Amazon SAP-C02 dumps

Amazon SAP-C02 Exam Dumps

AWS Certified Solutions Architect - Professional
515 Reviews

Exam Code SAP-C02
Exam Name AWS Certified Solutions Architect - Professional
Questions 683 Questions Answers With Explanation
Update Date 06, 30, 2026
Price Was : $90 Today : $50 Was : $108 Today : $60 Was : $126 Today : $70

Why Should You Prepare For Your AWS Certified Solutions Architect - Professional With MyCertsHub?

At MyCertsHub, we go beyond standard study material. Our platform provides authentic Amazon SAP-C02 Exam Dumps, detailed exam guides, and reliable practice exams that mirror the actual AWS Certified Solutions Architect - Professional test. Whether you’re targeting Amazon certifications or expanding your professional portfolio, MyCertsHub gives you the tools to succeed on your first attempt.

Verified SAP-C02 Exam Dumps

Every set of exam dumps is carefully reviewed by certified experts to ensure accuracy. For the SAP-C02 AWS Certified Solutions Architect - Professional , you’ll receive updated practice questions designed to reflect real-world exam conditions. This approach saves time, builds confidence, and focuses your preparation on the most important exam areas.

Realistic Test Prep For The SAP-C02

You can instantly access downloadable PDFs of SAP-C02 practice exams with MyCertsHub. These include authentic practice questions paired with explanations, making our exam guide a complete preparation tool. By testing yourself before exam day, you’ll walk into the Amazon Exam with confidence.

Smart Learning With Exam Guides

Our structured SAP-C02 exam guide focuses on the AWS Certified Solutions Architect - Professional's core topics and question patterns. You will be able to concentrate on what really matters for passing the test rather than wasting time on irrelevant content. Pass the SAP-C02 Exam – Guaranteed

We Offer A 100% Money-Back Guarantee On Our Products.

After using MyCertsHub's exam dumps to prepare for the AWS Certified Solutions Architect - Professional exam, we will issue a full refund. That’s how confident we are in the effectiveness of our study resources.

Try Before You Buy – Free Demo

Still undecided? See for yourself how MyCertsHub has helped thousands of candidates achieve success by downloading a free demo of the SAP-C02 exam dumps.

MyCertsHub – Your Trusted Partner For Amazon Exams

Whether you’re preparing for AWS Certified Solutions Architect - Professional or any other professional credential, MyCertsHub provides everything you need: exam dumps, practice exams, practice questions, and exam guides. Passing your SAP-C02 exam has never been easier thanks to our tried-and-true resources.

Amazon SAP-C02 Sample Question Answers

Question # 1

A company has an loT platform that runs in an on-premises environment. The platformconsists of a server that connects to loT devices by using the MQTT protocol. The platformcollects telemetry data from the devices at least once every 5 minutes The platform alsostores device metadata in a MongoDB clusterAn application that is installed on an on-premises machine runs periodic jobs to aggregateand transform the telemetry and device metadata The application creates reports thatusers view by using another web application that runs on the same on-premises machineThe periodic jobs take 120-600 seconds to run However, the web application is alwaysrunning.The company is moving the platform to AWS and must reduce the operational overhead ofthe stack.Which combination of steps will meet these requirements with the LEAST operationaloverhead? (Select THREE.)

A. Use AWS Lambda functions to connect to the loT devices
B. Configure the loT devices to publish to AWS loT Core
C. Write the metadata to a self-managed MongoDB database on an Amazon EC2 instance
D. Write the metadata to Amazon DocumentDB (with MongoDB compatibility)
E. Use AWS Step Functions state machines with AWS Lambda tasks to prepare thereports and to write the reports to Amazon S3 Use Amazon CloudFront with an S3 origin toserve the reports
F. Use an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with Amazon EC2instances to prepare the reports Use an ingress controller in the EKS cluster to serve thereports



Question # 2

A company is designing an AWS environment tor a manufacturing application. Theapplication has been successful with customers, and the application's user base hasincreased. The company has connected the AWS environment to the company's onpremisesdata center through a 1 Gbps AWS Direct Connect connection. The company hasconfigured BGP for the connection.The company must update the existing network connectivity solution to ensure that thesolution is highly available, fault tolerant, and secure.Which solution win meet these requirements MOST cost-effectively?

