ExamGecko
Login
Home / Amazon / SAP-C01 / List of questions
Ask Question

Amazon SAP-C01 Practice Test - Questions Answers, Page 34

List of questions

Question 331

Report
Export
Collapse

A large mobile gaming company has successfully migrated all of its on-premises infrastructure to the AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework.

While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions architect finds out that the company’s developers are launching new Amazon EC2 instances as part of their testing and that the developers are not using the appropriate instance types. The solutions architect must implement a control mechanism to limit the instance types that only the developers can launch. Which solution will meet these requirements?

Create a desired-instance-type managed rule in AWS Config. Configure the rule with the instance types that are allowed. Attach the rule to an event to run each time a new EC2 instance is launched.
Create a desired-instance-type managed rule in AWS Config. Configure the rule with the instance types that are allowed. Attach the rule to an event to run each time a new EC2 instance is launched.
In the EC2 console, create a launch template that specifies the instance types that are allowed. Assign the launch template to the developers’ IAM accounts.
In the EC2 console, create a launch template that specifies the instance types that are allowed. Assign the launch template to the developers’ IAM accounts.
Create a new IAM policy. Specify the instance types that are allowed. Attach the policy to an IAM group that contains the IAM accounts for the developers
Create a new IAM policy. Specify the instance types that are allowed. Attach the policy to an IAM group that contains the IAM accounts for the developers
Use EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image.
Use EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image.
Suggested answer: A

Explanation:

Reference: https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_getting-started.html

asked 16/09/2024
Yosra Chabchoub
38 questions

Question 332

Report
Export
Collapse

A company is using an Amazon CloudFront distribution to distribute both static and dynamic content from a web application running behind an Application Load Balancer. The web application requires user authorization and session tracking for dynamic content. The CloudFront distribution has a single cache behavior configured to forward the Authorization, Host, and User-Agent HTTP whitelist headers and a session cookie to the origin. All other cache behavior settings are set to their default value.

A valid ACM certificate is applied to the CloudFront distribution with a matching CNAME in the distribution settings. The ACM certificate is also applied to the HTTPS listener for the Application Load Balancer. The CloudFront origin protocol policy is set to HTTPS only. Analysis of the cache statistics report shows that the miss rate for this distribution is very high. What can the Solutions Architect do to improve the cache hit rate for this distribution without causing the SSL/TLS handshake between CloudFront and the Application Load Balancer to fail?

Create two cache behaviors for static and dynamic content. Remove the User-Agent and Host HTTP headers from thewhitelist headers section on both of the cache behaviors. Remove the session cookie from the whitelist cookies section andthe Authorization HTTP header from the whitelist headers section for cache behavior configured for static content.
Create two cache behaviors for static and dynamic content. Remove the User-Agent and Host HTTP headers from thewhitelist headers section on both of the cache behaviors. Remove the session cookie from the whitelist cookies section andthe Authorization HTTP header from the whitelist headers section for cache behavior configured for static content.
Remove the User-Agent and Authorization HTTP headers from the whitelist headers section of the cache behavior. Thenupdate the cache behavior to use presigned cookies for authorization.
Remove the User-Agent and Authorization HTTP headers from the whitelist headers section of the cache behavior. Thenupdate the cache behavior to use presigned cookies for authorization.
Remove the Host HTTP header from the whitelist headers section and remove the session cookie from the whitelistcookies section for the default cache behavior. Enable automatic object compression and use Lambda@Edge viewerrequest events for user authorization.
Remove the Host HTTP header from the whitelist headers section and remove the session cookie from the whitelistcookies section for the default cache behavior. Enable automatic object compression and use Lambda@Edge viewerrequest events for user authorization.
Create two cache behaviors for static and dynamic content. Remove the User-Agent HTTP header from the whitelistheaders section on both of the cache behaviors. Remove the session cookie from the whitelist cookies section and theAuthorization HTTP header from the whitelist headers section for cache behavior configured for static content.
Create two cache behaviors for static and dynamic content. Remove the User-Agent HTTP header from the whitelistheaders section on both of the cache behaviors. Remove the session cookie from the whitelist cookies section and theAuthorization HTTP header from the whitelist headers section for cache behavior configured for static content.
Suggested answer: D

Explanation:

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-the-cachekey.html

Removing

the host header will result in failed flow between CloudFront and ALB, because they have same certificate.

asked 16/09/2024
Jatuchot Siriwongsilp
41 questions

Question 333

Report
Export
Collapse

An AWS partner company is building a service in AWS Organizations using its organization named org1. This service requires the partner company to have access to AWS resources in a customer account, which is in a separate organization named org2. The company must establish least privilege security access using an API or command line tool to the customer account. What is the MOST secure way to allow org1 to access resources in org2?

