Hey everyone, we are back with an interesting blog that will help you in learning about AWS Solutions Architect Associate Preparation (SAA-C02). This will let you know the essentials and foundations of this exam.

If you haven’t checked our previous article on AWS Cloud Practitioner Essentials then read it out first. Here we have already discussed Cloud Computing and how you can start your career in the AWS Cloud. We have also shared the Cloud Practitioner Certification(Q&A) that will help you to get your first AWS Certification.

I am an AWS Solutions Architect and have already gone through the phase of finding the best questions and essentials under one link but was unable to get one. And today, I bring you the collab of information and top 30 Questions and Answer which will bring you one step closer to your goal.

So, without wasting much time, Let’s Start!!



What are the Essentials for being a Cloud Solutions Architect?

Cloud Solutions Architect is the next step for people who are looking to build and validate the overall understanding of AWS Cloud. People can start their cloud journey with this certificate as well. This is will cover a deep understanding of the Cloud Practitioner Course. This course is for those who want to understand Cloud Computing from an architect’s perspective.

Key responsibilities will be to design available, cost-efficient, fault-tolerant, and scalable distributed systems on AWS.

Whenever it comes to taking a course there are a few things that everyone looks into.

Who can learn this?

What things to learn?

What are the key Tools and Services?

Where to learn from?

What is the estimate cost of the certification?

What is the Exam Pattern and Time Limit?

Let’s understand these basic questions in the further documentation

– Who can learn this?

There are as such no prerequisites for this course but you should be familiar with AWS Management Console and the AWS Command Line Interface(AWS CLI) and have a basic understanding of the AWS Well-Architected Framework, AWS networking, security services, and the AWS global infrastructure.

– What are things to learn?

As a Solutions Architect, you must be aware of designing resilient, high-performing, cost-optimized, and highly secure applications.

1. Resilient Architect
  • Design a multi-tier architecture solution
  • Design highly available and/or fault-tolerant architectures
  • Design decoupling mechanisms using AWS services
  • Choose appropriate resilient storage
2. High Performing
  • Identify elastic and scalable compute solutions for a workload.
  • Select high-performing and scalable storage solutions for a workload.
  • Select high-performing networking solutions for a workload.
  • Choose high-performing database solutions for a workload.
3. Cost Optimized
  • Identify cost-effective storage solutions.
  • Identify cost-effective compute and database services.
  • Design cost-optimized network architectures.
4. Highly Secure
  • Design secure access to AWS resources.
  • Design secure application tiers.
  • Select appropriate data security options.

– What are the key Tools and Services?

The following is a list of the tools and technologies that could appear in the exam. This list is can change and is provided to help you understand the general scope of services, features, or technologies on the exam.

  1. Compute
  2. Cost management
  3. Database
  4. Disaster recovery
  5. High availability
  6. Management and governance
  7. Microservices and component decoupling
  8. Migration and data transfer
  9. Networking, connectivity, and content delivery
  10. Security
  11. Serverless design principles
  12. Storage

– Where to learn from?

Now the question arises where you have to spend your valuable time and get quality learning. Here is the best-recommended course which I suggest you focus on.

Ultimate AWS Certified Solutions Architect Associate 2022

This is the ultimate guide that will make your fundamentals strong. The Mantra to being a smart learner is to Learn, Practice and Repeat.

– What is the estimated cost of the certification?

Udemy Course Cost:- Rs 455 – Rs 500

Certifications Cost:- 150 USD ( Rs 12000 approx.)

The first certification may be a little expensive, but after successful completion, you are given a golden opportunity of 50% cost reduction for the further certifications, which can be a life savior.

– What is the Exam Pattern and Time Limit?

AWS Certified Solution Architect Exam Details

Top Questions & Answers

Let’s discuss some of the frequently asked questions in the exam:-

Q1. A customer relationship management (CRM) application runs on Amazon EC2 instances in multiple Availability Zones behind an Application Load Balancer.
If one of these instances fails, what occurs?

A. The load balancer will stop sending requests to the failed instance.
B. The load balancer will terminate the failed instance.
C. The load balancer will automatically replace the failed instance.
D. The load balancer will return 504 Gateway Timeout errors until the instance is replaced

Answer. A

Q2. A company needs to perform asynchronous processing, and has Amazon SQS as part of a decoupled. architecture. The company wants to ensure that the number of empty responses from polling requests are kept to a minimum.
What should a solutions architect do to ensure that empty responses are reduced?

