Amazon SAP-C01 Online Practice Questions and Exam Preparation

Amazon SAP-C01 Online Questions & Answers

• Question 231:

  A company is in the process of implementing AWS Organizations to constrain its developers to use only Amazon EC2, Amazon S3, and Amazon DynamoDB. The Developers account resides in a dedicated organizational unit (OU). The Solutions Architect has implemented the following SCP on the Developers account:

  

  When this policy is deployed, IAM users in the Developers account are still able to use AWS services that are not listed in the policy. What should the Solutions Architect do to eliminate the Developers' ability to use services outside the scope of this policy?

  A. Create an explicit deny statement for each AWS service that should be constrained.
  B. Remove the FullAWSAccess SCP from the Developer account's OU.
  C. Modify the FullAWSAccess SCP to explicitly deny all services.
  D. Add an explicit deny statement using a wildcard to the end of the SCP.
  B. Remove the FullAWSAccess SCP from the Developer account's OU.

• Question 232:

  A company is hosting a critical application on a single Amazon EC2 instance. The application uses an Amazon ElastiCache for Redis single-node cluster for an in-memory data store. The application uses an Amazon RDS for MariaDB DB

  instance for a relational database. For the application to function, each piece of the infrastructure must be healthy and must be in an active state.

  A solutions architect needs to improve the application's architecture so that the infrastructure can automatically recover from failure with the least possible downtime.

  Which combination of steps will meet these requirements? (Select THREE.)

  A. Use an Elastic Load Balancer to distribute traffic across multiple EC2 instances. Ensure that the EC2 instances are part of an Auto Scaling group that has a minimum capacity of two instances.
  B. Use an Elastic Load Balancer to distribute traffic across multiple EC2 instances Ensure that the EC2 instances are configured in unlimited mode.
  C. Modify the DB instance to create a read replica in the same Availability Zone. Promote the read replica to be the primary DB instance in failure scenarios.
  D. Modify the DB instance to create a Multi-AZ deployment that extends across two Availability Zones.
  E. Create a replication group for the ElastiCache for Redis cluster. Configure the cluster to use an Auto Scaling group that has a minimum capacity of two instances.
  F. Create a replication group for the ElastiCache for Redis cluster. Enable Multi-AZ on the cluster.
  C. Modify the DB instance to create a read replica in the same Availability Zone. Promote the read replica to be the primary DB instance in failure scenarios.
  D. Modify the DB instance to create a Multi-AZ deployment that extends across two Availability Zones.
  E. Create a replication group for the ElastiCache for Redis cluster. Configure the cluster to use an Auto Scaling group that has a minimum capacity of two instances.

• Question 233:

  A user wants to create a public subnet in VPC and launch an EC2 instance within it. The user has not selected the option to assign a public IP address while launching the instance. Which of the below mentioned statements is true with respect to this scenario?

  A. The instance will always have a public DNS attached to the instance by default
  B. The user would need to create a default route to IGW in subnet's route table and then attach an elastic IP to the instance to connect from the internet
  C. The user can directly attach an elastic IP to the instance
  D. The instance will never launch if the public IP is not assigned
  B. The user would need to create a default route to IGW in subnet's route table and then attach an elastic IP to the instance to connect from the internet

• Question 234:

  In Amazon Cognito what is a silent push notification?

  A. It is a push message that is received by your application on a user's device that will not be seen by the user.
  B. It is a push message that is received by your application on a user's device that will return the user's geolocation.
  C. It is a push message that is received by your application on a user's device that will not be heard by the user.
  D. It is a push message that is received by your application on a user's device that will return the user's authentication credentials.
  A. It is a push message that is received by your application on a user's device that will not be seen by the user.

• Question 235:

  A company runs many workloads on AWS and uses AWS Organizations to manage its accounts. The workloads are hosted on Amazon EC2, AWS Fargate, and AWS Lambda. Some of the workloads have unpredictable demand. Accounts

  record high usage in some months and low usage in other months.

  The company wants to optimize its compute costs over the next 3 years. A solutions architect obtains a 6-month average for each of the accounts across the organization to calculate usage.

