The latest AWS Certified Solutions Architect – Professional SAP-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Professional SAP-C02 exam and earn AWS Certified Solutions Architect – Professional SAP-C02 certification.
Table of Contents
- Question 611
- Exam Question
- Correct Answer
- Question 612
- Exam Question
- Correct Answer
- Question 613
- Exam Question
- Correct Answer
- Question 614
- Exam Question
- Correct Answer
- Question 615
- Exam Question
- Correct Answer
- Question 616
- Exam Question
- Correct Answer
- Question 617
- Exam Question
- Correct Answer
- Question 618
- Exam Question
- Correct Answer
- Question 619
- Exam Question
- Correct Answer
- Question 620
- Exam Question
- Correct Answer
Question 611
Exam Question
A financial services company has multiple AWS accounts hosting its portfolio of IT applications that serve the company’s retail and enterprise customers. A CloudWatch Logs agent is installed on each of the EC2 instances running these IT applications. The company wants to aggregate all security events in a centralized AWS account dedicated to log storage. The centralized operations team at the company needs to perform near-real-time gathering and collating events across multiple AWS accounts.
As a Solutions Architect Professional, which of the following solutions would you suggest to meet these requirements?
A. Set up CloudWatch Logs streams in each application AWS account to forward events to CloudWatch Logs in the centralized logging AWS account In the centralized logging AWS account subscribe a Kinesis Data Firehose stream to Amazon CloudWatch Events and further use the Firehose stream to store the log data in S3.
B. Set up CloudWatch Logs agents to publish data to a Kinesis Data Firehose stream in the centralized logging AWS account Create a Lambda function to read messages from the stream and push messages to Kinesis Data Firehose and then store the data in S3.
C. Set up a new IAM role in each application AWS account with permissions to view CloudWatch Logs. Create a Lambda function to assume this new role and perform an hourly export of each AWS account’s CloudWatch Logs data to an S3 bucket in the centralized logging AWS account.
D. Set up Kinesis Data Streams in the logging account and then subscribe the stream to CloudWatch Logs streams in each application AWS account via subscription filters. Configure an Amazon Kinesis Data Firehose delivery stream with the Data Streams as its source and persist the log data in an Amazon 53 bucket inside the logging AWS account.
Correct Answer
D. Set up Kinesis Data Streams in the logging account and then subscribe the stream to CloudWatch Logs streams in each application AWS account via subscription filters. Configure an Amazon Kinesis Data Firehose delivery stream with the Data Streams as its source and persist the log data in an Amazon 53 bucket inside the logging AWS account.
Question 612
Exam Question
A global healthcare company wants to develop a solution called Health Information Systems (HIS) on AWS Cloud that would allow the providers, payers, and government agencies to collaborate, anticipate and navigate the changing healthcare landscape. While pursuing this endeavor, the company would like to decrease its IT operational overhead so it could focus more intently on its core business healthcare analytics. The solution should help the company eliminate the bottleneck created by manual provisioning of development pipelines while adhering to crucial governance and control requirements. As a means to this end, the company has set up “AWS Organizations” to manage several of these scenarios and would like to use Service Control Policies (SCP) for central control over the maximum available permissions for the various accounts in their organization. This allows the organization to ensure that all accounts stay within the organization’s access control guidelines.
As a Solutions Architect Professional, which of the following scenarios would you identify as correct regarding the given use-case? (Select three)
A. If a user or role has an IAM permission policy that grants access to an action that is either not allowed or explicitly denied by the applicable SCPs, the user or role can’t perform that action.
B. SCPs do not affect service-linked role.
C. If a user or role has an IAM permission policy that grants access to an action that is either not allowed or explicitly denied by the applicable SCPs, the user or role can still perform that action.
D. SCPs affect all users and roles in attached accounts, including the root user.
E. SCPs affect service-linked roles.
F. SCPs affect all users and roles in attached accounts, excluding the root user.
Correct Answer
A. If a user or role has an IAM permission policy that grants access to an action that is either not allowed or explicitly denied by the applicable SCPs, the user or role can’t perform that action.
B. SCPs do not affect service-linked role.
D. SCPs affect all users and roles in attached accounts, including the root user.
Question 613
Exam Question
A social learning platform allows students to connect with other students as well as experts and professionals from academic, research institutes and industry. The goal of the company’s platform, developed on AWS Cloud, is to assist students pursuing higher education learn and develop skills in a manner unencumbered by socio-economic, location and resource barriers. The engineering team at the company manages 5 Amazon EC2 instances that make read-heavy database requests to the Amazon RDS for PostgreSQL DB cluster. As an AWS Certified Solutions Architect Professional, you have been asked to make the database cluster resilient from a disaster recovery perspective.
Which of the following features will help you prepare for database disaster recovery? (Select two)
A. Enable the automated backup feature of Amazon RDS in a multi-AZ deployment that creates backups in a single AWS Region.
