Entry-level certifications covering core AWS concepts and cloud fundamentals.
Role-based certifications for architects, developers and operations professionals.
Advanced certifications for experienced cloud professionals and architects.
Deep-dive certifications in security, networking and advanced domains.
Entry-level certifications covering core AWS concepts and cloud fundamentals.
Role-based certifications for architects, developers and operations professionals.
Advanced certifications for experienced cloud professionals and architects.
Deep-dive certifications in security, networking and advanced domains.
Pass all six practice exams to earn a credential you can share. It confirms you've completed the practice before the real SAP-C02.
You started a Practice session for CLF-C02 · Exam 1 earlier. Pick up where you stopped, or wipe progress and start fresh.
Answer questions at your own pace. Review each answer and explanation before moving on.
The real exam format. 180 minutes on the timer, no feedback during the attempt, results shown on submission.
—
Labs can only be accessed on a computer.
They spin up real AWS resources you drive from the AWS Console, which needs a desktop browser.
Connect the HTTP API, Lambda function, and DynamoDB table, then add tracing and recovery controls.
Allow S3 to invoke the Lambda, add the bucket notification, and scope thumbnail writes.
Close anonymous S3 access paths, enforce bucket ownership, and enable default encryption.
Remove direct AdministratorAccess, grant CloudWatch read-only access through a group, and delete the access key.
Move a spiky sessions table to on-demand capacity, then add recovery, CDC, and tenant lookup controls.
Add stage caching, method cache keys, throttling, logs, metrics, and X-Ray for GET /products.
Spread the ASG across two subnets, use ELB health, tune target groups, and add scaling alarms.
Let CloudFront OAC read the private bucket while anonymous S3 access stays blocked.
Move the archive with DataSync on a nightly schedule, with Standard-IA, bandwidth, logging, and verification set.
Attach WAFv2 to the API, add managed rules, block high-rate clients, and log only blocked requests.
Deliver orders to SQS, Lambda, and Firehose, then add DLQ handling, batching, permissions, and alarms.
Lock down the audit role with ExternalId, session tags, a boundary, governance tags, and ABAC.
Run a daily credential audit Lambda, publish stale key counts, and alert SNS when old keys remain.
Detect stack drift, restore the S3 tag, block destructive bucket changes, and enable termination protection.
Capture CreateBucket events, invoke the BPA enforcer Lambda, notify SNS, and alarm on function errors.
Fix source, build, and deploy actions, then add manual approval and QUEUED pipeline execution.
Build a Bedrock Flow with classifier prompt, condition routing, branch response, preparation, and versioning.
Move support prompts into Bedrock Prompt Management with variants, a published version, and a default.
Configure Bedrock guardrails for PII, denied topics, Hate filtering, and a versioned prompt.
Create an order-lookup Bedrock Agent, connect the action Lambda and schema, then prepare the prod alias.
Use a prefix list, NACL rules, subnet association, and security group references to limit HTTPS partners.
Create Route 53 failover records, health checks, CloudWatch alarm actions, and an SQS-backed SNS path.
Complete VPC peering with routes, database security group rules, DNS resolution, and hosted zone association.
Connect frontend and backend VPCs through VPC Lattice with associations, service, target group, and listener.
Scope the KMS key policy, enable rotation and aliasing, route sensitive API calls, and alarm on AccessDenied.
Force private AWS access through S3 and DynamoDB Gateway endpoints with endpoint and bucket policies.
Constrain ml-admin with a boundary, request-tag conditions, trust policy changes, ABAC tags, and simulation.
Tune GuardDuty and Security Hub, subscribe standards, and route HIGH and CRITICAL findings to SNS.
Enforce SSE-KMS for ML training data with scoped key policy access, rotation, and bucket policy denies.
Route SageMaker approval events to audit Lambda and SNS, with invoke permission, DLQ, and message transform.
Create the Model Package Group, register two versions, reject v1, and approve v2 with audit notes.
Create the Feature Store group, point Lambda at it, ingest a record, extend the schema, and add alarms.
Register the S3 location, grant Lake Formation access, exclude PII columns, and add tag-based access.
Set the Lambda ETL envelope, add the Scheduler run, route async failures, and alarm on ERROR logs.
Add TTL, a by-user GSI, PITR, streams, and on-demand billing to the user sessions table.
Create the Glue catalog, register the S3 CSV prefix in Athena, run a query, and cap workgroup usage.
Give the private subnet S3 access through a Gateway endpoint, route table association, policy scope, and flow logs.
Record versioning changes with CloudTrail, match Suspended events, run SSM remediation, and alarm on failures.
Create the backup vault, daily plan, tag-based DynamoDB selection, failure route, and SNS notification path.
Turn Lambda ERROR logs into a metric, alarm on it, and send alarm and recovery notifications through SNS.
