14 April, 2022

The Secret Of Amazon-Web-Services SAP-C01 Exam Engine

Proper study guides for Refresh Amazon-Web-Services AWS Certified Solutions Architect- Professional certified begins with Amazon-Web-Services SAP-C01 preparation products which designed to deliver the Precise SAP-C01 questions by making you pass the SAP-C01 test at your first time. Try the free SAP-C01 demo right now.

Amazon-Web-Services SAP-C01 Free Dumps Questions Online, Read and Test Now.

Page: 1 / 14

Total 179 questions Full Exam Access

Question 1

A company would like to implement a serverless application by using Amazon API Gateway, AWS Lambda and Amazon DynamoDB. They deployed a proof of concept and stated that the average response time is greater than what their upstream services can accept Amazon CloudWatch metrics did not indicate any issues with DynamoDB but showed that some Lambda functions were hitting their timeout.
Which of the following actions should the Solutions Architect consider to improve performance? (Choose two.)

Configure the AWS Lambda function to reuse containers to avoid unnecessary startup time.

Increase the amount of memory and adjust the timeout on the Lambda functio

Complete performance testing to identify the ideal memory and timeout configuration for the Lambda function.

Create an Amazon ElastiCache cluster running Memcached, and configure the Lambda function for VPC integration with access to the Amazon ElastiCache cluster.

Enable API cache on the appropriate stage in Amazon API Gateway, and override the TTL for individual methods that require a lower TTL than the entire stage.

Increase the amount of CPU, and adjust the timeout on the Lambda functio

Complete performance testing to identify the ideal CPU and timeout configuration for the Lambda function.

Question 2

A company will several AWS accounts is using AWS Organizations and service control policies (SCPs). An Administrator created the following SCP and has attached it to an organizational unit (OU) that contains AWS account 1111-1111-1111:
SAP-C01 dumps exhibit

Developers working in account 1111-1111-1111 complain that they cannot create Amazon S3 buckets. How should the Administrator address this problem?

Add s3:CreateBucket with “Allow” effect to the SCP.

Remove the account from the OU, and attach the SCP directly to account 1111-1111-1111.

Instruct the Developers to add Amazon S3 permissions to their IAM entities.

Remove the SCP from account 1111-1111-1111.

Question 3

A company manages more than 200 separate internet-facing web applications. All of the applications are deployed to AWS in a single AWS Region The fully qualified domain names (FQDNs) of all of the applications are made available through HTTPS using Application Load Balancers (ALBs). The ALBs are configured to use public SSL/TLS certificates.
A Solutions Architect needs to migrate the web applications to a multi-region architecture. All HTTPS services should continue to work without interruption.
Which approach meets these requirements?

Request a certificate for each FQDN using AWS KM

Associate the certificates with the ALBs in the primary AWS Regio

Enable cross-region availability in AWS KMS for the certificates and associate the certificates with the ALBs in the secondary AWS Region.

Generate the key pairs and certificate requests for each FQDN using AWS KM

Associate the certificates with the ALBs in both the primary and secondary AWS Regions.

Request a certificate for each FQDN using AWS Certificate Manage

Associate the certificates with the ALBs in both the primary and secondary AWS Regions.

Request certificates for each FQDN in both the primary and secondary AWS Regions using AWS Certificate Manage

Associate the certificates with the corresponding ALBs in each AWS Region.

Question 4

A company has developed a new billing application that will be released in two weeks. Developers are testing the application running on 10 EC2 instances managed by an Auto Scaling group in subnet 172.31.0.0/24 within VPC A with CIDR block 172.31.0.0/16. The Developers noticed connection timeout errors in the application logs while connecting to an Oracle database running on an Amazon EC2 instance in the same region within VPC B with CIDR block 172.50.0.0/16. The IP of the database instance is hard-coded in the application instances.
Which recommendations should a Solutions Architect present to the Developers to solve the problem in a secure way with minimal maintenance and overhead?

