Home
All Vendors
Packages
Guarantee
Contact Us

Home
Top Exams

Microsoft
SC-900 MD-102 PL-100 AZ-400 SC-300 PL-300 AZ-140 AZ-204

Cisco
010-151 300-725 500-325 648-238 500-801 300-910 700-105 700-250

Amazon
SAA-C03 SAP-C02 Data-Engineer-Associate MLS-C01 SOA-C02 SCS-C02 MLA-C01 CLF-C02
All Vendors
Packages
Guarantee
Contact Us

Pass4sure Amazon SAP-C02 Dumps

Name: SAP-C02 Dumps
Brand: DumpsPass4sure
SKU: SAP-C02
Price: 59 USD
Availability: InStock
Rating: 5.0 (2821 reviews)

Get ready to pass your exam right away with Amazon SAP-C02 Practice Questions. These Amazon SAP-C02 PDFs are specially designed to make passing easier without any difficulties!

Exam Name:

AWS Certified Solutions Architect - Professional

Exam Code:

SAP-C02

Questions:

483

Update Date

Mar 22, 2025

PDF + Test Engine

$89 ~~$133.5~~

Test Engine

Demo

$79 ~~$118.5~~

PDF

Demo

$59 ~~$88.5~~

Description
Related Exams

PASS4SURE – BEST PRACTICE QUESTIONS FOR BEST RESULTS!

According to recent global reports, there is a considerable rise in demand for Amazon AWS Certified Professional certified professionals. Every other professional is on the lookout to better their career. That is the reason why hundreds of candidates apply for the AWS Certified Solutions Architect - Professional Exam every year.

Amazon has topped all other industries in development and progress for the last few years. That’s why they make their SAP-C02 Exam complex and up to the standards of day-to-day job tasks. We sensed the need for an accurate and reliable Pass4Sure Dumps PDF and jumped right in to provide a helping hand to struggling professionals.

If you are also one of the hopeful aspirants of AWS Certified Professional certification, consider buying SAP-C02 Braindumps to pass your exam with distinction. Our experts are working hard daily to give you the best quality AWS Certified Solutions Architect - Professional SAP-C02 Practice Questions. Hundreds of clients have benefitted from Pass4Sure Question Answers, and you can be next.

Pass4Sure team gives 100% for you so you can give your 100% in the exam. With our help, there is no reason left you couldn’t possibly meet your goals. Free SAP-C02 Dumps make passing AWS Certified Professional Exam piece of cake. So, get ready for a glittering IT Career in your near future!

WHY US? – REASONS TO BUY Amazon SAP-C02 QUESTION ANSWERS

Pass4Sure offers an all-encompassing Dumps PDF set. It has everything an SAP-C02 exam candidate needs to pass with an incredible result. We give you a free demo, discounts, free updates for the first three months, and many more. Anyone who wishes to pass the Amazon Exam in the very first attempt must try Pass4Sure SAP-C02 Braindumps.

IT industry can always use a proficient and reliable professional to handle their daily jobs. A professional that is an expert in all required tasks is a much-needed asset to an organization. Employers are looking for professionals like that. And we aim to make you into one of the highest-paid, highly-skilled, and credible professionals. It can be possible with our SAP-C02 Practice Questions. Getting AWS Certified Professional certified is not a far-fetched dream anymore.

Our focus is providing ease to our precious customers, and it shows in our dedication. After a long-and-hard data analysis, Pass4Sure came up with the best solution to aid failing AWS Certified Solutions Architect - Professional candidates. Moreover, we make sure you are not left alone in any step of your training. Our reliable experts stay 24/7 active to help you in your success. With top-class Pass4sure SAP-C02 Question Answers, passing the AWS Certified Solutions Architect - Professional exam is 100% guaranteed.

LET OUR FREE DUMPS BE YOUR BIGGEST ACHIEVEMENT!

Our team has curated the best study materials to ease the process of preparing for IT exams. For example, SAP-C02 Free Dumps are designed to reflect your exam pattern and format to offer real-like stimulation. The material is 100% tested and approved to get you the success you crave. Unlike others, we keep you updated on your progress. Your good and bad points are laid before you as they are. So, you can focus on bettering yourself accordingly.

The whole process is easy-peasy. For example, the website interface is user interactive. Plus, Accessing and downloading the Amazon SAP-C02 Dumps PDF is a matter of just a few clicks.

Pass4sure gives its customers the best, material created with the help of well-known experts, and Practice Questions draw positive results every single time. The SAP-C02 Braindumps are updated daily to avoid any difficulties for customers. The package comes in two different formats to meet different types of clients. PDF for candidates always on the go and online test engine for those who enjoy a real-like experience.

The feedback we receive from our valued customers is proof of our credibility. Our customer care service is always at your beck and call. Leave us an email or a message in the chatbox below, and we will be there for you within seconds.

Pass4sure SAP-C02 dumps

AWS Certified Solutions Architect - Professional

SEE DETAIL

483 Questions

Pass4sure DOP-C02 dumps

AWS Certified DevOps Engineer - Professional

SEE DETAIL

250 Questions

Sample Questions

SAP-C02 Sample Question 1

A company is developing an application that will display financial reports. The company

needs a solution that can store financial Information that comes from multiple systems. The

solution must provide the reports through a web interface and must serve the data will less

man 500 milliseconds or latency to end users. The solution also must be highly available

and must have an RTO or 30 seconds.

Which solution will meet these requirements?

A. Use an Amazon Redshift cluster to store the data. Use a state website that is hosted onAmazon S3 with backend APIs that ate served by an Amazon Elastic Cubemates Service(Amazon EKS) cluster to provide the reports to the application.
B. Use Amazon S3 to store the data Use Amazon Athena to provide the reports to theapplication. Use AWS App Runner to serve the application to view the reports.
C. Use Amazon DynamoDB to store the data, use an embedded Amazon QuickStightdashboard with direct Query datasets to provide the reports to the application.
D. Use Amazon Keyspaces (for Apache Cassandra) to store the data, use AWS ElasticBeanstalk to provide the reports to the application.

ANSWER : C

SAP-C02 Sample Question 2

A company has a Windows-based desktop application that is packaged and deployed to the users' Windows machines. The company recently acquired another company that has

employees who primarily use machines with a Linux operating system. The acquiring

company has decided to migrate and rehost the Windows-based desktop application lo

AWS.

All employees must be authenticated before they use the application. The acquiring

company uses Active Directory on premises but wants a simplified way to manage access

to the application on AWS (or all the employees.

Which solution will rehost the application on AWS with the LEAST development effort?

A. Set up and provision an Amazon Workspaces virtual desktop for every employee.Implement authentication by using Amazon Cognito identity pools. Instruct employees torun the application from their provisioned Workspaces virtual desktops.
B. Create an Auto Scarlet group of Windows-based Ama7on EC2 instances. Join eachEC2 instance to the company's Active Directory domain. Implement authentication by usingthe Active Directory That is running on premises. Instruct employees to run the applicationby using a Windows remote desktop.
C. Use an Amazon AppStream 2.0 image builder to create an image that includes theapplication and the required configurations. Provision an AppStream 2.0 On-Demand fleetwith dynamic Fleet Auto Scaling process for running the image. Implement authenticationby using AppStream 2.0 user pools. Instruct the employees to access the application bystarling browse'-based AppStream 2.0 streaming sessions.
D. Refactor and containerize the application to run as a web-based application. Run theapplication in Amazon Elastic Container Service (Amazon ECS) on AWS Fargate with stepscaling policies Implement authentication by using Amazon Cognito user pools. Instruct theemployees to run the application from their browsers.

ANSWER : C

SAP-C02 Sample Question 3

A company has Linux-based Amazon EC2 instances. Users must access the instances by

using SSH with EC2 SSH Key pairs. Each machine requires a unique EC2 Key pair.

The company wants to implement a key rotation policy that will, upon request,

automatically rotate all the EC2 key pairs and keep the key in a securely encrypted place.

The company will accept less than 1 minute of downtime during key rotation.

Which solution will meet these requirement?

A. Store all the keys in AWS Secrets Manager. Define a Secrets Manager rotationschedule to invoke an AWS Lambda function to generate new key pairs. Replace publicKeys on EC2 instances. Update the private keys in Secrets Manager.
B. Store all the keys in Parameter. Store, a capability of AWS Systems Manager, as astring. Define a Systems Manager maintenance window to invoke an AWS Lambdafunction to generate new key pairs. Replace public keys on EC2 instance. Update theprivate keys in parameter.
C. Import the EC2 key pairs into AWS Key Management Service (AWS KMS). Configureautomatic key rotation for these key pairs. Create an Amazon EventlBridge scheduled ruleto invoke an AWS Lambda function to initiate the key rotation AWS KMS.
D. Add all the EC2 instances to Feet Manager, a capability of AWS Systems Manager.Define a Systems Manager maintenance window to issue a Systems Manager RunCommand document to generate new Key pairs and to rotate public keys to all theinstances in Feet Manager.

