The latest AWS Certified Solutions Architect – Professional SAP-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Professional SAP-C02 exam and earn AWS Certified Solutions Architect – Professional SAP-C02 certification.
Table of Contents
- Question 631
- Exam Question
- Correct Answer
- Question 632
- Exam Question
- Correct Answer
- Question 633
- Exam Question
- Correct Answer
- Question 634
- Exam Question
- Correct Answer
- Question 635
- Exam Question
- Correct Answer
- Question 636
- Exam Question
- Correct Answer
- Question 637
- Exam Question
- Correct Answer
- Question 638
- Exam Question
- Correct Answer
- Question 639
- Exam Question
- Correct Answer
- Question 640
- Exam Question
- Correct Answer
Question 631
Exam Question
A solo entrepreneur is working on a new digital media startup and wants to have a hands-on understanding of the comparative pricing for various storage types available on AWS Cloud. The entrepreneur has created a test file of size 5 GB with some random data. Next, he uploads this test file into AWS S3 Standard storage class, provisions an EBS volume (General Purpose SSD (gp2)) with 50 GB of provisioned storage and copies the test file into the EBS volume, and lastly copies the test file into an EFS Standard Storage filesystem. At the end of the month, he analyses the bill for costs incurred on the respective storage types for the test file.
What of the following represents the correct order of the storage charges incurred for the test file on these three storage types?
A. Cost of test file storage on S3 Standard < Cost of test file storage on EBS < Cost of test file storage on EFS.
B. Cost of test file storage on EBS < Cost of test file storage on S3 Standard < Cost of test file storage on EFS.
C. Cost of test file storage on S3 Standard < Cost of test file storage on EFS < Cost of test file storage on EBS.
D. Cost of test file storage on EFS < Cost of test file storage on S3 Standard < Cost of test file storage on EBS.
Correct Answer
C. Cost of test file storage on S3 Standard < Cost of test file storage on EFS < Cost of test file storage on EBS.
Question 632
Exam Question
A company runs a Java application that has complex dependencies on VMs that are in the company’s data center. The application is stable. but the company wants to modernize the technology stack. The company wants to migrate the application to AWS and minimize the administrative overhead to maintain the servers.
Which solution will meet these requirements with the LEAST code changes?
A. Migrate the application to Amazon Elastic Container Service (Amazon ECS) on AWS Fargate by using AWS App2Container. Store container images in Amazon Elastic Container Registry (Amazon ECR). Grant the ECS task execution role permission 10 access the ECR image repository. Configure Amazon ECS to use an Application Load Balancer (ALB). Use the ALB to interact with the application.
B. Migrate the application code to a container that runs in AWS Lambda. Build an Amazon API Gateway REST API with Lambda integration. Use API Gateway to interact with the application.
C. Migrate the application to Amazon Elastic Kubernetes Service (Amazon EKS) on EKS managed node groups by using AWS App2Container. Store container images in Amazon Elastic Container Registry (Amazon ECR). Give the EKS nodes permission to access the ECR image repository. Use Amazon API Gateway to interact with the application.
D. Migrate the application code to a container that runs in AWS Lambda. Congfiure Lambda to use an Application Load Balancer (ALB). Use the ALB to interact with the application.
Correct Answer
A. Migrate the application to Amazon Elastic Container Service (Amazon ECS) on AWS Fargate by using AWS App2Container. Store container images in Amazon Elastic Container Registry (Amazon ECR). Grant the ECS task execution role permission 10 access the ECR image repository. Configure Amazon ECS to use an Application Load Balancer (ALB). Use the ALB to interact with the application.
