Looking for Amazon SAP-C02 Practice Questions? Rejoice because you have reached your destination. Amazonawsdumps.com have prepared a special kind of test material that alters according to the individual candidate’s skillset. Our smart system presents Amazon SAP-C02 Question Answers exactly like they are in the actual exam. We report your progress at the end of each test to ensures 100% success.
| Demo | $49 | Add to cart | |
| Test Engine | Demo | $59 | Add to cart |
| PDF + Test Engine | $69 | Add to cart |
Here are some more features of Amazon SAP-C02 PDF:
| 508 questions with answers | Updation Date : 21 May, 2025 |
| Unlimited practice questions | Routinely Daily Updates |
| Takes Just 1 Day to Prepare Exam | Passing Guaranteed at First Go |
| Money-Back Facility | 3 Months Free Updates |
By using this credential, certified professionals can demonstrate their advanced knowledge and abilities in automating manual operations, maximizing security, cost, and performance, and giving complicated solutions to difficult challenges. Through this certification, firms may find and cultivate talent that possesses these vital abilities for putting cloud projects into action.
At Amazonawsdumps.com, we work day and night to give our clients the best and most accurate AWS SAP-C02 exam material. We have a 100% success rate, millions of positive evaluations, and a solid reputation as a trustworthy exam dumps website. You can obtain in-depth knowledge of the SAP-C02 exam as well as practical experience. All you have to do to ace the exam and get the best grades is get our AMAZON AWS SAP-C02 pdf guide.
You can get free updates for the SAP-C02 Exam if you purchase braindumps from Amazonawsdumps.com. These upgrades are available to you for three months. You can easily use our AWS Certified Solutions Architect - Professional Certification dumps on a desktop, laptop, tablet, or smartphone. Customer service for inquiries and problems with the SAP-C02 Dumps PDF 24 hours a day, 7 days a week. Money-back guarantee and a 100% success rate. Obtain your SAP-C02 PDF test questions right now.
The ideal applicant is certified by AWS and has at least two years of experience building and implementing cloud-based systems. This rival might evaluate the demands made on cloud apps and offer architecture recommendations for sending usages to AWS. The aspirational newcomer may also offer expert guidance on designing a strategy that incorporates a variety of apps and services inside a complex organization.
You must answer as many questions as possible on this exam, as missing a question will result in a zero. Incorrect responses will not be penalized.
You can be sure that the SAP-C02 Dumps PDF from Amazonawsdumps.com will help you pass the test. However, we will set you up with a complete refund if you use our products and don't pass the SAP-C02 exam on your first try. Just provide us with your SAP-C02 score report and any relevant documentation. Our staff will promptly transfer the entire amount of your legitimate funds when your information has been validated.
In today’s world, you need the validation of your skills to get past the competition. Amazon SAP-C02 Exam is that validation. Not only is Amazon a leading industry in IT but it also offers certification exams to prove Amazon's skills. These skills prove you capable of fulfilling the Amazon job role. To get certified you simply pass the SAP-C02 Exam. This brings us to Amazon SAP-C02 Question Answers set. Passing this certification exam from Amazon may seem easy but it’s not. Many students fail this exam only because they didn’t take it seriously. Don’t make this mistake and order your Amazon SAP-C02 Braindumps right now!
Amazonawsdumps.com is the most popular and reliable website that has helped thousands of candidates excel at Amazon Exams. You could be one of those fortunate few too. Pass your exam in one attempt with Amazon SAP-C02 PDF and own the future. Buy Now!
We know we said passing amazon exams is hard but that’s only if you’ve been led astray. There are millions of Amazon SAP-C02 Practice Questions available online promising success but fail when it comes down to it. Choose your training material carefully and get Amazon SAP-C02 Question Answers that are valid, accurate, and approved by famous IT professionals. Our Amazon SAP-C02 Braindumps are created by experts for experts and generate first-class results in just a single attempt. Don’t believe us? Try our free demo version that contains all the features you’ll get with Amazon SAP-C02 PDF. An interactive design, easy to read format, understandable language, and concise pattern. And if you still don’t get the result you want and fail somehow, you get your money back in full. So, order your set of Amazon SAP-C02 Dumps now!
We promise our customers to take full responsibility for their learning, preparation and passing SAP-C02 Exams without a hunch. Our aim is your satisfaction and ease. That is why we demand only the reasonable cost on Amazon SAP-C02 Practice Questions. Moreover, offer 2 formats: PDF and online test engine. Also, there is always a little extra with our discount coupons.
