DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass Your SAP-C02 Certification Questions & Practice Tests, AWS Certified Solutions Architect - Professional | SPOTO

Preparing for the SAP-C02 certification requires thorough understanding and practice of AWS solutions architecture principles. The AWS Certified Solutions Architect - Professional (SAP-C02) exam assesses candidates' expertise in designing and deploying scalable, reliable, and cost-effective applications on AWS. To pass the SAP-C02 exam, candidates must master exam questions and answers, practice tests, and exam dumps. Sample questions and free quizzes help in evaluating knowledge and identifying areas for improvement. Accessing comprehensive exam materials and studying architectural best practices are essential for success. Practicing with exam simulators and online exam questions simulates real exam scenarios, enhancing confidence and exam readiness. With diligent exam practice, candidates can confidently tackle the SAP-C02 certification, demonstrating their advanced skills in AWS solutions architecture.

Take other online exams

Question #1
A news company wants to implement an AWS Lambda function that calls an external API to receive new press releases every 10 minutes. The API provider Is planning to use an IP address allow list to protect the API. so the news company needs to provide any public IP addresses that access the API. The company's current architecture includes a VPC with an internet gateway and a NAT gateway. A solutions architect must implement a static IP address for the Lambda function. Which combination of steps should the sol
A. Use the Elastic IP address that is associated with the NAT gateway for the IP address allow list
B. Assign an Elastic IP address to the Lambda functio
C. Use the Lambda function's Elastic IP address for the IP address allow list
D. Configure the Lambda function to launch in the private subnet of the VPC
E. Configure the Lambda function to launch in the public subnet of the VPC
F. Create a transit gatewa G
View answer
Correct Answer: BDF

View The Updated SAP-C02 Exam Questions

SPOTO Provides 100% Real SAP-C02 Exam Questions for You to Pass Your SAP-C02 Exam!

Question #2
A solutions architect is evaluating the reliability of a recently migrated application running on AWS. The front end is hosted on Amazon S3 and accelerated by Amazon CloudFront. The application layer is running in a stateless Docker container on an Amazon EC2 On-Demand Instance with an Elastic IP address. The storage layer is a MongoDB database running on an EC2 Reserved Instance in the same Availability Zone as the application layer. Which combination of steps should the solutions architect take to elimina
A. Create a REST API in Amazon API Gateway and use AWS Lambda functions as the application layer
B. Create an Application Load Balancer and migrate the Docker container to AWS Fargate
C. Migrate the storage layer to Amazon DynamoD8
D. Migrate the storage layer to Amazon DocumentD8 (with MongoDB compatibility)
E. Create an Application Load Balancer and move the storage layer to an EC2 Auto Scaling group
View answer
Correct Answer: B
Question #3
A company manages multiple AWS accounts by using AWS Organizations. Under the root OU. the company has two OUs: Research and DataOps. Because of regulatory requirements, all resources that the company deploys in the organization must reside in the ap-northeast-1 Region. Additionally. EC2 instances that the company deploys in the DataOps OU must use a predefined list of instance types A solutions architect must implement a solution that applies these restrictions. The solution must maximize operational effic
A. Create an IAM role in one account under the DataOps OU Use the ec2 Instance Type condition key in an inline policy on the role to restrict access to specific instance types
B. Create an IAM user in all accounts under the root OU Use the aws RequestedRegion condition key in an inline policy on each user to restrict access to all AWS Regions except ap-northeast-1
C. Create an SCP Use the aws:RequestedRegion condition key to restrict access to all AWS Regions except ap-northeast-1 Apply the SCP to the root OU
D. Create an SCP Use the ec2Reo?on condition key to restrict access to all AWS Regions except ap-northeast-1
E. the DataOps O
F. and the Research OU
View answer
Correct Answer: AD
Question #4
A company hosts a blog post application on AWS using Amazon API Gateway. Amazon DynamoDB, and AWS Lambda The application currently does not use API keys to authorize requests The API model is as follows: GET /posts/Jpostld) to get post details GET /users/{userld}. to get user details GET /comments/{commentld}: to get comments details The company has noticed users are actively discussing topics in the comments section, and the company wants to increase user engagement by making the comments appear in real ti
A. Use edge-optimized API with Amazon CloudFront to cache API responses
B. Modify the blog application code to request GET/commentsV{commentld} every 10 seconds
C. Use AWS AppSync and leverage WebSockets to deliver comments
D. Change the concurrency limit of the Lambda functions to lower the API response time
View answer
Correct Answer: C
Question #5
12. You are an architect for a news-sharing mobile application. Anywhere in the world, your users can see local news on topics they choose. They can post pictures and videos from inside the application. Since the application is being used on a mobile phone, connection stability is required for uploading content, and delivery should be quick. Content is accessed a lot in the first minutes after it has been posted, but is quickly replaced by new content before disappearing. The local nature of the news means
A. Upload and store the content in a central Amazon Simple Storage Service (S3) bucket, and use an Amazon CloudFront Distribution for content delivery
B. Upload and store the content in an Amazon Simple Storage Service (S3) bucket in the region closest to the user, and use multiple Amazon CloudFront distributions for content delivery
C. Upload the content to an Amazon Elastic Compute Cloud (EC2) instance in the region closest to the user, send the content to a central Amazon Simple Storage Service (S3) bucket, and use an Amazon CloudFront distribution for content delivery
D. Use an Amazon CloudFront distribution for uploading the content to a central Amazon Simple Storage Service (S3) bucket and for content delivery
View answer
Correct Answer: BD
Question #6
