Amazon SAP-C02 Sample Questions

Question # 141

A Solutions Architect wants to make sure that only AWS users or roles with suitable permissions can access a new Amazon API Gateway endpoint. The Solutions Architect wants an end-to-end view of each request to analyze the latency of the request and create service maps. How can the Solutions Architect design the API Gateway access control and perform request inspections? 

A. For the API Gateway method, set the authorization to AWS_IAM. Then, give the IAM user or role execute-api:Invoke permission on the REST API resource. Enable the APIcaller to sign requests with AWS Signature when accessing the endpoint. Use AWS X-Rayto trace and analyze user requests to API Gateway.
B. For the API Gateway resource, set CORS to enabled and only return the company'sdomain in Access-Control-Allow-Origin headers. Then, give the IAM user or role executeapi:Invoke permission on the REST API resource. Use Amazon CloudWatch to trace andanalyze user requests to API Gateway.
C. Create an AWS Lambda function as the custom authorizer, ask the API client to passthe key and secret when making the call, and then use Lambda to validate the key/secretpair against the IAM system. Use AWS X-Ray to trace and analyze user requests to APIGateway.
D. Create a client certificate for API Gateway. Distribute the certificate to the AWS usersand roles that need to access the endpoint. Enable the API caller to pass the clientcertificate when accessing the endpoint. Use Amazon CloudWatch to trace and analyzeuser requests to API Gateway.


Question # 142

A live-events company is designing a scaling solution for its ticket application on AWS. The application has high peaks of utilization during sale events. Each sale event is a one-time event that is scheduled. The application runs on Amazon EC2 instances that are in an Auto Scaling group. The application uses PostgreSQL for the database layer. The company needs a scaling solution to maximize availability during the sale events. Which solution will meet these requirements? 

A. Use a predictive scaling policy for the EC2 instances. Host the database on an AmazonAurora PostgreSQL Serverless v2 Multi-AZ DB instance with automatically scaling readreplicas. Create an AWS Step Functions state machine to run parallel AWS Lambdafunctions to pre-warm the database before a sale event. Create an Amazon EventBridgerule to invoke the state machine.
B. Use a scheduled scaling policy for the EC2 instances. Host the database on an AmazonRDS for PostgreSQL Multi-AZ DB instance with automatically scaling read replicas. Createan Amazon EventBridge rule that invokes an AWS Lambda function to create a larger readreplica before a sale event. Fail over to the larger read replica. Create another EventBridgerule that invokes another Lambda function to scale down the read replica after the saleevent.
C. Use a predictive scaling policy for the EC2 instances. Host the database on an AmazonRDS for PostgreSQL Multi-AZ DB instance with automatically scaling read replicas. Createan AWS Step Functions state machine to run parallel AWS Lambda functions to pre-warmthe database before a sale event. Create an Amazon EventBridge rule to invoke the statemachine.
D. Use a scheduled scaling policy for the EC2 instances. Host the database on an AmazonAurora PostgreSQL Multi-AZ DB cluster. Create an Amazon EventBridge rule that invokesan AWS Lambda function to create a larger Aurora Replica before a sale event. Fail over tothe larger Aurora Replica. Create another EventBridge rule that invokes another Lambdafunction to scale down the Aurora Replica after the sale event.


Question # 143

A company is building an image service on the web that will allow users to upload and search random photos. At peak usage, up to 10.000 users worldwide will upload their images. The service will then overlay text on the uploaded images, which will then be published on the company website. Which design should a solutions architect implement? 

A. Store the uploaded images in Amazon Elastic File System (Amazon EFS). Sendapplication log information about each image to Amazon CloudWatch Logs Create a fleetof Amazon EC2 instances that use CloudWatch Logs to determine which images need tobe processed Place processed images in another directory in Amazon EFS. EnableAmazon CloudFront and configure the origin to be the one of the EC2 instances in the fleet
B. Store the uploaded images in an Amazon S3 bucket and configure an S3 bucket eventnotification to send a message to Amazon Simple Notification Service (Amazon SNS)Create a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) to pullmessages from Amazon SNS to process the images and place them in Amazon Elastic FileSystem (Amazon EFS) Use Amazon CloudWatch metrics for the SNS message volume toscale out EC2 instances. Enable Amazon CloudFront and configure the origin to be theALB in front of the EC2 instances
C. Store the uploaded images in an Amazon S3 bucket and configure an S3 bucket eventnotification to send a message to the Amazon Simple Queue Service (Amazon SQS)queue Create a fleet of Amazon EC2 instances to pull messages from the SQS queue toprocess the images and place them in another S3 bucket. Use Amazon CloudWatchmetncs for queue depth to scale out EC2 instances Enable Amazon CloudFront andconfigure the origin to be the S3 bucket that contains the processed images.
D. Store the uploaded images on a shared Amazon Elastic Block Store (Amazon EBS)volume amounted to a fleet of Amazon EC2 Spot instances. Create an AmazonDynamoDB table that contains information about each uploaded image and whether it hasbeen processed Use an Amazon EventBndge rule to scale out EC2 instances. EnableAmazon CloudFront and configure the origin to reference an Elastic Load Balancer in frontof the fleet of EC2 instances.


