2024 Updated SAP-C02 Exam Questions & Practice Tests, AWS Certified Solutions Architect - Professional

Question #1

12. A company is using multiple AWS accounts. The DNS records are stored in a private hosted zone for Amazon Route 53 in Account A. The company’s applications and databases are running in Account B. A solutions architect will deploy a two-tier application in a new VPC. To simplify the configuration, the db.example.com CNAME record set for the Amazon RDS endpoint was created in a private hosted zone for Amazon Route 53. During deployment the application failed to start. Troubleshooting revealed that db.examp

A. Deploy the database on a separate EC2 instance in the new VPC

B. Use SSH to connect to the application tier EC2 instance

C. Create an authorization to associate the private hosted zone in Account A with the new VPC in Account B

D. Create a private hosted zone for the example com domain in Account B

View answer

Correct Answer: BE

Question #2

16. A company is running a large application on-premises. Its technology stack consists of Microsoft .NET for the web server platform and Apache Cassandra for the database. The company wants to migrate the application to AWS to improve service reliability. The IT team also wants to reduce the time it spends on capacity management and maintenance of this infrastructure. The Development team is willing and available to make code changes to support the migration. Which design is the LEAST complex to manage aft

A. Migrate the web servers to Amazon EC2 instances in an Auto Scaling group that is running

B. Migrate the web servers to an AWS Elastic Beanstalk environment that is running the

C. Migrate the web servers to an AWS Elastic Beanstalk environment that is running the

D. Migrate the web servers to Amazon EC2 instances in an Auto Scaling group that is running

View answer

Correct Answer: C

Question #3

A solutions architect is designing a multi-account structure that has 10 existing accounts. The design must meet the following requirements ? Consolidate all accounts into one organization ? Allow full access to the Amazon EC2 service from the management account and the secondary accounts ? Minimize the effort required to add additional secondary accounts Which combination of steps should be included in the solution? (Select TWO )

A. Create an organization from the management account Send invitations to the secondary accounts from the management account Accept the invitations and create an OU

B. Create an organization from the management accoun

C. Send a join request to the management account from each secondary account Accept the requests and create an OU

D. Create a VPC peering connection between the management account and the secondary accounts Accept the request for the VPC peering connection

E. Create a service control policy (SCP) that enables full EC2 access, and attach the policy to the OU

F. Create a full EC2 access policy and map the policy to a role in each account Trust every other account to assume the role

View answer

Correct Answer: B

Question #4

7. A company receives clickstream data files to Amazon S3 every five minutes. A Python script runs as a cron job once a day on an Amazon EC2 instance to process each file and load it into a database hosted on Amazon RDS. The cron job takes 15 to 30 minutes to process 24 hours of data. The data consumers ask for the data be available as soon as possible. Which solution would accomplish the desired outcome?

A. Increase the size of the instance to speed up processing and update the schedule to run once an hour

B. Convert the cron job to an AWS Lambda function and trigger this new function using a cron job on an EC2 instance

C. Convert the cron job to an AWS Lambda function and schedule it to run once an hour using Amazon CloudWatch events

D. Create an AWS Lambda function that runs when a file is delivered to Amazon S3 using S3 event notifications

View answer

Correct Answer: D

Question #5

A company that is developing a mobile game is making game assets available in two AWS Regions. Game assets ate served from a set of Amazon EC2 instances behind an Application Load Balancer (ALB) in each Region. The company requires game assets to be (etched from the closest Region. If game assets become unavailable in the closest Region, they should be fetched from the other Region. What should a solutions architect do to meet these requirements?

A. Create an Amazon CloudFront distributio

B. Create an origin group with one origin for each AL

C. Set one of the origins as primary

D. Create an Amazon Route 53 health check for each AL

E. Create a Route 53 failover routing record pointing to the two ALB

F. Set the Evaluate Target Health value to Yes

View answer

Correct Answer: A

Question #6

A company has a project that is launching Amazon EC2 instances that are larger than required. The project's account cannot be part of the company's organization in AWS Organizations due to policy restrictions to keep this activity outside of corporate IT. The company wants to allow only the launch of t3.small EC2 instances by developers in the project's account. These EC2 instances must be restricted to the us-east-2 Region. What should a solutions architect do to meet these requirements?

A. Create a new developer accoun

B. Move all EC2 instances, users, and assets into us-east-2

C. Enforce a tagging policy that denotes Region affinity

D. Create an SCP that denies the launch of all EC2 instances except I3

E. Create and purchase a t3

F. Create an IAM policy than allows the launch of only t3

View answer

Correct Answer: C

Question #7

17. A company uses AWS Organizations with a single OU named Production to manage multiple accounts. All accounts are members of the Production OU. Administrators use deny list SCPs in the root of the organization to manage access to restricted services. The company recently acquired a new business unit and invited the new unit’s existing AWS account to the organization. Once onboarded, the administrators of the new business unit discovered that they are not able to update existing AWS Config rules to meet t

A. Remove the organization’s root SCPs that limit access to AWS Config

B. Create a temporary OU named Onboarding for the new account

C. Convert the organization’s root SCPs from deny list SCPs to allow list SCPs to allow the required services only

D. Create a temporary OU named Onboarding for the new account

View answer

Correct Answer: D

Question #8

47. A company wants to migrate its website from an on-premises data center onto AWS. At the same time, it wants to migrate the website to a containerized microservice-based architecture to improve the availability and cost efficiency. The company’s security policy states that privileges and network permissions must be configured according to best practice, using least privilege. A Solutions Architect must create a containerized architecture that meets the security requirements and has deployed the applicati

A. Create tasks using the bridge network mode

B. Create tasks using the aws vpc network mode

C. Apply security groups to Amazon EC2 instances, and use IAM roles for EC2 instances to access other resources

D. Apply security groups to the tasks, and pass IAM credentials into the container at launch time to access other resources

E. Apply security groups to the tasks, and use IAM roles for tasks to access other resources

View answer

Correct Answer: B

Question #9

11. A company would like to implement a serverless application by using Amazon API Gateway, AWS Lambda and Amazon DynamoDB. They deployed a proof of concept and stated that the average response time is greater than what their upstream services can accept Amazon CloudWatch metrics did not indicate any issues with DynamoDB but showed that some Lambda functions were hitting their timeout. Which of the following actions should the Solutions Architect consider to improve performance? (Choose two.)

A. Configure the AWS Lambda function to reuse containers to avoid unnecessary startup time

B. Increase the amount of memory and adjust the timeout on the Lambda function

C. Create an Amazon ElastiCache cluster running Memcached, and configure the Lambda function for VPC integration with access to the Amazon ElastiCache cluster

D. Enable API cache on the appropriate stage in Amazon API Gateway, and override the TTL for individual methods that require a lower TTL than the entire stage

View answer

Correct Answer: BD

Question #10

39. A company has a web service deployed in the following two AWS Regions: us-west-2 and us-est1. Each AWS region runs an identical version of the web service. Amazon Route 53 is used to route customers to the AWS Region that has the lowest latency. The company wants to improve the availability of the web service in case an outage occurs in one of the two AWS Regions. A Solutions Architect has recommended that a Route 53 health check be performed. The health check must detect a specific text on an endpoint.

A. The endpoint must establish a TCP connection within 10 seconds

B. The endpoint must return an HTTP 200 status code

C. The endpoint must return an HTTP 2xx or 3xx status code

D. The specific text string must appear within the first 5,120 bytes of the response

E. The endpoint must respond to the request within the number of seconds specified when creating the health check

View answer

Correct Answer: CD

Question #11

A web application is hosted in a dedicated VPC that is connected to a company's on-premises data center over a Site-to-Site VPN connection. The application is accessible from the company network only. This is a temporary non-production application that is used during business hours. The workload is generally low with occasional surges. The application has an Amazon Aurora MySQL provisioned database cluster on the backend. The VPC has an internet gateway and a NAT gateways attached. The web servers are in pr

A. Review the Auto Scaling group settings and ensure the scheduled actions are specified to operate the Amazon EC2 instances during business hours onl

B. Use 3-year scheduled Reserved Instances for the web server EC2 instance

C. Detach the internet gateway and remove the NAT gateways from the VP

D. Use an Aurora Servertess database and set up a VPC endpoint for the S3 bucket

E. Review the Auto Scaling group settings and ensure the scheduled actions are specified to operate the Amazon EC2 instances during business hours onl

F. Detach the internet gateway and remove the NAT gateways from the VP G

View answer

Correct Answer: D

Question #12

13. A company has an application that generates a weather forecast that is updated every 15 minutes with an output resolution of 1 billion unique positions, each approximately 20 bytes in size (20 Gigabytes per forecast). Every hour, the forecast data is globally accessed approximately 5 million times (1,400 requests per second), and up to 10 times more during weather events. The forecast data is overwritten every update. Users of the current weather forecast application expect responses to queries to be re

