| PDF + Test Engine |
|
||
| Test Engine |
|
||
|
|
Here are Amazon SAP-C02 PDF available features:
| 683 questions with answers | Updation Date : 16 Jul, 2026 |
| 1 day study required to pass exam | 100% Passing Assurance |
| 100% Money Back Guarantee | Free 3 Months Updates |
A company is using AWS CodePipeline for the CI/CD of an application to an Amazon EC2 Auto Scaling group. All AWS resources are defined in AWS CloudFormation templates. The application artifacts are stored in an Amazon S3 bucket and deployed to the Auto Scaling group using instance user data scripts. As the application has become more complex, recent resource changes in the CloudFormation templates have caused unplanned downtime. How should a solutions architect improve the CI/CD pipeline to reduce the likelihood that changes in the templates will cause downtime?
A. Adapt the deployment scripts to detect and report CloudFormation error conditions whenperforming deployments. Write test plans for a testing team to execute in a non-productionenvironment before approving the change for production.
B. Implement automated testing using AWS CodeBuild in a test environment. UseCloudFormation change sets to evaluate changes before deployment. Use AWSCodeDeploy to leverage blue/green deployment patterns to allow evaluations and theability to revert changes, if needed.
C. Use plugins for the integrated development environment (IDE) to check the templatesfor errors, and use the AWS CLI to validate that the templates are correct. Adapt thedeployment code to check for error conditions and generate notifications on errors. Deployto a test environment and execute a manual test plan before approving the change forproduction.
D. Use AWS CodeDeploy and a blue/green deployment pattern with CloudFormation toreplace the user data deployment scripts. Have the operators log in to running instancesand go through a manual test plan to verify the application is running as expected.
A company has an application that generates reports and stores them in an Amazon S3 bucket When a user accesses their report, the application generates a signed URL to allow the user to download the report. The company's security team has discovered that the files are public and that anyone can download them without authentication The company has suspended the generation of new reports until the problem is resolved. Which set of actions will immediately remediate the security issue without impacting the application's normal workflow?
A. Create an AWS Lambda function that applies a deny all policy for users who are notauthenticated. Create a scheduled event to invoke the Lambda function
B. Review the AWS Trusted Advisor bucket permissions check and implement therecommended actions.
C. Run a script that puts a private ACL on all of the objects in the bucket.
D. Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcls option toTRUE on the bucket.
A company is collecting a large amount of data from a fleet of loT devices Data is stored as Optimized Row Columnar (ORC) files in the Hadoop Distributed File System (HDFS) on a persistent Amazon EMR cluster. The company's data analytics team queries the data by using SQL in Apache Presto deployed on the same EMR cluster Queries scan large amounts of data, always run for less than 15 minutes, and run only between 5 PM and 10 PM. The company is concerned about the high cost associated with the current solution A solutions architect must propose the most cost-effective solution that will allow SQL data queries Which solution will meet these requirements?
A. Store data in Amazon S3 Use Amazon Redshift Spectrum to query data.
B. Store data in Amazon S3 Use the AWS Glue Data Catalog and Amazon Athena to querydata
C. Store data in EMR File System (EMRFS) Use Presto in Amazon EMR to query data
D. Store data in Amazon Redshift. Use Amazon Redshift to query data.
A company is deploying a distributed in-memory database on a fleet of Amazon EC2 instances. The fleet consists of a primary node and eight worker nodes. The primary node is responsible for monitoring cluster health, accepting user requests, distributing user requests to worker nodes, and sending an aggregate response back to a client. Worker nodes communicate with each other to replicate data partitions. The company requires the lowest possible networking latency to achieve maximum performance. Which solution will meet these requirements?
A. Launch memory optimized EC2 instances in a partition placement group.
B. Launch compute optimized EC2 instances in a partition placement group.
C. Launch memory optimized EC2 instances in a cluster placement group
D. Launch compute optimized EC2 instances in a spread placement group.
A company is migrating mobile banking applications to run on Amazon EC2 instances in a VPC. Backend service applications run in an on-premises data center. The data center has an AWS Direct Connect connection into AWS. The applications that run in the VPC need to resolve DNS requests to an on-premises Active Directory domain that runs in the data center. Which solution will meet these requirements with the LEAST administrative overhead?
A. Provision a set of EC2 instances across two Availability Zones in the VPC as cachingDNS servers to resolve DNS queries from the application servers within the VPC.
B. Provision an Amazon Route 53 private hosted zone. Configure NS records that point toon-premises DNS servers.
C. Create DNS endpoints by using Amazon Route 53 Resolver Add conditional forwardingrules to resolve DNS namespaces between the on-premises data center and the VPC.
D. Provision a new Active Directory domain controller in the VPC with a bidirectional trustbetween this new domain and the on-premises Active Directory domain.