16. An Enterprise customer is starting their migration to the cloud, their main reason for migrating is agility, and they want to make their internal Microsoft Active Directory available to any applications running on AWS; this is so internal users only have to remember one set of credentials and as a central point of user control for leavers and joiners. How could they make their Active Directory secure, and highly available, with minimal on-premises infrastructure changes, in the most cost and time-effici
A. Using Amazon Elastic Compute Cloud (EC2), they could create a DMZ using a security group; within the security group they could provision two smaller Amazon EC2 instances that are running Openswan for resilient IPSEC tunnels, and two larger instances that are domain controllers; they would use multiple Availability Zones
B. Using VPC, they could create an extension to their data center and make use of resilient hardware IPSEC tunnels; they could then have two domain controller instances that are joined to their existing domain and reside within different subnets, in different Availability Zones
C. Within the customerˈs existing infrastructure, they could provision new hardware to run Active Directory Federation Services; this would present Active Directory as a SAML2 endpoint on the internet; any new application on AWS could be written to authenticate using SAML2
D. The customer could create a stand-alone VPC with its own Active Directory Domain Controllers; two domain controller instances could be configured, one in each Availability Zone; new applications would authenticate with those domain controllers
View answer
Correct Answer: D
Question #7
An AWS customer has a web application that runs on premises. The web application fetches data from a third-party API that is behind a firewall. The third party accepts only one public CIDR block in each client's allow list. The customer wants to migrate their web application to the AWS Cloud. The application will be hosted on a set of Amazon EC2 instances behind an Application Load Balancer (ALB) in a VPC. The ALB is located in public subnets. The EC2 instances are located in private subnets. NAT gateways p
A. Associate a block of customer-owned public IP addresses to the VP
B. Enable public IP addressing for public subnets in the VPC
C. Register a block of customer-owned public IP addresses in the AWS accoun
D. Create Elastic IP addresses from the address block and assign them lo the NAT gateways in the VPC
E. Create Elastic IP addresses from the block of customer-owned IP addresse
F. Assign the static Elastic IP addresses to the ALB
View answer
Correct Answer: D
Question #8
A company is creating a REST API to share information with six of its partners based in the United States. The company has created an Amazon API Gateway Regional endpoint. Each of the six partners will access the API once per day to post daily sales figures. After initial deployment, the company observes 1.000 requests per second originating from 500 different IP addresses around the world. The company believes this traffic is originating from a botnet and wants to secure its API while minimizing cost. Whic
A. Create an Amazon CloudFront distribution with the API as the origi
B. Create an AWS WAF web ACL with a rule to block clients "hat submit more than five requests per da
C. Associate the web ACL with the CloudFront distributio
D. Configure CloudFront with an origin access identity (OAI) and associate it with the distributio
E. Configure API Gateway to ensure only the OAI can execute the POST method
F. Create an Amazon CloudFront distribution with the API as the origi G
View answer
Correct Answer: A
Question #9
6. A customer is running an application in US-West (Northern California) region and wants to setup disaster recovery failover to the Asian Pacific (Singapore) region. The customer is interested in achieving a low Recovery Point Objective (RPO) for an Amazon Relational DatabaseService(RDS) multi-AZ MySQL database instance. Which approach is best suited to this need?
A. Synchronous replication
B. Asynchronous replication
C. Route53 health checks
D. Copying of RDS incremental snapshots
View answer
Correct Answer: A
Question #10
17. An AWS customer is deploying a web application that is composed of a front-end running on Amazon EC2 and confidential data that is stored on Amazon S3. The customers security policy requires that the all access operations to this sensitive data must be authenticated and authorized by a centralized access management system that is operated by a separate security team. In addition, the web application team that owns and administers the EC2 web front-end instances is prohibited from having any ability to a
A. Configure the web application to authenticate end-users against the centralized access management system
B. Encrypt the data on Amazon S3 using a CloudHSM that is operated by the separate security team
C. Configure the web application to authenticate end-users against the centralized access management system using SAML
D. Have the separate security team create an IAM Role that is entitled to access the data on Amazon S3
View answer
Correct Answer: BE
Question #11
A company is using AWS CodePipeline for the CI/CO of an application to an Amazon EC2 Auto Scaling group. All AWS resources are defined in AWS CloudFormation templates. The application artifacts are stored in an Amazon S3 bucket and deployed to the Auto Scaling group using instance user data scripts. As the application has become more complex, recent resource changes in the Cloud Formation templates have caused unplanned downtime. How should a solutions architect improve the CI'CD pipeline to reduce the like
A. Adapt the deployment scripts to detect and report CloudFormation error conditions when performing deployment
B. Write test plans for a testing team to execute in a non-production environment before approving the change for production
C. Implement automated testing using AWS CodeBuild in a test environmen
D. Use CloudFormation changesets to evaluate changes before deploymen
E. Use AWS CodeDeploy to leverage blue/green deployment patterns to allow evaluations and the ability to revert changes, if needed
F. Use plugins for the integrated development environment (IDE) to check the templates for errors, and use the AWS CLI to validate that the templates are correc G
View answer
Correct Answer: B
Question #12
A solutions architect is designing a network for a new cloud deployment. Each account will need autonomy to modify route tables and make changes. Centralized and controlled egress internet connectivity is also needed. The cloud footprint is expected to grow to thousands of AWS accounts. Which architecture will meet these requirements?
