AWS Certified Solutions Architect Associate Exam – SAA-C02 Study Guide
The AWS Certified Solutions Architect Associate SAA-C02 exam, or SAA for short, is one of the most sought after certifications in the Cloud industry. This certification attests to your knowledge of the AWS Cloud and building a well-architected infrastructure in AWS.
As a Solutions Architect, it is your responsibility to be familiar with the services that meet your customer requirements. Aside from that, you should also have the knowledge to create an efficient, secure, reliable, fault tolerant, and cost-effective infrastructure out of these services. Your AWS SA Associate exam will be based upon these topics.
Whitepapers, FAQs, and the AWS Documentation will be your primary study materials for this exam. Experience in building systems will also be helpful, since the exam constitutes of multiple scenario type questions. You can learn more details on your exam through the official SAA-C02 Exam Guide here. Do a quick read on it to be aware of how to prepare and what to expect on the exam itself.
SAA-C02 Study Materials
For the AWS Certified Solutions Architect Associate exam, we recommend going through the FREE AWS Exam Readiness video course, official AWS sample questions, AWS whitepapers, FAQs, AWS cheat sheets, and AWS practice exams.
We recommend that you read the following whitepapers for your review. They contain a lot of concepts and strategies which are important for you to know.
- Overview of Amazon Web Services: This paper provides a good introduction on Cloud Computing, the AWS Global Infrastructure, and the available AWS Services. Reading this whitepaper before proceeding to the other whitepapers below will clear up many jargons found on the succeeding materials.
- AWS Well Architected Framework: This paper is the most important one to read. It discusses the Five Pillars of a Well Architected Framework, with each pillar having a whitepaper of its own, and can all be found on this webpage. Be sure to understand well architected framework not just conceptually, but also in actual practice and application.
- AWS Best Practices: This paper teaches you the best practices to perform when running your applications in AWS. It points out the advantages of Cloud over traditional hosting infrastructures and how you can implement them to keep your applications up and running all the time. The SA Associate exam will include questions that will test your knowledge on the best practices through different example scenarios.
- Using Amazon Web Services for Disaster Recovery: This paper explains the different types of disaster recovery plans that you can perform in AWS. It is your responsibility as a Solutions Architect to mitigate any potential downtime when disaster strikes. Depending on your RPO and RTO, a proper disaster recovery plan will be a deciding factor between business continuity and revenue loss.
Additional SAA-C02 Whitepapers
- AWS Security Practices: This paper supplements your study on the AWS services and features such as IAM, Security Groups, nACLs, etc. You should read this paper since security specific questions occasionally pop up in the exam.
- AWS Storage Services Overview: This paper supplements your study on the different AWS Storage options such as S3, EBS, EFS, Glacier, etc. It contains a good detail of information and comparison for each storage service, which is crucial in knowing the best service to use for a situation.
- Building Fault-Tolerant Applications on AWS: This paper discusses the many ways you can ensure your applications are fault-tolerant in AWS. It also contains multiple scenarios where the practices are applied and which AWS services were crucial for the scenario.
SAA-C02 AWS Services that you should prepare for:
For the exam version (SAA-C02), you should also know the following services:
- AWS Global Accelerator
- Elastic Fabric Adapter (EFA)
- Elastic Network Adapter (ENA)
- AWS ParallelCluster
- Amazon FSx
- AWS DataSync
- AWS Directory Service
- High Performance Computing
- Aurora Serverless
… plus a few more services and new SAA-C02 topics that we have recently added to our AWS Certified Solutions Architect Associate Practice Exams.
For more information, check out the SAA-C02 official exam guide here.
Core AWS Services to Focus On for the SAA-C02 Exam
- EC2 – As the most fundamental compute service offered by AWS, you should know about EC2 inside out.
- Lambda – Lambda is the common service used for serverless applications. Study how it is integrated with other AWS services to build a full stack serverless app.
- Elastic Load Balancer – Load balancing is very important for a highly available system. Study about the different types of ELBs, and the features each of them supports.
- Auto Scaling – Study what services in AWS can be auto scaled, what triggers scaling, and how auto scaling increases/decreases the number of instances.
- Elastic Block Store – As the primary storage solution of EC2, study on the types of EBS volumes available. Also study how to secure, backup and restore EBS volumes.
- S3 / Glacier – AWS offers many types of S3 storage depending on your needs. Study what these types are and what differs between them. Also review on the capabilities of S3 such as hosting a static website, securing access to objects using policies, lifecycle policies, etc. Learn as much about S3 as you can.
