Home

AWS Certified Solutions Architect – Professional (SAP-C01) Exam Guide Version 2.0 SAP-C01 1

Introduction

The AWS Certified Solutions Architect – Professional (SAP-C01) exam is intended for individuals who perform a solutions architect role. The exam validates a candidate’s advanced technical skills and experience in designing distributed applications and systems on the AWS platform.

The exam also validates a candidate’s ability to complete the following tasks:

Design and deploy dynamically scalable, highly available, fault-tolerant, and reliable applications on AWS
Select appropriate AWS services to design and deploy an application based on given requirements
Migrate complex, multi-tier applications on AWS
Design and deploy enterprise-wide scalable operations on AWS
Implement cost-control strategies

Target candidate description

The target candidate should have 2 or more years of experience designing and deploying cloud architecture on AWS. The target candidate has the ability to evaluate cloud application requirements and make architectural recommendations for implementation, deployment, and provisioning applications on AWS. The target candidate is capable of providing best practice guidance on architectural design spanning multiple applications and projects, or an enterprise.

Recommended AWS knowledge

The target candidate should have the following knowledge:

Explain and apply the five pillars of the AWS Well-Architected Framework
Map business objectives to application/architecture requirements
Design a hybrid architecture using key AWS technologies
Architect a continuous integration/continuous delivery (CI/CD) process

What is considered out of scope for the target candidate?

The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be able to perform. These items are considered out of scope for the exam:

Machine learning
Amazon GameLift
Front-end development for mobile apps
12-factor app methodology
In-depth knowledge of operating systems
Enterprise applications
Database schemas for high-scale persistent stores

To view a detailed list of specific tools and technologies that might be covered on the exam, as well as lists of in-scope and out-of-scope AWS services, refer to the Appendix.

Exam content

Response types

There are two types of questions on the exam:

Multiple choice: Has one correct response and three incorrect responses (distractors)
Multiple response: Has two or more correct responses out of five or more response options

Select one or more responses that best completes the statement or answers the question. Distractors, orincorrect answers, are response options that a candidate with incomplete knowledge or skill might choose.

Distractors are generally plausible responses that match the content area.

Unanswered questions are scored as incorrect; there is no penalty for guessing. The exam includes 65 questions that will affect your score.

Unscored content

The exam includes 10 unscored questions that do not affect your score. AWS collects information about candidate performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.

Exam results

The AWS Certified Solutions Architect – Professional (SAP-C01) exam is a pass or fail exam. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines. Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 750. Your score shows how you performed on the exam as a whole and whether or not you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels.

Your score report may contain a table of classifications of your performance at each section level. This information is intended to provide general feedback about your exam performance. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam.

Each section of the exam has a specific weighting, so some sections have more questions than others. The table contains general information that highlights your strengths and weaknesses. Use caution when interpreting section-level feedback.

Content outline

This exam guide includes weightings, test domains, and objectives for the exam. It is not a comprehensive listing of the content on the exam. However, additional context for each of the objectives is available to help guide your preparation for the exam.

The following table lists the main content domains and their weightings. The table precedes the complete exam content outline, which includes the additional context.

The percentage in each domain represents only scored content.

Domain	% of Exam
Domain 1: Design for Organizational Complexity	12.5%
Domain 2: Design for New Solutions	31%
Domain 3: Migration Planning	15%
Domain 4: Cost Control	12.5%
Domain 5: Continuous Improvement	29%
TOTAL	100%

Domain 1: Design for Organizational Complexity

1.1. Determine cross-account authentication and access strategy for complex organizations.

Analyze the organizational structure
Evaluate the current authentication infrastructure
Analyze the AWS resources at an account level
Determine an auditing strategy for authentication and access

1.2 Determine how to design networks for complex organizations.

Outline an IP addressing strategy for VPCs
Determine DNS strategy
Classify network traffic and security
Determine connectivity needs for hybrid environments
Determine a way to audit network traffic