ANSWER : A

SAP-C02 Sample Question 4

A company needs to gather data from an experiment in a remote location that does not

have internet connectivity. During the experiment, sensors that are connected to a total

network will generate 6 TB of data in a preprimary formal over the course of 1 week. The

sensors can be configured to upload their data files to an FTP server periodically, but the

sensors do not have their own FTP server. The sensors also do not support other

protocols. The company needs to collect the data centrally and move lie data to object

storage in the AWS Cloud as soon. as possible after the experiment.

Which solution will meet these requirements?

A. Order an AWS Snowball Edge Compute Optimized device. Connect the device to thelocal network. Configure AWS DataSync with a target bucket name, and unload the dataover NFS to the device. After the experiment return the device to AWS so that the data canbe loaded into Amazon S3.
B. Order an AWS Snowcone device, including an Amazon Linux 2 AMI. Connect the deviceto the local network. Launch an Amazon EC2 instance on the device. Create a shell script that periodically downloads data from each sensor. After the experiment, return the deviceto AWS so that the data can be loaded as an Amazon Elastic Block Store [Amazon EBS)volume.
C. Order an AWS Snowcone device, including an Amazon Linux 2 AMI. Connect the deviceto the local network. Launch an Amazon EC2 instance on the device. Install and configurean FTP server on the EC2 instance. Configure the sensors to upload data to the EC2instance. After the experiment, return the device to AWS so that the data can be loadedinto Amazon S3.
D. Order an AWS Snowcone device. Connect the device to the local network. Configurethe device to use Amazon FSx. Configure the sensors to upload data to the device.Configure AWS DataSync on the device to synchronize the uploaded data with an AmazonS3 bucket Return the device to AWS so that the data can be loaded as an Amazon ElasticBlock Store (Amazon EBS) volume.

ANSWER : C

SAP-C02 Sample Question 5

A company is using an organization in AWS organization to manage AWS accounts. For

each new project the company creates a new linked account. After the creation of a new

account, the root user signs in to the new account and creates a service request to increase the service quota for Amazon EC2 instances. A solutions architect needs to

automate this process.

Which solution will meet these requirements with tie LEAST operational overhead?

A. Create an Amazon EventBridge rule to detect creation of a new account Send the eventto an Amazon Simple Notification Service (Amazon SNS) topic that invokes an AWSLambda function. Configure the Lambda function to run the request-service-quota-increasecommand to request a service quota increase for EC2 instances.
B. Create a Service Quotas request template in the management account. Configure thedesired service quota increases for EC2 instances.
C. Create an AWS Config rule in the management account to set the service quota for EC2instances.
D. Create an Amazon EventBridge rule to detect creation of a new account. Send the eventto an Amazon simple Notification service (Amazon SNS) topic that involves an AWSLambda function. Configure the Lambda function to run the create-case command torequest a service quota increase for EC2 instances.

ANSWER : A

SAP-C02 Sample Question 6

A company is currently in the design phase of an application that will need an RPO of less

than 5 minutes and an RTO of less than 10 minutes. The solutions architecture team is

forecasting that the database will store approximately 10 TB of data. As part of the design, they are looking for a database solution that will provide the company with the ability to fail

over to a secondary Region.

Which solution will meet these business requirements at the LOWEST cost?

A. Deploy an Amazon Aurora DB cluster and take snapshots of the cluster every 5minutes. Once a snapshot is complete, copy the snapshot to a secondary Region to serveas a backup in the event of a failure.
B. Deploy an Amazon RDS instance with a cross-Region read replica in a secondaryRegion. In the event of a failure, promote the read replica to become the primary.
C. Deploy an Amazon Aurora DB cluster in the primary Region and another in a secondaryRegion. Use AWS DMS to keep the secondary Region in sync.
D. Deploy an Amazon RDS instance with a read replica in the same Region. In the event ofa failure, promote the read replica to become the primary.

ANSWER : B

SAP-C02 Sample Question 7

A company needs to improve the reliability ticketing application. The application runs on an

Amazon Elastic Container Service (Amazon ECS) cluster. The company uses Amazon

CloudFront to servo the application. A single ECS service of the ECS cluster is the

CloudFront distribution's origin.

The application allows only a specific number of active users to enter a ticket purchasing

flow. These users are identified by an encrypted attribute in their JSON Web Token (JWT).

All other users are redirected to a waiting room module until there is available capacity for

purchasing.

The application is experiencing high loads. The waiting room modulo is working as

designed, but load on the waiting room is disrupting the application's availability. This

disruption is negatively affecting the application's ticket sale Transactions.

Which solution will provide the MOST reliability for ticket sale transactions during periods of

high load? '

A. Create a separate service in the ECS cluster for the waiting room. Use a separatescaling configuration. Ensure that the ticketing service uses the JWT info-nation andappropriately forwards requests to the waring room service.
B. Move the application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster.Split the wailing room module into a pod that is separate from the ticketing pod. Make theticketing pod part of a StatefuISeL Ensure that the ticketing pod uses the JWT informationand appropriately forwards requests to the waiting room pod.
C. Create a separate service in the ECS cluster for the waiting room. Use a separatescaling configuration. Create a CloudFront function That inspects the JWT information andappropriately forwards requests to the ticketing service or the waiting room service
D. Move the application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster.Split the wailing room module into a pod that is separate from the ticketing pod. Use AWSApp Mesh by provisioning the App Mesh controller for Kubermetes. Enable mTLSauthentication and service-to-service authentication for communication between theticketing pod and the waiting room pod. Ensure that the ticketing pod uses The JWTinformation and appropriately forwards requests to the waiting room pod.

ANSWER : C

SAP-C02 Sample Question 8

A software development company has multiple engineers who ate working remotely. The

company is running Active Directory Domain Services (AD DS) on an Amazon EC2

instance. The company's security policy states that al internal, nonpublic services that are

deployed in a VPC must be accessible through a VPN. Multi-factor authentication (MFA)

must be used for access to a VPN.

What should a solutions architect do to meet these requirements?

A. Create an AWS Sire-to-Site VPN connection. Configure Integration between a VPN andAD DS. Use an Amazon Workspaces client with MFA support enabled to establish a VPNconnection.
B. Create an AWS Client VPN endpoint Create an AD Connector directory tor integrationwith AD DS. Enable MFA tor AD Connector. Use AWS Client VPN to establish a VPNconnection.
C. Create multiple AWS Site-to-Site VPN connections by using AWS VPN CloudHub.Configure integration between AWS VPN CloudHub and AD DS. Use AWS Copilot toestablish a VPN connection.
D. Create an Amazon WorkLink endpoint. Configure integration between AmazonWorkLink and AD DS. Enable MFA in Amazon WorkLink. Use AWS Client VPN to establisha VPN connection.

ANSWER : B

SAP-C02 Sample Question 9

A company wants to use Amazon Workspaces in combination with thin client devices to

replace aging desktops. Employees use the desktops to access applications that work with

clinical trial data. Corporate security policy states that access to the applications must be restricted to only company branch office locations. The company is considering adding an

additional branch office in the next 6 months.

Which solution meets these requirements with the MOST operational efficiency?

A. Create an IP access control group rule with the list of public addresses from the branchoffices. Associate the IP access control group with the Workspaces directory.
B. Use AWS Firewall Manager to create a web ACL rule with an IPSet with the list to publicaddresses from the branch office Locations-Associate the web ACL with the Workspacesdirectory.
C. Use AWS Certificate Manager (ACM) to issue trusted device certificates to the machinesdeployed in the branch office locations. Enable restricted access on the Workspacesdirectory.
D. Create a custom Workspace image with Windows Firewall configured to restrict accessto the public addresses of the branch offices. Use the image to deploy the Workspaces.

ANSWER : A

SAP-C02 Sample Question 10

A company needs to implement disaster recovery for a critical application that runs in a

single AWS Region. The application's users interact with a web frontend that is hosted on

Amazon EC2 Instances behind an Application Load Balancer (ALB). The application writes

to an Amazon RD5 tor MySQL DB instance. The application also outputs processed

documents that are stored in an Amazon S3 bucket

The company's finance team directly queries the database to run reports. During busy

periods, these queries consume resources and negatively affect application performance.

A solutions architect must design a solution that will provide resiliency during a disaster.

The solution must minimize data loss and must resolve the performance problems that

result from the finance team's queries.

Which solution will meet these requirements?