A. Store forecast locations in an Amazon ES cluster

B. Store forecast locations in an Amazon EFS volume

C. Store forecast locations in an Amazon ES cluster

D. Store forecast locations in an Amazon S3 as individual objects

View answer

Correct Answer: D

Question #13

A company is currently using AWS CodeCommit for its source control and AWS CodePipeline for continuous integration The pipeline has a build stage for building the artifacts, which is then staged in an Amazon S3 bucket. The company has identified various improvement opportunities in the existing process and a solutions architect has been given the following requirements ? Create a new pipeline to support feature development ? Support feature development without impacting production applications ? Incorporate

A. Trigger a separate pipeline from CodeCommit feature branches Use AWS CodeBuild for running unit tests Use CodeBuild to stage the artifacts within an S3 bucket in a separate testing account

B. Trigger a separate pipeline from CodeCommit feature branches Use AWS Lambda for running unit tests Use AWS CodeDeploy to stage the artifacts within an S3 bucket in a separate testing account

C. Trigger a separate pipeline from CodeCommit tags Use Jenkins for running unit tests Create a stage in the pipeline with S3 as the target for staging the artifacts within an S3 bucket in a separate testing account

D. Create a separate CodeCommit repository for feature development and use it to trigger the pipeline Use AWS Lambda for running unit tests Use AWS CodeBuild to stage the artifacts within different S3 buckets in the same production account

View answer

Correct Answer: D

Question #14

7. A retail company has a custom .NET web application running on AWS that uses Microsoft SQL Server for the database. The application servers maintain a user’s session locally. Which combination of architecture changes are needed to ensure all tiers of the solution are highly available? (Choose three.)

A. Refactor the application to store the user’s session in Amazon ElastiCache

B. Set up the database to generate hourly snapshots using Amazon EBS

C. Migrate the database to Amazon RDS for SQL Server

D. Move the

F. Deploy Amazon CloudFront in front of the application tier

View answer

Correct Answer: ABE

Question #15

31. A company had a tight deadline to migrate its on-premises environment to AWS. It moved over Microsoft SQL Servers and Microsoft Windows Servers using the virtual machine import/export service and rebuild other applications native to the cloud. The team created both Amazon EC2 databases and used Amazon RDS. Each team in the company was responsible for migrating their applications, and would like suggestions on reducing its AWS spend. Which steps should a Solutions Architect take to reduce costs?

A. Enable AWS Business Support and review AWS Trusted Advisor’s cost checks

B. Enable Cost Explorer and AWS Business Support Reserve Amazon EC2 and Amazon RDS DB instances

C. Create an AWS Lambda function that changes the instance size based on Amazon CloudWatch alarms

D. Create a budget and monitor for costs exceeding the budget

View answer

Correct Answer: B

Question #16

A travel company built a web application that uses Amazon Simple Email Service (Amazon SES) to send email notifications to users. The company needs to enable logging to help troubleshoot email delivery issues. The company also needs the ability to do searches that are based on recipient, subject, and time sent. Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

A. Create an Amazon SES configuration set with Amazon Kinesis Data Firehose as the destinatio

B. Choose to send logs to an Amazon S3 bucket

C. Enable AWS CloudTrail loggin

D. Specify an Amazon S3 bucket as the destination for the logs

E. Use Amazon Athena to query the fogs in the Amazon S3 bucket for recipient, subject, and time sent

F. Create an Amazon CloudWatch log grou G

View answer

Correct Answer: B

Question #17

18. A company runs a Windows Server host in a public subnet that is configured to allow a team of administrators to connect over RDP to troubleshoot issues with hosts in a private subnet. The host must be available at all times outside of a scheduled maintenance window, and needs to receive the latest operating system updates within 3 days of release. What should be done to manage the host with the LEAST amount of administrative effort?

A. Run the host in a single-instance AWS Elastic Beanstalk environment

B. Run the host on AWS WorkSpaces

C. Run the host in an Auto Scaling group with a minimum and maximum instance count of 1

D. Run the host in AWS OpsWorks Stacks

View answer

Correct Answer: B

Question #18

33. A company has an application behind a load balancer with enough Amazon EC2 instances to satisfy peak demand. Scripts and third-party deployment solutions are used to configure EC2 instances when demand increases or an instance fails. The team must periodically evaluate the utilization of the instance types to ensure that the correct sizes are deployed. How can this workload be optimized to meet these requirements?

A. Use CloudFormer` to create AWS CloudFormation stacks from the current resources

B. Create an Auto Scaling group to scale the instances, and use AWS CodeDeploy to perform the configuration

C. Deploy the application by using AWS Elastic Beanstalk with default options

D. Deploy the application as a Docker image by using Amazon ECS

View answer

Correct Answer: D

Question #19

14. A Solutions Architect must migrate an existing on-premises web application with 70 TB of static files supporting a public open-data initiative. The architect wants to upgrade to the latest version of the host operating system as part of the migration effort. Which is the FASTEST and MOST cost-effective way to perform the migration?

A. Run a physical-to-virtual conversion on the application server

B. Run a physical-to-virtual conversion on the application server

C. Re-platform the server to Amazon EC2, and use AWS Snowball to transfer the static data to Amazon S3

D. Re-platform the server by using the AWS Server Migration Service to move the code and data to a new Amazon EC2 instance

View answer

Correct Answer: C

Question #20

A company is running a containerized application in the AWS Cloud. The application is running by using Amazon Elastic Container Service (Amazon ECS) on a set Amazon EC2 instances. The EC2 instances run in an Auto Scaling group. The company uses Amazon Elastic Container Registry (Amazon ECRJ to store its container images When a new image version is uploaded, the new image version receives a unique tag The company needs a solution that inspects new image versions for common vulnerabilities and exposures The s

A. Configure scan on push on the repositor

B. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Step Functions state machine when a scan is complete for images that have Critical or High severity findings Use the Step Functions state machine to delete the image tag for those images and to notify the development team through Amazon Simple Notification Service (Amazon SNS)

C. Configure scan on push on the repository Configure scan results to be pushed to an Amazon SimpleQueue Service (Amazon SQS) queue Invoke an AWS Lambda function when a new message is added to the SOS queue Use the Lambda function to delete the image tag for images that have Critical or High seventy finding

D. Notify the development team by using Amazon Simple Email Service (Amazon SES)

E. Schedule an AWS Lambda function to start a manual image scan every hour Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke another Lambda function when a scan is complet

F. Use the second Lambda function to delete the image tag for images that have Cnocal or High severity finding G

View answer

Correct Answer: D

Question #21

3. An auction website enables users to bid on collectible items. The auction rules require that each bid is processed only once and in the order it was received. The current implementation is based on a fleet of Amazon EC2 web servers that write bid records into Amazon Kinesis Data Streams. A single t2.large instance has a cron job that runs the bid processor, which reads incoming bids from Kinesis Data Streams and processes each bid. The auction site is growing in popularity, but users are complaining that What changes should make the bid processing more reliable?

A. Refactor the web application to use the Amazon Kinesis Producer Library (KPL) when posting bids to Kinesis Data Streams

B. Refactor the web application to post each incoming bid to an Amazon SNS topic in place of Kinesis Data Streams

C. Refactor the web application to post each incoming bid to an Amazon SQS FIFO queue in place of Kinesis Data Streams

D. Switch the EC2 instance type from t2

View answer

Correct Answer: C

Question #22

8. A company runs its containerized batch jobs on Amazon ECS. The jobs are scheduled by submitting a container image, a task definition, and the relevant data to an Amazon S3 bucket. Container images may be unique per job. Running the jobs as quickly as possible is of utmost importance, so submitting jobs artifacts to the S3 bucket triggers the job to run immediately. Sometimes there may be no jobs running at all. However, jobs of any size can be submitted with no prior warning to the IT Operations team. Jo

A. Schedule the jobs on an Amazon ECS cluster using the Amazon EC2 launch type

B. Schedule the jobs directly on EC2 instances

C. Schedule the jobs on an Amazon ECS cluster using the Fargate launch type

D. Schedule the jobs on an Amazon ECS cluster using the Fargate launch type

View answer

Correct Answer: C

Question #23

25. An internal security audit of AWS resources within a company found that a number of Amazon EC2 instances running Microsoft Windows workloads were missing several important operating system-level patches. A Solutions Architect has been asked to fix existing patch deficiencies, and to develop a workflow to ensure that future patching requirements are identified and taken care of quickly. The Solutions Architect has decided to use AWS Systems Manager. It is important that EC2 instance reboots do not occur

