AWS Certified Solutions Architect Professional SAPC02 AWS Certified Solutions Architect Professional SAPC02 Free Practice Test — 30 Questions

Question 1

AstroDynamics, a global technology firm, is migrating its sensitive customer data processing workloads to AWS. The company operates under stringent data residency regulations in several jurisdictions, requiring that Personally Identifiable Information (PII) originating from specific customer bases must remain within designated AWS Regions. As part of a broader disaster recovery initiative, they are planning to implement multi-region architectures. The challenge is to establish a proactive and auditable framework that prevents the accidental or intentional deployment of resources that could violate these data residency laws, ensuring that all data storage and processing adheres to geographical compliance mandates across all their AWS accounts. Which architectural approach would most effectively satisfy these requirements for granular, cross-account enforcement of data residency policies?

Accepted Answer

Implement AWS Organizations Service Control Policies (SCPs) to deny resource creation in prohibited AWS Regions, coupled with AWS Config rules to continuously monitor and audit resource configurations against data residency mandates.

Question 2

A global online retailer is facing severe performance degradation during its annual holiday sales event, resulting in a significant increase in customer complaints and abandoned shopping carts. The current architecture consists of a monolithic application hosted on EC2 instances, utilizing an EBS volume for persistent data storage. This architecture struggles to scale elastically to meet the unpredictable, high-volume traffic demands. The business requires a solution that drastically improves application availability, scalability, and fault tolerance with minimal downtime during the migration process. Which architectural approach and corresponding AWS services would best address these requirements while optimizing for operational efficiency?

Accepted Answer

Re-architect the application into microservices deployed on Amazon ECS with AWS Fargate, utilizing Amazon DynamoDB for data persistence and Amazon API Gateway for inter-service communication.

Question 3

A multinational fintech company, operating across multiple continents, has experienced a significant security incident involving unauthorized access to a customer data lake hosted on Amazon S3. The breach has potentially exposed personally identifiable information (PII) of millions of users, triggering immediate concerns regarding compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The company requires a robust architectural strategy that not only facilitates rapid incident response and forensic analysis but also establishes a continuous compliance framework to prevent future occurrences and maintain regulatory adherence. Which of the following architectural approaches would best satisfy these multifaceted requirements?

Accepted Answer

Implement AWS WAF for edge protection, utilize Amazon Macie for sensitive data discovery, and rely on manual log reviews from CloudTrail for forensic analysis, while ensuring all S3 buckets are configured with public access blocked.

Question 4

A financial services firm is migrating a critical, monolithic on-premises trading platform to AWS. The current platform suffers from severe performance bottlenecks during peak trading hours and lacks the agility to deploy new features rapidly. The firm\'s leadership mandates a significant improvement in application resilience, the ability to scale individual components independently, and a substantial reduction in the operational overhead associated with managing the infrastructure. They also express a desire to integrate with various AWS managed services for data analytics and real-time notifications. Which AWS architecture best addresses these multifaceted requirements for a successful migration and future-proofing?

Accepted Answer

Deploying the application as a set of microservices orchestrated by Amazon Elastic Kubernetes Service (EKS), leveraging managed services like Amazon RDS for databases and Amazon ElastiCache for caching.

Question 5

A global enterprise, a leader in the financial services sector, is undergoing a significant digital transformation, migrating its core banking applications to AWS. To enhance agility and isolate workloads, they are implementing a robust multi-account AWS strategy, anticipating the creation of hundreds of accounts over the next two years. The organization is bound by strict financial regulations, including the General Data Protection Regulation (GDPR) and similar regional data sovereignty laws, mandating that sensitive customer data must reside within specific geographical regions. They are encountering difficulties in maintaining a uniform security baseline, achieving granular cost allocation for different business units, and ensuring consistent operational oversight across this expanding account structure. What is the most effective AWS strategy to establish a well-governed, secure, and compliant multi-account environment that addresses these challenges?

