Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

SAP-C02 AWS Certified Solutions Architect - Professional is now Stable and With Pass Result | Test Your Knowledge for Free

Exams4sure Dumps

SAP-C02 Practice Questions

AWS Certified Solutions Architect - Professional

Last Update 1 day ago
Total Questions : 683

Dive into our fully updated and stable SAP-C02 practice test platform, featuring all the latest AWS Certified Professional exam questions added this week. Our preparation tool is more than just a Amazon Web Services study aid; it's a strategic advantage.

Our free AWS Certified Professional practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about SAP-C02. Use this test to pinpoint which areas you need to focus your study on.

SAP-C02 PDF

SAP-C02 PDF (Printable)
$54.25
$154.99

SAP-C02 Testing Engine

SAP-C02 PDF (Printable)
$59.5
$169.99

SAP-C02 PDF + Testing Engine

SAP-C02 PDF (Printable)
$74.55
$212.99
Question # 151

A company uses an organization in AWS Organizations with all features enabled to manage AWS accounts. For each new project, the company creates a new linked account. After the creation of a new account, the root user signs in to the new account and creates a service request to increase the service quota for Amazon EC2 instances.

The company needs to automate this process.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Create an Amazon EventBridge rule to detect the creation of a new account. Send the event to an Amazon SNS topic that invokes an AWS Lambda function. Configure the Lambda function to request a quota increase.

B.  

Create a Service Quotas request template in the organization’s management account. Configure the request template to request a quota increase. Associate the request template with the organization.

C.  

Create an AWS Config rule in the organization’s management account to check the quota. Create an AWS Lambda function. Configure the Lambda function to request a quota increase.

D.  

Create an automatic quota remediation action for AWS Trusted Advisor in the organization’s management account. Create an AWS Step Functions workflow for the remediation action. Configure the Step Functions step to request a quota increase.

Discussion 0
Question # 152

A company has more than 20 application development teams. All the teams use AWS CloudFormation to deploy application resources in the company ' s production AWS account. The production account is a member of an organization in AWS Organizations that has all features enabled.

The company must ensure that all resources that the development teams provision match a set of predefined rules. The company needs a solution to prevent users from provisioning noncompliant resources through CloudFormation.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Implement each configuration rule as a separate AWS Config custom AWS Lambda rule. Deploy the Lambda functions to the company ' s production account. Implement SCPs to prevent changes to the Lambda functions and to deny any operation that could disable AWS Config or its rules or triggers in the production account.

B.  

Use CloudFormation Hooks to implement the configuration rules. Use a separate AWS Lambda function to enforce each rule. Use CloudFormation StackSets to deploy and register Hooks across all member accounts in the organization. Use SCPs and IAM policies to prevent Hook modifications and Lambda function changes in member accounts.

C.  

Implement the configuration rules as an AWS Lambda function. Configure a CloudFormation macro definition to make the Lambda function available to CloudFormation. Configure the function to check the CloudFormation template against the configuration rules. Use the macro in all CloudFormation deployment templates.

D.  

Implement the configuration rules by using AWS CloudFormation Guard rules. Use the cfn-guard-lambda command to install Guard as an AWS Lambda function. Build and run Guard by invoking the Lambda function. Provide the CloudFormation template and the rule set as inputs to the function.

Discussion 0
Question # 153

A company is using AWS CodePipeline for the CI/CD of an application to an Amazon EC2 Auto Scaling group. All AWS resources are defined in AWS

CloudFormation templates. The application artifacts are stored in an Amazon S3 bucket and deployed to the Auto Scaling group using instance user data scripts.

As the application has become more complex, recent resource changes in the CloudFormation templates have caused unplanned downtime.

How should a solutions architect improve the CI/CD pipeline to reduce the likelihood that changes in the templates will cause downtime?

Options:

A.  

Adapt the deployment scripts to detect and report CloudFormation error conditions when performing deployments. Write test plans for a testing team to execute in a non-production environment before approving the change for production.

B.  

Implement automated testing using AWS CodeBuild in a test environment. Use CloudFormation change sets to evaluate changes before deployment. Use AWS CodeDeploy to leverage blue/green deployment patterns to allow evaluations and the ability to revert changes, if needed.

C.  

Use plugins for the integrated development environment (IDE) to check the templates for errors, and use the AWS CLI to validate that the templates are correct. Adapt the deployment code to check for error conditions and generate notifications on errors. Deploy to a test environment and execute a manual test plan before approving the change for production.

D.  

Use AWS CodeDeploy and a blue/green deployment pattern with CloudFormation to replace the user data deployment scripts. Have the operators log in to running instances and go through a manual test plan to verify the application is running as expected.