Question # 144

A company is building an application that will run on an AWS Lambda function. Hundreds of customers will use the application. The company wants to give each customer a quota of requests for a specific time period. The quotas must match customer usage patterns. Some customers must receive a higher quota for a shorter time period. Which solution will meet these requirements? 

A. Create an Amazon API Gateway REST API with a proxy integration to invoke theLambda function. For each customer, configure an API Gateway usage plan that includesan appropriate request quota. Create an API key from the usage plan for each user that thecustomer needs.
B. Create an Amazon API Gateway HTTP API with a proxy integration to invoke theLambda function. For each customer, configure an API Gateway usage plan that includesan appropriate request quota. Configure route-level throttling for each usage plan. Createan API key from the usage plan for each user that the customer needs.
C. Create a Lambda function alias for each customer. Include a concurrency limit with anappropriate request quota. Create a Lambda function URL for each function alias. Sharethe Lambda function URL for each alias with the relevant customer.
D. Create an Application Load Balancer (ALB) in a VPC. Configure the Lambda function asa target for the ALB. Configure an AWS WAF web ACL for the ALB. For each customer,configure a rate-based rule that includes an appropriate request quota.


Question # 145

A company runs applications in hundreds of production AWS accounts. The company uses AWS Organizations with all features enabled and has a centralized backup operation that uses AWS Backup. The company is concerned about ransomware attacks. To address this concern, the company has created a new policy that all backups must be resilient to breaches of privileged-user credentials in any production account. Which combination of steps will meet this new requirement? (Select THREE.) 

A. Implement cross-account backup with AWS Backup vaults in designated non-production accounts.
B. Add an SCP that restricts the modification of AWS Backup vaults.
C. Implement AWS Backup Vault Lock in compliance mode.
D. Configure the backup frequency, lifecycle, and retention period to ensure that at leastone backup always exists in the cold tier.
E. Configure AWS Backup to write all backups to an Amazon S3 bucket in a designatednon-production account. Ensure that the S3 bucket has S3 Object Lock enabled.
F. Implement least privilege access for the IAM service role that is assigned to AWSBackup.


Question # 146

A financial services company has an asset management product that thousands of customers use around the world. The customers provide feedback about the product through surveys. The company is building a new analytical solution that runs on Amazon EMR to analyze the data from these surveys. The following user personas need to access the analytical solution to perform different actions: • Administrator: Provisions the EMR cluster for the analytics team based on the team's requirements • Data engineer: Runs E TL scripts to process, transform, and enrich the datasets • Data analyst: Runs SQL and Hive queries on the data A solutions architect must ensure that all the user personas have least privilege access to only the resources that they need. The user personas must be able to launch only applications that are approved and authorized. The solution also must ensure tagging for all resources that the user personas create. Which solution will meet these requirements? 

A. Create IAM roles for each user persona. Attach identity-based policies to define whichactions the user who assumes the role can perform. Create an AWS Config rule to checkfor noncompliant resources. Configure the rule to notify the administrator to remediate thenoncompliant resources.
B. Set up Kerberos-based authentication for EMR clusters upon launch. Specify aKerberos security configuration along with cluster-specific Kerberos options.
C. Use AWS Service Catalog to control the Amazon EMR versions available fordeployment, the cluster configuration, and the permissions for each user persona.
D. Launch the EMR cluster by using AWS CloudFormation. Attach resource-based policiesto the EMR cluster during cluster creation. Create an AWS Config rule to check fornoncompliant clusters and noncompliant Amazon S3 buckets. Configure the rule to notifythe administrator to remediate the noncompliant resources.


Question # 147

A company implements a containerized application by using Amazon Elastic Container Service (Amazon ECS) and Amazon API Gateway. The application data is stored in Amazon Aurora databases and Amazon DynamoDB databases The company automates infrastructure provisioning by using AWS CloudFormation The company automates application deployment by using AWS CodePipeline. A solutions architect needs to implement a disaster recovery (DR) strategy that meets an RPO of 2 hours and an RTO of 4 hours. Which solution will meet these requirements MOST cost-effectively'? 