Accepted Answer

Implement AWS Control Tower to establish a secure, compliant, and automated multi-account environment, utilizing AWS Organizations for account management, AWS IAM Identity Center for centralized access, AWS Config for continuous compliance monitoring, and AWS Systems Manager for operational automation, while configuring Service Control Policies (SCPs) to enforce data residency requirements and baseline security configurations.

Question 6

A global financial services firm operates a mission-critical SAP HANA deployment on AWS across two active regions for high availability and disaster recovery. The business mandates a Recovery Time Objective (RTO) of less than 5 minutes and a Recovery Point Objective (RPO) of less than 1 minute for this workload. The firm also needs to manage operational costs effectively, avoiding the expense of running full production capacity in both regions simultaneously. Which AWS disaster recovery strategy, leveraging native SAP HANA capabilities and AWS services, best meets these stringent requirements while optimizing resource utilization?

Accepted Answer

Implement SAP HANA System Replication between Region A and Region B, deploy a pilot light configuration for the SAP HANA instances in Region B (running with reduced compute resources but fully replicated data), and utilize AWS Global Accelerator to manage traffic routing and failover to Region B in case of a primary region failure.

Question 7

A global financial services firm is migrating its core transaction processing system to AWS. A critical compliance requirement mandates that all transaction logs, including details of deposits, withdrawals, and fund transfers, must be retained for seven years in an immutable format, preventing any form of deletion or modification, even by administrators. The logs must also be encrypted at rest and continuously monitored for configuration drift that could compromise immutability. Which combination of AWS services best addresses these stringent requirements?

Accepted Answer

Amazon S3 configured with Object Lock in Compliance mode, AWS CloudTrail logging data events to this S3 bucket, AWS Key Management Service (KMS) for encryption, and AWS Config for continuous monitoring of the S3 bucket's configuration.

Question 8

Aether Dynamics is undertaking a phased migration of its on-premises financial services application to AWS, with a primary objective of enhancing agility and scalability while adhering to stringent Payment Card Industry Data Security Standard (PCI DSS) regulations. The initial phase involves migrating the customer-facing web portal, which handles user authentication and profile management. The company requires a robust, scalable, and compliant solution for managing user identities, enforcing strong authentication mechanisms including multi-factor authentication (MFA), and controlling access to application resources. Which AWS service is best suited to manage the user authentication and authorization for this customer-facing portal, ensuring alignment with PCI DSS requirements for identity management?

Accepted Answer

AWS Cognito User Pools

Question 9

A financial services company is architecting a new fraud detection system that must process millions of incoming financial transactions per minute with sub-second latency for analysis. The system needs to ingest this data, make it available for immediate real-time analysis by machine learning models, and then archive it for historical reporting. The architecture must be highly scalable to accommodate fluctuating transaction volumes and resilient to component failures. Which combination of AWS services would best meet these requirements for real-time data ingestion and immediate analysis?

Accepted Answer

Amazon Kinesis Data Streams for ingestion and real-time data availability, followed by AWS Lambda functions for processing and analysis, and Amazon S3 for archiving.

Question 10

A financial services firm is migrating a critical, monolithic, stateful banking application to AWS. The application experiences significant downtime during peak hours due to its inability to scale individual components independently and its reliance on in-memory session data that is lost during restarts. The firm requires a solution that ensures near-continuous availability, allows for granular scaling of business functions, and maintains user session integrity throughout the transition. The architecture must also incorporate robust security measures against common web attacks. Which combination of AWS services best addresses these requirements for the modernized application?

Accepted Answer

Amazon EKS for microservice orchestration, Amazon ElastiCache for Redis for session state management, AWS Step Functions for workflow orchestration, and AWS WAF for web security.

Question 11

A global enterprise is implementing a new smart agriculture initiative, requiring real-time data collection from thousands of sensors deployed across vast, often remote, farmlands in various continents. The data includes environmental readings (temperature, humidity, soil moisture), crop health indicators, and operational status of automated irrigation systems. The solution must ingest this data with minimal latency, process it for immediate actionable insights (e.g., irrigation adjustments, pest alerts), and ensure high availability and durability across multiple AWS Regions, adhering to varying data sovereignty regulations. Which architectural approach would best satisfy these stringent requirements?