Discussion 0
Question # 154

A company operates a fleet of servers on premises and operates a fleet of Amazon EC2 instances in its organization in AWS Organizations. The company ' s AWS accounts contain hundreds of VPCs. The company wants to connect its AWS accounts to its on-premises network. AWS Site-to-Site VPN connections are already established to a single AWS account. The company wants to control which VPCs can communicate with other VPCs.

Which combination of steps will achieve this level of control with the LEAST operational effort? (Choose three.)

Options:

A.  

Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).

B.  

Configure attachments to all VPCs and VPNs.

C.  

Set up transit gateway route tables. Associate the VPCs and VPNs with the route tables.

D.  

Configure VPC peering between the VPCs.

E.  

Configure attachments between the VPCs and VPNs.

F.  

Set up route tables on the VPCs and VPNs.

Discussion 0
Question # 155

A company runs an application on AWS. The application uses an Amazon Aurora MySQL database that is encrypted with the default AWS managed AWS KMS key.

The company must implement a solution to rotate the database encryption key every 180 days. The solution must provide a notification if the encryption key is noncompliant with this standard.

Which solution will meet these requirements?

Options:

A.  

Configure the rotation period for the existing AWS managed KMS key to be 180 days. Implement the cmk-backing-key-rotation-enabled AWS Config managed rule for the existing KMS key. Configure AWS Config to use Amazon SNS to notify the security team if key rotation is noncompliant.

B.  

Create a new AWS managed KMS key with automatic rotation set for 180 days. Take a snapshot of the database. Restore the snapshot to a new Aurora cluster that uses the new KMS key. Create an AWS Config custom rule that uses an AWS Lambda function to validate the key rotation period. Configure AWS Config to use Amazon SES to notify the security team if key encryption is noncompliant.

C.  

Create a new customer managed KMS key with automatic rotation set for 180 days. Take asnapshot of the database. Restore the snapshot to a new Aurora cluster that uses the new KMS key. Create an AWS Config custom rule that uses an AWS Lambda function to validate the key rotation period. Configure AWS Config to use Amazon SNS to notify the security team if key encryption is noncompliant.

D.  

Create a new customer managed KMS key with automatic rotation set for 180 days. Update the database to use the new KMS key for encryption. Implement the cmk-backing-key-rotation-enabled AWS Config managed rule for the new KMS key. Configure AWS Config to use Amazon SES to notify the security team if key rotation is noncompliant.

Discussion 0
Question # 156

A company has an IoT data lake that is stored in Amazon S3. Data scientists in a separate AWS account need to analyze the data on Amazon EC2 instances in a VP

C.  

Company policy requires that only authorized networks access the IoT data. The EC2 instances already have an IAM role that allows access to Amazon S3. An S3 access point exists on the data lake S3 bucket.

The company needs to provide secure access to the S3 data lake for the EC2 instances while complying with the policy that requires access from only authorized networks.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.  

Create a gateway VPC endpoint for Amazon S3 in the data scientists’ VP

C.  

B.  

Update the S3 access point settings to block public access.

C.  

Update the EC2 instance role. Add a policy with a condition that denies the s3:GetObject action when the value for the s3:DataAccessPointArn condition key is a valid access point ARN.

D.  

Update the VPC route table to route S3 traffic to the S3 access point.

E.  

Add an S3 bucket policy with a condition that allows the s3:GetObject action when the value for the s3:DataAccessPointArn condition key is a valid access point ARN.

Discussion 0
Question # 157

A company uses a software package for surveys. During surveys, data is uploaded from a field operator ' s device to an Amazon S3 bucket. A custom application that runs on several Amazon EC2 instances polls the S3 bucket for new data. When new data is available, the software processes the data.

The data uploads are infrequent. The processing software can take up to 25 minutes to analyze each data upload. The company wants to optimize the application workflow to process the S3 data.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Modify the application to accept new S3 object keys as inputs. Containerize the application. Deploy the container to an Amazon ECS cluster that uses the AWS Fargate launch type. Configure S3 bucket notifications to send events to Amazon EventBridge when new objects are uploaded. Create an EventBridge rule that invokes an ECS task to run the application when a new S3 object event occurs.

B.  

Modify the application to accept new S3 object keys as inputs. Containerize the application. Deploy the container image to AWS Lambda functions. Create a new AWS Step Functions state machine to invoke the Lambda functions. Configure the state machine with a Task state that calls the Lambda functions. Set the Task state ' s Timeout property to 30 minutes.

C.  