A. Add a dynamic private IP AWS Site-to-Site VPN as a secondary path to secure data intransit and provide resilience for the Direct Conned connection. Configure MACsec toencrypt traffic inside the Direct Connect connection.
B. Provision another Direct Conned connection between the company's on-premises datacenter and AWS to increase the transfer speed and provide resilience. Configure MACsecto encrypt traffic inside the Dried Conned connection.
C. Configure multiple private VIFs. Load balance data across the VIFs between the onpremisesdata center and AWS to provide resilience.
D. Add a static AWS Site-to-Site VPN as a secondary path to secure data in transit and toprovide resilience for the Direct Connect connection.



Question # 3

A company deploys workloads in multiple AWS accounts. Each account has a VPC withVPC flow logs published in text log format to a centralized Amazon S3 bucket. Each log fileis compressed with gzjp compression. The company must retain the log files indefinitely.A security engineer occasionally analyzes the togs by using Amazon Athena to query theVPC flow logs. The query performance is degrading over time as the number of ingestedtogs is growing. A solutions architect: must improve the performance of the tog analysis and reduce the storage space that the VPC flow logs use.Which solution will meet these requirements with the LARGEST performanceimprovement?

A. Create an AWS Lambda function to decompress the gzip flies and to compress the tileswith bzip2 compression. Subscribe the Lambda function to an s3: ObiectCrealed;Put S3event notification for the S3 bucket.
B. Enable S3 Transfer Acceleration for the S3 bucket. Create an S3 Lifecycle configurationto move files to the S3 Intelligent-Tiering storage class as soon as the ties are uploaded
C. Update the VPC flow log configuration to store the files in Apache Parquet format.Specify Hourly partitions for the log files.
D. Create a new Athena workgroup without data usage control limits. Use Athena engineversion 2.



Question # 4

An e-commerce company is revamping its IT infrastructure and is planning to use AWSservices. The company's CIO has asked a solutions architect to design a simple, highlyavailable, and loosely coupled order processing application. The application is responsiblefor receiving and processing orders before storing them in an Amazon DynamoDB table.The application has a sporadic traffic pattern and should be able to scale during marketingcampaigns to process the orders with minimal delays.Which of the following is the MOST reliable approach to meet the requirements?

A. Receive the orders in an Amazon EC2-hosted database and use EC2 instances toprocess them.
B. Receive the orders in an Amazon SQS queue and invoke an AWS Lambda function toprocess them.
C. Receive the orders using the AWS Step Functions program and launch an Amazon ECScontainer to process them.
D. Receive the orders in Amazon Kinesis Data Streams and use Amazon EC2 instances toprocess them.



Question # 5

A company that is developing a mobile game is making game assets available in two AWSRegions. Game assets are served from a set of Amazon EC2 instances behind anApplication Load Balancer (ALB) in each Region. The company requires game assets to befetched from the closest Region. If game assess become unavailable in the closest Region,they should the fetched from the other Region. What should a solutions architect do to meet these requirement?

A. Create an Amazon CloudFront distribution. Create an origin group with one origin foreach ALB. Set one of the origins as primary.
B. Create an Amazon Route 53 health check tor each ALB. Create a Route 53 failoverrouting record pointing to the two ALBs. Set the Evaluate Target Health value Yes.
C. Create two Amazon CloudFront distributions, each with one ALB as the origin. Createan Amazon Route 53 failover routing record pointing to the two CloudFront distributions.Set the Evaluate Target Health value to Yes.
D. Create an Amazon Route 53 health check tor each ALB. Create a Route 53 latency aliasrecord pointing to the two ALBs. Set the Evaluate Target Health value to Yes.



Question # 6

A flood monitoring agency has deployed more than 10.000 water-level monitoring sensors.Sensors send continuous data updates, and each update is less than 1 MB in size. Theagency has a fleet of on-premises application servers. These servers receive upda.es 'onthe sensors, convert the raw data into a human readable format, and write the results loanon-premises relational database server. Data analysts then use simple SOL queries tomonitor the data.The agency wants to increase overall application availability and reduce the effort that isrequired to perform maintenance tasks These maintenance tasks, which include updatesand patches to the application servers, cause downtime. While an application server isdown, data is lost from sensors because the remaining servers cannot handle the entireworkload.The agency wants a solution that optimizes operational overhead and costs. A solutionsarchitect recommends the use of AWS loT Core to collect the sensor data. What else should the solutions architect recommend to meet these requirements?

