Free Amazon SAP-C02 Exam Questions

Question 1

During an audit, a security team discovered that a development team was putting IAM user secret access keys

in their code and then committing it to an AWS CodeCommit repository . The security team wants to

automatically find and remediate instances of this security vulnerability

Which solution will ensure that the credentials are appropriately secured automatically?

A : Run a script nightly using AWS Systems Manager Run Command to search for credentials on thedevelopment instances If found use AWS Secrets Manager to rotate the credentials.

B : Use a scheduled AWS Lambda function to download and scan the application code from CodeCommitIf credentials are found, generate new credentials and store them in AWS KMS

C : Configure Amazon Macie to scan for credentials in CodeCommit repositories If credentials are found,trigger an AWS Lambda function to disable the credentials and notify the user

D : Configure a CodeCommit trigger to invoke an AWS Lambda function to scan new code submissions forcredentials If credentials are found, disable them in AWS IAM and notify the user.

Answer: A

Question 2

A company manually runs its custom scripts when deploying a new version of its application that is hosted on a fleet of Amazon EC2 instances. This method is prone to human errors such as accidentally running the wrong script or deploying the wrong artifact. The company wants to automate its deployment procedure and leverage its team’s knowledge in Chef deployment tools. The new version of the application must first be deployed on a staging environment for verification and testing. After passing the tests, it can then be deployed to the production environment. If errors are encountered after the deployment, the company wants to roll back to the older application version within five minutes.

Which of the following options should the Solutions Architect implement to meet the requirements?

A : eate an environment on AWS Elastic Beanstalk and deploy the application. For succeeding deployments, choose a “rolling update” strategy for fast deployment and easy rollback procedure in case of errors.

B : Create a new pipeline on AWS CodePipeline and add a stage that will deploy the application on the AWS EC2 instances. Choose a “rolling update with an additional batch” deployment strategy, to allow a quick rollback to the older version in case of errors.

C : eate a stack on AWS OpsWorks and deploy the application. Clone this stack and deploy the new application version on it. Use a “blue/green” deployment strategy to shift traffic to the newer stack.

D : ilize AWS CodeBuild and add a job with the Chef recipes for the new application version. Use a “canary” deployment strategy to the new version on a new instance. Delete the canary instance if errors are found on the new version.

Answer: C

Question 3

A software-as-a-service (SaaS) provider exposes APIs through an Application Load Balancer (ALB). The ALB connects to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that is deployed in the us-east-I Region. The exposed APIs contain usage of a few non-standard REST methods: LINK, UNLINK, LOCK, and UNLOCK.

Users outside the United States are reporting long and inconsistent response times for these APIs. A solutions architect needs to resolve this problem with a solution that minimizes operational overhead.

Which solution meets these requirements?

A : an Amazon CloudFront distribution. Configure the ALB as the origin.

B : an Amazon API Gateway edge-optimized API endpoint to expose the APIs. Configure the ALB as the target.

C : an accelerator in AWS Global Accelerator. Configure the ALB as the origin.

D : ploy the APIs to two additional AWS Regions: eu-west-l and ap-southeast-2. Add latency-based routing records in Amazon Route 53.

Answer: C

Question 4

A company is processing videos in the AWS Cloud by using Amazon EC2 instances in an Auto Scaling group.

It takes 30 minutes to process a video. Several EC2 instances scale in and out depending on the number of

videos in an Amazon Simple Queue Service (Amazon SQS) queue.

The company has configured the SQS queue with a redrive policy that specifies a target dead-letter queue and

a maxReceiveCount of 1. The company has set the visibility timeout for the SQS queue to 1 hour. The

company has set up an Amazon CloudWatch alarm to notify the development team when there are messages in

the dead-letter queue.

Several times during the day, the development team receives notification that messages are in the dead-letter

queue and that videos have not been processed properly. An investigation finds no errors in the application

logs.

How can the company solve this problem?

A : Turn on termination protection for the EC2 instances.

B : Update the visibility timeout for the SOS queue to 3 hours.

C : Configure scale-in protection for the instances during processing.

D : date the redrive policy and set maxReceiveCount to 0.

Answer: D

Question 5

A company's site reliability engineer is performing a review of Amazon FSx for Windows File Server

deployments within an account that the company acquired Company policy states that all Amazon FSx file

systems must be configured to be highly available across Availability Zones.

During the review, the site reliability engineer discovers that one of the Amazon FSx file systems used a

deployment type of Single-AZ 2 A solutions architect needs to minimize downtime while aligning this

Amazon FSx file system with company policy.

What should the solutions architect do to meet these requirements?

A : configure the deployment type to Multi-AZ for this Amazon FSx tile system

B : eate a new Amazon FSx fie system with a deployment type o( Multi-AZ. Use AWS DataSync to transfer data to the new Amazon FSx file system. Point users to the new location

C : eate a second Amazon FSx file system with a deployment type of Single-AZ 2. Use AWS DataSync to keep the data n sync. Switch users to the second Amazon FSx fie system in the event of failure

D : the AWS Management Console to take a backup of the Amazon FSx He system Create a new Amazon FSx file system with a deployment type of Multi-AZ Restore the backup to the new Amazon FSx file system. Point users to the new location.

Answer: B