Amazonawsdumps.com the team is a bunch of experts who got lucky with Amazon SAP-C02 Braindumps. We got what we needed to pass the exam and we went through its challenges as well. That is why we want every Amazon Candidate to get success. Choosing among so many options of Amazon SAP-C02 PDF is a tricky situation. Sometimes they don’t turn out like they first appeared to be. That is the reason we offer our valued customers a free demo. They can get a test run of Amazon SAP-C02 Dumps before they buy it. When it comes to buying, the procedure is simple, secure, and hardly jeopardizing. Because our Amazon SAP-C02 Practice Questions have a 99.8% passing rate.
A company is planning a migration from an on-premises data center to the AWS cloud. Thecompany plans to use multiple AWS accounts that are managed in an organization in AWSorganizations. The company will cost a small number of accounts initially and will addaccounts as needed. A solution architect must design a solution that turns on AWSaccounts.What is the MOST operationally efficient solution that meets these requirements.
A. Create an AWS Lambda function that creates a new cloudTrail trail in all AWS accountin the organization. Invoke the Lambda function dally by using a scheduled action inAmazon EventBridge.
B. Create a new CloudTrail trail in the organizations management account. Configure the trail to log all events for all AYYS accounts in the organization.
C. Create a new CloudTrail trail in all AWS accounts in the organization. Create new trailswhenever a new account is created.
D. Create an AWS systems Manager Automaton runbook that creates a cloud trail in allAWS accounts in the organization. Invoke the automation by using Systems Manager StateManager.
ANSWER : B
A company wants to migrate an Amazon Aurora MySQL DB cluster from an existing AWSaccount to a new AWS account in the same AWS Region. Both accounts are members ofthe same organization in AWS Organizations.The company must minimize database service interruption before the company performsDNS cutover to the new database.Which migration strategy will meet this requirement?
A. Take a snapshot of the existing Aurora database. Share the snapshot with the new AWSaccount. Create an Aurora DB cluster in the new account from the snapshot.
B. Create an Aurora DB cluster in the new AWS account. Use AWS Database MigrationService (AWS DMS) to migrate data between the two Aurora DB clusters.
C. Use AWS Backup to share an Aurora database backup from the existing AWS accountto the new AWS account. Create an Aurora DB cluster in the new AWS account from thesnapshot.
D. Create an Aurora DB cluster in the new AWS account. Use AWS Application MigrationService to migrate data between the two Aurora DB clusters.
ANSWER : B
A company has a web application that uses Amazon API Gateway. AWS Lambda andAmazon DynamoDB A recent marketing campaign has increased demand Monitoringsoftware reports that many requests have significantly longer response times than beforethe marketing campaignA solutions architect enabled Amazon CloudWatch Logs for API Gateway and noticed thaterrors are occurring on 20% of the requests. In CloudWatch. the Lambda function.Throttles metric represents 1% of the requests and the Errors metric represents 10% of therequests Application logs indicate that, when errors occur there is a call to DynamoDBWhat change should the solutions architect make to improve the current response times asthe web application becomes more popular'?
A. Increase the concurrency limit of the Lambda function
B. Implement DynamoDB auto scaling on the table
C. Increase the API Gateway throttle limit
D. Re-create the DynamoDB table with a better-partitioned primary index.
ANSWER : B
A company use an organization in AWS Organizations to manage multiple AWS accounts.The company hosts some applications in a VPC in the company's snared services account.The company has attached a transit gateway to the VPC in the Shared services account.The company is developing a new capability and has created a development environmentthat requires access to the applications that are in the snared services account. Thecompany intends to delete and recreate resources frequently in the development account.The company also wants to give a development team the ability to recreate the team'sconnection to the shared services account as required.Which solution will meet these requirements?
A. Create a transit gateway in the development account. Create a transit gateway peeringrequest to the shared services account. Configure the snared services transit gateway toautomatically accept peering connections.
B. Turn on automate acceptance for the transit gateway in the shared services account.Use AWS Resource Access Manager (AWS RAM) to share the transit gateway resource inthe shared services account with the development account. Accept the resource in tie development account. Create a transit gateway attachment in the development account.
