Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

SAP-C02 AWS Certified Solutions Architect - Professional is now Stable and With Pass Result | Test Your Knowledge for Free

Exams4sure Dumps

SAP-C02 Practice Questions

AWS Certified Solutions Architect - Professional

Last Update 1 day ago
Total Questions : 683

Dive into our fully updated and stable SAP-C02 practice test platform, featuring all the latest AWS Certified Professional exam questions added this week. Our preparation tool is more than just a Amazon Web Services study aid; it's a strategic advantage.

Our free AWS Certified Professional practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about SAP-C02. Use this test to pinpoint which areas you need to focus your study on.

SAP-C02 PDF

SAP-C02 PDF (Printable)
$54.25
$154.99

SAP-C02 Testing Engine

SAP-C02 PDF (Printable)
$59.5
$169.99

SAP-C02 PDF + Testing Engine

SAP-C02 PDF (Printable)
$74.55
$212.99
Question # 166

A global healthcare analytics company runs a regulated workload on AWS across dozens of AWS accounts. The company uses an organization in AWS Organizations to manage the accounts. The company must regularly provide external auditors with evidence that specific security controls are implemented and continuously enforced. The security controls include encryption requirements for storage services, centralized logging configurations, and restrictions on public network access.

The company wants an automated solution that continuously collects evidence that shows that the controls are implemented across accounts. The solution must preserve historical evidence for specified time periods. The solution must also generate reports for the auditors that are mapped to specific regulatory frameworks. The company does not want to build custom evidence collection pipelines.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Enable AWS CloudTrail organization trails across all accounts and deliver the logs to a centralized Amazon S3 bucket in an audit account. Use Amazon Athena to query the centralized logs and build scheduled reports that auditors can review for evidence of the required security controls.

B.  

Enable AWS Security Hub across all accounts. Designate a delegated administrator account to aggregate security findings across the organization. Export Security Hub findings and compliance check results to Amazon S3. Generate periodic compliance reports for auditors.

C.  

Enable AWS Config rules in each account to evaluate the required security controls. Deliver configuration snapshots to a centralized Amazon S3 bucket. Use AWS Lambda functions in an audit account to periodically analyze the snapshots and generate compliance evidence reports for auditors.

D.  

Enable AWS Config rules across all accounts to evaluate the required security controls. Use an AWS Config aggregator in an audit account to centralize configuration data. Deploy AWS Config conformance packs that are aligned to the required regulatory frameworks. Use AWS Audit Manager to collect evidence and generate audit reports.

Discussion 0
Question # 167

A company is deploying a new API to AWS. The API uses Amazon API Gateway with a Regional API endpoint and an AWS Lambda function for hosting. The API retrieves data from an external vendor API, stores data in an Amazon DynamoDB global table, and retrieves data from the DynamoDB global table. The API key for the vendor ' s API is stored in AWS Secrets Manager and is encrypted with a customer managed key in AWS Key Management Service (AWS KMS). The company has deployed its own API into a single AWS Region.

A solutions architect needs to change the API components of the company ' s API to ensure that the components can run across multiple Regions in an active-active configuration.

Which combination of changes will meet this requirement with the LEAST operational overhead? (Choose three.)

Options:

A.  

Deploy the API to multiple Regions. Configure Amazon Route 53 with custom domain names that route traffic to each Regional API endpoint. Implement a Route 53 multivalue answer routing policy.

B.  

Create a new KMS multi-Region customer managed key. Create a new KMS customer managed replica key in each in-scope Region.

C.  

Replicate the existing Secrets Manager secret to other Regions. For each in-scope Region ' s replicated secret, select the appropriate KMS key.

D.  

Create a new AWS managed KMS key in each in-scope Region. Convert an existing key to a multi-Region key. Use the multi-Region key in other Regions.

E.  

Create a new Secrets Manager secret in each in-scope Region. Copy the secret value from the existing Region to the new secret in each in-scope Region.

F.  

Modify the deployment process for the Lambda function to repeat the deployment across in-scope Regions. Turn on the multi-Region option for the existing API. Select the Lambda function that is deployed in each Region as the backend for the multi-Region API.

