Amazon Web Services (AWS) are powering ahead of the competition and easily maintaining their lead and status as the premier provider of cloud computing services. Demand for skilled resources who can build applications in the cloud is increasing every day with a growing skills shortage that needs to be filled. With this growth in jobs, AWS Certification Training is becoming increasingly popular with certifications among the most valued in the industry.
Training and certification are a great way to get started in the cloud world and with typical salaries exceeding $100k p/a there has been a huge uptake in training in recent years. To get a job in a competitive market you need to be able to differentiate yourself and gaining several AWS certifications is a sensible way to get started.
Many aspiring cloud engineers will start their learning path by taking the AWS Certified Solutions Architect – Associate exam. Others will take the AWS Certified Cloud Practitioner exam first and then progress to this exam.
In this article, I want to explore the AWS Solutions Architect Associate Training path in more detail so you can get an idea of what to expect in the exam. I will discuss the recommended training, experience and practice that you should undertake before sitting the exam.
Ready to try out some practice questions? Try our free AWS Practice Test!
The AWS Exam Blueprint
This exam is within the Associate level in the AWS training program, and is recommended for individuals with a least one year of hands-on experience. The exam is intended for Solutions Architects and requires you to demonstrate knowledge of how to define a solution using architectural design principles based on customer requirements and provide implementation guidance based on best practices to the organization throughout the lifecycle of the project.
In the “AWS Certified Solutions Architect – Associate (Released February 2018) SAA-C01 Exam Guide”, the following AWS knowledge is recommended:
- One year of hands-on experience designing available, cost-efficient, fault-tolerant, and scalable distributed systems on AWS
- Hands-on experience using compute, networking, storage, and database AWS services
- Hands-on experience with AWS deployment and management services
- Ability to identify and define technical requirements for an AWS-based application
- Ability to identify which AWS services meet a given technical requirement
- Knowledge of recommended best practices for building secure and reliable applications on the AWS platform
- An understanding of the basic architectural principles of building on the AWS cloud
- An understanding of the AWS global infrastructure
- An understanding of network technologies as they relate to AWS
- An understanding of security features and tools that AWS provides and how they relate to traditional services
The exam includes 65 questions and has a time limit of 130 minutes. You need to score a minimum of 720 out of 1000 points to pass the exam.
The question format of the exam is multiple-choice (one correct response from four options) and multiple-response (two correct responses from five options).
Ever since the new exam format was released in February 2018, the questions are almost 100% scenario-based. Most scenarios are just a couple to a few lines long.
With many questions in the AWS Solutions Architect Associate exam, you will find there are multiple correct answers and you must select the answer that best fits the scenario. For instance, you may be asked to select the MOST secure, MOST cost-effective, BEST architecture, or LEAST complex option.
Important: be very careful reading the wording of the question to ensure you select correctly! Sometimes small details can be easily missed that change the answer so take your time when sitting the exam.
Domains, objectives and examples
The knowledge required is organized into five test “domains”. Within each test domain, there are several objectives that broadly describe the knowledge and experience expected to pass the exam.
Test Domain 1: Design Resilient Architectures
This domain makes up 34% of the exam and includes the following four objectives:
- 1.1 Choose reliable/resilient storage.
- 1.2 Determine how to design decoupling mechanisms using AWS services.
- 1.3 Determine how to design a multi-tier architecture solution.
- 1.4 Determine how to design high availability and/or fault-tolerant architectures.
What you need to know
You need to understand the various block, file and object storage technologies such as Amazon EBS, Instance Store, Amazon EFS and Amazon S3, and know their use cases.
You must be able to design multi-tier application architectures and know-how to decouple application components using technologies such as Amazon SQS and Amazon SWF.
The architectures also need to be highly available in the case of component failure, and able to recover in the case of major outages, so you need to know the various ways of implementing high availability and fault tolerance.
Technologies you need to understand include Amazon Elastic Load Balancing, Amazon Route 53, and Amazon RDS Read Replicas and Multi-AZ.
You also need to understand the AWS Global Infrastructure in order to determine how to design application stacks to best use the underlying infrastructure architecture.
Question: You are a Solutions Architect at a media company and you need to build an application stack that can receive customer comments from sporting events. The application is expected to receive significant load that could scale to millions of messages within a short space of time following high-profile matches.
