AWS Solutions Architect Professional Exam Topics & Practice Tests
The AWS Certified Solutions Architect Professional certification exam, exam code SAP-C02, validates advanced architecture expertise on the AWS Cloud for practitioners who already design and implement complex workloads.
This exam confirms that you can evaluate multi-account requirements, apply the AWS Well-Architected Framework, prescribe security controls, design resilient and performant systems, optimize cost, and accelerate migration and modernization. The target audience for this AWS Certification exam typically has two or more years of hands-on experience building solutions on AWS.
Exam basics
The exam includes multiple choice and multiple response questions. Your result appears as a scaled score between 100 and 1,000, and the minimum passing score is 750. The scoring model is compensatory, which means you pass based on your overall performance rather than on each section individually. In addition to scored questions, the exam may include unscored items that AWS uses to evaluate future content. Expect approximately 65 scored questions plus about 10 unscored items on the SAP-C02.
Content domains and weights
The SAP-C02 exam is organized into four domains. If you want to pass, you must be comfortable with all solutions architect topics, especially multi-account strategy and resilient design.
- Design Solutions for Organizational Complexity — 26 percent
- Design for New Solutions — 29 percent
- Continuous Improvement for Existing Solutions — 25 percent
- Accelerate Workload Migration and Modernization — 20 percent
Domain 1: design solutions for organizational complexity
Network connectivity strategies
Evaluate patterns for many VPCs and hybrid connectivity, including AWS Direct Connect and VPN, transitive routing, hybrid DNS with Route 53 Resolver, segmentation, and traffic monitoring across regions and accounts.
Security controls
Prescribe controls with AWS Identity and Access Management and IAM Identity Center, encryption using AWS KMS and ACM, and continuous auditing with CloudTrail, Access Analyzer, Security Hub, and Amazon Inspector.
Reliability and resilience
Design for RTO and RPO targets using strategies like pilot light, warm standby, multi-site, automated recovery, and robust backup and restore.
Multi-account governance
Define an account structure with AWS Organizations and Control Tower, centralize logging and notifications, and enable secure resource sharing across environments.
Cost optimization and visibility
Use Trusted Advisor, AWS Pricing Calculator, Cost Explorer, Budgets, Compute Optimizer, and S3 Storage Lens. Apply tagging and rightsizing to improve accountability and spend.
Domain 2: design for new solutions
Deployment strategy
Adopt IaC with CloudFormation, build CI/CD pipelines, apply change management, and leverage Systems Manager for configuration. Choose managed services to reduce operational overhead and plan safe rollbacks.
Business continuity
Architect multi-AZ and multi-Region topologies, configure replication and DR scenarios, and centralize monitoring for proactive recovery using services like CloudWatch and Route 53.
Security by design
Implement least-privilege IAM, secure network flows with security groups and NACLs, encrypt data in transit and at rest, use private service endpoints, and integrate managed protections such as Shield, WAF, GuardDuty, and Security Hub.
Reliability and performance
Select storage and replication options (S3, RDS, ElastiCache), auto scaling policies, and event-driven integration with SNS, SQS, and Step Functions. Right-size compute and storage, cache and buffer where appropriate, and apply Route 53 routing policies.
Cost strategy
Choose pricing models like Reserved Instances and Savings Plans, align storage tiers, reduce data transfer, and enforce expenditure awareness with budgets and alerts.
Domain 3: continuous improvement for existing solutions
Operational excellence
Strengthen logging and metrics with CloudWatch, automate remediation, refine deployments (blue/green, rolling, all-at-once), and extend configuration automation with Systems Manager.
Security improvements
Meet retention and regulatory requirements, automate checks with Config rules, manage secrets with Secrets Manager and Parameter Store, audit least-privilege access, ensure traceability, and harden patching and backups.
Performance enhancements
Leverage auto scaling, instance fleets, and placement groups; use Global Accelerator and CloudFront; set SLAs and KPIs; test remediations; and right-size resources based on observed load.
Reliability upgrades
Eliminate single points of failure, enable replication and self-healing, adopt elastic patterns, and plan for quotas and limits.
Cost optimizations
Adopt Spot where appropriate, tune scaling policies, right-size, use Savings Plans or RIs, manage data-transfer costs, analyze the Cost and Usage Report, and tag for allocation.
Domain 4: accelerate workload migration and modernization
Select workloads and plan
Assess portfolios with Migration Hub, plan waves, evaluate with the seven migration strategies, and model TCO to prioritize value.
Choose migration approaches
Use DataSync, Transfer Family, Snow Family, and S3 Transfer Acceleration for data; Application Discovery Service and Application Migration Service for servers; DMS and SCT for databases; and align identity, networking, and governance with IAM Identity Center, Direct Connect/VPN, Control Tower, and Organizations.
Define new architecture
Select compute (EC2, Elastic Beanstalk), containers (ECS, EKS, Fargate, ECR), storage (EBS, EFS, FSx, S3), and databases (RDS, DynamoDB, OpenSearch, or self-managed on EC2) to meet goals.
Modernize
Decouple with queues and events (SQS, SNS, EventBridge, Step Functions), adopt serverless with Lambda where it fits, and use purpose-built databases like DynamoDB, Aurora Serverless, and ElastiCache.
Out of scope tasks
The exam does not test frontend mobile development, deep operating-system internals, or prescriptive twelve-factor app details. Focus on advanced architecture patterns and decisions across large, multi-account AWS environments rather than unrelated platforms like the Google Cloud Platform.
How to prepare
Start with the official SAP-C02 topics and map them to a study plan. Use practice exams to learn question framing and identify weak spots. Deepen your coverage with adjacent areas like security, architecture, and DevOps. Revisit mocks, iterate on gaps, and aim for mastery of multi-account governance, resilient design, performance tuning, cost strategy, and migration patterns before exam day.
Cameron McKenzie is an AWS Certified AI Practitioner, Machine Learning Engineer, Solutions Architect, and author of many popular books in the software development and cloud computing space. His growing YouTube channel and training content in Java, Spring, and AI/ML has well over 30,000 subscribers.
Other AWS Certification Books
If you are interested in attaining an Amazon cert in another domain, check out the other AWS certification books in this series:
- AWS Certified Cloud Practitioner Book of Exam Questions
- AWS Certified Developer Associate Book of Exam Questions
- AWS Certified AI Practitioner Book of Exam Questions & Answers
- AWS Certified Machine Learning Associate Book of Exam Questions
- AWS Certified DevOps Professional Book of Exam Questions
- AWS Certified Data Engineer Associate Book of Exam Questions
- AWS Certified Solutions Architect Associate Book of Exam Questions