The customer should provide the partner company with their AWS account access keys to log in and perform the required tasks.
The customer should provide the partner company with their AWS account access keys to log in and perform the required tasks.
The customer should create an IAM user and assign the required permissions to the IAM user. The customer should then provide the credentials to the partner company to log in and perform the required tasks.
The customer should create an IAM user and assign the required permissions to the IAM user. The customer should then provide the credentials to the partner company to log in and perform the required tasks.
The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role’s Amazon Resource Name (ARN) when requesting access to perform the required tasks.
The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role’s Amazon Resource Name (ARN) when requesting access to perform the required tasks.
The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role’s Amazon Resource Name (ARN), including the external ID in the IAM role’s trust policy, when requesting access to perform the required tasks.
The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role’s Amazon Resource Name (ARN), including the external ID in the IAM role’s trust policy, when requesting access to perform the required tasks.
Suggested answer: B
asked 16/09/2024
Jennifer Okai Addey
36 questions

Question 334

Report
Export
Collapse

A Solutions Architect is working with a company that is extremely sensitive to its IT costs and wishes to implement controls that will result in a predictable AWS spend each month. Which combination of steps can help the company control and monitor its monthly AWS usage to achieve a cost that is as close as possible to the target amount? (Choose three.)

Implement an IAM policy that requires users to specify a ‘workload’ tag for cost allocation when launching Amazon EC2 instances.
Implement an IAM policy that requires users to specify a ‘workload’ tag for cost allocation when launching Amazon EC2 instances.
Contact AWS Support and ask that they apply limits to the account so that users are not able to launch more than a certain number of instance types.
Contact AWS Support and ask that they apply limits to the account so that users are not able to launch more than a certain number of instance types.
Purchase all upfront Reserved Instances that cover 100% of the account’s expected Amazon EC2 usage.
Purchase all upfront Reserved Instances that cover 100% of the account’s expected Amazon EC2 usage.
Place conditions in the users’ IAM policies that limit the number of instances they are able to launch.
Place conditions in the users’ IAM policies that limit the number of instances they are able to launch.
Define ‘workload’ as a cost allocation tag in the AWS Billing and Cost Management console.
Define ‘workload’ as a cost allocation tag in the AWS Billing and Cost Management console.
Set up AWS Budgets to alert and notify when a given workload is expected to exceed a defined cost.
Set up AWS Budgets to alert and notify when a given workload is expected to exceed a defined cost.
Suggested answer: A, E, F
asked 16/09/2024
Brian Charlton,
43 questions

Question 335

Report
Export
Collapse

A car rental company has built a serverless REST API to provide data to its mobile app. The app consists of an Amazon API Gateway API with a Regional endpoint, AWS Lambda functions, and an Amazon Aurora MySQL Serverless DB cluster. The company recently opened the API to mobile apps of partners. A significant increase in the number of requests resulted, causing sporadic database memory errors. Analysis of the API traffic indicates that clients are making multiple HTTP GET requests for the same queries in a short period of time. Traffic is concentrated during business hours, with spikes around holidays and other events. The company needs to improve its ability to support the additional usage while minimizing the increase in costs associated with the solution. Which strategy meets these requirements?

Convert the API Gateway Regional endpoint to an edge-optimized endpoint. Enable caching in the production stage.
Convert the API Gateway Regional endpoint to an edge-optimized endpoint. Enable caching in the production stage.
Implement an Amazon ElastiCache for Redis cache to store the results of the database calls. Modify the Lambda functions to use the cache.
Implement an Amazon ElastiCache for Redis cache to store the results of the database calls. Modify the Lambda functions to use the cache.
Modify the Aurora Serverless DB cluster configuration to increase the maximum amount of available memory.
Modify the Aurora Serverless DB cluster configuration to increase the maximum amount of available memory.
Enable throttling in the API Gateway production stage. Set the rate and burst values to limit the incoming calls.
Enable throttling in the API Gateway production stage. Set the rate and burst values to limit the incoming calls.
Suggested answer: A

Explanation:

Reference: https://aws.amazon.com/getting-started/projects/build-serverless-web-app-lambda-apigateway-s3-dynamodbcognito/module-4/

asked 16/09/2024
om Kumar
42 questions

Question 336

Report
Export
Collapse

Out of the striping options available for the EBS volumes, which one has the following disadvantage:

'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.'?

Raid 1
Raid 1
Raid 0
Raid 0
RAID 1+0 (RAID 10)
RAID 1+0 (RAID 10)
Raid 2
Raid 2
Suggested answer: C

Explanation:

RAID 1+0 (RAID 10) doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/raid-config.html

asked 16/09/2024
Mk Cheng
43 questions

Question 337

Report
Export
Collapse

Which of the following cannot be done using AWS Data Pipeline?

Create complex data processing workloads that are fault tolerant, repeatable, and highly available.
Create complex data processing workloads that are fault tolerant, repeatable, and highly available.
Regularly access your data where it's stored, transform and process it at scale, and efficiently transfer the results to another AWS service.
Regularly access your data where it's stored, transform and process it at scale, and efficiently transfer the results to another AWS service.
Generate reports over data that has been stored.
Generate reports over data that has been stored.
Move data between different AWS compute and storage services as well as on premise data sources at specified intervals.
Move data between different AWS compute and storage services as well as on premise data sources at specified intervals.
Suggested answer: C

Explanation:

AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services as well as on premise data sources at specified intervals. With AWS Data Pipeline, you can regularly access your data where it's stored, transform and process it at scale, and efficiently transfer the results to another AWS. AWS Data Pipeline helps you easily create complex data processing workloads that are fault tolerant, repeatable, and highly available. AWS Data Pipeline also allows you to move and process data that was previously locked up in on premise data silos.

