Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

SAP-C02 AWS Certified Solutions Architect - Professional is now Stable and With Pass Result | Test Your Knowledge for Free

  1. Home
  2. Amazon Web Services
  3. AWS Certified Professional
  4. SAP-C02
  5. AWS Certified Solutions Architect - Professional
Exams4sure Dumps

SAP-C02 Practice Questions

AWS Certified Solutions Architect - Professional

Last Update 22 hours ago
Total Questions : 683

Dive into our fully updated and stable SAP-C02 practice test platform, featuring all the latest AWS Certified Professional exam questions added this week. Our preparation tool is more than just a Amazon Web Services study aid; it's a strategic advantage.

Our free AWS Certified Professional practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about SAP-C02. Use this test to pinpoint which areas you need to focus your study on.

SAP-C02 PDF

SAP-C02 PDF (Printable)
$54.25
$154.99
 Add to Cart

SAP-C02 Testing Engine

SAP-C02 PDF (Printable)
$59.5
$169.99
 Add to Cart

SAP-C02 PDF + Testing Engine

SAP-C02 PDF (Printable)
$74.55
$212.99
 Add to Cart
Question # 16

A company is building a software-as-a-service (SaaS) solution on AWS. The company has deployed an Amazon API Gateway REST API with AWS Lambda integration in multiple AWS Regions and in the same production account.

The company offers tiered pricing that gives customers the ability to pay for the capacity to make a certain number of API calls per second. The premium tier offers up to 3,000 calls per second, and customers are identified by a unique API key. Several premium tier customers in various Regions report that they receive error responses of 429 Too Many Requests from multiple API methods during peak usage hours. Logs indicate that the Lambda function is never invoked.

What could be the cause of the error messages for these customers?

Options:

A.  

The Lambda function reached its concurrency limit.

B.  

The Lambda function its Region limit for concurrency.

C.  

The company reached its API Gateway account limit for calls per second.

D.  

The company reached its API Gateway default per-method limit for calls per second.

Discussion 0
Question # 17

A company uses multiple software as a service SaaS applications for messaging, email, and file sharing. The SaaS applications are compatible with AWS AppFabric. The company’s web application runs in a VPC on an Amazon EKS cluster and uses Amazon S3 to store data.

The company wants to detect security incidents across the SaaS applications and the web application that could compromise company data. The company needs a centralized solution that provides a dashboard. The dashboard must show the IP addresses, email addresses, and access frequencies of unique users across its SaaS applications and the web application.

Which combination of steps will meet these requirements with the LEAST operational overhead? Select THRE

E.  

Options:

A.  

Ingest audit log data from each SaaS application into AWS AppFabric. Convert the audit log data into Open Cybersecurity Schema Framework OCSF normalized Apache Parquet format. Send the logs to Amazon Data Firehose to be delivered to an Amazon Security Lake S3 bucket.

B.  

Ingest networking and usage log data from each SaaS application into AWS AppFabric. Convert the networking and usage log data into JSON format. Send the logs to Amazon Data Firehose to be delivered to Amazon OpenSearch Service.

C.  

Create an Amazon S3 bucket to receive logs in JSON format through Amazon Data Firehose. Create a dashboard in Amazon CloudWatch. Configure the dashboard to visualize the location of the IP addresses, email addresses, and access frequencies of unique users by using data from the S3 bucket.

D.  

Configure the logs associated with AWS CloudTrail management events, AWS CloudTrail data events for Amazon S3, Amazon EKS audit logs, and VPC Flow Logs as sources in Amazon Security Lake. Add AWS AppFabric as a custom source in Security Lake.

E.  

Configure Amazon Security Lake to send security data from different sources to Amazon Redshift. Use Amazon QuickSight to create a visualization of the security data.

F.  

Configure Amazon Security Lake to send security data from different sources to Amazon OpenSearch Service by using OpenSearch Ingestion. Use the OpenSearch Service dashboard to create a visualization of the security data.

Discussion 0
Question # 18

A company is providing weather data over a REST-based API to several customers. The API is hosted by Amazon API Gateway and is integrated with different AWS Lambda functions for each API operation. The company uses Amazon Route 53 for DNS and has created a resource record of weather.example.com. The company stores data for the API in Amazon DynamoDB tables. The company needs a solution that will give the API the ability to fail over to a different AWS Region.