Discussion 0
Question # 168

A company runs an application on a fleet of Amazon EC2 instances that are in private subnets behind an internet-facing Application Load Balancer (ALB). The ALB is the origin for an Amazon CloudFront distribution. An AWS WAF web ACL that contains various AWS managed rules is associated with the CloudFront distribution.

The company needs a solution that will prevent internet traffic from directly accessing the AL

B.  

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Create a new web ACL that contains the same rules that the existing web ACL contains. Associate the new web ACL with the AL

B.  

B.  

Associate the existing web ACL with the AL

B.  

C.  

Add a security group rule to the ALB to allow traffic from the AWS managed prefix list for CloudFront only.

D.  

Add a security group rule to the ALB to allow only the various CloudFront IP address ranges.

Discussion 0
Question # 169

A company is running a critical stateful web application on two Linux Amazon EC2 instances behind an Application Load Balancer (ALB) with an Amazon RDS for MySQL database The company hosts the DNS records for the application in Amazon Route 53 A solutions architect must recommend a solution to improve the resiliency of the application

The solution must meet the following objectives:

• Application tier RPO of 2 minutes. RTO of 30 minutes

• Database tier RPO of 5 minutes RTO of 30 minutes

The company does not want to make significant changes to the existing application architecture The company must ensure optimal latency after a failover

Which solution will meet these requirements?

Options:

A.  

Configure the EC2 instances to use AWS Elastic Disaster Recovery Create a cross-Region read replica for the RDS DB instance Create an ALB in a second AWS Region Create an AWS Global Accelerator endpoint and associate the endpoint with the ALBs Update DNS records to point to the Global Accelerator endpoint

B.  

Configure the EC2 instances to use Amazon Data Lifecycle Manager (Amazon DLM) to take snapshots of the EBS volumes Configure RDS automated backups Configure backup replication to a second AWS Region Create an ALB in the second Region Create an AWS Global Accelerator endpoint, and associate the endpoint with the ALBs Update DNS records to point to the Global Accelerator endpoint

C.  

Create a backup plan in AWS Backup for the EC2 instances and RDS DB instance Configure backup replication to a second AWS Region Create an ALB in the second Region Configure an Amazon CloudFront distribution in front of the ALB Update DNS records to point to CloudFront

D.  

Configure the EC2 instances to use Amazon Data Lifecycle Manager (Amazon DLM) to take snapshots of the EBS volumes Create a cross-Region read replica for the RDS DB instance Create an ALB in a second AWS Region Create an AWS Global Accelerator endpoint and associate the endpoint with the ALBs

Discussion 0
Question # 170

A company wants to containerize a multi-tier web application and move the application from an on-premises data center to AWS. The application includes web. application, and database tiers. The company needs to make the application fault tolerant and scalable. Some frequently accessed data must always be available across application servers. Frontend web servers need session persistence and must scale to meet increases in traffic.

Which solution will meet these requirements with the LEAST ongoing operational overhead?

Options:

A.  

Run the application on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate. Use Amazon Elastic File System (Amazon EFS) for data that is frequently accessed between the web and application tiers. Store the frontend web server session data in Amazon Simple Queue Service (Amazon SOS).

B.  

Run the application on Amazon Elastic Container Service (Amazon ECS) on Amazon EC2. Use Amazon ElastiCache for Redis to cache frontend web server session data. Use Amazon Elastic Block Store (Amazon EBS) with Multi-Attach on EC2 instances that are distributed across multiple Availability Zones.

C.  

Run the application on Amazon Elastic Kubernetes Service (Amazon EKS). Configure Amazon EKS to use managed node groups. Use ReplicaSets to run the web servers and applications. Create an Amazon Elastic File System (Amazon EFS) Me system. Mount the EFS file system across all EKS pods to store frontend web server session data.

D.  

Deploy the application on Amazon Elastic Kubernetes Service (Amazon EKS) Configure Amazon EKS to use managed node groups. Run the web servers and application as Kubernetes deployments in the EKS cluster. Store the frontend web server session data in an Amazon DynamoDB table. Create an Amazon Elastic File System (Amazon EFS) volume that all applications will mount at the time of deployment.

Discussion 0
Question # 171

A company is migrating its infrastructure to the AWS Cloud. The company must comply with a variety of regulatory standards for different projects. The company needs a multi-account environment.

