1. Home
  2. Amazon
  3. SAP-C01

Amazon SAP-C01 Online Practice Questions and Exam Preparation

SAP-C01 Exam Details

  • Exam Code
    :SAP-C01
  • Exam Name
    :AWS Certified Solutions Architect - Professional (SAP-C01)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :973 Q&As
  • Last Updated
    :Jul 09, 2023

Amazon SAP-C01 Online Questions & Answers

  • Question 811:

    An organization is setting up a highly scalable application using Elastic Beanstalk. The organization is using ELB and RDS with VPC. The organization has public and private subnets within the cloud. Which of the below mentioned configurations will not work in this scenario?

    A. To setup RDS in a private subnet and ELB in a public subnet.
    B. The configuration must have public and private subnets in the same AZ.
    C. The configuration must have two private subnets in separate AZs.
    D. The EC2 instance should have a public IP assigned to it.

  • Question 812:

    ABC has created a multi-tenant Learning Management System (LMS). The application is hosted for five different tenants (clients) in the VPCs of the respective AWS accounts of the tenant. ABC wants to setup a centralized server which can

    connect with the LMS of each tenant upgrade if required. ABC also wants to ensure that one tenant VPC should not be able to connect to the other tenant VPC for security reasons.

    How can ABC setup this scenario?

    A. ABC has to setup one centralized VPC which will peer in to all the other VPCs of the tenants.
    B. ABC should setup VPC peering with all the VPCs peering each other but block the IPs from CIDR of the tenant VPCs to deny them.
    C. ABC should setup all the VPCs with the same CIDR but have a centralized VPC. This way only the centralized VPC can talk to the other VPCs using VPC peering.
    D. ABC should setup all the VPCs meshed together with VPC peering for all VPCs.

  • Question 813:

    A user has created a launch configuration for Auto Scaling where CloudWatch detailed monitoring is disabled. The user wants to now enable detailed monitoring. How can the user achieve this?

    A. Update the Launch config with CLI to set InstanceMonitoringDisabled = false
    B. The user should change the Auto Scaling group from the AWS console to enable detailed monitoring
    C. Create a new Launch Config with detail monitoring enabled and update the Auto Scaling group
    D. Update the Launch config with CLI to set InstanceMonitoring.Enabled = true

  • Question 814:

    A solutions architect works for a government agency that has strict disaster recovery requirements All Amazon Elastic Block Store (Amazon EBS) snapshots are required to be saved in at least two additional AWS Regions. The agency also is required to maintain the lowest possible operational overhead.

    Which solution meets these requirements?

    A. Configure a policy in Amazon Data Lifecycle Manager (Amazon DLMJ to run once daily to copy the EBS snapshots to the additional Regions.
    B. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule an AWS Lambda function to copy the EBS snapshots to the additional Regions.
    C. Set up AWS Backup to create the EBS snapshots. Configure Amazon S3 cross-Region replication to copy the EBS snapshots to the additional Regions.
    D. Schedule Amazon EC2 Image Builder to run once daily to create an AMI and copy the AMI to the additional Regions.

  • Question 815:

    An AWS customer is deploying an application mat is composed of an AutoScaling group of EC2 Instances.

    The customers security policy requires that every outbound connection from these instances to any other service within the customers Virtual Private Cloud must be authenticated using a unique x 509 certificate that contains the specific

    instance-id.

    In addition, an x 509 certificates must Designed by the customer's Key management service in order to be trusted for authentication.

    Which of the following configurations will support these requirements?

    A. Configure an IAM Role that grants access to an Amazon S3 object containing a signed certificate and configure the Auto Scaling group to launch instances with this role. Have the instances bootstrap get the certificate from Amazon S3 upon first boot.
    B. Embed a certificate into the Amazon Machine Image that is used by the Auto Scaling group. Have the launched instances generate a certificate signature request with the instance's assigned instance-id to the key management service for signature.
    C. Configure the Auto Scaling group to send an SNS notification of the launch of a new instance to the trusted key management service. Have the Key management service generate a signed certificate and send it directly to the newly launched instance.
    D. Configure the launched instances to generate a new certificate upon first boot. Have the Key management service poll the Auto Scaling group for associated instances and send new instances a certificate signature (hat contains the specific instance-id.