Disable the SrcDestCheck attribute for all instances running the application and Oracle Database.Change the default route of VPC A to point ENI of the Oracle Database that has an IP address assigned within the range of 172.50.0.0/26

Create and attach internet gateways for both VPC

Configure default routes to the Internet gateways for both VPC

Assign an Elastic IP for each Amazon EC2 instance in VPC A

Create a VPC peering connection between the two VPCs and add a route to the routing table of VPC A that points to the IP address range of 172.50.0.0/16

Create an additional Amazon EC2 instance for each VPC as a customer gateway; create one virtual private gateway (VGW) for each VPC, configure an end-to-end VPC, and advertise the routes for 172.50.0.0/16

Question 6

A company is migrating to the cloud. It wants to evaluate the configurations of virtual machines in its existing data center environment to ensure that it can size new Amazon EC2 instances accurately. The company wants to collect metrics, such as CPU, memory, and disk utilization, and it needs an inventory of what processes are running on each instance. The company would also like to monitor network connections to map communications between servers.
Which would enable the collection of this data MOST cost effectively?

Use AWS Application Discovery Service and deploy the data collection agent to each virtual machine in the data center.

Configure the Amazon CloudWatch agent on all servers within the local environment and publish metrics to Amazon CloudWatch Logs.

Use AWS Application Discovery Service and enable agentless discovery in the existing virtualization environment.

Enable AWS Application Discovery Service in the AWS Management Console and configure the corporate firewall to allow scans over a VPN.

Question 9

The company Security team requires that all data uploaded into an Amazon S3 bucket must be encrypted. The encryption keys must be highly available and the company must be able to control access on a per-user basis, with different users having access to different encryption keys.
Which of the following architectures will meet these requirements? (Choose two.)

Use Amazon S3 server-side encryption with Amazon S3-managed key

Allow Amazon S3 to generate an AWS/S3 master key, and use IAM to control access to the data keys that are generated.

Use Amazon S3 server-side encryption with AWS KMS-managed keys, create multiple customer master keys, and use key policies to control access to them.

Use Amazon S3 server-side encryption with customer-managed keys, and use AWS CloudHSM to manage the key

Use CloudHSM client software to control access to the keys that are generated.

Use Amazon S3 server-side encryption with customer-managed keys, and use two AWS CloudHSM instances configured in high-availability mode to manage the key

Use the Cloud HSM client software to control access to the keys that are generated.

Use Amazon S3 server-side encryption with customer-managed keys, and use two AWS CloudHSM instances configured in high-availability mode to manage the key

Use IAM to control access to the keys that are generated in CloudHSM.

Question 10

A Solutions Architect is designing a highly available and reliable solution for a cluster of Amazon EC2 instances.
The Solutions Architect must ensure that any EC2 instance within the cluster recovers automatically after a system failure. The solution must ensure that the recovered instance maintains the same IP address.
How can these requirements be met?

Create an AWS Lambda script to restart any EC2 instances that shut down unexpectedly.

Create an Auto Scaling group for each EC2 instance that has a minimum and maximum size of 1.

Create a new t2.micro instance to monitor the cluster instance

Configure the t2.micro instance to issue an aws ec2 reboot-instances command upon failure.

Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric, and then configure an EC2 action to recover the instance.

Question 11

A company with multiple accounts is currently using a configuration that does not meet the following security governance policies
• Prevent ingress from port 22 to any Amazon EC2 instance
• Require billing and application tags for resources
• Encrypt all Amazon EBS volumes
A Solutions Architect wants to provide preventive and detective controls including notifications about a specific resource, if there are policy deviations.
Which solution should the Solutions Architect implement?

Create an AWS CodeCommit repository containing policy-compliant AWS Cloud Formation templates.Create an AWS Service Catalog portfolio Import the Cloud Formation templates by attaching the CodeCommit repository to the portfolio Restrict users across all accounts to items from the AWSService Catalog portfolio Use AWS Config managed rules to detect deviations from the policie

Configure an Amazon CloudWatch Events rule for deviations, and associate a CloudWatch alarm to send notifications when the TriggeredRules metric is greater than zero.

Use AWS Service Catalog to build a portfolio with products that are in compliance with the governance policies in a central account Restrict users across all accounts lo AWS Service Catalog products Share a compliant portfolio to other accounts Use AWS Config managed rules to detect deviations from the policies Configure an Amazon CloudWatch Events rule to send a notification when a deviation occurs

Implement policy-compliant AWS Cloud Formation templates for each account and ensure that all provisioning is completed by Cloud Formation Configure Amazon Inspector to perform regular checks against resources Perform policy validation and write the assessment output to Amazon CloudWatch Log

Create a CloudWatch Logs metric filter to increment a metric when a deviation occurs Configure a CloudWatch alarm to send notifications when the configured metric is greater than zero

Restrict users and enforce least privilege access using AWS I A

Consolidate all AWS CloudTrail logs into a single account Send the CloudTrail logs to Amazon Elasticsearch Service (Amazon ES). Implement monitoring alerting, and reporting using the Kibana dashboard in Amazon ES and with Amazon SNS.

