Amazon SAP-C01 Online Practice Questions and Exam Preparation

Amazon SAP-C01 Online Questions & Answers

• Question 511:

  A company has an Amazon EC2 deployment that has the following architecture:

  1.

  An application tier that contains 8 m4.xlarge instances

  2.

  A Classic Load Balancer

  3.

  Amazon S3 as a persistent data store

  After one of the EC2 instances fails, users report very slow processing of their requests. A Solutions Architect must recommend design changes to maximize system reliability. The solution must minimize costs.

  What should the Solutions Architect recommend?

  A. Migrate the existing EC2 instances to a serverless deployment using AWS Lambda functions
  B. Change the Classic Load Balancer to an Application Load Balancer
  C. Replace the application tier with m4.large instances in an Auto Scaling group
  D. Replace the application tier with 4 m4.2xlarge instances
  B. Change the Classic Load Balancer to an Application Load Balancer

• Question 512:

  A solutions architect needs to review the design of an Amazon EMR cluster that is using the EMR File System (EMRFS). The cluster performs tasks that are critical to business needs. The cluster is running Amazon EC2 On-Demand Instances at all times for all task, master, and core nodes The EMR tasks run each morning, starting at 1:00 AM, and take 6 hours to finish running. The amount of time to complete the processing is not a priority because the data is not referenced until late in the day.

  The solutions architect must review the architecture and suggest a solution to minimize the compute costs

  Which solution should the solutions architect recommend to meet these requirements?

  A. Launch all task, master, and core nodes on Spot Instances in an instance fleet.Terminate the cluster, including all instances, when the processing is completed.
  B. Launch the master and core nodes on On-Demand Instances. Launch the task nodes on Spot Instances In an instance fleet. Terminate the cluster, including all instances, when the processing is completed. Purchase Compute Savings Plans to cover the On-Demand Instance usage.
  C. Continue to launch all nodes on On-Demand Instances. Terminate the cluster. Including all instances, when the processing Is completed. Purchase Compute Savings Plans to cover the On-Demand Instance usage.
  D. Launch the master and core nodes on On-Demand Instances. Launch the task nodes on Spot Instances In an instance fleet. Terminate only the task node Instances when the processing is completed Purchase Compute Savings Plans to cover the On-Demand Instance usage.
  B. Launch the master and core nodes on On-Demand Instances. Launch the task nodes on Spot Instances In an instance fleet. Terminate the cluster, including all instances, when the processing is completed. Purchase Compute Savings Plans to cover the On-Demand Instance usage.

• Question 513:

  A manufacturing company is growing exponentially and has secured funding to improve its IT infrastructure and ecommerce presence. The company's ecommerce platform consists of:

  1.

  Static assets primarily comprised of product images stored in Amazon S3.

  2.

  Amazon DynamoDB tables that store product information, user information, and order information.

  3.

  Web servers containing the application's front-end behind Elastic Load Balancers.

  The company wants to set up a disaster recovery site in a separate Region.

  Which combination of actions should the solutions architect take to implement the new design while meeting all the requirements? (Choose three.)

  A. Enable Amazon Route 53 health checks to determine if the primary site is down, and route traffic to the disaster recovery site if there is an issue.
  B. Enable Amazon S3 cross-Region replication on the buckets that contain static assets.
  C. Enable multi-Region targets on the Elastic Load Balancer and target Amazon EC2 instances in both Regions.
  D. Enable DynamoDB global tables to achieve a multi-Region table replication.
  E. Enable Amazon CloudWatch and create CloudWatch alarms that route traffic to the disaster recovery site when application latency exceeds the desired threshold.
  F. Enable Amazon S3 versioning on the source and destination buckets containing static assets to ensure there is a rollback version available in the event of data corruption.
  A. Enable Amazon Route 53 health checks to determine if the primary site is down, and route traffic to the disaster recovery site if there is an issue.
  E. Enable Amazon CloudWatch and create CloudWatch alarms that route traffic to the disaster recovery site when application latency exceeds the desired threshold.
  F. Enable Amazon S3 versioning on the source and destination buckets containing static assets to ensure there is a rollback version available in the event of data corruption.

• Question 514:

  An elastic network interface (ENI) is a virtual network interface that you can attach to an instance in a VPC. An ENI can include one public IP address, which can be auto-assigned to the elastic network interface for eth0 when you launch an instance, but only when you_____.

  A. create an elastic network interface for eth1
  B. include a MAC address
  C. use an existing network interface
  D. create an elastic network interface for eth0
  D. create an elastic network interface for eth0

• Question 515:

  A company manages multiple AWS accounts by using AWS Organizations. Under the root OU, the company has two OUs: Research and DataOps.

  Because of regulatory requirements, all resources that the company deploys in the organization must reside in the ap-northeast-1 Region. Additionally, EC2 instances that the company deploys in the DataOps OU must use a predefined list of

  instance types.

  A solutions architect must implement a solution that applies these restrictions. The solution must maximize operational efficiency and must minimize ongoing maintenance.

  Which combination of steps will meet these requirements? (Choose two.)

  A. Create an IAM role in one account under the DataOps OU. Use the ec2:InstanceType condition key in an inline policy on the role to restrict access to specific instance type.
  B. Create an IAM user in all accounts under the root OU. Use the aws:RequestedRegion condition key in an inline policy on each user to restrict access to all AWS Regions except ap-northeast-1.
  C. Create an SCP. Use the aws:RequestedRegion condition key to restrict access to all AWS Regions except ap-northeast-1. Apply the SCP to the root OU.
  D. Create an SCP. Use the ec2:Region condition key to restrict access to all AWS Regions except ap-northeast-1. Apply the SCP to the root OU, the DataOps OU, and the Research OU.
  E. Create an SCP. Use the ec2:InstanceType condition key to restrict access to specific instance types. Apply the SCP to the DataOps OU.
  C. Create an SCP. Use the aws:RequestedRegion condition key to restrict access to all AWS Regions except ap-northeast-1. Apply the SCP to the root OU.
  E. Create an SCP. Use the ec2:InstanceType condition key to restrict access to specific instance types. Apply the SCP to the DataOps OU.

