AWS Certified Solutions Architect - Professional (SAP-C02)
Sample Exam Questions
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved | aws.amazon.com 6 | P a g e
Answers
1) C – Billing alarms will provide the company with alerts about excessive spending without taking away control
from any of the business groups. Options A and B are incorrect because each business group wants to retain
control of its account. These options would not prevent the launch of a large number of instances. Option D is a
manual process that would not provide immediate alerts about excessive spending.
2) D – AWS CloudFormation StackSets can deploy the IAM role across multiple accounts with a single operation.
Option A is incorrect because credentials that are supplied by AWS Single Sign-On (AWS SSO) are temporary.
The application would lose permissions and would have to log in again. Option B would grant access to the
management account only. Option C is incorrect because when an account joins an organization, the account
does not receive permissions to access the other accounts in the organization.
3) D, E – Cross-origin resource sharing (CORS) is a browser security feature that restricts HTTP requests that
initiate from scripts that run in the browser. CORS is typically required to build web applications that access APIs
that are hosted on a different domain or origin. You can enable CORS to allow requests to your API from a web
application that is hosted on a different domain. For example, if your API is hosted on https://[api_id].execute-
api.[region].amazonaws.com/ and you want to call your API from a web application that is hosted on
[bucketname].s3.website-[region], your API must support CORS. Option E is required for the HTML form to be
served through a website endpoint.
Option A is incorrect because the CORS header must be configured to be returned by the dynamic response from
the API endpoint. The configuration of CORS for the S3 bucket does not help. Option B is incorrect because there
is no advantage to serving a static webpage from a web server that runs on Amazon EC2 instead of from an S3
bucket. Option C is incorrect because API Gateway has a default quota of 10,000 requests per second for each
AWS Region. If necessary, you can increase this quota.
4) A – Amazon API Gateway will intermittently return HTTP status code 502 (Bad Gateway) errors if the AWS
Lambda function exceeds its concurrency quota. Option B is incorrect because, in this case, API Gateway would
return a status code 429 error for too many requests. Option C is incorrect because the errors occur during calls
to the API Gateway API endpoint, not during the authentication process. Option D is incorrect because stale data
would not cause a Bad Gateway error.
5) C – AWS Systems Manager Run Command requires no inbound ports to be open. Run Command operates
entirely over outbound HTTPS, which is open by default for security groups. Options A and B are incorrect
because the requirements state that the only inbound port that should be open is 443. Option D is incorrect
because AWS Trusted Advisor does not perform this management function.
6) D – The correct answer follows the standard guidelines for granting cross-account access between two
accounts that you control. Option A does not meet the requirements because it requires two sets of credentials for
operators. Option B is incorrect because you cannot add an IAM user to an IAM group in a different account.
Option C is incorrect because a role cannot grant access to resources in another account. The shared role must
be in the same account with resources that the shared role manages.
7) B, D – The average amount of compute to address the outliers each hour is 300 seconds (10 events for 30
seconds each). Option B is correct because with AWS Lambda, you pay only for the small amount of compute
time that is required to process the outlying values. While options A and E would reduce costs, they both involve
paying for one or more Amazon EC2 instances that would sit unused for 3,300 seconds each hour. Options C and
D reduce the shard hour costs of the Kinesis data stream. However, option C is incorrect because the amount of
data would exceed the 1 MB/s quota of a single shard.