ExamGecko
Login
Home / Amazon / SAP-C01 / List of questions
Ask Question

Amazon SAP-C01 Practice Test - Questions Answers, Page 49

List of questions

Question 481

Report
Export
Collapse

A company’s application is increasingly popular and experiencing latency because of high volume reads on the database server. The service has the following properties:

A highly available REST API hosted in one region using Application Load Balancer (ALB) with auto scaling. A MySQL database hosted on an Amazon EC2 instance in a single Availability Zone. The company wants to reduce latency, increase in-region database read performance, and have multi-region disaster recovery capabilities that can perform a live recovery automatically without any data or performance loss (HA/DR). Which deployment strategy will meet these requirements?

Use AWS CloudFormation StackSets to deploy the API layer in two regions. Migrate the database to an Amazon Aurora with MySQL database cluster with multiple read replicas in one region and a read replica in a different region than the source database cluster. Use Amazon Route 53 health checks to trigger a DNS failover to the standby region if the health checks to the primary load balancer fail. In the event of Route 53 failover, promote the cross-region database replica to be the master and build out new read replicas in the standby region.
Use AWS CloudFormation StackSets to deploy the API layer in two regions. Migrate the database to an Amazon Aurora with MySQL database cluster with multiple read replicas in one region and a read replica in a different region than the source database cluster. Use Amazon Route 53 health checks to trigger a DNS failover to the standby region if the health checks to the primary load balancer fail. In the event of Route 53 failover, promote the cross-region database replica to be the master and build out new read replicas in the standby region.
Use Amazon ElastiCache for Redis Multi-AZ with an automatic failover to cache the database read queries. Use AWS OpsWorks to deploy the API layer, cache layer, and existing database layer in two regions. In the event of failure, use Amazon Route 53 health checks on the database to trigger a DNS failover to the standby region if the health checks in the primary region fail. Back up the MySQL database frequently, and in the event of a failure in an active region, copy the backup to the standby region and restore the standby database.
Use Amazon ElastiCache for Redis Multi-AZ with an automatic failover to cache the database read queries. Use AWS OpsWorks to deploy the API layer, cache layer, and existing database layer in two regions. In the event of failure, use Amazon Route 53 health checks on the database to trigger a DNS failover to the standby region if the health checks in the primary region fail. Back up the MySQL database frequently, and in the event of a failure in an active region, copy the backup to the standby region and restore the standby database.
Use AWS CloudFormation StackSets to deploy the API layer in two regions. Add the database to an Auto Scaling group. Add a read replica to the database in the second region. Use Amazon Route 53 health checks on the database to trigger a DNS failover to the standby region if the health checks in the primary region fail. Promote the cross-region database replica to be the master and build out new read replicas in the standby region.
Use AWS CloudFormation StackSets to deploy the API layer in two regions. Add the database to an Auto Scaling group. Add a read replica to the database in the second region. Use Amazon Route 53 health checks on the database to trigger a DNS failover to the standby region if the health checks in the primary region fail. Promote the cross-region database replica to be the master and build out new read replicas in the standby region.
Use Amazon ElastiCache for Redis Multi-AZ with an automatic failover to cache the database read queries. Use AWS OpsWorks to deploy the API layer, cache layer, and existing database layer in two regions. Use Amazon Route 53 health checks on the ALB to trigger a DNS failover to the standby region if the health checks in the primary region fail. Back up the MySQL database frequently, and in the event of a failure in an active region, copy the backup to the standby region and restore the standby database.
Use Amazon ElastiCache for Redis Multi-AZ with an automatic failover to cache the database read queries. Use AWS OpsWorks to deploy the API layer, cache layer, and existing database layer in two regions. Use Amazon Route 53 health checks on the ALB to trigger a DNS failover to the standby region if the health checks in the primary region fail. Back up the MySQL database frequently, and in the event of a failure in an active region, copy the backup to the standby region and restore the standby database.
Suggested answer: A
asked 16/09/2024
Preetham Pakhala
29 questions

Question 482

Report
Export
Collapse

In Amazon ElastiCache, which of the following statements is correct?

