Question # 1
A company is running multiple workloads in the AWS Cloud. The company has separate
units for software development. The company uses AWS Organizations and federation with
SAML to give permissions to developers to manage resources in their AWS accounts. The
development units each deploy their production workloads into a common production
account.
Recently, an incident occurred in the production account in which members of a
development unit terminated an EC2 instance that belonged to a different development
unit. A solutions architect must create a solution that prevents a similar incident from
happening in the future. The solution also must allow developers the possibility to manage
the instances used for their workloads.
Which strategy will meet these requirements? |
| A. Create separate OUs in AWS Organizations for each development unit. Assign the
created OUs to the company AWS accounts. Create separate SCPs with a deny action and
a StringNotEquals condition for the DevelopmentUnit resource tag that matches the
development unit name. Assign the SCP to the corresponding OU. | | B. Pass an attribute for DevelopmentUnit as an AWS Security Token Service (AWS STS)
session tag during SAML federation. Update the IAM policy for the developers' assumed
IAM role with a deny action and a StringNotEquals condition for the DevelopmentUnit
resource tag and aws:PrincipalTag/ DevelopmentUnit. | | C. Pass an attribute for DevelopmentUnit as an AWS Security Token Service (AWS STS)
session tag during SAML federation. Create an SCP with an allow action and a
StringEquals condition for the DevelopmentUnit resource tag and
aws:PrincipalTag/DevelopmentUnit. Assign the SCP to the root OU. | | D. Create separate IAM policies for each development unit. For every IAM policy, add an
allow action and a StringEquals condition for the DevelopmentUnit resource tag and the
development unit name. During SAML federation, use AWS Security Token Service (AWS STS) to assign the IAM policy and match the development unit name to the assumed IAM
role. |
B. Pass an attribute for DevelopmentUnit as an AWS Security Token Service (AWS STS)
session tag during SAML federation. Update the IAM policy for the developers' assumed
IAM role with a deny action and a StringNotEquals condition for the DevelopmentUnit
resource tag and aws:PrincipalTag/ DevelopmentUnit.
Question # 2
A company needs to improve the reliability ticketing application. The application runs on an
Amazon Elastic Container Service (Amazon ECS) cluster. The company uses Amazon
CloudFront to servo the application. A single ECS service of the ECS cluster is the
CloudFront distribution's origin.
The application allows only a specific number of active users to enter a ticket purchasing
flow. These users are identified by an encrypted attribute in their JSON Web Token (JWT).
All other users are redirected to a waiting room module until there is available capacity for
purchasing.
The application is experiencing high loads. The waiting room modulo is working as
designed, but load on the waiting room is disrupting the application's availability. This
disruption is negatively affecting the application's ticket sale Transactions.
Which solution will provide the MOST reliability for ticket sale transactions during periods of
high load? ' |
| A. Create a separate service in the ECS cluster for the waiting room. Use a separate
scaling configuration. Ensure that the ticketing service uses the JWT info-nation and
appropriately forwards requests to the waring room service. | | B. Move the application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster.
Split the wailing room module into a pod that is separate from the ticketing pod. Make the
ticketing pod part of a StatefuISeL Ensure that the ticketing pod uses the JWT information
and appropriately forwards requests to the waiting room pod. | | C. Create a separate service in the ECS cluster for the waiting room. Use a separate
scaling configuration. Create a CloudFront function That inspects the JWT information and
appropriately forwards requests to the ticketing service or the waiting room service | | D. Move the application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster.
