AWS Certified Solutions Architect Associate Exam – SAA-C02 Study Path

The AWS Certified Solutions Architect Associate SAA-C02 exam, or SAA for short, is one of the most sought after certifications in the Cloud industry. This certification attests to your knowledge of the AWS Cloud and building a well-architected infrastructure in AWS.

As a Solutions Architect, it is your responsibility to be familiar with the services that meet your customer requirements. Aside from that, you should also have the knowledge to create an efficient, secure, reliable, fault tolerant, and cost-effective infrastructure out of these services. Your AWS SA Associate exam will be based upon these topics.

Whitepapers, FAQs, and the AWS Documentation will be your primary study materials for this exam. Experience in building systems will also be helpful, since the exam constitutes of multiple scenario type questions. You can learn more details on your exam through the official SAA-C02 Exam Guide here. Do a quick read on it to be aware of how to prepare and what to expect on the exam itself.

SAA-C02 Study Materials

For the AWS Certified Solutions Architect Associate exam, we recommend going through the FREE AWS Exam Readiness video course, official AWS sample questions, AWS whitepapers, FAQs, AWS cheat sheets, and AWS practice exams.

Exam Readiness AWS Certified Solutions Architect Associate SAA-C02

Exam Readiness AWS Certified Solutions Architect Associate SAA-C02

We recommend that you read the following whitepapers for your review. They contain a lot of concepts and strategies which are important for you to know.

  1. Overview of Amazon Web Services: This paper provides a good introduction on Cloud Computing, the AWS Global Infrastructure, and the available AWS Services. Reading this whitepaper before proceeding to the other whitepapers below will clear up many jargons found on the succeeding materials.
  2. AWS Well Architected Framework: This paper is the most important one to read. It discusses the Five Pillars of a Well Architected Framework, with each pillar having a whitepaper of its own, and can all be found on this webpage. Be sure to understand well architected framework not just conceptually, but also in actual practice and application.
  3. AWS Best Practices: This paper teaches you the best practices to perform when running your applications in AWS. It points out the advantages of Cloud over traditional hosting infrastructures and how you can implement them to keep your applications up and running all the time. The SA Associate exam will include questions that will test your knowledge on the best practices through different example scenarios.
  4. Using Amazon Web Services for Disaster Recovery: This paper explains the different types of disaster recovery plans that you can perform in AWS. It is your responsibility as a Solutions Architect to mitigate any potential downtime when disaster strikes. Depending on your RPO and RTO, a proper disaster recovery plan will be a deciding factor between business continuity and revenue loss.

Additional SAA-C02 Whitepapers 

  1. AWS Security Practices: This paper supplements your study on the AWS services and features such as IAM, Security Groups, nACLs, etc. You should read this paper since security specific questions occasionally pop up in the exam.
  2. AWS Storage Services Overview:  This paper supplements your study on the different AWS Storage options such as S3, EBS, EFS, Glacier, etc. It contains a good detail of information and comparison for each storage service, which is crucial in knowing the best service to use for a situation.
  3. Building Fault-Tolerant Applications on AWS: This paper discusses the many ways you can ensure your applications are fault-tolerant in AWS. It also contains multiple scenarios where the practices are applied and which AWS services were crucial for the scenario.

New SAA-C02 AWS Services that you should prepare for:

If you are already preparing for the new exam version (SAA-C02), you should also know the following services:

… plus a few more services and new SAA-C02 topics that we have recently added to our AWS Certified Solutions Architect Associate Practice Exams.

For more information, check out the SAA-C02 official exam guide here.

