Skip to content

AWS Certified Solutions Architect - Professional

Here you have the best Amazon SAP-C01 practice exam questions

  • Preview the first 5 of 1019 questions for free
  • These questions were last updated on May 12, 2026
  • This site is not affiliated with or endorsed by Amazon.
Question 1 of 1019

Your company policies require encryption of sensitive data at rest. You are considering the possible options for protecting data while storing it at rest on an EBS data volume, attached to an EC2 instance.

Which of these options would allow you to encrypt your data at rest? (Choose three.)

Answer

Suggested Answer

The suggested answer is A, C, D.

To encrypt data at rest on an EBS data volume, attached to an EC2 instance, you have several options. First, you can implement third-party volume encryption tools to encrypt your data. Second, you can encrypt data inside your applications before storing it on the EBS volume, ensuring that the data is encrypted before it even reaches the storage medium. Lastly, you can use native data encryption drivers at the file system level to encrypt the data as it is written to and read from the EBS volume. Implementing SSL/TLS is not suitable for data at rest as it is meant for encrypting data in transit, and EBS volumes are not encrypted by default.

Community Votes19 votes
ACDSuggested
89%
BCD
11%
Question 2 of 1019

A customer is deploying an SSL enabled web application to AWS and would like to implement a separation of roles between the EC2 service administrators that are entitled to login to instances as well as making API calls and the security officers who will maintain and have exclusive access to the application's X.509 certificate that contains the private key.

Answer

Suggested Answer

The suggested answer is D.

To maintain a separation of roles between EC2 service administrators and security officers, it is necessary to ensure that security officers have exclusive access to the X.509 certificate containing the private key. Configuring IAM policies to authorize access to the certificate store to only the security officers and terminating SSL on an ELB (Elastic Load Balancer) achieves this separation. By terminating SSL on the ELB, the SSL/TLS session is terminated before reaching the EC2 instance, and the web request can then be forwarded unencrypted to the instance. This setup prevents the EC2 service administrators from accessing the certificate, as it is handled at the ELB level, and IAM policies enforce restricted access.

Community Votes6 votes
DSuggested
100%
Question 3 of 1019

You have recently joined a startup company building sensors to measure street noise and air quality in urban areas. The company has been running a pilot deployment of around 100 sensors for 3 months each sensor uploads 1KB of sensor data every minute to a backend hosted on AWS.

During the pilot, you measured a peak or 10 IOPS on the database, and you stored an average of 3GB of sensor data per month in the database.

The current deployment consists of a load-balanced auto scaled Ingestion layer using EC2 instances and a PostgreSQL RDS database with 500GB standard storage.

The pilot is considered a success and your CEO has managed to get the attention or some potential investors. The business plan requires a deployment of at least 100K sensors which needs to be supported by the backend. You also need to store sensor data for at least two years to be able to compare year over yearImprovements.

To secure funding, you have to make sure that the platform meets these requirements and leaves room for further scaling.

Which setup win meet the requirements?

Answer

Suggested Answer

The suggested answer is B.

Given the requirements for scalability, long-term data storage, and efficient data ingestion, the best setup is to use DynamoDB for ingesting data and then move old data to Redshift. DynamoDB is well-suited for write-heavy scenarios and provides the scalability needed to handle the data ingestion from 100K sensors. By moving old data to Redshift, you can manage large volumes of data effectively, taking advantage of Redshift's capabilities for storage and analytics. This setup ensures that the platform can meet the current requirements and allows room for further scaling.

Community Votes10 votes
BSuggested
90%
D
10%
Question 4 of 1019

A web company is looking to implement an intrusion detection and prevention system into their deployed VPC. This platform should have the ability to scale to thousands of instances running inside of the VPC.

How should they architect their solution to achieve these goals?

Answer

Suggested Answer

The suggested answer is B.

To implement an intrusion detection and prevention system that can scale to thousands of instances running inside a VPC, the best approach is to create a second VPC and route all traffic from the primary application VPC through this second VPC where the scalable virtualized IDS/IPS platform resides. This solution allows for centralized monitoring and control of incoming and outgoing traffic, ensuring that all traffic is inspected before reaching the servers. Additionally, this architecture supports scalability by utilizing a separate, dedicated VPC for the IDS/IPS platform, making it more manageable and efficient for large-scale deployments.