When you launch an ElastiCache cluster into an Amazon VPC private subnet, every cache node is assigned a public IP address within that subnet.
When you launch an ElastiCache cluster into an Amazon VPC private subnet, every cache node is assigned a public IP address within that subnet.
You cannot use ElastiCache in a VPC that is configured for dedicated instance tenancy.
You cannot use ElastiCache in a VPC that is configured for dedicated instance tenancy.
If your AWS account supports only the EC2-VPC platform, ElastiCache will never launch your cluster in a VPC.
If your AWS account supports only the EC2-VPC platform, ElastiCache will never launch your cluster in a VPC.
ElastiCache is not fully integrated with Amazon Virtual Private Cloud (VPC).
ElastiCache is not fully integrated with Amazon Virtual Private Cloud (VPC).
Suggested answer: B

Explanation:

The VPC must allow non-dedicated EC2 instances. You cannot use ElastiCache in a VPC that is configured for dedicated instance tenancy.

Reference: http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/AmazonVPC.EC.html

asked 16/09/2024
B M
32 questions

Question 483

Report
Export
Collapse

A company has an application written using an in-house software framework. The framework installation takes 30 minutes and is performed with a user data script. Company Developers deploy changes to the application frequently. The framework installation is becoming a bottleneck in this process.

Which of the following would speed up this process?

Create a pipeline to build a custom AMI with the framework installed and use this AMI as a baseline for application deployments.
Create a pipeline to build a custom AMI with the framework installed and use this AMI as a baseline for application deployments.
Employ a user data script to install the framework but compress the installation files to make them smaller.
Employ a user data script to install the framework but compress the installation files to make them smaller.
Create a pipeline to parallelize the installation tasks and call this pipeline from a user data script.
Create a pipeline to parallelize the installation tasks and call this pipeline from a user data script.
Configure an AWS OpsWorks cookbook that installs the framework instead of employing user data. Use this cookbook as a base for all deployments.
Configure an AWS OpsWorks cookbook that installs the framework instead of employing user data. Use this cookbook as a base for all deployments.
Suggested answer: C

Explanation:

Reference: https://aws.amazon.com/codepipeline/features/?nc=sn&loc=2

asked 16/09/2024
Sullivan Dabireau
36 questions

Question 484

Report
Export
Collapse

During a security audit of a Service team’s application, a Solutions Architect discovers that a username and password for an Amazon RDS database and a set of AWS IAM user credentials can be viewed in the AWS Lambda function code. The Lambda function uses the username and password to run queries on the database, and it uses the IAM credentials to call AWS services in a separate management account. The Solutions Architect is concerned that the credentials could grant inappropriate access to anyone who can view the Lambda code. The management account and the Service team’s account are in separate AWS Organizations organizational units (OUs).

Which combination of changes should the Solutions Architect make to improve the solution’s security? (Choose two.)

Configure Lambda to assume a role in the management account with appropriate access to AWS.
Configure Lambda to assume a role in the management account with appropriate access to AWS.
Configure Lambda to use the stored database credentials in AWS Secrets Manager and enable automatic rotation.
Configure Lambda to use the stored database credentials in AWS Secrets Manager and enable automatic rotation.
Create a Lambda function to rotate the credentials every hour by deploying a new Lambda version with the updated credentials.
Create a Lambda function to rotate the credentials every hour by deploying a new Lambda version with the updated credentials.
Use an SCP on the management account’s OU to prevent IAM users from accessing resources in the Service team’s account.
Use an SCP on the management account’s OU to prevent IAM users from accessing resources in the Service team’s account.
Enable AWS Shield Advanced on the management account to shield sensitive resources from unauthorized IAM access.
Enable AWS Shield Advanced on the management account to shield sensitive resources from unauthorized IAM access.
Suggested answer: B, D
asked 16/09/2024
Ibrahim Ramku
51 questions

Question 485

Report
Export
Collapse

In Amazon Cognito, your mobile app authenticates with the Identity Provider (IdP) using the provider's SDK. Once the end user is authenticated with the IdP, the OAuth or OpenID Connect token returned from the IdP is passed by your app to Amazon Cognito, which returns a new _____ for the user and a set of temporary, limited-privilege AWS credentials.

