Exam Details

  • Exam Code
    :SAP-C01
  • Exam Name
    :AWS Certified Solutions Architect - Professional (SAP-C01)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :973 Q&As
  • Last Updated
    :Jul 09, 2023

Amazon Amazon Certifications SAP-C01 Questions & Answers

  • Question 261:

    A company uses AWS Organizations with a single OU named Production to manage multiple accounts. All accounts are members of the Production OU. Administrators use deny list SCPs in the root of the organization to manage access to restricted services.

    The company recently acquired a new business unit and invited the new unit's existing AWS account to the organization. Once onboarded, the administrators of the new business unit discovered that they are not able to update existing AWS Config rules to meet the company's policies.

    Which option will allow administrators to make changes and continue to enforce the current policies without introducing additional long-term maintenance?

    A. Remove the organization's root SCPs that limit access to AWS Config. Create AWS Service Catalog products for the company's standard AWS Config rules and deploy them throughout the organization, including the new account.

    B. Create a temporary OU named Onboarding for the new account. Apply an SCP to the Onboarding OU to allow AWS Config actions. Move the new account to the Production OU when adjustments to AWS Config are complete.

    C. Convert the organization's root SCPs from deny list SCPs to allow list SCPs to allow the required services only. Temporally apply an SCP to the organization's root that allows AWS Config actions for principals only in the new account.

    D. Create a temporary OU named Onboarding for the new account. Apply an SCP to the Onboarding OU to allow AWS Config actions. Move the organization's root SCP to the Production OU. Move the new account to the Production OU when adjustments to AWS Config are complete.

  • Question 262:

    A company's security compliance requirements state that all Amazon EC2 images must be scanned for vulnerabilities and must pass a CVE assessment. A solutions architect is developing a mechanism to create security- approved AMIs that can be used by developers. Any new AMIs should go through an automated assessment process and be marked as approved before developers can use them. The approved images must be scanned every 30 days to ensure compliance.

    Which combination of steps should the solutions architect take to meet these requirements while following best practices? (Choose two.)

    A. Use the AWS Systems Manager EC2 agent to run the CVE assessment on the EC2 instances launched from the AMIs that need to be scanned.

    B. Use AWS Lambda to write automatic approval rules. Store the approved AMI list in AWS Systems Manager Parameter Store. Use Amazon EventBridge to trigger an AWS Systems Manager Automation document on all EC2 instances every 30 days.

    C. Use Amazon Inspector to run the CVE assessment on the EC2 instances launched from the AMIs that need to be scanned.

    D. Use AWS Lambda to write automatic approval rules. Store the approved AMI list in AWS Systems Manager Parameter Store. Use a managed AWS Config rule for continuous scanning on all EC2 instances, and use AWS Systems Manager Automation documents for remediation.

    E. Use AWS CloudTrail to run the CVE assessment on the EC2 instances launched from the AMIs that need to be scanned.

  • Question 263:

    A solutions architect has implemented a SAML 2.0 federated identity solution with their company's on-premises identity provider (IdP) to authenticate users' access to the AWS environment. When the solutions architect tests authentication through the federated identity web portal, access to the AWS environment is granted. However, when test users attempt to authenticate through the federated identity web portal, they are not able to access the AWS environment.

    Which items should the solutions architect check to ensure identity federation is properly configured? (Choose three.)

    A. The IAM user's permissions policy has allowed the use of SAML federation for that user.

    B. The IAM roles created for the federated users' or federated groups' trust policy have set the SAML provider as the principal.

    C. Test users are not in the AWSFederatedUsers group in the company's IdR.

    D. The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider, the ARN of the IAM role, and the SAML assertion from IdR.

    E. The on-premises IdP's DNS hostname is reachable from the AWS environment VPCs.

    F. The company's IdP defines SAML assertions that properly map users or groups in the company to IAM roles with appropriate permissions.

  • Question 264:

    A company's main intranet page has experienced degraded response times as its user base has increased

    although there are no reports of users seeing error pages. The application uses Amazon DynamoDB in

    read-only mode.

