AWS Solutions Architect Associate Exam Study Guide And Crib Sheet[SAA-C02]

aws architect exam preparation aws exam questions aws solutions architect associate exam study guide and crib sheet[saa-c02] aws solutions architect exam dumps cloud certification Feb 03, 2022

AWS Solutions Architect Associate Exam Study Guide And Crib Sheet[SAA-C02]

The AWS certified solution architect associate exam is challenging and considered a tough exam to clear. You need months of study and in-depth research and deep understanding about the certification to pass.

The AWS Certified Solutions Architect – Associate exam is intended for individuals who perform in a solutions architect role. The exam validates a candidate’s ability to design secure and robust solutions by using AWS technologies.  

The exam also validates a candidate’s ability to complete the following tasks: Design a solution by using appropriate AWS services and by following architectural principles based on requirements.

Provide implementation guidance based on best practices to the organization throughout the workload lifecycle.

Domain 1: Design Resilient Architectures – 30%

1.1 Design a Multi-tier Architecture Solution

Determine a solution design based on access patterns

Common AWS access patterns for your workforce

Architectural patterns for data lakes on AWS

Identify your data access patterns

Analyze access patterns in Amazon WorkSpaces

Determine a scaling strategy for components used in a design

Scale your web app: one step at a time

Scaling on AWS part I: A Primer

Specify the scaling strategy

How do scaling plans work?

Select an appropriate database based on requirements

How to choose a database?

How do you select your database solution?

Select the right database for your application

Database architecture selection

Select an appropriate compute and storage service based on requirements

Compute service

How do you select your compute solution?

How to choose a compute option?

Compute architecture selection

Storage service

How do you select your storage solution?

Cloud Storage on AWS

Object storage classes in Amazon S3Demystify the Solutions Architect Associate Exam

1.2 Design Highly Available and/or Fault-tolerant Architectures

Determine the amount of resources needed to provide a fault-tolerant architecture across Availability Zones


Achieving fault-tolerance & redundancy

Designing for fault-tolerance

Select a highly available configuration to mitigate single points of failure

High Availability on AWS

Remove single points of failure by using a High-Availability partition group

Eliminate single points of failure with High Availability clustering

Apply AWS services to improve the reliability of legacy applications when application changes are not possible

Demystify legacy migration options to AWS

Optimize a lift-and-shift for performance

Select an appropriate disaster recovery strategy to meet business requirements

Plan for disaster recovery

How do you plan for disaster recovery (DR)?

Disaster recovery options in the cloud

Disaster Recovery (DR) architecture on AWS

Identify key performance indicators to ensure the high availability of the solution

Measuring Availability in AWS

Example implementations for availability goals

Monitor your resources to ensure they are performing

AWS Monitoring: Metrics to watch out for

1.3 Design Decoupling Mechanisms Using AWS Services

Determine which AWS services can be leveraged to achieve loose coupling of components

Loosely coupled scenarios

Building loosely coupled, scalable apps with Amazon SQS & SNS

Decoupling with SQS, SimpleDB, & SNS

Determine when to leverage serverless technologies to enable decoupling

Decouple larger applications with EventBridge

Decoupled serverless scheduler to run HPC apps

1.4 Choose Appropriate Resilient Storage

Define a strategy to ensure the durability of data

Data protection in Amazon S3

Amazon S3 Reduced Redundancy Storage (RRS)

Backup and data protection solutions

Strategies to ensure data durability

Identify how data service consistency will affect the operation of the application

Consistency model

Managing data consistency

Architect data quality on the AWS Cloud

DAX and DynamoDB consistency models

Select data services that will meet the access requirements of the application

Data Lakes and analytics on AWS

Best practices for securing sensitive data in AWS data stores

Identify storage services that can be used with hybrid or non-cloud-native applications

Storage services for hybrid cloud

AWS Storage Gateway

Amazon Web Services Backup

AWS DataSync

AWS Transfer Family

Domain 2: Design High-performing Architectures – 28%

2.1 Identify Elastic and Scalable Compute Solutions for a Workload

Select the appropriate instance(s) based on Compute, storage, and networking requirements

Choosing the right EC2 instance type for your application

Determine appropriate EC2 instance type for your workload

Get recommendations for an instance type

Storage in Amazon Elastic Compute Cloud

Networking in Amazon EC2

Choose the appropriate architecture and services that scale to meet performance requirements

How do you select the best-performing architecture?

