Amazon is still way ahead as the leader in the Cloud Computing market – with Amazon Web Services (AWS) having almost 50% share of the Infrastructure as a Service (IaaS) market. AWS certification is the best way to launch or progress in your cloud computing career. Recently, AWS announced the launch of a new version of the most popular certification in their program, the AWS Certified Solutions Architect Associate. The new exam has a code of SAA-C02 and replaces the previous SAA-C01 exam as of March 2020.
In this article I walk you through how to best prepare for the AWS Certified Solutions Architect Associate SAA-C02 exam in 5 steps:
- Understand the exam blueprint
- Learn about the new topics included in the SAA-C02 version of the exam
- Use the many FREE resources available to gain and deepen your knowledge
- Enroll in our hands-on video course to learn AWS in depth
- Use practice tests to fully prepare yourself for the exam and assess your exam readiness
In this article, I’ll walk you through the exam blueprint and break down the various “domains” of the exam guide so you know what to expect. I will also let you know the AWS services you need to study and what type of questions you will get in the exam. Lastly, I’ll introduce the certification training courses from Digital Cloud Training for the AWS Certified Solutions Architect Associate exam so you have the best resources available to ensure you pass your exam first time.
1 – Understand The AWS Exam Blueprint
This exam sits within the Associate level in the AWS training program and is recommended for individuals with at least one year of hands-on experience. The exam is intended for Solutions Architects and requires you to demonstrate knowledge of how to define a solution using architectural design principles based on customer requirements and provide implementation guidance based on best practices to the organization throughout the lifecycle of the project.
In the “AWS Certified Solutions Architect – Associate (SAA-C02) Exam Guide“, the following AWS knowledge is recommended:
- One year of hands-on experience designing available, cost-effective, fault-tolerant, and scalable distributed systems on AWS.
- Hands-on experience using compute, networking, storage, and database AWS services.
- Hands-on experience with AWS deployment and management services.
- Ability to identify and define technical requirements for an AWS-based application.
- Ability to identify which AWS services meet a given technical requirement.
- Knowledge of recommended best practices for building secure and reliable applications on the AWS platform.
- An understanding of the basic architectural principles of building in the AWS Cloud.
- An understanding of the AWS global infrastructure.
- An understanding of network technologies as they relate to AWS.
- An understanding of security features and tools that AWS provides and how they relate to traditional services.
The exam includes 65 questions and has a time limit of 130 minutes. You need to score a minimum of 720 out of 1000 points to pass the exam.
The question format of the exam is one of the following:
- Multiple-choice (one correct response from four options).
- Multiple-response (two or more correct responses from five or more options).
Most questions are 1-2 lines of a scenario followed by the actual question itself. They typically get straight to the point without any filler. With many questions in the AWS Solutions Architect Associate exam, you will find that there are multiple correct answers and you must select the answer that best fits the scenario. For instance, you may be asked to select the MOST secure, MOST cost-effective, or MOST operationally efficient option.
Important: Be very careful reading the wording of the question to ensure you select the correct answer! Sometimes small details can be easily missed that change the answer – so take your time when sitting the exam.
Domains, Objectives and Examples
The knowledge required is organized into four test “domains”. Within each test domain, there are several objectives that broadly describe the knowledge and experience expected to pass the exam.
If you’ve seen the old SAA-C01 exam blueprint you may notice that one domain has been removed: “Define Operationally Excellent Architectures”. This is the key difference between the SAA-C01 and SAA-C02 blueprints as can be seen in the image below.
Test Domain 1: Design Resilient Architectures
This domain makes up 30% of the exam and includes the following 4 objectives:
- 1.1 Design a multi-tier architecture solution
- 1.2 Design highly available and/or fault-tolerant architectures
- 1.3 Design decoupling mechanisms using AWS services
- 1.4 Choose appropriate resilient storage
What you need to know
You must be able to design multi-tier application architectures and know-how to decouple application components using technologies such as Amazon SQS and Amazon SWF.
The architectures also need to be highly available in the case of component failure, and able to recover in the case of major outages, so you need to know the various ways of implementing high availability and fault tolerance.
You also need to understand the AWS Global Infrastructure in order to determine how to design application stacks to best use the underlying infrastructure architecture.
Test Domain 2: Design High-Performing Architectures
This domain makes up 28% of the exam and includes the following 4 objectives:
- 2.1 Identify elastic and scalable compute solutions for a workload
- 2.2 Select high-performing and scalable storage solutions for a workload
- 2.3 Select high-performing networking solutions for a workload
- 2.4 Choose high-performing database solutions for a workload
What you need to know
You need to be able to select the best storage and database services to use for a given scenario, taking into account requirements for performance.