Cognito Key Pair
Cognito Key Pair
Cognito API
Cognito API
Cognito ID
Cognito ID
Cognito SDK
Cognito SDK
Suggested answer: C

Explanation:

Your mobile app authenticates with the identity provider (IdP) using the provider's SDK. Once the end user is authenticated with the IdP, the OAuth or OpenID Connect token returned from the IdP is passed by your app to Amazon Cognito, which returns a new Cognito ID for the user and a set of temporary, limited-privilege AWS credentials.

Reference: http://aws.amazon.com/cognito/faqs/

asked 16/09/2024
Gaurav Singh
36 questions

Question 486

Report
Export
Collapse

A large global company wants to migrate a stateless mission-critical application to AWS. The application is based on IBM WebSphere (application and integration middleware), IBM MQ (messaging middleware), and IBM DB2 (database software) on a z/OS operating system.

How should the Solutions Architect migrate the application to AWS?

Re-host WebSphere-based applications on Amazon EC2 behind a load balancer with Auto Scaling. Re-platform the IBM MQ to an Amazon EC2-based MQ. Re-platform the z/OS-based DB2 to Amazon RDS DB2.
Re-host WebSphere-based applications on Amazon EC2 behind a load balancer with Auto Scaling. Re-platform the IBM MQ to an Amazon EC2-based MQ. Re-platform the z/OS-based DB2 to Amazon RDS DB2.
Re-host WebSphere-based applications on Amazon EC2 behind a load balancer with Auto Scaling. Re-platform the IBM MQ to an Amazon MQ. Re-platform z/OS-based DB2 to Amazon EC2-based DB2.
Re-host WebSphere-based applications on Amazon EC2 behind a load balancer with Auto Scaling. Re-platform the IBM MQ to an Amazon MQ. Re-platform z/OS-based DB2 to Amazon EC2-based DB2.
Orchestrate and deploy the application by using AWS Elastic Beanstalk. Re-platform the IBM MQ to Amazon SQS. Replatform z/OS-based DB2 to Amazon RDS DB2.
Orchestrate and deploy the application by using AWS Elastic Beanstalk. Re-platform the IBM MQ to Amazon SQS. Replatform z/OS-based DB2 to Amazon RDS DB2.
Use the AWS Server Migration Service to migrate the IBM WebSphere and IBM DB2 to an Amazon EC2-based solution. Re-platform the IBM MQ to an Amazon MQ.
Use the AWS Server Migration Service to migrate the IBM WebSphere and IBM DB2 to an Amazon EC2-based solution. Re-platform the IBM MQ to an Amazon MQ.
Suggested answer: B

Explanation:

Reference:

https://aws.amazon.com/blogs/database/aws-database-migration-service-and-aws-schema-conversion-tool-now-supportibm-db2-as-a-source/ https://aws.amazon.com/quickstart/architecture/ibm-mq/

asked 16/09/2024
Martin Ng
43 questions

Question 487

Report
Export
Collapse

A company uses Amazon S3 to store documents that may only be accessible to an Amazon EC2 instance in a certain virtual private cloud (VPC). The company fears that a malicious insider with access to this instance could also set up an EC2 instance in another VPC to access these documents.

Which of the following solutions will provide the required protection?