- Storage Gateway – There are occasional questions about Storage Gateway in the exam. You should understand when and which type of Storage Gateway should be used compared to using services like S3 or EBS. You should also know the use cases and differences between DataSync and Storage Gateway.
- EFS – EFS is a service highly associated with EC2, much like EBS. Understand when to use EFS, compared to using S3, EBS or instance store. Exam questions involving EFS usually ask the trade off between cost and efficiency of the service compared to other storage services.
- RDS / Aurora – Know how each RDS database differs from one another, and how they are different from Aurora. Determine what makes Aurora unique, and when it should be preferred from other databases (in terms of function, speed, cost, etc). Learn about parameter groups, option groups, and subnet groups.
- DynamoDB – The exam includes lots of DynamoDB questions, so read as much about this service as you can. Consider how DynamoDB compares to RDS, Elasticache and Redshift. This service is also commonly used for serverless applications along with Lambda.
- Elasticache – Familiarize yourself with Elasticache redis and its functions. Determine the areas/services where you can place a caching mechanism to improve data throughput, such as managing session state of an ELB, optimizing RDS instances, etc.
- VPC/NACL/Security Groups – Study every service that is used to create a VPC (subnets, route tables, internet gateways, nat gateways, VPN gateways, etc). Also, review on the differences of network access control lists and security groups, and during which situations they are applied.
- Route 53 – Study the different types of records in Route 53. Study also the different routing policies. Know what hosted zones and domains are.
- IAM – Services such as IAM Users, Groups, Policies and Roles are the most important to learn. Study how IAM integrates with other services and how it secures your application through different policies. Also read on the best practices when using IAM.
- CloudWatch – Study how monitoring is done in AWS and what types of metrics are sent to CloudWatch. Also read upon Cloudwatch Logs, CloudWatch Alarms, and the custom metrics made available with CloudWatch Agent.
- CloudTrail – Familiarize yourself with how CloudTrail works, and what kinds of logs it stores as compared to CloudWatch Logs.
- Kinesis – Read about Kinesis sharding and Kinesis Data Streams. Have a high level understanding of how each type of Kinesis Stream works.
- CloudFront – Study how CloudFront helps speed up websites. Know what content sources CloudFront can serve from. Also check the kinds of certificates CloudFront accepts.
- SQS – Gather info on why SQS is helpful in decoupling systems. Study how messages in the queues are being managed (standard queues, FIFO queues, dead letter queues). Know the differences between SQS, SNS, SES, and Amazon MQ.
- SNS – Study the function of SNS and what services can be integrated with it. Also be familiar with the supported recipients of SNS notifications.
- SWF / CloudFormation / OpsWorks – Study how these services function. Differentiate the capabilities and use cases of each of them. Have a high level understanding of the kinds of scenarios they are usually used in.
Based on our exam experience, you should also know when to use the following:
- AWS DataSync vs Storage Gateway
- FSx (Cold and Hot Storage)
- Cross-Region Read Replicas vs. Multi-Az RDS – which database provides high-availability
- Amazon Object key vs Object Metadata
- Direct Connect vs. Site-to-Site VPN
- AWS Config vs AWS CloudTrail
- Security Group vs NACL
- NAT Gateway vs NAT Instance
- Geolocation routing policy vs. Geoproximity routing policy on Route 53
The AWS Documentation and FAQs will be your primary source of information. You can also visit Tutorials Dojo’s AWS Cheat Sheets to gain access to a repository of thorough content on the different AWS services mentioned above. Lastly, try out these services yourself by signing up in AWS and performing some lab exercises. Experiencing them on your own will help you greatly in remembering what each service is capable of.
Also check out this article: Top 5 FREE AWS Review Materials.
Common Exam Scenarios
Domain 1: Design Resilient Architectures
Set up asynchronous data replication to another RDS DB instance hosted in another AWS Region
Create a Read Replica
A parallel file system for “hot” (frequently accessed) data
Amazon FSx For Lustre
Implement synchronous data replication across Availability Zones with automatic failover in Amazon RDS.
Enable Multi-AZ deployment in Amazon RDS.
Needs a storage service to host “cold” (infrequently accessed) data
Amazon S3 Glacier
Set up a relational database and a disaster recovery plan with an RPO of 1 second and RTO of less than 1 minute.
Use Amazon Aurora Global Database.
Monitor database metrics and send email notifications if a specific threshold has been breached.
Create an SNS topic and add the topic in the CloudWatch alarm.
Set up a DNS failover to a static website.
Use Route 53 with the failover option to a static S3 website bucket or CloudFront distribution.
Implement an automated backup for all the EBS Volumes.
Use Amazon Data Lifecycle Manager to automate the creation of EBS snapshots.
