YOU ARE HERE:

Home All Vendors Amazon AWS Certified Professional SAP-C02

Pass4sure Amazon SAP-C02 Dumps

Get ready to pass your exam right away with Amazon SAP-C02 Practice Questions. These Amazon SAP-C02 PDFs are specially designed to make passing easier without any difficulties!

discount banner
Exam Name:
AWS Certified Solutions Architect - Professional
Exam Code:
SAP-C02
Questions:
508
Update Date
May 16, 2025
PDF + Test Engine
$89 $133.5
Test Engine
$79 $118.5
PDF
$59 $88.5

PASS4SURE – BEST PRACTICE QUESTIONS FOR BEST RESULTS!

According to recent global reports, there is a considerable rise in demand for Amazon AWS Certified Professional certified professionals. Every other professional is on the lookout to better their career. That is the reason why hundreds of candidates apply for the AWS Certified Solutions Architect - Professional Exam every year.

Amazon has topped all other industries in development and progress for the last few years. That’s why they make their SAP-C02 Exam complex and up to the standards of day-to-day job tasks. We sensed the need for an accurate and reliable Pass4Sure Dumps PDF and jumped right in to provide a helping hand to struggling professionals.

If you are also one of the hopeful aspirants of AWS Certified Professional certification, consider buying SAP-C02 Braindumps to pass your exam with distinction. Our experts are working hard daily to give you the best quality AWS Certified Solutions Architect - Professional SAP-C02 Practice Questions. Hundreds of clients have benefitted from Pass4Sure Question Answers, and you can be next.

Pass4Sure team gives 100% for you so you can give your 100% in the exam. With our help, there is no reason left you couldn’t possibly meet your goals. Free SAP-C02 Dumps make passing AWS Certified Professional Exam piece of cake. So, get ready for a glittering IT Career in your near future!

WHY US? – REASONS TO BUY Amazon SAP-C02 QUESTION ANSWERS

Pass4Sure offers an all-encompassing Dumps PDF set. It has everything an SAP-C02 exam candidate needs to pass with an incredible result. We give you a free demo, discounts, free updates for the first three months, and many more. Anyone who wishes to pass the Amazon Exam in the very first attempt must try Pass4Sure SAP-C02 Braindumps.

IT industry can always use a proficient and reliable professional to handle their daily jobs. A professional that is an expert in all required tasks is a much-needed asset to an organization. Employers are looking for professionals like that. And we aim to make you into one of the highest-paid, highly-skilled, and credible professionals. It can be possible with our SAP-C02 Practice Questions. Getting AWS Certified Professional certified is not a far-fetched dream anymore.

Our focus is providing ease to our precious customers, and it shows in our dedication. After a long-and-hard data analysis, Pass4Sure came up with the best solution to aid failing AWS Certified Solutions Architect - Professional candidates. Moreover, we make sure you are not left alone in any step of your training. Our reliable experts stay 24/7 active to help you in your success. With top-class Pass4sure SAP-C02 Question Answers, passing the AWS Certified Solutions Architect - Professional exam is 100% guaranteed.

LET OUR FREE DUMPS BE YOUR BIGGEST ACHIEVEMENT!

Our team has curated the best study materials to ease the process of preparing for IT exams. For example, SAP-C02 Free Dumps are designed to reflect your exam pattern and format to offer real-like stimulation. The material is 100% tested and approved to get you the success you crave. Unlike others, we keep you updated on your progress. Your good and bad points are laid before you as they are. So, you can focus on bettering yourself accordingly.

The whole process is easy-peasy. For example, the website interface is user interactive. Plus, Accessing and downloading the Amazon SAP-C02 Dumps PDF is a matter of just a few clicks.

Pass4sure gives its customers the best, material created with the help of well-known experts, and Practice Questions draw positive results every single time. The SAP-C02 Braindumps are updated daily to avoid any difficulties for customers. The package comes in two different formats to meet different types of clients. PDF for candidates always on the go and online test engine for those who enjoy a real-like experience.

The feedback we receive from our valued customers is proof of our credibility. Our customer care service is always at your beck and call. Leave us an email or a message in the chatbox below, and we will be there for you within seconds.

Pass4sure SAP-C02 dumps

AWS Certified Solutions Architect - Professional

Pass4sure DOP-C02 dumps

AWS Certified DevOps Engineer - Professional

Sample Questions


SAP-C02 Sample Question 1


A company is planning a migration from an on-premises data center to the AWS cloud. The
company plans to use multiple AWS accounts that are managed in an organization in AWS
organizations. The company will cost a small number of accounts initially and will add
accounts as needed. A solution architect must design a solution that turns on AWS
accounts.
What is the MOST operationally efficient solution that meets these requirements.

A. Create an AWS Lambda function that creates a new cloudTrail trail in all AWS accountin the organization. Invoke the Lambda function dally by using a scheduled action inAmazon EventBridge.
B. Create a new CloudTrail trail in the organizations management account. Configure the trail to log all events for all AYYS accounts in the organization.
C. Create a new CloudTrail trail in all AWS accounts in the organization. Create new trailswhenever a new account is created.
D. Create an AWS systems Manager Automaton runbook that creates a cloud trail in allAWS accounts in the organization. Invoke the automation by using Systems Manager StateManager.


