SAP-C01 Exam Details

  • Exam Code
    :SAP-C01
  • Exam Name
    :AWS Certified Solutions Architect - Professional (SAP-C01)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :973 Q&As
  • Last Updated
    :Jul 09, 2023

Amazon SAP-C01 Online Questions & Answers

  • Question 911:

    The Solutions Architect manages a serverless application that consists of multiple API gateways, AWS Lambda functions, Amazon S3 buckets, and Amazon DynamoDB tables. Customers say that a few application components slow while loading dynamic images, and some are timing out with the "504 Gateway Timeout" error. While troubleshooting the scenario, the Solutions Architect confirms that DynamoDB monitoring metrics are at acceptable levels.

    Which of the following steps would be optimal for debugging these application issues? (Choose two.)

    A. Parse HTTP logs in Amazon API Gateway for HTTP errors to determine the root cause of the errors.
    B. Parse Amazon CloudWatch Logs to determine processing times for requested images at specified intervals.
    C. Parse VPC Flow Logs to determine if there is packet loss between the Lambda function and S3.
    D. Parse AWS X-Ray traces and analyze HTTP methods to determine the root cause of the HTTP errors.
    E. Parse S3 access logs to determine if objects being accessed are from specific IP addresses to narrow the scope to geographic latency issues.

  • Question 912:

    A company runs a popular web application in an on-premises data center. The application receives four million views weekly. The company expects traffic to increase by 200% because of an advertisement that will be published soon.

    The company needs to decrease the load on the origin before the increase of traffic occurs. The company does not have enough time to move the entire application to the AWS Cloud.

    Which solution will meet these requirements?

    A. Create an Amazon CloudFront content delivery network (CDN). Enable query forwarding to the origin. Create a managed cache policy that includes query strings. Use an on- premises load balancer as the origin. Offload the DNS querying to AWS to handle CloudFront CDN traffic.
    B. Create an Amazon CloudFront content delivery network (CDN) that uses a Real Time Messaging Protocol (RTMP) distribution. Enable query forwarding to the origin. Use an on- premises load balancer as the origin. Offload the DNS querying to AWS to handle CloudFront CDN traffic.
    C. Create an accelerator in AWS Global Accelerator. Add listeners for HTTP and HTTPS TCP ports. Create an endpoint group. Create a Network Load Balancer (NLB), and attach it to the endpoint group. Point the NLB to the on-premises servers. Offload the DNS querying to AWS to handle AWS Global Accelerator traffic.
    D. Create an accelerator in AWS Global Accelerator. Add listeners for HTTP and HTTPS TCP ports. Create an endpoint group. Create an Application Load Balancer (ALB), and attach it to the endpoint group. Point the ALB to the on-premises servers. Offload the DNS querying to AWS to handle AWS Global Accelerator traffic.

  • Question 913:

    A media company has a static web application that is generated programmatically. The company has a build pipeline that generates HTML content that is uploaded to an Amazon S3 bucket served by Amazon CloudFront. The build pipeline runs inside a Build Account. The S3 bucket and CloudFront distribution are in a Distribution Account. The build pipeline uploads the files to Amazon S3 using an IAM role in the Build Account. The S3 bucket has a bucket policy that only allows CloudFront to read objects using an origin access identity (OAI). During testing all attempts to access the application using the CloudFront URL result in an HTTP 403 Access Denied response.

    What should a solutions architect suggest to the company to allow access the objects in Amazon S3 through CloudFront?

    A. Modify the S3 upload process in the Build Account to add the bucket-owner-full-control ACL to the objects at upload.
    B. Create a new cross-account IAM role in the Distribution Account with write access to the S3 bucket. Modify the build pipeline to assume this role to upload the files to the Distribution Account.
    C. Modify the S3 upload process in the Build Account to set the object owner to the Distribution Account.
    D. Create a new IAM role in the Distribution Account with read access to the S3 bucket. Configure CloudFront to use this new role as its OAI. Modify the build pipeline to assume this role when uploading files from the Build Account.

  • Question 914:

    A large company with hundreds of AWS accounts has a newly established centralized internal process for purchasing new or modifying existing Reserved Instances. This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement or execution. Previously, business units would directly purchase or modify Reserved Instances in their own respective AWS accounts autonomously.

    Which combination of steps should be taken to proactively enforce the new process in the MOST secure way possible? (Choose two.)

    A. Ensure all AWS accounts are part of an AWS Organizations structure operating in all features mode.
    B. Use AWS Config to report on the attachment of an IAM policy that denies access to the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions.
    C. In each AWS account, create an IAM policy with a DENY rule to the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions.
    D. Create an SCP that contains a deny rule to the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions. Attach the SCP to each organizational unit (OU) of the AWS Organizations structure.
    E. Ensure that all AWS accounts are part of an AWS Organizations structure operating in consolidated billing features mode.