Core AWS Services to Focus On for the SAA-C02 Exam

  1. EC2 – As the most fundamental compute service offered by AWS, you should know about EC2 inside out.
  2. Lambda – Lambda is the common service used for serverless applications. Study how it is integrated with other AWS services to build a full stack serverless app.
  3. Elastic Load Balancer – Load balancing is very important for a highly available system. Study about the different types of ELBs, and the features each of them supports.
  4. Auto Scaling – Study what services in AWS can be auto scaled, what triggers scaling, and how auto scaling increases/decreases the number of instances.
  5. Elastic Block Store – As the primary storage solution of EC2, study on the types of EBS volumes available. Also study how to secure, backup and restore EBS volumes.
  6. S3 / Glacier – AWS offers many types of S3 storage depending on your needs. Study what these types are and what differs between them. Also review on the capabilities of S3 such as hosting a static website, securing access to objects using policies, lifecycle policies, etc. Learn as much about S3 as you can.
  7. Storage Gateway – There are occasional questions about Storage Gateway in the exam. You should understand when and which type of Storage Gateway should be used compared to using services like S3 or EBS.
  8. EFS – EFS is a service highly associated with EC2, much like EBS. Understand when to use EFS, compared to using S3, EBS or instance store. Exam questions involving EFS usually ask the trade off between cost and efficiency of the service compared to other storage services.
  9. RDS / Aurora – Know how each RDS database differs from one another, and how they are different from Aurora. Determine what makes Aurora unique, and when it should be preferred from other databases (in terms of function, speed, cost, etc). Learn about parameter groups, option groups, and subnet groups.
  10. DynamoDB – The exam includes lots of DynamoDB questions, so read as much about this service as you can. Consider how DynamoDB compares to RDS, Elasticache and Redshift. This service is also commonly used for serverless applications along with Lambda.
  11. Elasticache – Familiarize yourself with Elasticache redis and its functions. Determine the areas/services where you can place a caching mechanism to improve data throughput, such as managing session state of an ELB, optimizing RDS instances, etc.
  12. VPC/NACL/Security Groups – Study every service that is used to create a VPC (subnets, route tables, internet gateways, nat gateways, VPN gateways, etc). Also, review on the differences of network access control lists and security groups, and during which situations they are applied.
  13. Route 53 – Study the different types of records in Route 53. Study also the different routing policies. Know what hosted zones and domains are.
  14. IAM – Services such as IAM Users, Groups, Policies and Roles are the most important to learn. Study how IAM integrates with other services and how it secures your application through different policies. Also read on the best practices when using IAM.
  15. CloudWatch – Study how monitoring is done in AWS and what types of metrics are sent to CloudWatch. Also read upon Cloudwatch Logs, CloudWatch Alarms, and the custom metrics made available with CloudWatch Agent.
  16. CloudTrail – Familiarize yourself with how CloudTrail works, and what kinds of logs it stores as compared to CloudWatch Logs.
  17. Kinesis – Read about Kinesis sharding and Kinesis Data Streams. Have a high level understanding of how each type of Kinesis Stream works.
  18. CloudFront – Study how CloudFront helps speed up websites. Know what content sources CloudFront can serve from. Also check the kinds of certificates CloudFront accepts.
  19. SQS – Gather info on why SQS is helpful in decoupling systems. Study how messages in the queues are being managed (standard queues, FIFO queues, dead letter queues). Know the differences between SQS, SNS, SES, and Amazon MQ.
  20. SNS – Study the function of SNS and what services can be integrated with it. Also be familiar with the supported recipients of SNS notifications.
  21. SWF / CloudFormation / OpsWorks – Study how these services function. Differentiate the capabilities and use cases of each of them. Have a high level understanding of the kinds of scenarios they are usually used in.

The AWS Documentation and FAQs will be your primary source of information. You can also visit Tutorials Dojo’s AWS Cheat Sheets to gain access to a repository of thorough content on the different AWS services mentioned above. Lastly, try out these services yourself by signing up in AWS and performing some lab exercises. Experiencing them on your own will help you greatly in remembering what each service is capable of.

Also check out this article: Top 5 FREE AWS Review Materials.

Validate Your Knowledge

When you are feeling confident with your review, it is best to validate your knowledge through sample exams. You can take this practice exam from AWS for free as additional material, but do not expect your real exam to be on the same level of difficulty as this practice exam on the AWS website. Tutorials Dojo offers a very useful and well-reviewed set of practice tests for AWS Solutions Architect Associate SAA-C02 takers here. Each test contains many unique questions which will surely help you verify if you have missed out on anything important that might appear on your exam. 

If you have scored well on the Tutorials Dojo AWS Certified Solutions Architect Associate practice tests and you think you are ready, then go earn your certification with your head held high. If you think you are lacking in certain areas, better go review them again, and take note of any hints in the questions that will help you select the correct answers. If you are not that confident that you’ll pass, then it would be best to reschedule your exam to another day, and take your time preparing for it. In the end, the efforts you have put in for this will surely reward you.