A solutions architect needs to prepare the baseline infrastructure. The solution must provide a consistent baseline of management and security, but it must allow flexibility for different compliance requirements within various AWS accounts. The solution also needs to integrate with the existing on-premises Active Directory Federation Services (AD FS) server.

Which solution meets these requirements with the LEAST amount of operational overhead?

Options:

A.  

Create an organization in AWS Organizations. Create a single SCP for least privilege access across all accounts. Create a single OU for all accounts.Configure an IAM identity provider for federation with the on-premises AD FS server. Configure a central logging account with a defined process for loggenerating services to send log events to the central account. Enable AWS Config in the central account with conformance packs for all accounts.

B.  

Create an organization in AWS Organizations. Enable AWS Control Tower on the organization. Review included controls (guardrails) for SCPs. Check AWSConfig for areas that require additions. Add OUS as necessary. Connect AWS IAM Identity Center (AWS Single Sign-On) to the on-premises AD FS server.

C.  

Create an organization in AWS Organizations. Create SCPs for least privilege access. Create an OU structure, and use it to group AWS accounts. ConnectAWS IAM Identity Center (AWS Single Sign-On) to the on-premises AD FS server. Configure a central logging account with a defined process for loggenerating services to send log events to the central account. Enable AWS Config in the central account with aggregators and conformance packs.

D.  

Create an organization in AWS Organizations. Enable AWS Control Tower on the organization. Review included controls (guardrails) for SCPs. Check AWSConfig for areas that require additions. Configure an IAM identity provider for federation with the on-premises AD FS server.

Discussion 0
Question # 172

A company has several AWS Lambda functions written in Python. The functions are deployed with the .zip package deployment type. The functions use a Lambda layer that contains common libraries and packages in a .zip file. The Lambda .zip packages and the Lambda layer .zip file are stored in an Amazon S3 bucket.

The company must implement automatic scanning of the Lambda functions and the Lambda layer to identify CVEs. A subset of the Lambda functions must receive automated code scans to detect potential data leaks and other vulnerabilities. The code scans must occur only for selected Lambda functions, not all the Lambda functions.

Which combination of actions will meet these requirements? (Select THRE

E.  

)

Options:

A.  

Activate Amazon Inspector. Start automated CVE scans.

B.  

Activate Lambda standard scanning and Lambda code scanning in Amazon Inspector.

C.  

Enable Amazon GuardDuty. Enable the Lambda Protection feature in GuardDuty.

D.  

Enable scanning in the Monitor settings of the Lambda functions that need code scans.

E.  

Tag Lambda functions that do not need code scans. In the tag, include a key of InspectorCodeExclusion and a value of LambdaCodeScanning.

F.  

Use Amazon Inspector to scan the S3 bucket that contains the Lambda .zip packages and the Lambda layer .zip file for code scans.

Discussion 0
Question # 173

An adventure company has launched a new feature on its mobile app. Users can use the feature to upload their hiking and ratting photos and videos anytime. The photos and videos are stored in Amazon S3 Standard storage in an S3 bucket and are served through Amazon CloudFront.

The company needs to optimize the cost of the storage. A solutions architect discovers that most of the uploaded photos and videos are accessed infrequently after 30 days. However, some of the uploaded photos and videos are accessed frequently after 30 days. The solutions architect needs to implement a solution that maintains millisecond retrieval availability of the photos and videos at the lowest possible cost.

Which solution will meet these requirements?

Options:

A.  

Configure S3 Intelligent-Tiering on the S3 bucket.

B.  

Configure an S3 Lifecycle policy to transition image objects and video objects from S3 Standard to S3 Glacier Deep Archive after 30 days.

C.  

Replace Amazon S3 with an Amazon Elastic File System (Amazon EFS) file system that is mounted on Amazon EC2 instances.

D.  

Add a Cache-Control: max-age header to the S3 image objects and S3 video objects. Set the header to 30 days.

Discussion 0
Question # 174

A company is planning to migrate to the AWS Cloud. The company hosts many applications on Windows servers and Linux servers. Some of the servers are physical, and some of the servers are virtual. The company uses several types of databases in its on-premises environment. The company does not have an accurate inventory of its on-premises servers and applications.

The company wants to rightsize its resources during migration. A solutions architect needs to obtain information about the network connections and the application relationships. The solutions architect must assess the company ' s current environment and develop a migration plan.

