Amazon SAP-C01 Online Practice Questions and Exam Preparation

Amazon SAP-C01 Online Questions & Answers

• Question 311:

  You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture. Which alternatives should you consider? (Choose two.)

  A. Configure a NAT instance in your VPC. Create a default route via the NAT instance and associate it with all subnets. Configure a DNS A record that points to the NAT instance public IP address.
  B. Configure a CloudFront distribution and configure the origin to point to the private IP addresses of your Web servers. Configure a Route53 CNAME record to your CloudFront distribution.
  C. Place all your web servers behind ELB. Configure a Route53 CNMIE to point to the ELB DNS name.
  D. Assign EIPs to all web servers. Configure a Route53 record set with all EIPs, with health checks and DNS failover.
  E. Configure ELB with an EIP. Place all your Web servers behind ELB. Configure a Route53 A record that points to the EIP.
  C. Place all your web servers behind ELB. Configure a Route53 CNMIE to point to the ELB DNS name.
  D. Assign EIPs to all web servers. Configure a Route53 record set with all EIPs, with health checks and DNS failover.

• Question 312:

  A solution architect is designing an AWS account structure for a company that consists of multiple terms. All the team will work in the same AWS Region. The company needs a VPC that is connected to the on- premises network. The company expects less than 50 Mbps of total to and from the on-premises network.

  Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO)

  A. Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to each AWS account
  B. Create an AWS CloudFormabon template that provisions a VPC and the required subnets. Deploy the template to a shared services account. Share the subnets by using AWS Resource Access Manager
  C. Use AWS Transit Gateway along with an AWS Site-to-Site VPN for connectivity to the on-premises network. Share the transit gateway by using AWS Resource Access Manager
  D. Use AWS Site-to-Site VPN for connectivity to the on-premises network
  E. Use AWS Direct Connect for connectivity to the on-premises network.
  B. Create an AWS CloudFormabon template that provisions a VPC and the required subnets. Deploy the template to a shared services account. Share the subnets by using AWS Resource Access Manager
  D. Use AWS Site-to-Site VPN for connectivity to the on-premises network

• Question 313:

  An organization has developed an application which provides a smarter shopping experience. They need to show a demonstration to various stakeholders who may not be able to access the in premise application so they decide to host a

  demo version of the application on AWS.

  Consequently, they will need a fixed elastic IP attached automatically to the instance when it is launched.

  In this scenario which of the below mentioned options will not help assign the elastic IP automatically?

  A. Write a script which will fetch the instance metadata on system boot and assign the public IP using that metadata.
  B. Provide an elastic IP in the user data and setup a bootstrapping script which will fetch that elastic IP and assign it to the instance.
  C. Create a controlling application which launches the instance and assigns the elastic IP based on the parameter provided when that instance is booted.
  D. Launch instance with VPC and assign an elastic IP to the primary network interface.
  A. Write a script which will fetch the instance metadata on system boot and assign the public IP using that metadata.

• Question 314:

  A company has a project that is launching Amazon EC2 instances that are larger than required. The project's account cannot be part of the company's organization in AWS Organizations due to policy restrictions to keep this activity outside of corporate IT. The company wants to allow only the launch of t3.small EC2 instances by developers in the project's account. These EC2 instances must be restricted to the us-east-2 Region.

  What should a solutions architect do to meet these requirements?

  A. Create a new developer account. Move all EC2 instances, users, and assets into us-east-2. Add the account to the company's organization in AWS Organizations. Enforce a tagging policy that denotes Region affinity.
  B. Create an SCP that denies the launch of all EC2 instances except I3.small EC2 instances in us-east-2. Attach the SCP to the project's account.
  C. Create and purchase a t3.small EC2 Reserved Instance for each developer in us-east-2. Assign each developer a specific EC2 instance with their name as the tag.
  D. Create an IAM policy than allows the launch of only t3.small EC2 instances in us-east-2. Attach the policy to the roles and groups that the developers use in the project's account.
  D. Create an IAM policy than allows the launch of only t3.small EC2 instances in us-east-2. Attach the policy to the roles and groups that the developers use in the project's account.

• Question 315:

  A company is adding a new approved external vendor that only supports IPv6 connectivity. The company's backend systems sit in the private subnet of an Amazon VPC. The company uses a NAT gateway to allow these systems to communicate with external vendors over IPv4. Company policy requires systems that communicate with external vendors to use a security group that limits access to only approved external vendors. The virtual private cloud (VPC) uses the default network ACL.

  The Systems Operator successfully assigns IPv6 addresses to each of the backend systems. The Systems Operator also updates the outbound security group to include the IPv6 CIDR of the external vendor (destination). The systems within the VPC are able to ping one another successfully over IPv6. However, these systems are unable to communicate with the external vendor.

  What changes are required to enable communication with the external vendor?

  A. Create an IPv6 NAT instance. Add a route for destination 0.0.0.0/0 pointing to the NAT instance.
  B. Enable IPv6 on the NAT gateway. Add a route for destination ::/0 pointing to the NAT gateway.
  C. Enable IPv6 on the internet gateway. Add a route for destination 0.0.0.0/0 pointing to the IGW.
  D. Create an egress-only internet gateway. Add a route for destination ::/0 pointing to the gateway.
  D. Create an egress-only internet gateway. Add a route for destination ::/0 pointing to the gateway.

• Question 316:

  An organization is setting up a web application with the JEE stack. The application uses the JBoss app server and MySQL DB. The application has a logging module which logs all the activities whenever a business function of the JEE application is called. The logging activity takes some time due to the large size of the log file.

  If the application wants to setup a scalable infrastructure which of the below mentioned options will help achieve this setup?

  A. Host the log files on EBS with PIOPS which will have higher I/O.
  B. Host logging and the app server on separate servers such that they are both in the same zone.
  C. Host logging and the app server on the same instance so that the network latency will be shorter.
  D. Create a separate module for logging and using SQS compartmentalize the module such that all calls to logging are asynchronous.
  D. Create a separate module for logging and using SQS compartmentalize the module such that all calls to logging are asynchronous.

• Question 317:

  A company operates an on-premises software-as-a-service (SaaS) solution that ingests several files daily. The company provides multiple public SFTP endpoints to its customers to facilitate the file transfers. The customers add the SFTP

  endpoint IP addresses to their firewall allow list for outbound traffic. Changes to the SFTP endpoint IP addresses are not permitted.

  The company wants to migrate the SaaS solution to AWS and decrease the operational overhead of the file transfer service.

  Which solution meets these requirements?

  A. Register the customer-owned block of IP addresses in the company's AWS account. Create Elastic IP addresses from the address pool and assign them to an AWS Transfer for SFTP endpoint. Use AWS Transfer to store the files in Amazon S3.
  B. Add a subnet containing the customer-owned block of IP addresses to a VPC. Create Elastic IP addresses from the address pool and assign them to an Application Load Balancer (ALB). Launch EC2 instances hosting FTP services in an Auto Scaling group behind the ALB. Store the files in attached Amazon Elastic Block Store (Amazon EBS) volumes.
  C. Register the customer-owned block of IP addresses with Amazon Route 53. Create alias records in Route 53 that point to a Network Load Balancer (NLB). Launch EC2 instances hosting FTP services in an Auto Scaling group behind the NLB. Store the files in Amazon S3.
  D. Register the customer-owned block of IP addresses in the company's AWS account. Create Elastic IP addresses from the address pool and assign them to an Amazon S3 VPC endpoint. Enable SFTP support on the S3 bucket.
  A. Register the customer-owned block of IP addresses in the company's AWS account. Create Elastic IP addresses from the address pool and assign them to an AWS Transfer for SFTP endpoint. Use AWS Transfer to store the files in Amazon S3.

• Question 318:

  A company that is developing a mobile game is making game assets available in two AWS Regions. Game assets are served from a set of Amazon EC2 instances behind an Application Load Balancer (ALB) in each Region. The company requires game assets to be fetched from the closest Region. If game assets become unavailable in the closest Region, they should be fetched from the other Region.

  What should a solutions architect do to meet these requirements?

  A. Create an Amazon CloudFront distribution. Create an origin group with one origin for each ALB. Set one of the origins as primary.
  B. Create an Amazon Route 53 health check for each ALB. Create a Route 53 failover routing record pointing to the two ALBs. Set the Evaluate Target Health value to Yes.
  C. Create two Amazon CloudFront distributions, each with one ALB as the origin. Create an Amazon Route 53 failover routing record pointing to the two CloudFront distributions. Set the Evaluate Target Health value to Yes.
  D. Create an Amazon Route 53 health check for each ALB. Create a Route 53 latency alias record pointing to the two ALBs. Set the Evaluate Target Health value to Yes.
  D. Create an Amazon Route 53 health check for each ALB. Create a Route 53 latency alias record pointing to the two ALBs. Set the Evaluate Target Health value to Yes.

• Question 319:

  Which EC2 functionality allows the user to place the Cluster Compute instances in clusters?

  A. Cluster group
  B. Cluster security group
  C. GPU units
  D. Cluster placement group
  D. Cluster placement group

• Question 320:

  After moving an E-Commerce website for a client from a dedicated server to AWS you have also set up auto scaling to perform health checks on the instances in your group and replace instances that fail these checks. Your client has come to you with his own health check system that he wants you to use as it has proved to be very useful prior to his site running on AWS.

  What do you think would be an appropriate response to this given all that you know about auto scaling and CloudWatch?

  A. It is not possible to implement your own health check system due to compatibility issues.
  B. It is not possible to implement your own health check system. You need to use AWSs health check system.
  C. It is possible to implement your own health check system and then send the instance's health information directly from your system to CloudWatch but only in the US East (N. Virginia) region.
  D. It is possible to implement your own health check system and then send the instance's health information directly from your system to CloudWatch.
  D. It is possible to implement your own health check system and then send the instance's health information directly from your system to CloudWatch.