AWS Certified Solutions Architect Professional
315 practice questions
Last reviewed: April 2026
Personal notes and resource links for your study journey
Filter by Certification
The AWS Certified Solutions Architect Professional (SAP-C02) is the senior-tier architect credential and one of the most demanding AWS exams. It validates the ability to design and evolve complex, multi-account, multi-region enterprise architectures β including organizational landing zones, large-scale migrations, hybrid connectivity, cost governance, and continuous-improvement programs. The exam targets senior architects, principal engineers, and consultants with multiple years of AWS production experience. Questions are long, scenario-heavy, and frequently present 4β6 services that must be combined correctly; the test rewards depth across nearly every AWS service family rather than memorization of any single one. SAP-C02 is conceptual (no labs) but assumes the candidate has actually shipped enterprise-scale AWS systems.
Multi-account strategy with AWS Organizations, Control Tower, SCPs, Identity Center, cross-account networking with Transit Gateway and RAM, and centralized logging/governance. Expect dense organization-level questions.
The largest domain at 29%. Greenfield architecture across compute, data, integration, and security. Heavy emphasis on choosing between competing AWS services for nuanced enterprise requirements.
Performance and cost optimization, modernization (EC2 β containers/serverless), observability, and Well-Architected reviews. Common stumbling block: identifying the smallest viable change rather than over-engineering.
AWS MGN, DMS, DataSync, Snow family, Application Migration patterns, and the 7 R's of migration. Often missed: when a re-platform vs. re-architect produces better outcomes.
Services you'll encounter on the exam and why each one matters.
Account-level governance with organizational units, service control policies (SCPs), consolidated billing, and centralized management of CloudTrail and Config.
Why it's on the exam: Organizations is the foundation of every Design Solutions for Organizational Complexity scenario β SCP guardrails, OU hierarchy, and consolidated billing show up in nearly every multi-account question.
Opinionated landing-zone service that bootstraps a multi-account Organization with mandatory and elective guardrails, Account Factory, and a customizable baseline.
Why it's on the exam: Control Tower is the named answer for "establish a compliant multi-account baseline" in Design Solutions for Organizational Complexity β distinguishing it from raw Organizations + manual SCPs is a recurring distractor.
Regional hub-and-spoke router connecting thousands of VPCs, on-premises networks via Direct Connect / VPN, and SD-WAN appliances with route-table-based segmentation.
Why it's on the exam: Transit Gateway vs. VPC peering vs. PrivateLink selection at scale anchors networking scenarios across Design Solutions for Organizational Complexity and Design for New Solutions.
Isolated virtual networks with subnets, route tables, security groups, NACLs, NAT gateways, VPC endpoints (Gateway and Interface / PrivateLink), and IPv4/IPv6 dual-stack.
Why it's on the exam: Every SAP-C02 architecture grounds in VPC design β interface endpoints for keeping traffic off the internet recur in Design for New Solutions and Continuous Improvement scenarios.
Dedicated 1/10/100 Gbps private network links with VLAN-based virtual interfaces, link aggregation groups (LAGs), and Direct Connect Gateway for global VIF reach.
Why it's on the exam: Direct Connect with redundant LAGs is the canonical Design Solutions for Organizational Complexity answer for predictable hybrid throughput and regulated traffic that must avoid the public internet.
IPsec VPN tunnels between an on-premises VPN gateway and AWS (Virtual Private Gateway or Transit Gateway), with BGP routing and accelerated VPN options.
Why it's on the exam: Site-to-Site VPN as a backup to Direct Connect, or as the fast / cheap hybrid path, recurs in Design for New Solutions and Accelerate Workload Migration and Modernization scenarios.
Cross-account resource sharing for Transit Gateways, VPC subnets, Route 53 Resolver rules, License Manager configurations, and Aurora DB clusters.
Why it's on the exam: RAM is the named mechanism for centralized-networking patterns in Design Solutions for Organizational Complexity β sharing subnets from a network account avoids replicating VPC topology per workload account.
Curated portfolios of approved CloudFormation-based products, distributed to accounts via Organizations with constrained parameters and TagOptions.
Why it's on the exam: Service Catalog enforces approved-pattern self-service in Design Solutions for Organizational Complexity β typical answer when a question asks how to let teams launch resources within guardrails.