A. Increase the maximum message retention period for the queue.
B. Increase the maximum receives for the redrive policy for the queue.
C. Increase the default visibility timeout for the queue.
D. Increase the receive message wait time for the queue.

Answer. D

Q3. A company currently stores data for on-premises applications on local drives. The chief technology officer wants to reduce hardware costs by storing the data in Amazon S3 but does not want to make modifications to the applications. To minimize latency, frequently accessed data should be available locally.
What is a reliable and durable solution for a solutions architect to implement that will reduce the cost of local storage?

A. Deploy an SFTP client on a local server and transfer data to Amazon S3 using AWS Transfer for SFTP.
B. Deploy an AWS Storage Gateway volume gateway configured in cached volume mode.
C. Deploy an AWS DataSync agent on a local server and configure an S3 bucket as the destination.
D. Deploy an AWS Storage Gateway volume gateway configured in stored volume mode.

Answer. B

Q4. A company runs a public-facing three-tier web application in a VPC across multiple Availability Zones. Amazon EC2 instances for the application tier running in private subnets need to download software patches from the internet. However, the instances cannot be directly accessible from the internet.
Which actions should be taken to allow the instances to download the needed patches? (Select TWO)

A. Configure a NAT gateway in a public subnet.
B. Define a custom route table with a route to the NAT gateway for internet traffic and associate it with the private subnets for the application tier.
C. Assign Elastic IP addresses to the application instances.
D. Define a custom route table with a route to the internet gateway for internet traffic and associate it with the private subnets for the application tier.
E. Configure a NAT instance in a private subnet.

Answer. A, B

Q5. A solutions architect wants to design a solution to save costs for Amazon EC2 instances that do not need to run during a 2-week company shutdown. The applications running on the instances store data in instance memory (RAM) that must be present when the instances resume operation.
Which approach should the solutions architect recommend to shut down and resume the instances?

A. Modify the application to store the data on instance store volumes. Reattach the volumes while restarting them.
B. Snapshot the instances before stopping them. Restore the snapshot after restarting the instances.
C. Run the applications on instances enabled for hibernation. Hibernate the instances before the shutdown.
D. Note the Availability Zone for each instance before stopping it. Restart the instances in the same availability Zones after the shutdown.

Answer. C

Q6. A company plans to run a monitoring application on an Amazon EC2 instance in a VPC. Connections are made to the instance using its private IPv4 address. A solutions architect needs to design a solution that will allow traffic to be quickly directed to a standby instance if the application fails and becomes unreachable.
Which approach will meet these requirements?

A. Deploy an Application Load Balancer configured with a listener for the private IP address and register the primary instance with the load balancer. Upon failure, de-register the instance and register the secondary instance.
B. Configure a custom DHCP option set. Configure DHCP to assign the same private IP address to the secondary instance when the primary instance fails.
C. Attach a secondary elastic network interface (ENI) to the instance configured with the private IP address. Move the ENI to the standby instance if the primary instance becomes unreachable.
D. Associate an Elastic IP address with the network interface of the primary instance. Disassociate the Elastic IP from the primary instance upon failure and associate it with a secondary instance.

Answer. C

Q7. An analytics company is planning to offer a site analytics service to its users. The service will require that the users’ webpages include a JavaScript script that makes authenticated GET requests to the company’s Amazon S3 bucket.
What must a solutions architect do to ensure that the script will successfully execute?

A. Enable cross-origin resource sharing (CORS) on the S3 bucket.
B. Enable S3 versioning on the S3 bucket.
C. Provide the users with a signed URL for the script.
D. Configure a bucket policy to allow public execute privileges.

Answer. A

Q8. A company’s security team requires that all data stored in the cloud be encrypted at rest at all times using encryption keys stored on-premises.
Which encryption options meet these requirements? (Select TWO.)

A. Use Server-Side Encryption with Amazon S3 Managed Keys (SSE-S3).
B. Use Server-Side Encryption with AWS KMS Managed Keys (SSE-KMS).
C. Use Server-Side Encryption with Customer Provided Keys (SSE-C).
D. Use client-side encryption to provide at-rest encryption.
E. Use an AWS Lambda function triggered by Amazon S3 events to encrypt the data using the customer’s keys.