A. Send the sensor data to Amazon Kinesis Data Firehose. Use an AWS Lambda functionto read the Kinesis Data Firehose data, convert it to .csv format, and insert it into anAmazon Aurora MySQL DB instance. Instruct the data analysts to query the data directlyfrom the DB instance.
B. Send the sensor data to Amazon Kinesis Data Firehose. Use an AWS Lambda functionto read the Kinesis Data Firehose data, convert it to Apache Parquet format and save it toan Amazon S3 bucket. Instruct the data analysts to query the data by using AmazonAthena.
C. Send the sensor data to an Amazon Managed Service for Apache Flink {previouslyknown as Amazon Kinesis Data Analytics) application to convert the data to .csv formatand store it in an Amazon S3 bucket. Import the data into an Amazon Aurora MySQL DBinstance. Instruct the data analysts to query the data directly from the DB instance.
D. Send the sensor data to an Amazon Managed Service for Apache Flink (previouslyknown as Amazon Kinesis Data Analytics) application to convert the data to ApacheParquet format and store it in an Amazon S3 bucket Instruct the data analysis to query thedata by using Amazon Athena.



Question # 7

A company has many services running in its on-premises data center. The data center isconnected to AWS using AWS Direct Connect (DX)and an IPsec VPN. The service data issensitive and connectivity cannot traverse the interne. The company wants to expand to a new market segment and begin offering Is services to other companies that are usingAWS.Which solution will meet these requirements?

A. Create a VPC Endpoint Service that accepts TCP traffic, host it behind a Network LoadBalancer, and make the service available over DX.
B. Create a VPC Endpoint Service that accepts HTTP or HTTPS traffic, host it behind anApplication Load Balancer, and make the service available over DX.
C. Attach an internet gateway to the VPC. and ensure that network access control andsecurity group rules allow the relevant inbound and outbound traffic.
D. Attach a NAT gateway to the VPC. and ensue that network access control and securitygroup rules allow the relevant inbound and outbound traffic.



Question # 8

A company wants to establish a dedicated connection between its on-premisesinfrastructure and AWS. The company is setting up a 1 Gbps AWS Direct Connectconnection to its account VPC. The architecture includes a transit gateway and a DirectConnect gateway to connect multiple VPCs and the on-premises infrastructure.The company must connect to VPC resources over a transit VIF by using the DirectConnect connection.Which combination of steps will meet these requirements? (Select TWO.)

A. Update the 1 Gbps Direct Connect connection to 10 Gbps.
B. Advertise the on-premises network prefixes over the transit VIF.
C. Adverse the VPC prefixes from the Direct Connect gateway to the on-premises networkover the transit VIF.
D. Update the Direct Connect connection's MACsec encryption mode attribute to mustencrypt.
E. Associate a MACsec Connection Key Name-Connectivity Association Key (CKN/CAK)pair with the Direct Connect connection.



Question # 9

A company hosts an intranet web application on Amazon EC2 instances behind anApplication Load Balancer (ALB). Currently, users authenticate to the application againstan internal user database.The company needs to authenticate users to the application by using an existing AWSDirectory Service for Microsoft Active Directory directory. All users with accounts in thedirectory must have access to the application.Which solution will meet these requirements?

A. Create a new app client in the directory. Create a listener rule for the ALB. Specify theauthenticate-oidc action for the listener rule. Configure the listener rule with the appropriateissuer, client ID and secret, and endpoint details for the Active Directory service. Configurethe new app client with the callback URL that the ALB provides.
B. Configure an Amazon Cognito user pool. Configure the user pool with a federatedidentity provider (IdP) that has metadata from the directory. Create an app client. Associatethe app client with the user pool. Create a listener rule for the ALB. Specify theauthenticate-cognito action for the listener rule. Configure the listener rule to use the userpool and app client.
C. Add the directory as a new 1AM identity provider (IdP). Create a new 1AM role that hasan entity type of SAML 2.0 federation. Configure a role policy that allows access to theALB. Configure the new role as the default authenticated user role for the IdP. Create alistener rule for the ALB. Specify the authenticate-oidc action for the listener rule.
D. Enable AWS 1AM Identity Center (AWS Single Sign-On). Configure the directory as anexternal identity provider (IdP) that uses SAML. Use the automatic provisioning method.Create a new 1AM role that has an entity type of SAML 2.0 federation. Configure a rolepolicy that allows access to the ALB. Attach the new role to all groups. Create a listenerrule for the ALB. Specify the authenticate-cognito action for the listener rule.