A. Add a Patch Group tag with a value of Windows Servers to all existing EC2 instances

B. Add a Patch Group tag a value of Windows Servers to all existing EC2 instances

C. Add a Patch Group tag with a value of either Windows Servers1 or Windows Server2 to all existing EC2 instances

D. Add a Patch Group tag with a value of either Windows servers1 or Windows Server2 to all existing EC2 instances

View answer

Correct Answer: C

Question #24

35. A large multinational company runs a timesheet application on AWS that is used by staff across the world. The application runs on Amazon EC2 instances in an Auto Scaling group behind an Elastic Load Balancing (ELB) load balancer, and stores in an Amazon RDS MySQL Multi-AZ database instance. The CFO is concerned about the impact on the business if the application is not available. The application must not be down for more than two hours, but he solution must be as cost-effective as possible. How should t

A. In another region, configure a read replica and create a copy of the infrastructure

B. Configure a 1-day window of 60-minute snapshots of the Amazon RDS Multi-AZ database instance

C. Configure a 1-day window of 60-minute snapshots of the Amazon RDS Multi-AZ database instance which is copied to another region

D. Configure a read replica in another region

View answer

Correct Answer: D

Question #25

A solutions architect wants to make sure that only AWS users or roles with suitable permissions can access a new Amazon API Gateway endpoint The solutions architect wants an end-to-end view of each request to analyze the latency of the request and create service maps How can the solutions architect design the API Gateway access control and perform request inspections''

A. For the API Gateway method, set the authorization to AWSJAM Then, give the IAM user or role execute-api Invoke permission on the REST API resource Enable the API caller to sign requests with AWS Signature when accessing the endpoint Use AWS X-Ray to trace and analyze user requests to APIGateway

B. For the API Gateway resource set CORS to enabled and only return the company's domain inAccess-Control-Allow-Origin headers Then give the IAM user or role execute-api Invoke permission on the REST API resource Use Amazon CloudWatch to trace and analyze user requests to API Gateway

C. Create an AWS Lambda function as the custom authorizer ask the API client to pass the key and secret when making the call, and then use Lambda to validate the key/secret pair against the IAM system Use AWS X-Ray to trace and analyze user requests to API Gateway

D. Create a client certificate for API Gateway Distribute the certificate to the AWS users and roles that need to access the endpoint Enable the API caller to pass the client certificate when accessing the endpoin

E. Use Amazon CloudWatch to trace and analyze user requests to API Gateway

View answer

Correct Answer: A

Question #26

29. A large company is migrating its entire IT portfolio to AWS. Each business unit in the company has a standalone AWS account that supports both development and test environments. New accounts to support production workloads will be needed soon. The Finance department requires a centralized method for payment but must maintain visibility into each group’s spending to allocate costs. The Security team requires a centralized mechanism to control IAM usage in all the company’s accounts. What combination of t

A. Use a collection of parameterized AWS CloudFormation templates defining common IAM permissions that are launched into each account

B. Use AWS Organizations to create a new organization from a chosen payer account and define an organizational unit hierarchy

C. Require each business unit to use its own AWS accounts

D. Enable all features of AWS Organizations and establish appropriate service control policies that filter IAM permissions for sub-accounts

E. Consolidate all of the company’s AWS accounts into a single AWS account

View answer

Correct Answer: BD

Question #27

41. A company is building an AWS landing zone and has asked a Solutions Architect to design a multi-account access strategy that will allow hundreds of users to use corporate credentials to access the AWS Console. The company is running a Microsoft Active Directory and users will use an AWS Direct Connect connection to connect to AWS. The company also wants to be able to federate to third-party services and providers, including custom applications. Which solution meets the requirements by using the LEAST am

A. Connect the Active Directory to AWS by using single sign-on and an Active Directory Federation Services (AD FS) with SAML 2

B. Create a two-way Forest trust relationship between the on-premises Active Directory and the AWS Directory Service

C. Configure single sign-on by connecting the on-premises Active Directory using the AWS Directory Service AD Connector

D. Connect the company’s Active Directory to AWS by using AD FS and SAML 2

View answer

Correct Answer: A

Question #28

A new application is running on Amazon Elastic Container Service (Amazon ECS) with AWS Fargate The application uses an Amazon Aurora MySQL database The application and the database run m the same subnets of a VPC with distinct security groups that are configured. The password (or the database is stored m AWS Secrets Manager and is passed to the application through the D8_PASSWORD environment variable The hostname of the database is passed to the application through the DB_HOST environment variable The appli

A. Ensure that the container has the environment variable with name "DB_PASSWORD" specified with a "ValueFrom" and the ARN of the secret

B. Ensure that the container has the environment variable with name *D8_PASSWORD" specified with a"ValueFrom" and the secret name of the secret

C. Ensure that the Fargate service security group allows inbound network traffic from the Aurora MySQL database on the MySQL TCP port 3306

D. Ensure that the Aurora MySQL database security group allows inbound network traffic from the Fargate service on the MySQL TCP port 3306

E. Ensure that the container has the environment variable with name "D8_HOST" specified with the hostname of a DB instance endpoint

F. Ensure that the container has the environment variable with name "DB_HOST" specified with the hostname of the OB duster endpoint

View answer

Correct Answer: BCE

Question #29

12. A company is using AWS CloudFormation to deploy its infrastructure. The company is concerned that, if a production CloudFormation stack is deleted, important data stored in Amazon RDS databases or Amazon EBS volumes might also be deleted. How can the company prevent users from accidentally deleting data in this way?

A. Modify the CloudFormation templates to add a DeletionPolicy attribute to RDS and EBS resources

B. Configure a stack policy that disallows the deletion of RDS and EBS resources

C. Modify IAM policies to deny deleting RDS an EBS resources that are tagged with an “aws:cloudformation:stackname” tag

D. Use AWS Config rules to prevent deleting RDS and EBS resources

View answer

Correct Answer: A

Question #30

1. A Solutions Architect is migrating a 10 TB PostgreSQL database to Amazon RDS for PostgreSQL. The company’s internet link is 50 MB with a VPN in the Amazon VPC, and the Solutions Architect needs to migrate the data and synchronize the changes before the cutover. The cutover must take place within an 8-day period. What is the LEAST complex method of migrating the database securely and reliably?

A. Order an AWS Snowball device and copy the database using the AWS DMS

B. Create an AWS DMS job to continuously replicate the data from on premise to AWS

C. Order an AWS Snowball device and copy a database dump to the device

D. Order an AWS Snowball device and copy the database by using the AWS Schema Conversion Tool

View answer

Correct Answer: B

Question #31

a company needs to create a centralized logging architecture for all of its AWS accounts. The architecture should provide near-real-time data analysis for all AWS CloudTrail logs and VPC Flow logs across an AWS accounts. The company plans to use Amazon Elasticsearch Service (Amazon ES) to perform log analyses in me logging account. Which strategy should a solutions architect use to meet These requirements?

A. Configure CloudTrail and VPC Flow Logs m each AWS account to send data to a centralized Amazon S3 Ducket in the fogging accoun

B. Create an AWS Lambda function to load data from the S3 bucket to Amazon ES m the togging account

C. Configure CloudTrail and VPC Flow Logs to send data to a fog group m Amazon CloudWatch Logs n each AWS account Configure a CloudWatch subscription filter m each AWS account to send data to Amazon Kinesis Data Firehose In the fogging account Load data from Kinesis Data Firehose Into Amazon ES in the logging account

D. Configure CloudTrail and VPC Flow Logs to send data to a separate Amazon S3 bucket In each AWS accoun

E. Create an AWS Lambda function triggered by S3 evens to copy the data to a centralized logging bucke

F. Create another Lambda function lo load data from the S3 bucket to Amazon ES in the logging account

View answer

Correct Answer: A

Question #32

17. A company has a large on-premises Apache Hadoop cluster with a 20 PB HDFS database. The cluster is growing every quarter by roughly 200 instances and 1 PB. The company’s goals are to enable resiliency for its Hadoop data, limit the impact of losing cluster nodes, and significantly reduce costs. The current cluster runs 24/7 and supports a variety of analysis workloads, including interactive queries and batch processing. Which solution would meet these requirements with the LEAST expense and down time?

