Design Solutions for Organizational Complexity - 26%
|
|
Architect network connectivity strategies. |
Knowledge of:
-
AWS global infrastructure
-
AWS networking concepts (for example, Amazon VPC, AWS Direct Connect, AWS VPN, transitive routing, AWS container services)
-
Hybrid DNS concepts (for example, Amazon Route 53 Resolver, on-premises DNS integration)
-
Network segmentation (for example, subnetting, IP addressing, connectivity among VPCs)
-
Network traffic monitoring
Skills in:
-
Evaluating connectivity options for multiple VPCs
-
Evaluating connectivity options for on-premises, co-location, and cloud integration
-
Selecting AWS Regions and Availability Zones based on network and latency requirements
-
Troubleshooting traffic flows by using AWS tools
-
Using service endpoints for service integrations
|
|
Prescribe security controls. |
Knowledge of:
Skills in:
-
Evaluating cross-account access management
-
Integrating with third-party identity providers
-
Deploying encryption strategies for data at rest and data in transit
-
Developing a strategy for centralized security event notifications and auditing
|
|
Design reliable and resilient architectures. |
Knowledge of:
-
Recovery time objectives (RTOs) and recovery point objectives (RPOs)
-
Disaster recovery strategies (for example, using AWS Elastic Disaster Recovery, pilot light, warm standby, and multi-site)
-
Data backup and restoration
Skills in:
-
Designing disaster recovery solutions based on RTO and RPO requirements
-
Implementing architectures to automatically recover from failure
-
Developing the optimal architecture by considering scale-up and scale-out options
-
Designing an effective backup and restoration strategy
|
|
Design a multi-account AWS environment. |
Knowledge of:
-
AWS Organizations and AWS Control Tower
-
Multi-account event notifications
-
AWS resource sharing across environments
Skills in:
-
Evaluating the most appropriate account structure for organizational requirements
-
Recommending a strategy for central logging and event notifications
-
Developing a multi-account governance model
|
|
Determine cost optimization and visibility strategies. |
Knowledge of:
-
AWS cost and usage monitoring tools (for example, AWS Trusted Advisor, AWS Pricing Calculator, AWS Cost Explorer, AWS Budgets)
-
AWS purchasing options (for example, Reserved Instances, Savings Plans, Spot Instances)
-
AWS rightsizing visibility tools (for example, AWS Compute Optimizer, Amazon S3 Storage Lens)
Skills in:
-
Monitoring cost and usage with AWS tools
-
Developing an effective tagging strategy that maps costs to business units
-
Understanding how purchasing options affect cost and performance
|
Design for New Solutions - 29%
|
|
Design a deployment strategy to meet business requirements. |
Knowledge of:
-
Infrastructure as code (IaC) (for example, AWS CloudFormation)
-
Continuous integration and continuous delivery (CI/CD)
-
Change management processes
-
Configuration management tools (for example, AWS Systems Manager)
Skills in:
-
Determining an application or upgrade path for new services and features
-
Selecting services to develop deployment strategies and implement appropriate rollback mechanisms
-
Adopting managed services as needed to reduce infrastructure provisioning and patching overhead
-
Making advanced technologies accessible by delegating complex development and deployment tasks to AWS
|
|
Design a solution to ensure business continuity. |
Knowledge of:
-
AWS global infrastructure
-
AWS networking concepts (for example, Route 53, routing methods)
-
RTOs and RPOs
-
Disaster recovery scenarios (for example, backup and restore, pilot light, warm standby, multi-site)
-
Disaster recovery solutions on AWS
Skills in:
-
Configuring disaster recovery solutions
-
Configuring data and database replication
-
Performing disaster recovery testing
-
Architecting a backup solution that is automated, is cost-effective, and supports business continuity across multiple Availability Zones or Regions
-
Designing an architecture that provides application and infrastructure availability in the event of a disruption
-
Using processes and components for centralized monitoring to proactively recover from system failures
|
|
Determine security controls based on requirements. |
Knowledge of:
-
IAM
-
Route tables, security groups, and network ACLs
-
Encryption options for data at rest and data in transit
-
AWS service endpoints
-
Credential management services
-
AWS managed security services (for example, AWS Shield, AWS WAF, Amazon GuardDuty, AWS Security Hub)
Skills in:
-