Split the wailing room module into a pod that is separate from the ticketing pod. Use AWS
App Mesh by provisioning the App Mesh controller for Kubermetes. Enable mTLS
authentication and service-to-service authentication for communication between the
ticketing pod and the waiting room pod. Ensure that the ticketing pod uses The JWT
information and appropriately forwards requests to the waiting room pod. |
C. Create a separate service in the ECS cluster for the waiting room. Use a separate
scaling configuration. Create a CloudFront function That inspects the JWT information and
appropriately forwards requests to the ticketing service or the waiting room service
Explanation:
Implementing a CloudFront function that inspects the JWT information and appropriately
forwards requests either to the ticketing service or the waiting room service within the
Amazon ECS cluster enhances reliability during high load periods. This solution segregates
the load between the main application and the waiting room, ensuring that the ticketing service remains unaffected by the high load on the waiting room. Using CloudFront
functions for request routing based on JWT attributes allows for efficient distribution of user
traffic, thereby maintaining the application's availability and performance during peak times.
Question # 3
A company is using Amazon API Gateway to deploy a private REST API that will provide
access to sensitive data. The API must be accessible only from an application that is
deployed in a VPC. The company deploys the API successfully. However, the API is not
accessible from an Amazon EC2 instance that is deployed in the VPC.
Which solution will provide connectivity between the EC2 instance and the API? |
| A. Create an interface VPC endpoint for API Gateway. Attach an endpoint policy that
allows apigateway:* actions. Disable private DNS naming for the VPC endpoint. Configure
an API resource policy that allows access from the VPC. Use the VPC endpoint's DNS
name to access the API. | | B. Create an interface VPC endpoint for API Gateway. Attach an endpoint policy that
allows the execute-api:lnvoke action. Enable private DNS naming for the VPC endpoint.
Configure an API resource policy that allows access from the VPC endpoint. Use the API
endpoint's DNS names to access the API. Most Voted | | C. Create a Network Load Balancer (NLB) and a VPC link. Configure private integration
between API Gateway and the NLB. Use the API endpoint's DNS names to access the
API. | | D. Create an Application Load Balancer (ALB) and a VPC Link. Configure private
integration between API Gateway and the ALB. Use the ALB endpoint's DNS name to
access the API. |
B. Create an interface VPC endpoint for API Gateway. Attach an endpoint policy that
allows the execute-api:lnvoke action. Enable private DNS naming for the VPC endpoint.
Configure an API resource policy that allows access from the VPC endpoint. Use the API
endpoint's DNS names to access the API. Most Voted
Question # 4
A company runs many workloads on AWS and uses AWS Organizations to manage its
accounts. The workloads are hosted on Amazon EC2. AWS Fargate. and AWS Lambda.
Some of the workloads have unpredictable demand. Accounts record high usage in some
months and low usage in other months.
The company wants to optimize its compute costs over the next 3 years A solutions
architect obtains a 6-month average for each of the accounts across the organization to
calculate usage.
Which solution will provide the MOST cost savings for all the organization's compute
usage? |
| A. Purchase Reserved Instances for the organization to match the size and number of the
most common EC2 instances from the member accounts. | | B. Purchase a Compute Savings Plan for the organization from the management account
by using the recommendation at the management account level | | C. Purchase Reserved Instances for each member account that had high EC2 usage
according to the data from the last 6 months. | | D. Purchase an EC2 Instance Savings Plan for each member account from the
management account based on EC2 usage data from the last 6 months. |
B. Purchase a Compute Savings Plan for the organization from the management account
by using the recommendation at the management account level
Question # 5
A company is rearchitecting its applications to run on AWS. The company's infrastructure
includes multiple Amazon EC2 instances. The company's development team needs
different levels of access. The company wants to implement a policy that requires all
Windows EC2 instances to be joined to an Active Directory domain on AWS. The company
also wants to Implement enhanced security processes such as multi-factor authentication
(MFA). The company wants to use managed AWS services wherever possible.
Which solution will meet these requirements? |
| A. Create an AWS Directory Service for Microsoft Active Directory implementation. Launch
an Amazon Workspace. Connect to and use the Workspace for domain security
configuration tasks. | | B. Create an AWS Directory Service for Microsoft Active Directory implementation. Launch
an EC2 instance. Connect to and use the EC2 instance for domain security configuration
tasks. | | C. Create an AWS Directory Service Simple AD implementation. Launch an EC2 instance.