Question # 10

A public retail web application uses an Application Load Balancer (ALB) in front of AmazonEC2 instances running across multiple Availability Zones (AZs) in a Region backed by anAmazon RDS MySQL Multi-AZ deployment. Target group health checks are configured touse HTTP and pointed at the product catalog page. Auto Scaling is configured to maintainthe web fleet size based on the ALB health check.Recently, the application experienced an outage. Auto Scaling continuously replaced theinstances during the outage. A subsequent investigation determined that the web servermetrics were within the normal range, but the database tier was experiencing high toad,resulting in severely elevated query response times.Which of the following changes together would remediate these issues while improvingmonitoring capabilities for the availability and functionality of the entire application stack forfuture growth? (Select TWO.)

A. Configure read replicas for Amazon RDS MySQL and use the single reader endpoint inthe web application to reduce the load on the backend database tier.
B. Configure the target group health check to point at a simple HTML page instead of aproduct catalog page and the Amazon Route 53 health check against the product page toevaluate full application functionality. Configure Ama7on CloudWatch alarms to notifyadministrators when the site fails.
C. Configure the target group health check to use a TCP check of the Amazon EC2 webserver and the Amazon Route S3 health check against the product page to evaluate fullapplication functionality. Configure Amazon CloudWatch alarms to notify administratorswhen the site fails.
D. Configure an Amazon CtoudWatch alarm for Amazon RDS with an action to recover ahigh-load, impaired RDS instance in the database tier.
E. Configure an Amazon Elastic ache cluster and place it between the web application andRDS MySQL instances to reduce the load on the backend database tier.



Question # 11

A company needs to implement disaster recovery for a critical application that runs in asingle AWS Region. The application's users interact with a web frontend that is hosted onAmazon EC2 Instances behind an Application Load Balancer (ALB). The application writesto an Amazon RD5 tor MySQL DB instance. The application also outputs processeddocuments that are stored in an Amazon S3 bucketThe company's finance team directly queries the database to run reports. During busyperiods, these queries consume resources and negatively affect application performance.A solutions architect must design a solution that will provide resiliency during a disaster.The solution must minimize data loss and must resolve the performance problems thatresult from the finance team's queries.Which solution will meet these requirements?

A. Migrate the database to Amazon DynamoDB and use DynamoDB global tables. Instructthe finance team to query a global table in a separate Region. Create an AWS Lambdafunction to periodically synchronize the contents of the original S3 bucket to a new S3bucket in the separate Region. Launch EC2 instances and create an ALB in the separateRegion. Configure the application to point to the new S3 bucket.
B. Launch additional EC2 instances that host the application in a separate Region. Add theadditional instances to the existing ALB. In the separate Region, create a read replica ofthe RDS DB instance. Instruct the finance team to run queries ageist the read replica. UseS3 Cross-Region Replication (CRR) from the original S3 bucket to a new S3 Docket in theseparate Region. During a disaster, promote the read replace to a standalone DB instance.Configure the application to point to the new S3 bucket and to the newly project readreplica.
C. Create a read replica of the RDS DB instance in a separate Region. Instruct the financeteam to run queries against the read replica. Create AMIs of the EC2 instances mat hostthe application frontend- Copy the AMIs to the separate Region. Use S3 Cross-RegionReplication (CRR) from the original S3 bucket to a new S3 bucket in the separate Region.During a disaster, promote the read replica to a standalone DB instance. Launch EC2instances from the AMIs and create an ALB to present the application to end users.Configure the application to point to the new S3 bucket.
D. Create hourly snapshots of the RDS DB instance. Copy the snapshots to a separateRegion. Add an Amazon Elastic ache cluster m front of the existing RDS database. CreateAMIs of the EC2 instances that host the application frontend Copy the AMIs to the separateRegion. Use S3 Cross-Region Replication (CRR) from the original S3 bucket to a new S3bucket in the separate Region. During a disaster, restore The database from the latestRDS snapshot. Launch EC2 Instances from the AMIs and create an ALB to present theapplication to end users. Configure the application to point to the new S3 bucket



Question # 12

A company wants to use Amazon Workspaces in combination with thin client devices toreplace aging desktops. Employees use the desktops to access applications that work withclinical trial data. Corporate security policy states that access to the applications must be restricted to only company branch office locations. The company is considering adding anadditional branch office in the next 6 months.Which solution meets these requirements with the MOST operational efficiency?

A. Create an IP access control group rule with the list of public addresses from the branchoffices. Associate the IP access control group with the Workspaces directory.
B. Use AWS Firewall Manager to create a web ACL rule with an IPSet with the list to publicaddresses from the branch office Locations-Associate the web ACL with the Workspacesdirectory.
C. Use AWS Certificate Manager (ACM) to issue trusted device certificates to the machinesdeployed in the branch office locations. Enable restricted access on the Workspacesdirectory.
D. Create a custom Workspace image with Windows Firewall configured to restrict accessto the public addresses of the branch offices. Use the image to deploy the Workspaces.