A. Migrate the database to Amazon DynamoDB and use DynamoDB global tables. Instructthe finance team to query a global table in a separate Region. Create an AWS Lambdafunction to periodically synchronize the contents of the original S3 bucket to a new S3bucket in the separate Region. Launch EC2 instances and create an ALB in the separateRegion. Configure the application to point to the new S3 bucket.
B. Launch additional EC2 instances that host the application in a separate Region. Add theadditional instances to the existing ALB. In the separate Region, create a read replica ofthe RDS DB instance. Instruct the finance team to run queries ageist the read replica. UseS3 Cross-Region Replication (CRR) from the original S3 bucket to a new S3 Docket in theseparate Region. During a disaster, promote the read replace to a standalone DB instance.Configure the application to point to the new S3 bucket and to the newly project readreplica.
C. Create a read replica of the RDS DB instance in a separate Region. Instruct the financeteam to run queries against the read replica. Create AMIs of the EC2 instances mat hostthe application frontend- Copy the AMIs to the separate Region. Use S3 Cross-RegionReplication (CRR) from the original S3 bucket to a new S3 bucket in the separate Region.During a disaster, promote the read replica to a standalone DB instance. Launch EC2instances from the AMIs and create an ALB to present the application to end users.Configure the application to point to the new S3 bucket.
D. Create hourly snapshots of the RDS DB instance. Copy the snapshots to a separateRegion. Add an Amazon Elastic ache cluster m front of the existing RDS database. CreateAMIs of the EC2 instances that host the application frontend Copy the AMIs to the separateRegion. Use S3 Cross-Region Replication (CRR) from the original S3 bucket to a new S3bucket in the separate Region. During a disaster, restore The database from the latestRDS snapshot. Launch EC2 Instances from the AMIs and create an ALB to present theapplication to end users. Configure the application to point to the new S3 bucket

ANSWER : C

SAP-C02 Sample Question 11

A public retail web application uses an Application Load Balancer (ALB) in front of Amazon

EC2 instances running across multiple Availability Zones (AZs) in a Region backed by an

Amazon RDS MySQL Multi-AZ deployment. Target group health checks are configured to

use HTTP and pointed at the product catalog page. Auto Scaling is configured to maintain

the web fleet size based on the ALB health check.

Recently, the application experienced an outage. Auto Scaling continuously replaced the

instances during the outage. A subsequent investigation determined that the web server

metrics were within the normal range, but the database tier was experiencing high toad,

resulting in severely elevated query response times.

Which of the following changes together would remediate these issues while improving

monitoring capabilities for the availability and functionality of the entire application stack for

future growth? (Select TWO.)

A. Configure read replicas for Amazon RDS MySQL and use the single reader endpoint inthe web application to reduce the load on the backend database tier.
B. Configure the target group health check to point at a simple HTML page instead of aproduct catalog page and the Amazon Route 53 health check against the product page toevaluate full application functionality. Configure Ama7on CloudWatch alarms to notifyadministrators when the site fails.
C. Configure the target group health check to use a TCP check of the Amazon EC2 webserver and the Amazon Route S3 health check against the product page to evaluate fullapplication functionality. Configure Amazon CloudWatch alarms to notify administratorswhen the site fails.
D. Configure an Amazon CtoudWatch alarm for Amazon RDS with an action to recover ahigh-load, impaired RDS instance in the database tier.
E. Configure an Amazon Elastic ache cluster and place it between the web application andRDS MySQL instances to reduce the load on the backend database tier.

ANSWER : A,E

SAP-C02 Sample Question 12

A company hosts an intranet web application on Amazon EC2 instances behind an

Application Load Balancer (ALB). Currently, users authenticate to the application against

an internal user database.

The company needs to authenticate users to the application by using an existing AWS

Directory Service for Microsoft Active Directory directory. All users with accounts in the

directory must have access to the application.

Which solution will meet these requirements?

A. Create a new app client in the directory. Create a listener rule for the ALB. Specify theauthenticate-oidc action for the listener rule. Configure the listener rule with the appropriateissuer, client ID and secret, and endpoint details for the Active Directory service. Configurethe new app client with the callback URL that the ALB provides.
B. Configure an Amazon Cognito user pool. Configure the user pool with a federatedidentity provider (IdP) that has metadata from the directory. Create an app client. Associatethe app client with the user pool. Create a listener rule for the ALB. Specify theauthenticate-cognito action for the listener rule. Configure the listener rule to use the userpool and app client.
C. Add the directory as a new 1AM identity provider (IdP). Create a new 1AM role that hasan entity type of SAML 2.0 federation. Configure a role policy that allows access to theALB. Configure the new role as the default authenticated user role for the IdP. Create alistener rule for the ALB. Specify the authenticate-oidc action for the listener rule.
D. Enable AWS 1AM Identity Center (AWS Single Sign-On). Configure the directory as anexternal identity provider (IdP) that uses SAML. Use the automatic provisioning method.Create a new 1AM role that has an entity type of SAML 2.0 federation. Configure a rolepolicy that allows access to the ALB. Attach the new role to all groups. Create a listenerrule for the ALB. Specify the authenticate-cognito action for the listener rule.

ANSWER : A

SAP-C02 Sample Question 13

A company wants to establish a dedicated connection between its on-premises

infrastructure and AWS. The company is setting up a 1 Gbps AWS Direct Connect

connection to its account VPC. The architecture includes a transit gateway and a Direct

Connect gateway to connect multiple VPCs and the on-premises infrastructure.

The company must connect to VPC resources over a transit VIF by using the Direct

Connect connection.

Which combination of steps will meet these requirements? (Select TWO.)

A. Update the 1 Gbps Direct Connect connection to 10 Gbps.
B. Advertise the on-premises network prefixes over the transit VIF.
C. Adverse the VPC prefixes from the Direct Connect gateway to the on-premises networkover the transit VIF.
D. Update the Direct Connect connection's MACsec encryption mode attribute to mustencrypt.
E. Associate a MACsec Connection Key Name-Connectivity Association Key (CKN/CAK)pair with the Direct Connect connection.

ANSWER : B,C

SAP-C02 Sample Question 14

A company has many services running in its on-premises data center. The data center is

connected to AWS using AWS Direct Connect (DX)and an IPsec VPN. The service data is

sensitive and connectivity cannot traverse the interne. The company wants to expand to a new market segment and begin offering Is services to other companies that are using

AWS.

Which solution will meet these requirements?

A. Create a VPC Endpoint Service that accepts TCP traffic, host it behind a Network LoadBalancer, and make the service available over DX.
B. Create a VPC Endpoint Service that accepts HTTP or HTTPS traffic, host it behind anApplication Load Balancer, and make the service available over DX.
C. Attach an internet gateway to the VPC. and ensure that network access control andsecurity group rules allow the relevant inbound and outbound traffic.
D. Attach a NAT gateway to the VPC. and ensue that network access control and securitygroup rules allow the relevant inbound and outbound traffic.

ANSWER : B

SAP-C02 Sample Question 15

A flood monitoring agency has deployed more than 10.000 water-level monitoring sensors.

Sensors send continuous data updates, and each update is less than 1 MB in size. The

agency has a fleet of on-premises application servers. These servers receive upda.es 'on

the sensors, convert the raw data into a human readable format, and write the results loan

on-premises relational database server. Data analysts then use simple SOL queries to

monitor the data.

The agency wants to increase overall application availability and reduce the effort that is

required to perform maintenance tasks These maintenance tasks, which include updates

and patches to the application servers, cause downtime. While an application server is

down, data is lost from sensors because the remaining servers cannot handle the entire

workload.

The agency wants a solution that optimizes operational overhead and costs. A solutions

architect recommends the use of AWS loT Core to collect the sensor data. What else should the solutions architect recommend to meet these requirements?

A. Send the sensor data to Amazon Kinesis Data Firehose. Use an AWS Lambda functionto read the Kinesis Data Firehose data, convert it to .csv format, and insert it into anAmazon Aurora MySQL DB instance. Instruct the data analysts to query the data directlyfrom the DB instance.
B. Send the sensor data to Amazon Kinesis Data Firehose. Use an AWS Lambda functionto read the Kinesis Data Firehose data, convert it to Apache Parquet format and save it toan Amazon S3 bucket. Instruct the data analysts to query the data by using AmazonAthena.
C. Send the sensor data to an Amazon Managed Service for Apache Flink {previouslyknown as Amazon Kinesis Data Analytics) application to convert the data to .csv formatand store it in an Amazon S3 bucket. Import the data into an Amazon Aurora MySQL DBinstance. Instruct the data analysts to query the data directly from the DB instance.
D. Send the sensor data to an Amazon Managed Service for Apache Flink (previouslyknown as Amazon Kinesis Data Analytics) application to convert the data to ApacheParquet format and store it in an Amazon S3 bucket Instruct the data analysis to query thedata by using Amazon Athena.

ANSWER : B

SAP-C02 Sample Question 16

A company that is developing a mobile game is making game assets available in two AWS

Regions. Game assets are served from a set of Amazon EC2 instances behind an

Application Load Balancer (ALB) in each Region. The company requires game assets to be

fetched from the closest Region. If game assess become unavailable in the closest Region,

they should the fetched from the other Region. What should a solutions architect do to meet these requirement?

A. Create an Amazon CloudFront distribution. Create an origin group with one origin foreach ALB. Set one of the origins as primary.
B. Create an Amazon Route 53 health check tor each ALB. Create a Route 53 failoverrouting record pointing to the two ALBs. Set the Evaluate Target Health value Yes.
C. Create two Amazon CloudFront distributions, each with one ALB as the origin. Createan Amazon Route 53 failover routing record pointing to the two CloudFront distributions.Set the Evaluate Target Health value to Yes.
D. Create an Amazon Route 53 health check tor each ALB. Create a Route 53 latency aliasrecord pointing to the two ALBs. Set the Evaluate Target Health value to Yes.