Which solution will provide the solutions architect with the required information to develop the migration plan?

Options:

A.  

Use Migration Evaluator to request an evaluation of the environment from AWS. Use the AWS Application Discovery Service Agentless Collector to import the details into a Migration Evaluator Quick Insights report.

B.  

Use AWS Migration Hub and install the AWS Application Discovery Agent on the servers. Deploy the Migration Hub Strategy Recommendations application data collector. Generate a report by using Migration Hub Strategy Recommendations.

C.  

Use AWS Migration Hub and run the AWS Application Discovery Service Agentless Collector on the servers. Group the servers and databases by using AWS Application Migration Service. Generate a report by using Migration Hub Strategy Recommendations.

D.  

Use the AWS Migration Hub import tool to load the details of the company ' s on-premises environment. Generate a report by using Migration Hub Strategy Recommendations.

Discussion 0
Question # 175

A company runs a test application on an Amazon EC2 instance. Testing clients across the United States send data to the application by using a REST API. As traffic increases, application response times increase. The company wants to migrate to a serverless architecture and stream data to clients through WebSockets.

Which solution will meet these requirements?

Options:

A.  

Create a new Amazon API Gateway REST API. Implement the business logic in AWS Lambda functions. Set the Lambda functions as integrations to the new REST API. Create a new AWS Step Functions state machine and set the clients as targets. Use the state machine to send data back to the clients.

B.  

Create a new Amazon API Gateway HTTP API and an Amazon SQS queue. Configure the HTTP API to integrate with the SQS queue. Implement the business logic in an AWS Lambda function. Use the SQS queue to invoke the Lambda function. Configure the Lambda function to write data to an AWS AppSync Events channel. Ensure that the clients subscribe to the AWS AppSync Events channel.

C.  

Create a new AWS AppSync API and a new Amazon SQS queue. Integrate the SQS queue with the AWS AppSync API. Update the current business logic to consume from the SQS queue. Create a new Amazon EventBridge event bus and an EventBridge rule. Set the clients as targets for the rule. Use the EventBridge event bus to send data back to the clients.

D.  

Create a new Amazon CloudFront distribution. Implement the business logic in a CloudFront function. Set the CloudFront function as an origin of the CloudFront distribution. Enable AWS IoT Core. Configure the CloudFront function to write data to an MQTT topic. Ensure that the clients subscribe to the IoT Core MQTT topic through WebSockets.

Discussion 0
Question # 176

A solutions architect needs to migrate an on-premises legacy application to AWS. The application runs on two servers behind a bad balancer. The application requires a license file that is associated with the MAC address of the server ' s network adapter. It takes the software vendor 12 hours to send new license files. The application also uses configuration files with a static IP address to access a database host names are not supported.

Given these requirements. which combination of steps should be taken to implement highly available architecture for the application servers in AWS? (Select TWO.)

Options:

A.  

Create a pool of ENIs. Request license files from the vendor for the pool, and store the license files in Amazon $3. Create a bootstrap automation script to download a license file and attach the corresponding ENI to anAmazon EC2 instance.

B.  

Create a pool of ENIs. Request license files from the vendor for the pool, store the license files on an Amazon EC2 instance. Create an AMI from the instance and use this AMI for all future EC2

C.  

Create a bootstrap automation script to request a new license file from the vendor. When the response is received, apply the license file to an Amazon EC2 instance.

D.  

Edit the bootstrap automation script to read the database server IP address from the AWS Systems Manager Parameter Store. and inject the value into the local configuration files.

E.  

Edit an Amazon EC2 instance to include the database server IP address in the configuration files and re-create the AMI to use for all future EC2 instances.

Discussion 0
Question # 177

A company has developed a mobile game. The backend for the game runs on several virtual machines located in an on-premises data center. The business logic is exposed using a REST API with multiple functions. Player session data is stored in central file storage. Backend services use different API keys for throttling and to distinguish between live and test traffic.

The load on the game backend varies throughout the day. During peak hours, the server capacity is not sufficient. There are also latency issues when fetching player session data. Management has asked a solutions architect to present a cloud architecture that can handle the game ' s varying load and provide low-latency data access. The API model should not be changed.

Which solution meets these requirements?

Options:

A.  

Implement the REST API using a Network Load Balancer (NLB). Run the business logic on an Amazon EC2 instance behind the NL

B.  