Question # 13

A software development company has multiple engineers who ate working remotely. Thecompany is running Active Directory Domain Services (AD DS) on an Amazon EC2instance. The company's security policy states that al internal, nonpublic services that aredeployed in a VPC must be accessible through a VPN. Multi-factor authentication (MFA)must be used for access to a VPN.What should a solutions architect do to meet these requirements?

A. Create an AWS Sire-to-Site VPN connection. Configure Integration between a VPN andAD DS. Use an Amazon Workspaces client with MFA support enabled to establish a VPNconnection.
B. Create an AWS Client VPN endpoint Create an AD Connector directory tor integrationwith AD DS. Enable MFA tor AD Connector. Use AWS Client VPN to establish a VPNconnection.
C. Create multiple AWS Site-to-Site VPN connections by using AWS VPN CloudHub.Configure integration between AWS VPN CloudHub and AD DS. Use AWS Copilot toestablish a VPN connection.
D. Create an Amazon WorkLink endpoint. Configure integration between AmazonWorkLink and AD DS. Enable MFA in Amazon WorkLink. Use AWS Client VPN to establisha VPN connection.



Question # 14

A company needs to improve the reliability ticketing application. The application runs on anAmazon Elastic Container Service (Amazon ECS) cluster. The company uses AmazonCloudFront to servo the application. A single ECS service of the ECS cluster is theCloudFront distribution's origin.The application allows only a specific number of active users to enter a ticket purchasingflow. These users are identified by an encrypted attribute in their JSON Web Token (JWT).All other users are redirected to a waiting room module until there is available capacity forpurchasing.The application is experiencing high loads. The waiting room modulo is working asdesigned, but load on the waiting room is disrupting the application's availability. Thisdisruption is negatively affecting the application's ticket sale Transactions.Which solution will provide the MOST reliability for ticket sale transactions during periods ofhigh load? '

A. Create a separate service in the ECS cluster for the waiting room. Use a separatescaling configuration. Ensure that the ticketing service uses the JWT info-nation andappropriately forwards requests to the waring room service.
B. Move the application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster.Split the wailing room module into a pod that is separate from the ticketing pod. Make theticketing pod part of a StatefuISeL Ensure that the ticketing pod uses the JWT informationand appropriately forwards requests to the waiting room pod.
C. Create a separate service in the ECS cluster for the waiting room. Use a separatescaling configuration. Create a CloudFront function That inspects the JWT information andappropriately forwards requests to the ticketing service or the waiting room service
D. Move the application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster.Split the wailing room module into a pod that is separate from the ticketing pod. Use AWSApp Mesh by provisioning the App Mesh controller for Kubermetes. Enable mTLSauthentication and service-to-service authentication for communication between theticketing pod and the waiting room pod. Ensure that the ticketing pod uses The JWTinformation and appropriately forwards requests to the waiting room pod.



Question # 15

A company is currently in the design phase of an application that will need an RPO of lessthan 5 minutes and an RTO of less than 10 minutes. The solutions architecture team isforecasting that the database will store approximately 10 TB of data. As part of the design, they are looking for a database solution that will provide the company with the ability to failover to a secondary Region.Which solution will meet these business requirements at the LOWEST cost?

A. Deploy an Amazon Aurora DB cluster and take snapshots of the cluster every 5minutes. Once a snapshot is complete, copy the snapshot to a secondary Region to serveas a backup in the event of a failure.
B. Deploy an Amazon RDS instance with a cross-Region read replica in a secondaryRegion. In the event of a failure, promote the read replica to become the primary.
C. Deploy an Amazon Aurora DB cluster in the primary Region and another in a secondaryRegion. Use AWS DMS to keep the secondary Region in sync.
D. Deploy an Amazon RDS instance with a read replica in the same Region. In the event ofa failure, promote the read replica to become the primary.



Question # 16

A company is using an organization in AWS organization to manage AWS accounts. Foreach new project the company creates a new linked account. After the creation of a newaccount, the root user signs in to the new account and creates a service request to increase the service quota for Amazon EC2 instances. A solutions architect needs toautomate this process.Which solution will meet these requirements with tie LEAST operational overhead?