Monitor the available swap space of your EC2 instances
Install the CloudWatch agent and monitor the SwapUtilizationmetric.
Implement a 90-day backup retention policy on Amazon Aurora.
Use AWS Backup
Domain 2: Design High-Performing Architectures
Implement a fanout messaging.
Create an SNS topic with a message filtering policy and configure multiple SQS queues to subscribe to the topic.
A database that has a read replication latency of less than 1 second.
Use Amazon Aurora with cross-region replicas.
A specific type of Elastic Load Balancer that uses UDP as the protocol for communication between clients and thousands of game servers around the world.
Use Network Load Balancer for TCP/UDP protocols.
Monitor the memory and disk space utilization of an EC2 instance.
Install Amazon CloudWatch agent on the instance.
Retrieve a subset of data from a large CSV file stored in the S3 bucket.
Perform an S3 Select operation based on the bucket’s name and object’s key.
Upload 1 TB file to an S3 bucket.
Use Amazon S3 multipart upload API to upload large objects in parts.
Improve the performance of the application by reducing the response times from milliseconds to microseconds.
Use Amazon DynamoDB Accelerator (DAX)
Retrieve the instance ID, public keys, and public IP address of an EC2 instance.
Access the url: http://169.254.169.254/latest/meta-data/ using the EC2 instance.
Route the internet traffic to the resources based on the location of the user.
Use Route 53 Geolocation Routing policy.
|Domain 3: Design Secure Applications and Architectures|
Encrypt EBS volumes restored from the unencrypted EBS snapshots
Copy the snapshot and enable encryption with a new symmetric CMK while creating an EBS volume using the snapshot.
Limit the maximum number of requests from a single IP address.
Create a rate-based rule in AWS WAF and set the rate limit.
Grant the bucket owner full access to all uploaded objects in the S3 bucket.
Create a bucket policy that requires users to set the object’s ACL to bucket-owner-full-control.
Protect objects in the S3 bucket from accidental deletion or overwrite.
Enable versioning and MFA delete.
Access resources on both on-premises and AWS using on-premises credentials that is stored in Active Directory.
Set up SAML 2.0-Based Federation by using a Microsoft Active Directory Federation Service.
Secure the sensitive data stored in EBS volumes
Enable EBS Encryption
Ensure that the data-in-transit and data-at-rest of the Amazon S3 bucket is always encrypted
Enable Amazon S3 Server-Side or use Client-Side Encryption
Secure the web application by allowing multiple domains to serve SSL traffic over the same IP address.
Use AWS Certificate Manager to generate an SSL certificate. Associate the certificate to the CloudFront distribution and enable Server Name Indication (SNI).
Control the access for several S3 buckets by using a gateway endpoint to allow access to trusted buckets.
Create an endpoint policy for trusted S3 buckets.
Enforce strict compliance by tracking all the configuration changes made to any AWS services.
Set up a rule in AWS Config to identify compliant and non-compliant services.
Provide short-lived access tokens that acts as temporary security credentials to allow access to AWS resources.
Use AWS Security Token Service
Encrypt and rotate all the database credentials, API keys, and other secrets on a regular basis.
Use AWS Secrets Manager and enable automatic rotation of credentials.
|Domain 4: Design Cost-Optimized Architectures|
A cost-effective solution for over-provisioning of resources.
Configure a target tracking scaling in ASG.
The application data is stored in a tape backup solution. The backup data must be preserved for up to 10 years.
Use AWS Storage Gateway to backup the data directly to Amazon S3 Glacier Deep Archive.
Accelerate the transfer of historical records from on-premises to AWS over the Internet in the cost-effective manner.
Use AWS DataSync and select Amazon S3 Glacier Deep Archive as the destination.
Globally deliver the static contents and media files to customers around the world with low latency.
Store the files in Amazon S3 and create a CloudFront distribution. Select the S3 bucket as the origin.
An application must be hosted to two EC2 instances and should continuously run for three years. The CPU utilization of the EC2 instances is expected to be stable and predictable.
Deploy the application to a Reserved instance.
Implement a cost-effective solution for S3 objects that are accessed less frequently.
Create an Amazon S3 lifecyle policy to move the objects to Amazon S3 Standard-IA.
Minimize the data transfer costs between two EC2 instances.
Deploy the EC2 instances in the same Region.
Import the SSL/TLS certificate of the application.
Import the certificate into AWS Certificate Manager or upload it to AWS IAM.
