AWS Certified Solutions Architect - Professional · Difficulty

Medium SAP-C02 practice questions

Applied — put a concept to work in a realistic situation. 143 medium questions available — no sign-up, always free.

Question 1 of 25

A financial services company runs a legacy trading API behind an Application Load Balancer (ALB) in a single region. A newly onboarded partner requires that all traffic to the API traverse a small set of static, allowlisted IP addresses through their corporate firewall, and they demand the lowest possible connection latency for high-frequency requests. The current ALB exposes only DNS names, and the partner cannot allowlist DNS names or the ALB's changing IP ranges. The solutions architect must refactor the ingress without rewriting the application, which relies on host-based HTTP routing rules already configured on the ALB. Which approach best satisfies the requirements?

Reviewed for accuracy · Report an issue
Question 2 of 25

A media company runs a mobile news application backed by a monolithic REST API on EC2 behind an Application Load Balancer. The API aggregates data from three microservices, and mobile clients frequently over-fetch large JSON payloads on cellular networks, driving high data transfer costs and poor perceived performance. Product analytics show that different app screens need different subsets of the same underlying data, and the team also wants to push live breaking-news updates to active users without polling. The company wants to improve performance and reduce redundant data transfer while minimizing custom server infrastructure to maintain. Which refactoring approach best meets these goals?

Reviewed for accuracy · Report an issue
Question 3 of 25

A company is planning to migrate roughly 800 on-premises servers to AWS over the next 18 months. The infrastructure team knows the servers exist but has poor documentation about which applications run on them, how the servers communicate with each other, and their current CPU, memory, and network utilization patterns. Leadership wants a data-driven migration plan that groups servers into application move groups and rightsizes EC2 targets, but corporate security policy forbids installing any third-party software agents on the production VMware fleet. Which approach BEST meets these discovery and planning requirements?

Reviewed for accuracy · Report an issue
Question 4 of 25

A financial services company runs a monolithic on-premises Java application that relies heavily on a self-managed RabbitMQ cluster for asynchronous messaging between internal components. The company wants to migrate to AWS with minimal application code changes and no re-engineering of the messaging protocol. The messaging middleware must remain compatible with the existing AMQP 0-9-1 clients, and the operations team wants AWS to handle broker patching, high availability, and automated failover across Availability Zones. Which approach best meets these requirements with the least migration effort?

Reviewed for accuracy · Report an issue
Question 5 of 25

A data analytics team runs interactive Amazon Athena queries against 8 TB of JSON application logs stored in a single Amazon S3 prefix. Analysts complain that queries scanning a few days of data take several minutes and cost far more than expected because each query scans the entire dataset. The team wants to improve query performance and reduce cost with minimal ongoing operational overhead, while continuing to receive newly ingested logs daily. Which combination of changes best achieves this?

Reviewed for accuracy · Report an issue
Question 6 of 25

A retail company runs a production Amazon Aurora MySQL-compatible cluster supporting an e-commerce platform that processes thousands of transactions per minute. As part of a modernization effort, the database team must perform a major version upgrade of the Aurora engine. The business requires that the upgrade be tested against production-like data and traffic patterns before cutover, that the switchover to the new version take no more than a few minutes, and that a fast rollback path exists if issues are detected after cutover. Which approach best meets these requirements with the least operational effort?

Reviewed for accuracy · Report an issue
Question 7 of 25

A financial services company runs a mission-critical transaction processing application on Amazon Aurora PostgreSQL in the us-east-1 Region. Regulatory requirements mandate a disaster recovery strategy in eu-west-1 with an RPO of no more than 1 second and an RTO of under 5 minutes. The primary workload sustains heavy write traffic, and the solution must not introduce write latency to the primary database. Cross-region promotion must be fast during a regional failure. Which approach best meets these requirements?

Reviewed for accuracy · Report an issue
Question 8 of 25

A company runs an internal reporting application on an Aurora MySQL provisioned cluster with two db.r6g.2xlarge instances (writer plus reader). The application is heavily used for about four hours each business day and is nearly idle the rest of the time, including nights and weekends. Finance flags the cluster as one of the highest recurring costs, yet the team must keep the database instantly available whenever a user logs in, and they cannot tolerate the multi-minute delays of stopping and starting the cluster on a schedule. Which change best reduces cost while preserving on-demand responsiveness?