Connect to and use the EC2 instance for domain security configuration tasks. | | D. Create an AWS Directory Service Simple AD implementation. Launch an Amazon
Workspace. Connect to and use the Workspace for domain security configuration tasks. |
A. Create an AWS Directory Service for Microsoft Active Directory implementation. Launch
an Amazon Workspace. Connect to and use the Workspace for domain security
configuration tasks.
Explanation:
A is the correct answer because it uses AWS Directory Service for Microsoft Active
Directory to join the Windows EC2 instances to an Active Directory domain on AWS and enable MFA. AWS Directory Service for Microsoft Active Directory, also known as AWS
Managed Microsoft AD, is a fully managed service that is powered by Windows Server
2019. It allows you to run directory-aware workloads in the AWS Cloud, including Microsoft
SharePoint and custom .NET and SQL Server-based applications. You can also configure
a trust relationship between AWS Managed Microsoft AD in the AWS Cloud and your
existing on-premises Microsoft Active Directory. AWS Managed Microsoft AD supports
MFA by integrating with your existing RADIUS-based MFA infrastructure. To join the
Windows EC2 instances to an Active Directory domain on AWS, you can use an Amazon
Workspace, which is a fully managed, secure desktop computing service that runs on
AWS. You can connect to and use the Workspace for domain security configuration tasks.
Question # 6
A company uses an organization in AWS Organizations to manage the company's AWS
accounts. The company uses AWS CloudFormation to deploy all infrastructure. A finance
team wants to buikJ a chargeback model The finance team asked each business unit to tag
resources by using a predefined list of project values.
When the finance team used the AWS Cost and Usage Report in AWS Cost Explorer and
filtered based on project, the team noticed noncompliant project values. The company
wants to enforce the use of project tags for new resources.
Which solution will meet these requirements with the LEAST effort? |
| A. Create a tag policy that contains the allowed project tag values in the organization's
management account. Create an SCP that denies the cloudformation:CreateStack API
operation unless a project tag is added. Attach the SCP to each OU. | | B. Create a tag policy that contains the allowed project tag values in each OU. Create an
SCP that denies the cloudformation:CreateStack API operation unless a project tag is
added. Attach the SCP to each OU. | | C. Create a tag policy that contains the allowed project tag values in the AWS management
account. Create an 1AM policy that denies the cloudformation:CreateStack API operation
unless a project tag is added. Assign the policy to each user. | | D. Use AWS Service Catalog to manage the CloudFoanation stacks as products. Use a
TagOptions library to control project tag values. Share the portfolio with all OUs that are in
the organization. |
A. Create a tag policy that contains the allowed project tag values in the organization's
management account. Create an SCP that denies the cloudformation:CreateStack API
operation unless a project tag is added. Attach the SCP to each OU.
Explanation:
The best solution is to create a tag policy that contains the allowed project tag values in the
organization’s management account and create an SCP that denies the
cloudformation:CreateStack API operation unless a project tag is added. A tag policy is a type of policy that can help standardize tags across resources in the organization’s
accounts. A tag policy can specify the allowed tag keys, values, and case treatment for
compliance. A service control policy (SCP) is a type of policy that can restrict the actions
that users and roles can perform in the organization’s accounts. An SCP can deny access
to specific API operations unless certain conditions are met, such as having a specific tag.
By creating a tag policy in the management account and attaching it to each OU, the
organization can enforce consistent tagging across all accounts. By creating an SCP that
denies the cloudformation:CreateStack API operation unless a project tag is added, the
organization can prevent users from creating new resources without proper tagging. This
solution will meet the requirements with the least effort, as it does not involve creating
additional resources or modifying existing ones. References: Tag policies - AWS
Organizations, Service control policies - AWS Organizations, AWS CloudFormation User
Guide
Question # 7
A company runs an unauthenticated static website (www.example.com) that includes a
registration form for users. The website uses Amazon S3 for hosting and uses Amazon
CloudFront as the content delivery network with AWS WAF configured. When the
registration form is submitted, the website calls an Amazon API Gateway API endpoint that
invokes an AWS Lambda function to process the payload and forward the payload to an
external API call.