ANSWER : B



SAP-C02 Sample Question 2


A company wants to migrate an Amazon Aurora MySQL DB cluster from an existing AWS
account to a new AWS account in the same AWS Region. Both accounts are members of
the same organization in AWS Organizations.
The company must minimize database service interruption before the company performs
DNS cutover to the new database.
Which migration strategy will meet this requirement?

A. Take a snapshot of the existing Aurora database. Share the snapshot with the new AWSaccount. Create an Aurora DB cluster in the new account from the snapshot.
B. Create an Aurora DB cluster in the new AWS account. Use AWS Database MigrationService (AWS DMS) to migrate data between the two Aurora DB clusters.
C. Use AWS Backup to share an Aurora database backup from the existing AWS accountto the new AWS account. Create an Aurora DB cluster in the new AWS account from thesnapshot.
D. Create an Aurora DB cluster in the new AWS account. Use AWS Application MigrationService to migrate data between the two Aurora DB clusters.


ANSWER : B



SAP-C02 Sample Question 3


A company has a web application that uses Amazon API Gateway. AWS Lambda and
Amazon DynamoDB A recent marketing campaign has increased demand Monitoring
software reports that many requests have significantly longer response times than before
the marketing campaign
A solutions architect enabled Amazon CloudWatch Logs for API Gateway and noticed that
errors are occurring on 20% of the requests. In CloudWatch. the Lambda function.
Throttles metric represents 1% of the requests and the Errors metric represents 10% of the
requests Application logs indicate that, when errors occur there is a call to DynamoDB
What change should the solutions architect make to improve the current response times as
the web application becomes more popular'?

A. Increase the concurrency limit of the Lambda function
B. Implement DynamoDB auto scaling on the table
C. Increase the API Gateway throttle limit
D. Re-create the DynamoDB table with a better-partitioned primary index.


ANSWER : B



SAP-C02 Sample Question 4


A company use an organization in AWS Organizations to manage multiple AWS accounts.
The company hosts some applications in a VPC in the company's snared services account.
The company has attached a transit gateway to the VPC in the Shared services account.
The company is developing a new capability and has created a development environment
that requires access to the applications that are in the snared services account. The
company intends to delete and recreate resources frequently in the development account.
The company also wants to give a development team the ability to recreate the team's
connection to the shared services account as required.
Which solution will meet these requirements?

A. Create a transit gateway in the development account. Create a transit gateway peeringrequest to the shared services account. Configure the snared services transit gateway toautomatically accept peering connections.
B. Turn on automate acceptance for the transit gateway in the shared services account.Use AWS Resource Access Manager (AWS RAM) to share the transit gateway resource inthe shared services account with the development account. Accept the resource in tie development account. Create a transit gateway attachment in the development account.
C. Turn on automate acceptance for the transit gateway in the shared services account.Create a VPC endpoint. Use the endpoint policy to grant permissions on the VPC endpointfor the development account. Configure the endpoint service to automatically acceptconnection requests. Provide the endpoint details to the development team.
D. Create an Amazon EventBridge rule to invoke an AWS Lambda function that acceptsthe transit gateway attachment value the development account makes an attachmentrequest. Use AWS Network Manager to store. The transit gateway in the shared servicesaccount with the development account. Accept the transit gateway in the developmentaccount.


ANSWER : B



SAP-C02 Sample Question 5


A company uses AWS Organizations AWS account. A solutions architect must design a
solution in which only administrator roles are allowed to use IAM actions. However the
solutions archited does not have access to all the AWS account throughout the company.
Which solution meets these requirements with the LEAST operational overhead?

A. Create an SCP that applies to at the AWS accounts to allow I AM actions only foradministrator roles. Apply the SCP to the root OLI.
B. Configure AWS CloudTrai to invoke an AWS Lambda function for each event that isrelated to 1AM actions. Configure the function to deny the action. If the user who invokedthe action is not an administator.
C. Create an SCP that applies to all the AWS accounts to deny 1AM actions for all usersexcept for those with administrator roles. Apply the SCP to the root OU.
D. Set an 1AM permissions boundary that allows 1AM actions. Attach the permissionsboundary to every administrator role across all the AWS accounts.


ANSWER : A



SAP-C02 Sample Question 6


A company runs an unauthenticated static website (www.example.com) that includes a
registration form for users. The website uses Amazon S3 for hosting and uses Amazon
CloudFront as the content delivery network with AWS WAF configured. When the
registration form is submitted, the website calls an Amazon API Gateway API endpoint that
invokes an AWS Lambda function to process the payload and forward the payload to an
external API call.
During testing, a solutions architect encounters a cross-origin resource sharing (CORS)
error. The solutions architect confirms that the CloudFront distribution origin has the
Access-Control-Allow-Origin header set to www.example.com.
What should the solutions architect do to resolve the error?