Question 633
Exam Question
A Silicon Valley based education technology startup is moving its IT operations from an on-premises data center to AWS Cloud. Its flagship product is a comprehensive learning management system that is offered in three configurations: on-premises, hosted, and fully managed software as a service (SaaS). For its SaaS version, the startup was initially using a major commercial database in a managed-hosting environment. However, this resulted in high licensing costs and required the startup to invest significant resources in day-to-day database management. That’s why it chose to migrate to the open-source MySQL database running on Amazon RDS. The engineering team at the startup is evaluating the Multi-AZ and Read Replica capabilities of RDS MySQL vs Aurora MySQL before they implement the solution in their production environment. The startup has hired you as an AWS Certified Solutions Architect Professional to provide a detailed report on this technical requirement.
Which of the following would you identify as correct regarding the given use-case?(Select three)
A. The primary and standby DB instances are upgraded at the same time for RDS MySQL Multi-AZ. All instances are upgraded at the same time for Aurora MySQL.
B. Read Replicas can be manually promoted to a standalone database instance for RDS MySQL whereas Read Replicas for Aurora MySQL can be promoted to the primary instance.
C. Read Replicas can be manually promoted to a standalone database instance for Aurora MySQL whereas Read Replicas for RDS MySQL can be promoted to the primary instance.
D. Multi-AZ deployments for Aurora MySQL follow synchronous replication whereas. Multi-AZ deployments for RDS MySQL follow asynchronous replication.
E. Multi-AZ deployments for RDS MySQL follow synchronous replication whereas Multi-AZ deployments for Aurora MySQL follow asynchronous replication.
F. Database engine version upgrades happen on primary for Aurora MySQL whereas all instances are updated together for RDS MySQL.
Correct Answer
A. The primary and standby DB instances are upgraded at the same time for RDS MySQL Multi-AZ. All instances are upgraded at the same time for Aurora MySQL.
B. Read Replicas can be manually promoted to a standalone database instance for RDS MySQL whereas Read Replicas for Aurora MySQL can be promoted to the primary instance.
E. Multi-AZ deployments for RDS MySQL follow synchronous replication whereas Multi-AZ deployments for Aurora MySQL follow asynchronous replication.
Question 634
Exam Question
A company developed a pilot application by using AWS Elastic Beanstalk and Java. To save costs during development, the company’s development team deployed the application into a single-instance environment. Recent tests indicate that the application consumes more CPU than expected. CPU utilization is regularly greater than 85%, which causes some performance bottlenecks.
A solutions architect must mitigate the performance issues before the company launches the application to production.
Which solution will meet these requirements with the LEAST operational overhead?
A. Create a new Elastic Beanstalk application. Select a load-balanced environment type. Select all Availability Zones. Add a scale-out rule that will run if the maximum CPU utilization is over 85% for 5 minutes.
B. Create a second Elastic Beanstalk environment. Apply the traffic-splitting deployment policy. Specify a percentage of incoming traffic to direct to the new environment in the average CPU utilization is over 85% for 5 minutes.
C. Modify the existing environment’s capacity configuration to use a load-balanced environment type. Select all Availability Zones. Add a scale-out rule that will run if the average CPU utilization is over 85% for 5 minutes.
D. Select the Rebuild environment action with the load balancing option. Select an Availability Zones. Add a scale-out rule that will run if the sum CPU utilization is over 85% for 5 minutes.
Correct Answer
C. Modify the existing environment’s capacity configuration to use a load-balanced environment type. Select all Availability Zones. Add a scale-out rule that will run if the average CPU utilization is over 85% for 5 minutes.
Question 635
Exam Question
The DevOps team for a CRM SaaS company wants to implement a patching plan on AWS Cloud for a large mixed fleet of Windows and Linux servers. The patching plan has to be auditable and must be implemented securely to ensure compliance with the company’s business requirements.
As a Solutions Architect Professional, which of the following options would you recommend to address these requirements with MINIMAL effort? (Select two)
A. Apply patch baselines using the AWS-RunPatchBaseline SSM document.
B. Set up Systems Manager on all instances to manage patching. Test patches in pre-production and then deploy as a maintenance window task with the appropriate approval.