A. Use AWS Snowmobile to migrate the existing cluster data to Amazon S3

B. Use AWS Snowmobile to migrate the existing cluster data to Amazon S3

C. Use AWS Snowball to migrate the existing cluster data to Amazon S3

D. Use AWS Direct Connect to migrate the existing cluster data to Amazon S3

View answer

Correct Answer: C

Question #33

46. A company is migrating its marketing website and content management system from an on-premises data center to AWS. The company wants the AWS application to be developed in a VPC with Amazon EC2 instances used for the web servers and an Amazon RDS instance for the database. The company has a runbook document that describes the installation process of the on-premises system. The company would like to base the AWS system on the processes referenced in the runbook document. The runbook document describes th

A. Update the runbook to describe how to create the VPC, the EC2 instances, and the RDS instance for the application by using the AWS Console

B. Write a Python script that uses the AWS API to create the VPC, the EC2 instances, and the RDS instance for the application

C. Write an AWS CloudFormation template that creates the VPC, the EC2 instances, and the RDS instance for the application

D. Write an AWS CloudFormation template that creates the VPC, the EC2 instances, and the RDS instance for the application

View answer

Correct Answer: D

Question #34

5. A company runs an IoT platform on AWS. IoT sensors in various locations send data to the company’s Node.js API servers on Amazon EC2 instances running behind an Application Load Balancer. The data is stored in an Amazon RDS MySQL DB instance that uses a 4 TB General Purpose SSD volume. The number of sensors the company has deployed in the field has increased over time, and is expected to grow significantly. The API servers are consistently overloaded and RDS metrics show high write latency. Which of the

A. Resize the MySQL General Purpose SSD storage to 6 TB to improve the volume’s IOPS

B. Re-architect the database tier to use Amazon Aurora instead of an RDS MySQL DB instance and add read replicas

C. Leverage Amazon Kinesis Data Streams and AWS Lambda to ingest and process the raw data

D. Use AWS-X-Ray to analyze and debug application issues and add more API servers to match the load

E. Re-architect the database tier to use Amazon DynamoDB instead of an RDS MySQL DB instance

View answer

Correct Answer: CE

Question #35

36. A company is running a commercial Apache Hadoop cluster on Amazon EC2. This cluster is being used daily to query large files on Amazon S3. The data on Amazon S3 has been curated and does not require any additional transformations steps. The company is using a commercial business intelligence (BI) tool on Amazon EC2 to run queries against the Hadoop cluster and visualize the data. The company wants to reduce or eliminate the overhead costs associated with managing the Hadoop cluster and the BI tool. The

A. Launch a transient Amazon EMR cluster daily and develop an Apache Hive script to analyze the files on Amazon S3

B. Develop a stored procedure invoked from a MySQL database running on Amazon EC2 to analyze EC2 to analyze the files in Amazon S3

C. Develop a script that uses Amazon Athena to query and analyze the files on Amazon S3

D. Use a commercial extract, transform, load (ETL) tool that runs on Amazon EC2 to prepare the data for processing

View answer

Correct Answer: C

Question #36

A solutions architect is designing the data storage and retrieval architecture for a new application that a company will be launching soon. The application is designed to ingest millions of small records per minute from devices all around the world. Each record is less than 4 KB in size and needs to be stored in a durable location where it can be retrieved with low latency. The data is ephemeral and the company is required to store the data for 120 days only, after which the data can be deleted. The solutio

A. Design the application to store each incoming record as a single

B. Configure a lifecycle policy to delete data older than 120 days

C. Design the application to store each incoming record in an Amazon DynamoDB table properly configured for the scal

D. Configure the DynamoOB Time to Live (TTL) feature to delete records older than 120 days

E. Design the application to store each incoming record in a single table in an Amazon RDS MySQL databas

F. Run a nightly cron job that executes a query to delete any records older than 120 days

View answer

Correct Answer: A

Question #37

28. A company collects a steady stream of 10 million data records from 100,000 sources each day. These records are written to an Amazon RDS MySQL DB. A query must produce the daily average of a data source over the past 30 days. There are twice as many reads as writes. Queries to the collected data are for one source ID at a time. How can the Solutions Architect improve the reliability and cost effectiveness of this solution?

A. Use Amazon Aurora with MySQL in a Multi-AZ mode

B. Use Amazon DynamoDB with the source ID as the partition key and the timestamp as the sort key

C. Use Amazon DynamoDB with the source ID as the partition key

D. Ingest data into Amazon Kinesis using a retention period of 30 days

View answer

Correct Answer: B

Question #38

26. A company has detected to move some workloads onto AWS to create a grid environment to run market analytics. The grid will consist of many similar instances, spun-up by a job-scheduling function. Each time a large analytics workload is completed, a new VPC is deployed along with the job scheduler and grid nodes. Multiple grids could be running in parallel. Key requirements are: Grid instances must communicate with Amazon S3 to retrieve data to be processed. Grid instances must communicate with Amazon Dy

A. Enable VPC endpoints for Amazon S3 and DynamoDB

B. Disable Private DNS Name Support

C. Configure the application on the grid instances to use the private DNS name of the Amazon S3 endpoint

D. Populate the on-premises DNS server with the private IP addresses of the EC2 endpoint

E. Enable an interface VPC endpoint for EC2

F. Configure Amazon S3 endpoint policy to permit access only from the grid nodes

View answer

Correct Answer: ACE

Question #39

27. A company is moving a business-critical application onto AWS. It is a traditional three-tier web application using an Oracle database. Data must be encrypted in transit and at rest. The database hosts 12 TB of data. Network connectivity to the source Oracle database over the internal is allowed, and the company wants to reduce the operational costs by using AWS Managed Services where possible. All primary keys only; however, it contains many Binary Large Object (BLOB) fields. It was not possible to use

A. Provision an Amazon RDS for Oracle instance

B. Provision an Amazon EC2 instance and install the same Oracle database software

C. Use AWS DMS to load and replicate the dataset between the on-premises Oracle database and the replication instance hosted on AWS

D. Create a compressed full database backup on the on-premises Oracle database during an application maintenance window

View answer

Correct Answer: C

Question #40

20. Any Company has acquired numerous companies over the past few years. The CIO for Any Company would like to keep the resources for each acquired company separate. The CIO also would like to enforce a chargeback model where each company pays for the AWS services it uses. The Solutions Architect is tasked with designing an AWS architecture that allows Any Company to achieve the following: Implementing a detailed chargeback mechanism to ensure that each company pays for the resources it uses. Any Company ca

A. Create a multi-account strategy with an account per company

B. Create a multi-account strategy with a virtual private cloud (VPC) for each company

C. Create IAM users for each Developer in the account to which they require access

D. Create a federated identity store against the company’s Active Directory

E. Create a multi-account strategy with an account per company

View answer

Correct Answer: A

Question #41

43. A Solutions Architect is designing the storage layer for a data warehousing application. The data files are large, but they have statically placed metadata at the beginning of each file that describes the size and placement of the file’s index. The data files are read in by a fleet of Amazon EC2 instances that store the index size, index location, and other category information about the data file in a database. That database is used by Amazon EMR to group files together for deeper analysis. What would

A. Store the data files in Amazon S3 and use Range GET for each file’s metadata, then index the relevant data

B. Store the data files in Amazon EFS mounted by the EC2 fleet and EMR nodes

C. Store the data files on Amazon EBS volumes and allow the EC2 fleet and EMR to mount and unmount the volumes where they are needed

D. Store the content of the data files in Amazon DynamoDB tables with the metadata, index, and data as their own keys

View answer

Correct Answer: A

Question #42

32. A large global financial services company has multiple business units. The company wants to allow Developers to try new services, but there are multiple compliance requirements for different workloads. The Security team is concerned about the access strategy for on-premises and AWS implementations. They would like to enforce governance for AWS services used by business team for regulatory workloads, including Payment Card Industry (PCI) requirements. Which solution will address the Security team’s conce

A. Implement a strong identity and access management model that includes users, groups, and roles in various AWS accounts

B. Build a multi-account strategy based on business units, environments, and specific regulatory requirements

C. Implement a multi-account strategy based on business units, environments, and specific regulatory requirements

D. Build one AWS account for the company for the strong security controls

View answer

Correct Answer: C

Question #43

18. A company is launching a web-based application in multiple regions around the world. The application consists of both static content stored in a private Amazon S3 bucket and dynamic content hosted in Amazon ECS containers content behind an Application Load Balancer (ALB). The company requires that the static and dynamic application content be accessible through Amazon CloudFront only. Which combination of steps should a solutions architect recommend to restrict direct content access to CloudFront? (Choo

A. Create a web ACL in AWS WAF with a rule to validate the presence of a custom header and associate the web ACL with the ALB

B. Create a web ACL in AWS WAF with a rule to validate the presence of a custom header and associate the web ACL with the CloudFront distribution

C. Configure CloudFront to add a custom header to origin requests

D. Configure the ALB to add a custom header to HTTP requests

E. Update the S3 bucket ACL to allow access from the CloudFront distribution only

F. Create a CloudFront Origin Access Identity (OAI) and add it to the CloudFront distribution

View answer

Correct Answer: ADF

Question #44

10. A company wants to migrate its on-premises data center to the AWS Cloud. This includes thousands of virtualized Linux and Microsoft Windows servers, SAN storage, Java and PHP applications with MYSQL, and Oracle databases. There are many department services hosted either in the same data center or externally. The technical documentation is incomplete and outdated. A solutions architect needs to understand the current environment and estimate the cloud resource costs after the migration. Which tools or se

A. AWS Application Discovery Service

B. AWS SMS

C. AWS x-Ray

D. AWS Cloud Adoption Readness Tool (CART)

E. Amazon Inspector

F. AWS Migration Hub

View answer

Correct Answer: BCF

Question #45

19. A company deployed a three-tier web application in two regions: us-east-1 and eu-west-1. The application must be active in both regions at the same time. The database tier of the application uses a single Amazon RDS Aurora database globally, with a master in us-east-1 and a read replica in eu-west-1. Both regions are connected by a VPN. The company wants to ensure that the application remains available even in the event of a region level failure of all of the application’s components. It is acceptable f

