Amazon SAP-C01 Online Practice Questions and Exam Preparation

Amazon SAP-C01 Online Questions & Answers

• Question 291:

  Identify a true statement about the statement ID (Sid) in IAM.

  A. You cannot expose the Sid in the IAM API.
  B. You cannot use a Sid value as a sub-ID for a policy document's ID for services provided by SQS and SNS.
  C. You can expose the Sid in the IAM API.
  D. You cannot assign a Sid value to each statement in a statement array.
  A. You cannot expose the Sid in the IAM API.

• Question 292:

  A company is using an existing orchestration tool to manage thousands of Amazon EC2 instances. A recent penetration test found a vulnerability in the company's software stack. This vulnerability has prompted the company to perform a full evaluation of its current production environment. The analysis determined that the following vulnerabilities exist within the environment:

  1.

  Operating systems with outdated libraries and known vulnerabilities are being used in production.

  2.

  Relational databases hosted and managed by the company are running unsupported versions with known vulnerabilities.

  3.

  Data stored in databases is not encrypted.

  The solutions architect intends to use AWS Contig to continuously audit and assess the compliance of the company's AWS resource configurations with the company's policies and guidelines.

  What additional steps will enable the company to secure its environments and track resources while adhering to best practices?

  A. Use AWS Application Discovery Service to evaluate all running EC2 instances Use the AWS CLI to modify each instance, and use EC2 user data to install the AWS Systems Manager Agent during boot. Schedule patching to run as a Systems Manager Maintenance Windows task. Migrate all relational databases to Amazon RDS and enable AWS KMS encryption.
  B. Create an AWS CloudFormation template for the EC2 instances. Use EC2 user data in the CloudFormation template to install the AWS Systems Manager Agent, and enable AWS KMS encryption on all Amazon EBS volumes. Have CloudFormation replace all running instances. Use Systems Manager Patch Manager to establish a patch baseline and deploy a Systems Manager Maintenance Windows task to execute AWS-RunPatchBaseline using the patch baseline.
  C. Install the AWS Systems Manager Agent on all existing instances using the company's current orchestration tool. Use the Systems Manager Run Command to execute a list of commands to upgrade software on each instance using operating system-specific tools. Enable AWS KMS encryption on all Amazon EBS volumes.
  D. Install the AWS Systems Manager Agent on all existing instances using the company's current orchestration tool. Migrate all relational databases to Amazon RDS and enable AWS KMS encryption. Use Systems Manager Patch Manager to establish a patch baseline and deploy a Systems Manager Maintenance Windows task to execute AWS-RunPatchBaseline using the patch baseline.
  C. Install the AWS Systems Manager Agent on all existing instances using the company's current orchestration tool. Use the Systems Manager Run Command to execute a list of commands to upgrade software on each instance using operating system-specific tools. Enable AWS KMS encryption on all Amazon EBS volumes.

• Question 293:

  A company is planning to migrate its on-premises data analysis application to AWS. The application is hosted across a fleet of servers and requires consistent system time.

  The company has established an AWS Direct Connect connection from its on-premises data center to AWS. The company has a high-precision stratum-0 atomic dock network appliance that acts as an NTP source for all on-premises servers.

  After the migration to AWS is complete, the clock on all Amazon EC2 instances that host the application must be synchronized with the on-premises atomic clock network appliance.

  Which solution will meet these requirements with the LEAST administrative overhead?

  A. Configure a DHCP options set with the on-premises NTP server address Assign the options set to the VPC. Ensure that NTP traffic is allowed between AWS and the on-premises networks.
  B. Create a custom AMI to use the Amazon Time Sync Service at 169.254.169.123 Use this AMI for the application Use AWS Config to audit the NTP configuration.
  C. Deploy a third-party time server from the AWS Marketplace. Configure the time server to synchronize with the on-premises atomic clock network appliance. Ensure that NTP traffic is allowed inbound in the network ACLs for the VPC that contains the third-party server.
  D. Create an IPsec VPN tunnel from the on-premises atomic clock network appliance to the VPC to encrypt the traffic over the Direct Connect connection. Configure the VPC route tables to direct NTP traffic over the tunnel.
  B. Create a custom AMI to use the Amazon Time Sync Service at 169.254.169.123 Use this AMI for the application Use AWS Config to audit the NTP configuration.

• Question 294:

  A company has automated the nightly retraining ot its machine learning models by using AWS Step Functions. The workflow consists of multiple steps that use AWS Lambda. Each step can fail for various reasons, and any failure causes a

  failure of the overall workflow.