Central tracking surface for migrations across Application Migration Service, Database Migration Service, and partner tools, with portfolio-discovery imports.
Why it's on the exam: Migration Hub is the unifying tracker named in Accelerate Workload Migration and Modernization scenarios that span servers + databases + applications in flight.
Agent-based lift-and-shift service that block-level replicates source servers to AWS, supporting cutover orchestration, post-launch automation, and test instances.
Why it's on the exam: Application Migration Service (MGN) is the named answer for lift-and-shift in Accelerate Workload Migration and Modernization β distinguishing it from re-platform/re-factor approaches is a recurring distractor.
Homogeneous and heterogeneous database replication with continuous CDC, paired with the Schema Conversion Tool (SCT) for engine conversions (Oracle β Aurora, SQL Server β PostgreSQL).
Why it's on the exam: DMS + SCT is the canonical re-platform path in Accelerate Workload Migration and Modernization β expect questions on near-zero-downtime cutover and ongoing replication for hybrid windows.
Managed agent-based data transfer between on-premises NFS / SMB / HDFS / object stores and AWS storage (S3, EFS, FSx) at line-rate speeds with encryption and integrity checks.
Why it's on the exam: DataSync is the named answer for bulk file-system migration in Accelerate Workload Migration and Modernization β distinguish from Snowball (offline) and Storage Gateway (ongoing hybrid).
Centralized policy-based backup across EC2, EBS, RDS, DynamoDB, EFS, FSx, Storage Gateway, and on-premises (via Storage Gateway) with cross-region and cross-account copies.
Why it's on the exam: AWS Backup with Organizations-wide policies is the standard Continuous Improvement for Existing Solutions answer for unified data-protection across a portfolio.
Serverless workflow orchestrator (Standard and Express) with Direct SDK integrations to 200+ AWS services, parallel + map states, and built-in retry / error-handling.
Why it's on the exam: Step Functions is the named answer for long-running, multi-service workflows in Design for New Solutions β distinguish from EventBridge Pipes (event-routing) and SQS chains.
Serverless event bus with SaaS partner integrations, schema registry, Pipes for source-to-target with optional filtering / enrichment, and Scheduler for cron / one-shot triggers.
Why it's on the exam: EventBridge is the canonical Design for New Solutions answer for loosely-coupled, event-driven architectures spanning AWS and third-party SaaS.
Serverless event-driven compute with provisioned concurrency, SnapStart, container-image packaging, VPC networking, and integrations across the AWS event surface.
Why it's on the exam: Lambda anchors serverless answers across Design for New Solutions and Continuous Improvement β provisioned concurrency / SnapStart show up in low-latency cold-start scenarios.
Workforce identity store (or SAML / SCIM federation from Entra / Okta) granting permission sets across the entire Organization with attribute-based access control.
Why it's on the exam: IAM Identity Center (formerly AWS SSO) is the named answer for centralized human access in Design Solutions for Organizational Complexity β far preferred over per-account IAM users.
Managed cryptographic keys (AWS-managed, customer-managed, multi-Region, and external key store / XKS) with automatic rotation, grants, and CloudTrail-logged usage.
Why it's on the exam: Multi-Region keys and cross-account grants surface in Design Solutions for Organizational Complexity; envelope encryption choices anchor Continuous Improvement for Existing Solutions data-protection answers.
AWS Config records resource configuration history and evaluates conformance packs against rules; Audit Manager turns those evidence streams into framework-mapped audit reports.
Why it's on the exam: Config conformance packs + Audit Manager frameworks are the named evidence-collection pair in Continuous Improvement for Existing Solutions compliance questions.
Account- and Organization-wide API audit log with management events, S3 / Lambda data events, CloudTrail Lake immutable storage, and Insights for anomaly detection.
Why it's on the exam: Organization-trail patterns with centralized log buckets and Insights anomaly detection anchor Continuous Improvement for Existing Solutions audit and forensics scenarios.
$150kβ$210kβ$320k USD annual
Range covers US-based senior, staff, and principal architect roles where SAP-C02 is preferred or expected. Top-tier consultancies and FAANG principal architects regularly exceed $400k TC. Entry-level "senior" titles in non-coastal markets can fall below the low end. The cert is widely treated as a strong signal but rarely a sole hiring criterion at this level.