A. A centralized transit VPC with a VPN connection to a standalone VPC in each accoun
B. Outbound internet traffic will be controlled by firewall appliances
C. A centralized shared VPC with a subnet for each accoun
D. Outbound internet traffic will controlled through a fleet of proxy servers
E. A shared services VPC to host central assets to include a fleet of firewalls with a route to the internet
F. A shared transit gateway to which each VPC will be attache G
View answer
Correct Answer: C
Question #13
A solutions architect has deployed a web application that serves users across two AWS Regions under a custom domain The application uses Amazon Route 53 latency-based routing The solutions architect has associated weighted record sets with a pair of web servers in separate Availability Zones for each Region The solutions architect runs a disaster recovery scenario When all the web servers in one Region are stopped Route 53 does not automatically redirect users to the other Region Which of the following are
A. The weight for the Region where the web servers were stopped is higher than the weight for the other Region
B. One of the web servers in the secondary Region did not pass its HTTP health check
C. Latency resource record sets cannot be used in combination with weighted resource record sets
D. The setting to evaluate target health is not turned on for the latency alias resource record set that is associated with the domain in the Region where the web servers were stopped
E. An HTTP health check has not been set up for one or more of the weighted resource record sets associated with the stopped web servers
View answer
Correct Answer: AC
Question #14
1.Company A has hired you to assist with the migration of an interactive website that allows registered users to rate local restaurants. Updates to the ratings are displayed on the home page, and ratings are updated in real time. Although the website is not very popular today, the company anticipates that it will grow rapidly over the next few weeks. They want the site to be highly available. The current architecture consists of a single Windows Server 2008 R2 web server and a MySQL database running on Linu
A. Use AWS VM Import/Export to create an Amazon Elastic Compute Cloud (EC2) Amazon Machine Image (AMI) of the web server
B. Export web files to an Amazon S3 bucket in us-west-1
C. Use AWS VM Import/Export to create an Amazon EC2 AMI of the web server
D. Launch two Windows Server 2008 R2 instances in us-west-1b and two in Us-west-1a
View answer
Correct Answer: D
Question #15
A large company has many business units Each business unit has multiple AWS accounts for different purposes. The CIO of the company sees that each business unit has data that would be useful to share with other parts of the company in total there are about 10 PB of data that needs to be shared with users in 1.000 AWS accounts. The data is proprietary so some of it should only be available to users with specific job types Some of the data is used for throughput of intensive workloads such as simulations. The
A. Store the data in a single Amazon S3 bucket Create an IAM role for every combination of job type and business unit that allows for appropriate read/write access based on object prefixes in the S3 bucket The roles should have trust policies that allow the business unit's AWS accounts to assume their roles UseIAM in each business unit's AWS account to prevent them from assuming roles for a different job type Users get credentials to access the data by using AssumeRole from their business unit's AWS account Users can then use those credentials with an S3 client
B. Store the data in a single Amazon S3 bucket Write a bucket policy that uses conditions to grant read and write access where appropriate based on each user's business unit and job typ
C. Determine the business unit with the AWS account accessing the bucket and the job type with a prefix in the IAM user's name Users can access data by using IAM credentials from their business unit's AWS account with an S3 client
D. Store the data in a series of Amazon S3 buckets Create an application running m Amazon EC2 that is integrated with the company's identity provider (IdP) thatauthenticates users and allows them to download or upload data through the application The application uses the business unit and job type information in the IdP to control what users can upload and download through the application The users can access the data through the application's API
E. Store the data in a series of Amazon S3 buckets Create an AWS STS token vending machine that is integrated with the company's identity provider (IdP) When a user logs in: have the token vending machine attach an IAM policy that assumes the role that limits the user's access and/or upload only the data the user is authorized to access Users can get credentials by authenticating to the token vending machine's website or API and then use those credentials with an S3 client
F. D
View answer
Correct Answer: B
Question #16
A company has an organization in AWS Organizations that has a large number of AWS accounts. One of the AWS accounts is designated as a transit account and has a transit gateway that is shared with all of the other AWS accounts AWS Site-to-Site VPN connections are configured between ail of the company's global offices and the transit account The company has AWS Config enabled on all of its accounts. The company's networking team needs to centrally manage a list of internal IP address ranges that belong to th
A. Create a JSON file that is hosted in Amazon S3 and that lists all of the internal IP address ranges Configure an Amazon Simple Notification Service (Amazon SNS) topic in each of the accounts that can be involved when the JSON file is update
B. Subscribe an AWS Lambda function to the SNS topic to update all relevant security group rules with Vie updated IP address ranges
C. Create a new AWS Config managed rule that contains all of the internal IP address ranges Use the rule to check the security groups in each of the accounts to ensure compliance with the list of IP address range
D. Configure the rule to automatically remediate any noncompliant security group that is detected
E. In the transit account, create a VPC prefix list with all of the internal IP address range
F. Use AWS Resource Access Manager to share the prefix list with all of the other account G
View answer
Correct Answer: D
Question #17
11. A gaming company adopted AWS Cloud Formation to automate load-testing of their games. They have created an AWS Cloud Formation template for each gaming environment and one for the load-testing stack. The load-testing stack creates an Amazon Relational Database Service (RDS) Postgres database and two web servers running on Amazon Elastic Compute Cloud (EC2) that send HTTP requests, measure response times, and write the results into the database. A test run usually takes between 15 and 30 minutes. Once th
A. Define an update policy to prevent deletion of the Amazon RDS database after the AWS CloudFormation stack is deleted
B. Define a deletion policy of type Snapshot for the Amazon RDS resource to assure that the RDS database can be restored after the AWS CloudFormation stack is deleted
C. Define automated backups with a backup retention period of 30 days for the Amazon RDS database and perform point-in-time recovery of the database after the AWS CloudFormation stack is deleted
D. Define an Amazon RDS Read-Replica in the load-testing AWS CloudFormation stack and define a dependency relation between master and replica via the DependsOn attribute
E. Define a deletion policy of type Retain for the Amazon RDS resource to assure that the RDS database is not deleted with the AWS CloudFormation stack
View answer
Correct Answer: C
Question #18
19. You have an application running on an EC2 instance which will allow users to download files from a private S3 bucket using a pre-signed URL. Before generating the URL, the application should verify the existence of the file in S3. How should the application use AWS credentials to access the S3 bucket securely?