B. Use database cloning feature of the RDS DB cluster.
C. Enable the automated backup feature of Amazon RDS in a multi-AZ deployment that creates backups across multiple Regions.
D. Use RDS Provisioned IOPS (SSD) Storage in place of General Purpose (SSD) Storage
E. Use cross-Region Read Replicas.
Correct Answer
A. Enable the automated backup feature of Amazon RDS in a multi-AZ deployment that creates backups in a single AWS Region.
E. Use cross-Region Read Replicas.
Question 614
Exam Question
A leading car information and shopping platform helps more than 20 million web and mobile users each month browse automobile dealer inventory. read vehicle reviews, and consume other automobile-related content by leveraging its library of 50 million vehicle photos uploaded by auto dealers. The company is planning a key update with even better image quality and faster load times on the company’s website as well as mobile apps but the existing image-handling solution based on Cloudera MapReduce clusters is not the right tool for the job. The company now wants to switch to a serverless solution on AWS Cloud. As part of this process, the engineering team has been studying various best practices for serverless solutions. They intend to use AWS Lambda extensively and are looking at the salient features to consider when using Lambda as the backbone for the serverless architecture.
As a Solutions Architect Professional, which of the following would you identify as key considerations for a serverless architecture? (Select three)
A. Since Lambda functions can scale extremely quickly, it’s a good idea to deploy a CloudWatch Alarm that notifies your team when function metrics such as ConcurrentExecutions or Invocations exceeds the expected threshold.
B. Lambda allocates compute power in proportion to the memory you allocate to your function. AWS, thus recommends to over provision your function time out settings for the proper performance of Lambda functions.
C. The bigger your deployment package, the slower your Lambda function will cold-start. Hence, AWS suggests packaging dependencies as a separate package from the actual Lambda package.
D. If you intend to reuse code in more than one Lambda function, you should consider creating a Lambda Layer for the reusable code.
E. Serverless architecture and containers complement each other and you should leverage Docker containers within the Lambda functions
F. By default Lambda functions always operate from an AWS-owned VPC and hence have access to any public internet address or public AWS APIs. Once a Lambda function is VPC-enabled it will need a route through a NAT gateway in a public subnet to access public resources.
Correct Answer
A. Since Lambda functions can scale extremely quickly, it’s a good idea to deploy a CloudWatch Alarm that notifies your team when function metrics such as ConcurrentExecutions or Invocations exceeds the expected threshold.
D. If you intend to reuse code in more than one Lambda function, you should consider creating a Lambda Layer for the reusable code.
F. By default Lambda functions always operate from an AWS-owned VPC and hence have access to any public internet address or public AWS APIs. Once a Lambda function is VPC-enabled it will need a route through a NAT gateway in a public subnet to access public resources.
Question 615
Exam Question
A Big Data Analytics company has built a custom data warehousing solution for a large airline by using Amazon Redshift. The solution helps the airline to analyze the international and domestic flight reservations, ticket issuing and boarding information, aircraft operation records, and cargo transportation records. As part of the cost optimizations, the airline now wants to move any historical data (any data older than a year) into S3, as the daily analytical reports consume data for just the last one year. However, the analysts at multiple divisions of the airline want to retain the ability to cross-reference this historical data along with the daily reports. The airline wants to develop a solution with the LEAST amount of effort and MINIMUM cost.
As a Solutions Architect Professional, which option would you recommend to address this use-case?
A. Set up access to the historical data via Athena. The analytics team can run historical data queries on Athena and continue the daily reporting on Redshift. In case the reports need to be cross-referenced, the analytics team needs to export these in flat files and then do further analysis.
B. Use Glue ETL job to load the S3 based historical data into Redshift. Once the ad-hoc queries are run for the historic data, it can be removed from Redshift.
C. Use Redshift Spectrum to create Redshift cluster tables pointing to the underlying historical data in S3. The analytics team can then query this historical data to cross-reference with the daily reports from Redshift.
D. Use the Redshift COPY command to load the S3 based historical data into Redshift. Once the ad-hoc queries are run for the historic data, it can be removed from Redshift.
Correct Answer
C. Use Redshift Spectrum to create Redshift cluster tables pointing to the underlying historical data in S3. The analytics team can then query this historical data to cross-reference with the daily reports from Redshift.
Question 616
Exam Question
A digital media company wants to use AWS Cloudfront to manage its content. Firstly. it would like to allow only those new users who have paid the annual subscription fee the ability to download the application installation file. Secondly. only the subscribers should be able to view the files in the members area.