As you are unsure of the load required for the database layer what is the most cost-effective way to ensure that the messages are not dropped?
- Use RDS Auto Scaling for the database layer which will automatically scale as required
- Create an SQS queue and modify the application to write to the SQS queue. Launch another application instance the polls the queue and writes messages to the database
- Write the data to an S3 bucket, configure RDS to poll the bucket for new messages
- Use DynamoDB and provision enough write capacity to handle the highest expected load
Answer: 2, Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers and is used for distributed/decoupled applications. This is a great use case for SQS as you don’t have to over-provision the database layer or worry about messages being dropped.
Question: A new Big Data application you are developing will use hundreds of EC2 instances to write data to a shared file system. The file system must be stored redundantly across multiple AZs within a region and allow the EC2 instances to concurrently access the file system. The required throughput is multiple GB per second.
From the options presented which storage solution can deliver these requirements?
- Amazon EBS using multiple volumes in a RAID 0 configuration
- Amazon S3
- Amazon EFS
- Amazon Storage Gateway
Answer: 3, Amazon EFS is the best solution as it is the only solution that is a file-level storage solution (not block/object-based), stores data redundantly across multiple AZs within a region and you can concurrently connect up to thousands of EC2 instances to a single filesystem.
Test Domain 2: Define Performant Architectures
This domain makes up 24% of the exam and includes the following three objectives:
- 2.1 Choose performant storage and databases.
- 2.2 Apply caching to improve performance.
- 2.3 Design solutions for elasticity and scalability.
What you need to know
You need to be able to select the best storage and database services to use for a given scenario, taking into account requirements for performance.
Technologies to increase performance may include a caching layer such as Amazon ElastiCache, Amazon DynamoDB DAX, or Amazon CloudFront and you must be able to select the best service to use in the situation presented.
You must know how to effectively implement elasticity and scalability to your application architectures. This means understanding at an architectural and implementation level what to use and how to build it.
Elasticity and scalability services you need to understand include AWS Auto Scaling, EC2 Auto Scaling, and how to implement these features at the application, storage, and database layers of your application using AWS technology.
Question: A developer is creating a solution for a real-time bidding application for a large retail company that allows users to bid on items of end-of-season clothing. The application is expected to be extremely popular and the back-end DynamoDB database may not perform as required.
How can the Solutions Architect enable in-memory read performance with microsecond response times for the DynamoDB database?
- Configure DynamoDB Auto Scaling
- Enable read replicas
- Increase the provisioned throughput
- Configure Amazon DAX
Answer: 4, Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second. You can enable DAX for a DynamoDB database with a few clicks.
Question: A Solutions Architect is designing a workload that requires a high-performance object-based storage system that must be shared with multiple Amazon EC2 instances.
Which AWS service delivers these requirements?
- Amazon S3
- Amazon EFS
- Amazon EBS
- Amazon ElastiCache
Answer: 1, Amazon S3 is an object-based storage system. Though object storage systems aren’t mounted and shared like filesystems or block-based storage systems, they can be shared by multiple instances as they allow concurrent access.
Test Domain 3: Specify Secure Applications and Architectures
This domain makes up 26% of the exam and includes the following three objectives:
- 3.1 Determine how to secure application tiers.
- 3.2 Determine how to secure data.
- 3.3 Define the networking infrastructure for a single VPC application.
What you need to know
You need to understand how to use native AWS technologies and solution architecture to create secure applications. This includes configuring security controls for authentication, authorization, and access and applying encryption to data.
You need to know how to design isolation and separation through AWS service architecture, Amazon EC2 instance deployment options and Amazon VPC configuration.
It is also recommended to understand the best practices for implementing services in the most secure manner and best practices for creating users, groups, and roles using AWS IAM. Which services can use multi-factor authentication is also required knowledge and you should understand the available AWS Directory Services at a high-level and when to use them.
Questions often come up asking you to identify which technologies include DDoS mitigation and these include AWS Auto Scaling, Amazon CloudFront, and Amazon Route 53.
You should also know how to implement monitoring and logging using Amazon CloudWatch and AWS CloudTrail, when and what penetration testing you are allowed to perform within the AWS cloud and what compliance programs AWS comply with.