Technologies to increase performance may include a caching layer such as Amazon ElastiCache, Amazon DynamoDB DAX, or Amazon CloudFront and you need to select the best service to use in the situation presented.
You need to know how to effectively implement elasticity and scalability to your application architectures. This means understanding at an architectural and implementation level what to use and how to build it.
Elasticity and scalability services you need to understand include AWS Auto Scaling, EC2 Auto Scaling, and how to implement these features at the application, storage, and database layers of your application using AWS technology.
Test Domain 3: Design Secure Applications and Architectures
This domain makes up 24% of the exam and includes the following 3 objectives:
- 3.1 Design secure access to AWS resources
- 3.2 Design secure application tiers
- 3.3 Select appropriate data security options
What you need to know
You need to understand how to use native AWS technologies and solution architecture to create secure applications. This includes configuring security controls for authentication, authorization, and access and applying encryption to data.
You need to know how to design isolation and separation through AWS service architecture, Amazon EC2 instance deployment options and Amazon VPC configuration.
It is also recommended to understand the best practices for implementing services in the most secure manner and best practices for creating users, groups, and roles using AWS IAM. Which services can use multi-factor authentication is also required knowledge and you should understand the available AWS Directory Services at a high-level and when to use them.
Questions often come up asking you to identify which technologies include DDoS mitigation and these include AWS Auto Scaling, Amazon CloudFront, and Amazon Route 53.
You should also know how to implement monitoring and logging using Amazon CloudWatch and AWS CloudTrail, when and what penetration testing you are allowed to perform within the AWS cloud and what compliance programs AWS comply with.
Test Domain 4: Design Cost-Optimized Architectures
This domain makes up 18% of the exam and includes the following 3 objectives:
- 4.1 Identify cost-effective storage solutions
- 4.2 Identify cost-effective compute and database services
- 4.3 Design cost-optimized network architectures
What you need to know
This is an important area of the exam which requires architects to consider cost-effectiveness when deploying application on AWS. You need to understand the various cost models of compute and storage services, what you pay for and what the best choices would be given a specific scenario. You also need to know which services are free and be able to compare the cost of different services that may suit a specific scenario. You’ll definitely need to understand serverless technologies such as AWS Lambda, Amazon Aurora Serverless, and Amazon ECS Fargate.
2 – Detailed breakdown of New SAA-C02 topics
If you’re looking for a detailed breakdown of what new topics are included in the AWS Certified Solutions Architect Associate SAA-C02 exam – below are some recommendations for specific knowledge you should attain that is specifically relevant to the new exam. You can read the entire article on my beta SAA-C02 exam experience here.
- Know your different Amazon S3 storage tiers! You need to know the use cases, features and limitations, and relative costs; e.g. retrieval costs.
- Amazon S3 lifecycle policies is also required knowledge – there are minimum storage times in certain tiers that you need to know.
- For Glacier, you need to understand what it is, what it’s used for, and what the options are for retrieval times and fees.
- For the Amazon Elastic File System (EFS), make sure you’re clear which operating systems you can use with it (just Linux).
- For the Amazon Elastic Block Store (EBS), make sure you know when to use the different tiers including instance stores; e.g. what would you use for a datastore that requires the highest IO and the data is distributed across multiple instances? (Good instance store use case)
- Learn about Amazon FSx. You’ll need to know about FSx for Windows and Lustre.
- Know how to improve Amazon S3 performance including using CloudFront, and byte-range fetches – check out this whitepaper.
- Make sure you understand about Amazon S3 object deletion protection options including versioning and MFA delete.
- You need to have a good understanding of the options for how to scale an Auto Scaling Group using metrics such as SQS queue depth, or numbers of SNS messages.
- Know your different Auto Scaling policies including Target Tracking Policies.
- Read up on High Performance Computing (HPC) with AWS. You’ll need to know about Amazon FSx with HPC use cases.
- Know your placement groups. Make sure you can differentiate between spread, cluster and partition; e.g. what would you use for lowest latency? What about if you need to support an app that’s tightly coupled? Within an AZ or cross AZ?
- Make sure you know the difference between Elastic Network Adapters (ENAs), Elastic Network Interfaces (ENIs) and Elastic Fabric Adapters (EFAs).
- For the Amazon Elastic Container Service (ECS), make sure you understand how to assign IAM policies to ECS for providing S3 access. How can you decouple an ECS data processing process – Kinesis Firehose or SQS?