A company is migrating its legacy .NET workload to AWS. The company has a containerized setup that includes a base container image. The base image is tens of gigabytes in size because of legacy libraries and other dependencies. The company has images for custom developed components that are dependent on the base image. The company will use Amazon Elastic Container Registry (Amazon ECR) as part of its solution on AWS. Which solution will provide the LOWEST container startup time on AWS?
A. Use Amazon ECR to store the base image and the images for the custom developedcomponents. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate torun the workload.
B. Use Amazon ECR to store the base image and the images for the custom developedcomponents. Use AWS App Runner to run the workload.
C. Use Amazon ECR to store the images for the custom developed components. Create anAMI that contains the base image. Use Amazon Elastic Container Service (Amazon ECS)on Amazon EC2 instances that are based on the AMI to run the workload
D. Use Amazon ECR to store the images for the custom developed components. Create anAMI that contains the base image. Use Amazon Elastic Kubernetes Service (Amazon EKS)on AWS Fargate with the AMI to run the workload.
A company has developed a mobile game. The backend for the game runs on several virtual machines located in an on-premises data center. The business logic is exposed using a REST API with multiple functions. Player session data is stored in central file storage. Backend services use different API keys for throttling and to distinguish between live and test traffic. The load on the game backend varies throughout the day. During peak hours, the server capacity is not sufficient. There are also latency issues when fetching player session data. Management has asked a solutions architect to present a cloud architecture that can handle the game's varying load and provide low-latency data access. The API model should not be changed. Which solution meets these requirements?
A. Implement the REST API using a Network Load Balancer (NLB). Run the business logic on an Amazon EC2 instance behind the NLB. Store player session data in Amazon AuroraServerless.
B. Implement the REST API using an Application Load Balancer (ALB). Run the businesslogic in AWS Lambda. Store player session data in Amazon DynamoDB with on-demandcapacity.
C. Implement the REST API using Amazon API Gateway. Run the business logic in AWSLambda. Store player session data in Amazon DynamoDB with on- demand capacity.
D. Implement the REST API using AWS AppSync. Run the business logic in AWS Lambda.Store player session data in Amazon Aurora Serverless.
A company is planning a one-time migration of an on-premises MySQL database to Amazon Aurora MySQL in the us-east-1 Region. The company's current internet connection has limited bandwidth. The on-premises MySQL database is 60 TB in size The company estimates that it will take a month to transfer the data to AWS over the current internet connection. The company needs a migration solution that will migrate the database more quickly Which solution will migrate the database in the LEAST amount of time?
A. Request a 1 Gbps AWS Direct Connect connection between the on-premises datacenter and AWS Use AWS Database Migration Service (AWS DMS) to migrate the onpremisesMySQL database to Aurora MySQL.
B. Use AWS DataSync with the current internet connection to accelerate the data transferbetween the on-premises data center and AWS Use AWS Application Migration Service tomigrate the on-premises MySQL database to Aurora MySQL.
C. Order an AWS Snowball Edge Device Load the data into an Amazon S3 bucket by usingthe S3 interface Use AWS Database Migration Service (AWS DMS) to migrate the datafrom Amazon S3 to Aurora MySQL
D. Order an AWS Snowball Device Load the data into an Amazon S3 bucket by using the S3 Adapter for Snowball Use AWS Application Migration Service to migrate the data fromAmazon S3 to Aurora MySQL.
A company is using AWS Organizations to manage multiple accounts Due to regulatory requirements, the company wants to restrict specific member accounts to certain AWSRegions, where they are permitted to deploy resources The resources in the accounts must be tagged enforced based on a group standard and centrally managed with minimal configuration. What should a solutions architect do to meet these requirements'?
A. Create an AWS Config rule in the specific member accounts to limit Regions and applya tag policy.
B. From the AWS Billing and Cost Management console in the management account,disable Regions for the specific member accounts and apply a tag policy on the root.
C. Associate the specific member accounts with the root Apply a tag policy and an SCPusing conditions to limit Regions.
D. Associate the specific member accounts with a new OU. Apply a tag policy and an SCPusing conditions to limit Regions.
A solutions architect has implemented a SAML 2 0 federated identity solution with their company's on-premises identity provider (IdP) to authenticate users' access to the AWS environment. When the solutions architect tests authentication through the federated identity web portal, access to the AWS environment is granted However when test users attempt to authenticate through the federated identity web portal, they are not able to access the AWS environment Which items should the solutions architect check to ensure identity federation is properly configured? (Select THREE)
A. The 1AM user's permissions policy has allowed the use of SAML federation for that user
B. The 1AM roles created for the federated users' or federated groups' trust policy have setthe SAML provider as the principal
C. Test users are not in the AWSFederatedUsers group in the company's IdP
D. The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of theSAML provider, the ARN of the 1AM role, and the SAML assertion from IdP
E. The on-premises IdP's DNS hostname is reachable from the AWS environment VPCs
F. The company's IdP defines SAML assertions that properly map users or groups in thecompany to 1AM roles with appropriate permissions