AWS Certified Solutions Architect Associate (SAA-C02) 2020

AWS Certified Solutions Architect Associate (SAA-C02) 2020

Sample SAA-C02 Practice Test Questions:

Question 1

A Solutions Architect is designing an online medical system in AWS which will store sensitive Personally Identifiable Information (PII) of the users in an Amazon S3 bucket. Both the master keys and the unencrypted data should never be sent to AWS to comply with the strict compliance and regulatory requirements of the company.

Which S3 encryption technique should the Architect use?

  1. Use S3 client-side encryption with a KMS-managed customer master key.
  2. Use S3 client-side encryption with a client-side master key.
  3. Use S3 server-side encryption with a KMS managed key.
  4. Use S3 server-side encryption with customer provided key.

Correct Answer: 2

Client-side encryption is the act of encrypting data before sending it to Amazon S3. To enable client-side encryption, you have the following options:

 – Use an AWS KMS-managed customer master key.

 – Use a client-side master key.

When using an AWS KMS-managed customer master key to enable client-side data encryption, you provide an AWS KMS customer master key ID (CMK ID) to AWS. On the other hand, when you use client-side master key for client-side data encryption, your client-side master keys and your unencrypted data are never sent to AWS. It’s important that you safely manage your encryption keys because if you lose them, you can’t decrypt your data.

Sample Q1 AWS Certified Solutions Architect Associate (SAA-C02) 2020

Sample Q1 AWS Certified Solutions Architect Associate (SAA-C02) 2020

This is how client-side encryption using client-side master key works:

When uploading an object – You provide a client-side master key to the Amazon S3 encryption client. The client uses the master key only to encrypt the data encryption key that it generates randomly. The process works like this:

 1. The Amazon S3 encryption client generates a one-time-use symmetric key (also known as a data encryption key or data key) locally. It uses the data key to encrypt the data of a single Amazon S3 object. The client generates a separate data key for each object.

 2. The client encrypts the data encryption key using the master key that you provide. The client uploads the encrypted data key and its material description as part of the object metadata. The client uses the material description to determine which client-side master key to use for decryption.

 3. The client uploads the encrypted data to Amazon S3 and saves the encrypted data key as object metadata (x-amz-meta-x-amz-key) in Amazon S3.

When downloading an object – The client downloads the encrypted object from Amazon S3. Using the material description from the object’s metadata, the client determines which master key to use to decrypt the data key. The client uses that master key to decrypt the data key and then uses the data key to decrypt the object.

Hence, the correct answer is Option 2.

Tutorials Dojo Study Guide and Cheatsheet

Option 1 is incorrect because in client-side encryption with a KMS-managed customer master key, you provide an AWS KMS customer master key ID (CMK ID) to AWS. The scenario clearly indicates that both the master keys and the unencrypted data should never be sent to AWS.

Option 3 is incorrect because the scenario mentioned that the unencrypted data should never be sent to AWS, which means that you have to use client-side encryption in order to encrypt the data first before sending to AWS. In this way, you can ensure that there is no unencrypted data being uploaded to AWS. In addition, the master key used by Server-Side Encryption with AWS KMS–Managed Keys (SSE-KMS) is uploaded and managed by AWS, which directly violates the requirement of not uploading the master key.

Option 4 is incorrect because just as mentioned in Option 3, you have to use client-side encryption in this scenario instead of server-side encryption. For the S3 server-side encryption with customer-provided key (SSE-C), you actually provide the encryption key as part of your request to upload the object to S3. Using this key, Amazon S3 manages both the encryption (as it writes to disks) and decryption (when you access your objects).


Check out this Amazon S3 Cheat Sheet:

Question 2

You have launched a new enterprise application with a web server and a database. You are using a large EC2 Instance with one 500 GB EBS volume to host a relational database. Upon checking the performance, it shows that write throughput to the database needs to be improved.

Which of the following is the most suitable configuration to help you achieve this requirement? (Choose 2)

  1. Set up a standard RAID 0 configuration with two EBS Volumes
  2. Re-launch the instance with a Paravirtual (PV) AMI and enable Enhanced Networking
  3. Use a standard RAID 1 configuration with two EBS Volumes
  4. Set up the EC2 instance in a placement group
  5. Increase the size of the EC2 Instance

Correct Answers: 1,5

The goal here is to increase the write performance of the database hosted in an EC2 instance. You can achieve this by either setting up a standard RAID 0 configuration or simply by increasing the size of the EC2 instance.