Which solution will meet these requirements?

Options:

A.  

Deploy a new set of Lambda functions in a new Region. Update the API Gateway API to use an edge-optimized API endpoint with Lambda functions from both Regions as targets. Convert the DynamoDB tables to global tables.

B.  

Deploy a new API Gateway API and Lambda functions in another Region. Change the Route 53 DNS record to a multivalue answer. Add both API Gateway APIs to the answer. Enable target health monitoring. Convert the DynamoDB tables to global tables.

C.  

Deploy a new API Gateway API and Lambda functions in another Region. Change the Route 53 DNS record to a failover record. Enable target health monitoring. Convert the DynamoDB tables to global tables.

D.  

Deploy a new API Gateway API in a new Region. Change the Lambda functions to global functions. Change the Route 53 DNS record to a multivalue answer. Add both API Gateway APIs to the answer. Enable target health monitoring. Convert the DynamoDB tables to global tables.

Discussion 0
Question # 19

A company has 10 accounts that are part of an organization in AWS Organizations AWS Config is configured in each account All accounts belong to either the Prod OU or the NonProd OU

The company has set up an Amazon EventBridge rule in each AWS account to notify an Amazon Simple Notification Service (Amazon SNS) topic when an Amazon EC2 security group inbound rule is created with 0.0.0.0/0 as the source The company ' s security team is subscribed to the SNS topic

For all accounts in the NonProd OU the security team needs to remove the ability to create a security group inbound rule that includes 0.0.0.0/0 as the source

Which solution will meet this requirement with the LEAST operational overhead?

Options:

A.  

Modify the EventBridge rule to invoke an AWS Lambda function to remove the security group inbound rule and to publish to the SNS topic Deploy the updated rule to the NonProd OU

B.  

Add the vpc-sg-open-only-to-authorized-ports AWS Config managed rule to the NonProd OU

C.  

Configure an SCP to allow the ec2 AulhonzeSecurityGrouplngress action when the value of the aws Sourcelp condition key is not 0.0.0.0/0 Apply the SCP to the NonProd OU

D.  

Configure an SCP to deny the ec2 AuthorizeSecurityGrouplngress action when the value of the aws Sourcelp condition key is 0.0.0.0/0 Apply the SCP to the NonProd OU

Discussion 0
Question # 20

Question:

A company runs an application on Amazon EC2 and AWS Lambda. The application stores temporary data in Amazon S3. The S3 objects are deleted after 24 hours.

The company deploys new versions of the application by launching AWS CloudFormation stacks. The stacks create the required resources. After validating a new version, the company deletes the old stack. The deletion of an old development stack recently failed.

A solutions architect needs to resolve this issue without major architecture changes.

Which solution will meet these requirements?

Options:

A.  

Create a Lambda function to delete objects from the S3 bucket. Add the Lambda function as a custom resource in the CloudFormation stack with a DependsOn attribute that points to the S3 bucket resource.

B.  

Modify the CloudFormation stack to attach a DeletionPolicy attribute with a value of Delete to the S3 bucket.

C.  

Update the CloudFormation stack to add a DeletionPolicy attribute with a value of Snapshot for the S3 bucket resource.

D.  

Update the CloudFormation template to create an Amazon EFS file system to store temporary files instead of Amazon S3. Configure the Lambda functions to run in the same VPC as the EFS file system.

Discussion 0
Question # 21

A company runs many workloads on AWS and uses AWS Organizations to manage its accounts. The workloads are hosted on Amazon EC2. AWS Fargate. and AWS Lambda. Some of the workloads have unpredictable demand. Accounts record high usage in some months and low usage in other months.

The company wants to optimize its compute costs over the next 3 years A solutions architect obtains a 6-month average for each of the accounts across the organization to calculate usage.

Which solution will provide the MOST cost savings for all the organization ' s compute usage?

Options:

A.  

Purchase Reserved Instances for the organization to match the size and number of the most common EC2 instances from the member accounts.

B.  

Purchase a Compute Savings Plan for the organization from the management account by using the recommendation at the management account level

C.  

Purchase Reserved Instances for each member account that had high EC2 usage according to the data from the last 6 months.

D.  

Purchase an EC2 Instance Savings Plan for each member account from the management account based on EC2 usage data from the last 6 months.