A. Change the CORS configuration on the S3 bucket. Add rules for CORS to the AllowedOrigin element for www.example.com.
B. Enable the CORS setting in AWS WAF. Create a web ACL rule in which the Access-Control-Allow-Origin header is set to www.example.com.
C. Enable the CORS setting on the API Gateway API endpoint. Ensure that the APIendpoint is configured to return all responses that have the Access-Control -Allow-Originheader set to www.example.com.
D. Enable the CORS setting on the Lambda function. Ensure that the return code of thefunction has the Access-Control-Allow-Origin header set to www.example.com.


ANSWER : C



SAP-C02 Sample Question 7


A company runs an unauthenticated static website (www.example.com) that includes a
registration form for users. The website uses Amazon S3 for hosting and uses Amazon
CloudFront as the content delivery network with AWS WAF configured. When the
registration form is submitted, the website calls an Amazon API Gateway API endpoint that
invokes an AWS Lambda function to process the payload and forward the payload to an
external API call.
During testing, a solutions architect encounters a cross-origin resource sharing (CORS)
error. The solutions architect confirms that the CloudFront distribution origin has the
Access-Control-Allow-Origin header set to www.example.com.
What should the solutions architect do to resolve the error?

A. Change the CORS configuration on the S3 bucket. Add rules for CORS to the AllowedOrigin element for www.example.com.
B. Enable the CORS setting in AWS WAF. Create a web ACL rule in which the Access-Control-Allow-Origin header is set to www.example.com.
C. Enable the CORS setting on the API Gateway API endpoint. Ensure that the APIendpoint is configured to return all responses that have the Access-Control -Allow-Originheader set to www.example.com.
D. Enable the CORS setting on the Lambda function. Ensure that the return code of thefunction has the Access-Control-Allow-Origin header set to www.example.com.


ANSWER : C



SAP-C02 Sample Question 8


A company that develops consumer electronics with offices in Europe and Asia has 60 TB
of software images stored on premises in Europe The company wants to transfer the
images to an Amazon S3 bucket in the ap-northeast-1 Region New software images are
created daily and must be encrypted in transit The company needs a solution that does not
require custom development to automatically transfer all existing and new software images
to Amazon S3
What is the next step in the transfer process?

A. Deploy an AWS DataSync agent and configure a task to transfer the images to the S3bucket
B. Configure Amazon Kinesis Data Firehose to transfer the images using S3 TransferAcceleration
C. Use an AWS Snowball device to transfer the images with the S3 bucket as the target
D. Transfer the images over a Site-to-Site VPN connection using the S3 API with multipartupload


ANSWER : A



SAP-C02 Sample Question 9


A company has developed an application that is running Windows Server on VMware
vSphere VMs that the company hosts on premises The application data is stored in a
proprietary format that must be read through the application The company manually
provisioned the servers and the application
As part of its disaster recovery plan, the company wants the ability to host its application on
AWS temporarily if the company's on-premises environment becomes unavailable The
company wants the application to return to on-premises hosting after a disaster recovery
event is complete The RPO is 5 minutes.
Which solution meets these requirements with the LEAST amount of operational
overhead?

A. Configure AWS DataSync Replicate the data to Amazon Elastic Block Store (AmazonEBS) volumes When the on-premises environment is unavailable, use AWS Cloud Formation templates to provision Amazon EC2 instances and attach the EBS volumes
B. Configure AWS Elastic Disaster Recovery Replicate the data to replication Amazon EC2instances that are attached to Amazon Elastic Block Store (Amazon EBS) volumes Whenthe on-premises environment is unavailable use Elastic Disaster Recovery to launch EC2instances that use the replicated volumes
C. Provision an AWS Storage Gateway file gateway. Replicate the data to an Amazon S3bucket When the on-premises environment is unavailable, use AWS Backup to restore thedata to Amazon Elastic Block Store (Amazon EBS) volumes and launch Amazon EC2instances from these EBS volumes
D. Provision an Amazon FSx for Windows File Server file system on AWS Replicate thedata to the file system When the on-premises environment is unavailable, use AWS CloudFormat ion templates to provision Amazon EC2 instances and use AWS CloudFormationInit commands to mount the Amazon FSx file shares


ANSWER : B



SAP-C02 Sample Question 10


A delivery company is running a serverless solution in tneAWS Cloud The solution
manages user data, delivery information and past purchase details The solution consists of
several microservices The central user service stores sensitive data in an Amazon
DynamoDB table Several of the other microservices store a copy of parts of the sensitive
data in different storage services
The company needs the ability to delete user information upon request As soon as the
central user service deletes a user every other microservice must also delete its copy of the data immediately
Which solution will meet these requirements?

