The latest AWS Certified Solutions Architect – Professional SAP-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Professional SAP-C02 exam and earn AWS Certified Solutions Architect – Professional SAP-C02 certification.
Table of Contents
- Question 621
- Exam Question
- Correct Answer
- Question 622
- Exam Question
- Correct Answer
- Question 623
- Exam Question
- Correct Answer
- Question 624
- Exam Question
- Correct Answer
- Question 625
- Exam Question
- Correct Answer
- Question 626
- Exam Question
- Correct Answer
- Question 627
- Exam Question
- Correct Answer
- Question 628
- Exam Question
- Correct Answer
- Question 629
- Exam Question
- Correct Answer
- Question 630
- Exam Question
- Correct Answer
Question 621
Exam Question
A web hosting company’s CFO recently analyzed the company’s monthly bill for the AWS account for the development environment and identified an opportunity to reduce the cost for AWS Elastic Beanstalk infrastructure in use. The CFO in consultation with the CTO has hired you as an AWS Certified Solutions Architect Professional to design a highly available solution that will provision an Elastic Beanstalk environment in the morning and terminate it at the end of the day. The solution should be designed with minimal operational overhead with a focus on minimizing costs. The solution should also facilitate the increased use of Elastic Beanstalk environments among different development teams and must provide a one-stop scheduler solution for all teams to keep the operational costs as low as possible.
Which of the following solution designs will you suggest to address these requirements?
A. Set up separate Lambda functions to provision and terminate the Elastic Beanstalk environment. Configure a Lambda execution role granting the required Elastic Beanstalk environment permissions and assign the role to the Lambda functions. Configure cron expression based Amazon CloudWatch Events rules to trigger the Lambda functions.
B. Provision an EC2 Micro instance. Configure an IAM role with the required Elastic Beanstalk environment permissions and attach it to the instance profile. Create scripts on the instance to provision and terminate the Elastic Beanstalk environment Set up cron jobs on the instance to execute the scripts.
C. Leverage the activity task of an AWS Step Function to provision and terminate the Elastic Beanstalk environment Create a role for the Step Function to allow it to provision and terminate the Elastic Beanstalk environment Execute the Step Function daily and use the “wait state” to control the start and stop time.
D. Configure the Elastic Beanstalk environment to use custom commands in the EC2 instance user data. Leverage the scheduled action for an Auto Scaling group to scale-out EC2 instances in the morning and scale-in the instance count to 0 to terminate the EC2 instances at the end of the day.
Correct Answer
A. Set up separate Lambda functions to provision and terminate the Elastic Beanstalk environment. Configure a Lambda execution role granting the required Elastic Beanstalk environment permissions and assign the role to the Lambda functions. Configure cron expression based Amazon CloudWatch Events rules to trigger the Lambda functions.
Question 622
Exam Question
A digital marketing company uses S3 to store artifacts that may only be accessible to an EC2 instance x in a given VPC. The security team at the company is apprehensive about an attack vector wherein any team member with access to this instance could also set up an EC2 instance in another VPC to access these artifacts.
As an AWS Certified Solutions Architect Professional, which of the following solutions will you recommend to prevent such unauthorized access to the artifacts in S3?
A. Configure an S3 VPC endpoint and create an S3 bucket policy to allow access only from this VPC endpoint.
B. Set up a highly restricted Security Group for the EC2 instance X and create an S3 bucket policy to allow access only from this Security Group.
C. Set up an IAM role that allows access to the artifacts in S3 and create an S3 bucket policy to allow access only from this role attached to the instance profile.
D. Attach an Elastic IP to the EC2 instance X and create an S3 bucket policy to allow access only from this Elastic IP.
Correct Answer
A. Configure an S3 VPC endpoint and create an S3 bucket policy to allow access only from this VPC endpoint.
Question 623
Exam Question
A multi-national digital media company wants to exit out of the business of owning and maintaining its own IT infrastructure so it can redeploy resources toward innovation in Artificial Intelligence and other areas to create a better customer experience. As part of this digital transformation the media company wants to archive about 9 PB of data in its on-premises data center to durable long term storage.
As a Solutions Architect Professional, what is your recommendation to migrate and store this data in the quickest and MOST cost-optimal way?
A. Transfer the on-premises data into a Snowmobile device Copy the Snowmobile data into Amazon S3 and create a lifecycle policy to transition the data into AWS Glacier.