- Make sure you’re clear on the different EC2 pricing models including Reserved Instances (RI) and the different RI options such as scheduled RIs.
- Make sure you know the maximum execution time for AWS Lambda (it’s currently 900 seconds or 15 minutes).
- Understand what AWS Global Accelerator is and its use cases.
- Understand when to use CloudFront and when to use AWS Global Accelerator.
- Make sure you understand the different types of VPC endpoint and which require an Elastic Network Interface (ENI) and which require a route table entry.
- You need to know how to connect multiple accounts; e.g. should you use VPC peering or a VPC endpoint?
- Know the difference between PrivateLink and ClassicLink.
- Know the patterns for extending a secure on-premises environment into AWS.
- Know how to encrypt AWS Direct Connect (you can use a Virtual Private Gateway / AWS VPN).
- Understand when to use Direct Connect vs Snowball to migrate data – lead time can be an issue with Direct Connect if you’re in a hurry.
- Know how to prevent circumvention of Amazon CloudFront; e.g. Origin Access Identity (OAI) or signed URLs / signed cookies.
- Make sure you understand Amazon Aurora and Amazon Aurora Serverless.
- Know which RDS databases can have Read Replicas and whether you can read from a Multi-AZ standby.
- Know the options for encrypting an existing RDS database; e.g. only at creation time otherwise you must encrypt a snapshot and create a new instance from the snapshot.
- Know which databases are key-value stores; e.g. Amazon DynamoDB.
Management and Governance
- You’ll need to know about AWS Organizations; e.g. how to migrate an account between organizations. Check out this article.
- For AWS Organizations, you also need to know how to restrict actions using service control policies attached to OUs.
- Understand what AWS Resource Access Manager is.
- Make sure you know the use cases for the Amazon Simple Queue Service (SQS), and Simple Notification Service (SNS).
- Understand the differences between Amazon Kinesis Firehose and SQS and when you would use each service.
- Know how to use Amazon S3 event notifications to publish events to SQS – here’s a good “How To” article.
3 – Check out our FREE Training resources
Click here to access free Video Tutorials, Practice Questions and other certification training resources for the AWS Solutions Architect exam. One of these great learning tools are the FREE online Training Notes on the Digital Cloud Training website which provide a deeper level of detail for all test domains of the Solutions Architect exam. All of our training resources are being fully updated with new content for the AWS Solutions Architect SAA-C02 exam.
Test your knowledge with these free AWS Certified Solutions Architect Associate SAA-C02 practice questions! Just hit “Start Practice Exam” below:
This free sample exam for the AWS Solutions Architect includes 20 questions and has a pass mark of 72%
Want more AWS practice questions?
Learn more about our popular AWS practice exams that will help you fast-track your exam success!
Practice Exam Summary
0 of 20 questions completed
You have already completed the practice exam before. Hence you can not start it again.
Practice Exam is loading…
You must sign in or sign up to start the practice exam.
You must first complete the following:
0 of 20 questions answered correctly
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
- AWS Application Integration 0%
- AWS Compute 0%
- AWS Database 0%
- AWS Management & Governance 0%
- AWS Migration & Transfer 0%
- AWS Networking & Content Delivery 0%
- AWS Storage 0%
Better luck next time!
Unfortunately on this occasion you did not pass the exam. The passing mark is a minimum score of 72%. The categories above show your performance in each knowledge area. Please use the “View Questions” button below to review answers, explanations, and reference links for each question before taking the practice exam again.
You have passed the exam. The passing mark is a minimum score of 72%. The categories above show your performance in each knowledge area. Please use the “View Questions” button below to review answers, explanations, and reference links for each question.
- Question 1 of 20
A new application is to be published in multiple regions around the world. The Architect needs to ensure only 2 IP addresses need to be whitelisted. The solution should intelligently route traffic for lowest latency and provide fast regional failover.
How can this be achieved?CorrectIncorrect
- Question 2 of 20
A web application is deployed in multiple regions behind an ELB Application Load Balancer. You need deterministic routing to the closest region and automatic failover. Traffic should traverse the AWS global network for consistent performance.
How can this be achieved?CorrectIncorrect
- Question 3 of 20
An High Performance Computing (HPC) application needs storage that can provide 135,000 IOPS. The storage layer is replicated across all instances in a cluster.
What is the optimal storage solution that provides the required performance and is cost-effective?CorrectIncorrect
- Question 4 of 20
A legacy tightly-coupled High Performance Computing (HPC) application will be migrated to AWS. Which network adapter type should be used?CorrectIncorrect
- Question 5 of 20
A high-performance file system is required for a financial modelling application. The data set will be stored on Amazon S3 and the storage solution must have seamless integration so objects can be accessed as files.