C. Configure OpsWorks automatic patching support for all applications which will keep the os up-to-date following the initial installation. Set up AWS Config to provide audit and compliance reporting.
D. Set up an OS-native patching service to manage the update frequency and release approval for all instances. Set up AWS Config to provide audit and compliance reporting.
E. Apply patch baselines using the AWS-ApplyPatchBaseline SSM document.
Correct Answer
A. Apply patch baselines using the AWS-RunPatchBaseline SSM document.
B. Set up Systems Manager on all instances to manage patching. Test patches in pre-production and then deploy as a maintenance window task with the appropriate approval.
Question 636
Exam Question
A company is running an application in the AWS Cloud. Recent application metrics show inconsistent response times and a significant increase in error rates. Calls to third-party services are causing the delays. Currently, the application calls third-party services synchronously by directly invoking an AWS Lambda function.
A solutions architect needs to decouple the third-party service calls and ensure that all the calls are eventually completed.
Which solution will meet these requirements?
A. Use an Amazon Simple Queue Service (Amazon SQS) queue to store events and invoke the Lambda function.
B. Use an AWS Step Functions state machine to pass events to the Lambda function.
C. Use an Amazon EventBridge rule to pass events to the Lambda function.
D. Use an Amazon Simple Noti cation Service (Amazon SNS) topic to store events and Invoke the Lambda function.
Correct Answer
A. Use an Amazon Simple Queue Service (Amazon SQS) queue to store events and invoke the Lambda function.
Question 637
Exam Question
A mobility company in Latin America uses Elastic Load Balancing to distribute traffic across multiple Amazon EC2 instances. Auto Scaling groups start and stop Amazon EC2 machines based on the number of incoming requests. The company has recently started operations in a new AWS Region and is setting up an Application Load Balancer for its fleet of EC2 instances spread across two Availability Zones, with one instance as a target in Availability Zone x and four instances as targets in Availability Zone Y. The company is doing benchmarking for server performance in the new Region for the case when cross-zone load balancing is enabled compared to the case when cross-zone load balancing is disabled.
As a Solutions Architect Professional, which of the following traffic distribution outcomes would you identify as correct?
A. With cross-zone load balancing enabled one instance in Availability Zone X receives no traffic and four instances in Availability Zone Y receive 25% traffic each. With cross-zone load balancing disabled, one instance in Availability Zone X receives 50% traffic and four instances in Availability Zone Y receive 12.5% traffic each.
B. With cross-zone load balancing enabled one instance in Availability Zone X receives 20% traffic and four instances in Availability Zone Y receive 20% traffic each. With cross-zone load balancing disabled, one instance in Availability Zone X receives 50% traffic and four instances in Availability Zone Y receive 12.5% traffic each.
C. With cross-zone load balancing enabled one instance in Availability Zone X receives 50% traffic and four instances in Availability Zone Y receive 12.5% traffic each. With cross-zone load balancing disabled one instance in Availability Zone X receives 20% traffic and four instances in Availability Zone Y receive 20% traffic each.
D. With cross-zone load balancing enabled one instance in Availability Zone X receives 20% traffic and four instances in Availability Zone Y receive 20% traffic each. With cross-zone load balancing disabled one instance in Availability Zone X receives no traffic and four instances in Availability Zone Y receive 25% traffic each.
Correct Answer
D. With cross-zone load balancing enabled one instance in Availability Zone X receives 20% traffic and four instances in Availability Zone Y receive 20% traffic each. With cross-zone load balancing disabled one instance in Availability Zone X receives no traffic and four instances in Availability Zone Y receive 25% traffic each.
Question 638
Exam Question
A company has introduced a new policy that allows employees to work remotely from their homes if they connect by using a VPN. The company is hosting internal applications with VPCs in multiple AWS accounts. Currently, the applications are accessible from the company’s on-premises o ce network through an AWS Site-to-Site VPN connection. The VPC in the company’s main AWS account has peering connections established with VPCs in other AWS accounts.