A. Activate DynamoDB Streams on the DynamoDB table Create an AWS Lambda triggerfor the DynamoDB stream that will post events about user deletion in an Amazon SimpleQueue Service (Amazon SQS) queue Configure each microservice to poll the queue anddelete the user from the DynamoDB table
B. Set up DynamoDB event notifications on the DynamoDB table Create an AmazonSimple Notification Service (Amazon SNS) topic as a target for the DynamoDB eventnotification Configure each microservice to subscribe to the SNS topic and to delete theuser from the DynamoDB table
C. Configure the central user service to post an event on a custom Amazon EventBridgeevent bus when the company deletes a user Create an EventBndge rule for eachmicroservice to match the user deletion event pattern and invoke logic in the microserviceto delete the user from the DynamoDB table
D. Configure the central user service to post a message on an Amazon Simple QueueService (Amazon SQS) queue when the company deletes a user Configure eachmicroservice to create an event filter on the SQS queue and to delete the user from theDynamoDB table


ANSWER : C



SAP-C02 Sample Question 11


A company needs to improve the security of its web-based application on AWS. The
application uses Amazon CloudFront with two custom origins. The first custom origin routes
requests to an Amazon API Gateway HTTP API. The second custom origin routes traffic to an Application Load Balancer (ALB) The application integrates with an OpenlD Connect
(OIDC) identity provider (IdP) for user management.
A security audit shows that a JSON Web Token (JWT) authorizer provides access to the
API The security audit also shows that the ALB accepts requests from unauthenticated
users
A solutions architect must design a solution to ensure that all backend services respond to
only authenticated users
Which solution will meet this requirement?

A. Configure the ALB to enforce authentication and authorization by integrating the ALBwith the IdP Allow only authenticated users to access the backend services
B. Modify the CloudFront configuration to use signed URLs Implement a permissive signingpolicy that allows any request to access the backend services
C. Create an AWS WAF web ACL that filters out unauthenticated requests at the ALB level.Allow only authenticated traffic to reach the backend services.
D. Enable AWS CloudTrail to log all requests that come to the ALB Create an AWSLambda function to analyze the togs and block any requests that come fromunauthenticated users.


ANSWER : A



SAP-C02 Sample Question 12


A company has multiple lines of business (LOBs) that toll up to the parent company. The
company has asked its solutions architect to develop a solution with the following
requirements • Produce a single AWS invoice for all of the AWS accounts used by its LOBs.
• The costs for each LOB account should be broken out on the invoice
• Provide the ability to restrict services and features in the LOB accounts, as defined by the
company's governance policy
• Each LOB account should be delegated full administrator permissions regardless of the
governance policy
Which combination of steps should the solutions architect take to meet these
requirements'? (Select TWO.)

A. Use AWS Organizations to create an organization in the parent account for each LOBThen invite each LOB account to the appropriate organization
B. Use AWS Organizations to create a single organization in the parent account Then,invite each LOB's AWS account lo join the organization.
C. Implement service quotas to define the services and features that are permitted andapply the quotas to each LOB. as appropriate
D. Create an SCP that allows only approved services and features then apply the policy tothe LOB accounts
E. Enable consolidated billing in the parent account's billing console and link the LOB accounts


ANSWER : B,E



SAP-C02 Sample Question 13


A company runs a software-as-a-service <SaaS) application on AWS The application
consists of AWS Lambda functions and an Amazon RDS for MySQL Multi-AZ database
During market events the application has a much higher workload than normal Users notice
slow response times during the peak periods because of many database connections The
company needs to improve the scalable performance and availability of the database
Which solution meets these requirements'?

A. Create an Amazon CloudWatch alarm action that triggers a Lambda function to add anAmazon RDS for MySQL read replica when resource utilization hits a threshold
B. Migrate the database to Amazon Aurora, and add a read replica Add a databaseconnection pool outside of the Lambda handler function
C. Migrate the database to Amazon Aurora and add a read replica Use Amazon Route 53weighted records
D. Migrate the database to Amazon Aurora and add an Aurora Replica Configure AmazonRDS Proxy to manage database connection pools


ANSWER : D



SAP-C02 Sample Question 14


A solutions architect is creating an AWS CloudFormation template from an existing
manually created non-production AWS environment The CloudFormation template can be
destroyed and recreated as needed The environment contains an Amazon EC2 instance
The EC2 instance has an instance profile that the EC2 instance uses to assume a role in a
parent account
The solutions architect recreates the role in a CloudFormation template and uses the same
role name When the CloudFormation template is launched in the child account, the EC2
instance can no longer assume the role in the parent account because of insufficient
permissions
What should the solutions architect do to resolve this issue?

A. In the parent account edit the trust policy for the role that the EC2 instance needs toassume Ensure that the target role ARN in the existing statement that allows the stsAssumeRole action is correct Save the trust policy
B. In the parent account edit the trust policy for the role that the EC2 instance needs toassume Add a statement that allows the sts AssumeRole action for the root principal of thechild account Save the trust policy
C. Update the CloudFormation stack again Specify only the CAPABILITY_NAMED_IAMcapability
D. Update the CloudFormation stack again Specify the CAPABIUTYJAM capability and theCAPABILITY_NAMEDJAM capability


ANSWER : A



SAP-C02 Sample Question 15


A company has an application that analyzes and stores image data on premises The
application receives millions of new image files every day Files are an average of 1 MB in
size The files are analyzed in batches of 1 GB When the application analyzes a batch the
application zips the images together The application then archives the images as a single
file in an on-premises NFS server for long-term storage
The company has a Microsoft Hyper-V environment on premises and has compute
capacity available The company does not have storage capacity and wants to archive the
images on AWS The company needs the ability to retrieve archived data within t week of a
request.
The company has a 10 Gbps AWS Direct Connect connection between its on-premises
data center and AWS. The company needs to set bandwidth limits and schedule archived
images to be copied to AWS dunng non-business hours.
Which solution will meet these requirements MOST cost-effectively?

