECS with AWS Fargate. The services need to communicate with each other using HTTP APIs. The company wants to minimize operational overhead and enable canary deployments. Which solution should the company use for service discovery and traffic routing?

A company is designing a new application that will process sensitive financial data. They need to ensure encryption at rest and in transit. Which of the following should they use? (Select TWO.)

A company has a monolithic application running on a single Amazon RDS for MySQL DB instance. The application is experiencing performance issues due to heavy read traffic. The company wants to implement a solution that offloads read traffic with minimal application changes. What should a solutions architect do?

A company is using AWS Organizations with multiple accounts. The security team wants to ensure that all Amazon S3 buckets across the organization are encrypted at rest. Which TWO steps should the security team take to enforce this requirement?

A company is using an AWS Lambda function to process records from an Amazon Kinesis stream. The function stores results in an Amazon DynamoDB table. The team notices that the Lambda function sometimes fails due to throttling from DynamoDB. Which TWO actions should the team take to improve the continuous processing of records? (Choose TWO.)

A company is migrating a multi-tier application to AWS and wants to modernize by using containers and serverless technologies. The application consists of a Node.js frontend, a Java backend, and a PostgreSQL database. The company wants to reduce operational overhead and improve scalability. Which TWO strategies should the company use? (Choose two.)

A company is migrating a monolithic .NET application to AWS. The application uses a SQL Server database with complex stored procedures and tightly coupled components. The migration team wants to minimize refactoring and reduce licensing costs. Which migration strategy should the team use?

Question 16easymultiple choice
Read the full NAT/PAT explanation →

A company is migrating a critical application to AWS and wants to ensure business continuity during the cutover. The migration plan includes a pilot light strategy. Which of the following BEST describes the pilot light pattern?

A company has a centralized logging account that receives VPC Flow Logs from all accounts in the organization. The logs are stored in an S3 bucket. A security analyst needs to query the logs to identify traffic to a specific IP address. The analyst has been granted read-only access to the S3 bucket. However, the analyst cannot access the logs. What is the MOST likely cause?

A company has a centralized networking team that manages a shared VPC with multiple AWS Transit Gateway attachments. Application teams create VPCs in separate AWS accounts and want to connect to the shared VPC. The networking team needs to ensure that only authorized VPCs can connect to the shared VPC. What is the MOST secure and scalable way to manage this?

Question 19hardmultiple choice
Read the full NAT/PAT explanation →

A multinational company is implementing AWS Organizations to manage multiple accounts across business units. The security team requires that all IAM users in member accounts must use a specific password policy and must have MFA enabled. Which combination of actions should the company take to enforce these requirements?

A company has multiple AWS accounts managed via AWS Organizations. The security team wants to restrict the use of specific instance types across all accounts. Which TWO methods can be used to enforce this restriction?

A company uses AWS Control Tower to manage a multi-account environment. The security team needs to ensure that all accounts have AWS CloudTrail enabled and that logs are delivered to a central S3 bucket. What is the BEST way to achieve this?

Refer to the exhibit. An IAM role trust policy is shown. A user from account 123456789012 tries to assume this role but receives an 'AccessDenied' error. The user has MFA enabled and is passing the MFA token. What is the MOST likely reason for the failure?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "BoolIfExists": {
          "aws:MultiFactorAuthPresent": "true"
        }
      }
    }
  ]
}

A company uses AWS Organizations with multiple OUs. The finance team needs to have read-only access to billing data across all accounts. The security team wants to ensure that no IAM user can modify billing preferences. Which policy should be attached to the root OU to achieve this?

Question 24mediummultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is implementing a multi-account AWS strategy using AWS Organizations. The security team requires that all newly created accounts in the organization automatically have an Amazon GuardDuty detector enabled in all enabled Regions. Which solution meets this requirement with the LEAST operational overhead?

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these SAP-C02 questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

Tests identification, interfaces, form factors, and RAID levels for hard drives and SSDs.

Identify SATA, PATA, SCSI, and NVMe interfaces

Compare HDD, SSD, and hybrid drive characteristics

Recognize 2.5-inch, 3.5-inch, and M.2 form factors

Understand RAID 0, 1, 5, and 10 configurations

These SAP-C02 practice questions are part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style SAP-C02 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.