Specifying IAM users and IAM roles that adhere to the principle of least privilege access
-
Specifying inbound and outbound network flows by using security group rules and network ACL rules
-
Developing attack mitigation strategies for large-scale web applications
-
Developing encryption strategies for data at rest and data in transit
-
Specifying service endpoints for service integrations
-
Developing strategies for patch management to remain compliant with organizational standards
|
|
Design a strategy to meet reliability requirements. |
Knowledge of:
-
AWS global infrastructure
-
AWS storage services and replication strategies (for example Amazon S3, Amazon RDS, Amazon ElastiCache)
-
Multi-AZ and multi-Region architectures
-
Auto scaling policies and events
-
Application integration (for example, Amazon Simple Notification Service [Amazon SNS], Amazon Simple Queue Service [Amazon SQS], AWS Step Functions)
-
Service quotas and limits
Skills in:
|
|
Design a solution to meet performance objectives. |
Knowledge of:
-
Performance monitoring technologies
-
Storage options on AWS
-
Instance families and use cases
-
Purpose-built databases
Skills in:
-
Designing large-scale application architectures for a variety of access patterns
-
Designing an elastic architecture based on business objectives
-
Applying design patterns to meet performance objectives with caching, buffering, and replicas
-
Developing a process methodology for selecting purpose-built services for required tasks
-
Designing a rightsizing strategy
|
|
Determine a cost optimization strategy to meet solution goals and objectives. |
Knowledge of:
-
AWS cost and usage monitoring tools (for example, Cost Explorer, Trusted Advisor, AWS Pricing Calculator)
-
Pricing models (for example, Reserved Instances, Savings Plans)
-
Storage tiering
-
Data transfer costs
-
AWS managed service offerings
Skills in:
-
Identifying opportunities to select and rightsize infrastructure for cost-effective resources
-
Identifying appropriate pricing models
-
Performing data transfer modeling and selecting services to reduce data transfer costs
-
Developing a strategy and implementing controls for expenditure and usage awareness
|
Continuous Improvement for Existing Solutions - 25%
|
|
Determine a strategy to improve overall operational excellence. |
Knowledge of:
-
Alerting and automatic remediation strategies
-
Disaster recovery planning
-
Monitoring and logging solutions (for example, Amazon CloudWatch)
-
CI/CD pipelines and deployment strategies (for example, blue/green, all-at-once, rolling)
-
Configuration management tools (for example, Systems Manager)
Skills in:
-
Determining the most appropriate logging and monitoring strategy
-
Evaluating current deployment processes for improvement opportunities
-
Prioritizing opportunities for automation within a solution stack
-
Recommending the appropriate AWS solution to enable configuration management automation
-
Engineering failure scenario activities to support and exercise an understanding of recovery actions
|
|
Determine a strategy to improve security. |
Knowledge of:
-
Data retention, data sensitivity, and data regulatory requirements
-
Automated monitoring and remediation strategies (for example, AWS Config rules)
-
Secrets management (for example, Systems Manager, AWS Secrets Manager)
-
Principle of least privilege access
-
Security-specific AWS solutions
-
Patching practices
-
Backup practices and methods
Skills in:
-
Evaluating a strategy for the secure management of secrets and credentials
-
Auditing an environment for least privilege access
-
Reviewing implemented solutions to ensure security at every layer
-
Reviewing comprehensive traceability of users and services
-
Prioritizing automated responses to the detection of vulnerabilities
-
Designing and implementing a patch and update process
-
Designing and implementing a backup process
-
Employing remediation techniques
|
|
Determine a strategy to improve performance. |
Knowledge of:
-
High-performing systems architectures (for example, auto scaling, instance fleets, placement groups)
-
Global service offerings (for example, AWS Global Accelerator, Amazon CloudFront, edge computing services)
-
Monitoring tool sets and services (for example, CloudWatch)
-
Service level agreements (SLAs) and key performance indicators (KPIs)
Skills in:
-
Translating business requirements to measurable metrics
-
Testing potential remediation solutions and making recommendations
-
Proposing opportunities for the adoption of new technologies and managed services
-
Assessing solutions and applying rightsizing based on requirements
-