A. Create an Amazon EventBridge rule to detect creation of a new account Send the eventto an Amazon Simple Notification Service (Amazon SNS) topic that invokes an AWSLambda function. Configure the Lambda function to run the request-service-quota-increasecommand to request a service quota increase for EC2 instances.
B. Create a Service Quotas request template in the management account. Configure thedesired service quota increases for EC2 instances.
C. Create an AWS Config rule in the management account to set the service quota for EC2instances.
D. Create an Amazon EventBridge rule to detect creation of a new account. Send the eventto an Amazon simple Notification service (Amazon SNS) topic that involves an AWSLambda function. Configure the Lambda function to run the create-case command torequest a service quota increase for EC2 instances.



Question # 17

A company needs to gather data from an experiment in a remote location that does nothave internet connectivity. During the experiment, sensors that are connected to a totalnetwork will generate 6 TB of data in a preprimary formal over the course of 1 week. Thesensors can be configured to upload their data files to an FTP server periodically, but thesensors do not have their own FTP server. The sensors also do not support otherprotocols. The company needs to collect the data centrally and move lie data to objectstorage in the AWS Cloud as soon. as possible after the experiment.Which solution will meet these requirements?

A. Order an AWS Snowball Edge Compute Optimized device. Connect the device to thelocal network. Configure AWS DataSync with a target bucket name, and unload the dataover NFS to the device. After the experiment return the device to AWS so that the data canbe loaded into Amazon S3.
B. Order an AWS Snowcone device, including an Amazon Linux 2 AMI. Connect the deviceto the local network. Launch an Amazon EC2 instance on the device. Create a shell script that periodically downloads data from each sensor. After the experiment, return the deviceto AWS so that the data can be loaded as an Amazon Elastic Block Store [Amazon EBS)volume.
C. Order an AWS Snowcone device, including an Amazon Linux 2 AMI. Connect the deviceto the local network. Launch an Amazon EC2 instance on the device. Install and configurean FTP server on the EC2 instance. Configure the sensors to upload data to the EC2instance. After the experiment, return the device to AWS so that the data can be loadedinto Amazon S3.
D. Order an AWS Snowcone device. Connect the device to the local network. Configurethe device to use Amazon FSx. Configure the sensors to upload data to the device.Configure AWS DataSync on the device to synchronize the uploaded data with an AmazonS3 bucket Return the device to AWS so that the data can be loaded as an Amazon ElasticBlock Store (Amazon EBS) volume.



Question # 18

A company has Linux-based Amazon EC2 instances. Users must access the instances byusing SSH with EC2 SSH Key pairs. Each machine requires a unique EC2 Key pair.The company wants to implement a key rotation policy that will, upon request,automatically rotate all the EC2 key pairs and keep the key in a securely encrypted place.The company will accept less than 1 minute of downtime during key rotation.Which solution will meet these requirement?

A. Store all the keys in AWS Secrets Manager. Define a Secrets Manager rotationschedule to invoke an AWS Lambda function to generate new key pairs. Replace publicKeys on EC2 instances. Update the private keys in Secrets Manager.
B. Store all the keys in Parameter. Store, a capability of AWS Systems Manager, as astring. Define a Systems Manager maintenance window to invoke an AWS Lambdafunction to generate new key pairs. Replace public keys on EC2 instance. Update theprivate keys in parameter.
C. Import the EC2 key pairs into AWS Key Management Service (AWS KMS). Configureautomatic key rotation for these key pairs. Create an Amazon EventlBridge scheduled ruleto invoke an AWS Lambda function to initiate the key rotation AWS KMS.
D. Add all the EC2 instances to Feet Manager, a capability of AWS Systems Manager.Define a Systems Manager maintenance window to issue a Systems Manager RunCommand document to generate new Key pairs and to rotate public keys to all theinstances in Feet Manager.



Question # 19

A company has a Windows-based desktop application that is packaged and deployed to the users' Windows machines. The company recently acquired another company that hasemployees who primarily use machines with a Linux operating system. The acquiringcompany has decided to migrate and rehost the Windows-based desktop application loAWS.All employees must be authenticated before they use the application. The acquiringcompany uses Active Directory on premises but wants a simplified way to manage accessto the application on AWS (or all the employees.Which solution will rehost the application on AWS with the LEAST development effort?