B. Transfer the on-premises data into multiple Snowball Edge Storage Optimized devices Copy the Snowball Edge data directly into AWS Glacier.
C. Transfer the on-premises data into multiple Snowball Edge Storage Optimized devices Copy the Snowball Edge data into Amazon S3 and create a lifecycle policy to transition the data into AWS Glacier.
D. Transfer the on-premises data into a Snowmobile device. Copy the Snowmobile data directly into AWS Glacier.
Correct Answer
C. Transfer the on-premises data into multiple Snowball Edge Storage Optimized devices Copy the Snowball Edge data into Amazon S3 and create a lifecycle policy to transition the data into AWS Glacier.
Question 624
Exam Question
An e-commerce company wants to test its blue-green deployment on the customer base in the next couple of days. Most of the customers use mobile phones which are prone to DNS caching. The company has only two days left before the big sale will be launched.
As a Solutions Architect Professional, which of the following methods would you suggest to test the deployment on as many users as possible in the given time frame?
A. Use Elastic Load Balancer to distribute traffic across deployments.
B. Use Route 53 weighted routing to spread traffic across different deployments.
C. Use AWS CodeDeploy deployment options to choose the right deployment.
D. Use AWS Global Accelerator to distribute a portion of traffic to a particular deployment.
Correct Answer
D. Use AWS Global Accelerator to distribute a portion of traffic to a particular deployment.
Question 625
Exam Question
A web development studio runs hundreds of Proof-of-Concept (PoC) and demo applications on virtual machines running on an on-premises server. Many of the applications are simple PHP, JavaScript or Python web applications which are no longer actively developed and serve little traffic.
As a Solutions Architect Professional, which of the following approaches would you suggest to migrate these applications to AWS with the LOWEST infrastructure cost and LEAST migration effort?
A. Leverage AWS Server Migration Service (SMS) to create AMis for each virtual machine and run each application on a dedicated EC2 instance.
B. Migrate the application code to use a serverless stack comprising of Lambda functions and DynamoDB.
C. Leverage VM Import/Export to create AMis for each virtual machine and run them in single-instance AWS Elastic Beanstalk environments by configuring a custom image.
D. Dockerize each application and then deploy to an ECS cluster running behind an Application Load Balancer.
Correct Answer
D. Dockerize each application and then deploy to an ECS cluster running behind an Application Load Balancer.
Question 626
Exam Question
A company runs a proprietary stateless ETL application on an Amazon EC2 Linux instances. The application is a Linux binary, and the source code cannot be modified. The application is single-threaded, uses 2 GB of RAM, and is highly CPU intensive. The application is scheduled to run every 4 hours and runs for up to 20 minutes. A solutions architect wants to revise the architecture for the solution.
Which strategy should the solutions architect use?
A. Use AWS Lambda to run the application. Use Amazon CloudWatch Logs to invoke the Lambda function every 4 hours.
B. Use AWS Batch to run the application. Use an AWS Step Functions state machine to invoke the AWS Batch job every 4 hours.
C. Use AWS Fargate to run the application. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke the Fargate task every 4 hours.
D. Use Amazon EC2 Spot Instances to run the application. Use AWS CodeDeploy to deploy and run the application every 4 hours.
Correct Answer
C. Use AWS Fargate to run the application. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke the Fargate task every 4 hours.
Question 627
Exam Question
A project uses two AWS accounts for accessing various AWS services. The engineering team has just configured an Amazon S3 bucket in the first AWS account for writing data from the Amazon Redshift cluster provisioned in the second AWS account. The team has noticed that the files created in the S3 bucket using UNLOAD command from the Redshift cluster are not accessible to the users present in the same AWS account as the S3 bucket.
What could be the reason for this denial of permission for resources belonging to the same AWS account?
A. By default an S3 object is owned by the AWS account that uploaded it So the S3 bucket owner will not implicitly have access to the objects written by Redshift cluster.
B. When objects are uploaded to S3 bucket from a different AWS account the S3 bucket owner will get implicit permissions to access these objects. It is an upload error that can be fixed by providing manual access from AWS console.
C. When two different AWS accounts are accessing an S3 bucket, both the accounts need to share the bucket policies, explicitly defining the actions possible for each account An erroneous policy can lead to such permission failures.
D. The owner of an S3 bucket has implicit access to all objects in his bucket Permissions are set on objects after they are completely copied to the target location Since the owner is unable to access the uploaded files, it is possible that the write operation is still in progress.