A. Deploy an AWS DataSync agent on a new GPU-based Amazon EC2 instance Configurethe DataSync agent to copy the batch of files from the NFS on-premises server to AmazonS3 Glacier Instant Retrieval After the successful copy delete the data from the on-premisesstorage
B. Deploy an AWS DataSync agent as a Hyper-V VM on premises Configure the DataSyncagent to copy the batch of files from the NFS on-premises server to Amazon S3 GlacierDeep Archive After the successful copy delete the data from the on-premises storage
C. Deploy an AWS DataSync agent on a new general purpose Amazon EC2 instanceConfigure the DataSync agent to copy the batch of files from the NFS on-premises serverto Amazon S3 Standard After the successful copy deletes the data from the on-premisesstorage Create an S3 Lifecycle rule to transition objects from S3 Standard to S3 GlacierDeep Archive after 1 day
D. Deploy an AWS Storage Gateway Tape Gateway on premises in the Hyper-Venvironment Connect the Tape Gateway to AWS Use automatic tape creation Specify anAmazon S3 Glacier Deep Archive pool Eject the tape after the batch of images is copied


ANSWER : B



SAP-C02 Sample Question 16


A company is planning to migrate an application from on premises to the AWS Cloud The
company will begin the migration by moving the application underlying data storage to
AWS The application data is stored on a shared tile system on premises and the
application servers connect to the shared file system through SMB
A solutions architect must implement a solution that uses an Amazon S3 bucket for shared
storage. Until the application is fully migrated and code is rewritten to use native Amazon
S3 APIs the application must continue to have access to the data through SMB The
solutions architect must migrate the application data to AWS (o its new location while still
allowing the on-premises application to access the data
Which solution will meet these requirements?

A. Create a new Amazon FSx for Windows File Server file system Configure AWSDataSync with one location for the on-premises file share and one location for the newAmazon FSx file system Create a new DataSync task to copy the data from the onpremisesfile share location to the Amazon FSx file system
B. Create an S3 bucket for the application Copy the data from the on-premises storage to the S3 bucket
C. Deploy an AWS Server Migration Service (AWS SMS) VM to the on-premisesenvironment Use AWS SMS to migrate the file storage server from on premises to anAmazon EC2 instance
D. Create an S3 bucket for the application Deploy a new AWS Storage Gateway filegateway on an on-premises VM Create a new file share that stores data in the S3 bucketand is associated with the file gateway Copy the data from the on-premises storage to thenew file gateway endpoint


ANSWER : D



SAP-C02 Sample Question 17


A company is launching a new online game on Amazon EC2 instances. The game must be
available globally. The company plans to run the game in three AWS Regions: us-east-1,
eu-west-1, and ap-southeast-1. The game's leaderboards. player inventory, and event
status must be available across Regions.
A solutions architect must design a solution that will give any Region the ability to scale to
handle the load of all Regions. Additionally, users must automatically connect to the Region
that provides the least latency.
Which solution will meet these requirements with the LEAST operational overhead?

A. Create an EC2 Spot Fleet. Attach the Spot Fleet to a Network Load Balancer (NLB) ineach Region. Create an AWS Global Accelerator IP address that points to the NLB. Createan Amazon Route 53 latency-based routing entry for the Global Accelerator IP address.Save the game metadata to an Amazon RDS for MySQL DB instance in each Region. Setup a read replica in the other Regions.
B. Create an Auto Scaling group for the EC2 instances. Attach the Auto Scaling group to aNetwork Load Balancer (NLB) in each Region. For each Region, create an Amazon Route53 entry that uses geoproximity routing and points to the NLB in that Region. Save thegame metadata to MySQL databases on EC2 instances in each Region. Save the gamemetadata to MySQL databases on EC2 instances in each Region. Set up replicationbetween the database EC2 instances in each Region.
C. Create an Auto Scaling group for the EC2 instances. Attach the Auto Scaling group to aNetwork Load Balancer (NLB) in each Region. For each Region, create an Amazon Route53 entry that uses latency-based routing and points to the NLB in that Region. Save thegame metadata to an Amazon DynamoDB global table.
D. Use EC2 Global View. Deploy the EC2 instances to each Region. Attach the instancesto a Network Load Balancer (NLB). Deploy a DNS server on an EC2 instance in eachRegion. Set up custom logic on each DNS server to redirect the user to the Region thatprovides the lowest latency. Save the game metadata to an Amazon Aurora globaldatabase.


ANSWER : C



SAP-C02 Sample Question 18


A company is running its solution on AWS in a manually created VPC. The company is
using AWS CloudFormation to provision other parts of the infrastructure According to a
new requirement the company must manage all infrastructure in an automatic way
What should the comp any do to meet this new requirement with the LEAST effort?

