AWS Certified Solutions Architect - Professional SAP-C02 Exam Questions and Answers - 9

The latest AWS Certified Solutions Architect – Professional SAP-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Solutions Architect – Professional SAP-C02 exam and earn AWS Certified Solutions Architect – Professional SAP-C02 certification.

Question 801

Exam Question

A company wants to send data from its on-premises systems to Amazon S3 buckets. The company created the S3 buckets in three different accounts. The company must send the data privately without the data traveling across the internet. The company has no existing dedicated connectivity to AWS.

Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

A. Establish a networking account in the AWS Cloud Create a private VPC in the networking account Set up an AWS Direct Connect connection with a private VIF between the on-premises environment and the private VPC

B. Establish a networking account in the AWS Cloud Create a private VPC in the networking account Set up an AWS Direct Connect connection with a public VIF between the on-premises environment and the private VPC

C. Create an Amazon S3 interface endpoint in the networking account

D. Create an Amazon S3 gateway endpoint in the networking account

Correct Answer

D. Create an Amazon S3 gateway endpoint in the networking account

Explanation

Establish a networking account in the AWS Cloud. Create a private VPC in the networking account Peer VPCs from the accounts that host the S3 buckets with the VPC in the network account

Question 802

Exam Question

A company is using multiple AWS accounts. The DNS records are stored in a private hosted zone for Amazon Route 53 in Account A. The company’s applications and databases are running in Account B.

A solutions architect win deploy a two-net application In a new VPC To simplify the configuration, the db.example com CNAME record set tor the Amazon RDS endpoint was created in a private hosted zone for Amazon Route 53.

During deployment, the application failed to start. Troubleshooting revealed that db.example com is not resolvable on the Amazon EC2 instance. The solutions architect confirmed that the record set was created correctly in Route 53.

Which combination of steps should the solutions architect take to resolve this issue? (Select TWO)

A. Use SSH to connect to the application tier EC2 instance Add an RDS endpoint IP address to the /eto/resolv.conf file

B. Associate a new VPC in Account B with a hosted zone in Account A. Delete the association authorization In Account A.

C. Deploy the database on a separate EC2 instance in the new VPC Create a record set for the instance’s private IP in the private hosted zone

D. Create a private hosted zone for the example.com domain m Account B Configure Route 53 replication between AWS accounts

E. Create an authorization lo associate the private hosted zone in Account A with the new VPC In Account B

Correct Answer

B. Associate a new VPC in Account B with a hosted zone in Account A. Delete the association authorization In Account A.

E. Create an authorization lo associate the private hosted zone in Account A with the new VPC In Account B

Question 803

Exam Question

A company has developed a new release of a popular video game and wants to make it available for public download. The new release package is approximately 5 GB in size. The company provides downloads for existing releases from a Linux-based, publicly facing FTP site hosted in an on-premises data center. The company expects the new release will be downloaded by users worldwide. The company wants a solution that provides improved download performance and low transfer costs, regardless of a user’s location.

Which solutions will meet these requirements?

A. Configure Amazon Route 53 and an Amazon S3 bucket for website hosting Upload the game files to the S3 bucket Set Requester Pays for the S3 bucket Publish the game download URL for users to download the package

B. Store the game files on Amazon EFS volumes that are attached to Amazon EC2 instances within an Auto Scaling group Configure an FTP service on each of the EC2 instances Use an Application Load Balancer in front of the Auto Scaling group Publish the game download URL for users to download the package

C. Configure Amazon Route 53 and an Amazon S3 bucket for website hosting Upload the game files to the S3 bucket Use Amazon CloudFront for the website Publish the game download URL for users to download the package.

D. Store the game files on Amazon EBS volumes mounted on Amazon EC2 instances within an Auto Scaling group Configure an FTP service on the EC2 instances Use an Application Load Balancer in front of the Auto Scaling group. Publish the game download URL for users to download the package.

Correct Answer

Question 804

Exam Question

A company has loT sensors that monitor traffic patterns throughout a large city. The company wants to read and collect data from the sensors and perform aggregations on the data.

A solutions architect designs a solution in which the loT devices are streaming to Amazon Kinesis Data Streams. Several applications are reading from the stream. However, several consumers are experiencing throttling and are periodically encountering a ReadProvisionedThroughputExceeded error.

Which actions should the solutions architect take to resolve this issue? (Select THREE.)