Accepted Answer

Utilize AWS IoT Core for device connectivity and management, AWS IoT Greengrass for localized data pre-processing and filtering at the edge, and AWS Kinesis Data Streams for high-throughput, low-latency ingestion into a central analytics pipeline across multiple AWS Regions.

Question 12

A company operates a critical, custom-built e-commerce platform that relies on an in-house developed, in-memory session management system. The platform is currently hosted on Amazon EC2 instances across multiple Availability Zones. To meet stringent uptime requirements and ensure users do not lose their shopping cart contents or login status during infrastructure failures, the architecture must be adapted. The existing session management code cannot be easily modified to support distributed session storage natively. Which AWS service and configuration best addresses the need for highly available and fault-tolerant session state management for this legacy application, minimizing changes to the application\'s session access patterns?

Accepted Answer

Deploy an Amazon ElastiCache for Redis cluster configured with multi-AZ replication groups to serve as the distributed session store, with application instances connecting to the ElastiCache endpoint.

Question 13

A multinational corporation utilizes AWS Organizations to manage its cloud environment. A critical compliance requirement mandates that no EC2 instances within the production account can ever be terminated by any user or automated process. To enforce this, an SCP is applied to the production account\'s OU, explicitly denying the `ec2:TerminateInstances` action for all principals. Within the production account, an IAM user has a meticulously crafted IAM policy that grants broad permissions, including `ec2:TerminateInstances`. Additionally, a separate development team in a different AWS account needs to manage EC2 instances in the production account via cross-account IAM roles, and their role\'s attached IAM policy also permits `ec2:TerminateInstances`. When an administrator attempts to terminate an EC2 instance in the production account using the IAM user\'s credentials, and subsequently when the development team attempts the same action using their cross-account role, what is the most likely outcome for both attempts?

Accepted Answer

Both attempts to terminate EC2 instances will fail due to the Service Control Policy's explicit denial.

Question 14

A Solutions Architect is designing a robust multi-account strategy using AWS Organizations for a global financial institution. Account B, a member account, has been configured with an SCP that explicitly denies the `s3:DeleteBucket` action for any S3 bucket possessing the tag `environment:production`. Within Account B, the root user has an IAM policy attached that grants broad permissions, including the ability to perform `s3:DeleteBucket` on all S3 buckets. Consider a scenario where a junior administrator, operating as the root user in Account B, attempts to delete an S3 bucket in Account B that is tagged with `environment:production`. What is the most likely outcome of this action?

Accepted Answer

The deletion attempt will fail due to the explicit deny in the Service Control Policy.

Question 15

A financial services firm is migrating its legacy, monolithic customer relationship management (CRM) system from on-premises data centers to AWS. The current system suffers from severe performance degradation during peak trading hours, leading to significant delays in customer data retrieval and reporting, which risks violating stringent financial regulations regarding data availability and processing times. Furthermore, the monolithic nature impedes rapid feature development and deployment, causing the firm to lag behind competitors in offering new digital services. The firm requires a cloud-native architecture that prioritizes high availability, elastic scalability, rapid deployment cycles, and robust data processing for compliance reporting. Which architectural approach best addresses these multifaceted requirements?

Accepted Answer

Decompose the monolith into microservices orchestrated by Amazon EKS, utilize AWS Lambda and Amazon SQS for asynchronous data processing, and implement a CI/CD pipeline using AWS CodePipeline for automated deployments.

Question 16

A global e-commerce platform, built on a robust AWS multi-tier architecture, is experiencing intermittent and unpredictable service disruptions. Customers report slow response times and outright unavailability during peak shopping periods, leading to significant revenue loss and damage to brand reputation. The current infrastructure comprises EC2 instances running web and application servers, an Amazon RDS for PostgreSQL instance, and Amazon S3 buckets for product images and static assets. Analysis of monitoring data reveals that during traffic surges, CPU utilization on the EC2 instances frequently reaches saturation, and database connections become exhausted. The company’s leadership is demanding an immediate, yet sustainable, solution to ensure high availability and consistent performance, without a complete re-architecture at this stage. Which of the following strategies would most effectively address the immediate availability and performance challenges while laying the groundwork for future scalability?