ANSWER : A

SAP-C02 Sample Question 17

An e-commerce company is revamping its IT infrastructure and is planning to use AWS

services. The company's CIO has asked a solutions architect to design a simple, highly

available, and loosely coupled order processing application. The application is responsible

for receiving and processing orders before storing them in an Amazon DynamoDB table.

The application has a sporadic traffic pattern and should be able to scale during marketing

campaigns to process the orders with minimal delays.

Which of the following is the MOST reliable approach to meet the requirements?

A. Receive the orders in an Amazon EC2-hosted database and use EC2 instances toprocess them.
B. Receive the orders in an Amazon SQS queue and invoke an AWS Lambda function toprocess them.
C. Receive the orders using the AWS Step Functions program and launch an Amazon ECScontainer to process them.
D. Receive the orders in Amazon Kinesis Data Streams and use Amazon EC2 instances toprocess them.

ANSWER : B

SAP-C02 Sample Question 18

A company deploys workloads in multiple AWS accounts. Each account has a VPC with

VPC flow logs published in text log format to a centralized Amazon S3 bucket. Each log file

is compressed with gzjp compression. The company must retain the log files indefinitely.

A security engineer occasionally analyzes the togs by using Amazon Athena to query the

VPC flow logs. The query performance is degrading over time as the number of ingested

togs is growing. A solutions architect: must improve the performance of the tog analysis and reduce the storage space that the VPC flow logs use.

Which solution will meet these requirements with the LARGEST performance

improvement?

A. Create an AWS Lambda function to decompress the gzip flies and to compress the tileswith bzip2 compression. Subscribe the Lambda function to an s3: ObiectCrealed;Put S3event notification for the S3 bucket.
B. Enable S3 Transfer Acceleration for the S3 bucket. Create an S3 Lifecycle configurationto move files to the S3 Intelligent-Tiering storage class as soon as the ties are uploaded
C. Update the VPC flow log configuration to store the files in Apache Parquet format.Specify Hourly partitions for the log files.
D. Create a new Athena workgroup without data usage control limits. Use Athena engineversion 2.

ANSWER : C

SAP-C02 Sample Question 19

A company is designing an AWS environment tor a manufacturing application. The

application has been successful with customers, and the application's user base has

increased. The company has connected the AWS environment to the company's onpremises

data center through a 1 Gbps AWS Direct Connect connection. The company has

configured BGP for the connection.

The company must update the existing network connectivity solution to ensure that the

solution is highly available, fault tolerant, and secure.

Which solution win meet these requirements MOST cost-effectively?

A. Add a dynamic private IP AWS Site-to-Site VPN as a secondary path to secure data intransit and provide resilience for the Direct Conned connection. Configure MACsec toencrypt traffic inside the Direct Connect connection.
B. Provision another Direct Conned connection between the company's on-premises datacenter and AWS to increase the transfer speed and provide resilience. Configure MACsecto encrypt traffic inside the Dried Conned connection.
C. Configure multiple private VIFs. Load balance data across the VIFs between the onpremisesdata center and AWS to provide resilience.
D. Add a static AWS Site-to-Site VPN as a secondary path to secure data in transit and toprovide resilience for the Direct Connect connection.

ANSWER : A

SAP-C02 Sample Question 20

A company has an loT platform that runs in an on-premises environment. The platform

consists of a server that connects to loT devices by using the MQTT protocol. The platform

collects telemetry data from the devices at least once every 5 minutes The platform also

stores device metadata in a MongoDB cluster

An application that is installed on an on-premises machine runs periodic jobs to aggregate

and transform the telemetry and device metadata The application creates reports that

users view by using another web application that runs on the same on-premises machine

The periodic jobs take 120-600 seconds to run However, the web application is always

running.

The company is moving the platform to AWS and must reduce the operational overhead of

the stack.

Which combination of steps will meet these requirements with the LEAST operational

overhead? (Select THREE.)

A. Use AWS Lambda functions to connect to the loT devices
B. Configure the loT devices to publish to AWS loT Core
C. Write the metadata to a self-managed MongoDB database on an Amazon EC2 instance
D. Write the metadata to Amazon DocumentDB (with MongoDB compatibility)
E. Use AWS Step Functions state machines with AWS Lambda tasks to prepare thereports and to write the reports to Amazon S3 Use Amazon CloudFront with an S3 origin toserve the reports
F. Use an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with Amazon EC2instances to prepare the reports Use an ingress controller in the EKS cluster to serve thereports

ANSWER : B,D,E

SAP-C02 Sample Question 21

A solutions architect is preparing to deploy a new security tool into several previously

unused AWS Regions. The solutions architect will deploy the tool by using an AWS

CloudFormation stack set. The stack set's template contains an 1AM role that has a

custom name. Upon creation of the stack set. no stack instances are created successfully.

What should the solutions architect do to deploy the stacks successfully?

A. Enable the new Regions in all relevant accounts. Specify theCAPABILITY_NAMED_IAM capability during the creation of the stack set.
B. Use the Service Quotas console to request a quota increase for the number ofCloudFormation stacks in each new Region in all relevant accounts. Specify theCAPABILITYJAM capability during the creation of the stack set.
C. Specify the CAPABILITY_NAMED_IAM capability and the SELF_MANAGEDpermissions model during the creation of the stack set.
D. Specify an administration role ARN and the CAPABILITYJAM capability during thecreation of the stack set.

ANSWER : A

SAP-C02 Sample Question 22

A company is planning a migration from an on-premises data center to the AWS cloud. The

company plans to use multiple AWS accounts that are managed in an organization in AWS

organizations. The company will cost a small number of accounts initially and will add

accounts as needed. A solution architect must design a solution that turns on AWS

accounts.

What is the MOST operationally efficient solution that meets these requirements.

A. Create an AWS Lambda function that creates a new cloudTrail trail in all AWS accountin the organization. Invoke the Lambda function dally by using a scheduled action inAmazon EventBridge.
B. Create a new CloudTrail trail in the organizations management account. Configure the trail to log all events for all AYYS accounts in the organization.
C. Create a new CloudTrail trail in all AWS accounts in the organization. Create new trailswhenever a new account is created.
D. Create an AWS systems Manager Automaton runbook that creates a cloud trail in allAWS accounts in the organization. Invoke the automation by using Systems Manager StateManager.

ANSWER : B

SAP-C02 Sample Question 23

A company wants to migrate an Amazon Aurora MySQL DB cluster from an existing AWS

account to a new AWS account in the same AWS Region. Both accounts are members of

the same organization in AWS Organizations.

The company must minimize database service interruption before the company performs

DNS cutover to the new database.

Which migration strategy will meet this requirement?

A. Take a snapshot of the existing Aurora database. Share the snapshot with the new AWSaccount. Create an Aurora DB cluster in the new account from the snapshot.
B. Create an Aurora DB cluster in the new AWS account. Use AWS Database MigrationService (AWS DMS) to migrate data between the two Aurora DB clusters.
C. Use AWS Backup to share an Aurora database backup from the existing AWS accountto the new AWS account. Create an Aurora DB cluster in the new AWS account from thesnapshot.
D. Create an Aurora DB cluster in the new AWS account. Use AWS Application MigrationService to migrate data between the two Aurora DB clusters.

ANSWER : B

SAP-C02 Sample Question 24

A company has a web application that uses Amazon API Gateway. AWS Lambda and

Amazon DynamoDB A recent marketing campaign has increased demand Monitoring

software reports that many requests have significantly longer response times than before

the marketing campaign

A solutions architect enabled Amazon CloudWatch Logs for API Gateway and noticed that

errors are occurring on 20% of the requests. In CloudWatch. the Lambda function.

Throttles metric represents 1% of the requests and the Errors metric represents 10% of the

requests Application logs indicate that, when errors occur there is a call to DynamoDB

What change should the solutions architect make to improve the current response times as

the web application becomes more popular'?

A. Increase the concurrency limit of the Lambda function
B. Implement DynamoDB auto scaling on the table
C. Increase the API Gateway throttle limit
D. Re-create the DynamoDB table with a better-partitioned primary index.

ANSWER : B

SAP-C02 Sample Question 25

A company use an organization in AWS Organizations to manage multiple AWS accounts.

The company hosts some applications in a VPC in the company's snared services account.

The company has attached a transit gateway to the VPC in the Shared services account.

The company is developing a new capability and has created a development environment

that requires access to the applications that are in the snared services account. The

company intends to delete and recreate resources frequently in the development account.

The company also wants to give a development team the ability to recreate the team's

connection to the shared services account as required.

Which solution will meet these requirements?