A solutions architect must design a scalable AWS Client VPN solution for employees to use while they work from home.
What is the MOST cost-effective solution that meets these requirements?
A. Create a Client VPN endpoint in each AWS account. Configure required routing that allows access to internal applications.
B. Create a Client VPN endpoint in the main AWS account. Configure required routing that allows access to internal applications.
C. Create a Client VPN endpoint in the main AWS account. Provision a transit gateway that is connected to each AWS account. Configure required routing that allows access to internal applications.
D. Create a Client VPN endpoint in the main AWS account. Establish connectivity between the Client VPN endpoint and the AWS Site-to-Site VPN.
Correct Answer
B. Create a Client VPN endpoint in the main AWS account. Configure required routing that allows access to internal applications.
Question 639
Exam Question
A multi-national retail company wants to modernize its applications and minimize its data center infrastructure. The company wants to explore a hybrid cloud environment with AWS so that it can start leveraging AWS services for some of its data analytics workflows. The engineering team at the retail company wants to establish a dedicated, encrypted, low latency. and high throughput connection between its data center and AWS Cloud. The engineering team has set aside sufficient time to account for the operational overhead of establishing this connection.
Which of the following options represents the MOST optimal solution with the LEAST infrastructure set up required for provisioning the end to end connection?
A. Use AWS Direct Connect to establish a connection between the data center and AWS Cloud.
B. Use site-to-site VPN to establish a connection between the data center and AWS Cloud.
C. Use AWS Direct Connect along with a site-to-site VPN to establish a connection between the data center and AWS Cloud.
D. Use VPC transit gateway to establish a connection between the data center and AWS Cloud.
Correct Answer
C. Use AWS Direct Connect along with a site-to-site VPN to establish a connection between the data center and AWS Cloud.
Question 640
Exam Question
A company has an organization that has many AWS accounts in AWS Organizations. A solutions architect must improve how the company manages common security group rules for the AWS accounts in the organization.
The company has a common set of IP CIDR ranges in an allow list in each AWS account to allow access to and from the company’s on-premises network. Developers within each account are responsible for adding new IP CIDR ranges to their security groups. The security team has its own AWS account. Currently, the security team notifies the owners of the other AWS accounts when changes are made to the allow list.
The solutions architect must design a solution that distributes the common set of CIDR ranges across all accounts.
Which solution meets these requirements with the LEAST amount of operational overhead?
A. Set up an Amazon Simple Noti cation Service (Amazon SNS) topic in the security team’s AWS account. Deploy an AWS Lambda function in each AWS account. Configure the Lambda function to run every time an SNS topic receives a message. Configure the Lambda function to take an IP address as input and add it to a list of security groups in the account. Instruct the security team to distribute changes by publishing messages to its SNS topic.
B. Create new customer-managed pre x lists in each AWS account within the organization. Populate the pre x lists in each account with all internal CIDR ranges. Notify the owner of each AWS account to allow the new customer-managed pre x list IDs in their accounts in their security groups. Instruct the security team to share updates with each AWS account owner.
C. Create a new customer-managed pre x list in the security team’s AWS account. Populate the customer-managed pre x list with all internal CIDR ranges. Share the customer-managed pre x list with the organization by using AWS Resource Access Manager. Notify the owner of each AWS account to allow the new customer-managed pre x list ID in their security groups.
D. Create an IAM role in each account in the organization. Grant permissions to update security groups. Deploy an AWS Lambda function in the security team’s AWS account. Configure the Lambda function to take a list of internal IP addresses as input, assume a role in each organization account, and add the list of IP addresses to the security groups in each account.
Correct Answer
C. Create a new customer-managed pre x list in the security team’s AWS account. Populate the customer-managed pre x list with all internal CIDR ranges. Share the customer-managed pre x list with the organization by using AWS Resource Access Manager. Notify the owner of each AWS account to allow the new customer-managed pre x list ID in their security groups.