A. Use failover routing and configure the us-east-1 record set as primary and the eu-west-1 record set as secondary

B. Use weighted routing and configure each record set with a weight of 50

C. Use latency-based routing for both record sets

D. Configure an Amazon CloudWatch alarm for the health checks in us-east-1, and have it invoke an AWS Lambda function that promotes the read replica in eu-west-1

E. Configure an Amazon RDS event notifications to react to the failure of the database in us-east-1 by invoking an AWS Lambda function that promotes the read replica in eu-west-1

View answer

Correct Answer: CD

Question #46

To abide by industry regulations, a solutions architect must design a solution that will store a company's critical data in multiple public AWS Regions, including in the United States, where the company's headquarters is located. The solutions architect is required to provide access to the data stored in AWS to the company's global WAN network. The security team mandates that no traffic accessing this data should traverse the public internet. How should the solutions architect design a highly available solu

A. Establish AWS Direct Connect connections from the company headquarters to all AWS Regions in use

B. Establish two AWS Direct Connect connections from the company headquarters to an AWS Region

C. Use inter-region VPC peering to access the data in other AWS Regions

D. Establish two AWS Direct Connect connections from the company headquarters to an AWS Region

E. Use an AWS transit VPC solution to access data in other AWS Regions

F. Establish two AWS Direct Connect connections from the company headquarters to an AWS Region

View answer

Correct Answer: D

Question #47

6. A company that is new to AWS reports it has exhausted its service limits across several accounts that are on the Basic Support plan. The company would like to prevent this from happening in the future. What is the MOST efficient way of monitoring and managing all service limits in the company’s accounts?

A. Use Amazon CloudWatch and AWS Lambda to periodically calculate the limits across all linked accounts using AWS Trusted Advisor, provide notifications using Amazon SNS if the limits are close to exceeding the threshold

B. Reach out to AWS Support to proactively increase the limits across all accounts

C. Use Amazon CloudWatch and AWS Lambda to periodically calculate the limits across all linked accounts using AWS Trusted Advisor, programmatically increase the limits that are close to exceeding the threshold

D. Use Amazon CloudWatch and AWS Lambda to periodically calculate the limits across all linked accounts using AWS Trusted Advisor, and use Amazon SNS for notifications if a limit is close to exceeding the threshold

View answer

Correct Answer: D

Question #48

37. The Security team needs to provide a team of interns with an AWS environment so they can build the serverless video transcoding application. The project will use Amazon S3, AWS Lambda, Amazon API Gateway, Amazon Cognito, Amazon DynamoDB, and Amazon Elastic Transcoder. The interns should be able to create and configure the necessary resources, but they may not have access to create or modify AWS IAM roles. The Solutions Architect creates a policy and attaches it to the interns’ group. How should the Secu

A. Create a policy that allows creation of project-related resources only

B. Create a policy that allows creation of all project-related resources, including roles that allow access only to specified resources

C. Create roles with the required service permissions, which are assumable by the services

D. Create a policy that allows creation of project-related resources only

View answer

Correct Answer: A

Question #49

A company has a web application that securely uploads pictures and videos to an Amazon S3 bucket The company requires that only authenticated users are allowed to post content T.he application generates a presigned URL that is used to upload objects through a browser interface. Most users are reporting slow upload times for objects larger than 100 MB What can a solutions architect do to improve the performance of these uploads while ensuring only authenticated users are allowed to post content?

A. Set up an Amazon API Gateway with an edge-optimized API endpoint that has a resource as an S3 service proxy Configure the PUT method for this resource to expose the S3 Putobject operation Secure the API Gateway using a cognito_user_pools authonzer Have the browser interface use API Gateway instead of the presigned URL to upload objects

B. Set up an Amazon API Gateway with a regional API endpoint that has a resource as an S3 service proxyConfigure the PUT method for this resource to expose the S3 Putobject operation Secure the API Gateway using an AWS Lambda authonzer Have the browser interface use API Gateway instead of the presigned URL to upload objects

C. Enable an S3 Transfer Acceleration endpoint on the S3 bucket Use the endpoint when generating the presigned URL Have the browser interface upload the objects to this URL using the S3 multipart upload API

D. Configure an Amazon CloudFront distribution for the destination S3 bucket Enable PUT and POST methods for the CloudFront cache behavior Update the CloudFront origin to use an origin access identity (OAI) Give the OAl user s 3: Putobject permissions in the bucket policy Have the browser interface upload objects using the CloudFront distribution

View answer

Correct Answer: ADF

Question #50

48. A large company has many business units. Each business unit has multiple AWS accounts for different purposes. The CIO of the company sees that each business unit has data that would be useful to share with other parts of the company in total, there are about 10 PB of data that needs to be shared with users in 1,000 AWS accounts. The data is proprietary, so some of it should only be available to users with specific job types. Some of the data is used for throughput of intensive workloads, such as simulat

A. Store the data in a single Amazon S3 bucket

B. Store the data in a single Amazon S3 bucket

C. Store the data in a series of Amazon S3 buckets

D. Store the data in a series of Amazon S3 buckets

View answer

Correct Answer: B

Question #51

A company is using multiple AWS accounts. The company has a shared services account and several other accounts (or different projects. A team has a VPC in a project account. The team wants to connect this VPC to a corporate network through an AWS Direct Connect gateway that exists in the shared services account. The team wants to automatically perform a virtual private gateway association with the Direct Connect gateway by using an already- tested AWS Lambda function while deploying its VPC networking stack

A. Deploy the Lambda function to the project accoun

B. Update the Lambda function's 1AM role with the directconnect:* permission

C. Create a cross-account 1AM role in the shared services account that grants the Lambda function the directconnect:" permissio

D. Add the sts:AssumeRo!epermission to the 1AM role that is associated with the Lambda function in the shared services account

E. Add a custom resource to the Cloud Formation networking stack that references the Lambda function in the project account

F. Deploy the Lambda function that is performing the association to the shared services accoun G

View answer

Correct Answer: B

Question #52

A company is running a three-tier web application in an on-premises data center. The frontend is served by an Apache web server, the middle tier is a monolithic Java application, and the storage tier is a PostgreSOL database. During a recent marketing promotion, customers could not place orders through the application because the application crashed An analysis showed that all three tiers were overloaded. The application became unresponsive, and the database reached its capacity limit because of read operat

A. Refactor the frontend so that static assets can be hosted on Amazon S3

B. Connect the frontend to the Java application

C. Rehost the Apache web server of the frontend on Amazon EC2 instances that are in an Auto Scaling grou

D. Use a load balancer in front of the Auto Scaling grou

E. Use Amazon Elastic File System (Amazon EFS) to host the static assets that the Apache web server needs

F. Rehost the Java application in an AWS Elastic Beanstalk environment that includes auto scaling

View answer

Correct Answer: ACF

Question #53

A company is developing a gene reporting device that will collect genomic information to assist researchers with collecting large samples of data from a diverse population. The device will push 8 KB of genomic data every second to a data platform that will need to process and analyze the data and provide information back to researchers The data platform must meet the following requirements: ? Provide near-real-time analytics of the inbound genomic data ? Ensure the data is flexible, parallel, and durable ?

A. Use Amazon Kinesis Data Firehose to collect the inbound sensor data analyze the data with Kinesis client

B. and save the results to an Amazon RDS instance

C. Use Amazon Kinesis Data Streams to collect the inbound sensor data analyze the data with Kinesis clients and save the results to an Amazon Redshift duster using Amazon EMR

D. Use Amazon S3 to collect the inbound device data analyze the data from Amazon SOS with Kinesis and save the results to an Amazon Redshift duster

E. Use an Amazon API Gateway to put requests into an Amazon SQS queue analyze the data with an AWS Lambda function and save the results ? an Amazon Redshift duster using Amazon EMR

View answer

Correct Answer: AE

Question #54

A company is deploying a new cluster for big data analytics on AWS. The cluster will run across many Linux Amazon EC2 instances that are spread across multiple Availability Zones. All of the nodes in the cluster must have read and write access to common underlying file storage. The file storage must be highly available, must be resilient, must be compatible with the Portable Operating System Interface (POSIX), and must accommodate high levels of throughput. Which storage solution will meet these requirement

A. Provision an AWS Storage Gateway file gateway NFS file share that is attached to an Amazon S3 bucke

B. Mount the NFS file share on each EC2 instance In the cluster

C. Provision a new Amazon Elastic File System (Amazon EFS) file system that uses General Purpose performance mod

D. Mount the EFS file system on each EC2 instance in the cluster

E. Provision a new Amazon Elastic Block Store (Amazon EBS) volume that uses the lo2 volume type

F. Provision a new Amazon Elastic File System (Amazon EFS) file system that uses Max I/O performance mod G

View answer

Correct Answer: C

Question #55

15. An AWS partner company is building a service in AWS Organizations using its organization named org1. This service requires the partner company to have access to AWS resources in a customer account, which is in a separate organization named org2. The company must establish least privilege security access using an API or command line tool to the customer account. What is the MOST secure way to allow org1 to access resources in org2?