C. Turn on automate acceptance for the transit gateway in the shared services account.Create a VPC endpoint. Use the endpoint policy to grant permissions on the VPC endpointfor the development account. Configure the endpoint service to automatically acceptconnection requests. Provide the endpoint details to the development team.
D. Create an Amazon EventBridge rule to invoke an AWS Lambda function that acceptsthe transit gateway attachment value the development account makes an attachmentrequest. Use AWS Network Manager to store. The transit gateway in the shared servicesaccount with the development account. Accept the transit gateway in the developmentaccount.
ANSWER : B
A company uses AWS Organizations AWS account. A solutions architect must design asolution in which only administrator roles are allowed to use IAM actions. However thesolutions archited does not have access to all the AWS account throughout the company.Which solution meets these requirements with the LEAST operational overhead?
A. Create an SCP that applies to at the AWS accounts to allow I AM actions only foradministrator roles. Apply the SCP to the root OLI.
B. Configure AWS CloudTrai to invoke an AWS Lambda function for each event that isrelated to 1AM actions. Configure the function to deny the action. If the user who invokedthe action is not an administator.
C. Create an SCP that applies to all the AWS accounts to deny 1AM actions for all usersexcept for those with administrator roles. Apply the SCP to the root OU.
D. Set an 1AM permissions boundary that allows 1AM actions. Attach the permissionsboundary to every administrator role across all the AWS accounts.
ANSWER : A
A company runs an unauthenticated static website (www.example.com) that includes aregistration form for users. The website uses Amazon S3 for hosting and uses AmazonCloudFront as the content delivery network with AWS WAF configured. When theregistration form is submitted, the website calls an Amazon API Gateway API endpoint thatinvokes an AWS Lambda function to process the payload and forward the payload to anexternal API call.During testing, a solutions architect encounters a cross-origin resource sharing (CORS)error. The solutions architect confirms that the CloudFront distribution origin has theAccess-Control-Allow-Origin header set to www.example.com.What should the solutions architect do to resolve the error?
A. Change the CORS configuration on the S3 bucket. Add rules for CORS to the AllowedOrigin element for www.example.com.
B. Enable the CORS setting in AWS WAF. Create a web ACL rule in which the Access-Control-Allow-Origin header is set to www.example.com.
C. Enable the CORS setting on the API Gateway API endpoint. Ensure that the APIendpoint is configured to return all responses that have the Access-Control -Allow-Originheader set to www.example.com.
D. Enable the CORS setting on the Lambda function. Ensure that the return code of thefunction has the Access-Control-Allow-Origin header set to www.example.com.
ANSWER : C
A company runs an unauthenticated static website (www.example.com) that includes aregistration form for users. The website uses Amazon S3 for hosting and uses AmazonCloudFront as the content delivery network with AWS WAF configured. When theregistration form is submitted, the website calls an Amazon API Gateway API endpoint thatinvokes an AWS Lambda function to process the payload and forward the payload to anexternal API call.During testing, a solutions architect encounters a cross-origin resource sharing (CORS)error. The solutions architect confirms that the CloudFront distribution origin has theAccess-Control-Allow-Origin header set to www.example.com.What should the solutions architect do to resolve the error?
A. Change the CORS configuration on the S3 bucket. Add rules for CORS to the AllowedOrigin element for www.example.com.
B. Enable the CORS setting in AWS WAF. Create a web ACL rule in which the Access-Control-Allow-Origin header is set to www.example.com.
C. Enable the CORS setting on the API Gateway API endpoint. Ensure that the APIendpoint is configured to return all responses that have the Access-Control -Allow-Originheader set to www.example.com.
D. Enable the CORS setting on the Lambda function. Ensure that the return code of thefunction has the Access-Control-Allow-Origin header set to www.example.com.
ANSWER : C
A company that develops consumer electronics with offices in Europe and Asia has 60 TBof software images stored on premises in Europe The company wants to transfer theimages to an Amazon S3 bucket in the ap-northeast-1 Region New software images arecreated daily and must be encrypted in transit The company needs a solution that does notrequire custom development to automatically transfer all existing and new software imagesto Amazon S3What is the next step in the transfer process?