Which storage solution should be used?CorrectIncorrect
- Question 6 of 20
An Amazon RDS Read Replica is being deployed in a separate region. The master database is not encrypted but all data in the new region must be encrypted. How can this be achieved?CorrectIncorrect
- Question 7 of 20
An Amazon RDS PostgreSQL database is configured as Multi-AZ. You need to scale read performance. What is the most cost-effective solution?CorrectIncorrect
- Question 8 of 20
An application requires a MySQL database which will only be several times a week for short periods. The database needs to provide automatic instantiation and scaling. Which database service is most suitable?CorrectIncorrect
- Question 9 of 20
An application running on Amazon EC2 needs to regularly download large objects from Amazon S3. How can performance be optimized for high-throughput use cases?CorrectIncorrect
- Question 10 of 20
An Architect needs to find a way to automatically and repeatably create many member accounts within an AWS Organization. The accounts also need to be moved into an OU and have VPCs and subnets created.
What is the best way to achieve this?CorrectIncorrect
- Question 11 of 20
An organization is extending a secure development environment into AWS. They have already secured the VPC including removing the Internet Gateway and setting up a Direct Connect connection.
What else needs to be done to add encryption?CorrectIncorrect
- Question 12 of 20
A company wishes to restrict access to their Amazon DynamoDB table to specific, private source IP addresses from their VPC. What should be done to secure access to the table?CorrectIncorrect
- Question 13 of 20
A manual script that runs a few times a week and completes within 10 minutes needs to be replaced with an automated solution. Which of the following options should an Architect use?CorrectIncorrect
- Question 14 of 20
A web app allows users to upload images for viewing online. The compute layer that processes the images is behind an Auto Scaling group. The processing layer should be decoupled from the front end and the ASG needs to dynamically adjust based on the number of images being uploaded.
How can this be achieved?CorrectIncorrect
- Question 15 of 20
A company has acquired another business and needs to migrate their 50TB of data into AWS within 1 month. They also require a secure, reliable and private connection to the AWS cloud.
How are these requirements best accomplished?CorrectIncorrect
- Question 16 of 20
Amazon EC2 instances in a development environment run between 9am and 5pm Monday-Friday. Production instances run 24/7. Which pricing models should be used? (choose 2)CorrectIncorrect
- Question 17 of 20
Some objects that are uploaded so Amazon S3 standard storage class are initially accessed frequently for a period of 30 days. Then, objects are infrequently accessed for up to 90 days. After that, the objects are no longer needed.
How should lifecycle management be configured?CorrectIncorrect
- Question 18 of 20
An e-commerce web application needs a highly scalable key-value database. Which AWS database service should be used?CorrectIncorrect
- Question 19 of 20
A new application will run across multiple Amazon ECS tasks. Front-end application logic will process data and then pass that data to a back-end ECS task to perform further processing and write the data to a datastore. The Architect would like to reduce-interdependencies so failures do no impact other components.
Which solution should the Architect use?CorrectIncorrect
- Question 20 of 20
An organization has a large amount of data on Windows (SMB) file shares in their on-premises data center. The organization would like to move data into Amazon S3. They would like to automate the migration of data over their AWS Direct Connect link.
Which AWS service can assist them?CorrectIncorrect
4 – Enroll in our hands-on video training course
Whether you’re just getting started with AWS Certification Training, have on-the-job experience, or are continuing your education after taking other AWS exams, you will need to cover both the theory and practical aspects of Amazon Web Services in your journey.
Check out the AWS Certified Solutions Architect Associate Hands-On Labs course from Digital Cloud Training. With this instructor-led course, you’ll be fully equipped to ace your SAA-C02 exam for the AWS Certified Solutions Architect. This is the best way to learn AWS! Delivered through guided practice labs, our Hands-On Labs course teaches you AWS from creating a Free Tier account right through to building complex applications. No other course gives you so much hands-on experience with the AWS Cloud. No more death-by-powerpoint – this is about actually building architectures on AWS.
5 – Use practice tests to smash your AWS exam
The AWS Certified Solutions Architect Associate Practice Exams from Digital Cloud Training are designed to be representative of the question format and difficulty of the actual AWS exam. A great way not just of assessing your exam readiness, but also for learning the concepts as we provide detailed explanations and reference links for every question. But don’t leave it until the last minute, get started with AWS Certified Solutions Architect Associate Practice Exams early so you can ensure you’re on track.