Discussion 0
Question # 22

A company wants to use a third-party software-as-a-service (SaaS) application. The third-party SaaS application is consumed through several API calls. The third-party SaaS application also runs on AWS inside a VP

C.  

The company will consume the third-party SaaS application from inside a VP

C.  

The company has internal security policies that mandate the use of private connectivity that does not traverse the internet. No resources that run in the company VPC are allowed to be accessed from outside the company’s VP

C.  

All permissions must conform to the principles of least privilege.

Which solution meets these requirements?

Options:

A.  

Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint.

B.  

Create an AWS Site-to-Site VPN connection between the third-party SaaS application and thecompany VP

C.  

Configure network ACLs to limit access across the VPN tunnels.

C.  

Create a VPC peering connection between the third-party SaaS application and the company VPUpdate route tables by adding the needed routes for the peering connection.

D.  

Create an AWS PrivateLink endpoint service. Ask the third-party SaaS provider to create an interface VPC endpoint for this endpoint service. Grant permissions for the endpoint service to the specific account of the third-party SaaS provider.

Discussion 0
Question # 23

Question:

A company mandates that all internal AWS communications useprivate IPs. A solutions architect createdinterface VPC endpointsfor public AWS services like S3. However, service names are still resolving topublic IP addresses, and the internal apps cannot connect.

What should the architect do to resolve this issue?

Options:

A.  

Update the subnet route table with a route to the interface endpoint.

B.  

Enable the private DNS option on the VPC attributes.

C.  

Configure the security group on the interface endpoint to allow access.

D.  

Configure a private hosted zone with conditional forwarding.

Discussion 0
Question # 24

A company operates a data analytics platform that uses Amazon S3 to store petabytes of customer data. The platform stores data in multiple S3 buckets across four AWS Regions. The company has configured S3 Cross-Region Replication and uses several S3 prefixes across the S3 buckets.

The company wants to analyze and visualize trends and replication metrics for its S3 storage, including for specific prefixes, over a 12-month period.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Use the S3 Intelligent-Tiering storage class for all the S3 buckets. Configure Amazon CloudWatch to collect metrics for storage transitions. Track S3 API calls in AWS CloudTrail. Export all logs and metrics to an S3 bucket. Use Amazon Athena to query the logs. Add bucket prefixes to query clauses for the specified prefixes. Use Amazon QuickSight to generate visualizations.

B.  

Create an S3 Storage Lens dashboard. Enable advanced metrics and recommendations. Create Storage Lens groups and configure filters for the specified prefixes. Attach the groups to the dashboard. Configure Storage Lens metrics to export to an S3 bucket. Use Amazon Athena to query the metrics. Use Amazon QuickSight to generate visualizations for custom analytics.

C.  

Configure AWS Cost Explorer with S3 storage filters. Set up scheduled reports to produce daily exports. Export all data to Amazon CloudWatch Logs and use CloudWatch Logs Insights to query and visualize the data. Track the CloudWatch bucket prefix metric for the specified prefixes.

D.  

Create an S3 Storage Lens dashboard. Enable default metrics and recommendations. Configure S3 server access logging on all the buckets. Deliver all logs and metrics to an Amazon Managed Service for Prometheus workspace. Add bucket prefix metadata. Use Amazon Managed Grafana to query and visualize the data.

Discussion 0
Question # 25

A global media company is planning a multi-Region deployment of an application. Amazon DynamoDB global tables will back the deployment to keep the user experience consistent across the two continents where users are concentrated. Each deployment will have a public Application Load Balancer (ALB). The company manages public DNS internally. The company wants to make the application available through an apex domain.

Which solution will meet these requirements with the LEAST effort?

Options:

A.  

Migrate public DNS to Amazon Route 53. Create CNAME records for the apex domain to point to the AL

B.  

Use a geolocation routing policy to route traffic based on user location.

B.  

Place a Network Load Balancer (NLB) in front of the AL

B.  

Migrate public DNS to Amazon Route 53. Create a CNAME record for the apex domain to point to the NLB ' s static IP address. Use a geolocation routing policy to route traffic based on user location.

C.  

Create an AWS Global Accelerator accelerator with multiple endpoint groups that target endpoints in appropriate AWS Regions. Use the accelerator ' s static IP address to create a record in public DNS for the apex domain.

D.  

Create an Amazon API Gateway API that is backed by AWS Lambda in one of the AWS Regions. Configure a Lambda function to route traffic to application deployments by using the round robin method. Create CNAME records for the apex domain to point to the API ' s URL.