A. Deploy an AWS DataSync agent and configure a task to transfer the images to the S3bucket
B. Configure Amazon Kinesis Data Firehose to transfer the images using S3 TransferAcceleration
C. Use an AWS Snowball device to transfer the images with the S3 bucket as the target
D. Transfer the images over a Site-to-Site VPN connection using the S3 API with multipartupload
ANSWER : A
A company has developed an application that is running Windows Server on VMwarevSphere VMs that the company hosts on premises The application data is stored in aproprietary format that must be read through the application The company manuallyprovisioned the servers and the applicationAs part of its disaster recovery plan, the company wants the ability to host its application onAWS temporarily if the company's on-premises environment becomes unavailable Thecompany wants the application to return to on-premises hosting after a disaster recoveryevent is complete The RPO is 5 minutes.Which solution meets these requirements with the LEAST amount of operationaloverhead?
A. Configure AWS DataSync Replicate the data to Amazon Elastic Block Store (AmazonEBS) volumes When the on-premises environment is unavailable, use AWS Cloud Formation templates to provision Amazon EC2 instances and attach the EBS volumes
B. Configure AWS Elastic Disaster Recovery Replicate the data to replication Amazon EC2instances that are attached to Amazon Elastic Block Store (Amazon EBS) volumes Whenthe on-premises environment is unavailable use Elastic Disaster Recovery to launch EC2instances that use the replicated volumes
C. Provision an AWS Storage Gateway file gateway. Replicate the data to an Amazon S3bucket When the on-premises environment is unavailable, use AWS Backup to restore thedata to Amazon Elastic Block Store (Amazon EBS) volumes and launch Amazon EC2instances from these EBS volumes
D. Provision an Amazon FSx for Windows File Server file system on AWS Replicate thedata to the file system When the on-premises environment is unavailable, use AWS CloudFormat ion templates to provision Amazon EC2 instances and use AWS CloudFormationInit commands to mount the Amazon FSx file shares
ANSWER : B
A delivery company is running a serverless solution in tneAWS Cloud The solutionmanages user data, delivery information and past purchase details The solution consists ofseveral microservices The central user service stores sensitive data in an AmazonDynamoDB table Several of the other microservices store a copy of parts of the sensitivedata in different storage servicesThe company needs the ability to delete user information upon request As soon as thecentral user service deletes a user every other microservice must also delete its copy of the data immediatelyWhich solution will meet these requirements?
A. Activate DynamoDB Streams on the DynamoDB table Create an AWS Lambda triggerfor the DynamoDB stream that will post events about user deletion in an Amazon SimpleQueue Service (Amazon SQS) queue Configure each microservice to poll the queue anddelete the user from the DynamoDB table
B. Set up DynamoDB event notifications on the DynamoDB table Create an AmazonSimple Notification Service (Amazon SNS) topic as a target for the DynamoDB eventnotification Configure each microservice to subscribe to the SNS topic and to delete theuser from the DynamoDB table
C. Configure the central user service to post an event on a custom Amazon EventBridgeevent bus when the company deletes a user Create an EventBndge rule for eachmicroservice to match the user deletion event pattern and invoke logic in the microserviceto delete the user from the DynamoDB table
D. Configure the central user service to post a message on an Amazon Simple QueueService (Amazon SQS) queue when the company deletes a user Configure eachmicroservice to create an event filter on the SQS queue and to delete the user from theDynamoDB table
ANSWER : C
A company needs to improve the security of its web-based application on AWS. Theapplication uses Amazon CloudFront with two custom origins. The first custom origin routesrequests to an Amazon API Gateway HTTP API. The second custom origin routes traffic to an Application Load Balancer (ALB) The application integrates with an OpenlD Connect(OIDC) identity provider (IdP) for user management.A security audit shows that a JSON Web Token (JWT) authorizer provides access to theAPI The security audit also shows that the ALB accepts requests from unauthenticatedusersA solutions architect must design a solution to ensure that all backend services respond toonly authenticated usersWhich solution will meet this requirement?
A. Configure the ALB to enforce authentication and authorization by integrating the ALBwith the IdP Allow only authenticated users to access the backend services
B. Modify the CloudFront configuration to use signed URLs Implement a permissive signingpolicy that allows any request to access the backend services
C. Create an AWS WAF web ACL that filters out unauthenticated requests at the ALB level.Allow only authenticated traffic to reach the backend services.
D. Enable AWS CloudTrail to log all requests that come to the ALB Create an AWSLambda function to analyze the togs and block any requests that come fromunauthenticated users.