  Which solution will provide the MOST cost savings for all the organization's compute usage?

  A. Purchase Reserved Instances for the organization to match the size and number of the most common EC2 instances from the member accounts.
  B. Purchase a Compute Savings Plan for the organization from the management account by using the recommendation at the management account level.
  C. Purchase Reserved Instances for each member account that had high EC2 usage according to the data from the last 6 months.
  D. Purchase an EC2 Instance Savings Plan for each member account from the management account based on EC2 usage data from the last 6 months.
  A. Purchase Reserved Instances for the organization to match the size and number of the most common EC2 instances from the member accounts.

• Question 236:

  A company is running an application distributed over several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The security team requires that all application access attempts be made available for analysis. Information about the client IP address, connection type, and user agent must be included.

  Which solution will meet these requirements?

  A. Enable EC2 detailed monitoring, and include network logs. Send all logs through Amazon Kinesis Data Firehose to an Amazon Elasticsearch Service (Amazon ES) cluster that the security team uses for analysis.
  B. Enable VPC Flow Logs for all EC2 instance network interfaces. Publish VPC Flow Logs to an Amazon S3 bucket. Have the security team use Amazon Athena to query and analyze the logs.
  C. Enable access logs for the Application Load Balancer, and publish the logs to an Amazon S3 bucket. Have the security team use Amazon Athena to query and analyze the logs.
  D. Enable Traffic Mirroring and specify all EC2 instance network interfaces as the source. Send all traffic information through Amazon Kinesis Data Firehose to an Amazon Elasticsearch Service (Amazon ES) cluster that the security team uses for analysis.
  C. Enable access logs for the Application Load Balancer, and publish the logs to an Amazon S3 bucket. Have the security team use Amazon Athena to query and analyze the logs.

• Question 237:

  A customer is deploying an SSL enabled web application to AWS and would like to implement a separation of roles between the EC2 service administrators that are entitled to login to instances as well as making API calls and the security officers who will maintain and have exclusive access to the application's X.509 certificate that contains the private key.

  A. Upload the certificate on an S3 bucket owned by the security officers and accessible only by EC2 Role of the web servers.
  B. Configure the web servers to retrieve the certificate upon boot from an CloudHSM is managed by the security officers.
  C. Configure system permissions on the web servers to restrict access to the certificate only to the authority security officers
  D. Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.
  D. Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.

• Question 238:

  A web application is hosted in a dedicated VPC that is connected to a company's on-premises data center over a Site-to-Site VPN connection. The application is accessible from the company network only. This is a temporary non-production application that is used during business hours. The workload is generally low with occasional surges.

  The application has an Amazon Aurora MySQL provisioned database cluster on the backend. The VPC has an internet gateway and a NAT gateways attached. The web servers are in private subnets in an Auto Scaling group behind an Elastic Load Balancer. The web servers also upload data to an Amazon S3 bucket through the internet.

  A solutions architect needs to reduce operational costs and simplify the architecture.

  Which strategy should the solutions architect use?

  A. Review the Auto Scaling group settings and ensure the scheduled actions are specified to operate the Amazon EC2 instances during business hours only. Use 3-year scheduled Reserved Instances for the web server EC2 instances. Detach the internet gateway and remove the NAT gateways from the VPC. Use an Aurora Serverless database and set up a VPC endpoint for the S3 bucket.
  B. Review the Auto Scaling group settings and ensure the scheduled actions are specified to operate the Amazon EC2 instances during business hours only. Detach the internet gateway and remove the NAT gateways from the VPC. Use an Aurora Serverless database and set up a VPC endpoint for the S3 bucket, then update the network routing and security rules and policies related to the changes.
  C. Review the Auto Scaling group settings and ensure the scheduled actions are specified to operate the Amazon EC2 instances during business hours only. Detach the internet gateway from the VPC, and use an Aurora Serverless database. Set up a VPC endpoint for the S3 bucket, then update the network routing and security rules and policies related to the changes.
  D. Use 3-year scheduled Reserved Instances for the web server Amazon EC2 instances. Remove the NAT gateways from the VPC, and set up a VPC endpoint for the S3 bucket. Use Amazon CloudWatch and AWS Lambda to stop and start the Aurora DB cluster so it operates during business hours only. Update the network routing and security rules and policies related to the changes.
  B. Review the Auto Scaling group settings and ensure the scheduled actions are specified to operate the Amazon EC2 instances during business hours only. Detach the internet gateway and remove the NAT gateways from the VPC. Use an Aurora Serverless database and set up a VPC endpoint for the S3 bucket, then update the network routing and security rules and policies related to the changes.