During testing, a solutions architect encounters a cross-origin resource sharing (CORS)
error. The solutions architect confirms that the CloudFront distribution origin has the
Access-Control-Allow-Origin header set to www.example.com.
What should the solutions architect do to resolve the error? |
| A. Change the CORS configuration on the S3 bucket. Add rules for CORS to the Allowed
Origin element for www.example.com. | | B. Enable the CORS setting in AWS WAF. Create a web ACL rule in which the Access-
Control-Allow-Origin header is set to www.example.com. | | C. Enable the CORS setting on the API Gateway API endpoint. Ensure that the API
endpoint is configured to return all responses that have the Access-Control -Allow-Origin
header set to www.example.com. | | D. Enable the CORS setting on the Lambda function. Ensure that the return code of the
function has the Access-Control-Allow-Origin header set to www.example.com. |
C. Enable the CORS setting on the API Gateway API endpoint. Ensure that the API
endpoint is configured to return all responses that have the Access-Control -Allow-Origin
header set to www.example.com.
Explanation:
CORS errors occur when a web page hosted on one domain tries to make a request to a
server hosted on another domain. In this scenario, the registration form hosted on the static website is trying to make a request to the API Gateway API endpoint hosted on a different
domain, which is causing the error. To resolve this error, the Access-Control-Allow-Origin
header needs to be set to the domain from which the request is being made. In this case,
the header is already set to www.example.com on the CloudFront distribution origin.
Therefore, the solutions architect should enable the CORS setting on the API Gateway API
endpoint and ensure that the API endpoint is configured to return all responses that have
the Access-Control-Allow-Origin header set to www.example.com. This will allow the API
endpoint to respond to requests from the static website without a CORS error.
Question # 8
A company is running a serverless ecommerce application on AWS. The application uses
Amazon API Gateway to invoke AWS Lambda Java functions. The Lambda functions
connect to an Amazon RDS for MySQL database to store data.
During a recent sale event, a sudden increase in web traffic resulted in poor API
performance and database connection failures. The company needs to implement a
solution to minimize the latency for the Lambda functions and to support bursts in traffic.
Which solution will meet these requirements with the LEAST amount of change to the
application? |
| A. Update the code of the Lambda functions so that the Lambda functions open the
database connection outside of the function handler. Increase the provisioned concurrency for the Lambda functions. | | B. Create an RDS Proxy endpoint for the database. Store database secrets in AWS
Secrets Manager. Set up the required 1AM permissions. Update the Lambda functions to
connect to the RDS Proxy endpoint. Increase the provisioned concurrency for the Lambda
functions. | | C. Create a custom parameter group. Increase the value of the max_connections
parameter. Associate the custom parameter group with the RDS DB instance and schedule
a reboot. Increase the reserved concurrency for the Lambda functions. | | D. Create an RDS Proxy endpoint for the database. Store database secrets in AWS
Secrets Manager. Set up the required 1AM permissions. Update the Lambda functions to
connect to the RDS Proxy endpoint. Increase the reserved concurrency for the Lambda
functions. |
B. Create an RDS Proxy endpoint for the database. Store database secrets in AWS
Secrets Manager. Set up the required 1AM permissions. Update the Lambda functions to
connect to the RDS Proxy endpoint. Increase the provisioned concurrency for the Lambda
functions.
Get 483 AWS Certified Solutions Architect - Professional questions Access in less then $0.12 per day.