Community Votes7 votes
BSuggested
71%
D
29%
Question 5 of 1019

A company is storing data on Amazon Simple Storage Service (S3). The company's security policy mandates that data is encrypted at rest.

Which of the following methods can achieve this? (Choose three.)

Answer

Suggested Answer

The suggested answer is A, B, E.

To achieve encryption at rest for data stored in Amazon S3, three methods can be utilized. First, using Amazon S3 server-side encryption with AWS Key Management Service (KMS) managed keys ensures that AWS manages the keys, providing a secure and automated encryption process. Second, Amazon S3 server-side encryption with customer-provided keys allows users to bring their own encryption keys, providing full control over the encryption procedure. Third, clients can encrypt the data on the client-side using their own master key before uploading it to S3, ensuring data is already encrypted before it reaches the storage service.

Community Votes9 votes
ABESuggested
100%

1014 more questions await

Unlock the full Amazon SAP-C01 question bank

5 of 1019 completed0%

Choose your plan

One-time payment · No subscription · No hidden fees

Standard

Quick preparation

$25

30 days access

30 day access to all questions
Instant free updates
Highest passing rate in industry
Printable PDF download
No money-back guarantee
Best Value

Premium

Guaranteed success

$60$35

90 days access

PDF

Printable PDF download

New

Save every question as a PDF for offline study or printing.

90 day access to all questions
Instant free updates
Highest passing rate in industry
Pass guaranteed or money back

100% Money-Back Guarantee

Don't pass? Full refund.

4.9/5

Based on 4,868+ reviews

Trusted by thousands of professionals

Join certified professionals who passed their exams with Examice

Examice helped me pass my AWS certification on the first try! The questions were incredibly similar to the real exam. Comments helped me understand answers I was struggling with.
S
Sarah C.
Cloud Engineer
Great results in a short prep time. Passed on my first attempt.
D
David K.
Network Engineer
I needed to pass an exam for work, and this website delivered. The quality for the price is outstanding, and the support is really good. I passed without issues.
M
Michael R.
Security Analyst
Skeptical at first, but impressed. Every question included clear, detailed explanations.
L
Lisa M.
Solutions Architect
The guarantee gave me confidence to invest in the premium package. Turns out I didn't need it. Passed comfortably. The explanations for each answer were incredibly detailed and helped me grasp security concepts that I'd been struggling with for months.
R
Robert H.
Cybersecurity Consultant
Used Examice for my PMP certification. The questions were well structured and covered all exam domains thoroughly.
J
James T.
IT Manager
After failing my first attempt with other study materials, I switched to Examice and passed confidently on my second attempt.
A
Anna W.
Data Engineer
The premium package was worth it. 90 days of access gave me the flexibility to study when it worked for me, without feeling rushed.
E
Emily J.
DevOps Engineer
Straightforward questions that matched the real exam perfectly. Studied for two weeks and passed with a great score.
K
Karen P.
Systems Administrator

Frequently Asked Questions

Everything you need to know. Contact us for more.

Our Amazon SAP-C01 questions are based on real exam experiences and are continuously updated to match the current exam format. We maintain a +99% pass rate because our questions closely mirror what you'll see on the actual exam.

With our Premium package, you get a 100% money-back guarantee. If you don't pass your exam after studying with our materials, simply contact us with your exam results and we'll refund your purchase. Terms and conditions apply, read our full refund policy to learn more.

Our question bank is updated regularly based on feedback from recent exam takers. We typically review and update our content every week with reports about new questions or changes to the exam format.

Standard package access cannot be extended. However, Premium package gives you 90 days which is typically more than enough time to prepare thoroughly. If you need additional time, you can purchase a new package at any time.

This is a one-time payment with no recurring charges. Once you purchase, you get full access to all exam questions for the duration of your package (30 days for Standard, 90 days for Premium). No hidden fees or automatic renewals.

Pass on your first try

All 1019questions · Detailed explanations · Printable PDF · 90 days access

Money-back guaranteeSecure checkout
$35

one-time payment