• Question 239:

  An enterprise company is using a multi-account AWS strategy. There are separate accounts for development staging and production workloads. To control costs and improve governance the following requirements have been defined:

  1.

  The company must be able to calculate the AWS costs for each project.

  2.

  The company must be able to calculate the AWS costs for each environment development staging and production.

  3.

  Commonly deployed IT services must be centrally managed.

  4.

  Business units can deploy pre-approved IT services only.

  5.

  Usage of AWS resources in the development account must be limited. Which combination of actions should be taken to meet these requirements? (Choose three.)

  A. Apply environment, cost center, and application name tags to all taggable resources.
  B. Configure custom budgets and define thresholds using Cost Explorer.
  C. Configure AWS Trusted Advisor to obtain weekly emails with cost-saving estimates.
  D. Create a portfolio for each business unit and add products to the portfolios using AWS CloudFormation in AWS Service Catalog.
  E. Configure a billing alarm in Amazon CloudWatch.
  F. Configure SCPs in AWS Organizations to allow services available using AWS.
  C. Configure AWS Trusted Advisor to obtain weekly emails with cost-saving estimates.
  E. Configure a billing alarm in Amazon CloudWatch.
  F. Configure SCPs in AWS Organizations to allow services available using AWS.

• Question 240:

  A company operates a group of imaging satellites. The satellites stream data to one of the company's ground stations where processing creates about 5 GB of images per minute. This data is added to network-attached storage, where 2 PB

  of data are already stored.

  The company runs a website that allows its customers to access and purchase the images over the Internet. This website is also running in the ground station. Usage analysis shows that customers are most likely to access images that have

  been captured in the last 24 hours.

  The company would like to migrate the image storage and distribution system to AWS to reduce costs and increase the number of customers that can be served. Which AWS architecture and migration strategy will meet these requirements?

  A. Use multiple AWS Snowball appliances to migrate the existing imagery to Amazon S3. Create a 1-Gb AWS Direct Connect connection from the ground station to AWS, and upload new data to Amazon S3 through the Direct Connect connection. Migrate the data distribution website to Amazon EC2 instances. By using Amazon S3 as an origin, have this website serve the data through Amazon CloudFront by creating signed URLs.
  B. Create a 1-Gb Direct Connect connection from the ground station to AWS. Use the AWS Command Line Interface to copy the existing data and upload new data to Amazon S3 over the Direct Connect connection. Migrate the data distribution website to EC2 instances. By using Amazon S3 as an origin, have this website serve the data through CloudFront by creating signed URLs.
  C. Use multiple Snowball appliances to migrate the existing images to Amazon S3. Upload new data by regularly using Snowball appliances to upload data from the network-attached storage. Migrate the data distribution website to EC2 instances. By using Amazon S3 as an origin, have this website serve the data through CloudFront by creating signed URLs.
  D. Use multiple Snowball appliances to migrate the existing images to an Amazon EFS file system. Create a 1-Gb Direct Connect connection from the ground station to AWS, and upload new data by mounting the EFS file system over the Direct Connect connection. Migrate the data distribution website to EC2 instances. By using webservers in EC2 that mount the EFS file system as the origin, have this website serve the data through CloudFront by creating signed URLs.
  B. Create a 1-Gb Direct Connect connection from the ground station to AWS. Use the AWS Command Line Interface to copy the existing data and upload new data to Amazon S3 over the Direct Connect connection. Migrate the data distribution website to EC2 instances. By using Amazon S3 as an origin, have this website serve the data through CloudFront by creating signed URLs.