AWS Certified Solutions Architect Professional - Exam Guide
AWS Certified Solutions Architect Professional - Exam Guide
AWS Certified Solutions Architect Professional - Exam Guide
Introduction
The AWS Certified Solutions Architect - Professional (SAP-C02) exam is intended for
individuals who perform a solutions architect role. The exam validates a candidate’s
advanced technical skills and experience in designing optimized AWS solutions that
are based on the AWS Well-Architected Framework.
The exam also validates a candidate’s ability to complete the following tasks within
the scope of the AWS Well-Architected Framework:
Job tasks and knowledge that are out of scope for the target candidate
The following list contains job tasks that the target candidate is not expected to be
able to perform and knowledge that the target candidate is not expected to have.
This list is non-exhaustive. These tasks and knowledge are out of scope for the exam:
Refer to the Appendix for a list of technologies and concepts that might appear on
the exam, a list of in-scope AWS services and features, and a list of out-of-scope AWS
services and features.
• Multiple choice: Has one correct response and three incorrect responses
(distractors)
• Multiple response: Has two or more correct responses out of five or more
response options
Select one or more responses that best complete the statement or answer the
question. Distractors, or incorrect answers, are response options that a candidate with
incomplete knowledge or skill might choose. Distractors are generally plausible
responses that match the content area.
Unanswered questions are scored as incorrect; there is no penalty for guessing. The
exam includes 65 questions that affect your score.
Unscored content
The exam includes 10 unscored questions that do not affect your score. AWS collects
information about performance on these unscored questions to evaluate these
questions for future use as scored questions. These unscored questions are not
identified on the exam.
Exam results
The AWS Certified Solutions Architect - Professional (SAP-C02) exam has a pass or fail
designation. The exam is scored against a minimum standard established by AWS
professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The minimum
passing score is 750. Your score shows how you performed on the exam as a whole
and whether you passed. Scaled scoring models help equate scores across multiple
exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance at each
section level. The exam uses a compensatory scoring model, which means that you do
Each section of the exam has a specific weighting, so some sections have more
questions than other sections have. The table of classifications contains general
information that highlights your strengths and weaknesses. Use caution when you
interpret section-level feedback.
Content outline
This exam guide includes weightings, content domains, and task statements for the
exam. This guide does not provide a comprehensive list of the content on the exam.
However, additional context for each task statement is available to help you prepare
for the exam.
Knowledge of:
• AWS Global Infrastructure
• AWS networking concepts (for example, Amazon VPC, AWS Direct Connect,
AWS VPN, transitive routing, AWS container services)
• Hybrid DNS concepts (for example, Amazon Route 53 Resolver, on-premises
DNS integration)
• Network segmentation (for example, subnetting, IP addressing, connectivity
among VPCs)
• Network traffic monitoring
Knowledge of:
• AWS Identity and Access Management (IAM) and AWS IAM Identity Center
(AWS Single Sign-On)
• Route tables, security groups, and network ACLs
• Encryption keys and certificate management (for example, AWS Key
Management Service [AWS KMS], AWS Certificate Manager [ACM])
• AWS security, identity, and compliance tools (for example, AWS CloudTrail,
AWS Identity and Access Management Access Analyzer, AWS Security Hub,
Amazon Inspector)
Skills in:
• Evaluating cross-account access management
• Integrating with third-party identity providers
• Deploying encryption strategies for data at rest and data in transit
• Developing a strategy for centralized security event notifications and
auditing
Knowledge of:
• Recovery time objectives (RTOs) and recovery point objectives (RPOs)
• Disaster recovery strategies (for example, using AWS Elastic Disaster
Recovery, pilot light, warm standby, and multi-site)
• Data backup and restoration
Knowledge of:
• AWS Organizations and AWS Control Tower
• Multi-account event notifications
• AWS resource sharing across environments
Skills in:
• Evaluating the most appropriate account structure for organizational
requirements
• Recommending a strategy for central logging and event notifications
• Developing a multi-account governance model
Knowledge of:
• AWS cost and usage monitoring tools (for example, AWS Trusted Advisor,
AWS Pricing Calculator, AWS Cost Explorer, AWS Budgets)
• AWS purchasing options (for example, Reserved Instances, Savings Plans,
Spot Instances)
• AWS rightsizing visibility tools (for example, AWS Compute Optimizer,
Amazon S3 Storage Lens)
Skills in:
• Monitoring cost and usage with AWS tools
• Developing an effective tagging strategy that maps costs to business units
• Understanding how purchasing options affect cost and performance
Skills in:
• Determining an application or upgrade path for new services and features
• Selecting services to develop deployment strategies and implement
