The latest AWS Certified Solutions Architect – Professional SAP-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Professional SAP-C02 exam and earn AWS Certified Solutions Architect – Professional SAP-C02 certification.
Table of Contents
- Question 381
- Exam Question
- Correct Answer
- Question 382
- Exam Question
- Correct Answer
- Question 383
- Exam Question
- Correct Answer
- Question 384
- Exam Question
- Correct Answer
- Question 385
- Exam Question
- Correct Answer
- Question 386
- Exam Question
- Correct Answer
- Question 387
- Exam Question
- Correct Answer
- Question 388
- Exam Question
- Correct Answer
- Question 389
- Exam Question
- Correct Answer
- Question 390
- Exam Question
- Correct Answer
Question 381
Exam Question
A Solutions Architect has created an AWS CloudFormation template for a three-tier application that contains an Auto Scaling group of Amazon EC2 instances running a custom AMI. The Solutions Architect wants to ensure that future updates to the custom AMI can be deployed to a running stack by first updating the template to refer to the new AMI, and then invoking UpdateStack to replace the EC2 instances with instances launched from the new AMI.
How can updates to the AMI be deployed to meet these requirements?
A. Create a change set for a new version of the template, view the changes to the running EC2 instances to ensure that the AMI is correctly updated, and then execute the change set.
B. Edit the AWS::AutoScaling: :LaunchConfiguration resource in the template, changing its DeletionPolicy to Replace.
C. Edit the AWS::AutoScaling: :LaunchConfiguration resource in the template, inserting an UpdatePolicy attribute.
D. Create a new stack from the updated template. Once it is successfully deployed, modify the DNS records to point to the new stack and delete the old stack.
Correct Answer
A. Create a change set for a new version of the template, view the changes to the running EC2 instances to ensure that the AMI is correctly updated, and then execute the change set.
Question 382
Exam Question
For a 3-tier, customer facing, inclement weather site utilizing a MySQL database running in a Region which has two AZs (Availability Zone), which architecture provides fault tolerance within the Region for the application that minimally requires 6 web tier servers and 6 application tier servers running in the web and application tiers and one MySQL database?
A. A web tier deployed in 2 AZs with 6 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (Elastic Load Balancer), and an application tier deployed in 2 AZs with 6 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB, and a Multi-AZ RDS (Relational Database Service) deployment
B. A web tier deployed in 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (Elastic Load Balancer), and an application tier deployed in 2 AZs with 3 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB, and a Multi-AZ RDS (Relational Database Service) deployment.
C. A web tier deployed in 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (Elastic Load Balancer), and an application tier deployed in 2 AZs with 6 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB, and one RDS (Relational Database Service) instance deployed with read replicas in the other AZ.
D. A web tier deployed in 1 AZ with 6 EC2 (Elastic Compute Cloud) instances inside an Auto Scaling Group behind an ELB (Elastic Load Balancer), and an application tier deployed in the same AZ with 6 EC2 instances inside an Auto Scaling Group behind an ELB, and a Multi-AZ RDS (Relational Database Service) deployment, with 6 stopped web tier EC2 instances and 6 stopped application tier EC2 instances all in the other AZ ready to be started if any of the running instances in the first AZ fails.
Correct Answer
A. A web tier deployed in 2 AZs with 6 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (Elastic Load Balancer), and an application tier deployed in 2 AZs with 6 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB, and a Multi-AZ RDS (Relational Database Service) deployment
Question 383
Exam Question
A Solutions Architect is designing a multi-account structure that has 10 existing accounts. The design must meet the following requirements: Consolidate all accounts into one organization. Allow full access to the Amazon EC2 service from the master account and the secondary accounts. Minimize the effort required to add additional secondary accounts.
Which combination of steps should be included in the solution? (Choose two.)
A. Create an organization from the master account. Send invitations to the secondary accounts from the master account. Accept the invitations and create an OU.
B. Create an organization from the master account. Send a join request to the master account from each secondary account. Accept the requests and create an OU.
C. Create a VPC peering connection between the master account and the secondary accounts. Accept the request for the VPC peering connection.
D. Create a service control policy (SCP) that enables full EC2 access, and attach the policy to the OU
E. Create a full EC2 access policy and map the policy to a role in each account. Trust every other account to assume the role.
Correct Answer
A. Create an organization from the master account. Send invitations to the secondary accounts from the master account. Accept the invitations and create an OU.
D. Create a service control policy (SCP) that enables full EC2 access, and attach the policy to the OU
Question 384
Exam Question
Your multi-national customer wants to rewrite a website portal to “take advantage of AWS best practices”. Other information that you have for this large Enterprise customer is as follows:
- Part of the portal is an employee-only section, and authentication must be against the corporate Active Directory.
- You used a web analytics website to discover that on average there were 140,000 visitors per month over the past year, a peak of 187,000 unique visitors last month, and a minimum of 109,000 unique visitors two months ago. You have no information about what percentage of these visitors represents employees who signed into the portal.
- The web analytics website also revealed that traffic breakdown is 40 percent South America, 50 percent North America, and 10 percent other.