As a Solutions Architect Professional, which of the following would you recommend as the MOST optimal solutions to deliver restricted content to the bona fide end users? (Select two)
A. Use CloudFront signed URLs to restrict access to the application installation file.
B. Use CloudFront signed cookies to restrict access to all the files in the members’ area of the website.
C. Use CloudFront signed cookies to restrict access to the application installation file.
D. Require HTTPS for communication between CloudFront and your 53 origin.
E. Use CloudFront signed URLs to restrict access to all the files in the members area of the website.
Correct Answer
A. Use CloudFront signed URLs to restrict access to the application installation file.
B. Use CloudFront signed cookies to restrict access to all the files in the members’ area of the website.
Question 617
Exam Question
A multi-national bank has recently migrated to AWS Cloud to utilize dedicated instances that are physically isolated at the host hardware level from instances that belong to other AWS accounts. The bank’s flagship application is hosted on a fleet of EC2 instances which are part of an Auto Scaling group (ASG). The ASG uses a Launch Configuration (LC-A) with “dedicated” instance placement tenancy but the VPC (VPC-A) used by the Launch Configuration LC-A has the instance tenancy set to default. Later the engineering team creates a new Launch Configuration (LC-B) with “default” instance placement tenancy but the VPC (VPC-B) used by the Launch Configuration LC-B has the instance tenancy set to dedicated.
As a Solutions Architect Professional, which of the following options would you identify as correct regarding the instances launched via Launch Configuration LC-A and Launch Configuration LC-B?
A. The instances launched by both Launch Configuration LC-A and Launch Configuration LC-B will have default instance tenancy.
B. The instances launched by Launch Configuration LC-A will have default instance tenancy while the instances launched by the Launch Configuration LC-B will have dedicated instance tenancy.
C. The instances launched by both Launch Configuration LC-A and Launch Configuration LC-B will have dedicated instance tenancy.
D. The instances launched by Launch Configuration LC-A will have dedicated instance tenancy while the instances launched by the Launch Configuration LC-B will have default instance tenancy.
Correct Answer
C. The instances launched by both Launch Configuration LC-A and Launch Configuration LC-B will have dedicated instance tenancy.
Question 618
Exam Question
A Wall Street based trading firm is modernizing its message queuing system by migrating from self-managed message-oriented middleware systems to Amazon SQS. The firm is using SQS to migrate several trading applications to the cloud to ensure high availability and cost efficiency while simplifying administrative complexity and overhead. The development team at the firm expects a peak rate of about 2,400 transactions per second to be processed via SQS. It is important that the messages are processed in the order they are received.
Which of the following options can be used to implement this system in the most cost-effective way?
A. Use Amazon SQS standard queue to process the messages.
B. Use Amazon SQS FIFO queue in batch mode of 4 transactions per operation to process the transactions at the peak rate
C. Use Amazon SQS FIFO queue in batch mode of 8 transactions per operation to process the transactions at the peak rate.
D. Use Amazon SQS FIFO queue in batch mode of 12 transactions per operation to process the transactions at the peak rate.
Correct Answer
C. Use Amazon SQS FIFO queue in batch mode of 8 transactions per operation to process the transactions at the peak rate.
Question 619
Exam Question
The world’s largest cable company uses AWS in a hybrid environment to innovate and deploy features for its flagship video product, XFINITY X1, several times a week. The company uses AWS products such as Amazon Virtual Private Cloud (Amazon VPC) and Amazon Direct Connect to deliver the scalability and security needed for rapidly innovating in a hybrid environment. As part of an internal product roadmap, the engineering team at the company has created a private hosted zone and associated it with a virtual private cloud (VPC). However, the domain names remain unresolved, resulting in errors.
As a Solutions Architect Professional, which of the following Amazon VPC configuration options would you use to get the private hosted zone to work?
A. DNS hostnames and DNS resolution should be enabled for private hosted zones.
B. There is a private hosted zone and a Resolver rule that routes traffic to your network for the same domain name resulting in an ambiguous routing rule.
C. The private and public hosted zones should not have overlapping namespaces.
D. Name server (NS) record and Start Of Authority (SOA) records should have the correct configurations.
Correct Answer
A. DNS hostnames and DNS resolution should be enabled for private hosted zones.
Question 620
Exam Question
A leading hotel reviews website has a repository of more than one million high-quality digital images. When this massive volume of images became too cumbersome to handle in-house, the company decided to offload the content to a central repository on Amazon S3 as part of its hybrid cloud strategy. The company now wants to reprocess its entire collection of photographic images to change the watermarks. The company wants to use Amazon EC2 instances and Amazon SQS in an integrated workflow to generate the sizes they need for each photo. The team wants to process a few thousand photos each night, using Amazon EC2 Spot Instances. The team uses Amazon SQS to communicate the photos that need to be processed and the status of the jobs. To handle certain sensitive photos, the team wants to postpone the delivery of certain messages to the queue by one minute while all other messages need to be delivered immediately to the queue.
As a Solutions Architect Professional, which of the following solutions would you suggest to the company to handle the workflow for sensitive photos?
A. Use message timers to postpone the delivery of certain messages to the queue by one minute.
B. Use delay queues to postpone the delivery of certain messages to the queue by one minute.
C. Use visibility timeout to postpone the delivery of certain messages to the queue by one minute.
D. Use dead-letter queues to postpone the delivery of certain messages to the queue by one minute.
Correct Answer
A. Use message timers to postpone the delivery of certain messages to the queue by one minute.