Validate Your Knowledge
When you are feeling confident with your review, it is best to validate your knowledge through sample exams. You can take this practice exam from AWS for free as additional material, but do not expect your real exam to be on the same level of difficulty as this practice exam on the AWS website. Tutorials Dojo offers a very useful and well-reviewed set of practice tests for AWS Solutions Architect Associate SAA-C02 takers here. Each test contains unique questions that will surely help verify if you have missed out on anything important that might appear on your exam. You can also pair our practice exams with our AWS Certified Solutions Architect Associate Exam Study Guide eBook to further help in your exam preparations.
If you have scored well on the Tutorials Dojo AWS Certified Solutions Architect Associate practice tests and you think you are ready, then go earn your certification with your head held high. If you think you are lacking in certain areas, better go review them again, and take note of any hints in the questions that will help you select the correct answers. If you are not that confident that you’ll pass, then it would be best to reschedule your exam to another day, and take your time preparing for it. In the end, the efforts you have put in for this will surely reward you.
Sample SAA-C02 Practice Test Questions:
A company hosted an e-commerce website on an Auto Scaling group of EC2 instances behind an Application Load Balancer. The Solutions Architect noticed that the website is receiving a large number of illegitimate external requests from multiple systems with IP addresses that constantly change. To resolve the performance issues, the Solutions Architect must implement a solution that would block the illegitimate requests with minimal impact on legitimate traffic.
Which of the following options fulfills this requirement?
- Create a regular rule in AWS WAF and associate the web ACL to an Application Load Balancer.
- Create a custom network ACL and associate it with the subnet of the Application Load Balancer to block the offending requests.
- Create a rate-based rule in AWS WAF and associate the web ACL to an Application Load Balancer.
- Create a custom rule in the security group of the Application Load Balancer to block the offending requests.
An AI-powered Forex trading application consumes thousands of data sets to train its machine learning model. The application’s workload requires a high-performance, parallel hot storage to process the training datasets concurrently. It also needs cost-effective cold storage to archive those datasets that yield low profit.
Which of the following Amazon storage services should the developer use?
- Use Amazon FSx For Lustre and Amazon EBS Provisioned IOPS SSD (io1) volumes for hot and cold storage respectively.
- Use Amazon FSx For Lustre and Amazon S3 for hot and cold storage respectively.
- Use Amazon Elastic File System and Amazon S3 for hot and cold storage respectively.
- Use Amazon FSx For Windows File Server and Amazon S3 for hot and cold storage respectively.
Check out our other AWS practice test courses here:
Additional SAA-C02 Training Materials: High Quality Video Courses for the AWS Certified Solutions Architect Associate Exam
There are a few top-rated AWS Certified Solutions Architect Associate SAA-C02 video courses that you can check out as well, which can complement your exam preparations especially if you are the type of person who can learn better through visual courses instead of reading long whitepapers:
- AWS Certified Solutions Architect – Associate by Adrian Cantrill
- AWS Certified Solutions Architect – Associate by DolfinEd
Based on the feedback of thousands of our students in our practice test course, the combination of any of these video courses plus our practice tests and our AWS Certified Solutions Architect Associate Study Guide eBook was enough to pass the exam and even get a good score.
Some notes regarding your SAA-C02 exam
The AWS Solutions Architect Associate (SAA-C02) exam loves to end questions that ask for highly available or cost-effective solutions. Be sure to understand the choices provided to you, and verify that they have correct details. Some choices are very misleading such that it seems it is the most appropriate answer to the question, but contains an incorrect detail of some service.
When unsure of which options are correct in a multi-select question, try to eliminate some of the choices that you believe are false. This will help narrow down the feasible answers to that question. The same goes for multiple choice type questions. Be extra careful as well when selecting the number of answers you submit. Check out the tips mentioned in this article for more information.
As mentioned in this review, you should be able to differentiate services that belong in one category with one another. Common comparisons include:
- EC2 vs ECS vs Lambda
- S3 vs EBS vs EFS
- CloudFormation vs OpsWorks vs Elastic Beanstalk
- SQS vs SNS vs SES vs MQ
- Security Group vs nACLs
- The different S3 storage types vs Glacier
- RDS vs DynamoDB vs Elasticache
- RDS engines vs Aurora
The Tutorials Dojo Comparison of AWS Services contains excellent cheat sheets comparing these seemingly similar services which are crucial to solving the tricky scenario-based questions in the actual exam. By knowing each service’s capabilities and use cases, you can consider these types of questions already half-solved.
Lastly, be on the lookout for “key terms” that will help you realize the answer faster. Words such as millisecond latency, serverless, managed, highly available, most cost effective, fault tolerant, mobile, streaming, object storage, archival, polling, push notifications, etc are commonly seen in the exam. Time management is very important when taking AWS certification exams, so be sure to monitor the time you consume for each question.