    Amazon DynamoDB latency metrics for successful requests have been in a steady state even during times

    when users have reported degradation. The Development team has correlated the issue to

    ProvisionedThrough put Exceeded exceptions in the application logs when doing Scan and read

    operations The team also identified an access pattern of steady spikes of read activity on a distributed set

    of individual data items.

    The Chief Technology Officer wants to improve the user experience.

    Which solutions will meet these requirements with the LEAST amount of changes to the application?

    (Choose two.)

    A. Change the data model of the DynamoDB tables to ensure that all Scan and read operations meet DynamoDB best practices of uniform data access, reaching the full request throughput provisioned for the DynamoDB tables.

    B. Enable DynamoDB Auto Scaling to manage the throughput capacity as table traffic increases. Set the upper and lower limits to control costs and set a target utilization given the peak usage and how quickly the traffic changes.

    C. Provision Amazon ElastiCache for Redis with cluster mode enabled. The cluster should be provisioned with enough shards to spread the application load and provision at least one read replica node for each shard.

    D. Implement the DynamoDB Accelerator (DAX) client and provision a DAX cluster with the appropriate node types to sustain the application load. Tune the item and query cache configuration for an optimal user experience.

    E. Remove error retries and exponential backoffs in the application code to handle throttling errors.

  • Question 265:

    A Solutions Architect is building a solution for updating user metadata that is initiated by web servers. The solution needs to rapidly scale from hundreds to tens of thousands of jobs in less than 30 seconds. The solution must be asynchronous always avertable and minimize costs.

    Which strategies should the Solutions Architect use to meet these requirements?

    A. Create an AWS SWF worker that will update user metadata updating web application to start a new workflow for every job.

    B. Create an AWS Lambda function that will update user metadata. Create an Amazon SOS queue and configure it as an event source for the Lambda function. Update the web application to send jobs to the

    queue.

    C. Create an AWS Lambda function that will update user metadata. Create AWS Step Functions that will trigger the Lambda function. Update the web application to initiate Step Functions for every job.

    D. Create an Amazon SQS queue. Create an AMI with a worker to check the queue and update user metadata. Configure an Amazon EC2 Auto Scaling group with the new AMI. Update the web application to send jobs to the queue.

  • Question 266:

    An enterprise company is building an infrastructure services platform for its users. The company has the following requirements:

    1.

    Provide least privilege access to users when launching AWS infrastructure so users cannot provision unapproved services.

    2.

    Use a central account to manage the creation of infrastructure services.

    3.

    Provide the ability to distribute infrastructure services to multiple accounts in AWS Organizations.

    4.

    Provide the ability to enforce tags on any infrastructure that is started by users.

    Which combination of actions using AWS services will meet these requirements? (Choose three.)

    A. Develop infrastructure services using AWS Cloud Formation templates. Add the templates to a central Amazon S3 bucket and add the-IAM roles or users that require access to the S3 bucket policy.

    B. Develop infrastructure services using AWS Cloud Formation templates. Upload each template as an AWS Service Catalog product to portfolios created in a central AWS account. Share these portfolios with the Organizations structure created for the company.

    C. Allow user IAM roles to have AWSCloudFormationFullAccess and AmazonS3ReadOnlyAccess permissions. Add an Organizations SCP at the AWS account root user level to deny all services except AWS CloudFormation and Amazon S3.

    D. Allow user IAM roles to have ServiceCatalogEndUserAccess permissions only. Use an automation script to import the central portfolios to local AWS accounts, copy the TagOption assign users access and apply launch constraints.

    E. Use the AWS Service Catalog TagOption Library to maintain a list of tags required by the company. Apply the TagOption to AWS Service Catalog products or portfolios.

    F. Use the AWS CloudFormation Resource Tags property to enforce the application of tags to any CloudFormation templates that will be created for users.

