Top AWS SAA-C02 Exam Questions and Answers 2022

AWS Solutions Architect Associate is a certification exam from Amazon Web Services designed for professionals who work as an AWS Architect or want to become one. This certification exam has been created to evaluate your knowledge about designing, deploying, and operating services on AWS.

An AWS Solutions Architect is an individual who understands the breadth and depth of services offered by Amazon Web Services (AWS) and can design, deploy, and operate AWS solutions. If you’re interested in becoming an AWS Architect or working towards becoming one, this article will outline what you need to know about the certification.

Solving the AWS Solutions Architect Associate Practice Exam is crucial to your success on the AWS certification exam. Taking the time to understand the questions and answers will give you a big advantage on test day.

Why should you avoid exam dumps and rely on practice exams to test your readiness?

The AWS SAA exam is difficult to pass with proper preparation, so it is not recommended to use AWS exam dumps as a learning tool. You would benefit from using questions that experts have created in the field who know the most up-to-date details regarding the AWS certification requirements. Using study materials and questions written by these experts will help you gain a more profound knowledge of various topics within AWS and ensure that you are ready for all questions on the exam upon passing.

Use Coupon Code BLOG20 to avail flat 20% discount on saasguru Programs.

Taking an online AWS course or getting hands-on learning experience is a much more effective way of preparing for this exam. Practice tests, prepared by industry experts, include questions based on new tools and features added to the AWS platform. You can either start by taking a free mock test from saasguru to get certified in just 2 weeks with personalized learning patterns and 1:1 mentorship programs in the convenience and comfort of your mobile. 

Learners can gain diverse knowledge of AWS by studying through the practice questions explicitly curated by AWS professionals.

There are many new features and changes to the AWS platform every year, so you must know what has changed and what hasn’t. It’s also critical that you know how to solve problems of various difficulty levels in a short amount of time.

Check the quality of the questions curated by accomplished AWS professionals by going through the following sample questions and answers.

AWS Solutions Architect Associate Certification Exam Sample Questions

Q1. You are designing a three-tier application on AWS and want to ensure proper network segmentation and security. You have the following requirements: 

1. Every tier will have its dedicated subnet. 
2. Web instances should be accessible by the load balancer only.
3. App instances should be accessible from the web tier only.
4. DB instances should be accessible from the app tier only. 

What actions would you take to meet these requirements? Choose three answers.

a. Put instances in all three layers: web, app, and DB in private subnets without public IP.

b. Keep the web instances in public subnets. Keep app and DB instances in private subnets.

c. Ensure the SG attached to the DB instances allows access from the app layer and the SG attached to the App instances allows access from Web SG only.

d. Create a public (external) Application Load balancer that should have access to web-tier instances only.

Rationale: The question is about network segmentation and protection at each layer. To meet the stated requirements, make sure all the tiers are in their own private subnets and only the load balancer is accessible from the internet. At each layer, the SGs should ensure who can access the instances.

Q2. What mandatory information you must provide when creating an EC2 Auto Scaling Group? Choose two answers.

a. Desired Capacity

b. VPC

c. Launch Template

d. Scaling Policy

Rationale: Desired capacity and scaling policy are optional information to be provided when creating the Auto Scaling group. However, you must provide the VPC details and launch configuration/launch template. It is recommended to use the launch template.

Q3. You are using CloudFront to improve the performance of your website for users at multiple locations worldwide. What strategies would you look at for tuning the performance? Choose two answers.

a. Devise a caching strategy according to the content, i.e., static or dynamic.

b. Store the content in multiple regions across the world so that content is closer to the users.

c. Improve the cache hit ratio by tuning the cache key.

d. Use sticky sessions to ensure the frequently accessed content is available in the cache.

Rationale: Content does not need to be stored at multiple locations worldwide to bring it closer to the end users. CloudFront can achieve this via its numerous edge locations.

Sticky sessions are not a feature of CloudFront.

Q4. What is true about RDS backups?

a. You can configure your RDS instance at the time of creation to enable automated backups during a backup window.

b. Automated RDS backups are enabled by default and can be disabled.

c. Manual backups can be taken only if automated backups are disabled. Both cannot co-exist.

d. Automated backups are deleted as soon as the RDS instance is deleted. There is no way to retain the automated backups after instance deletion.