Discussion 0
Question # 26

A company runs a workload in the AWS Cloud. The company stores data for the application in an older version of Amazon DocumentD

B.  

Several backend services read and write data to the database continuously throughout all hours of the day. All services connect to the database by using the Amazon DocumentDB cluster endpoint, which is registered as a DNS record in Amazon Route 53.

The company needs to upgrade the database to the latest version of Amazon DocumentDB without losing any data. The company must be able to test and verify the upgrade before the company allows backend services to use the upgraded version. The company has already enabled change streams and set a retention period of 24 hours.

Which solution will meet these requirements?

Options:

A.  

Create a new Amazon DocumentDB cluster that runs the latest version. Use the Amazon DocumentDB Index Tool to export existing indexes and import them to the new cluster. Create a new AWS DMS instance and a source and target endpoint. Create a DMS task to migrate the data by using the Migrate and replicate migration type. Test and verify the new cluster. Update the Route 53 record to point to the new cluster.

B.  

Create a new Amazon DocumentDB cluster that runs the latest version. Install MongoDB command line interface (CLI) database tools on an Amazon EC2 instance. Use the MongoDB CLI to create a binary export, and import the data to the new Amazon DocumentDB cluster. Test and verify the new cluster. Update the Route 53 record to point to the new cluster.

C.  

Create a snapshot of the existing Amazon DocumentDB cluster. Perform an in-place major version upgrade. Modify the existing cluster to the latest version and the latest cluster parameter group. Apply modifications immediately. Test and verify the upgrade.

D.  

Create a new Amazon DocumentDB cluster that runs the latest version. Deploy the AWS DataSync agent to an Amazon EC2 instance and activate the agent. Create a new AWS DataSync task in enhanced mode. Start the transfer task to copy data to the new cluster. Test and verify the new cluster. Update the Route 53 record to point to the new cluster.

Discussion 0
Question # 27

A company has a serverless application comprised of Amazon CloudFront, Amazon API Gateway, and AWS Lambda functions. The current deployment process of the application code is to create a new version number of the Lambda function and run an AWS CLI script to update. If the new function version has errors, another CLI script reverts by deploying the previous working version of the function. The company would like to decrease the time to deploy new versions of the application logic provided by the Lambda functions, and also reduce the time to detect and revert when errors are identified.

How can this be accomplished?

Options:

A.  

Create and deploy nested AWS CloudFormation stacks with the parent stack consisting of the AWS CloudFront distribution and API Gateway, and the child stack containing the Lambda function. For changes to Lambda, create an AWS CloudFormation change set and deploy; if errors are triggered, revert the AWS CloudFormation change set to the previous version.

B.  

Use AWS SAM and built-in AWS CodeDeploy to deploy the new Lambda version, gradually shift traffic to the new version, and use pre-traffic and post-traffic test functions to verify code. Rollback if Amazon CloudWatch alarms are triggered.

C.  

Refactor the AWS CLI scripts into a single script that deploys the new Lambda version. When deployment is completed, the script tests execute. If errors are detected, revert to the previous Lambda version.

D.  

Create and deploy an AWS CloudFormation stack that consists of a new API Gateway endpoint that references the new Lambda version. Change the CloudFront origin to the new API Gateway endpoint, monitor errors and if detected, change the AWS CloudFront origin to the previous API Gateway endpoint.

Discussion 0
Question # 28

A company needs to optimize the infrastructure for an application that uploads data to Amazon S3. The uploads average 64 KB in size. When the data is uploaded, Amazon S3 sends an event to Amazon EventBridge. EventBridge then invokes an Amazon ECS application task.

The ECS task processes the data and stores the results in an Amazon DynamoDB table. Processing takes an average of 15 minutes. The company must keep the S3 data for 5 years and must keep the DynamoDB data for 15 days.

The application is gaining more users and is handling millions of S3 uploads every hour.

Which set of changes will provide the MOST cost-effective solution for the application?

Options:

A.  

Replace the ECS task with an AWS Lambda function for processing. Create S3 Lifecycle rules to move the S3 objects to S3 Intelligent-Tiering after 1 day and to expire the objects after 5 years. Configure DynamoDB Standard-Infrequent Access for the DynamoDB table.

B.  