A. Create an IAM user for the application with permissions that allow list access to the S3 bucket; launch the instance as the IAM user, and retrieve the IAM user’s credentials from the EC2 instance user data
B. Create an IAM role for EC2 that allows list access to objects in the S3 bucket; launch the instance with the role, and retrieve the role’s credentials from the EC2 instance metadata
C. Use the AWS account access keys; the application retrieves the credentials from the source code of the application
D. Create an IAM user for the application with permissions that allow list access to the S3 bucket; the application retrieves the IAM user credentials from a temporary directory with permissions that allow read access only to the application user
View answer
Correct Answer: A
Question #19
A digital marketing company has multiple AWS accounts that belong to various teams. The creative team uses an Amazon S3 bucket in its AWS account to securely store images and media files that are used as content for the company's marketing campaigns. The creative team wants to share the S3 bucket with the strategy team so that the strategy team can view the objects. A solutions architect has created an IAM role that is named strategy_reviewer in the Strategy account. The solutions architect also has set up
A. Create a bucket policy that includes read permissions for the S3 bucke
B. Set the principal of the bucket policy to the account ID of the Strategy account
C. Update the strategy_reviewer IAM role to grant full permissions for the S3 bucket and to grant decrypt permissions for the custom KMS key
D. Update the custom KMS key policy in the Creative account to grant decrypt permissions to the strategy_reviewer IAM role
E. Create a bucket policy that includes read permissions for the S3 bucke
F. Set the principal of the bucket policy to an anonymous user
View answer
Correct Answer: A
Question #20
15. Your company currently has a highly available web application running in production. The application’s web front-end utilizes an Elastic Load Balancer and Auto Scaling across three Availability Zones. During peak load, your web servers operate at 90% utilization and leverage a combination of Heavy Utilization Reserved Instances for steady state load and On-Demand and Spot Instances for peak load. You are tasked with designing a cost effective architecture to allow the application to recover quickly in t
A. Continue to run your web front-end at 90% utilization, but leverage a high bid price strategy to cover the loss of any of the other Availability Zones during peak load
B. Increase use of spot instances to cost effectively scale the web front-end across all Availability Zones to lower aggregate utilization levels that will allow an Availability Zone to fail during peak load without affecting the application’s availability
C. Increase Auto Scaling capacity and scaling thresholds to allow the web front-end to cost effectively scale across all Availability Zones to lower aggregate utilization levels that will allow an Availability Zone to fail during peak load without affecting the application’s availability
D. Continue to run your web front-end at 90% utilization, but purchase an appropriate number of light utilization RIs in each Availability Zone to cover the loss of any of the other Availability Zones during peak load
View answer
Correct Answer: A
Question #21
5. To enable end-to-end HTTPS connections from the userˈs browser to the origin via CloudFront, which of the following options would be valid? Choose 2 answers
A. Use a self signed certificate in the origin and CloudFront default certificate in CloudFront
B. Use the CloudFront default certificate in both the origin and CloudFront
C. Use third-party CA certificate in the origin and CloudFront default certificate in CloudFront
D. Use third-party CA certificate in both the origin and CloudFront
E. Use a self signed certificate in both the origin and CloudFront
View answer
Correct Answer: B
Question #22
7. A document storage company is deploying their application to AWS and changing their business model to support both Free Tier and Premium Tier users. The Premium Tier users will be allowed to store up to 200GB of data and Free Tier customers will be allowed to store only 5GB. The customer expects that billions of files will be stored. All users need to be alerted when approaching 75 percent quota utilization and again at 90 percent quota use. To support the Free Tier and Premium Tier users, how should the
A. The company should utilize an Amazon Simple Workflow Service activity worker that updates the userˈs used data counter in Amazon DynamoDB
B. The company should deploy an Amazon Relational Database Service (RDS) relational database with a stored objects table that has a row for each stored object along with the size of each object
C. The company should write both the content length and the username of the files owner as S3 metadata for the object
D. The company should create two separate Amazon Simple Storage Service buckets, one for data storage for Free Tier Users, and another for data storage for Premium Tier users
View answer
Correct Answer: ABD
Question #23
A company that designs multiplayer online games wants to expand its user base outside of Europe. The company transfers a significant amount of UDP traffic to Keep all the live and interactive sessions of the games The company has plans for rapid expansion and wants to build its architecture to provide an optimized online experience to its users Which architecture will meet these requirements with the LOWEST latency for users''
A. Set up a Multi-AZ environment in a single AWS Region Use Amazon CloudFront to cache user sessions
B. Set up environments in multiple AWS Regions Create an accelerator in AWS Global Accelerator, and add endpoints from different Regions to it
C. Set up environments in multiple AWS Regions Use Amazon Route 53
D. Set up a Multi-AZ environment in a single AWS Regio
E. Use AWS Lambda@Edge to update sessions closer to the users
View answer
Correct Answer: D
Question #24
161. A company has an application that uses Amazon EC2 instances in an Auto Scaling group. The Quality Assurance (QA) department needs to launch a large number of short-lived environments to test the application. The application environments are currently launched by the Manager of the department using an AWS CloudFormation template. To launch the stack, the Manager uses a role with permission to use CloudFormation, EC2, and Auto Scaling APIs. The Manager wants to allow testers to launch their own environments, but does not want to grant broad permissions to each user Which set up would achieve these goals?