A. Create a transit gateway in the development account. Create a transit gateway peeringrequest to the shared services account. Configure the snared services transit gateway toautomatically accept peering connections.
B. Turn on automate acceptance for the transit gateway in the shared services account.Use AWS Resource Access Manager (AWS RAM) to share the transit gateway resource inthe shared services account with the development account. Accept the resource in tie development account. Create a transit gateway attachment in the development account.
C. Turn on automate acceptance for the transit gateway in the shared services account.Create a VPC endpoint. Use the endpoint policy to grant permissions on the VPC endpointfor the development account. Configure the endpoint service to automatically acceptconnection requests. Provide the endpoint details to the development team.
D. Create an Amazon EventBridge rule to invoke an AWS Lambda function that acceptsthe transit gateway attachment value the development account makes an attachmentrequest. Use AWS Network Manager to store. The transit gateway in the shared servicesaccount with the development account. Accept the transit gateway in the developmentaccount.

ANSWER : B

SAP-C02 Sample Question 26

A company uses AWS Organizations AWS account. A solutions architect must design a

solution in which only administrator roles are allowed to use IAM actions. However the

solutions archited does not have access to all the AWS account throughout the company.

Which solution meets these requirements with the LEAST operational overhead?

A. Create an SCP that applies to at the AWS accounts to allow I AM actions only foradministrator roles. Apply the SCP to the root OLI.
B. Configure AWS CloudTrai to invoke an AWS Lambda function for each event that isrelated to 1AM actions. Configure the function to deny the action. If the user who invokedthe action is not an administator.
C. Create an SCP that applies to all the AWS accounts to deny 1AM actions for all usersexcept for those with administrator roles. Apply the SCP to the root OU.
D. Set an 1AM permissions boundary that allows 1AM actions. Attach the permissionsboundary to every administrator role across all the AWS accounts.

ANSWER : A

SAP-C02 Sample Question 27

A company runs an unauthenticated static website (www.example.com) that includes a

registration form for users. The website uses Amazon S3 for hosting and uses Amazon

CloudFront as the content delivery network with AWS WAF configured. When the

registration form is submitted, the website calls an Amazon API Gateway API endpoint that

invokes an AWS Lambda function to process the payload and forward the payload to an

external API call.

During testing, a solutions architect encounters a cross-origin resource sharing (CORS)

error. The solutions architect confirms that the CloudFront distribution origin has the

Access-Control-Allow-Origin header set to www.example.com.

What should the solutions architect do to resolve the error?

A. Change the CORS configuration on the S3 bucket. Add rules for CORS to the AllowedOrigin element for www.example.com.
B. Enable the CORS setting in AWS WAF. Create a web ACL rule in which the Access-Control-Allow-Origin header is set to www.example.com.
C. Enable the CORS setting on the API Gateway API endpoint. Ensure that the APIendpoint is configured to return all responses that have the Access-Control -Allow-Originheader set to www.example.com.
D. Enable the CORS setting on the Lambda function. Ensure that the return code of thefunction has the Access-Control-Allow-Origin header set to www.example.com.

ANSWER : C

SAP-C02 Sample Question 28

A company runs an unauthenticated static website (www.example.com) that includes a

registration form for users. The website uses Amazon S3 for hosting and uses Amazon

CloudFront as the content delivery network with AWS WAF configured. When the

registration form is submitted, the website calls an Amazon API Gateway API endpoint that

invokes an AWS Lambda function to process the payload and forward the payload to an

external API call.

During testing, a solutions architect encounters a cross-origin resource sharing (CORS)

error. The solutions architect confirms that the CloudFront distribution origin has the

Access-Control-Allow-Origin header set to www.example.com.

What should the solutions architect do to resolve the error?

ANSWER : C

SAP-C02 Sample Question 29

A company that develops consumer electronics with offices in Europe and Asia has 60 TB

of software images stored on premises in Europe The company wants to transfer the

images to an Amazon S3 bucket in the ap-northeast-1 Region New software images are

created daily and must be encrypted in transit The company needs a solution that does not

require custom development to automatically transfer all existing and new software images

to Amazon S3

What is the next step in the transfer process?

A. Deploy an AWS DataSync agent and configure a task to transfer the images to the S3bucket
B. Configure Amazon Kinesis Data Firehose to transfer the images using S3 TransferAcceleration
C. Use an AWS Snowball device to transfer the images with the S3 bucket as the target
D. Transfer the images over a Site-to-Site VPN connection using the S3 API with multipartupload

ANSWER : A

SAP-C02 Sample Question 30

A company has developed an application that is running Windows Server on VMware

vSphere VMs that the company hosts on premises The application data is stored in a

proprietary format that must be read through the application The company manually

provisioned the servers and the application

As part of its disaster recovery plan, the company wants the ability to host its application on

AWS temporarily if the company's on-premises environment becomes unavailable The

company wants the application to return to on-premises hosting after a disaster recovery

event is complete The RPO is 5 minutes.

Which solution meets these requirements with the LEAST amount of operational

overhead?

A. Configure AWS DataSync Replicate the data to Amazon Elastic Block Store (AmazonEBS) volumes When the on-premises environment is unavailable, use AWS Cloud Formation templates to provision Amazon EC2 instances and attach the EBS volumes
B. Configure AWS Elastic Disaster Recovery Replicate the data to replication Amazon EC2instances that are attached to Amazon Elastic Block Store (Amazon EBS) volumes Whenthe on-premises environment is unavailable use Elastic Disaster Recovery to launch EC2instances that use the replicated volumes
C. Provision an AWS Storage Gateway file gateway. Replicate the data to an Amazon S3bucket When the on-premises environment is unavailable, use AWS Backup to restore thedata to Amazon Elastic Block Store (Amazon EBS) volumes and launch Amazon EC2instances from these EBS volumes
D. Provision an Amazon FSx for Windows File Server file system on AWS Replicate thedata to the file system When the on-premises environment is unavailable, use AWS CloudFormat ion templates to provision Amazon EC2 instances and use AWS CloudFormationInit commands to mount the Amazon FSx file shares

ANSWER : B

SAP-C02 Sample Question 31

A delivery company is running a serverless solution in tneAWS Cloud The solution

manages user data, delivery information and past purchase details The solution consists of

several microservices The central user service stores sensitive data in an Amazon

DynamoDB table Several of the other microservices store a copy of parts of the sensitive

data in different storage services

The company needs the ability to delete user information upon request As soon as the

central user service deletes a user every other microservice must also delete its copy of the data immediately

Which solution will meet these requirements?

A. Activate DynamoDB Streams on the DynamoDB table Create an AWS Lambda triggerfor the DynamoDB stream that will post events about user deletion in an Amazon SimpleQueue Service (Amazon SQS) queue Configure each microservice to poll the queue anddelete the user from the DynamoDB table
B. Set up DynamoDB event notifications on the DynamoDB table Create an AmazonSimple Notification Service (Amazon SNS) topic as a target for the DynamoDB eventnotification Configure each microservice to subscribe to the SNS topic and to delete theuser from the DynamoDB table
C. Configure the central user service to post an event on a custom Amazon EventBridgeevent bus when the company deletes a user Create an EventBndge rule for eachmicroservice to match the user deletion event pattern and invoke logic in the microserviceto delete the user from the DynamoDB table
D. Configure the central user service to post a message on an Amazon Simple QueueService (Amazon SQS) queue when the company deletes a user Configure eachmicroservice to create an event filter on the SQS queue and to delete the user from theDynamoDB table

ANSWER : C

SAP-C02 Sample Question 32

A company needs to improve the security of its web-based application on AWS. The

application uses Amazon CloudFront with two custom origins. The first custom origin routes

requests to an Amazon API Gateway HTTP API. The second custom origin routes traffic to an Application Load Balancer (ALB) The application integrates with an OpenlD Connect

(OIDC) identity provider (IdP) for user management.

A security audit shows that a JSON Web Token (JWT) authorizer provides access to the

API The security audit also shows that the ALB accepts requests from unauthenticated

users

A solutions architect must design a solution to ensure that all backend services respond to

only authenticated users

Which solution will meet this requirement?

A. Configure the ALB to enforce authentication and authorization by integrating the ALBwith the IdP Allow only authenticated users to access the backend services
B. Modify the CloudFront configuration to use signed URLs Implement a permissive signingpolicy that allows any request to access the backend services
C. Create an AWS WAF web ACL that filters out unauthenticated requests at the ALB level.Allow only authenticated traffic to reach the backend services.
D. Enable AWS CloudTrail to log all requests that come to the ALB Create an AWSLambda function to analyze the togs and block any requests that come fromunauthenticated users.

ANSWER : A

SAP-C02 Sample Question 33

A company has multiple lines of business (LOBs) that toll up to the parent company. The

company has asked its solutions architect to develop a solution with the following

requirements • Produce a single AWS invoice for all of the AWS accounts used by its LOBs.

• The costs for each LOB account should be broken out on the invoice

• Provide the ability to restrict services and features in the LOB accounts, as defined by the

company's governance policy

• Each LOB account should be delegated full administrator permissions regardless of the

governance policy

Which combination of steps should the solutions architect take to meet these

requirements'? (Select TWO.)