A. Set up an Aurora global database and DynamoDB global tables to replicate thedatabases to a secondary AWS Region. In the primary Region and in the secondaryRegion, configure an API Gateway API with a Regional Endpoint Implement AmazonCloudFront with origin failover to route traffic to the secondary Region during a DR scenario
B. Use AWS Database Migration Service (AWS DMS). Amazon EventBridge. and AWSLambda to replicate the Aurora databases to a secondary AWS Region Use DynamoDBStreams EventBridge, and Lambda to replicate the DynamoDB databases to the secondaryRegion. In the primary Region and in the secondary Region, configure an API Gateway APIwith a Regional Endpoint Implement Amazon Route 53 failover routing to switch traffic fromthe primary Region to the secondary Region.
C. Use AWS Backup to create backups of the Aurora databases and the DynamoDBdatabases in a secondary AWS Region. In the primary Region and in the secondaryRegion, configure an API Gateway API with a Regional endpoint. Implement AmazonRoute 53 failover routing to switch traffic from the primary Region to the secondary Region
D. Set up an Aurora global database and DynamoDB global tables to replicate thedatabases to a secondary AWS Region. In the primary Region and in the secondaryRegion, configure an API Gateway API with a Regional endpoint Implement Amazon Route53 failover routing to switch traffic from the primary Region to the secondary Region


Question # 148

A company is planning to migrate an Amazon RDS for Oracle database to an RDS for PostgreSQL DB instance in another AWS account. A solutions architect needs to design a migration strategy that will require no downtime and that will minimize the amount of time necessary to complete the migration. The migration strategy must replicate all existing data and any new data that is created during the migration The target database must be identical to the source database at completion of the migration process All applications currently use an Amazon Route 53 CNAME record as their endpoint for communication with the RDS for Oracle DB instance The RDS for Oracle DB instance is in a private subnet. Which combination of steps should the solutions architect take to meet these requirements? (Select THREE) 

A. Create a new RDS for PostgreSQL DB instance in the target account Use the AWSSchema Conversion Tool (AWS SCT) to migrate the database schema from the sourcedatabase to the target database
B. Use the AWS Schema Conversion Tool (AWS SCT) to create a new RDS forPostgreSQL DB instance in the target account with the schema and initial data from thesource database
C. Configure VPC peering between the VPCs in the two AWS accounts to provideconnectivity to both DB instances from the target account. Configure the security groupsthat are attached to each DB instance to allow traffic on the database port from the VPC inthe target account.
D. Temporarily allow the source DB instance to be publicly accessible to provideconnectivity from the VPC in the target account Configure the security groups that areattached to each DB instance to allow traffic on the database port from the VPC in thetarget account.
E. Use AWS Database Migration Service (AWS DMS) in the target account to perform a fullload plus change data capture (CDC) migration from the source database to the targetdatabase When the migration is complete, change the CNAME record to point to the targetDB instance endpoint
F. Use AWS Database Migration Service (AWS DMS) in the target account to perform achange data capture (CDC) migration from the source database to the target databaseWhen the migration is complete change the CNAME record to point to the target DBinstance endpoint.


Question # 149

A company hosts a web application on AWS in the us-east-1 Region The application servers are distributed across three Availability Zones behind an Application Load Balancer. The database is hosted in a MySQL database on an Amazon EC2 instance A solutions architect needs to design a Cross-Region data recovery solution using AWS services with an RTO of less than 5 minutes and an RPO of less than 1 minute. The solutions architect is deploying application servers in us-west-2, and has configured Amazon Route 53 hearth checks and DNS failover to us-west-2 Which additional step should the solutions architect take? 

A. Migrate the database to an Amazon RDS tor MySQL instance with a cross-Region readreplica in us-west-2
B. Migrate the database to an Amazon Aurora global database with the primary in us-east-1 and the secondary in us-west-2
C. Migrate the database to an Amazon RDS for MySQL instance with a Multi-AZdeployment.
D. Create a MySQL standby database on an Amazon EC2 instance in us-west-2


Question # 150

A company is deploying a new API to AWS. The API uses Amazon API Gateway with a Regional API endpoint and an AWS Lambda function for hosting. The API retrieves data from an external vendor API, stores data in an Amazon DynamoDB global table, and retrieves data from the DynamoDB global table. The API key for the vendor's API is stored in AWS Secrets Manager and is encrypted with a customer managed key in AWS Key Management Service (AWS KMS). The company has deployed its own API into a single AWS Region. A solutions architect needs to change the API components of the company's API to ensure that the components can run across multiple Regions in an active-active configuration. Which combination of changes will meet this requirement with the LEAST operational overhead? (Choose three.) 

A. Deploy the API to multiple Regions. Configure Amazon Route 53 with custom domainnames that route traffic to each Regional API endpoint. Implement a Route 53 multivalueanswer routing policy.
B. Create a new KMS multi-Region customer managed key. Create a new KMS customermanaged replica key in each in-scope Region.
C. Replicate the existing Secrets Manager secret to other Regions. For each in-scopeRegion's replicated secret, select the appropriate KMS key.
D. Create a new AWS managed KMS key in each in-scope Region. Convert an existingkey to a multi-Region key. Use the multi-Region key in other Regions.
E. Create a new Secrets Manager secret in each in-scope Region. Copy the secret valuefrom the existing Region to the new secret in each in-scope Region.
F. Modify the deployment process for the Lambda function to repeat the deployment across in-scope Regions. Turn on the multi-Region option for the existing API. Select the Lambdafunction that is deployed in each Region as the backend for the multi-Region API.


‹ First13141516

Download All Questions PDF Check Customers Feedbacks