A. pload the AWS CloudFormation template to Amazon S3
B. Create an AWS Service Catalog product from the environment template
C. pload the AWS CloudFormation template to Amazon S3
D. reate an AWS Elastic Beanstalk application from the environment template
View answer
Correct Answer: D
Question #25
A company wants to migrate its data analytics environment from on premises to AWS The environment consists of two simple Node js applications One of the applications collects sensor data and loads it into a MySQL database The other application aggregates the data into reports When the aggregation jobs run. some of the load jobs fail to run correctly The company must resolve the data loading issue The company also needs the migration to occur without interruptions or changes for the company's customers What
A. Set up an Amazon Aurora MySQL database as a replication target for the on-premises database Create an Aurora Replica for the Aurora MySQL database, and move the aggregation jobs to run against the Aurora Replica Set up collection endpomts as AWS Lambda functions behind a Network Load Balancer (NLB)
B. Point the collector DNS record to the NLB
C. Set up an Amazon Aurora MySQL database Use AWS Database Migration Service (AWS DMS) to perform continuous data replication from the on-premises database to Aurora Move the aggregation jobs to run against the Aurora MySQL database Set up collection endpomts behind an Application Load Balancer (ALB) as Amazon EC2 instances in an Auto Scaling group When the databases are synced, point the collector DNS record to the ALB Disable the AWS DMS sync task after the cutover from on premises to AWS
D. Set up an Amazon Aurora MySQL database Use AWS Database Migration Service (AWS DMS) to perform continuous data replication from the on-premises database to Aurora Create an Aurora Replica for the Aurora MySQL database and move the aggregation jobs to run against the Aurora Replica Set up collection endpoints as AWS Lambda functions behind an Application Load Balancer (ALB) and use Amazon RDS Proxy to write to the Aurora MySQL database When the databases are synced, point the collector DNS record to the ALB Disable the AWS DMS sync task after the cutover from on premises to AWS
E. Set up an Amazon Aurora MySQL database Create an Aurora Replica for the Aurora MySQL database and move the aggregation jobs to run against the Aurora Replica Set up collection endpoints as an Amazon Kinesis data stream Use Amazon Kinesis Data Firehose to replicate the data to the Aurora MySQL database When the databases are synced disable the replication job and restart the Aurora Replica as the primary instance Point the collector DNS record to the Kinesis data stream
View answer
Correct Answer: CE
Question #26
A company requires that all internal application connectivity use private IP addresses. To facilitate this policy, a solutions architect has created interface endpoints to connect to AWS public services. Upon testing, the solutions architect notices that the service names are resolving to public IP addresses, and that internal services cannot connect to the interface endpoints. Which step should the solutions architect take to resolve this issue?
A. Update the subnet route table with a route to the interface endpoint
B. Enable the private DNS option on the VPC attributes
C. Configure the security group on the interface endpoint to allow connectivity to the AWS services
D. Configure an Amazon Route 53 private hosted zone with a conditional forwarder for the internal application
View answer
Correct Answer: BD
Question #27
A company wants to send data from its on-premises systems to Amazon S3 buckets. The company created the S3 buckets in three different accounts. The company must send the data privately without the data traveling across the internet. The company has no existing dedicated connectivity to AWS Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)
A. Establish a networking account in the AWS Cloud Create a private VPC in the networking account Set up an AWS Direct Connect connection with a private VIF between the on-premises environment and the private VPC
B. Establish a networking account in the AWS Cloud Create a private VPC in the networking account Set up an AWS Direct Connect connection with a public VIF between the on-premises environment and the private VPC
C. Create an Amazon S3 interface endpoint in the networking account
D. Create an Amazon S3 gateway endpoint in the networking account
E. Establish a networking account in the AWS Clou
F. Create a private VPC in the networking account Peer VPCs from the accounts that host the S3 buckets with the VPC in the network account
View answer
Correct Answer: A
Question #28
4. A large enterprise wants to adopt CloudFormation to automate administrative tasks and implement the security principles of least priviledge and separation of duties. They have identified the following roles with the corresponding tasks in the company: • network administrators: create, modify and delete VPCs, subnets, NACLs, routing tables, and security groups. • application operators: deploy complete application stacks (ELB, Auto-Scaling groups, RDS) whereas all resources must be deployed in the VPCs managed by the network administrators. Both groups must maintain their own CloudFormation templates and should be able to create, update and delete only their own CloudFormation stacks. The company has followed your advice to create two IAM groups, one for applications and one for networks. Both IAM groups are attached to IAM policies that grant rights to perform the necessary task of each group as well as the creation, update and deletion of CloudFormation stacks. Given setup and requirements, which statements represent valid design considerations? Choose 2 answers
A. Network stack updates will fail upon attempts to delete a subnet with EC2 instances
B. Restricting the launch of EC2 instances into VPCs requires resource level permissions in the IAM policy of the application group
C. Nesting network stacks within application stacks simplifies management and debugging, but requires resource level permissions in the IAM policy of the network group
D. Unless resource level permissions are used on the cloudformation:DeleteStack action, network administrators could tear down application stacks
E. The application stack cannot be deleted before all network stacks are deleted
View answer
Correct Answer: E
Question #29
13. A customer is deploying an SSL enabled Web application to AWS and would like to implement a separation of roles between the EC2 service administrators that are entited to login to Instances as well as making API calls and the security officers who will maintain and have exclusive access to the applicationˈs X.509 certificate that contains the private key. Which configuration option could satisfy the above requirement?