Answer. C, D

Q9. A company needs to maintain access logs for a minimum of 5 years due to regulatory requirements. The data is rarely accessed once stored, but must be accessible with one day’s notice if it is needed.
What is the MOST cost-effective data storage solution that meets these requirements?

A. Store the data in Amazon S3 Glacier Deep Archive storage and delete the objects after 5 years using a lifecycle rule.
B. Store the data in Amazon S3 Standard storage and transition to Amazon S3 Glacier after 30 days using a lifecycle rule.
C. Store the data in logs using Amazon CloudWatch Logs and set the retention period to 5 years.
D. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage and delete the objects after 5 years using a lifecycle rule.

Answer. A

Q10. A company uses Reserved Instances to run its data-processing workload. The nightly job typically takes 7 hours to run and must finish within a 10-hour time window. The company anticipates temporary increases in demand at the end of each month that will cause the job to run over the time limit with the capacity of the current resources. Once started, the processing job cannot be interrupted before completion. The company wants to implement a solution that would allow it to provide increased capacity as cost-effectively as possible.
What should a solutions architect do to accomplish this?

A. Deploy On-Demand Instances during periods of high demand.
B. Create a second Amazon EC2 reservation for additional instances.
C. Deploy Spot Instances during periods of high demand.
D. Increase the instance size of the instances in the Amazon EC2 reservation to support the increased workload.

Answer. A

Q11. A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI. The security team has mandated a more secure solution.
Which solution will meet the security team’s mandate?

A. Put the access key in an S3 bucket, and retrieve the access key on boot from the instance.
B. Pass the access key to the instances through instance user data.
C. Obtain the access key from a key server launched in a private subnet.
D. Create an IAM role with permissions to access the table, and launch all instances with the new role.

Answer. D

Q12. A company is developing a highly available web application using stateless web servers. Which services are suitable for storing session state data? (Select TWO)

A. CloudWatch
B. DynamoDB
C. Elastic Load Balancing
D. ElastiCache
E. Storage Gateway

Answer. B, D

Q13. Company salespeople upload their sales figures daily. A Solutions Architect needs a durable storage solution for these documents that also protects against users accidentally deleting important documents.
Which action will protect against unintended user actions?

A. Store data in an EBS volume and create snapshots once a week.
B. Store data in an S3 bucket and enable versioning.
C. Store data in two S3 buckets in different AWS regions.
D. Store data on EC2 instance storage.

Answer. B

Q14. An application requires a highly available relational database with an initial storage capacity of 8 TB. The database will grow by 8 GB every day. To support expected traffic, at least eight read replicas will be required to handle database reads.
Which option will meet these requirements?

A. DynamoDB
B. Amazon S3
C. Amazon Aurora
D. Amazon Redshift

Answer. C

Q15. A Solutions Architect is designing a critical business application with a relational database that runs on an EC2 instance. It requires a single EBS volume that can support up to 16,000 IOPS.
Which Amazon EBS volume type can meet the performance requirements of this application?

A. EBS Provisioned IOPS SSD
B. EBS Throughput Optimized HDD
C. EBS General Purpose SSD
D. EBS Cold HDD

Answer. A

Q16. A web application allows customers to upload orders to an S3 bucket. The resulting Amazon S3 events trigger a Lambda function that inserts a message to an SQS queue. A single EC2 instance reads messages from the queue, processes them, and stores them in an DynamoDB table partitioned by unique order ID. Next month traffic is expected to increase by a factor of 10 and a Solutions Architect is reviewing the architecture for possible scaling problems. Which component is MOST likely to need re-architecting to be able to scale to accommodate the new traffic?

A. Lambda function
B. SQS queue
C. EC2 instance
D. DynamoDB table

Answer. C

Q17. An application saves the logs to an S3 bucket. A user wants to keep the logs for one month for troubleshooting purposes, and then purge the logs.
What feature will enable this?

A. Adding a bucket policy on the S3 bucket.
B. Configuring lifecycle configuration rules on the S3 bucket.
C. Creating an IAM policy for the S3 bucket.
D. Enabling CORS on the S3 bucket.