Accepted Answer

Implement Application Load Balancers across multiple Availability Zones, coupled with EC2 Auto Scaling Groups configured with target tracking scaling policies based on average CPU utilization, and establish comprehensive health checks for both ALB and ASG.

Question 17

A global e-commerce platform is undertaking a significant modernization effort, migrating a large, stateful monolithic application to a microservices architecture on AWS. The migration strategy involves a gradual rollout, where certain user segments will interact with new microservices while others continue to use the existing monolithic backend. This phased approach necessitates careful management of user sessions, data consistency across different backend versions, and the orchestration of API calls that might target either the monolith or newly deployed microservices. The engineering team is concerned about maintaining a stable user experience, handling potential inconsistencies during the transition, and ensuring robust error handling for operations that span across legacy and modern components. Which AWS service is best suited to orchestrate these complex, stateful workflows and manage the interactions between the monolithic application and the new microservices during the migration?

Accepted Answer

AWS Step Functions

Question 18

A global financial services organization is experiencing critical performance degradation and intermittent outages in its primary customer-facing trading platform hosted on AWS. The platform is subject to stringent regulatory compliance, including data residency mandates and the need for auditable transaction logs. Analysis reveals that the Amazon EC2 instances supporting the application layer are consistently hitting $100\%$ CPU utilization during peak trading hours, and the Amazon RDS for PostgreSQL instance is exhibiting high I/O wait times and slow query responses. The firm must ensure all sensitive financial data remains within specific AWS Regions and that all system activities are comprehensively logged for regulatory audits. Which combination of AWS services and architectural adjustments would best address these challenges while maintaining regulatory compliance?

Accepted Answer

Implement Amazon ElastiCache for Redis to cache frequently accessed data, migrate the primary database to Amazon Aurora with read replicas, and utilize AWS CloudTrail and AWS Config to enforce data residency and log all API activities.

Question 19

A global financial services firm, operating under stringent data protection regulations like the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR), has identified a critical unpatched vulnerability in a legacy, monolithic application hosted on Amazon EC2 instances. This application is essential for daily operations, and unplanned downtime could result in significant financial losses and regulatory penalties. The firm\'s security team needs to implement a strategy that continuously monitors for such vulnerabilities, automates the patching process with minimal disruption, and ensures ongoing compliance with regulatory mandates. Which combination of AWS services and strategic approach would best address these requirements?

Accepted Answer

Implement AWS Inspector for continuous vulnerability scanning, AWS Systems Manager Patch Manager for automated patching, AWS Config with custom remediation actions leveraging AWS Lambda to orchestrate patch validation and deployment, and AWS Security Hub for centralized compliance reporting.

Question 20

A global financial services organization is grappling with recurrent, subtle data integrity anomalies within its Amazon RDS for PostgreSQL instance. These anomalies manifest as intermittent data corruption, necessitating the ability to recover the database to a precise point in time, potentially down to the second, to mitigate regulatory compliance risks associated with data loss and audit trails. The organization\'s existing strategy involves daily automated backups. However, these backups are insufficient to address the fine-grained recovery requirements, as recovering to the last daily backup would result in an unacceptable loss of recent, valid transactions. Additionally, regulatory mandates require a robust audit trail of all data modifications. Which AWS configuration best addresses both the immediate need for granular point-in-time recovery and the long-term requirement for comprehensive data auditability in this scenario?

Accepted Answer

Enable RDS automated backups with a retention period of 35 days and configure continuous archiving of PostgreSQL Write Ahead Logs (WAL) to Amazon S3.

Question 21

A global financial services company is migrating its core banking platform to AWS. This platform handles highly sensitive customer Personally Identifiable Information (PII) and must comply with strict data residency regulations that mandate data be stored and processed exclusively within the European Union (EU) and the United States (US) for respective customer segments. The company operates under a multi-account strategy managed by AWS Organizations. The architecture must support high availability and disaster recovery by replicating critical data across multiple AWS Regions within the EU and US. Which combination of AWS services and configurations provides the most robust and enforceable solution for ensuring data residency compliance and preventing accidental or intentional deployment of resources in non-compliant regions across all accounts?