Compute architecture selection

Optimize performance for your AWS compute

Identify metrics to monitor the performance of the solution

Using Amazon CloudWatch metrics

Monitoring performance with CloudWatch dashboards

Monitor performance of Amazon ECS applicationsAWS Solutions Architect Associate Exam Tips

2.2 Select High-performing and Scalable Storage Solutions for a Workload

Select a storage service and configuration that meets performance demands

Storage architecture selection

Performance Efficiency design principles

How do you select your storage solution?

Determine storage services that can scale to accommodate future needs

Object storage

Amazon Simple Storage Service (s3)

What is Amazon S3?

Best Practices: Optimizing Amazon S3 Performance

Design Patterns: Optimizing Amazon S3 performance whitepaper

Performance Guidelines for Amazon S3

Scale indefinitely on S3 with these secrets of the S3 masters

Block storage

Amazon Elastic Block Store

What is Amazon EBS?

Amazon EBS volume types

How to optimize the performance of Amazon EBS volumes?

How to optimize Amazon Elastic Block Store for higher performance?

AWS EBS volumes push the scalability envelope

File system storage

Amazon Elastic File System

What is Amazon Elastic File System?

Amazon EFS Performance

Amazon EFS Performance Tips

Getting the best performance out of Amazon EFS

Amazon Elastic File System (EFS): Scale Durable File Systems

Horizontal scaling using Amazon Elastic File System

Amazon FSx

What is Amazon FSx for Windows File Server?

Amazon FSx for Lustre Performance

Amazon FSx for Windows File Server Performance

Amazon FSx for Lustre: Dive on high-performance file storage

Walkthrough: Scaling-out performance with Shards

Archival storage

Amazon S3 Glacier Deep Archive

What is Amazon S3 Glacier?

Other Storage solutions for high-performance

S3 Transfer Acceleration

2.3 Select High-performing Networking Solutions for a Workload

Select appropriate AWS connectivity options to meet performance demands

Network-to-Amazon VPC connectivity options

Amazon VPC-to-Amazon VPC connectivity options

Software remote access-to-Amazon VPC connectivity options

Select appropriate features to optimize connectivity to AWS public services

How do you configure your networking solution?

Network architecture selection

Optimizing latency and bandwidth for AWS Traffic

Achieve up to 60% better performance with Global Accelerator

Determine an edge caching strategy to provide performance benefits

How caching works with CloudFront edge locations?

Define your caching strategy

Improving the cache hit ratio

Select appropriate data transfer service for migration and/or ingestion

AWS DataSync

Migration and transfer

Top 10 data migration best practices

Migrating data to AWS: understanding your options

Easily ingest data into AWS

Other AWS networking services for building high-performing networking solutions are:

AWS Global Accelerator

It creates accelerators to improve the performance of your app by directing traffic to the best-suited endpoints in the AWS network

Get started with AWS Global Accelerator

Achieve up to 60% better performance with Global Accelerator

Improve application performance for your traffic with Global Accelerator  

Global Accelerator: Building performant applications

AWS Direct Connect

Establishes a dedicated network connection from the on-premises network to the cloud

AWS Direct Connect (for connecting to the on-premises network)

Connect your data center to AWS with Direct Connect

AWS Virtual Private Network


Getting started – AWS Site-to-Site VPN

Improve VPN Network Performance with Global Accelerator

Troubleshoot low bandwidth issues on my VPN connection

AWS Transit Gateway

A cloud router. It connects multiple VPCs in your account with the on-premises network (if needed) with a central hub. Replaces many 1-1 connections between the VPCs.

AWS Transit Gateway

Scaling VPN throughput using AWS Transit Gateway

Increasing bandwidth between VPCs by using Transit Gateway

AWS CloudFront

CloudFront is a Content Delivery Network (CDN). It stores a copy of your website assets in different edge locations around the world. When a user requests a resource, it is served from the nearest edge location, thereby reducing latency.

Amazon CloudFront

Improve your website performance with CloudFront

Amazon S3+CloudFront: A match made in the Cloud

AWS Outposts

For running AWS infrastructure and other services in an on-premises environment. So you needn’t move your sensitive data to the cloud. You move the cloud to the location of your data.