A. Use AWS Organizations to create an organization in the parent account for each LOBThen invite each LOB account to the appropriate organization
B. Use AWS Organizations to create a single organization in the parent account Then,invite each LOB's AWS account lo join the organization.
C. Implement service quotas to define the services and features that are permitted andapply the quotas to each LOB. as appropriate
D. Create an SCP that allows only approved services and features then apply the policy tothe LOB accounts
E. Enable consolidated billing in the parent account's billing console and link the LOB accounts

ANSWER : B,E

SAP-C02 Sample Question 34

A company runs a software-as-a-service <SaaS) application on AWS The application

consists of AWS Lambda functions and an Amazon RDS for MySQL Multi-AZ database

During market events the application has a much higher workload than normal Users notice

slow response times during the peak periods because of many database connections The

company needs to improve the scalable performance and availability of the database

Which solution meets these requirements'?

A. Create an Amazon CloudWatch alarm action that triggers a Lambda function to add anAmazon RDS for MySQL read replica when resource utilization hits a threshold
B. Migrate the database to Amazon Aurora, and add a read replica Add a databaseconnection pool outside of the Lambda handler function
C. Migrate the database to Amazon Aurora and add a read replica Use Amazon Route 53weighted records
D. Migrate the database to Amazon Aurora and add an Aurora Replica Configure AmazonRDS Proxy to manage database connection pools

ANSWER : D

SAP-C02 Sample Question 35

A solutions architect is creating an AWS CloudFormation template from an existing

manually created non-production AWS environment The CloudFormation template can be

destroyed and recreated as needed The environment contains an Amazon EC2 instance

The EC2 instance has an instance profile that the EC2 instance uses to assume a role in a

parent account

The solutions architect recreates the role in a CloudFormation template and uses the same

role name When the CloudFormation template is launched in the child account, the EC2

instance can no longer assume the role in the parent account because of insufficient

permissions

What should the solutions architect do to resolve this issue?

A. In the parent account edit the trust policy for the role that the EC2 instance needs toassume Ensure that the target role ARN in the existing statement that allows the stsAssumeRole action is correct Save the trust policy
B. In the parent account edit the trust policy for the role that the EC2 instance needs toassume Add a statement that allows the sts AssumeRole action for the root principal of thechild account Save the trust policy
C. Update the CloudFormation stack again Specify only the CAPABILITY_NAMED_IAMcapability
D. Update the CloudFormation stack again Specify the CAPABIUTYJAM capability and theCAPABILITY_NAMEDJAM capability

ANSWER : A

SAP-C02 Sample Question 36

A company has an application that analyzes and stores image data on premises The

application receives millions of new image files every day Files are an average of 1 MB in

size The files are analyzed in batches of 1 GB When the application analyzes a batch the

application zips the images together The application then archives the images as a single

file in an on-premises NFS server for long-term storage

The company has a Microsoft Hyper-V environment on premises and has compute

capacity available The company does not have storage capacity and wants to archive the

images on AWS The company needs the ability to retrieve archived data within t week of a

request.

The company has a 10 Gbps AWS Direct Connect connection between its on-premises

data center and AWS. The company needs to set bandwidth limits and schedule archived

images to be copied to AWS dunng non-business hours.

Which solution will meet these requirements MOST cost-effectively?

A. Deploy an AWS DataSync agent on a new GPU-based Amazon EC2 instance Configurethe DataSync agent to copy the batch of files from the NFS on-premises server to AmazonS3 Glacier Instant Retrieval After the successful copy delete the data from the on-premisesstorage
B. Deploy an AWS DataSync agent as a Hyper-V VM on premises Configure the DataSyncagent to copy the batch of files from the NFS on-premises server to Amazon S3 GlacierDeep Archive After the successful copy delete the data from the on-premises storage
C. Deploy an AWS DataSync agent on a new general purpose Amazon EC2 instanceConfigure the DataSync agent to copy the batch of files from the NFS on-premises serverto Amazon S3 Standard After the successful copy deletes the data from the on-premisesstorage Create an S3 Lifecycle rule to transition objects from S3 Standard to S3 GlacierDeep Archive after 1 day
D. Deploy an AWS Storage Gateway Tape Gateway on premises in the Hyper-Venvironment Connect the Tape Gateway to AWS Use automatic tape creation Specify anAmazon S3 Glacier Deep Archive pool Eject the tape after the batch of images is copied

ANSWER : B

SAP-C02 Sample Question 37

A company is planning to migrate an application from on premises to the AWS Cloud The

company will begin the migration by moving the application underlying data storage to

AWS The application data is stored on a shared tile system on premises and the

application servers connect to the shared file system through SMB

A solutions architect must implement a solution that uses an Amazon S3 bucket for shared

storage. Until the application is fully migrated and code is rewritten to use native Amazon

S3 APIs the application must continue to have access to the data through SMB The

solutions architect must migrate the application data to AWS (o its new location while still

allowing the on-premises application to access the data

Which solution will meet these requirements?

A. Create a new Amazon FSx for Windows File Server file system Configure AWSDataSync with one location for the on-premises file share and one location for the newAmazon FSx file system Create a new DataSync task to copy the data from the onpremisesfile share location to the Amazon FSx file system
B. Create an S3 bucket for the application Copy the data from the on-premises storage to the S3 bucket
C. Deploy an AWS Server Migration Service (AWS SMS) VM to the on-premisesenvironment Use AWS SMS to migrate the file storage server from on premises to anAmazon EC2 instance
D. Create an S3 bucket for the application Deploy a new AWS Storage Gateway filegateway on an on-premises VM Create a new file share that stores data in the S3 bucketand is associated with the file gateway Copy the data from the on-premises storage to thenew file gateway endpoint

ANSWER : D

SAP-C02 Sample Question 38

A company is launching a new online game on Amazon EC2 instances. The game must be

available globally. The company plans to run the game in three AWS Regions: us-east-1,

eu-west-1, and ap-southeast-1. The game's leaderboards. player inventory, and event

status must be available across Regions.

A solutions architect must design a solution that will give any Region the ability to scale to

handle the load of all Regions. Additionally, users must automatically connect to the Region

that provides the least latency.

Which solution will meet these requirements with the LEAST operational overhead?

A. Create an EC2 Spot Fleet. Attach the Spot Fleet to a Network Load Balancer (NLB) ineach Region. Create an AWS Global Accelerator IP address that points to the NLB. Createan Amazon Route 53 latency-based routing entry for the Global Accelerator IP address.Save the game metadata to an Amazon RDS for MySQL DB instance in each Region. Setup a read replica in the other Regions.
B. Create an Auto Scaling group for the EC2 instances. Attach the Auto Scaling group to aNetwork Load Balancer (NLB) in each Region. For each Region, create an Amazon Route53 entry that uses geoproximity routing and points to the NLB in that Region. Save thegame metadata to MySQL databases on EC2 instances in each Region. Save the gamemetadata to MySQL databases on EC2 instances in each Region. Set up replicationbetween the database EC2 instances in each Region.
C. Create an Auto Scaling group for the EC2 instances. Attach the Auto Scaling group to aNetwork Load Balancer (NLB) in each Region. For each Region, create an Amazon Route53 entry that uses latency-based routing and points to the NLB in that Region. Save thegame metadata to an Amazon DynamoDB global table.
D. Use EC2 Global View. Deploy the EC2 instances to each Region. Attach the instancesto a Network Load Balancer (NLB). Deploy a DNS server on an EC2 instance in eachRegion. Set up custom logic on each DNS server to redirect the user to the Region thatprovides the lowest latency. Save the game metadata to an Amazon Aurora globaldatabase.

ANSWER : C

SAP-C02 Sample Question 39

A company is running its solution on AWS in a manually created VPC. The company is

using AWS CloudFormation to provision other parts of the infrastructure According to a

new requirement the company must manage all infrastructure in an automatic way

What should the comp any do to meet this new requirement with the LEAST effort?

A. Create a new AWS Cloud Development Kit (AWS CDK) stack that strictly provisions theexisting VPC resources and configuration Use AWS CDK to import the VPC into the stackand to manage the VPC
B. Create a CloudFormation stack set that creates the VPC Use the stack set to import theVPC into the stack
C. Create a new CloudFormation template that strictly provisions the existing VPCresources and configuration From the CloudFormation console, create a new stack byimporting the existing resources
D. Create a new CloudFormation template that creates the VPC Use the AWS ServerlessApplication Model (AWS SAM) CLI to import the VPC

ANSWER : C

SAP-C02 Sample Question 40

A medical company is running a REST API on a set of Amazon EC2 instances The EC2

instances run in an Auto Scaling group behind an Application Load Balancer (ALB) The

ALB runs in three public subnets, and the EC2 instances run in three private subnets The

company has deployed an Amazon CloudFront distribution that has the ALB as the only origin

Which solution should a solutions architect recommend to enhance the origin security?