Send async Lambda failures to SQS, set retry and event age limits, and alert when the DLQ has messages.
Publish v2, shift a small share of live alias traffic, route async outcomes, and add rollback alarm coverage.
Replace broad Bedrock access with a Titan-scoped policy and an explicit Anthropic model Deny.
Use Transcribe, Comprehend, and Translate to turn an English support call into Spanish and Portuguese outputs.
Enable Bedrock invocation logging, send logs to CloudWatch and S3, and apply retention and lifecycle controls.
Add PII handling, a Legal Advice denied topic, custom regex, and HIGH Hate filtering to the guardrail.
Retain compliance logs with lifecycle, versioning, tags, and server access logging to the audit bucket.
Add an encrypted SNS email path, create a monthly cost budget, and send budget alerts to the topic.
IDs the orchestrator will surface once a sandbox is provisioned. Stub values for now.
Every check passed. The sandbox is ready to tear down whenever you are.
The sandbox keeps running until you tear it down. The orchestrator will also auto-end it when the timer expires.
none = locked /not attempted · in-progress = amber pulse + saved progress · passed = green check (score ≥ pass threshold) · elite = gold halo (score ≥ 900).
auto = follows exam-status gating · unlocked = full colour · done = unlocked + completion ribbon.
examPool, _progressCache, and localStorage[ca_history_<cert>] in memory. Page reload restores everything from server.| Loading… |
| Pick a cert + test, click Load. |
Top performers ranked by points this month.
Monthly Points
Pick a card. Flash through it. Lock it in.
Pick a scenario. Wire up the services. Ship the architecture.
Display Name
Clouding Candidate
Email Address
user@example.com
Change Password
Certification Track
SAP-C02
Activate a giveaway code
Dark Mode
Toggle light / dark theme
Language
Choose your preferred language
Manage your certification track and personal details.
Choose your avatar colour
user@example.com
Clouding Candidate
Change your account password
Choose your preferred language
AWS Certified Solutions Architect – Professional (SAP-C02)
Got a giveaway code? Enter it to activate premium days or a single-cert pack.
Full access to all 12 tracks and labs.
Setting a target date makes the Hub smarter about what to focus on each week.
Take an exam to reveal your strongest and weakest domains.
auto_awesome Your certification journey is underway. Keep the momentum!
Each certification has its own progression map, combining exams, rapid recall, architecture practice, and hands-on labs into a journey. Start at Exam 1 and move through the path at your own pace.
Every certification pack gives you six realistic exams with the same structure, coverage, difficulty, and scaled scoring as the real test.
Our system uses difficulty-weighted scoring on a 0–1000 scale, so harder questions count the way they should. Every result includes a domain breakdown and your personal percentile trend, giving you a clearer view of where you stand and whether you're improving.
See your performance across knowledge, speed, coverage, consistency, and retention, then focus on the areas that need the most work.
High accuracy with poor consistency is still a risk. Strong knowledge with weak coverage is still a gap. Our composite score weighs all five signals and makes the weakest one impossible to ignore.
Each card tests one concept. Get one wrong and you lose 10 seconds. Build a streak and you earn time back. The faster you recognize the pattern, the longer you stay alive. Score 15 out of 20 to clear the deck and unlock the next exam in your certification path. Miss the threshold and try again with a reshuffled deck.
Drag AWS services onto the canvas, connect them, and check your design against the expected scenario. Your result is evaluated by placement and connectivity, so you learn how the architecture works, not just names.
Badges and achievements give every milestone a reward. Pass exams, clear domains, build Blitz streaks, complete Arch Builder scenarios, and unlock proof of progress as you move through each certification path.
Click Start to launch a temporary lab. You work in the AWS console, fix the broken configuration, and run Check against pass/fail criteria. The clock is always running, so every lab trains you to diagnose, decide, and fix under pressure.
FoundationalFoundationalAssociateAssociateAssociateAssociateAssociateProfessionalProfessionalProfessionalSpecialtySpecialtyFull access to Exam 01 of every certification, forever. No card required.
Unlock the complete exam, Blitz, and Arch Builder experience for a single certification. Lifetime access.
Every certification, every exam, every Blitz deck, every Arch Builder scenario, and every Live AWS Lab. Cancel anytime.
Full access to Exam 01 of every certification, forever. No card required.
Unlock all six exams plus every Blitz, Arch and Lab on a single cert. Pay once, keep it.
Full access to the entire platform: every certification, every exam, every Blitz deck, every Arch Builder scenario, and every Live AWS Lab. Cancel anytime.
Sign up takes thirty seconds. The first exam is on us.
Loading…
You have not finished all questions. Are you sure you want to end your session now?
Unanswered
0
Flagged
0
Setting a target date makes the Hub smarter about what to focus on each week.