A. Use an error retry and exponential backoff mechanism in the consumer logic.

B. Reshard the stream to increase the number of shards in the stream.

C. Use consumers with the enhanced fan-out feature.

D. Configure the stream to use dynamic partitioning.

E. Use the Kinesis Producer Library (KPL). Adjust the polling frequency.

F. Reshard the stream to reduce the number of shards in the stream.

Correct Answer

B. Reshard the stream to increase the number of shards in the stream.

C. Use consumers with the enhanced fan-out feature.

F. Reshard the stream to reduce the number of shards in the stream.

Question 805

Exam Question

A media storage application uploads user photos to Amazon S3 for processing by AWS Lambda functions.

Application state is stored in Amazon DynamoDB tables. Users are reporting that some uploaded photos are not being processed properly. The application developers trace the logs and find that Lambda is experiencing photo processing issues when thousands of users upload photos simultaneously. The issues are the result of Lambda concurrency limits and the performance of DynamoDB when data is saved.

Which combination of actions should a solutions architect take to increase the performance and reliability of the application? (Select TWO.)

A. Add an Amazon ElastiCache layer to increase the performance of Lambda functions.

B. Evaluate and adjust the WCUs for the DynamoDB tables.

C. Use S3 Transfer Acceleration to provide lower latency to users.

D. Evaluate and adjust the RCUs tor the DynamoDB tables.

E. Add an Amazon Simple Queue Service (Amazon SQS) queue and reprocessing logic between Amazon S3 and the Lambda functions.

Correct Answer

B. Evaluate and adjust the WCUs for the DynamoDB tables.

E. Add an Amazon Simple Queue Service (Amazon SQS) queue and reprocessing logic between Amazon S3 and the Lambda functions.

Question 806

Exam Question

A company wants to migrate an application to Amazon EC2 from VMware Infrastructure that runs in an on-premises data center. A solutions architect must preserve the software and configuration settings during the migration.

What should the solutions architect do to meet these requirements?

A. Configure the AWS DataSync agent to start replicating the data store to Amazon FSx for Windows File Server Use the SMB share to host the VMware data store. Use VM Import/Export to move the VMs to Amazon EC2.

B. Use the VMware vSphere client to export the application as an image in Open Virealization Format (OVF) format Create an Amazon S3 bucket to store the image in the destination AWS Region. Create and apply an IAM role for VM Import Use the AWS CLI to run the EC2 import command.

C. Configure AWS Storage Gateway for files service to export a Common Internet File System (CIFSJ share. Create a backup copy to the shared folder. Sign in to the AWS Management Console and create an AMI from the backup copy Launch an EC2 instance that is based on the AMI.

D. Create a managed-instance activation for a hybrid environment in AWS Systems Manager. Download and install Systems Manager Agent on the on-premises VM Register the VM with Systems Manager to be a managed instance Use AWS Backup to create a snapshot of the VM and create an AMI. Launch an EC2 instance that is based on the AMI

Correct Answer

Question 807

Exam Question

A solutions architect is designing a solution to connect a company’s on-premises network with all the company’s current and future VPCs on AWS. The company is running VPCs in five different AWS Regions and has at least 15 VPCs in each Region.

The company’s AWS usage is constantly increasing and will continue to grow Additionally, all the VPCs throughout all five Regions must be able to communicate with each other

The solution must maximize scalability and ease of management

Which solution meets these requirements?

A. Set up a transit gateway in each Region Establish a redundant AWS Site-to-Site VPN connection between the on-premises firewalls and each transit gateway Route traffic between the different Regions through the company’s on-premises firewalls Connect all the VPCs to the transit gateway in their Region

B. Create an AWS CloudFormation template for a redundant AWS Site-to-Site VPN tunnel to the on-premises network Deploy the CloudFormation template for each VPC Set up VPC peering between all the VPCs for VPC-to-VPC communication

C. Create an AWS CloudFormation template for a redundant AWS Site-to-Site VPN tunnel to the on-premises network Deploy the CloudFormation template for each VPC Route traffic between the different Regions through the company’s on-premises firewalls

D. Set up a transit gateway in each Region Establish a redundant AWS Site-to-Site VPN connection between the on-premises firewalls and the transit gateway in the Region that is closest to the on-premises network Peer all the transit gateways with each other Connect all the VPCs to the transit gateway in their Region

Correct Answer

Question 808

Exam Question

A solutions architect has deployed a web application that serves users across two AWS Regions under a custom domain The application uses Amazon Route 53 latency-based routing The solutions architect has associated weighted record sets with a pair of web servers in separate Availability Zones for each Region The solutions architect runs a disaster recovery scenario When all the web servers in one Region are stopped Route 53 does not automatically redirect users to the other Region.

