This FAQ is specific to AWS Certified Solutions Architect — Professional (SAP‑C02). Policies and blueprints evolve—confirm critical details on AWS Certification’s official site before your exam day.
Quick facts (SAP-C02)
- Questions: 75 (multiple-choice + multiple-response)
- Time: 180 minutes
- Cost: 300 USD
- Delivery: Pearson VUE testing center or online proctored exam
- Passing score: 750 (scaled 100–1000)
- Languages offered: English, Japanese, Korean, Portuguese (Brazil), Simplified Chinese, Spanish (Latin America)
- Recommended experience (per AWS): 2+ years designing and implementing AWS cloud solutions
- Certification validity: 3 years
Frequently asked questions
What does SAP-C02 test (in plain English)?
SAP‑C02 tests whether you can design complex, real-world AWS architectures in a large organization:
- Multi-account governance (Organizations, Control Tower, SCPs, identity boundaries)
- Hybrid and multi-VPC networking (Direct Connect/VPN, Transit Gateway/Cloud WAN, Route 53 Resolver, endpoints/PrivateLink)
- Security controls as architecture (least privilege, KMS strategy, logging/audit, detective controls)
- Resilience and business continuity (multi-AZ + multi-Region DR with RTO/RPO trade-offs)
- Migration and modernization (portfolio selection, 6Rs, wave planning, target architectures)
- Performance and cost trade-offs (TCO, data transfer, purchase options, visibility)
If you can explain why an option is best under constraints—not just what a service does—you’re on the right track.
How many questions and how much time is SAP-C02?
75 questions in 180 minutes. Scenarios are longer than associate exams, so pacing matters.
Practical pacing target: ~2–2.25 minutes per question with a final review pass.
What question types are on SAP-C02?
SAP‑C02 uses multiple-choice and multiple-response questions. Many prompts have:
- Long scenarios with several constraints (security, compliance, cost, operations)
- Options that could work, but only one is best
- “Choose TWO” style questions that require trade-off thinking
What’s the passing score for SAP-C02?
AWS reports a scaled score from 100 to 1000. The minimum passing score is 750.
Are there unscored (experimental) questions?
Yes—AWS exams can include unscored questions, and they are not identified on the exam. Treat every question as scored.
Is there a penalty for guessing?
No. If you’re unsure, eliminate obviously wrong answers and choose the best remaining option(s).
What are the SAP-C02 domain weights?
- Domain 1: Design Solutions for Organizational Complexity (26%)
- Domain 2: Design for New Solutions (29%)
- Domain 3: Continuous Improvement for Existing Solutions (25%)
- Domain 4: Accelerate Workload Migration and Modernization (20%)
Use the weights to prioritize, but don’t ignore lower-weight domains: missed fundamentals in DR, networking, or governance can sink entire scenarios.
Who should take SAP-C02? What experience level is expected?
SAP‑C02 is a professional-level architecture exam. AWS recommends 2+ years using AWS services to design and implement cloud solutions, plus the ability to provide architectural guidance across multiple applications/projects in a complex organization.
If you haven’t designed multi-account/hybrid/DR architectures yet, plan extra time for hands-on learning.
Is SAP-C02 harder than SAA-C03?
For most candidates, yes. SAP‑C02 typically has:
- Longer scenarios and more constraints per question
- More multi-account + governance topics
- Deeper hybrid networking and DR decision-making
- More “least ops / enterprise-ready” design expectations
If SAA was about “correct AWS architecture,” SAP is about “correct architecture in a large organization with guardrails and operations.”
Do I need to hold SAA before taking SAP-C02?
No formal prerequisite certification is required. However, the practical knowledge from SAA‑C03 (VPC, IAM, HA/DR basics, service selection) is a strong foundation.
Does SAP-C02 require hands-on AWS experience?
Strongly recommended. Reading alone is rarely enough at the professional level. You should be comfortable with:
- Designing VPCs and connectivity patterns (endpoints, TGW, DX/VPN)
- IAM roles/trust policies and cross-account access
- DR strategies and data replication options
- IaC and deployment strategies (CloudFormation/CDK/Terraform concepts)
Are there labs or simulations on SAP-C02?
No. SAP‑C02 is a multiple-choice/response exam (scenario-based), not a hands-on lab exam.
What’s the best way to read long scenario questions?
Use a consistent process:
- Read the last sentence first (it usually contains the deciding constraint).
- List constraints in your head: RTO/RPO, compliance, least ops, cost, latency, data residency, multi-account.
- Eliminate answers that violate a constraint (even if they “work”).
- Prefer options that reduce operational overhead and increase security + resilience.
What are the most common SAP-C02 “gotchas”?
- Choosing a solution that works but ignores governance (Organizations/SCPs/log archive/audit).
- Using VPC peering at scale (creates a mesh; TGW/Cloud WAN is usually better).
- Forgetting DNS in hybrid designs (Route 53 Resolver inbound/outbound endpoints).
- Assuming IAM permissions alone grant KMS usage (often the key policy is the blocker).
- Picking a DR strategy that doesn’t match stated RTO/RPO.
- Ignoring data transfer costs (NAT, cross-AZ, TGW processing) when cost is a constraint.
How long should I study for SAP-C02?
It varies with experience. Common prep ranges:
- 6–10 weeks if you already design AWS architectures regularly
- 10–16 weeks if multi-account governance, hybrid networking, or DR is new
Consistency beats cramming. Build a weekly loop: objectives → drills → review → mocks.
What should I focus on first if I’m overwhelmed?
Start with the highest-leverage pillars:
- Multi-account governance (Organizations, SCPs, centralized logging/security)
- Networking (TGW, DX/VPN, endpoints/PrivateLink, DNS)
- DR strategy selection (RTO/RPO → backup/pilot light/warm standby/active-active)
These three themes appear everywhere and drive many “best answer” decisions.