Rationale: You can have manual and automated backups co-exist and be taken for the same RDS instance. 

Automated backups are enabled by default and can be disabled by setting the retention period to 0.

Q5. Your company is storing data files in S3. You need to configure lifecycle policies to archive data files after 30 days, as they will only be needed for compliance and will no longer be needed after a year. What actions would you take?

a. Store the files in S3 Standard. Configure lifecycle policies to move the files to S3 Infrequent Access storage after 30 days and to s3 Glacier Deep Archive after one year.

b. Store the files in S3 Infrequent Access storage. Configure lifecycle policies to move the files to S3 Infrequent Deep Archive after 30 days and delete the files after one year.

c. Store the files in S3 Standard. Configure lifecycle policies to move the files to S3 Glacier Deep Archive after 30 days and delete the files completely after one year.

d. Store the files in S3 Infrequent Access storage. Configure lifecycle policies to move the files to S3 Infrequent Access – One Zone storage after 30 days and delete the files completely after one year.

Rationale: As per the requirements, the files are frequently accessed only for the first 30 days and need to be stored in the standard storage class. However, after 30 days, the files are only required for compliance purposes and can be moved to the S3 Glacier Deep Archive. After one year, the files can be completely deleted.

All these transitions can be automated by configuring the lifecycle policies.

Q6. Your application must comply with Europe GDPR. How can you ensure this on AWS?

a. Make sure you use AWS native features so that the application becomes GDPR compliant.

b. Use AWS Inspector to detect any gaps in terms of GDPR compliance.

c. Enable GDPR compliance for every service used in your architecture.

d. Design your application for GDPR compliance by using the tools available on AWS or external tools.

Rationale: AWS is a shared responsibility model. Protecting and complying with the workload is the customer’s responsibility. They would provide the tools that customers should use to ensure their workloads are compliant with any particular regulation.

Q7. Amazon Aurora stores 6 copies of data in 3 Availability Zones. Which pillar of the Well-Architected Framework (WAF) aligns with this Aurora feature?

a. First time use password and IAM Policy allowing them to log in to the console.

b. Access key, secret access key, and a unique login URL unique to your account.

c. First time use password, secret access key, and MFA.

d. First time use password and a unique login URL that is unique to your account.

Rationale: To ensure the new user can log in to the AWS console, you need to provide them with a password generated when creating the IAM user and a unique login URL specific to their AWS account.

Q8. You are looking for a petabyte-size storage service that your business users can use for analytics. In addition, they need a service that provides a familiar SQL interface. What AWS service can be used in this scenario?

a. Redshift

b. Athena

c. S3

d. Amazon Aurora

Rationale: Redshift is a service that provides a petabyte-scale analytics service and provides a very familiar SQL interface.

 Aurora is not a database service for analytics.

Athena is a service that queries data stored in S3.

Use Coupon Code BLOG20 to avail flat 20% discount on saasguru Programs.

Q9. Your workload consists of multiple microservices that connect to a backend database. How can you store the credentials securely in this case? 

a. Keep it in a config file in an S3 bucket that is protected by bucket policies.

b. Keep it in the source code.

c. Environment variables

d. Secrets Manager

Rationale: Secrets Manager is the best and most secure option to store the credentials. Secrets Manager is a managed service to store and protect your secrets like passwords, API keys, etc., and manages functions like the automatic rotation of secrets.

Q10. AWS WAF is a layer 7 protection for your web applications. It integrates with certain AWS services to provide this protection. Which of the following is not one of them?

a. Application Load Balancer

b. Route 53

c. API Gateway

d. CloudFront

Rationale: AWS WAF is tightly integrated with ALB, API Gateway, and CloudFront only. 

Route53 is a DNS service and does not integrate with WAF.

Summing Up

As you work towards the AWS Solutions Architect Associate certification, it is a good idea to familiarize yourself with the exam guide and scenario-based questions. Sign Up on saasguru to practice questions and ace your certification preparation.