Answer. B

Q18. An application running on EC2 instances processes sensitive information stored on Amazon S3. The information is accessed over the Internet. The security team is concerned that the Internet connectivity to Amazon S3 is a security risk.
Which solution will resolve the security concern?

A. Access the data through an Internet Gateway.
B. Access the data through a VPN connection.
C. Access the data through a NAT Gateway.
D. Access the data through a VPC endpoint for Amazon S3.

Answer. D

Q19. An organization is building an Amazon Redshift cluster in their shared services VPC. The cluster will host sensitive data.
How can the organization control which networks can access the cluster?

A. Run the cluster in a different VPC and connect through VPC peering.
B. Create a database user inside the Amazon Redshift cluster only for users on the network.
C. Define a cluster security group for the cluster that allows access from the allowed networks.
D. Only allow access to networks that connect with the shared services network via VPN.

Answer. C

Q20. A Solutions Architect is designing an online shopping application running in a VPC on EC2 instances behind an ELB Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer managed database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet.
Which VPC design meets these requirements?

A. Public subnets for both the application tier and the database cluster
B. Public subnets for the application tier, and private subnets for the database cluster
C. Public subnets for the application tier and NAT Gateway, and private subnets for the database cluster
D. Public subnets for the application tier, and private subnets for the database cluster and NAT Gateway

Answer. C

Q21. A video production company is planning to move some of its workloads to the AWS Cloud. The company will require around 5 TB of storage for video processing with the maximum possible I/O performance. They also require over 400 TB of extremely durable storage for storing video files and 800 TB of storage for long-term archival.
Which combinations of services should a Solutions Architect use to meet these requirements?

A. Amazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage.
B. Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage.
C. Amazon EC2 instance store for maximum performance, Amazon EFS for durable data storage, and Amazon S3 for archival storage.
D. Amazon EBS for maximum performance, Amazon EFS for durable data storage, and Amazon S3 Glacier for archival storage.

Answer. A

Q22. A persistent database must be migrated from an on-premises server to an Amazon EC2 instances. The database requires 64,000 IOPS and, if possible, should be stored on a single Amazon EBS volume. Which solution should a Solutions Architect recommend?

A. Use an instance from the I3 I/O optimized family and leverage instance store storage to achieve the IOPS requirement.
B. Create an Amazon EC2 instance with four Amazon EBS General Purpose SSD (gp2) volumes attached. Max out the IOPS on each volume and use a RAID 0 stripe set.
C. Create a Nitro-based Amazon EC2 instance with an Amazon EBS Provisioned IOPS SSD (i01) volume
D. Create an Amazon EC2 instance with two Amazon EBS Provisioned IOPS SSD (i01) volumes attached. Provision 32,000 IOPS per volume and create a logical volume using the OS that aggregates the capacity.

Answer. C

Q23. A company has two accounts for perform testing and each account has a single VPC: VPC-TEST1 and VPC-TEST2. The operations team require a method of securely copying files between Amazon EC2 instances in these VPCs. The connectivity should not have any single points of failure or bandwidth constraints. Which solution should a Solutions Architect recommend?

A. Create a VPC gateway endpoint for each EC2 instance and update route tables.
B. Attach a virtual private gateway to VPC-TEST1 and VPC-TEST2 and enable routing.
C. Attach a Direct Connect gateway to VPC-TEST1 and VPC-TEST2 and enable routing.
D. Create a VPC peering connection between VPC-TEST1 and VPC-TEST2.

Answer. D

Q24. Your company is currently hosting a long-running heavy load application on its On-premise environment. The company has developed this application in-house. Consulting companies then use this application via API calls, and each API call may take half an hour to finish. You now need to consider moving this application to AWS. Which of the following services would be best suited in the architecture design, which would also help deliver a cost-effective solution? Choose 2 answers from the options given below.

A. AWS Lambda
B. AWS API Gateway
C. AWS Config
D. AWS EC2

Answer. B, D

Q25. Using seven Amazon EC2 instances, a business runs its web application on AWS. The organization needs that DNS queries provide the IP addresses of all healthy EC2 instances.
Which policy should be employed to comply with this stipulation?