1.3 Determine how to design a multi-account AWS environment for complex organizations.

Determine how to use AWS Organizations
Implement the most appropriate account structure for proper cost allocation, agility, and security
Recommend a central audit and event notification strategy
Decide on an access strategy

Domain 2: Design for New Solutions

2.1 Determine security requirements and controls when designing and implementing a solution.

Implement infrastructure as code
Determine prevention controls for large-scale web applications
Determine roles and responsibilities of applications
Determine a secure method to manage credentials for the solutions/applications
Enable detection controls and security services for large-scale applications
Enforce host and network security boundaries
Enable encryption in transit and at rest

2.2 Determine a solution design and implementation strategy to meet reliability requirements.

Design a highly available application environment
Determine advanced techniques to detect for failure and service recoverability
Determine processes and components to monitor and recover from regional service disruptions with regional failover

2.3 Determine a solution design to ensure business continuity.

Architect an automated, cost-effective back-up solution that supports business continuity across multiple AWS Regions
Determine an architecture that provides application and infrastructure availability in the event of a service disruption

2.4 Determine a solution design to meet performance objectives.

Design internet-scale application architectures
Design an architecture for performance according to business objectives
Apply design patterns to meet business objectives with caches, buffering, and replicas

2.5 Determine a deployment strategy to meet business requirements when designing and implementing a solution.

Determine resource provisioning strategy to meet business objectives
Determine a migration process to change the version of a servicew
Determine services to meet deployment strategy
Determine patch management strategy

Domain 3: Migration Planning

3.1 Select existing workloads and processes for potential migration to the cloud.

Complete an application migration assessment
Classify applications according to the six Rs (re-host, re-platform, re-purchase, refactor, retire, and retain)

3.2 Select migration tools and/or services for new and migrated solutions based on detailed AWS knowledge.

Select an appropriate database transfer mechanism
Select an appropriate data transfer service
Select an appropriate data transfer target
Select an appropriate server migration mechanism
Apply the appropriate security methods to the migration tools

3.3 Determine a new cloud architecture for an existing solution.

Evaluate business applications and determine the target cloud architecture
Break down the functionality of applications into services
Determine target database platforms

3.4 Determine a strategy for migrating existing on-premises workloads to the cloud.

Determine the desired prioritization strategy of the organization
Analyze data volume and rate of change to determine a data transfer strategy
Evaluate cutover strategies
Assess internal and external compliance requirements for a successful migration

Domain 4: Cost Control

4.1 Select a cost-effective pricing model for a solution.

Purchase resources based on usage requirements
Identify when to use different storage tiers

4.2 Determine which controls to design and implement that will ensure cost optimization.

Determine an AWS-generated cost allocation tags strategy that allows mapping cost to business units
Determine a mechanism to monitor when underutilized resources are present
Determine a way to manage commonly deployed resources to achieve governance
Define a way to plan costs that do not exceed the budget amount

4.3 Identify opportunities to reduce cost in an existing architecture.

Distinguish opportunities to use AWS Managed Services
Determine which services are most cost-effective in meeting business objectives

Domain 5: Continuous Improvement for Existing Solutions

5.1 Troubleshoot solutions architectures.

Assess an existing application architecture for deficiencies
Analyze application and infrastructure logs
Test possible solutions in non-production environment

5.2 Determine a strategy to improve an existing solution for operational excellence.

Determine the most appropriate logging and monitoring strategy
Recommend the appropriate AWS offering(s) to enable configuration management automation

5.3 Determine a strategy to improve the reliability of an existing solution.

Evaluate existing architecture to determine areas that are not sufficiently reliable
Remediate single points of failure
Enable data replication, self-healing, and elastic features and services
Test the reliability of the new solution

5.4 Determine a strategy to improve the performance of an existing solution.

Reconcile current performance metrics against performance targets
Identify and examine performance bottlenecks
Recommend and test potential remediation solutions

5.5 Determine a strategy to improve the security of an existing solution.

Evaluate AWS Secrets Manager strategy
Audit the environment for security vulnerabilities
Enable manual and/or automated responses to the detection of vulnerabilities

5.6 Determine how to improve the deployment of an existing solution.

Evaluate appropriate tooling to enable infrastructure as code
Evaluate current deployment processes for improvement opportunities
Test automated deployment and rollback strategies

Appendix

Which key tools, technologies, and concepts might be covered on the exam?