ANSWER : A
A company has multiple lines of business (LOBs) that toll up to the parent company. Thecompany has asked its solutions architect to develop a solution with the followingrequirements • Produce a single AWS invoice for all of the AWS accounts used by its LOBs.• The costs for each LOB account should be broken out on the invoice• Provide the ability to restrict services and features in the LOB accounts, as defined by thecompany's governance policy• Each LOB account should be delegated full administrator permissions regardless of thegovernance policyWhich combination of steps should the solutions architect take to meet theserequirements'? (Select TWO.)
A. Use AWS Organizations to create an organization in the parent account for each LOBThen invite each LOB account to the appropriate organization
B. Use AWS Organizations to create a single organization in the parent account Then,invite each LOB's AWS account lo join the organization.
C. Implement service quotas to define the services and features that are permitted andapply the quotas to each LOB. as appropriate
D. Create an SCP that allows only approved services and features then apply the policy tothe LOB accounts
E. Enable consolidated billing in the parent account's billing console and link the LOB accounts
ANSWER : B,E
A company runs a software-as-a-service <SaaS) application on AWS The applicationconsists of AWS Lambda functions and an Amazon RDS for MySQL Multi-AZ databaseDuring market events the application has a much higher workload than normal Users noticeslow response times during the peak periods because of many database connections Thecompany needs to improve the scalable performance and availability of the databaseWhich solution meets these requirements'?
A. Create an Amazon CloudWatch alarm action that triggers a Lambda function to add anAmazon RDS for MySQL read replica when resource utilization hits a threshold
B. Migrate the database to Amazon Aurora, and add a read replica Add a databaseconnection pool outside of the Lambda handler function
C. Migrate the database to Amazon Aurora and add a read replica Use Amazon Route 53weighted records
D. Migrate the database to Amazon Aurora and add an Aurora Replica Configure AmazonRDS Proxy to manage database connection pools
ANSWER : D
A solutions architect is creating an AWS CloudFormation template from an existingmanually created non-production AWS environment The CloudFormation template can bedestroyed and recreated as needed The environment contains an Amazon EC2 instanceThe EC2 instance has an instance profile that the EC2 instance uses to assume a role in aparent accountThe solutions architect recreates the role in a CloudFormation template and uses the samerole name When the CloudFormation template is launched in the child account, the EC2instance can no longer assume the role in the parent account because of insufficientpermissionsWhat should the solutions architect do to resolve this issue?
A. In the parent account edit the trust policy for the role that the EC2 instance needs toassume Ensure that the target role ARN in the existing statement that allows the stsAssumeRole action is correct Save the trust policy
B. In the parent account edit the trust policy for the role that the EC2 instance needs toassume Add a statement that allows the sts AssumeRole action for the root principal of thechild account Save the trust policy
C. Update the CloudFormation stack again Specify only the CAPABILITY_NAMED_IAMcapability
D. Update the CloudFormation stack again Specify the CAPABIUTYJAM capability and theCAPABILITY_NAMEDJAM capability
ANSWER : A
A company has an application that analyzes and stores image data on premises Theapplication receives millions of new image files every day Files are an average of 1 MB insize The files are analyzed in batches of 1 GB When the application analyzes a batch theapplication zips the images together The application then archives the images as a singlefile in an on-premises NFS server for long-term storageThe company has a Microsoft Hyper-V environment on premises and has computecapacity available The company does not have storage capacity and wants to archive theimages on AWS The company needs the ability to retrieve archived data within t week of arequest.The company has a 10 Gbps AWS Direct Connect connection between its on-premisesdata center and AWS. The company needs to set bandwidth limits and schedule archivedimages to be copied to AWS dunng non-business hours.Which solution will meet these requirements MOST cost-effectively?