  • Question 915:

    A web company is looking to implement an external payment service into their highly available application deployed in a VPC Their application EC2 instances are behind a public facing ELB. Auto scaling is used to add additional instances as traffic increases under normal load the application runs 2 instances in the Auto Scaling group but at peak it can scale 3x in size. The application instances need to communicate with the payment service over the Internet which requires whitelisting of all public IP addresses used to communicate with it. A maximum of 4 whitelisting IP addresses are allowed at a time and can be added through an API.

    How should they architect their solution?

    A. Route payment requests through two NAT instances setup for High Availability and whitelist the Elastic IP addresses attached to the MAT instances.
    B. Whitelist the VPC Internet Gateway Public IP and route payment requests through the Internet Gateway.
    C. Whitelist the ELB IP addresses and route payment requests from the Application servers through the ELB.
    D. Automatically assign public IP addresses to the application instances in the Auto Scaling group and run a script on boot that adds each instances public IP address to the payment validation whitelist API.

  • Question 916:

    In DynamoDB, "The data is eventually consistent" means that__________.

    A. a read request immediately after a write operation might not show the latest change.
    B. a read request immediately after a write operation shows the latest change.
    C. a write request immediately after a read operation might cause data loss.
    D. a read request immediately after a write operation might cause data loss.

  • Question 917:

    A company uses AWS Cloud Formation to deploy applications within multiple VPCs that are all attached to a transit gateway. Each VPC that sends traffic to the public internet must send the traffic through a shared services VPC. Each subnet within a VPC uses the default VPC route table, and the traffic is routed to the transit gateway. The transit gateway uses its default route table for any VPC attachment.

    A security audit reveals that an Amazon EC2 instance that is deployed within a VPC can communicate with an EC2 instance that is deployed in any of the company's other VPCs. A solutions architect needs to limit the traffic between the VPCs. Each VPC must be able to communicate only with a predefined, limited set of authorized VPCs.

    What should the solutions architect do to meet these requirements?

    A. Update the network ACL of each subnet within a VPC to allow outbound traffic only to the authorized VPCs. Remove all deny rules except the default deny rule.
    B. Update all the security groups that are used within a VPC to deny outbound traffic to security groups that are used within the unauthorized VPCs
    C. Create a dedicated transit gateway route table for each VPC attachment. Route traffic only to the authorized VPCs.
    D. Update the main route table of each VPC to route traffic only to the authorized VPCs through the transit gateway.

  • Question 918:

    In DynamoDB, which of the following operations is not possible by the console?

    A. Updating an item
    B. Copying an item
    C. Blocking an item
    D. Deleting an item

  • Question 919:

    You must architect the migration of a web application to AWS. The application consists of Linux web servers running a custom web server. You are required to save the logs generated from the application to a durable location.

    What options could you select to migrate the application to AWS? (Choose two.)

    A. Create an AWS Elastic Beanstalk application using the custom web server platform. Specify the web server executable and the application project and source files. Enable log file rotation to Amazon Simple Storage Service (S3).
    B. Create Dockerfile for the application. Create an AWS OpsWorks stack consisting of a custom layer. Create custom recipes to install Docker and to deploy your Docker container using the Dockerfile. Create customer recipes to install and configure the application to publish the logs to Amazon CloudWatch Logs.
    C. Create Dockerfile for the application. Create an AWS OpsWorks stack consisting of a Docker layer that uses the Dockerfile. Create custom recipes to install and configure Amazon Kinesis to publish the logs into Amazon CloudWatch.
    D. Create a Dockerfile for the application. Create an AWS Elastic Beanstalk application using the Docker platform and the Dockerfile. Enable logging the Docker configuration to automatically publish the application logs. Enable log file rotation to Amazon S3.
    E. Use VM import/Export to import a virtual machine image of the server into AWS as an AMI. Create an Amazon Elastic Compute Cloud (EC2) instance from AMI, and install and configure the Amazon CloudWatch Logs agent. Create a new AMI from the instance. Create an AWS Elastic Beanstalk application using the AMI platform and the new AMI.

  • Question 920:

    Cognito Sync is an AWS service that you can use to synchronize user profile data across mobile devices without requiring your own backend. When the device is online, you can synchronize data. If you also set up push sync, what does it allow you to do?

    A. Notify other devices that a user profile is available across multiple devices
    B. Synchronize user profile data with less latency
    C. Notify other devices immediately that an update is available
    D. Synchronize online data faster

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SAP-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.