Replace the S3 bucket with Amazon Managed Streaming for Apache Kafka (Amazon MSK) to receive the data. Configure tiered storage for data that is older than 1 day. Configure EventBridge to read messages from Amazon MSK in batches of 1,000 messages. Replace the ECS task with an AWS Lambda function for processing. Configure a TTL of 15 days on the DynamoDB table.

C.  

Create an Amazon Data Firehose stream to receive the data. Configure buffering to deliver messages every minute to Amazon S3 in gzip format. Purchase a Compute Savings Plan based on usage recommendations. Create S3 Lifecycle rules to move the S3 objects to S3 Glacier Deep Archive after 1 day and to expire the objects after 5 years. Configure a TTL of 15 days on the DynamoDB table.

D.  

Purchase a Compute Savings Plan based on usage recommendations. Create S3 Lifecycle rules to move the S3 objects to S3 Glacier Deep Archive after 1 day and to expire the objects after 5 years. Configure DynamoDB Standard-Infrequent Access for the DynamoDB table.

Discussion 0
Question # 29

Question:

A company is migrating its on-premises file transfer solution to AWS Transfer Family. The current system includes an SFTP server, a transformation application, and a messaging server. Transformations run every 5 minutes and notify the messaging server when complete.

The company wants to simplify and reduce operational overhead.

Options:

A.  

Use Amazon EFS and a cron job to perform the transformations. Notify using SNS.

B.  

Use Amazon EMR to perform the transformations and notify via SNS.

C.  

Use Amazon S3 as storage with AWS Glue triggered by S3 events for transformations, and notify via SQS.

D.  

Use Amazon EFS with a time-based AWS Glue job every 5 minutes.

Discussion 0
Question # 30

A solutions architect is creating an AWS CloudFormation template from an existing manually created non-production AWS environment The CloudFormation template can be destroyed and recreated as needed The environment contains an Amazon EC2 instance The EC2 instance has an instance profile that the EC2 instance uses to assume a role in a parent account

The solutions architect recreates the role in a CloudFormation template and uses the same role name When the CloudFormation template is launched in the child account, the EC2 instance can no longer assume the role in the parent account because of insufficient permissions

What should the solutions architect do to resolve this issue?

Options:

A.  

In the parent account edit the trust policy for the role that the EC2 instance needs to assume Ensure that the target role ARN in the existing statement that allows the sts AssumeRole action is correct Save the trust policy

B.  

In the parent account edit the trust policy for the role that the EC2 instance needs to assume Add a statement that allows the sts AssumeRole action for the root principal of the child account Save the trust policy

C.  

Update the CloudFormation stack again Specify only the CAPABILITY_NAMED_IAM capability

D.  

Update the CloudFormation stack again Specify the CAPABIUTYJAM capability and the CAPABILITY_NAMEDJAM capability

Discussion 0
Get SAP-C02 dumps and pass your exam in 24 hours!

Free Exams Sample Questions

Free SY0-701 Questions
Free Rev-Con-201 Questions
Free 2V0-13.25 Questions
Free ZDTE Questions
Free N10-009 Questions
Free 200-301 Questions
Free AZ-104 Questions
Free 350-401 Questions
Free 2V0-17.25 Questions
Free CMMC-CCP Questions
Free AIF-C01 Questions
Free CMMC-CCA Questions
Free AI-102 Questions
Free 312-50v13 Questions
Free ICWIM Questions
Free CKA Questions
Free SC-200 Questions
Free SC-300 Questions
Free OGEA-102 Questions
NGFW-Engineer Questions
ISA-IEC-62443 Questions
Free Agentforce Specialist Questions
Free Generative-AI-Leader Questions
Free FCSS_EFW_AD-7.6 Questions
Free Secure-Software-Design Questions
Free Data-Cloud-Consultant Questions
Free Workday-Pro-Integrations Questions
Free UAE-Financial-Rules-and-Regulations Questions
AWS-Solution-Architect-Associate Dumps
Professional-Cloud-Architect Dumps
Service-Cloud-Consultant Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
Associate-Cloud-Engineer Dumps
350-701 Dumps
ISO-IEC-27001-Lead-Implementer Dumps
Integration-Architect Dumps
CLF-C02 Dumps
JN0-105 Dumps
CDCP Dumps
CTA Dumps
NCP-MCI-6.10 Dumps
NCA-AIIO Dumps