A. Deploy an AWS DataSync agent on a new GPU-based Amazon EC2 instance Configurethe DataSync agent to copy the batch of files from the NFS on-premises server to AmazonS3 Glacier Instant Retrieval After the successful copy delete the data from the on-premisesstorage
B. Deploy an AWS DataSync agent as a Hyper-V VM on premises Configure the DataSyncagent to copy the batch of files from the NFS on-premises server to Amazon S3 GlacierDeep Archive After the successful copy delete the data from the on-premises storage
C. Deploy an AWS DataSync agent on a new general purpose Amazon EC2 instanceConfigure the DataSync agent to copy the batch of files from the NFS on-premises serverto Amazon S3 Standard After the successful copy deletes the data from the on-premisesstorage Create an S3 Lifecycle rule to transition objects from S3 Standard to S3 GlacierDeep Archive after 1 day
D. Deploy an AWS Storage Gateway Tape Gateway on premises in the Hyper-Venvironment Connect the Tape Gateway to AWS Use automatic tape creation Specify anAmazon S3 Glacier Deep Archive pool Eject the tape after the batch of images is copied
ANSWER : B
A company is planning to migrate an application from on premises to the AWS Cloud Thecompany will begin the migration by moving the application underlying data storage toAWS The application data is stored on a shared tile system on premises and theapplication servers connect to the shared file system through SMBA solutions architect must implement a solution that uses an Amazon S3 bucket for sharedstorage. Until the application is fully migrated and code is rewritten to use native AmazonS3 APIs the application must continue to have access to the data through SMB Thesolutions architect must migrate the application data to AWS (o its new location while stillallowing the on-premises application to access the dataWhich solution will meet these requirements?
A. Create a new Amazon FSx for Windows File Server file system Configure AWSDataSync with one location for the on-premises file share and one location for the newAmazon FSx file system Create a new DataSync task to copy the data from the onpremisesfile share location to the Amazon FSx file system
B. Create an S3 bucket for the application Copy the data from the on-premises storage to the S3 bucket
C. Deploy an AWS Server Migration Service (AWS SMS) VM to the on-premisesenvironment Use AWS SMS to migrate the file storage server from on premises to anAmazon EC2 instance
D. Create an S3 bucket for the application Deploy a new AWS Storage Gateway filegateway on an on-premises VM Create a new file share that stores data in the S3 bucketand is associated with the file gateway Copy the data from the on-premises storage to thenew file gateway endpoint
ANSWER : D
A company is launching a new online game on Amazon EC2 instances. The game must beavailable globally. The company plans to run the game in three AWS Regions: us-east-1,eu-west-1, and ap-southeast-1. The game's leaderboards. player inventory, and eventstatus must be available across Regions.A solutions architect must design a solution that will give any Region the ability to scale tohandle the load of all Regions. Additionally, users must automatically connect to the Regionthat provides the least latency.Which solution will meet these requirements with the LEAST operational overhead?
A. Create an EC2 Spot Fleet. Attach the Spot Fleet to a Network Load Balancer (NLB) ineach Region. Create an AWS Global Accelerator IP address that points to the NLB. Createan Amazon Route 53 latency-based routing entry for the Global Accelerator IP address.Save the game metadata to an Amazon RDS for MySQL DB instance in each Region. Setup a read replica in the other Regions.
B. Create an Auto Scaling group for the EC2 instances. Attach the Auto Scaling group to aNetwork Load Balancer (NLB) in each Region. For each Region, create an Amazon Route53 entry that uses geoproximity routing and points to the NLB in that Region. Save thegame metadata to MySQL databases on EC2 instances in each Region. Save the gamemetadata to MySQL databases on EC2 instances in each Region. Set up replicationbetween the database EC2 instances in each Region.
C. Create an Auto Scaling group for the EC2 instances. Attach the Auto Scaling group to aNetwork Load Balancer (NLB) in each Region. For each Region, create an Amazon Route53 entry that uses latency-based routing and points to the NLB in that Region. Save thegame metadata to an Amazon DynamoDB global table.
D. Use EC2 Global View. Deploy the EC2 instances to each Region. Attach the instancesto a Network Load Balancer (NLB). Deploy a DNS server on an EC2 instance in eachRegion. Set up custom logic on each DNS server to redirect the user to the Region thatprovides the lowest latency. Save the game metadata to an Amazon Aurora globaldatabase.
ANSWER : C
A company is running its solution on AWS in a manually created VPC. The company isusing AWS CloudFormation to provision other parts of the infrastructure According to anew requirement the company must manage all infrastructure in an automatic wayWhat should the comp any do to meet this new requirement with the LEAST effort?