- The customer’s primary data center is located in Sao Paulo Brazil.
- Their chief technology officer believes that response time for logging in to the employee portal is a primary metric, because employees complain that the current website is too slow in this regard.
When you present your proposed application architecture to the customer, which of the following should you propose as part of the architecture? Choose 3 answers
A. A three-subnet VPC, with an AD controller in the AWS region. The AWS AD controller will be part of the primary AD controller’s forest, and will synchronize with the corporate controller over a dedicated pipe to the corporate data center
B. Do not use Amazon CloudFront, because the employees who log in to the portal have unique (private) session data that should not be cached in a content delivery network.
C. A three-subnet VPC, with all AD calls traversing a dedicated pipe to the corporate data center
D. Establish the AWS presence in the US-EAST region, with a dedicated pipe to the corporate data center.
E. Establish the AWS presence in multiple regions: SA-EAST, and also US-EAST, with a dedicated pipe from both SA-EAST and US-EAST to the corporate data center — and also a dedicated connection between regions. Replicate data as needed between the regions. Use a geo load balancer to determine which region is primary for a given user.
F. Use Amazon CloudFront to cache pages for users at the nearest edge location.
Correct Answer
A. A three-subnet VPC, with an AD controller in the AWS region. The AWS AD controller will be part of the primary AD controller’s forest, and will synchronize with the corporate controller over a dedicated pipe to the corporate data center
D. Establish the AWS presence in the US-EAST region, with a dedicated pipe to the corporate data center.
F. Use Amazon CloudFront to cache pages for users at the nearest edge location.
Question 385
Exam Question
Any Company has acquired numerous companies over the past few years. The CIO for Any Company would like to keep the resources for each acquired company separate. The CIO also would like to enforce a chargeback model where each company pays for the AWS services it uses. The Solutions Architect is tasked with designing an AWS architecture that allows Any Company to achieve the following: Implementing a detailed chargeback mechanism to ensure that each company pays for the resources it uses. Any Company can pay for AWS services for all its companies through a single invoice. Developers in each acquired company have access to resources in their company only. Developers in an acquired company should not be able to affect resources in their company only. A single identity store is used to authenticate Developers across all companies.
Which of the following approaches would meet these requirements? (Choose two.)
A. Create a multi-account strategy with an account per company. Use consolidated billing to ensure that AnyCompany needs to pay a single bill only.
B. Create a multi-account strategy with a virtual private cloud (VPC) for each company. Reduce impact across companies by not creating any VPC peering links. As everything is in a single account, there will be a single invoice. use tagging to create a detailed bill for each company.
C. Create IAM users for each Developer in the account to which they require access. Create policies that allow the users access to all resources in that account. Attach the policies to the IAM user.
D. Create a federated identity store against the company’s Active Directory. Create IAM roles with appropriate permissions and set the trust relationships with AWS and the identity store. Use AWS STS to grant users access based on the groups they belong to in the identity store.
E. Create a multi-account strategy with an account per company. For billing purposes, use a tagging solution that uses a tag to identify the company that creates each resource.
Correct Answer
A. Create a multi-account strategy with an account per company. Use consolidated billing to ensure that AnyCompany needs to pay a single bill only.
Question 386
Exam Question
A public archives organization is about to move a pilot application they are running on AWS into production. You have been hired to analyze their application architecture and give cost-saving recommendations. The application displays scanned historical documents. Each document is split into individual image tiles at multiple zoom levels to improve responsiveness and ease of use for the end users. At maximum zoom level the average document will be 8000x 6000 pixels in size, split into multiple 40pxx 40px image tiles. The tiles are batch processed by Amazon Elastic Compute Cloud (EC2) instances, and put into an Amazon Simple Storage Service(S3) bucket.A browser-based JavaScript viewer fetches tiles from the Amazon (S3) bucket and displays them to users as they zoom and pan around each document. The average storage size of all zoom levels for a document is approximately 30MB of JPEG tiles. Originals of each document are archived in Amazon Glacier. The company expects to process and host over 500,000 scanned documents in the first year.
What are your recommendations? Choose 3 answers
A. Deploy an Amazon CloudFront distribution in front of the Amazon S3 tiles bucket
B. Increase the size (width/height) of the individual tiles at the maximum zoom level
C. Store the maximum zoom level in the low cost Amazon S3 Glacier option and only retrieve the most frequently access tiles as they are requested by users.
D. Use Amazon S3 Reduced Redundancy Storage for each zoom level.
E. Decrease the size (width/height) of the individual tiles at the maximum zoom level.
Correct Answer
A. Deploy an Amazon CloudFront distribution in front of the Amazon S3 tiles bucket
B. Increase the size (width/height) of the individual tiles at the maximum zoom level
D. Use Amazon S3 Reduced Redundancy Storage for each zoom level.
Question 387
Exam Question
A company deployed a three-tier web application in two regions: us-east-1 and eu-west-1. The application must be active in both regions at the same time. The database tier of the application uses a single Amazon RDS Aurora database globally, with a master in us-east-1 and a read replica in eu-west-1. Both regions are connected by a VPN. The company wants to ensure that the application remains available even in the event of a region level failure of all of the application’s components. It is acceptable for the application to be in read only mode for up to 1 hour. The company plans to configure two Amazon Route 53 record sets, one for each of the regions.