Technologies you need to know for domain 3 include Amazon VPC, AWS KMS, AWS CloudHSM, AWS IAM, Amazon Cognito, and AWS Directory Services.
Question: The development team at your company have created a new mobile application that will be used by users to access confidential data. The developers have used Amazon Cognito for authentication, authorization, and user management. Due to the sensitivity of the data, there is a requirement to add another method of authentication in addition to a username and password.
You have been asked to recommend the best solution. What is your recommendation?
- Integrate IAM with a user pool in Cognito
- Enable multi-factor authentication (MFA) in IAM
- Integrate a third-party identity provider (IdP)
- Use multi-factor authentication (MFA) with a Cognito user pool
Answer: 4, You can use MFA with a Cognito user pool (not in IAM) and this satisfies the requirement. A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Facebook or Amazon, and through SAML identity providers.
Question: You have been asked to come up with a solution for providing single sign-on to existing staff in your company who manage on-premise web applications and now need access to the AWS management console to manage resources in the AWS cloud.
Which product combinations provide the best solution to achieve this requirement?
- Use your on-premise LDAP directory with IAM
- Use IAM and MFA
- Use the AWS Secure Token Service (STS) and SAML
- Use IAM and Amazon Cognito
Answer: 3, Single sign-on using federation allows users to log-in to the AWS console without assigning IAM credentials. The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (such as federated users from an on-premise directory). Federation (typically Active Directory) uses SAML 2.0 for authentication and grants temporary access based on the users’ AD credentials. The user does not need to be a user in IAM.
Test Domain 4: Design Cost-Optimized Architectures
This domain makes up 10% of the exam and includes the following two objectives:
- 4.1 Determine how to design cost-optimized storage.
- 4.2 Determine how to design cost-optimized compute.
What you need to know
A relatively small but still important area of the exam requires architects to consider cost-effectiveness when deploying application on AWS. You need to understand the various cost models of compute and storage services, what you pay for and what the best choices would be given a specific scenario.
Question: You need to run a production batch process quickly that will use several EC2 instances. The process cannot be interrupted and must be completed within a short time period.
What is likely to be the MOST cost-effective choice of EC2 instance type to use for this requirement?
- Reserved instances
- Spot instances
- On-demand instances
- Flexible instances
Answer: 3, the key requirements here are that you need to deploy several EC2 instances quickly to run the batch process and you must ensure that the job completes. The on-demand pricing model is the best for this ad-hoc requirement as though spot pricing may be cheaper you cannot afford to risk that the instances are terminated by AWS when the market price increases.
Question: An Architect is designing a serverless application that will accept images uploaded by users from around the world. The application will make API calls to back-end services and save the session state data of the user to a database.
Which combination of services would provide a solution that is cost-effective while delivering the least latency?
- Amazon CloudFront, API Gateway, Amazon S3, AWS Lambda, DynamoDB
- API Gateway, Amazon S3, AWS Lambda, DynamoDB
- Amazon CloudFront, API Gateway, Amazon S3, AWS Lambda, Amazon RDS
- Amazon S3, API Gateway, AWS Lambda, Amazon RDS
Answer: 1, Amazon CloudFront caches content closer to users at Edge locations around the world. This is the lowest latency option for uploading content. API Gateway and AWS Lambda are present in all options. DynamoDB can be used for storing session state data.
Test Domain 5: Define Operationally-Excellent Architectures
This domain makes up 6% of the exam and includes the following objective:
- 5.1 Choose design features in solutions that enable operational excellence
What you need to know
You need to understand how to reduce operational overhead by using technologies that require less manual work. Managed services and serverless services are often the best ways to achieve this. You might be asked to choose between a database on EC2 vs an RDS database for instance and as RDS is a managed service it would require less management overhead.
Serverless services require even less management and often also reduce cost as you don’t pay for running or idle resources. This is becoming an increasingly bigger topic for the exam and you should make sure you’re fully aware of the AWS serverless services and know when to use them.