A. The customer should provide the partner company with their AWS account access keys to log in and perform the required tasks

B. The customer should create an IAM user and assign the required permissions to the IAM user

C. The customer should create an IAM role and assign the required permissions to the IAM role

D. The customer should create an IAM role and assign the required permissions to the IAM role

View answer

Correct Answer: B

Question #56

A company is in the process of implementing AWS Organizations to constrain its developers to use only Amazon EC2. Amazon S3 and Amazon DynamoDB. The developers account resides In a dedicated organizational unit (OU). The solutions architect has implemented the following SCP on the developers account: When this policy is deployed, IAM users in the developers account are still able to use AWS services that are not listed in the policy. What should the solutions architect do to eliminate the developers' abilit

A. Create an explicit deny statement for each AWS service that should be constrained

B. Remove the Full AWS Access SCP from the developer account's OU

C. Modify the Full AWS Access SCP to explicitly deny all services

D. Add an explicit deny statement using a wildcard to the end of the SCP

View answer

Correct Answer: A

Question #57

13. A solutions architect needs to advise a company on how to migrate its on-premises data processing application to the AWS Cloud. Currently, users upload input files through a web portal. The web server then stores the uploaded files on NAS and messages the processing server over a message queue. Each media file can take up to 1 hour to process. The company has determined that the number of media files awaiting processing is significantly higher during business hours, with the number of files rapidly decl

A. Create a queue using Amazon SQS

B. Create a queue using Amazon MQ

C. Create a queue using Amazon MQ

D. Create a queue using Amazon SQS

View answer

Correct Answer: D

Question #58

A company wants to change its internal cloud billing strategy for each of its business units. Currently, the cloud governance team shares reports for overall cloud spending with the head of each business unit. The company uses AWS Organizations lo manage the separate AWS accounts for each business unit. The existing tagging standard in Organizations includes the application, environment, and owner. The cloud governance team wants a centralized solution so each business unit receives monthly reports on its c

A. Configure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owne

B. Add each business unit to an Amazon SNS topic for each aler

C. Use Cost Explorer in each account to create monthly reports for each business unit

D. Configure AWS Budgets in the organization's master account and configure budget alerts that are grouped by application, environment, and owne

E. Add each business unit to an Amazon SNS topic for each aler

F. Use Cost Explorer in the organization's master account to create monthly reports for each business unit

View answer

Correct Answer: B

Question #59

19. An ecommerce website running on AWS uses an Amazon RDS for MySQL DB instance with General Purpose SSD storage. The developers chose an appropriate instance type based on demand, and configured 100 GB of storage with a sufficient amount of free space. The website was running smoothly for a few weeks until a marketing campaign launched. On the second day of the campaign, users reported long wait times and time outs. Amazon CloudWatch metrics indicated that both reads and writes to the DB instance were exp

A. It exhausted the I/O credit balance due to provisioning low disk storage during the setup phase

B. It caused the data in the tables to change frequently, requiring indexes to be rebuilt to optimize queries

C. It exhausted the maximum number of allowed connections to the database instance

D. It exhausted the network bandwidth available to the RDS for MySQL DB instances

View answer

Correct Answer: C

Question #60

14. A utility company wants to collect usage data every 5 minutes from its smart meters to facilitate time-of-use metering. When a meter sends data to AWS, the data is sent to Amazon API Gateway, processed by an AWS Lambda function and stored in an Amazon DynamoDB table. During the pilot phase, the Lambda functions took from 3 to 5 seconds to complete. As more smart meters are deployed, the Engineers notice the Lambda functions are taking from 1 to 2 minutes to complete. The functions are also increasing in

A. Increase the write capacity units to the DynamoDB table

B. Increase the memory available to the Lambda functions

C. Increase the payload size from the smart meters to send more data

D. Stream the data into an Amazon Kinesis data stream from API Gateway and process the data in batches

E. Collect data in an Amazon SQS FIFO queue, which triggers a Lambda function to process each message

View answer

Correct Answer: AB

Question #61

9. A company is migrating its on-premises systems to AWS. The user environment consists of the following systems: – Windows and Linux virtual machines running on VMware. – Physical servers running Red Hat Enterprise Linux. – The company wants to be able to perform the following steps before migrating to AWS: – Identify dependencies between on-premises systems. – Group systems together into applications to build migration plans. – Review performance data using Amazon Athena to ensure that Amazon EC2 instances are right-sized. How can these requirements be met?

A. Populate the AWS Application Discovery Service import template with information from an on premises configuration management database (CMDB)

B. Install the AWS Application Discovery Service Discovery Agent on each of the on-premises systems

C. Install the AWS Application Discovery Service Discovery Connector on each of the on-premises systems and in VMware vCenter

D. Install the AWS Application Discovery Service Discovery Agent on the physical on-pre-map servers

View answer

Correct Answer: C

Question #62

21. A Solutions Architect is designing a multi-account structure that has 10 existing accounts. The design must meet the following requirements: Consolidate all accounts into one organization. Allow full access to the Amazon EC2 service from the master account and the secondary accounts. Minimize the effort required to add additional secondary accounts. Which combination of steps should be included in the solution? (Choose two.)

A. Create an organization from the master account

B. Create an organization from the master account

C. Create a VPC peering connection between the master account and the secondary accounts

D. Create a service control policy (SCP) that enables full EC2 access, and attach the policy to the OU

E. Create a full EC2 access policy and map the policy to a role in each account

View answer

Correct Answer: AD

Question #63

16. A company’s security compliance requirements state that all Amazon EC2 images must be scanned for vulnerabilities and must pass a CVE assessment. A solutions architect is developing a mechanism to create security- approved AMIs that can be used by developers. Any new AMIs should go through an automated assessment process and be marked as approved before developers can use them. The approved images must be scanned every 30 days to ensure compliance. Which combination of steps should the solutions archite

A. Use the AWS Systems Manager EC2 agent to run the CVE assessment on the EC2 instances launched from the AMIs that need to be scanned

B. Use AWS Lambda to write automatic approval rules

C. Use Amazon Inspector to run the CVE assessment on the EC2 instances launched from the AMIs that need to be scanned

D. Use AWS Lambda to write automatic approval rules

E. Use AWS CloudTrail to run the CVE assessment on the EC2 instances launched from the AMIs that need to be scanned

View answer

Correct Answer: BC

Question #64

11. A company decided to purchase Amazon EC2 Reserved Instances. A solutions architect is tasked with implementing a solution where only the master account in AWS Organizations is able to purchase the Reserved Instances. Current and future member accounts should be blocked from purchasing Reserved Instances. Which solution will meet these requirements?

A. Create an SCP with the Deny effect on the ec2:PurchaseReservedInstancesOffering action

B. Create a new organizational unit (OU) Move all current member accounts to the new OU

C. Create an AWS Config rule event that triggers automation that will terminate any Reserved Instances launched by member accounts

D. Create two new organizational units (OUs): OU1 and OU2

View answer

Correct Answer: C

Question #65

45. A company is adding a new approved external vendor that only supports IPv6 connectivity. The company’s backend systems sit in the private subnet of an Amazon VPC. The company uses a NAT gateway to allow these systems to communicate with external vendors over IPv4. Company policy requires systems that communicate with external vendors use a security group that limits access to only approved external vendors. The virtual private cloud (VPC) uses the default network ACL. The Systems Operator successfully a

A. Create an IPv6 NAT instance

B. Enable IPv6 on the NAT gateway

C. Enable IPv6 on the internet gateway

D. Create an egress-only internet gateway

View answer

Correct Answer: D

Question #66

10. A company is using AWS to run an internet-facing production application written in Node.js. The Development team is responsible for pushing new versions of their software directly to production. The application software is updated multiple times a day. The team needs guidance from a Solutions Architect to help them deploy the software to the production fleet quickly and with the least amount of disruption to the service. Which option meets these requirements?