appropriate rollback mechanisms
• Adopting managed services as needed to reduce infrastructure provisioning
and patching overhead
• Making advanced technologies accessible by delegating complex
development and deployment tasks to AWS
Skills in:
• Configuring disaster recovery solutions
• Configuring data and database replication
• Performing disaster recovery testing
• Architecting a backup solution that is automated, is cost-effective, and
supports business continuity across multiple Availability Zones or Regions
• Designing an architecture that provides application and infrastructure
availability in the event of a disruption
• Using processes and components for centralized monitoring to proactively
recover from system failures
Knowledge of:
• IAM
• Route tables, security groups, and network ACLs
• Encryption options for data at rest and data in transit
• AWS service endpoints
• Credential management services
• AWS managed security services (for example, AWS Shield, AWS WAF,
Amazon GuardDuty, AWS Security Hub)
Skills in:
• Specifying IAM users and IAM roles that adhere to the principle of least
privilege access
• Specifying inbound and outbound network flows by using security group
rules and network ACL rules
• Developing attack mitigation strategies for large-scale web applications
• Developing encryption strategies for data at rest and data in transit
• Specifying service endpoints for service integrations
• Developing strategies for patch management to remain compliant with
organizational standards
Knowledge of:
• AWS Global Infrastructure
• AWS storage services and replication strategies (for example Amazon S3,
Amazon RDS, Amazon ElastiCache)
• Multi-AZ and multi-Region architectures
• Auto scaling policies and events
• Application integration (for example, Amazon Simple Notification Service
[Amazon SNS], Amazon Simple Queue Service [Amazon SQS], AWS Step
Functions)
• Service quotas and limits
Knowledge of:
• Performance monitoring technologies
• Storage options on AWS
• Instance families and use cases
• Purpose-built databases
Skills in:
• Designing large-scale application architectures for a variety of access
patterns
• Designing an elastic architecture based on business objectives
• Applying design patterns to meet performance objectives with caching,
buffering, and replicas
• Developing a process methodology for selecting purpose-built services for
required tasks
• Designing a rightsizing strategy
Knowledge of:
• AWS cost and usage monitoring tools (for example, Cost Explorer, Trusted
Advisor, AWS Pricing Calculator)
• Pricing models (for example, Reserved Instances, Savings Plans)
• Storage tiering
• Data transfer costs
• AWS managed service offerings
Skills in:
• Identifying opportunities to select and rightsize infrastructure for
cost-effective resources
• Identifying appropriate pricing models
• Performing data transfer modeling and selecting services to reduce data
transfer costs
• Developing a strategy and implementing controls for expenditure and
usage awareness
Knowledge of:
• Alerting and automatic remediation strategies
• Disaster recovery planning
• Monitoring and logging solutions (for example, Amazon CloudWatch)
• CI/CD pipelines and deployment strategies (for example, blue/green,
all-at-once, rolling)
• Configuration management tools (for example, Systems Manager)
Knowledge of:
• Data retention, data sensitivity, and data regulatory requirements
• Automated monitoring and remediation strategies (for example, AWS
Config rules)
• Secrets management (for example, Systems Manager, AWS Secrets
Manager)
• Principle of least privilege access
• Security-specific AWS solutions
• Patching practices
• Backup practices and methods
Skills in:
• Evaluating a strategy for the secure management of secrets and credentials
• Auditing an environment for least privilege access
• Reviewing implemented solutions to ensure security at every layer
• Reviewing comprehensive traceability of users and services
• Prioritizing automated responses to the detection of vulnerabilities
• Designing and implementing a patch and update process
• Designing and implementing a backup process
• Employing remediation techniques
Skills in:
• Translating business requirements to measurable metrics
• Testing potential remediation solutions and making recommendations
• Proposing opportunities for the adoption of new technologies and
managed services
• Assessing solutions and applying rightsizing based on requirements
• Identifying and examining performance bottlenecks
Knowledge of:
• AWS Global Infrastructure
• Data replication methods
• Scaling methodologies (for example, load balancing, auto scaling)
• High availability and resiliency
• Disaster recovery methods and tools
• Service quotas and limits
Skills in:
• Understanding application growth and usage trends
• Evaluating existing architecture to determine areas that are not sufficiently
reliable
• Remediating single points of failure
• Enabling data replication, self-healing, and elastic features and services
Skills in:
• Analyzing usage reports to identify underutilized and overutilized resources
• Using AWS solutions to identify unused resources
• Designing billing alarms based on expected usage patterns
• Investigating AWS Cost and Usage Reports at a granular level
• Using tagging for cost allocation and reporting
Task Statement 4.1: Select existing workloads and processes for potential migration.