Modify the application to accept new S3 object keys as inputs. Move the application from EC2 instances to Amazon ECS by using the EC2 capacity provider. Create an AWS Glue crawler to check the S3 bucket and invoke the application. Configure the application to process the data when the data is uploaded to Amazon S3.

D.  

Modify the application to use HTTP to poll new S3 object keys that reference data to process. Containerize the application. Deploy the container image to AWS Lambda functions. Configure S3 bucket notifications to send events to Amazon EventBridge when new objects are uploaded. Create an EventBridge rule that invokes the Lambda functions to post the new objects to HTTP endpoints by using fan-out.

Discussion 0
Question # 158

A company that develops consumer electronics with offices in Europe and Asia has 60 TB of software images stored on premises in Europe The company wants to transfer the images to an Amazon S3 bucket in the ap-northeast-1 Region New software images are created daily and must be encrypted in transit The company needs a solution that does not require custom development toautomatically transfer all existing and new software images to Amazon S3

What is the next step in the transfer process?

Options:

A.  

Deploy an AWS DataSync agent and configure a task to transfer the images to the S3 bucket

B.  

Configure Amazon Kinesis Data Firehose to transfer the images using S3 Transfer Acceleration

C.  

Use an AWS Snowball device to transfer the images with the S3 bucket as the target

D.  

Transfer the images over a Site-to-Site VPN connection using the S3 API with multipart upload

Discussion 0
Question # 159

A company runs a content management application on a single Windows Amazon EC2 instance in a development environment. The application reads and writes static content to a 2 TB Amazon Elastic Block Store (Amazon EBS) volume that is attached to the instance as the root device. The company plans to deploy this application in production as a highly available and fault-tolerant solution that runs on at least three EC2 instances across multiple Availability Zones.

A solutions architect must design a solution that joins all the instances that run the application to an Active Directory domain. The solution also must implement Windows ACLs to control access to file contents. The application always must maintain exactly the same content on all running instances at any given point in time.

Which solution will meet these requirements with the LEAST management overhead?

Options:

A.  

Create an Amazon Elastic File System (Amazon EFS) file share. Create an Auto Scaling group that extends across three Availability Zones and maintains a minimum size of three instances. Implement a user data script to install the application, join the instance to the AD domain, and mount the EFS file share.

B.  

Create a new AMI from the current EC2 instance that is running. Create an Amazon FSx for Lustre file system. Create an Auto Scaling group that extends across three Availability Zones and maintains a minimum size of three instances. Implement a user data script to join the instance to the AD domain and mount the FSx for Lustre file system.

C.  

Create an Amazon FSx for Windows File Server file system. Create an Auto Scaling group that extends across three Availability Zones and maintains a minimum size of three instances. Implement a user data script to install the application and mount the FSx for Windows File Server file system. Perform a seamless domain join to join the instance to the AD domain.

D.  

Create a new AMI from the current EC2 instance that is running. Create an Amazon Elastic File System (Amazon EFS) file system. Create an Auto Scaling group that extends across three Availability Zones and maintains a minimum size of three instances. Perform a seamless domain join to join the instance to the AD domain.

Discussion 0
Question # 160

A company is planning to migrate its on-premises VMware cluster of 120 VMS to AWS. The VMS have many different operating systems and many custom software

packages installed. The company also has an on-premises NFS server that is 10 TB in size. The company has set up a 10 GbpsAWS Direct Connect connection to AWS for the migration

Which solution will complete the migration to AWS in the LEAST amount of time?

Options:

A.  

Export the on-premises VMS and copy them to an Amazon S3 bucket. Use VM Import/Export to create AMIS from the VM images that are stored in Amazon S3.Order an AWS Snowball Edge device. Copy the NFS server data to the device. Restore the NFS server data to an Amazon EC2 instance that has NFS configured.

B.  

Configure AWS Application Migration Service with a connection to the VMware cluster. Create a replication job for the VMS. Create an Amazon Elastic File System (Amazon EFS) file system. Configure AWS DataSync to copy the NFS server data to the EFS file system over the Direct Connect connection.

C.  

Recreate the VMS on AWS as Amazon EC2 instances. Install all the required software packages. Create an Amazon FSx for Lustre file system. Configure AWS DataSync to copy the NFS server data to the FSx for Lustre file system over the Direct Connect connection.

D.  

Order two AWS Snowball Edge devices. Copy the VMS and the NFS server data to the devices. Run VM Import/Export after the data from the devices isloaded to an Amazon S3 bucket. Create an Amazon Elastic File System (Amazon EFS) file system. Copy the NFS server data from Amazon S3 to the EFS file system.