Question: Your manager is interested in reducing operational overhead and cost and heard about “serverless” computing at a conference he recently attended. He has asked you if AWS provide any services that the company can leverage. Which services from the list below would you tell him about? (choose 2)
- API Gateway
Answer: 1,3, AWS Serverless services include (but not limited to): Amazon API Gateway, AWS Lambda, Amazon S3, Amazon DynamoDB, Amazon SNS, Amazon SQS, and Amazon Kinesis.
Free AWS Practice Test
Test your knowledge with this AWS Practice Quiz
This free sample exam for the AWS Solutions Architect includes:
- Total number of questions: 20
- Pass mark: 70%
- Coverage: Multiple knowledge areas
Want more AWS practice questions?
Learn more about our popular AWS practice exams that will help you fast-track your exam success!
Practice Exam Summary
0 of 20 questions completed
You have already completed the practice exam before. Hence you can not start it again.
Practice Exam is loading…
You must sign in or sign up to start the practice exam.
You must first complete the following:
0 of 20 questions answered correctly
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
- AWS Analytics 0%
- AWS Application Integration 0%
- AWS Compute 0%
- AWS Database 0%
- AWS Management & Governance 0%
- AWS Networking & Content Delivery 0%
- AWS Security, Identity, & Compliance 0%
- AWS Storage 0%
Better luck next time!
Unfortunately on this occasion you did not pass the exam. The passing mark is a minimum score of 70%. The categories above show your performance in each knowledge area. Please use the “View Questions” button below to review answers, explanations, and reference links for each question.
You have passed the exam. The passing mark is a minimum score of 70%. The categories above show your performance in each knowledge area. Please use the “View Questions” button below to review answers, explanations, and reference links for each question.
- Question 1 of 20
You are running an Auto Scaling Group (ASG) with an Elastic Load Balancer (ELB) and a fleet of EC2 instances. Health checks are configured on the ASG to use EC2 status checks. The ELB has determined that an EC2 instance is unhealthy and has removed it from service. However, you noticed that the instance is still running and has not been terminated by the ASG.
What would be an explanation for this behavior?CorrectIncorrect
- Question 2 of 20
An Auto Scaling Group is unable to respond quickly enough to load changes resulting in lost messages from another application tier. The messages are typically around 128KB in size.
What is the best design option to prevent the messages from being lost?CorrectIncorrect
- Question 3 of 20
Your company would like to restrict the ability of most users to change their own passwords whilst continuing to allow a select group of users within specific user groups.
What is the best way to achieve this? (choose 2)CorrectIncorrect
- Question 4 of 20
A Solutions Architect has been asked to suggest a solution for analyzing data in S3 using standard SQL queries. The solution should use a serverless technology.
Which AWS service can the Architect use?CorrectIncorrect
- Question 5 of 20
Your organization has a data lake on S3 and you need to find a solution for performing in-place queries of the data assets in the data lake. The requirement is to perform both data discovery and SQL querying, and complex queries from a large number of concurrent users using BI tools.
What is the BEST combination of AWS services to use in this situation? (choose 2)CorrectIncorrect
- Question 6 of 20
You have recently enabled Access Logs on your Application Load Balancer (ALB). One of your colleagues would like to process the log files using a hosted Hadoop service. What configuration changes and services can be leveraged to deliver this requirement?CorrectIncorrect
- Question 7 of 20
A systems integration company that helps customers migrate into AWS repeatedly build large, standardized architectures using several AWS services. The Solutions Architects have documented the architectural blueprints for these solutions and are looking for a method of automating the provisioning of the resources.
Which AWS service would satisfy this requirement?CorrectIncorrect
- Question 8 of 20
A company is deploying a big data and analytics workload. The analytics will be run from a fleet of thousands of EC2 instances across multiple AZs. Data needs to be stored on a shared storage layer that can be mounted and accessed concurrently by all EC2 instances. Latency is not a concern however extremely high throughput is required.
What storage layer would be most suitable for this requirement?CorrectIncorrect
- Question 9 of 20
Your company has offices in several locations around the world. Each office utilizes resources deployed in the geographically closest AWS region. You would like to implement connectivity between all of the VPCs so that you can provide full access to each other’s resources. As you are security conscious you would like to ensure the traffic is encrypted and does not traverse the public Internet. The topology should be many-to-many to enable all VPCs to access the resources in all other VPCs.