Reviewed for accuracy · Report an issue
Question 9 of 25

A company runs a reporting platform on an Amazon Aurora PostgreSQL cluster (Standard configuration) that has grown to handle heavy, sustained analytical query loads. The finance team reports that the monthly Aurora bill has become unpredictable and dominated by I/O charges, which now exceed 30% of the total cluster cost. Read query volume is consistently high throughout every billing period. The team wants to reduce and stabilize costs without redesigning the application or changing the database engine. Which action provides the greatest cost improvement?

Reviewed for accuracy · Report an issue
Question 10 of 25

A retail company runs a customer-facing web application on an Amazon EC2 Auto Scaling group behind an Application Load Balancer. Traffic follows a highly predictable daily pattern: it ramps up sharply every morning at 8:00 AM as customers log in. The team currently uses target tracking scaling based on average CPU utilization, but they observe elevated latency and HTTP 503 errors for the first 10-15 minutes each morning because instances cannot launch and warm up fast enough to meet the sudden demand. Application startup (bootstrapping and cache warming) takes about 6 minutes per instance. The team wants to improve reliability without permanently over-provisioning. What is the MOST effective way to address this?

Reviewed for accuracy · Report an issue
Question 11 of 25

A financial services company runs a legacy .NET Framework application on Windows Server 2012 EC2 instances behind an internal load balancer. The application is a monolith that has no source code changes anymore and the original developers have left. Leadership wants to modernize the deployment to reduce OS patching overhead and improve density, ideally moving to containers without rewriting the application. The team has minimal container expertise and needs a repeatable, low-effort path to containerize the running application and generate the necessary deployment artifacts. Which approach best meets these requirements?

Reviewed for accuracy · Report an issue
Question 12 of 25

A biotech company is designing a new genomics analysis platform. Thousands of parallel batch jobs must read from and write to a large shared dataset (hundreds of TB) with extremely high aggregate throughput and sub-millisecond latency during compute-intensive alignment steps. Jobs are containerized and run in bursts of up to 5,000 vCPUs, then the cluster scales to zero when idle. The dataset originates in an Amazon S3 bucket, and results must be written back to S3 for long-term retention. The team wants a fully managed solution that minimizes idle cost. Which storage and compute design best meets these requirements?

Reviewed for accuracy · Report an issue
Question 13 of 25

A media analytics company runs a nightly batch job that transcodes and analyzes user-uploaded video. The workload is highly parallelizable, fault-tolerant (individual tasks can be retried), and must complete within a 6-hour window each night. The rest of the day the compute fleet sits idle. Job volume varies significantly from night to night. The finance team wants to minimize compute cost while ensuring the batch reliably finishes within its window. Which compute strategy should the solutions architect recommend?

Reviewed for accuracy · Report an issue
Question 14 of 25

A company runs a customer-facing payment API on AWS Lambda behind API Gateway. Recent production deployments have twice caused elevated error rates that went unnoticed for several minutes, resulting in failed transactions before engineers manually rolled back. The team uses AWS CodePipeline and CodeDeploy for deployments. Leadership wants future deployments to automatically shift only a small portion of traffic to the new version first, monitor for errors, and roll back automatically if problems are detected — all with minimal custom code. Which approach best meets these requirements?

Reviewed for accuracy · Report an issue
Question 15 of 25

A large enterprise runs 40 AWS accounts under AWS Organizations. The security team wants employees to authenticate using the company's existing Microsoft Entra ID (Azure AD) as the identity provider and access assigned accounts through a single portal. Access to specific accounts must be governed by the employee's group membership in Entra ID, and permissions must be defined once and reused across many accounts. Which approach meets these requirements with the least ongoing operational overhead?

Reviewed for accuracy · Report an issue
Question 16 of 25

A company runs 40 workload accounts under AWS Organizations. The central operations team must build unified dashboards and alarms that correlate CloudWatch metrics and logs from all workload accounts without deploying and maintaining custom agents or Lambda functions to copy data between accounts. They also want to minimize ongoing operational overhead. Which approach best meets these requirements?

Reviewed for accuracy · Report an issue
Question 17 of 25

A media company serves a large catalog of static images and video thumbnails through Amazon CloudFront, backed by an S3 origin in us-east-1. The site has grown into a global audience, and CloudWatch metrics show the origin fetch rate (requests reaching S3) has climbed steadily as viewers in more regions request the same popular assets simultaneously. Finance flags rising S3 GET request charges and data transfer out to CloudFront. The cache TTLs are already tuned appropriately, and the assets rarely change. The team wants to reduce the number of duplicate origin requests for the same objects across CloudFront's many regional edge caches without changing the application or the S3 bucket structure. Which action best improves the cache efficiency and reduces origin load?