Use an S3 VPC endpoint and an S3 bucket policy to limit access to this VPC endpoint.
Use an S3 VPC endpoint and an S3 bucket policy to limit access to this VPC endpoint.
Use EC2 instance profiles and an S3 bucket policy to limit access to the role attached to the instance profile.
Use EC2 instance profiles and an S3 bucket policy to limit access to the role attached to the instance profile.
Use S3 client-side encryption and store the key in the instance metadata.
Use S3 client-side encryption and store the key in the instance metadata.
Use S3 server-side encryption and protect the key with an encryption context.
Use S3 server-side encryption and protect the key with an encryption context.
Suggested answer: B
asked 16/09/2024
Bruno Piovan
27 questions

Question 488

Report
Export
Collapse

When you put objects in Amazon S3, what is the indication that an object was successfully stored?

A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
Amazon S3 is engineered for 99.999999999% durability. Therefore there is no need to confirm that data was inserted.
Amazon S3 is engineered for 99.999999999% durability. Therefore there is no need to confirm that data was inserted.
A success code is inserted into the S3 object metadata.
A success code is inserted into the S3 object metadata.
Each S3 account has a special bucket named _s3_logs. Success codes are written to this bucket with a timestamp and checksum.
Each S3 account has a special bucket named _s3_logs. Success codes are written to this bucket with a timestamp and checksum.
Suggested answer: A
asked 16/09/2024
Kevin Brigitta
27 questions

Question 489

Report
Export
Collapse

You would like to create a mirror image of your production environment in another region for disaster recovery purposes. Which of the following AWS resources do not need to be recreated in the second region? (Choose two.)

Route 53 Record Sets
Route 53 Record Sets
IAM Roles
IAM Roles
Elastic IP Addresses (EIP)
Elastic IP Addresses (EIP)
EC2 Key Pairs
EC2 Key Pairs
Launch configurations
Launch configurations
Security Groups
Security Groups
Suggested answer: A, B

Explanation:

As per the document defined, new IPs should be reserved not the same ones Elastic IP Addresses are static IP addresses designed for dynamic cloud computing. Unlike traditional static IP addresses, however, Elastic IP addresses enable you to mask instance or Availability Zone failures by programmatically remapping your public IP addresses to instances in your account in a particular region. For DR, you can also pre-allocate some IP addresses for the most critical systems so that their IP addresses are already known before disaster strikes. This can simplify the execution of the DR plan. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resources.html

asked 16/09/2024
Nader Pouri
31 questions

Question 490

Report
Export
Collapse

A customer has established an AWS Direct Connect connection to AWS. The link is up and routes are being advertised from the customer's end, however the customer is unable to connect from EC2 instances inside its VPC to servers residing in its datacenter.

Which of the following options provide a viable solution to remedy this situation? (Choose two.)