A. Simple routing policy
B. Latency routing policy
C. Multi-value routing policy
D. Geolocation routing policy

Answer. C

Q26. A business is creating a website that will store static photos in an Amazon S3 bucket. The company’s goal is to reduce both latency and cost for all future requests.
How should a solutions architect propose a service configuration?

A. Deploy a NAT server in front of Amazon S3.
B. Deploy Amazon CloudFront in front of Amazon S3.
C. Deploy a Network Load Balancer in front of Amazon S3.
D. Configure Auto Scaling to automatically adjust the capacity of the website.

Answer. B

Q27. A corporation connects its on-premises servers to AWS through a 10 Gbps AWS Direct Connect connection. The connection’s workloads are crucial. The organization needs a catastrophe recovery approach that is as resilient as possible while minimizing the existing connection bandwidth.
What recommendations should a solutions architect make?

A. Set up a new Direct Connect connection in another AWS Region.
B. Set up a new AWS managed VPN connection in another AWS Region.
C. Set up two new Direct Connect connections: one in the current AWS Region and one in another Region.
D. Set up two new AWS managed VPN connections: one in the current AWS Region and one in another Region.

Answer. A

Q28. Amazon Elastic Block Store (Amazon EBS) volumes are used by a media organization to store video material. A certain video file has gained popularity, and a significant number of individuals from all over the globe are now viewing it. As a consequence, costs have increased.
Which step will result in a cost reduction without jeopardizing user accessibility?

A. Change the EBS volume to Provisioned IOPS (PIOPS).
B. Store the video in an Amazon S3 bucket and create an Amazon CloudFront distribution.
C. Split the video into multiple, smaller segments so users are routed to the requested video segments only.
D. Clear an Amazon S3 bucket in each Region and upload the videos so users are routed to the nearest S3 bucket.

Answer. B

Q29. A business requires data storage on Amazon S3. A compliance requirement stipulates that when objects are modified, their original state must be retained. Additionally, data older than five years should be kept for auditing purposes.
What should a solutions architect recommend as the most effortable?

A. Enable object-level versioning and S3 Object Lock in governance mode
B. Enable object-level versioning and S3 Object Lock in compliance mode
C. Enable object-level versioning. Enable a lifecycle policy to move data older than 5 years to S3 Glacier Deep Archive Most Voted
D. Enable object-level versioning. Enable a lifecycle policy to move data older than 5 years to S3 Standard-Infrequent Access (S3 Standard-IA)

Answer. C

Q30. On a huge fleet of Amazon EC2 instances, a business runs an application. The program reads and writes items to a DynamoDB database hosted by Amazon. The DynamoDB database increases in size regularly, yet the application requires just data from the previous 30 days. The organization need a solution that is both cost effective and time efficient to implement.
Which solution satisfies these criteria?

A. Use an AWS CloudFormation template to deploy the complete solution. Redeploy the CloudFormation stack every 30 days, and delete the original stack.
B. Use an EC2 instance that runs a monitoring application from AWS Marketplace. Configure the monitoring application to use Amazon DynamoDB Streams to store the timestamp when a new item is created in the table. Use a script that runs on the EC2 instance to delete items that have a timestamp that is older than 30 days.
C. Configure Amazon DynamoDB Streams to invoke an AWS Lambda function when a new item is created in the table. Configure the Lambda function to delete items in the table that are older than 30 days.
D. Extend the application to add an attribute that has a value of the current timestamp plus 30 days to each new item that is created in the table. Configure DynamoDB to use the attribute as the TTL attribute.

Answer. D

For more such practice questions, kindly go through the following course Practice Exams | AWS Certified Solutions Architect Associate to practice the set of six papers for preparation. It will not only make you confident but also help you pass with flying colors.

Register for the exam only when you start getting >80% on each practice paper.

All the best keep rocking and shining!!👍🏻😉


So, this is all about AWS Solutions Architect Associate preparation. You should do a lot of practice with these questions and learn the fundamentals from the courses that I already shared with you.

You will surely get to know more once you complete the courses, things will fall easily, and you’ll have the exact action plan to work on and to get certification quite quickly.

I hope you enjoyed the article and if you found this useful, then please share it with your friends and colleagues. If these questions have helped you to pass the exam, then spread this so that other people can also benefit.

If you have any queries please feel free to post them in the comments section or anything that you wanted to ask through mail contact.

Thank you😉

Also read,