Reviewed for accuracy · Report an issue
Question 18 of 25

A media company serves static assets to global users from an S3 bucket that is currently configured as a public website endpoint fronted by CloudFront. A recent security audit flagged that the bucket allows anonymous public access and that assets can be retrieved directly from the S3 website URL, bypassing CloudFront (and therefore WAF rules and access logging). The team must remediate this exposure so that assets are only reachable through CloudFront, without changing the object keys or breaking existing viewer URLs. Which approach best meets these requirements with the least ongoing operational overhead?

Reviewed for accuracy · Report an issue
Question 19 of 25

A financial services company has an existing multi-account AWS environment managed under AWS Organizations. The security team currently exports CloudTrail logs from each account into per-account S3 buckets and manually runs Amazon Athena queries whenever they investigate a suspicious API activity. Investigations frequently span multiple accounts and take days because analysts must manually correlate results across dozens of buckets and re-create Athena tables. Leadership wants to improve the security posture by reducing investigation time and enabling ongoing detection of anomalous API behavior with minimal operational overhead. Which approach BEST meets these requirements?

Reviewed for accuracy · Report an issue
Question 20 of 25

A SaaS company runs a customer-facing web application behind an Application Load Balancer with an Auto Scaling group of EC2 instances. Support tickets reveal that customers frequently detect broken checkout and login flows before the operations team does. Existing monitoring relies only on ALB target health checks (a TCP check on port 443) and CloudWatch CPU alarms. The team wants to detect user-facing functional failures and latency degradation for critical multi-step workflows proactively, ideally before real users are affected, with minimal application code changes. Which improvement best meets these requirements?

Reviewed for accuracy · Report an issue
Question 21 of 25

A SaaS company runs a CI/CD pipeline in AWS CodePipeline with a CodeBuild stage that compiles a large monorepo, downloads hundreds of npm and Maven dependencies on every run, and executes a test suite. The build stage now takes 45 minutes, and developers complain that feedback is too slow, delaying releases. Cost is a secondary concern, but the team wants to reduce build duration with minimal changes to the pipeline structure. Which combination of changes will MOST effectively reduce build time?

Reviewed for accuracy · Report an issue
Question 22 of 25

A media company runs a fleet of EC2 instances behind an Application Load Balancer in an Auto Scaling group. Deployments use AWS CodeDeploy with an in-place deployment strategy that runs configuration scripts on each existing instance during release. Recently, deployments have caused inconsistent runtime state: some instances end up with drifted package versions, and failed deployments leave the fleet in a partially updated state that is difficult to roll back. Operations wants to eliminate configuration drift, guarantee that every instance runs an identical, tested artifact, and enable fast, reliable rollback. Which approach BEST meets these requirements while improving operational excellence?

Reviewed for accuracy · Report an issue
Question 23 of 25

A company must vacate its colocation data center in 90 days after a lease was not renewed. The environment contains roughly 250 physical and virtual servers running a mix of Windows and Linux workloads, including several tightly coupled legacy applications whose source code is unavailable. The team has no capacity to refactor or re-architect anything before the deadline, but they want automated, block-level replication with continuous data sync so that final cutover produces minimal downtime and a low RPO. Which approach best meets these requirements within the timeline?

Reviewed for accuracy · Report an issue
Question 24 of 25

A company operates 45 accounts under AWS Organizations. The security team must continuously verify that all accounts comply with a set of standardized rules (encrypted EBS volumes, no public S3 buckets, mandatory tags), and automatically remediate violations without manually configuring each account. They want compliance findings aggregated in a central account and the ability to deploy new rules once and have them apply everywhere, including future accounts. Which approach best meets these requirements with the least ongoing operational effort?

Reviewed for accuracy · Report an issue
Question 25 of 25

A large enterprise is scaling from 15 to over 200 AWS accounts. They currently provision new accounts manually, which leads to inconsistent guardrails, missing centralized logging, and non-standard VPC configurations. The cloud platform team wants a repeatable, governed process that automatically applies preventive and detective controls, enrolls new accounts into the correct organizational units, and configures a standardized network baseline — while allowing application teams to request accounts through a self-service workflow. Which approach best meets these requirements with the least ongoing operational overhead?

Reviewed for accuracy · Report an issue