A. Create a new AWS Cloud Development Kit (AWS CDK) stack that strictly provisions theexisting VPC resources and configuration Use AWS CDK to import the VPC into the stackand to manage the VPC
B. Create a CloudFormation stack set that creates the VPC Use the stack set to import theVPC into the stack
C. Create a new CloudFormation template that strictly provisions the existing VPCresources and configuration From the CloudFormation console, create a new stack byimporting the existing resources
D. Create a new CloudFormation template that creates the VPC Use the AWS ServerlessApplication Model (AWS SAM) CLI to import the VPC
ANSWER : C
A medical company is running a REST API on a set of Amazon EC2 instances The EC2instances run in an Auto Scaling group behind an Application Load Balancer (ALB) TheALB runs in three public subnets, and the EC2 instances run in three private subnets Thecompany has deployed an Amazon CloudFront distribution that has the ALB as the only originWhich solution should a solutions architect recommend to enhance the origin security?
A. Store a random string in AWS Secrets Manager Create an AWS Lambda function forautomatic secret rotation Configure CloudFront to inject the random string as a customHTTP header for the origin request Create an AWS WAF web ACL rule with a string matchrule for the custom header Associate the web ACL with the ALB
B. Create an AWS WAF web ACL rule with an IP match condition of the CloudFront serviceIP address ranges Associate the web ACL with the ALB Move the ALB into the threeprivate subnets
C. Store a random string in AWS Systems Manager Parameter Store Configure ParameterStore automatic rotation for the string Configure CloudFront to inject the random string as acustom HTTP header for the origin request Inspect the value of the custom HTTP header,and block access in the ALB
D. Configure AWS Shield Advanced. Create a security group policy to allow connectionsfrom CloudFront service IP address ranges. Add the policy to AWS Shield Advanced, andattach the policy to the ALB
ANSWER : A
A company creates an AWS Control Tower landing zone to manage and govern a multiaccountAWS environment. The company's security team will deploy preventive controlsand detective controls to monitor AWS services across all the accounts. The security teamneeds a centralized view of the security state of all the accounts.Which solution will meet these requirements'?
A. From the AWS Control Tower management account, use AWS CloudFormationStackSets to deploy an AWS Config conformance pack to all accounts in the organization
B. Enable Amazon Detective for the organization in AWS Organizations Designate oneAWS account as the delegated administrator for Detective
C. From the AWS Control Tower management account, deploy an AWS CloudFormationstack set that uses the automatic deployment option to enable Amazon Detective for theorganization
D. Enable AWS Security Hub for the organization in AWS Organizations Designate oneAWS account as the delegated administrator for Security Hub
ANSWER : D
A software as a service (SaaS) company provides a media software solution to customersThe solution is hosted on 50 VPCs across various AWS Regions and AWS accounts Oneof the VPCs is designated as a management VPC The compute resources in the VPCswork independently The company has developed a new feature that requires all 50 VPCs to be able tocommunicate with each other. The new feature also requires one-way access from eachcustomer's VPC to the company's management VPC The management VPC hosts acompute resource that validates licenses for the media software solutionThe number of VPCs that the company will use to host the solution will continue to increaseas the solution growsWhich combination of steps will provide the required VPC connectivity with the LEASToperational overhead'' (Select TWO.)
A. Create a transit gateway Attach all the company's VPCs and relevant subnets to thetransit gateway
B. Create VPC peering connections between all the company's VPCs
C. Create a Network Load Balancer (NLB) that points to the compute resource for licensevalidation. Create an AWS PrivateLink endpoint service that is available to each customer'sVPC Associate the endpoint service with the NLB
D. Create a VPN appliance in each customer's VPC Connect the company's managementVPC to each customer's VPC by using AWS Site-to-Site VPN
E. Create a VPC peering connection between the company's management VPC and eachcustomer's VPC
ANSWER : A,C
A company wants to migrate virtual Microsoft workloads from an on-premises data centerto AWS The company has successfully tested a few sample workloads on AWS. Thecompany also has created an AWS Site-to-Site VPN connection to a VPC A solutionsarchitect needs to generate a total cost of ownership (TCO) report for the migration of allthe workloads from the data centerSimple Network Management Protocol (SNMP) has been enabled on each VM in the datacenter The company cannot add more VMs m the data center and cannot install additionalsoftware on the VMs The discovery data must be automatically imported into AWSMigration HubWhich solution will meet these requirements?