Question 12

A company must deploy multiple independent instances of an application. The front-end application is internet accessible. However, corporate policy stipulates that the backends are to be isolated from each other and the internet, yet accessible from a centralized administration server. The application setup should be automated to minimize the opportunity for mistakes as new instances are deployed.
Which option meets the requirements and MINIMIZES costs?

Use an AWS CloudFormation template to create identical IAM roles for each regio

Use AWS CloudFormation StackSets to deploy each application instance by using parameters to customize for each instance, and use security groups to isolate each instance while permitting access to the central server.

Create each instance of the application IAM roles and resources in separate accounts by using AWS CloudFormation StackSet

Include a VPN connection to the VPN gateway of the central administration server.

Duplicate the application IAM roles and resources in separate accounts by using a single CloudFormation templat

Include VPC peering to connect the VPC of each application instance to acentral VPC.

Use the parameters of the AWS CloudFormation template to customize the deployment into separate account

Include a NAT gateway to allow communication back to the central administration server.

Question 13

A company deployed a three-tier web application in two regions: us-east-1 and eu-west-1. The application must be active in both regions at the same time. The database tier of the application uses a single Amazon RDS Aurora database globally, with a master in us-east-1 and a read replica in eu-west-1. Both regions are connected by a VPN.
The company wants to ensure that the application remains available even in the event of a region-level failure of all of the application’s components. It is acceptable for the application to be in read-only mode for up to 1 hour. The company plans to configure two Amazon Route 53 record sets, one for each of the regions.
How should the company complete the configuration to meet its requirements while providing the lowest latency for the application end-users? (Choose two.)

Use failover routing and configure the us-east-1 record set as primary and the eu-west-1 record set as secondar

Configure an HTTP health check for the web application in us-east-1, and associate it to the us-east-1 record set.

Use weighted routing and configure each record set with a weight of 50. Configure an HTTP health check for each region, and attach it to the record set for that region.

Use latency-based routing for both record set

Configure a health check for each region and attach it to the record set for that region.

Configure an Amazon CloudWatch alarm for the health checks in us-east-1, and have it invoke an AWS Lambda function that promotes the read replica in eu-west-1.

Configure an Amazon RDS event notifications to react to the failure of the database in us-east-1 by invoking an AWS Lambda function that promotes the read replica in eu-west-1.

Question 14

An e-commerce company is revamping its IT infrastructure and is planning to use AWS services. The company’s CIO has asked a Solutions Architect to design a simple, highly available, and loosely coupled order processing application. The application is responsible for receiving and processing orders before storing them in an Amazon DynamoDB table. The application has a sporadic traffic pattern and should be able to scale during marketing campaigns to process the orders with minimal delays.
Which of the following is the MOST reliable approach to meet the requirements?

Receive the orders in an Amazon EC2-hosted database and use EC2 instances to process them.

Receive the orders in an Amazon SQS queue and trigger an AWS Lambda function to process them.

Receive the orders using the AWS Step Functions program and trigger an Amazon ECS container to process them.

Receive the orders in Amazon Kinesis Data Streams and use Amazon EC2 instances to process them.

Question 15

A company is migrating a subset of its application APIs from Amazon EC2 instances to run on a serverless infrastructure. The company has set up Amazon API Gateway, AWS Lambda, and Amazon DynamoDB for the new application. The primary responsibility of the Lambda function is to obtain data from a third-party Software as a Service (SaaS) provider. For consistency, the Lambda function is attached to the same virtual private cloud (VPC) as the original EC2 instances.
Test users report an inability to use this newly moved functionality, and the company is receiving 5xx errors from API Gateway. Monitoring reports from the SaaS provider shows that the requests never made it to its systems. The company notices that Amazon CloudWatch Logs are being generated by the Lambda functions. When the same functionality is tested against the EC2 systems, it works as expected.
What is causing the issue?

Lambda is in a subnet that does not have a NAT gateway attached to it to connect to the SaaS provider.

The end-user application is misconfigured to continue using the endpoint backed by EC2 instances.

The throttle limit set on API Gateway is too low and the requests are not making their way through.

API Gateway does not have the necessary permissions to invoke Lambda.

Page: 1 / 14

Total 179 questions Full Exam Access