  • Question 267:

    An AWS partner company is building a service in AWS Organizations using its organization named org1. This service requires the partner company to have access to AWS resources in a customer account, which is in a separate organization named org2. The company must establish least privilege security access using an API or command line tool to the customer account.

    What is the MOST secure way to allow org1 to access resources in org2?

    A. The customer should provide the partner company with their AWS account access keys to log in and perform the required tasks.

    B. The customer should create an IAM user and assign the required permissions to the IAM user. The customer should then provide the credentials to the partner company to log in and perform the required tasks.

    C. The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role's Amazon Resource Name (ARN) when requesting access to perform the required tasks.

    D. The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role's Amazon Resource Name (ARN), including the external ID in the IAM role's trust policy, when requesting access to perform the required tasks.

  • Question 268:

    An ecommerce company has an order processing application it wants to migrate to AWS. The application has inconsistent data volume patterns, but needs to be avail at all times. Orders must be processed as they occur and in the order that they are received.

    Which set of steps should a solutions architect take to meet these requirements?

    A. Use AWS Transfer for SFTP and upload orders as they occur. Use On-Demand Instances in multiple Availability Zones for processing.

    B. Use Amazon SNS with FIFO and send orders as they occur. Use a single large Reserved Instance for processing.

    C. Use Amazon SQS with FIFO and send orders as they occur. Use Reserved Instances in multiple Availability Zones for processing.

    D. Use Amazon SQS with FIFO and send orders as they occur. Use Spot Instances in multiple Availability Zones for processing.

  • Question 269:

    A utility company wants to collect usage data every 5 minutes from its smart meters to facilitate time-of-use metering. When a meter sends data to AWS, the data is sent to Amazon API Gateway, processed by an AWS Lambda function and stored in an Amazon DynamoDB table. During the pilot phase, the Lambda functions took from 3 to 5 seconds to complete.

    As more smart meters are deployed, the Engineers notice the Lambda functions are taking from 1 to 2 minutes to complete. The functions are also increasing in duration as new types of metrics are collected from the devices. There are many ProvisionedThroughputExceededException errors while performing PUT operations on DynamoDB, and there are also many TooManyRequestsException errors from Lambda.

    Which combination of changes will resolve these issues? (Choose two.)

    A. Increase the write capacity units to the DynamoDB table.

    B. Increase the memory available to the Lambda functions.

    C. Increase the payload size from the smart meters to send more data.

    D. Stream the data into an Amazon Kinesis data stream from API Gateway and process the data in batches.

    E. Collect data in an Amazon SQS FIFO queue, which triggers a Lambda function to process each message.

  • Question 270:

    A company has a media catalog with metadata for each item in the catalog. Different types of metadata are

    extracted from the media items by an application running on AWS Lambda. Metadata is extracted

    according to a number of rules with the output stored in an Amazon ElastiCache for Redis cluster. The

    extraction process is done in batches and takes around 40 minutes to complete.

    The update process is triggered manually whenever the metadata extraction rules change.

    The company wants to reduce the amount of time it takes to extract metadata from its media catalog. To

    achieve this, a solutions architect has split the single metadata extraction Lambda function into a Lambda

    function for each type of metadata.

    Which additional steps should the solutions architect take to meet the requirements?

    A. Create an AWS Step Functions workflow to run the Lambda functions in parallel. Create another Step Functions workflow that retrieves a list of media items and executes a metadata extraction workflow for each one.

    B. Create an AWS Batch compute environment for each Lambda function. Configure an AWS Batch job queue for the compute environment. Create a Lambda function to retrieve a list of media items and write each item to the job queue.

    C. Create an AWS Step Functions workflow to run the Lambda functions in parallel. Create a Lambda function to retrieve a list of media items and write each item to an Amazon SQS queue. Configure the

    SQS queue as an input to the Step Functions workflow.

    D. Create a Lambda function to retrieve a list of media items and write each item to an Amazon SQS queue. Subscribe the metadata extraction Lambda functions to the SQS queue with a large batch size.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAP-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.