How should the company complete the configuration to meet its requirements while providing the lowest latency for the application end-users? (Choose two.)
A. Use failover routing and configure the us-east-1 record set as primary and the eu-west-1 record set as secondary. Configure an HTTP health check for the web application in us-east-1, and associate it to the us-east-1 record set.
B. Use weighted routing and configure each record set with a weight of 50. Configure an HTTP health check for each region, and attach it to the record set for that region.
C. Use latency-based routing for both record sets. Configure a health check for each region and attach it to the record set for that region.
D. Configure an Amazon CloudWatch alarm for the health checks in us-east-1, and have it invoke an AWS Lambda function that promotes the read replica in eu-west-1.
E. Configure an Amazon RDS event notifications to react to the failure of the database in us-east-1 by invoking an AWS Lambda function that promotes the read replica in eu-west-1
Correct Answer
C. Use latency-based routing for both record sets. Configure a health check for each region and attach it to the record set for that region.
D. Configure an Amazon CloudWatch alarm for the health checks in us-east-1, and have it invoke an AWS Lambda function that promotes the read replica in eu-west-1.
Question 388
Exam Question
A document storage company is deploying their application to AWS and changing their business model to support both Free Tier and Premium Tier users. The Premium Tier users will be allowed to store up to 200GB of data and Free Tier customers will be allowed to store only 5GB. The customer expects that billions of files will be stored. All users need to be alerted when approaching 75 percent quota utilization and again at 90 percent quota use.
To support the Free Tier and Premium Tier users, how should they architect their application?
A. The company should utilize an Amazon Simple Workflow Service activity worker that updates the userˈs used data counter in Amazon DynamoDB. The Activity Worker will use Simple Email Service to send an email if the counter increases above the appropriate thresholds.
B. The company should deploy an Amazon Relational Database Service (RDS) relational database with a stored objects table that has a row for each stored object along with the size of each object. The upload server will query the aggregate consumption of the user in question (by first determining the files stored by the user, and then querying the stored objects table for respective file sizes) and send an email via Amazon Simple Email Service if the thresholds are breached.
C. The company should write both the content length and the username of the files owner as S3 metadata for the object. They should then create a a file watcher to iterate over each object and aggregate the size for each user and send a notification via Amazon Simple Queue Service to an emailing service if the storage threshold is exceeded
D. The company should create two separate Amazon Simple Storage Service buckets, one for data storage for Free Tier Users, and another for data storage for Premium Tier users. An Amazon Simple Workflow Service activity worker will query all objects for a given user based on the bucket the data is stored in and aggregate storage. The activity worker will notify the user via Amazon Simple Notification Service when necessary.
Correct Answer
A. The company should utilize an Amazon Simple Workflow Service activity worker that updates the userˈs used data counter in Amazon DynamoDB. The Activity Worker will use Simple Email Service to send an email if the counter increases above the appropriate thresholds.
Question 389
Exam Question
A company runs a Windows Server host in a public subnet that is configured to allow a team of administrators to connect over RDP to troubleshoot issues with hosts in a private subnet. The host must be available at all times outside of a scheduled maintenance window, and needs to receive the latest operating system updates within 3 days of release.
What should be done to manage the host with the LEAST amount of administrative effort?
A. Run the host in a single-instance AWS Elastic Beanstalk environment. Configure the environment with a custom AMI to use a hardened machine image from AWS Marketplace. Apply system updates with AWS Systems Manager Patch Manager.
B. Run the host on AWS WorkSpaces. Use Amazon WorkSpaces Application Manager (WAM) to harden the host. Configure Windows automatic updates to occur every 3 days.
C. Run the host in an Auto Scaling group with a minimum and maximum instance count of 1. Use a hardened machine image from AWS Marketplace. Apply system updates with AWS Systems Manager Patch Manager.
D. Run the host in AWS OpsWorks Stacks. Use a Chief recipe to harden the AMI during instance launch. Use an AWS Lambda scheduled event to run the Upgrade Operating System stack command to apply system updates.
Correct Answer
B. Run the host on AWS WorkSpaces. Use Amazon WorkSpaces Application Manager (WAM) to harden the host. Configure Windows automatic updates to occur every 3 days.
Question 390
Exam Question
To enable end-to-end HTTPS connections from the userˈs browser to the origin via CloudFront, which of the following options would be valid? Choose 2 answers
A. Use a self signed certificate in the origin and CloudFront default certificate in CloudFront
B. Use the CloudFront default certificate in both the origin and CloudFront
C. Use third-party CA certificate in the origin and CloudFront default certificate in CloudFront
D. Use third-party CA certificate in both the origin and CloudFront
E. Use a self signed certificate in both the origin and CloudFront
Correct Answer
C. Use third-party CA certificate in the origin and CloudFront default certificate in CloudFront
D. Use third-party CA certificate in both the origin and CloudFront