Correct Answer
A. By default an S3 object is owned by the AWS account that uploaded it So the S3 bucket owner will not implicitly have access to the objects written by Redshift cluster.
Question 628
Exam Question
A retail company has structured its AWS accounts to be part of an organization in AWS Organizations. The company has set up consolidated billing and has mapped its departments to the following OUs: Finance, Sales, Human Resources (HR), Marketing, and Operations. Each OU has multiple AWS accounts, one for each environment within a department. These environments are development, test, pre-production, and production.
The HR department is releasing a new system that will launch in 3 months. In preparation, the HR department has purchased several Reserved Instances (RIs) in its production AWS account. The HR department will install the new application on this account. The HR department wants to make sure that other departments cannot share the RI discounts.
Which solution will meet these requirements?
A. In the AWS Billing and Cost Management console for the HR department’s production account turn off RI sharing.
B. Remove the HR department’s production AWS account from the organization. Add the account 10 the consolidating billing configuration only.
C. In the AWS Billing and Cost Management console. use the organization’s management account 10 turn off RI Sharing for the HR departments production AWS account.
D. Create an SCP in the organization to restrict access to the RIs. Apply the SCP to the OUs of the other departments.
Correct Answer
C. In the AWS Billing and Cost Management console. use the organization’s management account 10 turn off RI Sharing for the HR departments production AWS account.
Question 629
Exam Question
A gaming company runs its flagship application with an SLA of 99.99%. Global users access the application 24/7. The application is currently hosted on the on-premises data centers and it routinely fails to meet its SLA, especially when hundreds of thousands of users access the application concurrently. The engineering team has also received complaints from some users about high latency.
As a Solutions Architect Professional, how would you redesign this application for scalability and also allow for automatic failover at the lowest possible cost?
A. Configure Route 53 latency-based routing to route to the nearest Region and activate the health checks. Host the website on S3 in each Region and use API Gateway with AWS Lambda for the application layer. Set up the data layer using DynamoDB global tables with DAX for caching.
B. Configure Route 53 geolocation-based routing to route to the nearest Region and activate the health checks. Host the website behind a Network Load Balancer. (NLB) with targets as ECS containers using Fargate. Repeat this configuration of NLB with ECS containers using Fargate in multiple Regions. Use Aurora Global database as the data layer.
C. Configure a combination of Route 53 failover routing with geolocation-based routing. Host the website behind an Application Load Balancer (ALB) with targets as EC2 instances that are automatically scaled via Auto-Scaling Group (ASG). Repeat this configuration of ALB with EC2 instances as targets that are scaled via ASG in multiple Regions. Use a Multi-AZ deployment with RDS MySQL as the data layer.
D. Configure Route 53 round-robin routing policy to distribute load evenly across all Regions and activate the health checks. Host the website behind a Network Load to Balancer (NLB) with targets as ECS containers using Fargate. Repeat this configuration of NLB with ECS containers using Fargate in multiple Regions. Use Aurora Global database as the data layer.
Correct Answer
A. Configure Route 53 latency-based routing to route to the nearest Region and activate the health checks. Host the website on S3 in each Region and use API Gateway with AWS Lambda for the application layer. Set up the data layer using DynamoDB global tables with DAX for caching.
Question 630
Exam Question
A company has an asynchronous HTTP application that is hosted as an AWS Lambda function. A public Amazon API Gateway endpoint invokes the Lambda function. The Lambda function and the API Gateway endpoint reside in the us-east-1 Region. A solutions architect needs to redesign the application to support failover to another AWS Region.
Which solution will meet these requirements?
A. Create an API Gateway endpoint in the us-west-2 Region to direct traffic to the Lambda function in us-east-1. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.
B. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure API Gateway to direct traffic to the SQS queue instead of to the Lambda function. Configure the Lambda function to pull messages from the queue for processing.
C. Deploy the Lambda function to the us-west-2 Region. Create an API Gateway endpoint in us-west-2 10 direct traffic to the Lambda function in us-west-2. Configure AWS Global Accelerator and an Application Load Balancer to manage traffic across the two API Gateway endpoints.
D. Deploy the Lambda function and an API Gateway endpoint to the us-west-2 Region. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.
Correct Answer
D. Deploy the Lambda function and an API Gateway endpoint to the us-west-2 Region. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.