Some EC2 instance types can drive more I/O throughput than what you can provision for a single EBS volume. You can join multiple gp2io1st1, or sc1 volumes together in a RAID 0 configuration to use the available bandwidth for these instances.

Sample Q2 AWS Certified Solutions Architect Associate (SAA-C02) 2020

Sample Q2 AWS Certified Solutions Architect Associate (SAA-C02) 2020

With Amazon EBS, you can use any of the standard RAID configurations that you can use with a traditional bare metal server, as long as that particular RAID configuration is supported by the operating system for your instance. This is because all RAID is accomplished at the software level. For greater I/O performance than you can achieve with a single volume, RAID 0 can stripe multiple volumes together; for on-instance redundancy, RAID 1 can mirror two volumes together.

Take note that HVM AMIs are required to take advantage of enhanced networking and GPU processing. In order to pass through instructions to specialized network and GPU devices, the OS needs to be able to have access to the native hardware platform which the HVM virtualization provides.

Option 2 is incorrect because although the Enhanced Networking feature can provide higher I/O performance and lower CPU utilization to your EC2 instance, you have to use an HVM AMI instead of PV AMI.

Option 3 is incorrect because the main use case for RAID 1 is to provide mirroring, redundancy, and fault-tolerance. RAID 0 is a more suitable option for providing faster read and write operations, compared with RAID 1.

Option 4 is incorrect because the placement groups feature is primarily used for inter-instance communication.



Check out this Amazon EC2 Cheat Sheet:

Click here for more AWS Certified Solutions Architect Associate practice exam questions.

Check out our other AWS practice test courses here:

Tutorials Dojo AWS Practice Tests


Additional SAA-C02 Training Materials: High Quality Video Courses for the AWS Certified Solutions Architect Associate Exam

There are a few top-rated AWS Certified Solutions Architect Associate SAA-C02 video courses that you can check out as well, which can complement your exam preparations especially if you are the type of person who can learn better through visual courses instead of reading long whitepapers:

  1. AWS Certified Solutions Architect – Associate by Adrian Cantrill
  2. AWS Certified Solutions Architect – Associate by DolfinEd

Based on the feedback of thousands of our students in our practice test course, the combination of any of these video courses plus our practice tests and the Tutorials Dojo Study Guide and Cheat Sheets – AWS Certified Solutions Architect Associate eBook was enough to pass the exam and even get a good score.

Some notes regarding your SAA-C02 exam

The AWS Solutions Architect Associate (SAA-C02) exam loves to end questions that ask for highly available or cost-effective solutions. Be sure to understand the choices provided to you, and verify that they have correct details. Some choices are very misleading such that it seems it is the most appropriate answer to the question, but contains an incorrect detail of some service. 

When unsure of which options are correct in a multi-select question, try to eliminate some of the choices that you believe are false. This will help narrow down the feasible answers to that question. The same goes for multiple choice type questions. Be extra careful as well when selecting the number of answers you submit. Check out the tips mentioned in this article for more information.

As mentioned in this review, you should be able to differentiate services that belong in one category with one another. Common comparisons include:

  • EC2 vs ECS vs Lambda
  • S3 vs EBS vs EFS
  • CloudFormation vs OpsWorks vs Elastic Beanstalk
  • SQS vs SNS vs SES vs MQ
  • Security Group vs nACLs
  • The different S3 storage types vs Glacier
  • RDS vs DynamoDB vs Elasticache
  • RDS engines vs Aurora

The Tutorials Dojo Comparison of AWS Services contains excellent cheat sheets comparing these seemingly similar services which are crucial to solving the tricky scenario-based questions in the actual exam. By knowing each service’s capabilities and use cases, you can consider these types of questions already half-solved.

Lastly, be on the lookout for “key terms” that will help you realize the answer faster. Words such as millisecond latency, serverless, managed, highly available, most cost effective, fault tolerant, mobile, streaming, object storage, archival, polling, push notifications, etc are commonly seen in the exam. Time management is very important when taking AWS certification exams, so be sure to monitor the time you consume for each question.