A. Store a random string in AWS Secrets Manager Create an AWS Lambda function forautomatic secret rotation Configure CloudFront to inject the random string as a customHTTP header for the origin request Create an AWS WAF web ACL rule with a string matchrule for the custom header Associate the web ACL with the ALB
B. Create an AWS WAF web ACL rule with an IP match condition of the CloudFront serviceIP address ranges Associate the web ACL with the ALB Move the ALB into the threeprivate subnets
C. Store a random string in AWS Systems Manager Parameter Store Configure ParameterStore automatic rotation for the string Configure CloudFront to inject the random string as acustom HTTP header for the origin request Inspect the value of the custom HTTP header,and block access in the ALB
D. Configure AWS Shield Advanced. Create a security group policy to allow connectionsfrom CloudFront service IP address ranges. Add the policy to AWS Shield Advanced, andattach the policy to the ALB

ANSWER : A

SAP-C02 Sample Question 41

A company creates an AWS Control Tower landing zone to manage and govern a multiaccount

AWS environment. The company's security team will deploy preventive controls

and detective controls to monitor AWS services across all the accounts. The security team

needs a centralized view of the security state of all the accounts.

Which solution will meet these requirements'?

A. From the AWS Control Tower management account, use AWS CloudFormationStackSets to deploy an AWS Config conformance pack to all accounts in the organization
B. Enable Amazon Detective for the organization in AWS Organizations Designate oneAWS account as the delegated administrator for Detective
C. From the AWS Control Tower management account, deploy an AWS CloudFormationstack set that uses the automatic deployment option to enable Amazon Detective for theorganization
D. Enable AWS Security Hub for the organization in AWS Organizations Designate oneAWS account as the delegated administrator for Security Hub

ANSWER : D

SAP-C02 Sample Question 42

A software as a service (SaaS) company provides a media software solution to customers

The solution is hosted on 50 VPCs across various AWS Regions and AWS accounts One

of the VPCs is designated as a management VPC The compute resources in the VPCs

work independently The company has developed a new feature that requires all 50 VPCs to be able to

communicate with each other. The new feature also requires one-way access from each

customer's VPC to the company's management VPC The management VPC hosts a

compute resource that validates licenses for the media software solution

The number of VPCs that the company will use to host the solution will continue to increase

as the solution grows

Which combination of steps will provide the required VPC connectivity with the LEAST

operational overhead'' (Select TWO.)

A. Create a transit gateway Attach all the company's VPCs and relevant subnets to thetransit gateway
B. Create VPC peering connections between all the company's VPCs
C. Create a Network Load Balancer (NLB) that points to the compute resource for licensevalidation. Create an AWS PrivateLink endpoint service that is available to each customer'sVPC Associate the endpoint service with the NLB
D. Create a VPN appliance in each customer's VPC Connect the company's managementVPC to each customer's VPC by using AWS Site-to-Site VPN
E. Create a VPC peering connection between the company's management VPC and eachcustomer's VPC

ANSWER : A,C

SAP-C02 Sample Question 43

A company wants to migrate virtual Microsoft workloads from an on-premises data center

to AWS The company has successfully tested a few sample workloads on AWS. The

company also has created an AWS Site-to-Site VPN connection to a VPC A solutions

architect needs to generate a total cost of ownership (TCO) report for the migration of all

the workloads from the data center

Simple Network Management Protocol (SNMP) has been enabled on each VM in the data

center The company cannot add more VMs m the data center and cannot install additional

software on the VMs The discovery data must be automatically imported into AWS

Migration Hub

Which solution will meet these requirements?

A. Use the AWS Application Migration Service agentless service and the AWS MigrationHub Strategy Recommendations to generate the TCO report
B. Launch a Windows Amazon EC2 instance Install the Migration Evaluator agentlesscollector on the EC2 instance Configure Migration Evaluator to generate the TCO report
C. Launch a Windows Amazon EC2 instance. Install the Migration Evaluator agentlesscollector on the EC2 instance. Configure Migration Hub to generate the TCO report
D. Use the AWS Migration Readiness Assessment tool inside the VPC Configure MigrationEvaluator to generate the TCO report

ANSWER : A

SAP-C02 Sample Question 44

A company uses AWS Organizations to manage its development environment. Each

development team at the company has its own AWS account Each account has a single

VPC and CIDR blocks that do not overlap.

The company has an Amazon Aurora DB cluster in a shared services account All the

development teams need to work with live data from the DB cluster

Which solution will provide the required connectivity to the DB cluster with the LEAST

operational overhead?

A. Create an AWS Resource Access Manager (AWS RAM) resource share tor the DBcluster. Share the DB cluster with all the development accounts
B. Create a transit gateway in the shared services account Create an AWS ResourceAccess Manager (AWS RAM) resource share for the transit gateway Share the transitgateway with all the development accounts Instruct the developers to accept the resourceshare Configure networking.
C. Create an Application Load Balancer (ALB) that points to the IP address of the DBcluster Create an AWS PrivateLink endpoint service that uses the ALB Add permissions toallow each development account to connect to the endpoint service
D. Create an AWS Site-to-Site VPN connection in the shared services account Configurenetworking Use AWS Marketplace VPN software in each development account to connectto the Site-to-Site VPN connection

ANSWER : B

SAP-C02 Sample Question 45

An events company runs a ticketing platform on AWS. The company's customers configure

and schedule their events on the platform The events result in large increases of traffic to

the platform The company knows the date and time of each customer's events

The company runs the platform on an Amazon Elastic Container Service (Amazon ECS)

cluster The ECS cluster consists of Amazon EC2 On-Demand Instances that are in an Auto

Scaling group. The Auto Scaling group uses a predictive scaling policy

The ECS cluster makes frequent requests to an Amazon S3 bucket to download ticket

assets The ECS cluster and the S3 bucket are in the same AWS Region and the same

AWS account Traffic between the ECS cluster and the S3 bucket flows across a NAT

gateway

The company needs to optimize the cost of the platform without decreasing the platform's

availability

Which combination of steps will meet these requirements? (Select TWO)

A. Create a gateway VPC endpoint for the S3 bucket
B. Add another ECS capacity provider that uses an Auto Scaling group of Spot InstancesConfigure the new capacity provider strategy to have the same weight as the existingcapacity provider strategy
C. Create On-Demand Capacity Reservations for the applicable instance type for the timeperiod of the scheduled scaling policies
D. Enable S3 Transfer Acceleration on the S3 bucket
E. Replace the predictive scaling policy with scheduled scaling policies for the scheduled events

ANSWER : A,B

SAP-C02 Sample Question 46

A company provides a centralized Amazon EC2 application hosted in a single shared VPC

The centralized application must be accessible from client applications running in the VPCs

of other business units The centralized application front end is configured with a Network

Load Balancer (NLB) for scalability Up to 10 business unit VPCs will need to be connected to the shared VPC Some ot the

business unit VPC CIDR blocks overlap with the shared VPC and some overlap with each

other Network connectivity to the centralized application in the shared VPC should be

allowed from authorized business unit VPCs only

Which network configuration should a solutions architect use to provide connectivity from

the client applications in the business unit VPCs to the centralized application in the shared

VPC?

A. Create an AWS Transit Gateway Attach the shared VPC and the authorized businessunit VPCs to the transit gateway Create a single transit gateway route table and associateit with all of the attached VPCs Allow automatic propagation of routes from the attachmentsinto the route table Configure VPC routing tables to send traffic to the transit gateway
B. Create a VPC endpoint service using the centralized application NLB and enable theoption to require endpoint acceptance Create a VPC endpoint in each of the business unitVPCs using the service name of the endpoint service. Accept authorized endpoint requestsfrom the endpoint service console.
C. Create a VPC peering connection from each business unit VPC to the shared VPCAccept the VPC peering connections from the shared VPC console Configure VPC routingtables to send traffic to the VPC peering connection
D. Configure a virtual private gateway for the shared VPC and create customer gatewaysfor each of the authorized business unit VPCs Establish a Site-to-Site VPN connection fromthe business unit VPCs to the shared VPC Configure VPC routing tables to send traffic tothe VPN connection

ANSWER : B

SAP-C02 Sample Question 47

A company runs an application in (he cloud that consists of a database and a website

Users can post data to the website, have the data processed, and have the data sent back

to them in an email Data is stored in a MySQL database running on an Amazon EC2

instance The database is running in a VPC with two private subnets The website is running

on Apache Tomcat in a single EC2 instance in a different VPC with one public subnet

There is a single VPC peering connection between the database and website VPC. The website has suffered several outages during the last month due to high traffic

Which actions should a solutions architect take to increase the reliability of the application?

(Select THREE.)

A. Place the Tomcat server in an Auto Scaling group with multiple EC2 instances behindan Application Load Balancer
B. Provision an additional VPC peering connection
C. Migrate the MySQL database to Amazon Aurora with one Aurora Replica
D. Provision two NAT gateways in the database VPC.
E. Move the Tomcat server to the database VPC
F. Create an additional public subnet in a different Availability Zone in the website VPC

ANSWER : A,C,F

SAP-C02 Sample Question 48

A company has developed a new release of a popular video game and wants to make it

available for public download The new release package is approximately 5 GB in size. The

company provides downloads for existing releases from a Linux-based publicly facing FTP

site hosted in an on-premises data center The company expects the new release will be

downloaded by users worldwide The company wants a solution that provides improved

download performance and low transfer costs regardless of a user's location

Which solutions will meet these requirements'?