Do I need to memorize exact AWS service limits?
No. Know the important architectural implications and defaults (for example: transitive routing, endpoint types, multi-AZ vs multi-Region behavior). Limits can matter, but SAP‑C02 mostly rewards correct design logic.
Do I need to memorize AWS pricing?
You don’t need exact prices, but you do need to know the big levers:
- Data transfer and per-GB processing costs (NAT, TGW, GWLB)
- Purchase options (Savings Plans, RIs, Spot)
- Storage tiering and lifecycle policies
- Cost visibility tooling (CUR, Cost Explorer, Budgets)
What should my practice strategy look like?
Use a progression that matches the exam:
- Task-focused drills (15–25 questions) after each task in the syllabus
- Mixed sets (30–40 questions) to build transfer across domains
- Full mocks (75 questions / 180 minutes) to build stamina and pacing
- Review every miss and convert it into a one-liner decision rule
Start here: Practice →.
How should I use the Cheatsheet effectively?
Use it as a decision reference while reviewing misses:
- Connectivity: TGW vs peering vs PrivateLink
- Guardrails: SCP vs IAM vs resource policy vs permission boundary
- DR: backup/restore vs pilot light vs warm standby vs active-active
- Edge routing: Route 53 vs CloudFront vs Global Accelerator
Open it here: Cheatsheet →.
What AWS services should I prioritize for SAP-C02?
Prioritize services that appear across many domains and enable enterprise-scale patterns:
- Organizations / Control Tower / IAM Identity Center (multi-account governance and access)
- VPC, Transit Gateway, Direct Connect, VPN, Route 53 Resolver (connectivity and hybrid DNS)
- VPC endpoints / PrivateLink (private access and egress reduction)
- CloudTrail, Config, GuardDuty, Security Hub, KMS (audit, posture, detection, encryption)
- Route 53, CloudFront, Global Accelerator (global routing, performance, failover)
- AWS Backup, Elastic Disaster Recovery, Aurora Global Database, DynamoDB global tables (continuity and DR)
- Migration Hub, Application Migration Service, DMS/SCT (migration planning and execution)
How important are AWS Organizations and Control Tower on SAP-C02?
Very. SAP‑C02 repeatedly assumes a multi-account operating model. Even when the core of a question is networking or DR, the “best” answer often includes:
- The right account boundaries (shared services vs workloads)
- The right guardrails (SCPs, centralized logging)
- The right delegated administration for security services
Do I need to know AWS Cloud WAN for SAP-C02?
You don’t need deep implementation details, but you should understand when it’s the right architectural choice: global, policy-driven connectivity and segmentation at scale. In many scenarios, Transit Gateway is still the core building block, but Cloud WAN can be a best answer when global network policy and segmentation are central requirements.
What’s the difference between Transit Gateway, VPC peering, and PrivateLink?
- VPC peering: simple, low-latency connectivity for a small number of VPCs; no transitive routing.
- Transit Gateway: hub-and-spoke connectivity with transitive routing; best for many VPCs/accounts and hybrid.
- PrivateLink: private service exposure across VPCs/accounts without general routing; best when you want strong isolation and to avoid IP overlap issues.
How should I approach RTO/RPO disaster recovery questions?
Translate requirements into a DR strategy:
- Backup/restore: lowest cost, highest RTO/RPO
- Pilot light: some core services always on
- Warm standby: scaled-down but running
- Active-active: highest availability, highest cost/complexity
Then choose data replication + routing that matches (for example: Route 53 failover, Global Accelerator, Aurora Global, DynamoDB global tables, S3 CRR).
What should I know about Route 53 routing policies for SAP-C02?
Know the “why” for each:
- Failover: active-passive DR
- Weighted: controlled migration/canary
- Latency: best latency per user
- Geolocation/geoproximity: compliance/content routing by location
- Multi-value: basic multi-record responses (not true load balancing)
Do I need deep Kubernetes/EKS knowledge for SAP-C02?
You should understand architectural trade-offs (EKS vs ECS vs Lambda vs EC2) and what drives the choice (ops overhead, portability, scaling model, security controls). You usually won’t need deep kubectl-level knowledge, but you should be comfortable with the implications of running Kubernetes in production.
What are the best official resources to use alongside practice questions?
Start with the official exam guide, then use Well-Architected and the core governance/networking references. This curated list is a good starting point: Resources →.
Is SAP-C02 open book? Can I bring notes?
No. SAP‑C02 is a closed-book exam. You can’t bring external notes or reference material.
What is the retake policy for SAP-C02?
AWS has an official retake policy and waiting period. Check the latest rules here: https://aws.amazon.com/certification/policies/
What should I do in the final week before SAP-C02?
- Do 2–3 full mocks (75 questions / 180 minutes).
- Revisit weak tasks in the Syllabus and re-drill targeted sets.
- Rehearse decision tables (TGW vs peering vs PrivateLink, DR strategy selection, SCP vs IAM vs key policy).
- Focus on sleep and pacing—fatigue management matters on a 3-hour exam.
How long is the certification valid, and how do I recertify?
SAP‑C02 certification is valid for 3 years. Before it expires, you can recertify by passing the latest version of the exam.
Do I get any discount if I already hold an AWS Certification?
Yes. After earning one AWS Certification, AWS provides a 50% discount on your next AWS Certification exam (available through your AWS Certification account).
Test center vs online proctoring: any tips?
- Online: stable internet, quiet room, single monitor, clear desk; expect room scans.
- Test center: arrive early; follow ID requirements; use the provided scratch materials.
In both: manage time, flag hard questions, and use your review pass.
Next steps