AWS Certified Solutions Architect Professional SAP-C02 Practice Question

Creating an Amazon OpenSearch Service domain with Multi-AZ with Standby automatically distributes dedicated master and data nodes across three Availability Zones, giving the necessary quorum for high availability. Three dedicated master nodes (an odd number) are required to elect a new master during a failure.

Using hot data nodes on current-generation instances with EBS gp3 (or io-optimized) volumes delivers the best performance for the most recent 30 days of data. Enabling UltraWarm adds a warm tier that stores 31- to 90-day-old indexes on S3-backed warm nodes at roughly 90 % lower cost than hot storage, yet still supports interactive queries. Enabling cold storage places data older than 90 days entirely on S3, detaching it from compute until it is re-attached for audit searches, providing the lowest cost while preserving searchability. Both UltraWarm and cold storage require dedicated master nodes and integrate with Index State Management so migrations can be automated, minimizing ongoing operations.

Placing the domain inside a VPC and, if desired, creating an OpenSearch-managed VPC endpoint keeps traffic private. Fine-grained access control requires node-to-node encryption and supports SAML 2.0 federation. IAM Identity Center (successor to AWS SSO) can be configured as the SAML IdP, giving single sign-on to OpenSearch Dashboards without custom code.

Alternative answers either leave older data unsearchable (snapshots to S3), rely on archive tiers that cannot be queried, expose a public endpoint, or omit Multi-AZ and encryption controls-failing one or more stated requirements.