Which of the following are possible root causes of this issue? (Select TWO.)

A. An HTTP health check has not been set up for one or more of the weighted resource record sets associated with the stopped web servers

B. One of the web servers in the secondary Region did not pass its HTTP health check

C. The setting to evaluate target health is not turned on for the latency alias resource record set that is associated with the domain in the Region where the web servers were stopped

D. The weight for the Region where the web servers were stopped is higher than the weight for the other Region

E. Latency resource record sets cannot be used in combination with weighted resource record sets

Correct Answer

A. An HTTP health check has not been set up for one or more of the weighted resource record sets associated with the stopped web servers

C. The setting to evaluate target health is not turned on for the latency alias resource record set that is associated with the domain in the Region where the web servers were stopped

Question 809

Exam Question

A new application is running on Amazon Elastic Container Service (Amazon ECS) with AWS Fargate The application uses an Amazon Aurora MySQL database The application and the database run m the same subnets of a VPC with distinct security groups that are configured.

The password (or the database is stored m AWS Secrets Manager and is passed to the application through the D8_PASSWORD environment variable The hostname of the database is passed to the application through the DB_HOST environment variable The application Is failing to access the database.

Which combination of actions should a solutions architect take to resolve this error? (Select THREE )

A. Ensure that the container has the environment variable with name “DB_HOST” specified with the hostname of the OB duster endpoint.

B. Ensure that the container has the environment variable with name “D8_HOST” specified with the hostname of a DB instance endpoint.

C. Ensure that the container has the environment variable with name “DB_PASSWORD” specified with a
“ValueFrom” and the ARN of the secret

D. Ensure that the Fargate service security group allows inbound network traffic from the Aurora MySQL database on the MySQL TCP port 3306.

E. Ensure that the container has the environment variable with name *D8_PASSWORD” specified with a
“ValueFrom” and the secret name of the secret.

F. Ensure that the Aurora MySQL database security group allows inbound network traffic from the Fargate service on the MySQL TCP port 3306.

Correct Answer

B. Ensure that the container has the environment variable with name “D8_HOST” specified with the hostname of a DB instance endpoint.

C. Ensure that the container has the environment variable with name “DB_PASSWORD” specified with a
“ValueFrom” and the ARN of the secret

F. Ensure that the Aurora MySQL database security group allows inbound network traffic from the Fargate service on the MySQL TCP port 3306.

Question 810

Exam Question

A large company has a business-critical application that runs in a single AWS Region. The application consists of multiple Amazon EC2 instances and an Amazon RDS Multi-AZ DB instance. The EC2 instances run In an Amazon EC2 Auto Scaling group across multiple Availability Zones

A solutions architect is implementing a disaster recovery (DR) plan for the application. The solutions architect has created a pilot light application deployment in a new Region, which is referred to as the DR Region. The DR environment has an Auto Scaling group with a single EC2 instance and a read replica of the RDS DB instance

The solutions architect must automate a failover from the primary application environment to the pilot light environment in the DR Region

Which solution meets these requirements with the MOST operational efficiency”

A. Publish an application availability metric to Amazon CloudWatch in the DR Region from the application environment in the primary Region Create a CloudWatch alarm in the DR Region that is invoked when the application availability metric stops being delivered Configure the CloudWatch alarm to send a notification to an Amazon Simple Notification Service (Amazon SNS) topic in the DR Region Use an AWS Lambda function that is invoked by Amazon SNS in the DR Region to promote the read replica and to add EC2 instances to the Auto Scaling group

B. Publish an application availability metric to Amazon CloudWatch in the DR Region from the application environment in the primary Region Create a CloudWatch alarm in the DR Region that is invoked when the application availability metric stops being delivered Configure the CloudWatch alarm to send a notification to an Amazon Simple Notification Service (Amazon SNS> topic in the DR Region Add an email subscription to the SNS topic that sends messages to the application owner upon notification, instruct a systems operator to sign in to the AWS Management Console and initiate failover operations for the application

C. Create a cron task that runs every 5 minutes by using one of the application’s EC2 instances in the primary Region Configure the cron task to check whether the application is available Upon failure, the cron task modifies the DR environment by promoting the read replica and by adding EC2 instances to the Auto Scaling group

D. Create a cron task that runs every 5 minutes by using one of the application’s EC2 instances in the primary Region Configure the cron task to check whether the application is available Upon failure, the cron task notifies a systems operator and attempts to restart the application services