• Question 516:

  You need to develop and run some new applications on AWS and you know that Elastic Beanstalk and CloudFormation can both help as a deployment mechanism for a broad range of AWS resources. Which of the following is TRUE statements when describing the differences between Elastic Beanstalk and CloudFormation?

  A. AWS Elastic Beanstalk introduces two concepts: The template, a JSON or YAML-format, text- based file
  B. Elastic Beanstalk supports AWS CloudFormation application environments as one of the AWS resource types.
  C. Elastic Beanstalk automates and simplifies the task of repeatedly and predictably creating groups of related resources that power your applications. CloudFormation does not.
  D. You can design and script custom resources in CloudFormation
  D. You can design and script custom resources in CloudFormation

• Question 517:

  What is the maximum write throughput I can provision for a single Dynamic DB table?

  A. 1,000 write capacity units
  B. 100,000 write capacity units
  C. Dynamic DB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.
  D. 10,000 write capacity units
  C. Dynamic DB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.

• Question 518:

  A company has an organization in AWS Organizations that has a large number of AWS accounts. One of the AWS accounts is designated as a transit account and has a transit gateway that is shared with all of the other AWS accounts AWS

  Site-to-Site VPN connections are configured between ail of the company's global offices and the transit account The company has AWS Config enabled on all of its accounts.

  The company's networking team needs to centrally manage a list of internal IP address ranges that belong to the global offices Developers Will reference this list to gain access to applications securely.

  Which solution meets these requirements with the LEAST amount of operational overhead?

  A. Create a JSON file that is hosted in Amazon S3 and that lists all of the internal IP address ranges Configure an Amazon Simple Notification Service (Amazon SNS) topic in each of the accounts that can be involved when the JSON file is updated. Subscribe an AWS Lambda function to the SNS topic to update all relevant security group rules with Vie updated IP address ranges.
  B. Create a new AWS Config managed rule that contains all of the internal IP address ranges Use the rule to check the security groups in each of the accounts to ensure compliance with the list of IP address ranges. Configure the rule to automatically remediate any noncompliant security group that is detected.
  C. In the transit account, create a VPC prefix list with all of the internal IP address ranges. Use AWS Resource Access Manager to share the prefix list with all of the other accounts. Use the shared prefix list to configure security group rules is the other accounts.
  D. In the transit account create a security group with all of the internal IP address ranges. Configure the security groups in me other accounts to reference the transit account's security group by using a nested security group reference of *./sg-1a2b3c4d".
  C. In the transit account, create a VPC prefix list with all of the internal IP address ranges. Use AWS Resource Access Manager to share the prefix list with all of the other accounts. Use the shared prefix list to configure security group rules is the other accounts.

• Question 519:

  A large company is migrating its entire IT portfolio to AWS. Each business unit in the company has a standalone AWS account that supports both development and test environments. New accounts to support production workloads will be needed soon.

  The Finance department requires a centralized method for payment but must maintain visibility into each group's spending to allocate costs.

  The Security team requires a centralized mechanism to control IAM usage in all the company's accounts.

  What combination of the following options meet the company's needs with the LEAST effort? (Choose two.)

  A. Use a collection of parameterized AWS CloudFormation templates defining common IAM permissions that are launched into each account. Require all new and existing accounts to launch the appropriate stacks to enforce the least privilege model.
  B. Use AWS Organizations to create a new organization from a chosen payer account and define an organizational unit hierarchy. Invite the existing accounts to join the organization and create new accounts using Organizations.
  C. Require each business unit to use its own AWS accounts. Tag each AWS account appropriately and enable Cost Explorer to administer chargebacks.
  D. Enable all features of AWS Organizations and establish appropriate service control policies that filter IAM permissions for sub-accounts.
  E. Consolidate all of the company's AWS accounts into a single AWS account. Use tags for billing purposes and IAM's Access Advisor feature to enforce the least privilege model.
  B. Use AWS Organizations to create a new organization from a chosen payer account and define an organizational unit hierarchy. Invite the existing accounts to join the organization and create new accounts using Organizations.
  D. Enable all features of AWS Organizations and establish appropriate service control policies that filter IAM permissions for sub-accounts.

• Question 520:

  A company has several applications running in an on-premises data center. The data center runs a mix of Windows and Linux VMs managed by VMware vCenter. A solutions architect needs to create a plan to migrate the applications to AWS. However, the solutions architect discovers that the document for the applications is not up to date and that there are no complete infrastructure diagrams. The company's developers lack time to discuss their applications and current usage with the solutions architect.

  What should the solutions architect do to gather the required information?

  A. Deploy the AWS Server Migration Service (AWS SMS) connector using the OVA image on the VMware cluster to collect configuration and utilization data from the VMs.
  B. Use the AWS Migration Portfolio Assessment (MPA) tool to connect to each of the VMs to collect the configuration and utilization data.
  C. Install the AWS Application Discovery Service on each of the VMs to collect the configuration and utilization data.
  D. Register the on-premises VMs with the AWS Migration Hub to collect configuration and utilization data.
  A. Deploy the AWS Server Migration Service (AWS SMS) connector using the OVA image on the VMware cluster to collect configuration and utilization data from the VMs.