SAA C02 FINAL STUDY GUIDE 2026 TESTED
QUESTIONS CORRECT RESPONSES
● #77
A solutions architect is designing a web application that will run on
Amazon EC2 instances behind an Application Load Balancer (ALB).
The company strictly requires that the application be resilient against
malicious internet activity and attacks, and protect against new common
vulnerabilities and exposures.What should the solutions architect
recommend?
A. Leverage Amazon CloudFront with the ALB endpoint as the origin.
B. Deploy an appropriate managed rule for AWS WAF and associate it
with the ALB.
C. Subscribe to AWS Shield Advanced and ensure common
vulnerabilities and exposures are blocked.
D. Configure network ACLs and security groups to allow only ports 80
and 443 to access the EC2 instances.. Answer: B
● #78
A company has an application that calls AWS Lambda functions. A
recent code review found database credentials stored in the source code.
The database credentials need to be removed from the Lambda source
code. The credentials must then be securely stored and rotated on an
ongoing basis to meet security policy requirements.What should a
solutions architect recommend to meet these requirements?
, A. Store the password in AWS CloudHSM. Associate the Lambda
function with a role that can retrieve the password from CloudHSM
given its key ID.
B. Store the password in AWS Secrets Manager. Associate the Lambda
function with a role that can retrieve the password from Secrets Manager
given its secret ID.
C. Move the database password to an environment variable associated
with the Lambda function. Retrieve the password from the environment
variable upon execution.
D. Store the password in AWS Key Management Service (AWS KMS)..
Answer: B
● #79
A company is managing health records on-premises. The company must
keep these records indefinitely, disable any modifications to the records
once they are stored, and granularly audit access at all levels. The chief
technology officer (CTO) is concerned because there are already
millions of records not being used by any application, and the current
infrastructure is running out of space. The CTO has requested a solutions
architect design a solution to move existing data and support future
records.Which services can the solutions architect recommend to meet
these requirements?
A. Use AWS DataSync to move existing data to AWS. Use Amazon S3
to store existing and new data. Enable Amazon S3 object lock and
enable AWS CloudTrail with data events.
QUESTIONS CORRECT RESPONSES
● #77
A solutions architect is designing a web application that will run on
Amazon EC2 instances behind an Application Load Balancer (ALB).
The company strictly requires that the application be resilient against
malicious internet activity and attacks, and protect against new common
vulnerabilities and exposures.What should the solutions architect
recommend?
A. Leverage Amazon CloudFront with the ALB endpoint as the origin.
B. Deploy an appropriate managed rule for AWS WAF and associate it
with the ALB.
C. Subscribe to AWS Shield Advanced and ensure common
vulnerabilities and exposures are blocked.
D. Configure network ACLs and security groups to allow only ports 80
and 443 to access the EC2 instances.. Answer: B
● #78
A company has an application that calls AWS Lambda functions. A
recent code review found database credentials stored in the source code.
The database credentials need to be removed from the Lambda source
code. The credentials must then be securely stored and rotated on an
ongoing basis to meet security policy requirements.What should a
solutions architect recommend to meet these requirements?
, A. Store the password in AWS CloudHSM. Associate the Lambda
function with a role that can retrieve the password from CloudHSM
given its key ID.
B. Store the password in AWS Secrets Manager. Associate the Lambda
function with a role that can retrieve the password from Secrets Manager
given its secret ID.
C. Move the database password to an environment variable associated
with the Lambda function. Retrieve the password from the environment
variable upon execution.
D. Store the password in AWS Key Management Service (AWS KMS)..
Answer: B
● #79
A company is managing health records on-premises. The company must
keep these records indefinitely, disable any modifications to the records
once they are stored, and granularly audit access at all levels. The chief
technology officer (CTO) is concerned because there are already
millions of records not being used by any application, and the current
infrastructure is running out of space. The CTO has requested a solutions
architect design a solution to move existing data and support future
records.Which services can the solutions architect recommend to meet
these requirements?
A. Use AWS DataSync to move existing data to AWS. Use Amazon S3
to store existing and new data. Enable Amazon S3 object lock and
enable AWS CloudTrail with data events.