The following is a non-exhaustive list of the tools and technologies that could appear on the exam. This list is subject to change and is provided to help you understand the general scope of services, features, or technologies on the exam. The general tools and technologies in this list appear in no particular order. AWS services are grouped according to their primary functions. While some of these technologies will likely be covered more than others on the exam, the order and placement of them in this list is no indication of relative weight or importance:

Compute
Cost management
Database
Disaster recovery
High availability
Management and governance
Microservices and component decoupling
Migration and data transfer
Networking, connectivity, and content delivery
Security
Serverless design principles
Storage

AWS services and features

Analytics:

Amazon Athena
Amazon Elasticsearch Service
Amazon EMR
AWS Glue
Amazon Kinesis
Amazon QuickSight

AWS Billing and Cost Management:

AWS Budgets
Cost Explorer

Application integration:

Amazon MQ
Amazon Simple Notification Service (Amazon SNS)
Amazon Simple Queue Service (Amazon SQS)
AWS Step Functions

Business applications:

Amazon Alexa
Amazon Alexa for Business
Amazon Simple Email Service (Amazon SES)

Blockchain:

Amazon Managed Blockchain

Compute:

AWS Batch
Amazon EC2
AWS Elastic Beanstalk
Amazon Elastic Container Service (Amazon ECS)
Amazon Elastic Kubernetes Service (Amazon EKS)
Elastic Load Balancing
AWS Fargate
AWS Lambda
Amazon Lightsail
AWS Outposts

Containers:

Amazon Elastic Container Registry (Amazon ECR)

Database:

Amazon Aurora
Amazon DynamoDB
Amazon ElastiCache
Amazon Neptune
Amazon RDS
Amazon Redshift

Developer tools:

AWS Cloud9
AWS CodeBuild
AWS CodeCommit
AWS CodeDeploy
AWS CodePipeline

End user computing:

Amazon AppStream 2.0
Amazon WorkSpaces

Front-end web and mobile:

AWS AppSync

Machine learning:

Amazon Comprehend
Amazon Forecast
Amazon Lex
Amazon Rekognition
Amazon SageMaker
Amazon Transcribe
Amazon Translate

Management and governance:

AWS Auto Scaling
AWS Backup
AWS CloudFormation
AWS CloudTrail
Amazon CloudWatch
AWS Compute Optimizer
AWS Config
AWS Control Tower
Amazon EventBridge
AWS License Manager
AWS Organizations
AWS Resource Access Manager
AWS Service Catalog
AWS Systems Manager
AWS Trusted Advisor
AWS Well-Architected Tool

Media services:

Amazon Elastic Transcoder

Migration and transfer:

AWS Database Migration Service (AWS DMS)
AWS DataSync
AWS Migration Hub
AWS Server Migration Service (AWS SMS)
AWS Snowball
AWS Transfer Family

Networking and content delivery:

Amazon API Gateway
Amazon CloudFront
AWS Direct Connect
AWS Global Accelerator
Amazon Route 53
AWS Transit Gateway
Amazon VPC

Security, identity, and compliance:

AWS Artifact
AWS Certificate Manager (ACM)
Amazon Cognito
AWS Directory Service
Amazon GuardDuty
AWS Identity and Access Management (IAM)
Amazon Inspector
AWS Key Management Service (AWS KMS)
Amazon Macie
AWS Resource Access Manager
AWS Secrets Manager
AWS Security Hub
AWS Shield
AWS Single Sign-On
AWS WAF

Storage:

Amazon Elastic Block Store (Amazon EBS)
Amazon Elastic File System (Amazon EFS)
Amazon FSx
Amazon S3
Amazon S3 Glacier
AWS Storage Gateway