Store player session data in Amazon Aurora Serverless.

B.  

Implement the REST API using an Application Load Balancer (ALB). Run the business logic in AWS Lambda. Store player session data in Amazon DynamoDB with on-demand capacity.

C.  

Implement the REST API using Amazon API Gateway. Run the business logic in AWS Lambda. Store player session data in Amazon DynamoDB with on- demand capacity.

D.  

Implement the REST API using AWS AppSync. Run the business logic in AWS Lambda. Store player session data in Amazon Aurora Serverless.

Discussion 0
Question # 178

A company runs an application on an Amazon EC2 instance in a private VP

C.  

The application accesses data from an Amazon S3 bucket. Currently, the application has outbound internet access through existing NAT gateways.

The company establishes an AWS Site-to-Site VPN connection from the company’s on-premises office to the VP

C.  

The company wants both the application and the on-premises users to access the S3 bucket without traversing the public internet. The company also wants to remove the NAT gateways.

Which solution will meet these requirements?

Options:

A.  

Create an S3 gateway endpoint with private DNS inside the VP

C.  

Update the routing for the on-premises environment to route the traffic for the S3 bucket to the gateway endpoint that is inside the VP

C.  

Update the on-premises DNS to use the private DNS names for the S3 bucket.

B.  

Create both an S3 gateway endpoint and an S3 interface endpoint with private DNS inside the VP

C.  

Update the routing for each of the VPC’s subnets and the on-premises environment. Update the on-premises DNS to use the private DNS names for the S3 bucket.

C.  

Install Mountpoint for Amazon S3 on the EC2 instance. Mount the S3 bucket directly to the EC2 instance. Configure the application to use the new mountpoint to access the S3 bucket.

D.  

Install Storage Browser for S3 on the EC2 instance and add it to the application. Ensure that the users of the application use Storage Browser to access the S3 data.

Discussion 0
Question # 179

A company collects air quality data from sensors. The company plans to use the MQTT protocol to send the data to AWS IoT Core. The company will process the data and then will store the data in an Amazon Aurora database.

During periods of low air quality, sensors will send data more frequently. The company must buffer the data during these periods to make sure that no data is lost before the data is processed and stored.

Which solution will meet these requirements?

Options:

A.  

Create an Amazon Kinesis data stream. Create an AWS IoT rule action and set the data stream as the target. Create an AWS Step Functions state machine that is invoked by the data stream. Use the state machine to process and store the data.

B.  

Create an Amazon Kinesis data stream. Create an AWS IoT rule action and set the data stream as the target. Create an application that runs on an Amazon ECS cluster with the AWS Fargate launch type. Configure the application to read data from the data stream, process the data, and store the data.

C.  

Create an Amazon SQS queue. Create an AWS IoT rule action and set the SQS queue as the target. Create an AWS Step Functions state machine that is invoked by the SQS queue. Use the state machine to process and store the data.

D.  

Create an Amazon SNS topic. Create an AWS IoT rule action and set the SNS topic as the target. Create an application that runs on an Amazon ECS cluster with the AWS Fargate launch type. Configure the application to read data from the SNS topic, process the data, and store the data.

Discussion 0
Question # 180

A company has a critical application in which the data tier is deployed in a single AWS Region. The data tier uses an Amazon DynamoDB table and an Amazon Aurora MySQL DB cluster. The current Aurora MySQL engine version supports a global database. The application tier is already deployed in two Regions.

Company policy states that critical applications must have application tier components and data tier components deployed across two Regions. The RTO and RPO must be no more than a few minutes each. A solutions architect must recommend a solution to make the data tier compliant with company policy.

Which combination of steps will meet these requirements? (Choose two.)

Options:

A.  

Add another Region to the Aurora MySQL DB cluster

B.  

Add another Region to each table in the Aurora MySQL DB cluster

C.  

Set up scheduled cross-Region backups for the DynamoDB table and the Aurora MySQL DB cluster

D.  

Convert the existing DynamoDB table to a global table by adding another Region to its configuration

E.  

Use Amazon Route 53 Application Recovery Controller to automate database backup and recovery to the secondary Region

Discussion 0
Get SAP-C02 dumps and pass your exam in 24 hours!

Free Exams Sample Questions