Accepted Answer

Implement S3 bucket policies to restrict cross-region replication to only EU and US regions, and deploy AWS Organizations Service Control Policies (SCPs) to deny the creation of any AWS resources in regions outside the EU and US.

Question 22

Consider a multi-account AWS environment managed by AWS Organizations. Account A contains an IAM role intended to manage cryptographic keys in Account B. Account B is part of an Organizational Unit (OU) to which a Service Control Policy (SCP) is attached. This SCP explicitly denies all AWS Key Management Service (KMS) operations, with the exception of `kms:CreateGrant` and `kms:ListGrants`. Within Account B, an IAM policy attached to a KMS key resource grants `kms:Encrypt`, `kms:Decrypt`, and `kms:GenerateDataKey` permissions to the IAM role in Account A. The IAM role in Account A has a policy allowing `kms:CreateGrant` and `kms:ListGrants` on KMS keys residing in Account B. When the IAM role in Account A attempts to perform `kms:Encrypt` on a KMS key in Account B, followed by `kms:CreateGrant` on the same key, which operations will succeed?

Accepted Answer

Only `kms:CreateGrant` will succeed.

Question 23

A financial services company, \"Quantum Leap Analytics,\" utilizes AWS Organizations to manage its numerous accounts. Account A serves as the central logging and security hub, while Account B houses sensitive customer data and critical application workloads. An Organizational Unit (OU) named \"Production\" contains Account B. A stringent Service Control Policy (SCP) is attached to the \"Production\" OU. This SCP explicitly denies all `s3:*` actions for any S3 bucket whose name matches the pattern `*-restricted-*` and also denies all `iam:*` actions. The root user in Account B has an IAM policy that grants broad permissions, including `s3:*` for all buckets and `iam:*` for all IAM actions. If the root user in Account B attempts to delete an S3 bucket named `customer-data-restricted-archive` and also attempts to create a new IAM user, what will be the outcome?

Accepted Answer

Both the S3 bucket deletion and the IAM user creation will be denied due to the SCPs applied to the "Production" OU.

Question 24

A rapidly growing e-commerce platform, currently running a monolithic application on a fleet of EC2 instances, is experiencing severe performance degradation and intermittent availability issues following a highly successful promotional campaign. The application handles product browsing, user authentication, order processing, and inventory management. The operations team has identified that the bottleneck is the inability to scale individual application components independently to meet fluctuating customer demand, leading to increased response times and a poor user experience. The company also needs to optimize operational costs and ensure high availability in line with industry best practices for financial services data handling, although the application itself is not directly handling financial transactions. What architectural strategy should the solutions architect recommend to address these challenges effectively and prepare for future growth?

Accepted Answer

Decompose the monolithic application into microservices deployed on Amazon EKS, utilize Application Load Balancer for traffic distribution, implement Amazon Aurora with read replicas for the database, leverage Amazon ElastiCache for caching, and use Amazon CloudFront for static content delivery.

Question 25

A global financial institution, operating under stringent data residency and privacy regulations, needs to provide temporary, read-only access to specific financial performance reports stored in Amazon S3 buckets to an external auditing firm. The auditing firm will access these resources from their own AWS account for a period of two weeks. The institution requires a solution that enforces the principle of least privilege, ensures auditability of all access, and minimizes the attack surface. Which approach best satisfies these requirements?

Accepted Answer

Create an IAM role within the financial institution's AWS account. Configure the role's trust policy to allow the auditing firm's AWS account to assume it. Attach an IAM policy to this role that grants read-only access (s3:GetObject, s3:ListBucket) specifically to the designated S3 buckets containing the reports.

Question 26

A multinational e-commerce platform hosted on AWS is experiencing sporadic, unexplainable slowdowns during peak traffic hours, leading to a significant increase in abandoned shopping carts. The development team suspects issues with application responsiveness or underlying infrastructure bottlenecks, but the problem is not consistently reproducible. The Solutions Architect is tasked with guiding the technical team to a resolution. Which combination of AWS services, when strategically implemented and analyzed, would provide the most granular, end-to-end visibility to accurately diagnose and resolve these intermittent performance issues, while also fostering cross-team collaboration for swift remediation?