A. Create a new AWS Cloud Development Kit (AWS CDK) stack that strictly provisions theexisting VPC resources and configuration Use AWS CDK to import the VPC into the stackand to manage the VPC
B. Create a CloudFormation stack set that creates the VPC Use the stack set to import theVPC into the stack
C. Create a new CloudFormation template that strictly provisions the existing VPCresources and configuration From the CloudFormation console, create a new stack byimporting the existing resources
D. Create a new CloudFormation template that creates the VPC Use the AWS ServerlessApplication Model (AWS SAM) CLI to import the VPC


ANSWER : C



SAP-C02 Sample Question 19


A medical company is running a REST API on a set of Amazon EC2 instances The EC2
instances run in an Auto Scaling group behind an Application Load Balancer (ALB) The
ALB runs in three public subnets, and the EC2 instances run in three private subnets The
company has deployed an Amazon CloudFront distribution that has the ALB as the only origin
Which solution should a solutions architect recommend to enhance the origin security?

A. Store a random string in AWS Secrets Manager Create an AWS Lambda function forautomatic secret rotation Configure CloudFront to inject the random string as a customHTTP header for the origin request Create an AWS WAF web ACL rule with a string matchrule for the custom header Associate the web ACL with the ALB
B. Create an AWS WAF web ACL rule with an IP match condition of the CloudFront serviceIP address ranges Associate the web ACL with the ALB Move the ALB into the threeprivate subnets
C. Store a random string in AWS Systems Manager Parameter Store Configure ParameterStore automatic rotation for the string Configure CloudFront to inject the random string as acustom HTTP header for the origin request Inspect the value of the custom HTTP header,and block access in the ALB
D. Configure AWS Shield Advanced. Create a security group policy to allow connectionsfrom CloudFront service IP address ranges. Add the policy to AWS Shield Advanced, andattach the policy to the ALB


ANSWER : A



SAP-C02 Sample Question 20


A company creates an AWS Control Tower landing zone to manage and govern a multiaccount
AWS environment. The company's security team will deploy preventive controls
and detective controls to monitor AWS services across all the accounts. The security team
needs a centralized view of the security state of all the accounts.
Which solution will meet these requirements'?

A. From the AWS Control Tower management account, use AWS CloudFormationStackSets to deploy an AWS Config conformance pack to all accounts in the organization
B. Enable Amazon Detective for the organization in AWS Organizations Designate oneAWS account as the delegated administrator for Detective
C. From the AWS Control Tower management account, deploy an AWS CloudFormationstack set that uses the automatic deployment option to enable Amazon Detective for theorganization
D. Enable AWS Security Hub for the organization in AWS Organizations Designate oneAWS account as the delegated administrator for Security Hub


ANSWER : D



SAP-C02 Sample Question 21


A software as a service (SaaS) company provides a media software solution to customers
The solution is hosted on 50 VPCs across various AWS Regions and AWS accounts One
of the VPCs is designated as a management VPC The compute resources in the VPCs
work independently The company has developed a new feature that requires all 50 VPCs to be able to
communicate with each other. The new feature also requires one-way access from each
customer's VPC to the company's management VPC The management VPC hosts a
compute resource that validates licenses for the media software solution
The number of VPCs that the company will use to host the solution will continue to increase
as the solution grows
Which combination of steps will provide the required VPC connectivity with the LEAST
operational overhead'' (Select TWO.)

A. Create a transit gateway Attach all the company's VPCs and relevant subnets to thetransit gateway
B. Create VPC peering connections between all the company's VPCs
C. Create a Network Load Balancer (NLB) that points to the compute resource for licensevalidation. Create an AWS PrivateLink endpoint service that is available to each customer'sVPC Associate the endpoint service with the NLB
D. Create a VPN appliance in each customer's VPC Connect the company's managementVPC to each customer's VPC by using AWS Site-to-Site VPN
E. Create a VPC peering connection between the company's management VPC and eachcustomer's VPC


ANSWER : A,C



SAP-C02 Sample Question 22


A company wants to migrate virtual Microsoft workloads from an on-premises data center
to AWS The company has successfully tested a few sample workloads on AWS. The
company also has created an AWS Site-to-Site VPN connection to a VPC A solutions
architect needs to generate a total cost of ownership (TCO) report for the migration of all
the workloads from the data center
Simple Network Management Protocol (SNMP) has been enabled on each VM in the data
center The company cannot add more VMs m the data center and cannot install additional
software on the VMs The discovery data must be automatically imported into AWS
Migration Hub
Which solution will meet these requirements?

A. Use the AWS Application Migration Service agentless service and the AWS MigrationHub Strategy Recommendations to generate the TCO report
B. Launch a Windows Amazon EC2 instance Install the Migration Evaluator agentlesscollector on the EC2 instance Configure Migration Evaluator to generate the TCO report
C. Launch a Windows Amazon EC2 instance. Install the Migration Evaluator agentlesscollector on the EC2 instance. Configure Migration Hub to generate the TCO report
D. Use the AWS Migration Readiness Assessment tool inside the VPC Configure MigrationEvaluator to generate the TCO report


ANSWER : A



SAP-C02 Sample Question 23


A company uses AWS Organizations to manage its development environment. Each
development team at the company has its own AWS account Each account has a single
VPC and CIDR blocks that do not overlap.
The company has an Amazon Aurora DB cluster in a shared services account All the
development teams need to work with live data from the DB cluster
Which solution will provide the required connectivity to the DB cluster with the LEAST
operational overhead?