A. Store the game files on Amazon EBS volumes mounted on Amazon EC2 instanceswithin an Auto Scaling group Configure an FTP service on the EC2 instances Use anApplication Load Balancer in front of the Auto Scaling group. Publish the game downloadURL for users to download the package
B. Store the game files on Amazon EFS volumes that are attached to Amazon EC2instances within an Auto Scaling group Configure an FTP service on each of the EC2instances Use an Application Load Balancer in front of the Auto Scaling group Publish thegame download URL for users to download the package
C. Configure Amazon Route 53 and an Amazon S3 bucket for website hosting Upload thegame files to the S3 bucket Use Amazon CloudFront for the website Publish the gamedownload URL for users to download the package
D. Configure Amazon Route 53 and an Amazon S3 bucket for website hosting Upload thegame files to the S3 bucket Set Requester Pays for the S3 bucket Publish the game download URL for users to download the package

ANSWER : C

SAP-C02 Sample Question 49

To abide by industry regulations, a solutions architect must design a solution that will store

a company's critical data in multiple public AWS Regions, including in the United States,

where the company's headquarters is located The solutions architect is required to provide

access to the data stored in AWS to the company's global WAN network The security team

mandates that no traffic accessing this data should traverse the public internet

How should the solutions architect design a highly available solution that meets the

requirements and is cost-effective'?

A. Establish AWS Direct Connect connections from the company headquarters to all AWSRegions in use the company WAN to send traffic over to the headquarters and then to the respective DX connection to access the data
B. Establish two AWS Direct Connect connections from the company headquarters to anAWS Region Use the company WAN to send traffic over a DX connection Use inter-regionVPC peering to access the data in other AWS Regions
C. Establish two AWS Direct Connect connections from the company headquarters to anAWS Region Use the company WAN to send traffic over a DX connection Use an AWStransit VPC solution to access data in other AWS Regions
D. Establish two AWS Direct Connect connections from the company headquarters to anAWS Region Use the company WAN to send traffic over a DX connection Use DirectConnect Gateway to access data in other AWS Regions.

ANSWER : D

SAP-C02 Sample Question 50

A startup company recently migrated a large ecommerce website to AWS The website has

experienced a 70% increase in sates Software engineers are using a private GitHub

repository to manage code The DevOps team is using Jenkins for builds and unit testing

The engineers need to receive notifications for bad builds and zero downtime during

deployments The engineers also need to ensure any changes to production are seamless

for users and can be rolled back in the event of a major issue

The software engineers have decided to use AWS CodePipeline to manage their build and

deployment process

Which solution will meet these requirements'?

A. Use GitHub websockets to trigger the CodePipeline pipeline Use the Jenkins plugin forAWS CodeBuild to conduct unit testing Send alerts to an Amazon SNS topic for any badbuilds Deploy in an in-place all-at-once deployment configuration using AWS CodeDeploy
B. Use GitHub webhooks to trigger the CodePipelme pipeline Use the Jenkins plugin forAWS CodeBuild to conduct unit testing Send alerts to an Amazon SNS topic for any bad builds Deploy in a blue'green deployment using AWS CodeDeploy
C. Use GitHub websockets to trigger the CodePipelme pipeline. Use AWS X-Ray for unittesting and static code analysis Send alerts to an Amazon SNS topic for any bad buildsDeploy in a blue/green deployment using AWS CodeDeploy.
D. Use GitHub webhooks to trigger the CodePipeline pipeline Use AWS X-Ray for unittesting and static code analysis Send alerts to an Amazon SNS topic for any bad buildsDeploy in an m-place. all-at-once deployment configuration using AWS CodeDeploy

ANSWER : B

All Amazon Exams PDF
For 3 Months

All Updated Amazon Exams included in Package

was $800

Buy Now

Now $400

All Amazon Exams PDF
For 6 Months

All Updated Amazon Exams included in Package

was $800

Buy Now

Now $550

All Amazon Exams PDF
For 12 Months

All Updated Amazon Exams included in Package

was $1600

Buy Now

Now $800

LOGIN YOUR ACCOUNT

Pass4sure DOP-C02 dumps Pass4sure SOA-C02 dumps Pass4sure Data-Engineer-Associate dumps Pass4sure SAP-C02 dumps Pass4sure CLF-C02 dumps Pass4sure MLA-C01 dumps Pass4sure MLS-C01 dumps Pass4sure DVA-C02 dumps Pass4sure SOA-C01 dumps Pass4sure SCS-C02 dumps

KristenSiste

The arrangement of SAP-C02 questions are flawless that encourage me to set up my paper consummately. So you should not sit around idly via looking IT material on various destinations on the off chance that you have Dumpspass4sure PDF document in your grasp. You are no compelling reason to lose a lot of your time in doing look yet it completely was only the misuse of your time.

Gupta

I was told about SAP-C02 questions and answers that spared my time and dropped for you great outcomes Dumpspass4sure specialists help the fresher o offer true help. You no compelling reason to go anyplace else for your future tests since they need to win your trust.

Samuels

I have never discovered a material like IT examination material which has composed of very validness and expertly. Very much qualified specialists who are dealing with Dumpspass4sure have planned this investigation material. I have aced my SAP-C02 exam by the absolute first endeavor and I will propose the equivalent to everybody.

k

I have additionally breezed through my test and express profound gratitude to Dumpspass4sure with the assistance of inquiries and answers it has never been anything but difficult to pass IT without taking assistance from a solid and substantial material. SAP-C02 study material is the most solid and substantial material that can assist with passing this affirmation with little exertion.

Prieto

My suggestion to anybody needs to frame sure achievement then you should decide for SAP-C02 questions and answers which can be downloaded from Dumpspass4sure it was none separated from its succinctness that spared your time and that could continue on your arrangement during your severe routine work and that you can ace IT PDF record by the essential endeavor.

2 Exams Files

10% off

Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection

3 Exams Files

15% off

Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection

5 Exams Files

20% off

Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection

10 Exams Files

25% off

Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection

YOU ARE HERE:

Pass4sure Amazon SAP-C02 Dumps

PASS4SURE – BEST PRACTICE QUESTIONS FOR BEST RESULTS!

WHY US? – REASONS TO BUY Amazon SAP-C02 QUESTION ANSWERS

LET OUR FREE DUMPS BE YOUR BIGGEST ACHIEVEMENT!

Pass4sure SAP-C02 dumps

Pass4sure DOP-C02 dumps

Sample Questions

SAP-C02 Sample Question 1

SAP-C02 Sample Question 2

SAP-C02 Sample Question 3

SAP-C02 Sample Question 4

SAP-C02 Sample Question 5

SAP-C02 Sample Question 6

SAP-C02 Sample Question 7

SAP-C02 Sample Question 8

SAP-C02 Sample Question 9

SAP-C02 Sample Question 10

SAP-C02 Sample Question 11

SAP-C02 Sample Question 12

SAP-C02 Sample Question 13

SAP-C02 Sample Question 14

SAP-C02 Sample Question 15

SAP-C02 Sample Question 16

SAP-C02 Sample Question 17

SAP-C02 Sample Question 18

SAP-C02 Sample Question 19

SAP-C02 Sample Question 20

SAP-C02 Sample Question 21

SAP-C02 Sample Question 22

SAP-C02 Sample Question 23

SAP-C02 Sample Question 24

SAP-C02 Sample Question 25

SAP-C02 Sample Question 26

SAP-C02 Sample Question 27

SAP-C02 Sample Question 28

SAP-C02 Sample Question 29

SAP-C02 Sample Question 30

SAP-C02 Sample Question 31

SAP-C02 Sample Question 32

SAP-C02 Sample Question 33

SAP-C02 Sample Question 34

SAP-C02 Sample Question 35

SAP-C02 Sample Question 36

SAP-C02 Sample Question 37

SAP-C02 Sample Question 38

SAP-C02 Sample Question 39

SAP-C02 Sample Question 40

SAP-C02 Sample Question 41

SAP-C02 Sample Question 42

SAP-C02 Sample Question 43

SAP-C02 Sample Question 44

SAP-C02 Sample Question 45

SAP-C02 Sample Question 46

SAP-C02 Sample Question 47

SAP-C02 Sample Question 48

SAP-C02 Sample Question 49

SAP-C02 Sample Question 50

All Amazon Exams PDFFor 3 Months

was $800

All Amazon Exams PDFFor 6 Months

was $800

All Amazon Exams PDFFor 12 Months

was $1600

LOGIN YOUR ACCOUNT

MOST POPULAR LINKS

TESTIMONIALS

KristenSiste

Gupta

Samuels

k

Prieto

2 Exams Files

10% off

3 Exams Files

15% off

5 Exams Files

20% off

10 Exams Files

25% off

All Amazon Exams PDF
For 3 Months

All Amazon Exams PDF
For 6 Months

All Amazon Exams PDF
For 12 Months