Amazon Web Services Bundle 1:
1 Month PDF Access For All Amazon Web Services Exams with Updates
$200
$800
Buy Bundle 1
Amazon Web Services Bundle 2:
3 Months PDF Access For All Amazon Web Services Exams with Updates
$300
$1200
Buy Bundle 2
Amazon Web Services Bundle 3:
6 Months PDF Access For All Amazon Web Services Exams with Updates
$450
$1800
Buy Bundle 3
Amazon Web Services Bundle 4:
12 Months PDF Access For All Amazon Web Services Exams with Updates
$600
$2400
Buy Bundle 4
Disclaimer: Fair Usage Policy - Daily 5 Downloads
AWS Certified Solutions Architect - Professional Test Dumps
Exam Code: SAP-C02
Exam Name: AWS Certified Solutions Architect - Professional
- 90 Days Free Updates
- Amazon Web Services Experts Verified Answers
- Printable PDF File Format
- SAP-C02 Exam Passing Assurance
Get 100% Real SAP-C02 Exam Dumps With Verified Answers As Seen in the Real Exam. AWS Certified Solutions Architect - Professional Exam Questions are Updated Frequently and Reviewed by Industry TOP Experts for Passing AWS Certified Professional Exam Quickly and Hassle Free.
Amazon Web Services SAP-C02 Test Dumps
Struggling with AWS Certified Solutions Architect - Professional preparation? Get the edge you need! Our carefully created SAP-C02 test dumps give you the confidence to pass the exam. We offer:
1. Up-to-date AWS Certified Professional practice questions: Stay current with the latest exam content.
2. PDF and test engine formats: Choose the study tools that work best for you.
3. Realistic Amazon Web Services SAP-C02 practice exam: Simulate the real exam experience and boost your readiness.
Pass your AWS Certified Professional exam with ease. Try our study materials today!
Official AWS Solutions Architect Professional exam info is available on Amazon website at https://aws.amazon.com/certification/certified-solutions-architect-professional/
Prepare your AWS Certified Professional exam with confidence!We provide top-quality SAP-C02 exam dumps materials that are:
1. Accurate and up-to-date: Reflect the latest Amazon Web Services exam changes and ensure you are studying the right content.
2. Comprehensive Cover all exam topics so you do not need to rely on multiple sources.
3. Convenient formats: Choose between PDF files and online AWS Certified Solutions Architect - Professional practice questions for easy studying on any device.
Do not waste time on unreliable SAP-C02 practice test. Choose our proven AWS Certified Professional study materials and pass with flying colors. Try Dumps4free AWS Certified Solutions Architect - Professional 2024 material today!
-
Assurance
AWS Certified Solutions Architect - Professional practice exam has been updated to reflect the most recent questions from the Amazon Web Services SAP-C02 Exam.
-
Demo
Try before you buy! Get a free demo of our AWS Certified Professional exam dumps and see the quality for yourself. Need help? Chat with our support team.
-
Validity
Our Amazon Web Services SAP-C02 PDF contains expert-verified questions and answers, ensuring you're studying the most accurate and relevant material.
-
Success
Achieve SAP-C02 success! Our AWS Certified Solutions Architect - Professional exam questions give you the preparation edge.
If you have any question then contact our customer support at live chat or email us at support@dumps4free.com.
Questions People Ask About SAP-C02 Exam
SAP-C02 is an advanced AWS certification for solutions architects. It confirms your mastery of designing AWS systems aligned with the AWS Well-Architected Framework. This certification demonstrates your ability to build cost-effective, reliable, and high-performance solutions, boosting your value in the cloud computing industry.
SAP-C02 is for the AWS Solutions Architect Professional, designed for individuals with deep technical knowledge and experience in designing distributed systems and applications on AWS. SAA-C03 is the AWS Certified Solutions Architect Associate exam, targeting those newer to designing scalable and elastic AWS-based applications. Each exam requires specific preparation to match its complexity and focus.
SAP-C02 exam is widely considered one of the most challenging AWS certifications. It demands not only in-depth knowledge of many AWS services but also the ability to design complex solutions that prioritize efficiency, security, and business requirements. If you are new to AWS or cloud architecture, expect a steep learning curve!
• Designing highly available, cost-optimized, resilient, and secure architectures on AWS
• Migrating complex solutions to AWS
• Implementing and operationalizing solutions based on architectural best practices
• Selecting appropriate AWS services and technologies to meet business requirements
|