A. Create an AWS Resource Access Manager (AWS RAM) resource share tor the DBcluster. Share the DB cluster with all the development accounts
B. Create a transit gateway in the shared services account Create an AWS ResourceAccess Manager (AWS RAM) resource share for the transit gateway Share the transitgateway with all the development accounts Instruct the developers to accept the resourceshare Configure networking.
C. Create an Application Load Balancer (ALB) that points to the IP address of the DBcluster Create an AWS PrivateLink endpoint service that uses the ALB Add permissions toallow each development account to connect to the endpoint service
D. Create an AWS Site-to-Site VPN connection in the shared services account Configurenetworking Use AWS Marketplace VPN software in each development account to connectto the Site-to-Site VPN connection


ANSWER : B



SAP-C02 Sample Question 24


An events company runs a ticketing platform on AWS. The company's customers configure
and schedule their events on the platform The events result in large increases of traffic to
the platform The company knows the date and time of each customer's events
The company runs the platform on an Amazon Elastic Container Service (Amazon ECS)
cluster The ECS cluster consists of Amazon EC2 On-Demand Instances that are in an Auto
Scaling group. The Auto Scaling group uses a predictive scaling policy
The ECS cluster makes frequent requests to an Amazon S3 bucket to download ticket
assets The ECS cluster and the S3 bucket are in the same AWS Region and the same
AWS account Traffic between the ECS cluster and the S3 bucket flows across a NAT
gateway
The company needs to optimize the cost of the platform without decreasing the platform's
availability
Which combination of steps will meet these requirements? (Select TWO)

A. Create a gateway VPC endpoint for the S3 bucket
B. Add another ECS capacity provider that uses an Auto Scaling group of Spot InstancesConfigure the new capacity provider strategy to have the same weight as the existingcapacity provider strategy
C. Create On-Demand Capacity Reservations for the applicable instance type for the timeperiod of the scheduled scaling policies
D. Enable S3 Transfer Acceleration on the S3 bucket
E. Replace the predictive scaling policy with scheduled scaling policies for the scheduled events


ANSWER : A,B



SAP-C02 Sample Question 25


A company provides a centralized Amazon EC2 application hosted in a single shared VPC
The centralized application must be accessible from client applications running in the VPCs
of other business units The centralized application front end is configured with a Network
Load Balancer (NLB) for scalability Up to 10 business unit VPCs will need to be connected to the shared VPC Some ot the
business unit VPC CIDR blocks overlap with the shared VPC and some overlap with each
other Network connectivity to the centralized application in the shared VPC should be
allowed from authorized business unit VPCs only
Which network configuration should a solutions architect use to provide connectivity from
the client applications in the business unit VPCs to the centralized application in the shared
VPC?

A. Create an AWS Transit Gateway Attach the shared VPC and the authorized businessunit VPCs to the transit gateway Create a single transit gateway route table and associateit with all of the attached VPCs Allow automatic propagation of routes from the attachmentsinto the route table Configure VPC routing tables to send traffic to the transit gateway
B. Create a VPC endpoint service using the centralized application NLB and enable theoption to require endpoint acceptance Create a VPC endpoint in each of the business unitVPCs using the service name of the endpoint service. Accept authorized endpoint requestsfrom the endpoint service console.
C. Create a VPC peering connection from each business unit VPC to the shared VPCAccept the VPC peering connections from the shared VPC console Configure VPC routingtables to send traffic to the VPC peering connection
D. Configure a virtual private gateway for the shared VPC and create customer gatewaysfor each of the authorized business unit VPCs Establish a Site-to-Site VPN connection fromthe business unit VPCs to the shared VPC Configure VPC routing tables to send traffic tothe VPN connection


ANSWER : B



SAP-C02 Sample Question 26


A company runs an application in (he cloud that consists of a database and a website
Users can post data to the website, have the data processed, and have the data sent back
to them in an email Data is stored in a MySQL database running on an Amazon EC2
instance The database is running in a VPC with two private subnets The website is running
on Apache Tomcat in a single EC2 instance in a different VPC with one public subnet
There is a single VPC peering connection between the database and website VPC. The website has suffered several outages during the last month due to high traffic
Which actions should a solutions architect take to increase the reliability of the application?
(Select THREE.)

A. Place the Tomcat server in an Auto Scaling group with multiple EC2 instances behindan Application Load Balancer
B. Provision an additional VPC peering connection
C. Migrate the MySQL database to Amazon Aurora with one Aurora Replica
D. Provision two NAT gateways in the database VPC.
E. Move the Tomcat server to the database VPC
F. Create an additional public subnet in a different Availability Zone in the website VPC


ANSWER : A,C,F



SAP-C02 Sample Question 27


A company has developed a new release of a popular video game and wants to make it
available for public download The new release package is approximately 5 GB in size. The
company provides downloads for existing releases from a Linux-based publicly facing FTP
site hosted in an on-premises data center The company expects the new release will be
downloaded by users worldwide The company wants a solution that provides improved
download performance and low transfer costs regardless of a user's location
Which solutions will meet these requirements'?