A. Configure the web servers to retrieve the certificate upon boot from an CloudHSM that is managed by the security officers
B. Configure system permissions on the web servers to restrict access to the certificate only to the authorized security officers
C. Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB
D. Upload the certificate on an S3 bucket owned by the security officers and accessible only by the EC2 Role of the web servers
View answer
Correct Answer: C
Question #30
A greeting card company recently advertised that customers could send cards to their favourite celebrities through the company's platform Since the advertisement was published, the platform has received constant traffic from 10.000 unique users each second. The platform runs on m5.xlarge Amazon EC2 instances behind an Application Load Balancer (ALB) The instances run in an Auto Scaling group and use a custom AMI that is based on Amazon Linux. The platform uses a highly available Amazon Aurora MySQL DB clust
A. Set up an Amazon CloudFront distribution Set the ALB as the origin Move all customer traffic to the CloudFront distribution endpoint
B. Use Amazon RDS Proxy Reconfigure the database connections to use the proxy
C. Increase the number of reader nodes in the Aurora MySQL cluster
D. Increase the number of nodes in the ElastiCache for Redis cluster
View answer
Correct Answer: ABE
Question #31
10. For a 3-tier, customer facing, inclement weather site utilizing a MySQL database running in a Region which has two AZs (Availability Zone), which architecture provides fault tolerance within the Region for the application that minimally requires 6 web tier servers and 6 application tier servers running in the web and application tiers and one MySQL database?
A. A web tier deployed in 2 AZs with 6 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (Elastic Load Balancer), and an application tier deployed in 2 AZs with 6 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB, and a Multi-AZ RDS (Relational Database Service) deployment
B. A web tier deployed in 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (Elastic Load Balancer), and an application tier deployed in 2 AZs with 3 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB, and a Multi-AZ RDS (Relational Database Service) deployment
C. A web tier deployed in 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (Elastic Load Balancer), and an application tier deployed in 2 AZs with 6 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB, and one RDS (Relational Database Service) instance deployed with read replicas in the other AZ
D. A web tier deployed in 1 AZ with 6 EC2 (Elastic Compute Cloud) instances inside an Auto Scaling Group behind an ELB (Elastic Load Balancer), and an application tier deployed in the same AZ with 6 EC2 instances inside an Auto Scaling Group behind an ELB, and a Multi-AZ RDS (Relational Database Service) deployment, with 6 stopped web tier EC2 instances and 6 stopped application tier EC2 instances all in the other AZ ready to be started if any of the running instances in the first AZ fails
View answer
Correct Answer: D
Question #32
A company is running an application in the AWS Cloud. The application uses AWS Lambda functions and Amazon Elastic Container Service (Amazon ECS) containers that run with AWS Fargate technology as its primary compute. The load on the application is irregular. The application experiences long periods of no usage, followed by sudden and significant increases and decreases in traffic. The application is write-heavy and stores data in an Amazon Aurora MySQL database. The database runs on an Amazon RDS memory op
A. Add additional read replicas to the databas
B. Purchase Instance Savings Plans and RDS Reserved Instances
C. Migrate the database to an Aurora multi-master DB cluste
D. Purchase Instance Savings Plans
E. Migrate the database to an Aurora global database Purchase Compute Savings Plans and RDS Reserved Instances
F. Migrate the database to Aurora Serverless v1
View answer
Correct Answer: AD
Question #33
A finance company hosts a data lake in Amazon S3. The company receives financial data records over SFTP each night from several third parties. The company runs its own SFTP server on an Amazon EC2 instance in a public subnet of a VPC. After the files ate uploaded, they are moved to the data lake by a cron job that runs on the same instance. The SFTP server is reachable on DNS sftp.examWe.com through the use of Amazon Route 53. What should a solutions architect do to improve the reliability and scalability o
A. Move the EC2 instance into an Auto Scaling grou
B. Place the EC2 instance behind an Application Load Balancer (ALB)
C. Migrate the SFTP server to AWS Transfer for SFT
D. Update the DNS record sftp
E. Migrate the SFTP server to a file gateway in AWS Storage Gatewa
F. Update the DNS record sflp
View answer
Correct Answer: D
Question #34
A data analytics company has an Amazon Redshift cluster that consists of several reserved nodes. The duster is experiencing unexpected bursts of usage because a team of employees is compiling a deep audit analysis report The queries to generate the report are complex read queries and are CPU intensive. Business requirements dictate that the cluster must be able to service read and write queries at at) times A solutions architect must devise a solution that accommodates the bursts of usage Which solution mee
A. Provision an Amazon EMR duster Offload the complex data processing tasks
B. Deploy an AWS Lambda function to add capacity to the Amazon Redshift cluster by using a classic resize operation when the duster's CPU metrics in Amazon CloudWatch reach 80%
C. Deploy an AWS Lambda function to add capacity to the Amazon Redshift duster by using an elastic resize operation when the duster's CPU metrics in Amazon CloudWatch leach 80%
D. Turn on the Concurrency Scaling feature for the Amazon Redshift duster
View answer
Correct Answer: AC
Question #35