  A review reveals that the retraining has failed multiple nights in a row without the company noticing the failure. A solutions architect needs to improve the workflow so that notifications are sent for all types of failures in the retraining process.

  Which combination of steps should the solutions architect take to meet these requirements? (Select THREE.)

  A. Create an Amazon Simple Notification Service {Amazon SNS) topic with a subscription of type "Email" that targets the team's mailing list.
  B. Create a task named "Email" that forwards the input arguments to the SNS topic
  C. Add a Catch field to all Task. Map. and Parallel states that have a statement of "ErrorEquals": [ "states.all" ] and "Next": "Email".
  D. Add a new email address to Amazon Simple Email Service (Amazon SES). Verify the email address.
  E. Create a task named "Email" that forwards the input arguments to the SES email address
  F. Add a Catch field to all Task, Map, and Parallel states that have a statement of "ErrorEquals": [ "states. Bun time" ] and "Next": "Email".
  B. Create a task named "Email" that forwards the input arguments to the SNS topic
  C. Add a Catch field to all Task. Map. and Parallel states that have a statement of "ErrorEquals": [ "states.all" ] and "Next": "Email".
  D. Add a new email address to Amazon Simple Email Service (Amazon SES). Verify the email address.

• Question 295:

  A company is running a three-tier web application in an on-premises data center. The frontend is served by an Apache web server, the middle tier is a monolithic Java application, and the storage tier is a PostgreSOL database.

  During a recent marketing promotion, customers could not place orders through the application because the application crashed An analysis showed that all three tiers were overloaded. The application became unresponsive, and the

  database reached its capacity limit because of read operations. The company already has several similar promotions scheduled in the near future.

  A solutions architect must develop a plan for migration to AWS to resolve these issues. The solution must maximize scalability and must minimize operational effort.

  Which combination of steps will meet these requirements? (Select THREE.)

  A. Refactor the frontend so that static assets can be hosted on Amazon S3. Use Amazon CloudFront to serve the frontend to customers. Connect the frontend to the Java application.
  B. Rehost the Apache web server of the frontend on Amazon EC2 instances that are in an Auto Scaling group. Use a load balancer in front of the Auto Scaling group. Use Amazon Elastic File System (Amazon EFS) to host the static assets that the Apache web server needs.
  C. Rehost the Java application in an AWS Elastic Beanstalk environment that includes auto scaling.
  D. Refactor the Java application. Develop a Docker container to run the Java application. Use AWS Fargate to host the container.
  E. Use AWS Database Migration Service (AWS DMS) to replatform the PostgreSQL database to an Amazon Aurora PostgreSQL database. Use Aurora Auto Scaling for read replicas.
  F. Rehost the PostgreSQL database on an Amazon EC2 instance that has twice as much memory as the on-premises server.
  B. Rehost the Apache web server of the frontend on Amazon EC2 instances that are in an Auto Scaling group. Use a load balancer in front of the Auto Scaling group. Use Amazon Elastic File System (Amazon EFS) to host the static assets that the Apache web server needs.
  C. Rehost the Java application in an AWS Elastic Beanstalk environment that includes auto scaling.
  F. Rehost the PostgreSQL database on an Amazon EC2 instance that has twice as much memory as the on-premises server.

• Question 296:

  A company is running a batch analysis every hour on their main transactional DB, running on an RDS MySQL instance, to populate their central Data Warehouse running on Redshift. During the execution of the batch, their transactional applications are very slow. When the batch completes they need to update the top management dashboard with the new data. The dashboard is produced by another system running on-premises that is currently started when a manually-sent email notifies that an update is required. The on-premises system cannot be modified because is managed by another team.

  How would you optimize this scenario to solve performance issues and automate the process as much as possible?

  A. Replace RDS with Redshift for the batch analysis and SNS to notify the on-premises system to update the dashboard
  B. Replace RDS with Redshift for the oaten analysis and SQS to send a message to the on-premises system to update the dashboard
  C. Create an RDS Read Replica for the batch analysis and SNS to notify me on-premises system to update the dashboard
  D. Create an RDS Read Replica for the batch analysis and SQS to send a message to the on-premises system to update the dashboard.
  C. Create an RDS Read Replica for the batch analysis and SNS to notify me on-premises system to update the dashboard

• Question 297:

  Someone is creating a VPC for their application hosting. He has created two private subnets in the same availability zone and created one subnet in a separate availability zone. He wants to make a High Availability system with an internal Elastic Load Balancer.