Identifying and examining performance bottlenecks
|
|
Determine a strategy to improve reliability. |
Knowledge of:
-
AWS global infrastructure
-
Data replication methods
-
Scaling methodologies (for example, load balancing, auto scaling)
-
High availability and resiliency
-
Disaster recovery methods and tools
-
Service quotas and limits
Skills in:
-
Understanding application growth and usage trends
-
Evaluating existing architecture to determine areas that are not sufficiently reliable
-
Remediating single points of failure
-
Enabling data replication, self-healing, and elastic features and services
|
|
Identify opportunities for cost optimizations. |
Knowledge of:
-
Cost-conscious architecture choices (for example, using Spot Instances, scaling policies, and rightsizing resources)
-
Price model adoptions (for example, Reserved Instances, Savings Plans)
-
Networking and data transfer costs
-
Cost management, alerting, and reporting
Skills in:
-
Analyzing usage reports to identify underutilized and overutilized resources
-
Using AWS solutions to identify unused resources
-
Designing billing alarms based on expected usage patterns
-
Investigating AWS Cost and Usage Reports at a granular level
-
Using tagging for cost allocation and reporting
|
Accelerate Workload Migration and Modernization - 20%
|
|
Select existing workloads and processes for potential migration. |
Knowledge of:
-
Migration assessment and tracking tools (for example, AWS Migration Hub)
-
Portfolio assessment
-
Asset planning
-
Prioritization and migration of workloads (for example, wave planning)
Skills in:
-
Completing an application migration assessment
-
Evaluating applications according to the seven common migration strategies (7Rs)
-
Evaluating total cost of ownership (TCO)
|
|
Determine the optimal migration approach for existing workloads. |
Knowledge of:
-
Data migration options and tools (for example, AWS DataSync, AWS Transfer Family, AWS Snow Family, S3 Transfer Acceleration)
-
Application migration tools (for example, AWS Application Discovery Service, AWS Application Migration Service)
-
AWS networking services and DNS (for example, Direct Connect, AWS Site-to-Site VPN, Route 53)
-
Identity services (for example, IAM Identity Center, AWS Directory Service)
-
Database migration tools (for example, AWS Database Migration Service [AWS DMS], AWS Schema Conversion Tool [AWS SCT])
-
Governance tools (for example, AWS Control Tower, Organizations)
Skills in:
-
Selecting the appropriate database transfer mechanism
-
Selecting the appropriate application transfer mechanism
-
Selecting the appropriate data transfer service and migration strategy
-
Applying the appropriate security methods to migration tools
-
Selecting the appropriate governance model
|
|
Determine a new architecture for existing workloads. |
Knowledge of:
-
Compute services (for example, Amazon EC2, AWS Elastic Beanstalk)
-
Containers (for example, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], AWS Fargate, Amazon Elastic Container Registry [Amazon ECR])
-
AWS storage services (for example, Amazon Elastic Block Store [Amazon EBS], Amazon Elastic File System [Amazon EFS], Amazon FSx, Amazon S3, Volume Gateway)
-
Databases (for example, Amazon DynamoDB, Amazon OpenSearch Service, Amazon RDS, self-managed databases on Amazon EC2)
Skills in:
-
Selecting the appropriate compute platform
-
Selecting the appropriate container hosting platform
-
Selecting the appropriate storage service
-
Selecting the appropriate database platform
|
|
Determine opportunities for modernization and enhancements. |
Knowledge of:
-
Serverless compute offerings (for example, AWS Lambda)
-
Containers (for example, Amazon ECS, Amazon EKS, Fargate)
-
AWS storage services (for example, Amazon S3, Amazon EFS)
-
Purpose-built databases (for example, DynamoDB, Amazon Aurora Serverless, ElastiCache)
-
Integration services (for example, Amazon SQS, Amazon SNS, Amazon EventBridge, Step Functions)
Skills in:
-
Identifying opportunities to decouple application components
-
Identifying opportunities for serverless solutions
-
Selecting the appropriate service for containers
-
Identifying opportunities for purpose-built databases
-
Selecting the appropriate application integration service
|
The AWS SAP-C02 exam preparation guide is designed to provide candidates with necessary information about the AWS-SAP exam. It includes exam summary, sample questions, practice test, objectives and ways to interpret the exam objectives to enable candidates to assess the types of questions-answers that may be asked during the AWS Certified Solutions Architect - Professional exam.