Source: levels.fyi 2025β2026 senior cloud architect roles, U.S. BLS OEWS May 2024 (15-1244 network and computer systems architects). Figures are approximate; actual compensation depends on role, region, and experience.
SAP-C02 sits at the top of the AWS architect ladder and is one of the most respected single cloud credentials in the market. Recruiters at consultancies, AWS partners, and enterprise platform teams treat it as a credible signal of multi-account, multi-region design fluency. It is often listed as preferred (rarely required) for senior, staff, and principal architect roles, and is the de facto next step after SAA-C03 for candidates targeting architecture career tracks. It pairs well with specialty certs (Security, Networking) for niche enterprise roles. The cert does NOT by itself qualify candidates for VP/CTO-level positions or for deep specialty practices (security architecture, advanced networking) without complementary credentials and shipped work.
There are no formal prerequisites, though AWS strongly recommends two or more years of hands-on AWS production experience and prior completion of SAA-C03 (or equivalent associate-level architecture knowledge).
The most efficient path is SAA-C03 β SAP-C02, ideally with at least one of the developer or operations associates (DVA-C02 or SOA-C03) in between to build operational depth. Candidates without enterprise-scale AWS exposure β multi-account, hybrid networking, large migrations β should expect significantly longer study because the exam tests architectural judgment, not just service knowledge. SAP-C02 is widely considered the hardest single AWS exam aside from select specialties.
SAP-C02 is rated Professional and is widely regarded as one of the hardest AWS exams. Plan 120β180 hours over 12β16 weeks for candidates who already hold SAA-C03 and work daily on AWS; 200β250+ hours over 16β24 weeks for those without enterprise-scale exposure. The exam is 75 scored questions in 180 minutes β multiple-choice and multiple-response, no labs. Average reading load per question is roughly 90β120 seconds and the exam often runs to the wire on time.
Common stumbling blocks include nuanced multi-account networking (Transit Gateway, Direct Connect, PrivateLink, hybrid DNS resolution), AWS Organizations/SCP edge cases, and migration-tooling differentiation (MGN vs. DMS vs. DataSync vs. Snow). The single biggest preparation lever is full-length practice exams under timed conditions β fatigue management is itself a tested skill.
Current version. Modernized coverage of AWS Organizations, Control Tower, Transit Gateway, container and serverless services, and migration tooling. Reduced overlap with SAA-C03 in favor of organization-level complexity.
Retired in early 2023. Pre-Control-Tower era; lighter on multi-account governance and modern container platforms.
SAP-C02 (AWS Certified Solutions Architect Professional) is a a challenging, scenario-heavy exam that requires deep hands-on experience and the ability to make architectural trade-off decisions Professional-level exam. Most candidates need 150β300 hours of study spread over 3β6 months for professional and expert-level exams. These exams typically expect prior associate-level proficiency. Most candidates who score consistently above the passing threshold on practice exams pass on their first attempt.
Most candidates need 150β300 hours of study spread over 3β6 months for professional and expert-level exams. These exams typically expect prior associate-level proficiency. Time-to-pass varies widely by prior experience. Engineers with hands-on production experience in the underlying technology typically need less; candidates new to the platform should plan toward the upper end of that range.
SAP-C02 is a recognized credential in the AWS ecosystem and signals validated knowledge to employers, recruiters, and clients. Whether it is worth the time and fee for you depends on your role and goals β it tends to pay off most for cloud engineers, architects, and consultants who work with AWS day-to-day or want to move into roles that do.
The passing score for SAP-C02 is 750 / 1000. The exam contains 75 questions and lasts 3 hr.
The SAP-C02 exam fee is $300 USD. Fees are set by AWS and may vary by region; always confirm the current price on the official AWS certification page before booking.
AWS certifications are valid for 3 years. Recertify by passing the current version of the same exam, or by passing a higher-level exam in the same path before expiration.
Yes. You can take the exam online (proctored via the provider's secure browser, available 24/7 in most regions) or at an in-person Pearson VUE test center during business hours. Both formats use the same questions, time limit, and passing score.
CertLabPro provides 15 study modes across the practice question bank for SAP-C02. The exam-simulation mode mirrors the real exam: 75 questions in 3 hr, with the same passing threshold of 750 / 1000. Browse mode lets you read every Q&A statically.