  Which choice is true regarding internal ELBs in this scenario? (Choose two.)

  A. Internal ELBs should only be launched within private subnets.
  B. Amazon ELB service does not allow subnet selection; instead it will automatically select all the available subnets of the VPC.
  C. Internal ELBs can support only one subnet in each availability zone.
  D. An internal ELB can support all the subnets irrespective of their zones.
  A. Internal ELBs should only be launched within private subnets.
  C. Internal ELBs can support only one subnet in each availability zone.

• Question 298:

  A Solutions Architect must design a highly available, stateless, REST service. The service will require multiple persistent storage layers for service object meta information and the delivery of content. Each request needs to be authenticated and securely processed. There is a requirement to keep costs as low as possible.

  How can these requirements be met?

  A. Use AWS Fargate to host a container that runs a self-contained REST service. Set up an Amazon ECS service that is fronted by an Application Load Balancer (ALB). Use a custom authenticator to control access to the API. Store request meta information in Amazon DynamoDB with Auto Scaling and static content in a secured S3 bucket. Make secure signed requests for Amazon S3 objects and proxy the data through the REST service interface.
  B. Use AWS Fargate to host a container that runs a self-contained REST service. Set up an ECS service that is fronted by a cross-zone ALB. Use an Amazon Cognito user pool to control access to the API. Store request meta information in DynamoDB with Auto Scaling and static content in a secured S3 bucket. Generate presigned URLs when returning references to content stored in Amazon S3.
  C. Set up Amazon API Gateway and create the required API resources and methods. Use an Amazon Cognito user pool to control access to the API. Configure the methods to use AWS Lambda proxy integrations, and process each resource with a unique AWS Lambda function. Store request meta information in DynamoDB with Auto Scaling and static content in a secured S3 bucket. Generate presigned URLs when returning references to content stored in Amazon S3.
  D. Set up Amazon API Gateway and create the required API resources and methods. Use an Amazon API Gateway custom authorizer to control access to the API. Configure the methods to use AWS Lambda custom integrations, and process each resource with a unique Lambda function. Store request meta information in an Amazon ElastiCache Multi-AZ cluster and static content in a secured S3 bucket. Generate presigned URLs when returning references to content stored in Amazon S3.
  D. Set up Amazon API Gateway and create the required API resources and methods. Use an Amazon API Gateway custom authorizer to control access to the API. Configure the methods to use AWS Lambda custom integrations, and process each resource with a unique Lambda function. Store request meta information in an Amazon ElastiCache Multi-AZ cluster and static content in a secured S3 bucket. Generate presigned URLs when returning references to content stored in Amazon S3.

• Question 299:

  A company wants to use Amazon S3 to back up its on-premises file storage solution. The company's on-premises file storage solution supports NFS, and the company wants its new solution to support NFS. The company wants to archive the backup files after 5 days. If the company needs archived files for disaster recovery, the company is willing to wait a few days for the retrieval of those files.

  Which solution meets these requirements MOST cost-effectively?

  A. Deploy an AWS Storage Gateway files gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the file gateway. Create an S3 Lifecycle rule to move the file to S3 Standard-Infrequent Access (S3 Standard-IA) after 5 days.
  B. Deploy an AWS Storage Gateway volume gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the volume gateway. Create an S3 Lifecycle rule to move the files to S3 Glacier Deep Archive after 5 days.
  C. Deploy an AWS Storage Gateway tape gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the tape gateway. Create an S3 Lifecycle rule to move the files to S3 Standard-Infrequent Access (S3 Standard-IA) after 5 days.
  D. Deploy an AWS Storage Gateway file gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the file gateway. Create an S3 Lifecycle rule to move the files to S3 Glacier Deep Archive after 5 days.
  D. Deploy an AWS Storage Gateway file gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the file gateway. Create an S3 Lifecycle rule to move the files to S3 Glacier Deep Archive after 5 days.

• Question 300:

  AWS Direct Connect itself has NO specific resources for you to control access to. Therefore, there are no AWS Direct Connect Amazon Resource Names (ARNs) for you to use in an Identity and Access Management (IAM) policy. With that in mind, how is it possible to write a policy to control access to AWS Direct Connect actions?

  A. You can leave the resource name field blank.
  B. You can choose the name of the AWS Direct Connection as the resource.
  C. You can use an asterisk (*) as the resource.
  D. You can create a name for the resource.
  C. You can use an asterisk (*) as the resource.