A. Prepackage the software into an AMI and then use Auto Scaling to deploy the production fleet

B. Use AWS CodeDeploy to push the prepackaged AMI to production

C. Use AWS Elastic Beanstalk to host the production application

D. Deploy the base AMI through Auto Scaling and bootstrap the software using user data

View answer

Correct Answer: C

Question #67

22. A Solutions Architect has created an AWS CloudFormation template for a three-tier application that contains an Auto Scaling group of Amazon EC2 instances running a custom AMI. The Solutions Architect wants to ensure that future updates to the custom AMI can be deployed to a running stack by first updating the template to refer to the new AMI, and then invoking UpdateStack to replace the EC2 instances with instances launched from the new AMI. How can updates to the AMI be deployed to meet these requireme

A. Create a change set for a new version of the template, view the changes to the running EC2 instances to ensure that the AMI is correctly updated, and then execute the change set

B. Edit the AWS::AutoScaling: :LaunchConfiguration resource in the template, changing its DeletionPolicy to Replace

C. Edit the AWS::AutoScaling: :LaunchConfiguration resource in the template, inserting an UpdatePolicy attribute

D. Create a new stack from the updated template

View answer

Correct Answer: A

Question #68

40. A Solutions Architect is designing a network solution for a company that has applications running in a data center in Northern Virginia. The applications in the company’s data center require predictable performance to applications running in a virtual private cloud (VPC) located in us-east1, and a secondary VPC in us-west-2 within the same account. The company data center is collocated in an AWS Direct Connect facility that serves the us-east-1 region. The company has already ordered an AWS Direct Conne

A. Provision a Direct Connect gateway and attach the virtual private (VGW) for the VPC in us-east-1 and the VGW for the VPC in us-west-2

B. Create private VIFs on the Direct Connect connection for each of the company’s VPCs in the usest-1 and us-west-2 regions

C. Deploy a transit VPC solution using Amazon EC2-based router instances in the us-east-1 region

D. Order a second Direct Connect connection to a Direct Connect facility with connectivity to the uswest-2 region

View answer

Correct Answer: A

Question #69

49. A company has a High Performance Computing (HPC) cluster in its on-premises data center which runs thousands of jobs in parallel for one week every month, processing petabytes of images. The images are stored on a network file server, which is replicated to a disaster recovery site. The on-premises data center has reached capacity and has started to spread the jobs out over the course of month in order to better utilize the cluster, causing a delay in the job completion. The company has asked its Soluti

A. Create a container in the Amazon Elastic Container Registry with the executable file for the job

B. Create an Amazon EMR cluster with a combination of On Demand and Reserved Instance Task Nodes that will use Spark to pull data from Amazon S3

C. Store the raw data in Amazon S3, and use AWS Batch with Managed Compute Environments to create Spot Fleets

D. Submit the list of jobs to be processed to an Amazon SQS to queue the jobs that need to be processed

View answer

Correct Answer: C

Question #70

4. A Solutions Architect is designing a system that will collect and store data from 2,000 internet connected sensors. Each sensor produces 1 KB of data every second. The data must be available for analysis within a few seconds of it being sent to the system and stored for analysis indefinitely. Which is the MOST cost-effective solution for collecting and storing the data?

A. Put each record in Amazon Kinesis Data Streams

B. Put each record in Amazon Kinesis Data Streams

C. Put each record into an Amazon DynamoDB table

D. Put each record into an object in Amazon S3 with a prefix what organizes the records by hour and hashes the record’s key

View answer

Correct Answer: B

Question #71

A company has developed a single-page web application in JavaScript. The source code is stored in a single Amazon S3 bucket in the us-east-1 Region. The company serves the web application to a global user base through Amazon CloudFront. The company wants to experiment with two versions of the website without informing application users. Each version of the website will reside in its own S3 bucket. The company wants to determine which version is most successful in marketing a new product. The solution must s

A. Configure two CloudFront distribution

B. Configure a geolocation routing policy in Amazon Route 53 to route traffic to the appropriate CloudFront endpoint based on the location of clients

C. Configure a single CloudFront distributio

D. Create a behavior with different paths for each version of the sit

E. Configure Lambda@Edge on the default path to generate redirects and send the client to the correct version of the website

F. Configure a single CloudFront distributio G

View answer

Correct Answer: AE

Question #72

2. A bank is re-architecting its mainframe-based credit card approval processing application to a cloud-native application on the AWS cloud. The new application will receive up to 1,000 requests per second at peak load. There are multiple steps to each transaction, and each step must receive the result of the previous step. The entire request must return an authorization response within less than 2 seconds with zero data loss. Every request must receive a response. The solution must be Payment Card Industry

A. Create an Amazon API Gateway to process inbound requests using a single AWS Lambda task that performs multiple steps and returns a JSON object with the approval status

B. Create an Application Load Balancer with an Amazon ECS cluster on Amazon EC2 Dedicated instances in a target group to process incoming requests

C. Deploy the application on Amazon EC2 on Dedicated Instances

D. Create an Amazon API Gateway to process inbound requests using a series of AWS Lambda processes, each with an Amazon SQS input queue

View answer

Correct Answer: A

Question #73

20. A solutions architect has been assigned to migrate a 50 TB Oracle data warehouse that contains sales data from on-premises to Amazon Redshift. Major updates to the sales data occur on the final calendar day of the month. For the remainder of the month, the data warehouse only receives minor daily updates and is primarily used for reading and reporting. Because of this, the migration process must start on the first day of the month and must be complete before the next set of updates occur. This provides

A. Install Oracle database software on an Amazon EC2 instance

B. Create an AWS Snowball import job

C. Install Oracle database software on an Amazon EC2 instance

D. Create an AWS Snowball import job

View answer

Correct Answer: A

Question #74

A solutions architect has been assigned to migrate a 50 TB Oracle data warehouse that contains sales data from on-premises to Amazon Redshift Major updates to the sales data occur on the final calendar day of the month For the remainder of the month, the data warehouse only receives minor daily updates and is primarily used for reading and reporting Because of this the migration process must start on the first day of the month and must be complete before the next set of updates occur. This provides approxim

A. Install Oracle database software on an Amazon EC2 instance Configure VPN connectivity between AWS and the company's data center Configure the Oracle database running on Amazon EC2 to join the Oracle Real Application Clusters (RAC) When the Oracle database on Amazon EC2 finishes synchronizing, create an AWS DMS ongoing replication task to migrate the data from the Oracle database on Amazon EC2 to Amazon Redshift Verify the data migration is complete and perform the cut over to Amazon Redshift

B. Create an AWS Snowball import job Export a backup of the Oracle data warehouse Copy the exported data to the Snowball device Return the Snowball device to AWS Create an Amazon RDS for Oracle database and restore the backup file to that RDS instance Create an AWS DMS task to migrate the data from the RDS for Oracle database to Amazon Redshift Copy daily incremental backups from Oracle in the data center to the RDS for Oracle database over the internet Verify the data migration is complete and perform the cut over to Amazon Redshift

C. Install Oracle database software on an Amazon EC2 instance To minimize the migration time configure VPN connectivity between AWS and the company's data center by provisioning a 1 Gbps AWS Direct Connect connection Configure the Oracle database running on Amazon EC2 to be a read replica of the data center Oracle database Start the synchronization process between the company's on-premises data center and the Oracle database on Amazon EC2 When the Oracle database on Amazon EC2 is synchronized with the on-premises database create an AWS DMS ongoing replication task from the Oracle database read replica that is running on Amazon EC2 to Amazon Redshift Verify the data migration is complete and perform the cut over to Amazon Redshift

D. Create an AWS Snowball import jo

E. Configure a server in the company€?s data center with an extraction agen

F. Use AWS SCT to manage the extraction agent and convert the Oracle schema to an Amazon Redshift schem G

View answer

Correct Answer: B

Question #75

8. A company wants to improve cost awareness for its Amazon EMR platform. The company has allocated budgets for each team’s Amazon EMR usage. When a budgetary threshold is reached, a notification should be sent by email to the budget office’s distribution list. Teams should be able to view their EMR cluster expenses to date. A solutions architect needs to create a solution that ensures the policy is proactively and centrally enforced in a multi-account environment. Which combination of steps should the solu

A. Update the AWS CloudFormation template to include the AWS::Budgets::Budget::resource with the NotificationsWithSubscribers property

B. Implement Amazon CloudWatch dashboards for Amazon EMR usage

C. Create an EMR bootstrap action that runs at startup that calls the Cost Explorer API to set the budget on the cluster with the GetCostForecast and NotificationsWithSubscribers actions

D. Create an AWS Service Catalog portfolio for each team

E. Create an Amazon CloudWatch metric for billing

View answer

Correct Answer: DE

Question #76

23. A group of Amazon EC2 instances have been configured as a high performance computing (HPC) cluster. The instances are running in a placement group, and are able to communicate with each other at network of up to 20 Gbps. The cluster needs to communicate with a control EC2 instance outside of the placement group. The control instance has the same instance type and AMI as the other instances, and is configured with a public IP address. How can the Solutions Architect improve the network speeds between the

A. Terminate the control instance and relaunch in the placement group

B. Ensure that the instances are communicating using the private IP addresses

C. Ensure that the control instance is using an Elastic Network Adapter

D. Move the control instance inside the placement group

View answer

Correct Answer: A

Question #77

A company needs to run a software package that has a license that must be run on the same physical host for the duration of Its use. The software package is only going to be used for 90 days The company requires patching and restarting of all instances every 30 days How can these requirements be met using AWS?