  • Question 816:

    You want to define permissions for a role in an IAM policy. Which of the following configuration formats should you use?

    A. An XML document written in the IAM Policy Language
    B. An XML document written in a language of your choice
    C. A JSON document written in the IAM Policy Language
    D. JSON document written in a language of your choice

  • Question 817:

    A large mobile gaming company has successfully migrated all of its on-premises infrastructure to the AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in

    alignment with the Well-Architected Framework.

    While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions architect finds out

    that the company's developers are launching new Amazon EC2 instances as part of their testing and that the developers are not using the appropriate instance types.

    The solutions architect must implement a control mechanism to limit the instance types that only the developers can launch. Which solution will meet these requirements?

    A. Create a desired-instance-type managed rule in AWS Config. Configure the rule with the instance types that are allowed. Attach the rule to an event to run each time a new EC2 instance is launched.
    B. In the EC2 console, create a launch template that specifies the instance types that are allowed. Assign the launch template to the developers' IAM accounts.
    C. Create a new IAM policy. Specify the instance types that are allowed. Attach the policy to an IAM group that contains the IAM accounts for the developers
    D. Use EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image.

  • Question 818:

    A company that provides wireless services needs a solution to store and analyze log files about user activities. Currently, log files are delivered daily to Amazon Linux on an Amazon EC2 instance. A batch script is run once a day to aggregate data used for analysis by a third-party tool. The data pushed to the third-party tool is used to generate a visualization for end users. The batch script is cumbersome to maintain, and it takes several hours to deliver the ever-increasing data volumes to the third-party tool. The company wants to lower costs, and is open to considering a new tool that minimizes development effort and lowers administrative overhead. The company wants to build a more agile solution that can store and perform the analysis in near-real time, with minimal overhead. The solution needs to be cost effective and scalable to meet the company's end-user base growth.

    Which solution meets the company's requirements?

    A. Develop a Python script to capture the data from Amazon EC2 in real time and store the data in Amazon S3. Use a copy command to copy data from Amazon S3 to Amazon Redshift. Connect a business intelligence tool running on Amazon EC2 to Amazon Redshift and create the visualizations.
    B. Use an Amazon Kinesis agent running on an EC2 instance in an Auto Scaling group to collect and send the data to an Amazon Kinesis Data Firehose delivery stream. The Kinesis Data Firehose delivery stream will deliver the data directly to Amazon ES. Use Kibana to visualize the data.
    C. Use an in-memory caching application running on an Amazon EBS-optimized EC2 instance to capture the log data in near real-time. Install an Amazon ES cluster on the same EC2 instance to store the log files as they are delivered to Amazon EC2 in near real-time. Install a Kibana plugin to create the visualizations.
    D. Use an Amazon Kinesis agent running on an EC2 instance to collect and send the data to an Amazon Kinesis Data Firehose delivery stream. The Kinesis Data Firehose delivery stream will deliver the data to Amazon S3. Use an AWS Lambda function to deliver the data from Amazon S3 to Amazon ES. Use Kibana to visualize the data.

  • Question 819:

    A user has configured two security groups which allow traffic as given below: 1: SecGrp1:

    Inbound on port 80 for 0.0.0.0/0 Inbound on port 22 for 0.0.0.0/0 2: SecGrp2:

    Inbound on port 22 for 10.10.10.1/32

    If both the security groups are associated with the same instance, which of the below mentioned statements is true?

    A. It is not possible to have more than one security group assigned to a single instance
    B. It is not possible to create the security group with conflicting rules. AWS will reject the request
    C. It allows inbound traffic for everyone on both ports 22 and 80
    D. It allows inbound traffic on port 22 for IP 10.10.10.1 and for everyone else on port 80

  • Question 820:

    You are designing an SSL/TLS solution that requires HTTPS clients to be authenticated by the Web server using client certificate authentication. The solution must be resilient. Which of the following options would you consider for configuring the web server infrastructure? (Choose two.)

    A. Configure ELB with TCP listeners on TCP/443. And place the Web servers behind it.
    B. Configure your Web servers with EIPs. Place the Web servers in a Route53 Record Set and configure health checks against all Web servers.
    C. Configure ELB with HTTPS listeners, and place the Web servers behind it.
    D. Configure your web servers as the origins for a CloudFront distribution. Use custom SSL certificates on your CloudFront distribution.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAP-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.