A. Set up and provision an Amazon Workspaces virtual desktop for every employee.Implement authentication by using Amazon Cognito identity pools. Instruct employees torun the application from their provisioned Workspaces virtual desktops.
B. Create an Auto Scarlet group of Windows-based Ama7on EC2 instances. Join eachEC2 instance to the company's Active Directory domain. Implement authentication by usingthe Active Directory That is running on premises. Instruct employees to run the applicationby using a Windows remote desktop.
C. Use an Amazon AppStream 2.0 image builder to create an image that includes theapplication and the required configurations. Provision an AppStream 2.0 On-Demand fleetwith dynamic Fleet Auto Scaling process for running the image. Implement authenticationby using AppStream 2.0 user pools. Instruct the employees to access the application bystarling browse'-based AppStream 2.0 streaming sessions.
D. Refactor and containerize the application to run as a web-based application. Run theapplication in Amazon Elastic Container Service (Amazon ECS) on AWS Fargate with stepscaling policies Implement authentication by using Amazon Cognito user pools. Instruct theemployees to run the application from their browsers.



Question # 20

A company is developing an application that will display financial reports. The companyneeds a solution that can store financial Information that comes from multiple systems. Thesolution must provide the reports through a web interface and must serve the data will lessman 500 milliseconds or latency to end users. The solution also must be highly availableand must have an RTO or 30 seconds.Which solution will meet these requirements?

A. Use an Amazon Redshift cluster to store the data. Use a state website that is hosted onAmazon S3 with backend APIs that ate served by an Amazon Elastic Cubemates Service(Amazon EKS) cluster to provide the reports to the application.
B. Use Amazon S3 to store the data Use Amazon Athena to provide the reports to theapplication. Use AWS App Runner to serve the application to view the reports.
C. Use Amazon DynamoDB to store the data, use an embedded Amazon QuickStightdashboard with direct Query datasets to provide the reports to the application.
D. Use Amazon Keyspaces (for Apache Cassandra) to store the data, use AWS ElasticBeanstalk to provide the reports to the application.



Question # 21

A company is planning to migrate an on-premises data center to AWS. The companycurrently hosts the data center on Linux-based VMware VMs. A solutions architect mustcollect information about network dependencies between the VMs. The information mustbe in the form of a diagram that details host IP addresses, hostnames, and networkconnection information.Which solution will meet these requirements?

A. Use AWS Application Discovery Service. Select an AWS Migration Hub home AWSRegion. Install the AWS Application Discovery Agent on the on-premises servers for datacollection. Grant permissions to Application Discovery Service to use the Migration Hubnetwork diagrams.
B. Use the AWS Application Discovery Service Agentless Collector for server datacollection. Export the network diagrams from the AWS Migration Hub in .png format.
C. Install the AWS Application Migration Service agent on the on-premises servers for datacollection. Use AWS Migration Hub data in Workload Discovery on AWS to generatenetwork diagrams.
D. Install the AWS Application Migration Service agent on the on-premises servers for datacollection. Export data from AWS Migration Hub in .csv format into an Amazon CloudWatchdashboard to generate network diagrams.



Question # 22

A company maintains information on premises in approximately 1 million .csv files that arehosted on a VM. The data initially is 10 TB in size and grows at a rate of 1 TB each week.The company needs to automate backups of the data to the AWS Cloud.Backups of the data must occur daily. The company needs a solution that applies customfilters to back up only a subset of the data that is located in designated source directories.The company has set up an AWS Direct Connect connection.Which solution will meet the backup requirements with the LEAST operational overhead?

A. Use the Amazon S3 CopyObject API operation with multipart upload to copy the existingdata to Amazon S3. Use the CopyObject API operation to replicate new data to Amazon S3daily.
B. Create a backup plan in AWS Backup to back up the data to Amazon S3. Schedule thebackup plan to run daily.
C. Install the AWS DataSync agent as a VM that runs on the on-premises hypervisor.Configure a DataSync task to replicate the data to Amazon S3 daily.
D. Use an AWS Snowball Edge device for the initial backup. Use AWS DataSync forincremental backups to Amazon S3 daily.



Question # 23

A company needs to migrate an on-premises SFTP site to AWS. The SFTP site currentlyruns on a Linux VM. Uploaded files are made available to downstream applications throughan NFS share.As part of the migration to AWS, a solutions architect must implement high availability. Thesolution must provide external vendors with a set of static public IP addresses that thevendors can allow. The company has set up an AWS Direct Connect connection betweenits on-premises data center and its VPC.Which solution will meet these requirements with the least operational overhead?