A. Store the game files on Amazon EBS volumes mounted on Amazon EC2 instanceswithin an Auto Scaling group Configure an FTP service on the EC2 instances Use anApplication Load Balancer in front of the Auto Scaling group. Publish the game downloadURL for users to download the package
B. Store the game files on Amazon EFS volumes that are attached to Amazon EC2instances within an Auto Scaling group Configure an FTP service on each of the EC2instances Use an Application Load Balancer in front of the Auto Scaling group Publish thegame download URL for users to download the package
C. Configure Amazon Route 53 and an Amazon S3 bucket for website hosting Upload thegame files to the S3 bucket Use Amazon CloudFront for the website Publish the gamedownload URL for users to download the package
D. Configure Amazon Route 53 and an Amazon S3 bucket for website hosting Upload thegame files to the S3 bucket Set Requester Pays for the S3 bucket Publish the game download URL for users to download the package


ANSWER : C



SAP-C02 Sample Question 28


To abide by industry regulations, a solutions architect must design a solution that will store
a company's critical data in multiple public AWS Regions, including in the United States,
where the company's headquarters is located The solutions architect is required to provide
access to the data stored in AWS to the company's global WAN network The security team
mandates that no traffic accessing this data should traverse the public internet
How should the solutions architect design a highly available solution that meets the
requirements and is cost-effective'?

A. Establish AWS Direct Connect connections from the company headquarters to all AWSRegions in use the company WAN to send traffic over to the headquarters and then to the respective DX connection to access the data
B. Establish two AWS Direct Connect connections from the company headquarters to anAWS Region Use the company WAN to send traffic over a DX connection Use inter-regionVPC peering to access the data in other AWS Regions
C. Establish two AWS Direct Connect connections from the company headquarters to anAWS Region Use the company WAN to send traffic over a DX connection Use an AWStransit VPC solution to access data in other AWS Regions
D. Establish two AWS Direct Connect connections from the company headquarters to anAWS Region Use the company WAN to send traffic over a DX connection Use DirectConnect Gateway to access data in other AWS Regions.


ANSWER : D



SAP-C02 Sample Question 29


A startup company recently migrated a large ecommerce website to AWS The website has
experienced a 70% increase in sates Software engineers are using a private GitHub
repository to manage code The DevOps team is using Jenkins for builds and unit testing
The engineers need to receive notifications for bad builds and zero downtime during
deployments The engineers also need to ensure any changes to production are seamless
for users and can be rolled back in the event of a major issue
The software engineers have decided to use AWS CodePipeline to manage their build and
deployment process
Which solution will meet these requirements'?

A. Use GitHub websockets to trigger the CodePipeline pipeline Use the Jenkins plugin forAWS CodeBuild to conduct unit testing Send alerts to an Amazon SNS topic for any badbuilds Deploy in an in-place all-at-once deployment configuration using AWS CodeDeploy
B. Use GitHub webhooks to trigger the CodePipelme pipeline Use the Jenkins plugin forAWS CodeBuild to conduct unit testing Send alerts to an Amazon SNS topic for any bad builds Deploy in a blue'green deployment using AWS CodeDeploy
C. Use GitHub websockets to trigger the CodePipelme pipeline. Use AWS X-Ray for unittesting and static code analysis Send alerts to an Amazon SNS topic for any bad buildsDeploy in a blue/green deployment using AWS CodeDeploy.
D. Use GitHub webhooks to trigger the CodePipeline pipeline Use AWS X-Ray for unittesting and static code analysis Send alerts to an Amazon SNS topic for any bad buildsDeploy in an m-place. all-at-once deployment configuration using AWS CodeDeploy


ANSWER : B



All Amazon Exams PDF
For 3 Months

All Updated Amazon Exams included in Package

was $800
Buy Now
Amazon Bundle PDF For 3 Months
Now $400

All Amazon Exams PDF
For 6 Months

All Updated Amazon Exams included in Package

was $800
Buy Now
Amazon Bundle PDF For 6 Months
Now $550

All Amazon Exams PDF
For 12 Months

All Updated Amazon Exams included in Package

was $1600
Buy Now
Amazon Bundle PDF For 12 Months
Now $800

LOGIN YOUR ACCOUNT




2 Exams Files

10% off

  • Latest and Most Up-todate Dumps
  • Free 3 Months Updates
  • Exam Passing Guarantee
  • Secure Payment
  • Privacy Protection

3 Exams Files

15% off

  • Latest and Most Up-todate Dumps
  • Free 3 Months Updates
  • Exam Passing Guarantee
  • Secure Payment
  • Privacy Protection

5 Exams Files

20% off

  • Latest and Most Up-todate Dumps
  • Free 3 Months Updates
  • Exam Passing Guarantee
  • Secure Payment
  • Privacy Protection

10 Exams Files

25% off

  • Latest and Most Up-todate Dumps
  • Free 3 Months Updates
  • Exam Passing Guarantee
  • Secure Payment
  • Privacy Protection