Discussion 0
Question # 161

A company is planning to host a web application on AWS and works to load balance the traffic across a group of Amazon EC2 instances. One of the security requirements is to enable end-to-end encryption in transit between the client and the web server.

Which solution will meet this requirement?

Options:

A.  

Place the EC2 instances behind an Application Load Balancer (ALB) Provision an SSL certificate using AWS Certificate Manager (ACM), and associate the SSL certificate with the AL

B.  

Export the SSL certificate and install it on each EC2 instance. Configure the ALB to listen on port443 and to forward traffic to port 443 on the instances.

B.  

Associate the EC2 instances with a target group. Provision an SSL certificate using AWS Certificate Manager (ACM). Create an Amazon CloudFront distribution and configure It to use the SSL certificate. Set CloudFront to use the target group as the origin server

C.  

Place the EC2 instances behind an Application Load Balancer (ALB). Provision an SSL certificate using AWS Certificate Manager (ACM), and associate the SSL certificate with the AL

B.  

Provision a third-party SSL certificate and install it on each EC2 instance. Configure the ALB to listen on port 443 and to forward traffic to port 443 on the instances.

D.  

Place the EC2 instances behind a Network Load Balancer (NLB). Provision a third-party SSL certificate and install it on the NLB and on each EC2 instance. Configure the NLB to listen on port 443 and to forward traffic to port 443 on the instances.

Discussion 0
Question # 162

A solutions architect has deployed a web application that serves users across two AWS Regionsunder a custom domain The application uses Amazon Route 53 latency-based routing The solutions architect has associated weighted record sets with a pair of web servers in separate Availability Zones for each Region

The solutions architect runs a disaster recovery scenario When all the web servers in one Region are stopped. Route 53 does not automatically redirect users to the other Region

Which of the following are possible root causes of this issue1? (Select TWO)

Options:

A.  

The weight for the Region where the web servers were stopped is higher than the weight for the other Region.

B.  

One of the web servers in the secondary Region did not pass its HTTP health check

C.  

Latency resource record sets cannot be used in combination with weighted resource record sets

D.  

The setting to evaluate target health is not turned on for the latency alias resource record set that is associated with the domain in the Region where the web servers were stopped.

E.  

An HTTP health check has not been set up for one or more of the weighted resource record sets associated with the stopped web servers

Discussion 0
Question # 163

A company is using an Amazon ECS cluster to run a data-processing application. Different business groups share ECS services in the ECS cluster. The ECS cluster runs on Amazon EC2 instances. ECS cluster auto scaling is enabled.

The company needs to assign EC2 costs of ECS tasks to the appropriate business groups.

Which solution will meet this requirement with the LEAST operational overhead?

Options:

A.  

Create a cost allocation tag on the EC2 Auto Scaling group to indicate the business group. Use AWS Cost Explorer to assign EC2 costs to the appropriate business group.

B.  

Enable split cost allocation data in AWS Cost Explorer. Create an AWS Cost and Usage Report that uses tags to assign EC2 costs to the appropriate business group.

C.  

Create a separate ECS cluster for each business group. Use AWS Cost Explorer to assign EC2 costs to the appropriate business group.

D.  

Create an AWS cost category for each business group. Define split charge rules for the ECS cluster for the business groups. Create an AWS Cost and Usage Report.

Discussion 0
Question # 164

A company needs to apply consistent custom security audit rules across its organization in AWS Organizations. Accounts in the organization use a single AWS Region.

The company uses AWS Config in each account with four custom rules and five managed rules. The rules must be deployed to all accounts and must not be editable by member accounts. The company wants to easily update rules in the future. All required permissions are already in place.

Which combination of steps will meet these requirements with the LEAST operational effort? (Select TWO.)

Options:

A.  

Call the PutOrganizationConformancePack API operation from a delegated administrator account to deploy the conformance pack to the entire organization.

B.  

Create an AWS Config conformance pack that includes four custom policy rules.

C.  

Create an AWS Config conformance pack that includes four custom policy rules and five AWS managed rules.

D.  

Deploy five AWS organizational rules and the conformance pack from a delegated administrator account to the entire organization.

E.  

Use AWS CloudFormation StackSets to deploy the conformance pack with termination protection.

Discussion 0
Question # 165

Question:

A company is migrating a containerized Kubernetes app with manifest files to AWS. What is the easiest migration path?

Options:

A.  

App Runner + open-source repo

B.  

Amazon EKSwith managed node groups and Aurora

C.  

ECS on EC2 + task definitions

D.  

Rebuild Kubernetes cluster on EC2 manually

Discussion 0
Get SAP-C02 dumps and pass your exam in 24 hours!

Free Exams Sample Questions