A. Run a dedicated instance with auto-placement disabled

B. Run the instance on a dedicated host with Host Affinity set to Host

C. Run an On-Demand Instance with a Reserved Instance to ensure consistent placement

D. Run the instance on a licensed host with termination set for 90 days

View answer

Correct Answer: A

Question #78

A company is launching a new web application on Amazon EC2 instances. Development and production workloads exist in separate AWS accounts. According to the company's security requirements, only automated configuration tools are allowed to access the production account. The company's security team wants to receive immediate notification if any manual access to the production AWS account or EC2 instances occurs Which combination of actions should a solutions architect take in the production account to meet th

A. Turn on AWS CloudTrail logs in the application's primary AWS Region Use Amazon Athena to queiy the logs for AwsConsoleSignln events

B. Configure Amazon Simple Email Service (Amazon SES) to send email to the security team when an alarm is activated

C. Deploy EC2 instances in an Auto Scaling group Configure the launch template to deploy instances without key pairs Configure Amazon CloudWatch Logs to capture system access logs Create an Amazon CloudWatch alarm that is based on the logs to detect when a user logs in to an EC2 instance

D. Configure an Amazon Simple Notification Service (Amazon SNS) topic to send a message to the security team when an alarm is activated

E. Turn on AWS CloudTrail logs for all AWS Region

F. Configure Amazon CloudWatch alarms to provide an alert when an AwsConsoleSignin event is detected

View answer

Correct Answer: CE

Question #79

15. A company has a requirement that only allows specially hardened AMIs to be launched into public subnets in a VPC, and for the AMIs to be associated with a specific security group. Allowing noncompliant instances to launch into the public subnet could present a significant security risk if they are allowed to operate. A mapping of approved AMIs to subnets to security groups exists in an Amazon DynamoDB table in the same AWS account. The company created an AWS Lambda function that, when invoked, will term

A. Create an Amazon CloudWatch Events rule that matches each time an EC2 instance is launched using one of the allowed AMIs, and associate it with the Lambda function as the target

B. For the Amazon S3 bucket receiving the Aws CloudTrail logs, create an S3 event notification configuration with a filter to match when logs contain the ec2:RunInstances action, and associate it with the Lambda function as the target

C. Enable AWS CloudTrail and configure it to stream to an Amazon CloudWatch Logs group

D. Create an Amazon CloudWatch Events rule that matches each time an EC2 instance is launched, and associate it with the Lambda function as the target

View answer

Correct Answer: D

Question #80

9. A company used Amazon EC2 instances to deploy a web fleet to host a blog site. The EC2 instances are behind an Application Load Balancer (ALB) and are configured in an Auto Scaling group. The web application stores all blog content on an Amazon EFS volume. The company recently added a feature for bloggers to add video to their posts, attracting 10 times the previous user traffic. At peak times of day, users report buffering and timeout issues while attempting to reach the site or watch videos. Which is t

A. Reconfigure Amazon EFS to enable maximum I/O

B. Update the blog site to use instance store volumes for storage

C. Configure an Amazon CloudFront distribution

D. Set up an Amazon CloudFront distribution for all suite contents, and point the distribution at the ALB

View answer

Correct Answer: C

Question #81

30. A company wants to replace its call system with a solution built using AWS managed services. The company call center would like the solution to receive calls, create contact flows, and scale to handle growth projections. The call center would also like the solution to use deep learning capabilities to recognize the intent of the callers and handle basic tasks, reducing the need to speak an agent. The solution should also be able to query business applications and provide relevant information back to cal

A. Amazon Rekognition to identity who is calling

B. Amazon Connect to create a cloud-based contact center

C. Amazon Alexa for Business to build conversational interface

D. AWS Lambda to integrate with internal systems

E. Amazon Lex to recognize the intent of the caller

F. Amazon SQS to add incoming callers to a queue

View answer

Correct Answer: BDE

Question #82

38. A company operating a website on AWS requires high levels of scalability, availability and performance. The company is running a Ruby on Rails application on Amazon EC2. It has a data tier on MySQL 5.6 on Amazon EC2 using 16 TB of Amazon EBS storage Amazon CloudFront is used to cache application content. The Operations team is reporting continuous and unexpected growth of EBS volumes assigned to the MySQL database. The Solutions Architect has been asked to design a highly scalable, highly available, and

A. Implement Multi-AZ and Auto Scaling for all EC2 instances in the current configuration

B. Design and implement the Docker-based containerized solution for the application using Amazon ECS

C. Ensure that EC2 instances are right-sized and behind an Elastic Load Balancing load balancer

D. Ensure that EC2 instances are right-sized and behind an Elastic Load Balancer

View answer

Correct Answer: C

Question #83

24. A company must deploy multiple independent instances of an application. The front-end application is internet accessible. However, corporate policy stipulates that the backends are to be isolated from each other and the internet, yet accessible from a centralized administration server. The application setup should be automated to minimize the opportunity for mistakes as new instances are deployed. Which option meets the requirements and MINIMIZES costs?

A. Use an AWS CloudFormation template to create identical IAM roles for each region

B. Create each instance of the application IAM roles and resources in separate accounts by using AWS CloudFormation StackSets

C. Duplicate the application IAM roles and resources in separate accounts by using a single CloudFormation template

D. Use the parameters of the AWS CloudFormation template to customize the deployment into separate accounts

View answer

Correct Answer: A

Question #84

A company has a website that enables users to upload videos. Company policy states the uploaded videos must be analyzed for restricted content. An uploaded video is placed in Amazon S3, and a message is pushed to an Amazon SOS queue with the video's location. A backend application pulls this location from Amazon SOS and analyzes the video. The video analysis is compute-intensive and occurs sporadically during the day The website scales with demand. The video analysis application runs on a fixed number of in

A. Keep the website on T2 instance

B. Determine the minimum number of website instances required during off-peak times and use Spot Instances to cover them while using Reserved Instances to cover peak deman

C. Use Amazon EC2 R4 and Amazon EC2 R5 Reserved Instances in an Auto Scaling group for the video analysis application

D. Keep the website on T2 instance

E. Determine the minimum number of website instances required during off-peak times and use Reserved Instances to cover them while using On-Demand Instances to cover peak deman

F. Use Spot Fleet for the video analysis application comprised of Amazon EC2 C4 and Amazon EC2 C5 Spot Instances

View answer

Correct Answer: B

Question #85

44. A finance company is running its business-critical application on current-generation Linux EC2 instances. The application includes a self-managed MySQL database performing heavy I/O operations. The application is working fine to handle a moderate amount of traffic during the month. However, it slows down during the final three days of each month due to month-end reporting, even though the company is using Elastic Load Balancers and Auto Scaling within its infrastructure to meet the increased demand. Whi

A. Pre-warming Elastic Load Balancers, using a bigger instance type, changing all Amazon EBS volumes to GP2 volumes

B. Performing a one-time migration of the database cluster to Amazon RDS, and creating several additional read replicas to handle the load during end of month

C. Using Amazon CloudWatch with AWS Lambda to change the type, size, or IOPS of Amazon EBS volumes in the cluster based on a specific CloudWatch metric

D. Replacing all existing Amazon EBS volumes with new PIOPS volumes that have the maximum available storage size and I/O per second by taking snapshots before the end of the month and reverting back afterwards

View answer

Correct Answer: B

Question #86

42. A company uses an Amazon EMR cluster to process data once a day. The raw data comes from Amazon S3, and the resulting processed data is also stored in Amazon S3. The processing must complete within 4 hours; currently, it only takes 3 hours. However, the processing time is taking 5 to 10 minutes. longer each week due to an increasing volume of raw data. The team is also concerned about rising costs as the compute capacity increases. The EMR cluster is currently running on three m3 xlarge instances (one m

A. Add additional task nodes, but have the team purchase an all-upfront convertible Reserved Instance for each additional node to offset the costs

B. Add additional task nodes, but use instance fleets with the master node in on-Demand mode and a mix of On-Demand and Spot Instances for the core and task nodes

C. Add additional task nodes, but use instance fleets with the master node in Spot mode and a mix of On-Demand and Spot Instances for the core and task nodes

D. Add additional task nodes, but use instance fleets with the master node in On-Demand mode and a mix of On-Demand and Spot Instances for the core and task nodes

View answer

Correct Answer: D

DON'T WANT TO MISS A THING?

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!
Get Now

2024 Updated SAP-C02 Exam Questions & Practice Tests, AWS Certified Solutions Architect - Professional | SPOTO

View Answers after Submission

DON'T WANT TO MISS A THING?

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE! Get Now

2024 Updated SAP-C02 Exam Questions & Practice Tests, AWS Certified Solutions Architect - Professional | SPOTO

View Answers after Submission

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!
Get Now