3. A development team that is currently doing a nightly six-hour build which is lengthening over time on-premises with a large and mostly underutilized server would like to transition to a continuous integration model of development on AWS with multiple builds triggered within the same day. However, they are concerned about cost, security, and how to integrate with existing on-premises applications such as their LDAP and email servers which cannot move off-premises. The development environment needs a sourc
A. A Bastion host Amazon Elastic Compute Cloud (EC2) instance running a VPN server for access from on-premises, Amazon EC2 for the source code repository with attached Amazon Elastic Block Store (EBS) volumes, Amazon EC2 and Amazon Relational Database Service (RDS) MySQL for the project management system, EIPs for the source code repository and project management system, Amazon Simple Queue Service (SQS) for a build queue, An Auto Scaling group of Amazon EC2 instances for performing builds, and Amazon Simple Email Service for sending the build output
B. An AWS Storage Gateway for connecting on-premises software applications with cloud-based storage securely, Amazon EC2 for the source code repository with attached Amazon EBS volumes, Amazon EC2 and Amazon RDS MySQL for the project management system, EIPs for the source code repository and project management system, Amazon Simple Notification Service (SNS) for a notification-initiated build, An Auto Scaling group of Amazon EC2 instances for performing builds, and Amazon S3 for the build output
C. An AWS Storage Gateway for connecting on-premises software applications with cloud-based storage securely, Amazon EC2 for the source code repository with attached Amazon EBS volumes, Amazon EC2 and Amazon RDS MySQL for the project management system, EIPs for the source code repository and project management system, Amazon SQS for a build queue, An Amazon Elastic MapReduce (EMR) cluster of Amazon EC2 instances for performing builds, and Amazon CloudFront for the build output
D. A VPC with a VPN Gateway back to their on-premises servers, Amazon EC2 for the source-code repository with attached Amazon EBS volumes, Amazon EC2 and Amazon RDS MySQL for the project management system, EIPs for the source code repository and project management system, SQS for a build queue, An Auto Scaling group of EC2 instances for performing builds, and S3 for the build output
View answer
Correct Answer: D
Question #36
A company is hosting a three-tier web application in an on-premises environment. Due to a recent surge in traffic that resulted in downtime and a significant financial impact, company management has ordered that the application be moved to AWS. The application is written in .NET and has a dependency on a MySQL database A solutions architect must design a scalable and highly available solution to meet the demand of 200000 daily users. Which steps should the solutions architect take to design an appropriate s
A. Use AWS Elastic Beanstalk to create a new application with a web server environment and an Amazon RDS MySQL Multi-AZ DB instance The environment should launch a Network Load Balancer (NLB) in front of an Amazon EC2 Auto Scaling group in multiple Availability Zones Use an Amazon Route 53 alias record to route traffic from the company's domain to the NLB
B. Use AWS CloudFormation to launch a stack containing an Application Load Balancer (ALB) in front of an Amazon EC2 Auto Scaling group spanning three Availability Zone
C. The stack should launch a Multi-AZ deployment of an Amazon Aurora MySQL DB cluster with a Retain deletion polic
D. Use an Amazon Route 53 alias record to route traffic from the company's domain to the ALB
E. Use AWS Elastic Beanstalk to create an automatically scaling web server environment that spans two separate Regions with an Application Load Balancer (ALB) in each Regio
F. Create a Multi-AZ deployment of an Amazon Aurora MySQL DB cluster with a cross-Region read replica Use Amazon Route 53 with a geoproximity routing policy to route traffic between the two Regions
View answer
Correct Answer: ACE
Question #37
18. You have been asked to design network connectivity between your existing data centers and AWS. Your application’s EC2 instances must be able to connect to existing backend resources located in your data center. Network traffic between AWS and your data centers will start small, but ramp up to 10s of GB per second over the course of several months. The success of your application is dependent upon getting to market quickly. Which of the following design options will allow you to meet your objectives?
A. Quickly submit a DirectConnect request to provision a 1 Gbps cross connect between your data center and VPC, then increase the number or size of your DirectConnect connections as needed
B. Quickly create an internal ELB for your backend applications, submit a DirectConnect request to provision a 1 Gbps cross connect between your data center and VPC, then increase the number or size of your DirectConnect connections as needed
C. Allocate EIPs and an Internet Gateway for your VPC instances to use for quick, temporary access to your backend applications, then provision a VPN connection between a VPC and existing on-premises equipment
D. Provision a VPN connection between a VPC and existing on-premises equipment, submit a DirectConnect partner request to provision cross connects between your data center and the DirectConnect location, then cut over from the VPN connection to one or more DirectConnect connections as needed
View answer
Correct Answer: C
Question #38
A company has developed a web application. The company is hosting the application on a group of Amazon EC2 instances behind an Application Load Balancer. The company wants to improve the security posture of the application and plans to use AWS WAF web ACLs. The solution must not adversely affect legitimate traffic to the application. How should a solutions architect configure the web ACLs to meet these requirements?