What are AWS Outposts?

AWS Outposts: A deep-dive

AWS Local Zones

Moves AWS Compute, Storage, DBs closer to centers where no AWS regions exist.

What are AWS Local Zones?

Low-latency computing with AWS Local Zones

Why Outposts, Local Zones, & Wavelength are game-changing for enterprises?

AWS Wavelength

Move AWS services to the edge of the 5G network, so traffic from 5G devices can reach servers in Wavelength Zones.

Introduction to AWS Wavelength

AWS Wavelength for delivering ultra-low latency apps for 5G

Use Wavelength to deliver apps that require ultra-low latency

2.4 Choose High-performing Database Solutions for a Workload

Select an appropriate database scaling strategy

Database scaling strategies for startups

Scaling your application with AWS Relational Databases

Auto-scaling a MySQL database to meet fluctuating demand

Managing scaling for Aurora DB clusters

Determine when database caching is required for performance improvement

Database caching

Database caching strategies using Redis

Boost MySQL DB performance with ElastiCache for Redis

Caching for performance with ElastiCache

Choose a suitable database service to meet performance needs

How do you select your database solution?

How to choose the right database?

AWS databases: How to choose the right one?

Relational databases

Simple stuff, data tables related to each other via primary-foreign key relationships. A great fit for transactions (OLTP) in the financial world.

Best practices for Amazon RDS

Configuring parameters related to performance

Tuning Amazon RDS performance

What is Amazon Aurora?

Managing Performance for Aurora DB Clusters

Deep Dive on Amazon Aurora performance tuning

Amazon Redshift

Top 10 performance tuning techniques for Amazon Redshift

Improving Amazon Redshift Performance

Key-value database

A type of NoSQL database (not only SQL). The unique identifier is the key. The value can be any data structure. It is widely used by web applications for storing user session details.

What is Amazon DynamoDB?

Best practices for designing and architecting with DynamoDB

Amazon DynamoDB: Performance & cost optimization at any scale

In-memory databases

A database that’s housed in memory (RAM) instead of the disk. So it is volatile (you lose all data on failure) but gives you faster response times. Widely used in BI applications, so the user can drill down/up or filter the report across dimensions with minimal latency.

Amazon ElastiCache for Redis

Amazon ElastiCache for Memcached

Boosting performance with Amazon ElastiCache for Redis

Performance at Scale with Amazon ElastiCache

Accelerate Application Performance with Amazon ElastiCache

Document database

Data is stored in JSON-like documents. Used when the data is not relational. For example, scanned images, PDF files, etc., In manufacturing aircraft, different parts have a different number of attributes. Storing the information in the Document database can accommodate for the potential increase in the attributes required. 

Amazon DocumentDB performance

Best practices for Amazon DocumentDB

Graph database

A graph database is best used to describe relationships between entities. These databases consist of nodes (store data entities) and edges (store relationships between entities). They are mostly used in recommendation engines in e-commerce and social media applications.

Amazon Neptune

Performance and Scaling in Amazon Neptune

Time-series database

Used for monitoring software/financial/physical systems like equipment & machinery where there is a heavy dependence on time.

Wikipedia: Time series database

Amazon Timestream

Do I need a Ledger database? What is it?

Amazon Quantum Ledger Database (QLDB)

Database caching for high performance

Boosting database performance with Amazon ElastiCache for Redis

Supercharge query caching with AWS database services


Domain 3: Design Secure Applications and Architectures – 24%

3.1 Design Secure Access to AWS Resources

Determine when to choose between users, groups, and roles

IAM Identities (users, user groups, and roles)


When should you use AWS IAM roles vs. users?

Interpret the net effect of a given access policy

Understanding the IAM policy grammar

Policy summaries make understanding IAM policies easier

Policy evaluation logic

Select appropriate techniques to secure a root account

Best practices for securing AWS account

Secure AWS account root user

Determine ways to secure credentials using features of AWS IAM

Manage user credentials

AWS Identity & Access Management (IAM) features

Best practices for managing AWS access keys

Determine the secure method for an application to access AWS APIs

Control & manage access to a REST API

Evaluate access control methods to secure APIs

Control access to an API with IAM permissions

Select appropriate services to create traceability for access to AWS resources

Tracing S3 requests using AWS X-Ray

Track which users are accessing your S3 buckets

Security Pillar: AWS well-architected framework

AWS security design principles

Other approaches for securing access to AWS resources

a. Secure access credentials

AWS Security Token Service

Generates temporary security credentials that are limited in privileges and in duration. Enables you to provide access to users without creating AWS identities.

Introduction to AWS (STS)

AWS Security Token Service API Reference

Temporary security credentials in IAM

IAM Instance profiles

A way for EC2 instances to access AWS APIs.

Using instance profiles

Create an IAM instance profile for your EC2 instances

Difference between an AWS role and an instance profile

b. Principle of least privileges

Granting least privileges in AWS

Defining least-privileged permissions for actions by AWS services

Remove unnecessary credentials

AWS Organizations

Organize several accounts into groups to create an organizational structure. Apply policies to individual organizational units or the entire organization.

What are AWS Organizations?

Best practices for Organizational Units with AWS Organizations

3.2 Design Secure Application Tiers

Given traffic control requirements, determine when and how to use security groups and network ACLs

Security groups for your VPC

Security group rules for different use cases

Control network traffic with security groups

Security Group scenario

Determine a network segmentation strategy using public and private subnets

Improving security in the cloud with micro-segmentation

Making a case for network segmentation in AWS

Build a modular & scalable virtual network architecture

Select the appropriate routing mechanism to securely access AWS service endpoints or internet-based resources from Amazon VPC

Choosing a routing policy

VPC endpoints in Amazon VPC

Example routing options

Internet routing & traffic engineering

Select appropriate AWS services to protect applications from external threats

Protecting from external threats

How do you protect your network resources?

AWS Web Application Firewall

Other important articles for securing application tiers

Building three-tier architectures with security groups

Three Tier Architecture for Web Applications in AWS

Secure an AWS Three-tier Web Architecture

Create and Configure App-Tier Security Group

Create and Configure Data-Tier Security Group

Setting up a basic two-tier web application in Amazon Web Services

3.3 Select Appropriate Data Security Options

Determine the policies that need to be applied to objects based on access patterns

Access policy guidelines

User policy examples

Select appropriate encryption options for data at rest and in transit for AWS services

Encryption options

How to protect data at rest?

Encrypting data-at-rest and -in-transit

How do you protect your data in transit?

Select appropriate key management options based on requirements

Key Management Service in AWS

What is AWS Secrets Manager?

What Is AWS CloudHSM?

AWS Parameter Store

Different approaches to consider for data security in AWS

a. Data Classification

Analyzing and organizing data based on criticality and sensitivity so that appropriate data protection controls can be applied. For example, if you store sensitive data in your S3 buckets, then you can classify such objects with the help of object tagging.

Tagging your Amazon EC2 resources

Amazon S3 object tagging

b. Encryption/Tokenization

Encryption transforms the sensitive content into a form that is unreadable to the hacker without the secret key (the reverse process is decryption).

Tokenization defines a token to represent a sensitive piece of information.

A Deep Dive into AWS Encryption Services

Protect data using server-side encryption

Protect data using client-side encryption

c. Secure data at rest

Encryption of Data at Rest

Securing data at rest with encryption

Protect data at rest with EC2 Instance Store Encryption

Amazon S3

How does Amazon S3 use AWS KMS?

Encrypt your S3 objects with AWS KMS key

Amazon EBS

Amazon EBS encryption

How does Amazon EBS use AWS KMS?

Amazon Glacier:

Data encryption at rest for Amazon Glacier

d. Secure data in transit

How do you protect your data in transit?

Protecting data in transit with encryption

AWS Certificate Manager

Automate encryption in transit with ACM

Encryption in Transit with Amazon CloudFront

e. Backup/replicate/recover your data

Amazon S3

How to backup files to Amazon S3?

Amazon S3 cross-region replication



Domain 4: Design Cost-optimized Architectures – 18%

4.1 Identify Cost-effective Storage Solutions

Determine the most cost-effective data storage options based on requirements

Cost-effective data management

Manage, analyze, & reduce storage costs

Optimizing storage costs using Amazon S3

Optimize Amazon S3 Storage

5 Ways to reduce data storage costs using S3 Storage Lens

Apply automated processes to ensure that data over time is stored on storage tiers that minimize costs

S3 intelligent-tiering storage class

Amazon S3 intelligent-tiering automates storage cost savings

Intelligent-tiering adds automatic archiving

Cost optimization with S3 intelligent tiering

Cost-effective techniques for other AWS services

AWS storage optimization whitepaper

Amazon S3

Cost optimization guidelines for Amazon S3

Amazon Elastic Block Store

Optimize Amazon EBS Storage

EBS optimization strategies for better cost savings

4.2 Identify Cost-effective Compute and Database Services

Determine the most cost-effective Amazon EC2 billing options for each aspect of the workload

Understand Amazon EC2 instance-hours billing

Avoiding unexpected charges

Select the best pricing model

Per-second billing for EC2 instances & EBS volumes

Billing management and cost control

Determine the most cost-effective database options based on requirements

Reduce database cost when you migrate to the cloud

Amazon RDS

Strategies to reduce Amazon RDS costs

Optimizing costs in Amazon RDS

Saving with AWS RDS: Identifying the top 3 cost drivers

Cost optimization for RDS in AWS

Amazon Aurora

Optimize Amazon Aurora with MySQL

Reducing Aurora PostgreSQL storage I/O costs

Amazon Redshift

4 steps to reduce your Amazon Redshift costs

Amazon Redshift cost optimization techniques

Amazon DynamoDB

3 cost-cutting tips for Amazon DynamoDB

How to optimize DynamoDB & reduce costs?

10 tips to optimize your DynamoDB costs

Select appropriate scaling strategies from a cost perspective

Optimizing costs as you scale on AWS

Optimize costs with Auto Scaling

Performance and cost optimization at any scale

Select and size compute resources that are optimally suited for the workload

Right Sizing

AWS Compute Optimizer

Provisioning instances to match workloads

Determine options to minimize total cost of ownership (TCO) through managed services and serverless architectures

TCO & cost optimization: Best practices for managing usage on AWS

Reduce TCO for your Linux file-based apps

Modernization your apps, and reduce TCO

Determine the TCO of serverless technologies

4.3 Design Cost-optimized Network Architectures

Identify when content delivery can be used to reduce costs

How to reduce Amazon Cloudfront costs?

Reduce data transfer costs with CloudFront

Reduce Amazon Cloudfront costs

Determine strategies to reduce data transfer costs within AWS

Use Cost Explorer to analyze data transfer costs

Reduce data transfer costs

Reduce unexpected data transfer costs

Solving hidden network transfer costs

Determine the most cost-effective connectivity options between AWS and on-premises environments

How to connect your data center to AWS?

AWS Direct Connect pricing

Connect On-premises to AWS cloud


How to Become a Cloud Engineer with no Experience in less than Six Months Webinar!

Who is the online seminar for

Anyone who wants to learn more about becoming a cloud engineer as fast as possible in a cost-efficient manner

Tuesday, February 8, 2022 9:00 AM EST

Hosted by Joe Holbrook



Some of the Courses on TechCommanders

On Techcommanders, we provide free Accredible Certificates that can be verified and posted online.

Coming in February 8th 2022. Cloud InterviewACE.

The best way to pass the Cloud Computing interviews. Period.

Cloud InterviewACE is an online training program & professional community mentored by industry veteran Joseph Holbrook (“The Cloud Tech Guy“), a pre/post sales guru in cloud.  

Learn to pass the technical and even soft skills interviews from the starting basics to advanced topics covering presales, post sales focused objectives such cloud deployment, cloud architecting, cloud engineering, migrations and more. resume tips, preparation strategy, common mistakes, mock interviews, technical deep-dives, must-know tips, offer negotiation, and more. AWS, GCP and Azure will be covered. 

Find Out more about Cloud InterviewACE from TechCommanders

Fast-track your career now!  

This changes your world, what are you waiting for!

We are TechCommanders…

experts in Next Generation Technology Training. 

TechCommanders is an online training platform for both aspiring and veteran IT professionals interested in next generation IT Skills.
TechCommanders is led by Joseph Holbrook, a highly sought-after technology industry veteran.

TechCommanders offers blended learning which allows the students to learn on demand but with live training.

Join TechCommanders Today. 

Over 60 Courses and Practice Questions! 

Coaching and CloudINterviewACE

Join TechCommanders

Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.

We hate SPAM. We will never sell your information, for any reason.