How can you successfully implement this connectivity using only AWS services? (choose 2)CorrectIncorrect
- Question 10 of 20
You are building an application that will collect information about user behavior. The application will rapidly ingest large amounts of dynamic data and requires very low latency. The database must be scalable without incurring downtime. Which database would you recommend for this scenario?CorrectIncorrect
- Question 11 of 20
An application you are designing receives and processes files. The files are typically around 4GB in size and the application extracts metadata from the files which typically takes a few seconds for each file. The pattern of updates is highly dynamic with times of little activity and then multiple uploads within a short period of time.
What architecture will address this workload the most cost efficiently?CorrectIncorrect
- Question 12 of 20
An Architect is designing a serverless application that will accept images uploaded by users from around the world. The application will make API calls to back-end services and save the session state data of the user to a database.
Which combination of services would provide a solution that is cost-effective while delivering the least latency?CorrectIncorrect
- Question 13 of 20
A research company is developing a data lake solution in Amazon S3 to analyze huge datasets. The solution makes infrequent SQL queries only. In addition, the company wants to minimize infrastructure costs.
Which AWS service should be used to meet these requirements?CorrectIncorrect
- Question 14 of 20
A training provider hosts a website using Amazon API Gateway on the front end. Recently, there has been heavy traffic on the website and the company wants to control access by allowing authenticated traffic from paying students only.
How should the company limit access to authenticated users only? (choose 2)CorrectIncorrect
- Question 15 of 20
A retail organization is deploying a new application that will read and write data to a database. The company wants to deploy the application in three different AWS Regions in an active-active configuration. The databases need to replicate to keep information in sync.
Which solution best meets these requirements?CorrectIncorrect
- Question 16 of 20
A data-processing application runs on an i3.large EC2 instance with a single 100 GB EBS gp2 volume. The application stores temporary data in a small database (less than 30 GB) located on the EBS root volume. The application is struggling to process the data fast enough, and a Solutions Architect has determined that the I/O speed of the temporary database is the bottleneck.
What is the MOST cost-efficient way to improve the database response times?CorrectIncorrect
- Question 17 of 20
A Solutions Architect has created a VPC design that meets the security requirements of their organization. Any new applications that are deployed must use this VPC design.
How can project teams deploy, manage, and delete VPCs that meet this design with the LEAST administrative effort?CorrectIncorrect
- Question 18 of 20
An application launched on Amazon EC2 instances needs to publish personally identifiable information (PII) about customers using Amazon SNS. The application is launched in private subnets within an Amazon VPC.
Which is the MOST secure way to allow the application to access service endpoints in the same region?CorrectIncorrect
- Question 19 of 20
A Solutions Architect needs to deploy an HTTP/HTTPS service on Amazon EC2 instances that will be placed behind an Elastic Load Balancer. The ELB must support WebSockets.
How can the Architect meet these requirements?CorrectIncorrect
- Question 20 of 20
A solutions Architect is designing a new workload where an AWS Lambda function will access an Amazon DynamoDB table.
What is the MOST secure means of granting the Lambda function access to the DynamoDB table?CorrectIncorrect
AWS Certified Solutions Architect – Associate Training
Whether you’re just getting started with AWS Certification Training, have on-the-job experience, or are continuing your education after taking other AWS exams, you will need to cover both the theory and practical aspects in your journey.
Please check out the resources below which take you from just starting out with AWS to being a proficient builder on AWS and fully equipped to ace your exam.
AWS Hands-On Labs
This is the FUN way to learn AWS! Our AWS Certified Solutions Architect Associate Hands-On Labs course teaches you AWS from creating a Free Tier account right through to building complex applications – delivered through guided practice labs. No other course gives you so much hands-on experience with the AWS Cloud.
AWS Practice Tests
Our AWS Certified Solutions Architect Associate Practice Exams which are designed to be representative of the question format and difficulty of the actual AWS exam. These are a great way not just of assessing your readiness, but also for learning the concepts as we provide detailed explanations and reference links for every question. But don’t leave it until the last minute, get started with AWS Certified Solutions Architect Associate Practice Exams early so you can ensure you’re on track.
Another great learning tool is the FREE online Training Notes on the Digital Cloud Training website which provide a deeper level of detail for all test domains of the Solutions Architect exam. Get access here.