A. Use the AWS Application Migration Service agentless service and the AWS MigrationHub Strategy Recommendations to generate the TCO report
B. Launch a Windows Amazon EC2 instance Install the Migration Evaluator agentlesscollector on the EC2 instance Configure Migration Evaluator to generate the TCO report
C. Launch a Windows Amazon EC2 instance. Install the Migration Evaluator agentlesscollector on the EC2 instance. Configure Migration Hub to generate the TCO report
D. Use the AWS Migration Readiness Assessment tool inside the VPC Configure MigrationEvaluator to generate the TCO report
ANSWER : A
A company uses AWS Organizations to manage its development environment. Eachdevelopment team at the company has its own AWS account Each account has a singleVPC and CIDR blocks that do not overlap.The company has an Amazon Aurora DB cluster in a shared services account All thedevelopment teams need to work with live data from the DB clusterWhich solution will provide the required connectivity to the DB cluster with the LEASToperational overhead?
A. Create an AWS Resource Access Manager (AWS RAM) resource share tor the DBcluster. Share the DB cluster with all the development accounts
B. Create a transit gateway in the shared services account Create an AWS ResourceAccess Manager (AWS RAM) resource share for the transit gateway Share the transitgateway with all the development accounts Instruct the developers to accept the resourceshare Configure networking.
C. Create an Application Load Balancer (ALB) that points to the IP address of the DBcluster Create an AWS PrivateLink endpoint service that uses the ALB Add permissions toallow each development account to connect to the endpoint service
D. Create an AWS Site-to-Site VPN connection in the shared services account Configurenetworking Use AWS Marketplace VPN software in each development account to connectto the Site-to-Site VPN connection
ANSWER : B
An events company runs a ticketing platform on AWS. The company's customers configureand schedule their events on the platform The events result in large increases of traffic tothe platform The company knows the date and time of each customer's eventsThe company runs the platform on an Amazon Elastic Container Service (Amazon ECS)cluster The ECS cluster consists of Amazon EC2 On-Demand Instances that are in an AutoScaling group. The Auto Scaling group uses a predictive scaling policyThe ECS cluster makes frequent requests to an Amazon S3 bucket to download ticketassets The ECS cluster and the S3 bucket are in the same AWS Region and the sameAWS account Traffic between the ECS cluster and the S3 bucket flows across a NATgatewayThe company needs to optimize the cost of the platform without decreasing the platform'savailabilityWhich combination of steps will meet these requirements? (Select TWO)
A. Create a gateway VPC endpoint for the S3 bucket
B. Add another ECS capacity provider that uses an Auto Scaling group of Spot InstancesConfigure the new capacity provider strategy to have the same weight as the existingcapacity provider strategy
C. Create On-Demand Capacity Reservations for the applicable instance type for the timeperiod of the scheduled scaling policies
D. Enable S3 Transfer Acceleration on the S3 bucket
E. Replace the predictive scaling policy with scheduled scaling policies for the scheduled events
ANSWER : A,B
A company provides a centralized Amazon EC2 application hosted in a single shared VPCThe centralized application must be accessible from client applications running in the VPCsof other business units The centralized application front end is configured with a NetworkLoad Balancer (NLB) for scalability Up to 10 business unit VPCs will need to be connected to the shared VPC Some ot thebusiness unit VPC CIDR blocks overlap with the shared VPC and some overlap with eachother Network connectivity to the centralized application in the shared VPC should beallowed from authorized business unit VPCs onlyWhich network configuration should a solutions architect use to provide connectivity fromthe client applications in the business unit VPCs to the centralized application in the sharedVPC?
A. Create an AWS Transit Gateway Attach the shared VPC and the authorized businessunit VPCs to the transit gateway Create a single transit gateway route table and associateit with all of the attached VPCs Allow automatic propagation of routes from the attachmentsinto the route table Configure VPC routing tables to send traffic to the transit gateway
B. Create a VPC endpoint service using the centralized application NLB and enable theoption to require endpoint acceptance Create a VPC endpoint in each of the business unitVPCs using the service name of the endpoint service. Accept authorized endpoint requestsfrom the endpoint service console.
C. Create a VPC peering connection from each business unit VPC to the shared VPCAccept the VPC peering connections from the shared VPC console Configure VPC routingtables to send traffic to the VPC peering connection
D. Configure a virtual private gateway for the shared VPC and create customer gatewaysfor each of the authorized business unit VPCs Establish a Site-to-Site VPN connection fromthe business unit VPCs to the shared VPC Configure VPC routing tables to send traffic tothe VPN connection
ANSWER : B
Leave a comment
Your email address will not be published. Required fields are marked *