A. Create an AWS Transfer Family server, configure an internet-facing VPC endpoint forthe Transfer Family server, specify an Elastic IP address for each subnet, configure theTransfer Family server to pace files into an Amazon Elastic Files System (Amazon EFS)file system that is deployed across multiple Availability Zones Modify the configuration onthe downstream applications that access the existing NFS share to mount the EFSendpoint instead.
B. Create an AWS Transfer Family server. Configure a publicly accessible endpoint for theTransfer Family server. Configure the Transfer Family server to place files into an AmazonElastic Files System [Amazon EFS} the system that is deployed across multiple AvailabilityZones. Modify the configuration on the downstream applications that access the existingNFS share to mount the its endpoint instead.
C. Use AWS Application Migration service to migrate the existing Linux VM to an AmazonEC2 instance. Assign an Elastic IP address to the EC2 instance. Mount an Amazon ElasticFie system (Amazon EFS) the system to the EC2 instance. Configure the SFTP server toplace files in. the EFS file system. Modify the configuration on the downstream applicationsthat access the existing NFS share to mount the EFS endpoint instead.
D. Use AWS Application Migration Service to migrate the existing Linux VM to an AWSTransfer Family server. Configure a publicly accessible endpoint for the Transfer Familyserver. Configure the Transfer Family sever to place files into an Amazon FSx for Lusterthe system that is deployed across multiple Availability Zones. Modify the configuration onthe downstream applications that access the existing NFS share to mount the FSx forLuster endpoint instead.



Question # 24

A company's factory and automaton applications are running in a single VPC More than 23applications run on a combination of Amazon EC2, Amazon Elastic Container Service(Amazon ECS), are Amazon RDS.The company has software engineers spread across three teams. One of the three teamsowns each application, and each team is responsible for the cost and performance of all ofits applications. Team resources have tags that represent their application and team. Thelearns use IAH access for daily activities.The company needs to determine which costs on the monthly AWS bill are attributable toeach application or team. The company also must be able to create reports to comparecosts item the last 12 months and to help forecast costs tor the next 12 months. A solutionarchitect must recommend an AWS Billing and Cost Management solution that provides these cost reports.Which combination of actions will meet these requirement? Select THREE.)

A. Activate the user-defined cost allocation tags that represent the application and theteam.
B. Activate the AWS generated cost allocation tags that represent the application and theteam.
C. Create a cost category for each application in Billing and Cost Management
D. Activate IAM access to Billing and Cost Management.
E. Create a cost budget
F. Enable Cost Explorer.



Question # 25

A company's compliance audit reveals that some Amazon Elastic Block Store (AmazonEBS) volumes that were created in an AWS account were not encrypted. A solutionsarchitect must Implement a solution to encrypt all new EBS volumes at restWhich solution will meet this requirement with the LEAST effort?

A. Create an Amazon EventBridge rule to detect the creation of unencrypted EBS volumes.Invoke an AWS Lambda function to delete noncompliant volumes.
B. Use AWS Audit Manager with data encryption.
C. Create an AWS Config rule to detect the creation of a new EBS volume. Encrypt thevolume by using AWS Systems Manager Automation.
D. Turn in EBS encryption by default in all AWS Regions.



Feedback That Matters: Reviews of Our Amazon SAP-C02 Dumps

    Vincent Johnston         Jun 30, 2026

Until MyCertsHub's SAP-C02 labs gave me a lifeline, I was submerged in AWS design concepts. Similar to the actual exam, their "Architecture War Room" simulations required me to defend my answers. passed with plenty of room. This wasn’t just prep; it was mastery training.

    Cataleya Allen         Jun 29, 2026

MyCertsHub's SAP-C02 practice tests identified my weaknesses (hello, multi-account strategies!), after two unsuccessful attempts with other resources. Through their fix-it drills, my weaknesses became strengths. Finally certified; no more gray hairs.

    Kayden Bailey         Jun 29, 2026

Like an AWS whisperer in your ear during the exam, MyCertsHub's SAP-C02 preparation.

    Emilia Leblanc         Jun 28, 2026

I passed every RTO/RPO question thanks to their "Disaster Recovery Deep Dive" module, which saved me on exam day. MyCertsHub teaches your thinking, not just the SAP-C02. 920, and they continue to use their frameworks at work.

    Aatif Barman         Jun 28, 2026

Expected dry theory. Instead, I went with MyCertsHub's "Exam Blackbelts," a community similar to Slack with tried-and-true SAP-C02 strategies. beat the test's most difficult migration questions. Still shocked by how well it worked.

    Thandi Goosen         Jun 27, 2026

Sent a "thank you" note to MyCertsHub. I received a certification from AWS. Coincidence? Nope.


Leave Your Review