Knowledge of:
• Migration assessment and tracking tools (for example, AWS Migration Hub)
• Portfolio assessment
• Asset planning
• Prioritization and migration of workloads (for example, wave planning)
Skills in:
• Completing an application migration assessment
• Evaluating applications according to the seven common migration
strategies (7Rs)
• Evaluating total cost of ownership (TCO)
Knowledge of:
• Data migration options and tools (for example, AWS DataSync, AWS
Transfer Family, AWS Snow Family, S3 Transfer Acceleration)
• Application migration tools (for example, AWS Application Discovery
Service, AWS Application Migration Service)
• AWS networking services and DNS (for example, Direct Connect, AWS
Site-to-Site VPN, Route 53)
• Identity services (for example, IAM Identity Center, AWS Directory Service)
• Database migration tools (for example, AWS Database Migration Service
[AWS DMS], AWS Schema Conversion Tool [AWS SCT])
• Governance tools (for example, AWS Control Tower, Organizations)
Skills in:
• Selecting the appropriate database transfer mechanism
• Selecting the appropriate application transfer mechanism
• Selecting the appropriate data transfer service and migration strategy
• Applying the appropriate security methods to migration tools
• Selecting the appropriate governance model
Knowledge of:
• Compute services (for example, Amazon EC2, AWS Elastic Beanstalk)
• Containers (for example, Amazon Elastic Container Service [Amazon ECS],
Amazon Elastic Kubernetes Service [Amazon EKS], AWS Fargate, Amazon
Elastic Container Registry [Amazon ECR])
• AWS storage services (for example, Amazon Elastic Block Store [Amazon
EBS], Amazon Elastic File System [Amazon EFS], Amazon FSx, Amazon S3,
Volume Gateway)
• Databases (for example, Amazon DynamoDB, Amazon OpenSearch Service,
Amazon RDS, self-managed databases on Amazon EC2)
Knowledge of:
• Serverless compute offerings (for example, AWS Lambda)
• Containers (for example, Amazon ECS, Amazon EKS, Fargate)
• AWS storage services (for example, Amazon S3, Amazon EFS)
• Purpose-built databases (for example, DynamoDB, Amazon Aurora
Serverless, ElastiCache)
• Integration services (for example, Amazon SQS, Amazon SNS, Amazon
EventBridge, Step Functions)
Skills in:
• Identifying opportunities to decouple application components
• Identifying opportunities for serverless solutions
• Selecting the appropriate service for containers
• Identifying opportunities for purpose-built databases
• Selecting the appropriate application integration service
The following list contains technologies and concepts that might appear on the exam.
This list is non-exhaustive and is subject to change. The order and placement of the
items in this list is no indication of their relative weight or importance on the exam:
• Compute
• Cost management
• Database
• Disaster recovery
• High availability
• Management and governance
• Microservices and component decoupling
• Migration and data transfer
• Networking, connectivity, and content delivery
• Security
• Serverless design principles
• Storage
The following list contains AWS services and features that are in scope for the exam.
This list is non-exhaustive and is subject to change. AWS offerings appear in
categories that align with the offerings’ primary functions:
Analytics:
• Amazon Athena
• AWS Data Exchange
• AWS Data Pipeline
• Amazon EMR
• AWS Glue
• Amazon Kinesis Data Analytics
• Amazon Kinesis Data Firehose
• Amazon Kinesis Data Streams
• AWS Lake Formation
Application Integration:
• Amazon AppFlow
• AWS AppSync
• Amazon EventBridge
• Amazon MQ
• Amazon Simple Notification Service (Amazon SNS)
• Amazon Simple Queue Service (Amazon SQS)
• AWS Step Functions
Blockchain:
Business Applications:
• AWS Budgets
• AWS Cost and Usage Report
• AWS Cost Explorer
• Savings Plans
Containers:
Database:
• Amazon Aurora
• Amazon Aurora Serverless
• Amazon DocumentDB (with MongoDB compatibility)
• Amazon DynamoDB
• Amazon ElastiCache
• Amazon Keyspaces (for Apache Cassandra)
• Amazon Neptune
• Amazon RDS
• Amazon Redshift
• Amazon Timestream
• AWS Cloud9
• AWS CodeArtifact
• AWS CodeBuild
• AWS CodeCommit
• AWS CodeDeploy
• Amazon CodeGuru
• AWS CodePipeline
• AWS CodeStar
• AWS X-Ray
• AWS Amplify
• Amazon API Gateway
• AWS Device Farm
• Amazon Pinpoint
• Amazon CloudFront
• AWS Direct Connect
• Elastic Load Balancing (ELB)
• AWS Global Accelerator
• AWS PrivateLink
• Amazon Route 53
• AWS Transit Gateway
• Amazon VPC
• AWS VPN
• AWS Artifact
• AWS Audit Manager
• AWS Certificate Manager (ACM)
• AWS CloudHSM
• Amazon Cognito
• Amazon Detective
• AWS Directory Service
• AWS Firewall Manager
• Amazon GuardDuty
• AWS IAM Identity Center (AWS Single Sign-On)
• AWS Identity and Access Management (IAM)
• Amazon Inspector
• AWS Key Management Service (AWS KMS)
• Amazon Macie
• AWS Network Firewall
• AWS Resource Access Manager (AWS RAM)
• AWS Secrets Manager
• AWS Security Hub
• AWS Security Token Service (AWS STS)
• AWS Shield
• AWS WAF
Storage:
• AWS Backup
• Amazon Elastic Block Store (Amazon EBS)
• AWS Elastic Disaster Recovery
• Amazon Elastic File System (Amazon EFS)
• Amazon FSx (for all types)
• Amazon S3
• Amazon S3 Glacier
• AWS Storage Gateway
The following list contains AWS services and features that are out of scope for the
exam. This list is non-exhaustive and is subject to change. AWS offerings that are
entirely unrelated to the target job roles for the exam are excluded from this list:
Game Tech:
• Amazon GameLift
Survey
How useful was this exam guide? Let us know by taking our survey.