Free Amazon SAP-C02 Exam Questions

Question 1

A company is preparing to deploy an Amazon Elastic Kubernetes Service (Amazon EKS) cluster for a workload. The company expects the cluster to support an unpredictable number of stateless pods. Many of the pods will be created during a short time period as the workload automatically scales the number of replicas that the workload uses. Which solution will MAXIMIZE node resilience?

A : Use a separate launch template to deploy the EKS control plane into a second cluster that is separate from the workload node groups.

B : Update the workload node groups. Use a smaller number of node groups and larger instances in the node groups.

C : Configure the Kubernetes Cluster Autoscaler to ensure that the compute capacity of the workload node groups stays under provisioned.

D : Configure the workload to use topology spread constraints that are based on Availability Zone.

Answer: D

Question 2

A solutions architect is designing a network for a new cloud deployment. Each account will need autonomy to modify route tables and make changes. Centralized and controlled egress internet connectivity is also needed. The cloud footprint is expected to grow to thousands of AWS accounts. Which architecture will meet these requirements?

A : centralized transit VPC with a VPN connection to a standalone VPC in each account. Outbound internet traffic will be controlled by firewall appliances.

B : centralized shared VPC with a subnet for each account. Outbound internet traffic will controlled through a fleet of proxy servers.

C : A shared services VPC to host central assets to include a fleet of firewalls with a route to the internet.Each spoke VPC will peer to the central VPC.

D : hared transit gateway to which each VPC will be attached. Outbound internet access will route through a fleet of VPN-attached firewalls.

Answer: D

Question 3

A company recently developed a web application that processes customer behavioral data and stores the results in a DynamoDB table. The application is expected to receive a high usage load. To ensure that data is not lost when DynamoDB write requests are throttled, the solutions architect must reduce the load taken by the table.

Which of the following is the MOST cost-effective strategy for reducing the load on the DynamoDB table?

A : an SQS queue to decouple messages from the application and the database.

B : Replicate the DynamoDB table to another AWS region using global tables.

C : ovision more DynamoDB tables to absorb the load.

D : ovision higher write-capacity units (WCUs) to your DynamoDB table.

Answer: A

Question 4

A company has a serverless application comprised of Amazon CloudFront, Amazon API Gateway, and AWS

Lambda functions. The current deployment process of the application code is to create a new version number

of the Lambda function and run an AWS CLI script to update. If the new function version has errors, another

CLI script reverts by deploying the previous working version of the function. The company would like to

decrease the time to deploy new versions of the application logic provided by the Lambda functions, and also

reduce the time to detect and revert when errors are identified.

How can this be accomplished?

A : Create and deploy nested AWS CloudFormation stacks with the parent stack consisting of the AWSCloudFront distribution and API Gateway, and the child stack containing the Lambda function. Forchanges to Lambda, create an AWS CloudFormation change set and deploy; if errors are triggered,revert the AWS CloudFormation change set to the previous version.

B : Use AWS SAM and built-in AWS CodeDeploy to deploy the new Lambda version, gradually shifttraffic to the new version, and use pre-traffic and post-traffic test functions to verify code. Rollback ifAmazon CloudWatch alarms are triggered.

C : Refactor the AWS CLI scripts into a single script that deploys the new Lambda version. Whendeployment is completed, the script tests execute. If errors are detected, revert to the previous Lambdaversion.

D : Create and deploy an AWS CloudFormation stack that consists of a new API Gateway endpoint thatreferences the new Lambda version. Change the CloudFront origin to the new API Gateway endpoint,monitor errors and if detected, change the AWS CloudFront origin to the previous API Gatewayendpoint.

Answer: B

Question 5

A cryptocurrency exchange company has recently signed up for a 3rd party online auditing system, which is also using AWS, to perform regulatory compliance audits on their cloud systems. The online auditing system needs to access certain AWS resources in your network to perform the audit.

In this scenario, which of the following approach is the most secure way of providing access to the 3rd party online auditing system?

A : eate a new IAM user and assign a user policy to the IAM user that allows full and unrestricted access to all AWS resources. Create a new access and secret key for the IAM user and provide these credentials to the 3rd party auditing company.

B : eate a new IAM role for cross-account access which allows the online auditing system account to assume the role. Assign it a policy that allows only the actions required for the compliance audit.

C : eate a new IAM role for cross-account access which allows the online auditing system account to assume the role. Assign a policy that allows full and unrestricted access to all AWS resources.

D : eate a new IAM user and assign a user policy to the IAM user that allows only the actions required by the online audit system. Create a new access and secret key for the IAM user and provide these credentials to the 3rd party auditing company.

Answer: B