Accepted Answer

Comprehensive configuration of CloudWatch Logs for application and system events, detailed CloudWatch Metrics for resource utilization and network traffic, and the implementation of AWS X-Ray for distributed tracing across all microservices.

Question 27

An organization is migrating its mission-critical financial services platform to a multi-region AWS architecture. The existing disaster recovery (DR) strategy relies on manual failover procedures, which are time-consuming and prone to human error. A new, automated DR orchestration solution has been developed internally, leveraging AWS Step Functions and custom Lambda functions, but it has not yet been tested in a full-scale production failover scenario. The executive team has mandated a transition to this automated solution within the next quarter to improve RTO (Recovery Time Objective) and RPO (Recovery Point Objective) targets, citing competitive pressure and regulatory compliance requirements. You, as the lead Solutions Architect, are responsible for guiding this transition. The team is highly skilled in AWS but expresses concerns about the untested nature of the new orchestration logic and its potential impact on transactional integrity during a failover. How should you best approach leading this critical transition to ensure both operational resilience and stakeholder confidence?

Accepted Answer

Implement a phased rollout of the automated DR solution, starting with read-replica environments in non-production regions, followed by progressively more critical environments, coupled with rigorous, simulated failover testing at each stage and transparent communication of results to stakeholders.

Question 28

A global e-commerce platform is migrating its customer-facing web application to AWS. The application utilizes Amazon Cognito for user authentication and relies on API Gateway integrated with Lambda functions for backend services. A critical requirement is to maintain user session state across geographically distributed users accessing the application from various regions, while adhering to strict data residency regulations that mandate all customer session data must reside within a specific geographic region. The solution must ensure high availability and low latency for session retrieval, and must not rely on sticky sessions due to the stateless nature of the Lambda functions and the need for seamless scaling. Which AWS service configuration best addresses these requirements for managing user session state?

Accepted Answer

Deploy Amazon ElastiCache for Redis in a Multi-AZ configuration within the designated geographic region, configured for replication, to store and retrieve user session data.

Question 29

A multinational financial services firm is undergoing a significant transformation to comply with emerging data sovereignty laws in several key markets. Their current data analytics platform, built on Amazon S3 for data storage and Amazon EMR for processing, needs to be re-architected to ensure all personally identifiable customer information (PII) is stored and processed exclusively within specific, designated AWS Regions, and encrypted using customer-managed keys. The executive board, comprised of individuals with varying technical backgrounds, requires a clear, concise, and actionable plan that addresses both the technical implementation and the business impact. Which of the following approaches best demonstrates the required behavioral competencies of adaptability, strategic vision communication, and technical problem-solving for a Solutions Architect Professional in this scenario?

Accepted Answer

Propose a phased re-architecture leveraging AWS KMS with customer-managed keys for encryption, configuring S3 bucket policies and lifecycle rules for strict regional data residency, and migrating EMR clusters to the designated regions, while preparing a presentation for the board that translates technical complexities into business benefits and compliance assurances.

Question 30

A global e-commerce platform is migrating its legacy monolithic application to a microservices architecture on AWS. The new architecture comprises numerous independent services responsible for product catalog, order processing, payment gateway interaction, and customer management. The business requires a robust mechanism to coordinate complex, multi-step transactions that span these services, ensuring data consistency and high availability, even during intermittent network issues or service failures. The solution must also provide visibility into the execution flow and facilitate easy modification of business logic without extensive code changes. Which AWS service is best suited to orchestrate these microservices and manage the overall transaction flow?

Accepted Answer

AWS Step Functions

AWS Certified Solutions Architect Professional SAPC02 AWS Certified Solutions Architect Professional SAPC02 Free Practice Test — 30 Questions

A lot more is already mapped out

About the AWS Certified Solutions Architect Professional SAPC02 AWS Certified Solutions Architect Professional SAPC02 Certification