Free Amazon SAP-C02 Exam Questions

Question 1

A company that provisions job boards for a seasonal workforce is seeing an increase in traffic and usage. The backend services run on a pair of Amazon EC2 instances behind an Application Load Balancer with Amazon DynamoDB as the datastore. Application read and write traffic is slow during peak seasons. Which option provides a scalable application architecture to handle peak seasons with the LEAST development effort?

A : Migrate the backend services to AWS Lambda. Increase the read and write capacity of DynamoDB.

B : Migrate the backend services to AWS Lambda. Configure DynamoDB to use global tables.

C : Use Auto Scaling groups for the backend services. Use DynamoDB auto scaling.

D : Use Auto Scaling groups for the backend services. Use Amazon Simple Queue Service (Amazon SQS) and an AWS Lambda function to write to DynamoDB.

Answer: C

Question 2

A company runs applications on Amazon EC2 instances. The company plans to begin using an Auto Scaling

group for the instances. As part of this transition, a solutions architect must ensure that Amazon CloudWatch

Logs automatically collects logs from all new instances The new Auto Scaling group will use a launch

template that includes the Amazon Linux 2 AMI and no key pair

Which solution meets these requirements?

A : Create an Amazon CloudWatch agent configuration for the workload Store the CloudWatch agentconfiguration in an Amazon S3 bucket Write an EC2 user data script to fetch the configuration He fromAmazon S3. Configure the cloudWatch agent on the instance during Initial boot.

B : Create an Amazon CloudWatch agent configuration for the workload In AWS Systems ManagerParameter Store Create a Systems Manager document that Installs and configures the CloudWatch agentby using the configuration Create an Amazon EventBridge (Amazon CloudWatch Events) rule on thedefault event bus with a Systems Manager Run Command target that runs the document whenever aninstance enters the running state.

C : Create an Amazon CloudWatch agent configuration for the workload Create an AWS Lambda functionto Install and configure CloudWatch agent by using AWS Systems Manager Session Manager. Includethe agent configuration inside the Lambda package Create an AWS Config custom rule to identifychanges to the EC2 instances and invoke the Lambda function

D : Create an Amazon CloudWatch agent configuration for the workload. Save the CloudWatch agentconfiguration as pan of an AWS Lambda deployment package. Use AWS CloudTrail to capture EC2tagging events and initiate agent installation. Use AWS CodeBuild to configure the CloudWatch agenton the instances that run the workload.

Answer: B

Question 3

A private bank is hosting a secure web application that allows its agents to view highly sensitive information about the clients. The amount of traffic that the web app will receive is known and not expected to fluctuate. An SSL will be used as part of the application's data security. The chief information security officer (CISO) is concerned about the security of the SSL private key. The CISO wants to ensure that the key cannot be accidentally or intentionally moved outside the corporate environment. The solutions architect is also concerned that the application logs might contain some sensitive information. The EBS volumes used to store the data are already encrypted. In this scenario, the application logs must be stored securely and durably so that they can only be decrypted by authorized employees.

Which of the following is the most suitable and highly available architecture that can meet all of the requirements?

A : tribute traffic to a set of web servers using an Elastic Load Balancer that performs TCP load balancing. Use CloudHSM deployed to two Availability Zones to perform the SSL transactions and deliver your application logs to a private Amazon S3 bucket using server-side encryption.

B : tribute traffic to a set of web servers using an Elastic Load Balancer. To secure the SSL private key, upload the key to the load balancer and configure the load balancer to offload the SSL traffic. Lastly, write your application logs to an instance store volume that has been encrypted using a randomly generated AES key.

C : tribute traffic to a set of web servers using an Elastic Load Balancer that performs TCP load balancing. Use an AWS CloudHSM to perform the SSL transactions and deliver your application logs to a private Amazon S3 bucket using server-side encryption.

D : tribute traffic to a set of web servers using an Elastic Load Balancer. Use TCP load balancing for the load balancer and configure your web servers to retrieve the SSL private key from a private Amazon S3 bucket on boot. Use another private Amazon S3 bucket to store your web server logs using Amazon S3 server-side encryption

Answer: A

Question 4

A company has an on-premises Microsoft SQL Server database that writes a nightly 200 GB export to a local

drive. The company wants to move the backups to more robust cloud storage on Amazon S3. The company

has set up a 10 Gbps AWS Direct Connect connection between the on-premises data center and AWS. Which

solution meets these requirements Most cost effectively?

A : Create a new S3 bucket Deploy an AWS Storage Gateway file gateway within the VPC that isconnected to the Direct Connect connection. Create a new SMB file share. Write nightly databaseexports to the new SMB file share.

B : Create an Amzon FSx for Windows File Server Single-AZ file system within the VPC that is connectedto the Direct Connect connection. Create a new SMB file share. Write nightly database exports to anSMB file share on the Amazon FSx file system Enable backups.

C : Create an Amazon FSx for Windows File Server Multi-AZ system within the VPC that is connected tothe Direct Connect connection. Create a new SMB file share. Write nightly database exports to an SMBfile share on the Amazon FSx file system. Enable nightly backups.

D : Create a new S3 buckets. Deploy an AWS Storage Gateway volume gateway within the VPC that isconnected to the Direct Connect connection. Create a new SMB file share. Write nightly databaseexports to the new SMB file share on the volume gateway, and automate copies of this data to an S3bucket.

Answer: A

Question 5

A finance company hosts an online banking portal in AWS. The application is recently deployed in an Auto Scaling group of Amazon EC2 instances inside a VPC. However, after several days, the solutions architect found out that there is an unusually high amount of inbound HTTP traffic coming from a set of 15 specific IP addresses from a certain country where your company has absolutely no customers. The EC2 instances are flooded with incoming requests that the system administrators cannot even establish an SSH connection to the instances.

What should the Solutions Architect do to address this security vulnerability in the MOST cost-effective way?

A : Use AWS WAF to protect your VPC against web attacks. Place the online banking portal behind a CloudFront RTMP distribution.

B : t up deny rules on your inbound Network Access control list associated with the web application tier subnet to block access to the group of attacking IP addresses.

C : AWS Shield Advanced to protect your VPC from common, most frequently occurring network and transport layer DDoS attacks.

D : eate inbound rules in the Security Group of your EC2 instances to block the attacking IP addresses.

Answer: B