Add a route to the route table with an iPsec VPN connection as the target.
Add a route to the route table with an iPsec VPN connection as the target.
Enable route propagation to the virtual pinnate gateway (VGW).
Enable route propagation to the virtual pinnate gateway (VGW).
Enable route propagation to the customer gateway (CGW).
Enable route propagation to the customer gateway (CGW).
Modify the route table of all Instances using the 'route' command.
Modify the route table of all Instances using the 'route' command.
Modify the Instances VPC subnet route table by adding a route back to the customer's on-premises environment.
Modify the Instances VPC subnet route table by adding a route back to the customer's on-premises environment.
Suggested answer: B, E
asked 16/09/2024
Roger Berger
27 questions
Total 906 questions
Go to page: of 91
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company is running an application on several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The load on the application varies throughout the day, and EC2 instances are scaled in and out on a regular basis. Log files from the EC2 instances are copied to a central Amazon S3 bucket every 15 minutes. The security team discovers that log files are missing from some of the terminated EC2 instances. Which set of actions will ensure that log files are copied to the central S3 bucket from the terminated EC2 instances?
A company is developing a gene reporting device that will collect genomic information to assist researchers will collecting large samples of data from a diverse population. The device will push 8 KB of genomic data every second to a data platform that will need to process and analyze the data and provide information back to researchers. The data platform must meet the following requirements: Provide near-real-time analytics of the inbound genomic data Ensure the data is flexible, parallel, and durable Deliver results of processing to a data warehouse Which strategy should a solutions architect use to meet these requirements?
A medical company is running an application in the AWS Cloud. The application simulates the effect of medical drugs in development. The application consists of two parts: configuration and simulation. The configuration part runs in AWS Fargate containers in an Amazon Elastic Container Service (Amazon ECS) cluster. The simulation part runs on large, compute optimized Amazon EC2 instances. Simulations can restart if they are interrupted. The configuration part runs 24 hours a day with a steady load. The simulation part runs only for a few hours each night with a variable load. The company stores simulation results in Amazon S3, and researchers use the results for 30 days. The company must store simulations for 10 years and must be able to retrieve the simulations within 5 hours. Which solution meets these requirements MOST cost-effectively?
A Solutions Architect must build a highly available infrastructure for a popular global video game that runs on a mobile phone platform. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The database tier is an Amazon RDS MySQL Multi-AZ instance. The entire application stack is deployed in both us-east-1 and eu-central-1. Amazon Route 53 is used to route traffic to the two installations using a latency-based routing policy. A weighted routing policy is configured in Route 53 as a fail over to another region in case the installation in a region becomes unresponsive. During the testing of disaster recovery scenarios, after blocking access to the Amazon RDS MySQL instance in eu-central-1 from all the application instances running in that region. Route 53 does not automatically failover all traffic to us- east-1. Based on this situation, which changes would allow the infrastructure to failover to us-east-1? (Choose two.)
Your firm has uploaded a large amount of aerial image data to S3. In the past, in your on-premises environment, you used a dedicated group of servers to oaten process this data and used Rabbit MQ - An open source messaging system to get job information to the servers. Once processed the data would go to tape and be shipped offsite. Your manager told you to stay with the current design, and leverage AWS archival storage and messaging services to minimize cost. Which is correct?
A company’s processing team has an AWS account with a production application. The application runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are hosted in private subnets in a VPC in the eu- west- 1 Region. The VPC was assigned the CIDR block of 10.0.0.0/16. The billing team recently created a new AWS account and deployed an application on EC2 instances that are hosted in private subnets in a VPC in the eu-central-1 Region. The new VPC is assigned the CIDR block of 10.0.0.0/16. The processing application needs to securely communicate with the billing application over a proprietary TCP port. What should a solutions architect do to meet this requirement with the LEAST amount of operational effort?
A company is using multiple AWS accounts. The DNS records are stored in a private hosted zone for Amazon Route 53 in Account A. The company’s applications and databases are running in Account B. A solutions architect will deploy a two-tier application in a new VPC. To simplify the configuration, the db.example.com CNAME record set for the Amazon RDS endpoint was created in a private hosted zone for Amazon Route 53. During deployment the application failed to start. Troubleshooting revealed that db.example.com is not resolvable on the Amazon EC2 instance. The solutions architect confirmed that the record set was created correctly in Route 53. Which combination of steps should the solutions architect take to resolve this issue? (Choose two.)
A company runs an application on AWS. An AWS Lambda function uses credentials to authenticate to an Amazon RDS for MySQL DB instance. A security risk assessment identified that these credentials are not frequently rotated. Also, encryption at rest is not enabled for the DB instance. The security team requires that both of these issues be resolved. Which strategy should a solutions architect recommend to remediate these security risks?
A company runs a dynamic mission-critical web application that has an SLA of 99.99%. Global application users access the application 24/7. The application is currently hosted on premises and routinely fails to meet its SLA, especially when millions of users access the application concurrently. Remote users complain of latency. How should this application be redesigned to be scalable and allow for automatic failover at the lowest cost?
A 3-Ber e-commerce web application is currently deployed on-premises, and will be migrated to AWS for greater scalability and elasticity. The web tier currently shares read-only data using a network distributed file system. The app server tier uses a clustering mechanism for discovery and shared session state that depends on IP multicast. The database tier uses sharedstorage clustering to provide database failover capability, and uses several read slaves for scaling. Data on all servers and the distributed file system directory is backed up weekly to off-site tapes. Which AWS storage and database architecture meets the requirements of the application?