A. Set the action of the web ACL rules to Coun
B. Enable AWS WAF logging Analyze the requests for false positives Modify the rules to avoid any false positive Over time change the action of the web ACL rules from Count to Block
C. Use only rate-based rules in the web ACL
D. and set the throttle limit as high as possible Temporarilyblock all requests that exceed the limi
E. Define nested rules to narrow the scope of the rate tracking
F. Set the action o' the web ACL rules to Bloc G
View answer
Correct Answer: A
Question #39
A multimedia company needs to deliver its video-on-demand (VOD) content to its subscribers in a cost-effective way. The video files range in size from 1-15 GB and are typically viewed frequently for the first 6 months alter creation, and then access decreases considerably. The company requires all video files to remain immediately available for subscribers. There are now roughly 30.000 files, and the company anticipates doubling that number over time. What is the MOST cost-effective solution for delivering
A. Store the video files in an Amazon S3 bucket using S3 Intelligent-Tierin
B. Use Amazon CloudFront to deliver the content with the S3 bucket as the origin
C. Use AWS Elemental MediaConvert and store the adaptive bitrate video files in Amazon S3
D. Store the video files in Amazon Elastic File System (Amazon EFS) Standar
E. Enable EFS lifecycle management to move the video files to EFS Infrequent Access after 6 month
F. Create an Amazon EC2 Auto Scaling group behind an Elastic Load Balancer to deliver the content from Amazon EFS
View answer
Correct Answer: D
Question #40
A company runs an application that gives users the ability to search for videos and related information by using keywords that are curated from content providers. The application data is stored in an on-premises Oracle database that is 800 GB in size. The company wants to migrate the data to an Amazon Aurora MySQL DB instance. A solutions architect plans to use the AWS Schema Conversion Tool and AWS Database Migration Service (AWS DMS) for the migration. During the migration, the existing database must serv
A. Create primary key indexes, secondary indexes, and referential integrity constraints in the target database before starting the migration process
B. Use AWS DMS to run the conversion report for Oracle to Aurora MySQ
C. Remediate any issues Then use AWS DMS to migrate the data
D. Use the M5 or CS DMS replication instance type for ongoing replication
E. Turn off automatic backups and logging of the target database until the migration and cutover processes are complete
View answer
Correct Answer: C
Question #41
14. You are designing security inside your VPC. You are considering the options for establishing separate security zones, and enforcing network traffic rules across the different zones to limit which instances can communicate. How would you accomplish these requirements? Choose 2 answers
A. Configure multiple subnets in your VPC, one for each zone
B. Configure your instances to use pre-set IP addresses with an IP address range for every security zone
C. Configure a security group for every zone
D. Configure a security group for every zone
View answer
Correct Answer: B
Question #42
2. A marketing research company has developed a tracking system that collects user behavior during web marketing campaigns on behalf of their customers all over the world. The tracking system consists of an auto-scaled group of Amazon Elastic Compute Cloud (EC2) instances behind an elastic load balancer (ELB), and the collected data is stored in Amazon DynamoDB. After the campaign is terminated, the tracking system is torn down and the data is moved to Amazon Redshift, where it is aggregated, analyzed and u
A. Avoid using DeletionPolicies for EBS snapshots
B. The names of the Amazon DynamoDB tables must be different in every target region
C. Use the built-in Mappings and FindInMap functions of AWS CloudFormation to refer to the AMI ID set in the ImageId attribute of the Auto Scaling::LaunchConfiguration resource
D. IAM users with the right to start AWS CloudFormation stacks must be defined for every target region
E. Use the built-in function of AWS CloudFormation to set the AvailabilityZone attribute of the ELB resource
View answer
Correct Answer: CE
Question #43
A company is running its solution on AWS in a manually created VPC. The company is using AWS Cloud Formation to provision other parts of the infrastructure. According to a new requirement, the company must manage all infrastructure in an automatic way. What should the company do to meet this new requirement with the LEAST effort?
A. Create a new AWS Cloud Development Kit (AWS CDK) stack that stnctly provisions the existing VPC resources and configuratio
B. Use AWS CDK to import the VPC into the stack and to manage the VPC
C. Create a CloudFormation stack set that creates the VP
D. Use the stack set to import the VPC into the stack
E. Create a new CloudFormation template that strictly provisions the existing VPC resources and configuratio
F. From the CloudFormation console, create a new stack by importing the existing resources
View answer
Correct Answer: C
Question #44
8. A public archives organization is about to move a pilot application they are running on AWS into production. You have been hired to analyze their application architecture and give cost-saving recommendations. The application displays scanned historical documents. Each document is split into individual image tiles at multiple zoom levels to improve responsiveness and ease of use for the end users. At maximum zoom level the average document will be 8000x 6000 pixels in size, split into multiple 40pxx 40px
A. Deploy an Amazon CloudFront distribution in front of the Amazon S3 tiles bucket
B. Increase the size (width/height) of the individual tiles at the maximum zoom level
C. Store the maximum zoom level in the low cost Amazon S3 Glacier option and only retrieve the most frequently access tiles as they are requested by users
D. Use Amazon S3 Reduced Redundancy Storage for each zoom level
E. Decrease the size (width/height) of the individual tiles at the maximum zoom level
View answer
Correct Answer: ADF

View The Updated AWS Exam Questions

SPOTO Provides 100% Real AWS Exam Questions for You to Pass Your AWS Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: