Amazon Amazon Certifications SAP-C01 Questions & Answers

• Question 391:

  A company has an Amazon EC2 deployment that has the following architecture:

  1.

  An application tier that contains 8 m4.xlarge instances

  2.

  A Classic Load Balancer

  3.

  Amazon S3 as a persistent data store

  After one of the EC2 instances fails, users report very slow processing of their requests. A Solutions Architect must recommend design changes to maximize system reliability. The solution must minimize costs.

  What should the Solutions Architect recommend?

  A. Migrate the existing EC2 instances to a serverless deployment using AWS Lambda functions

  B. Change the Classic Load Balancer to an Application Load Balancer

  C. Replace the application tier with m4.large instances in an Auto Scaling group D. Replace the application tier with 4 m4.2xlarge instances

  Correct Answer: B

  By default, connection draining is enabled for Application Load Balancers but must be enabled for Classic Load Balancers. When Connection Draining is enabled and configured, the process of deregistering an instance from an Elastic Load Balancer gains an additional step. For the duration of the configured timeout, the load balancer will allow existing, in-flight requests made to an instance to complete, but it will not send any new requests to the instance. During this time, the API will report the status of the instance as InService, along with a message stating that "Instance deregistration currently in progress." Once the timeout is reached, any remaining connections will be forcibly closed.

  Reference: https://docs.aws.amazon.com/autoscaling/ec2/userguide/attach-load-balancer-asg.html

  https://aws.amazon.com/blogs/aws/elb-connection-draining-remove-instances-from-service-with-care/

• Question 392:

  A company wants to move a web application to AWS. The application stores session information locally on each web server, which will make auto scaling difficult. As part of the migration, the application will be rewritten to decouple the session data from the web servers. The company requires low latency, scalability, and availability.

  Which service will meet the requirements for storing the session information in the MOST cost-effective way?

  A. Amazon ElastiCache with the Memcached engine

  B. Amazon S3

  C. Amazon RDS MySQL

  D. Amazon ElastiCache with the Redis engine

  Correct Answer: D

  Building real-time apps across versatile use cases like gaming, geospatial service, caching, session

  stores, or queuing, with advanced data structures, replication, and point-in-time snapshot support.

  Memcached: Building a simple, scalable caching layer for your data- intensive apps

  Reference:

  https://aws.amazon.com/caching/session-management/

  https://aws.amazon.com/elasticache/redis-vs-memcached/

• Question 393:

  A company that provides wireless services needs a solution to store and analyze log files about user activities. Currently, log files are delivered daily to Amazon Linux on an Amazon EC2 instance. A batch script is run once a day to aggregate data used for analysis by a third-party tool. The data pushed to the third-party tool is used to generate a visualization for end users. The batch script is cumbersome to maintain, and it takes several hours to deliver the ever-increasing data volumes to the third-party tool. The company wants to lower costs, and is open to considering a new tool that minimizes development effort and lowers administrative overhead. The company wants to build a more agile solution that can store and perform the analysis in near-real time, with minimal overhead. The solution needs to be cost effective and scalable to meet the company's end-user base growth.

  Which solution meets the company's requirements?

  A. Develop a Python script to capture the data from Amazon EC2 in real time and store the data in

  Amazon S3. Use a copy command to copy data from Amazon S3 to Amazon Redshift. Connect a

  business intelligence tool running on Amazon EC2 to Amazon Redshift and create the visualizations.

  B. Use an Amazon Kinesis agent running on an EC2 instance in an Auto Scaling group to collect and send the data to an Amazon Kinesis Data Firehose delivery stream. The Kinesis Data Firehose delivery stream will deliver the data directly to Amazon ES. Use Kibana to visualize the data.

  C. Use an in-memory caching application running on an Amazon EBS-optimized EC2 instance to capture the log data in near real-time. Install an Amazon ES cluster on the same EC2 instance to store the log files as they are delivered to Amazon EC2 in near real-time. Install a Kibana plugin to create the visualizations.

  D. Use an Amazon Kinesis agent running on an EC2 instance to collect and send the data to an Amazon Kinesis Data Firehose delivery stream. The Kinesis Data Firehose delivery stream will deliver the data to Amazon S3. Use an AWS Lambda function to deliver the data from Amazon S3 to Amazon ES. Use Kibana to visualize the data.

  Correct Answer: B

  Reference: https://docs.aws.amazon.com/firehose/latest/dev/writing-with-agents.html

• Question 394:

  A company with several AWS accounts is using AWS Organizations and service control policies (SCPs). An Administrator created the following SCP and has attached it to an organizational unit (OU) that contains AWS account 1111-1111- 1111:

  

  Developers working in account 1111-1111-1111 complain that they cannot create Amazon S3 buckets. How should the Administrator address this problem?

  A. Add s3:CreateBucket with "Allow" effect to the SCP.

  B. Remove the account from the OU, and attach the SCP directly to account 1111-1111-1111.

  C. Instruct the Developers to add Amazon S3 permissions to their IAM entities.

  D. Remove the SCP from account 1111-1111-1111.

  Correct Answer: C

• Question 395:

  A company has several teams, and each team has their own Amazon RDS database that totals 100 TB. The company is building a data query platform for Business Intelligence Analysts to generate a weekly business report. The new system must run ad-hoc SQL queries.

  What is the MOST cost-effective solution?

  A. Create a new Amazon Redshift cluster. Create an AWS Glue ETL job to copy data from the RDS databases to the Amazon Redshift cluster. Use Amazon Redshift to run the query.

  B. Create an Amazon EMR cluster with enough core nodes. Run an Apache Spark job to copy data from the RDS databases to a Hadoop Distributed File System (HDFS). Use a local Apache Hive metastore to maintain the table definition. Use Spark SQL to run the query.

  C. Use an AWS Glue ETL job to copy all the RDS databases to a single Amazon Aurora PostgreSQL database. Run SQL queries on the Aurora PostgreSQL database.

  D. Use an AWS Glue crawler to crawl all the databases and create tables in the AWS Glue Data Catalog. Use an AWS Glue ETL job to load data from the RDS databases to Amazon S3, and use Amazon Athena to run the queries.

  Correct Answer: A

• Question 396:

  A company has an application that uses Amazon EC2 instances in an Auto Scaling group. The Quality Assurance (QA) department needs to launch a large number of short-lived environments to test the application. The application environments are currently launched by the Manager of the department using an AWS CloudFormation template. To launch the stack, the Manager uses a role with permission to use CloudFormation, EC2, and Auto Scaling APIs. The Manager wants to allow testers to launch their own environments, but does not want to grant broad permissions to each user.

  Which set up would achieve these goals?

  A. Upload the AWS CloudFormation template to Amazon S3. Give users in the QA department permission to assume the Manager's role and add a policy that restricts the permissions to the template and the resources it creates. Train users to launch the template from the CloudFormation console.

  B. Create an AWS Service Catalog product from the environment template. Add a launch constraint to the product with the existing role. Give users in the QA department permission to use AWS Service Catalog APIs only. Train users to launch the templates from the AWS Service Catalog console.

  C. Upload the AWS CloudFormation template to Amazon S3. Give users in the QA department permission to use CloudFormation and S3 APIs, with conditions that restrict the permission to the template and the resources it creates. Train users to launch the template from the CloudFormation console.

  D. Create an AWS Elastic Beanstalk application from the environment template. Give users in the QA department permission to use Elastic Beanstalk permissions only. Train users to launch Elastic Beanstalk environment with the Elastic Beanstalk CLI, passing the existing role to the environment as a service role.

  Correct Answer: B

  Reference: https://aws.amazon.com/ru/blogs/mt/how-to-launch-secure-and-governed-aws-resources-with-awscloudformation-and-aws-service-catalog/

• Question 397:

  A company has a website that enables users to upload videos. Company policy states the uploaded videos must be analyzed for restricted content. An uploaded video is placed in Amazon S3, and a message is pushed to an Amazon SQS queue with the video's location. A backend application pulls this location from Amazon SQS and analyzes the video.

  The video analysis is compute-intensive and occurs sporadically during the day. The website scales with demand. The video analysis application runs on a fixed number of instances. Peak demand occurs during the holidays, so the company must add instances to the application during this time. All instances used are currently on-demand Amazon EC2 T2 instances. The company wants to reduce the cost of the current solution.

  Which of the following solutions is MOST cost-effective?

  A. Keep the website on T2 instances. Determine the minimum number of website instances required during off-peak times and use Spot Instances to cover them while using Reserved Instances to cover peak demand. Use Amazon EC2 R4 and Amazon EC2 R5 Reserved Instances in an Auto Scaling group for the video analysis application.

  B. Keep the website on T2 instances. Determine the minimum number of website instances required during off-peak times and use Reserved Instances to cover them while using On-Demand Instances to cover peak demand. Use Spot Fleet for the video analysis application comprised of Amazon EC2 C4

  and Amazon EC2 C5 Spot Instances.

  C. Migrate the website to AWS Elastic Beanstalk and Amazon EC2 C4 instances. Determine the minimum number of website instances required during off-peak times and use On-Demand Instances to cover them while using Spot capacity to cover peak demand. Use Spot Fleet for the video analysis application comprised of C4 and Amazon EC2 C5 instances.

  D. Migrate the website to AWS Elastic Beanstalk and Amazon EC2 R4 instances. Determine the minimum number of website instances required during off-peak times and use Reserved Instances to cover them while using On-Demand Instances to cover peak demand. Use Spot Fleet for the video analysis application comprised of R4 and Amazon EC2 R5 instances.

  Correct Answer: B

• Question 398:

  A company has an internal AWS Elastic Beanstalk worker environment inside a VPC that must access an external payment gateway API available on an HTTPS endpoint on the public internet. Because of security policies, the payment gateway's Application team can grant access to only one public IP address.

  Which architecture will set up an Elastic Beanstalk environment to access the company's application without making multiple changes on the company's end?

  A. Configure the Elastic Beanstalk application to place Amazon EC2 instances in a private subnet with an outbound route to a NAT gateway in a public subnet. Associate an Elastic IP address to the NAT gateway that can be whitelisted on the payment gateway application side.

  B. Configure the Elastic Beanstalk application to place Amazon EC2 instances in a public subnet with an internet gateway. Associate an Elastic IP address to the internet gateway that can be whitelisted on the payment gateway application side.

  C. Configure the Elastic Beanstalk application to place Amazon EC2 instances in a private subnet. Set an HTTPS_PROXY application parameter to send outbound HTTPS connections to an EC2 proxy server deployed in a public subnet. Associate an Elastic IP address to the EC2 proxy host that can be whitelisted on the payment gateway application side.

  D. Configure the Elastic Beanstalk application to place Amazon EC2 instances in a public subnet. Set the HTTPS_PROXY and NO_PROXY application parameters to send non-VPC outbound HTTPS connections to an EC2 proxy server deployed in a public subnet. Associate an Elastic IP address to the EC2 proxy host that can be whitelisted on the payment gateway application side.

  Correct Answer: A

  Reference: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/vpc.html

• Question 399:

  A company has an Amazon VPC that is divided into a public subnet and a private subnet. A web application runs in Amazon VPC, and each subnet has its own NACL. The public subnet has a CIDR of 10.0.0.0/24. An Application Load Balancer is deployed to the public subnet. The private subnet has a CIDR of 10.0.1.0/24. Amazon EC2 instances that run a web server on port 80 are launched into the private subnet.

  Only network traffic that is required for the Application Load Balancer to access the web application can be allowed to travel between the public and private subnets.

  What collection of rules should be written to ensure that the private subnet's NACL meets the requirement? (Choose two.)

  A. An inbound rule for port 80 from source 0.0.0.0/0.

  B. An inbound rule for port 80 from source 10.0.0.0/24.

  C. An outbound rule for port 80 to destination 0.0.0.0/0.

  D. An outbound rule for port 80 to destination 10.0.0.0/24.

  E. An outbound rule for ports 1024 through 65535 to destination 10.0.0.0/24.

  Correct Answer: BE

  Ephemeral ports are not covered in the syllabus so be careful that you don't confuse day to day best

  practise with what is required for the exam. Link to an explanation on Ephemeral ports here.

  Reference:

  https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario3.html

  https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-KUbcwo4lXefMl7janaK/

  network-acls-ephemeral-ports

• Question 400:

  A Solutions Architect needs to migrate a legacy application from on premises to AWS. On premises, the application runs on two Linux servers behind a load balancer and accesses a database that is master-master on two servers. Each application server requires a license file that is tied to the MAC address of the server's network adapter. It takes the software vendor 12 hours to send ne license files through email. The application requires configuration files to use static. IPv4 addresses to access the database servers, not DNS.

  Given these requirements, which steps should be taken together to enable a scalable architecture for the application servers? (Choose two.)

  A. Create a pool of ENIs, request license files from the vendor for the pool, and store the license files within Amazon S3. Create automation to download an unused license, and attach the corresponding ENI at boot time.

  B. Create a pool of ENIs, request license files from the vendor for the pool, store the license files on an Amazon EC2 instance, modify the configuration files, and create an AMI from the instance. use this AMI for all instances.

  C. Create a bootstrap automation to request a new license file from the vendor with a unique return email. Have the server configure itself with the received license file.

  D. Create bootstrap automation to attach an ENI from the pool, read the database IP addresses from AWS Systems Manager Parameter Store, and inject those parameters into the local configuration files. Keep SSM up to date using a Lambda function.

  E. Install the application on an EC2 instance, configure the application, and configure the IP address information. Create an AMI from this instance and use if for all instances.

  Correct Answer: CD