Reference: http://aws.amazon.com/datapipeline/

asked 16/09/2024
Kinzonji Tavares
42 questions

Question 338

Report
Export
Collapse

The following AWS Identity and Access Management (IAM) customer managed policy has been attached to an IAM user:

Amazon SAP-C01 image Question 338 6080 09162024005849000000

Which statement describes the access that this policy provides to the user?

The policy grants access to all Amazon S3 actions, including all actions in the prod-data S3 bucket
The policy grants access to all Amazon S3 actions, including all actions in the prod-data S3 bucket
This policy denies access to all Amazon S3 actions, excluding all actions in the prod-data S3 bucket
This policy denies access to all Amazon S3 actions, excluding all actions in the prod-data S3 bucket
This policy denies access to the Amazon S3 bucket and objects not having prod-data in the bucket name
This policy denies access to the Amazon S3 bucket and objects not having prod-data in the bucket name
This policy grants access to all Amazon S3 actions in the prod-data S3 bucket, but explicitly denies access to all other AWS services
This policy grants access to all Amazon S3 actions in the prod-data S3 bucket, but explicitly denies access to all other AWS services
Suggested answer: D
asked 16/09/2024
Joao Domingues
32 questions

Question 339

Report
Export
Collapse

Your company has recently extended its datacenter into a VPC on AWS to add burst computing capacity as needed Members of your Network Operations Center need to be able to go to the AWS Management Console and administer Amazon EC2 instances as necessary. You don't want to create new IAM users for each NOC member and make those users sign in again to the AWS Management Console. Which option below will meet the needs for your NOC members?

Use OAuth 2.0 to retrieve temporary AWS security credentials to enable your NOC members to sign in to the AWS Management Console.
Use OAuth 2.0 to retrieve temporary AWS security credentials to enable your NOC members to sign in to the AWS Management Console.
Use web Identity Federation to retrieve AWS temporary security credentials to enable your NOC members to sign in to the AWS Management Console.
Use web Identity Federation to retrieve AWS temporary security credentials to enable your NOC members to sign in to the AWS Management Console.
Use your on-premises SAML 2.0-compliant identity provider (IDP) to grant the NOC members federated access to the AWS Management Console via the AWS single sign-on (SSO) endpoint.
Use your on-premises SAML 2.0-compliant identity provider (IDP) to grant the NOC members federated access to the AWS Management Console via the AWS single sign-on (SSO) endpoint.
Use your on-premises SAML2.0-compliam identity provider (IDP) to retrieve temporary security credentials to enable NOC members to sign in to the AWS Management Console.
Use your on-premises SAML2.0-compliam identity provider (IDP) to retrieve temporary security credentials to enable NOC members to sign in to the AWS Management Console.
Suggested answer: C

Explanation:

Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html

asked 16/09/2024
Stefan Lundmark
44 questions

Question 340

Report
Export
Collapse

A company is currently using AWS CodeCommit for its source control and AWS CodePipeline for continuous integration. The pipeline has a build stage for building the artifacts, which is then staged in an Amazon S3 bucket. The company has identified various improvement opportunities in the existing process, and a Solutions Architect has been given the following requirements:

Create a new pipeline to support feature development

Support feature development without impacting production applications Incorporate continuous testing with unit tests Isolate development and production artifacts Support the capability to merge tested code into production code. How should the Solutions Architect achieve these requirements?

Trigger a separate pipeline from CodeCommit feature branches. Use AWS CodeBuild for running unit tests. Use CodeBuild to stage the artifacts within an S3 bucket in a separate testing account.
Trigger a separate pipeline from CodeCommit feature branches. Use AWS CodeBuild for running unit tests. Use CodeBuild to stage the artifacts within an S3 bucket in a separate testing account.
Trigger a separate pipeline from CodeCommit feature branches. Use AWS Lambda for running unit tests. Use AWS CodeDeploy to stage the artifacts within an S3 bucket in a separate testing account.
Trigger a separate pipeline from CodeCommit feature branches. Use AWS Lambda for running unit tests. Use AWS CodeDeploy to stage the artifacts within an S3 bucket in a separate testing account.
Trigger a separate pipeline from CodeCommit tags. Use Jenkins for running unit tests. Create a stage in the pipeline with S3 as the target for staging the artifacts with an S3 bucket in a separate testing account.
Trigger a separate pipeline from CodeCommit tags. Use Jenkins for running unit tests. Create a stage in the pipeline with S3 as the target for staging the artifacts with an S3 bucket in a separate testing account.
Create a separate CodeCommit repository for feature development and use it to trigger the pipeline. Use AWS Lambda for running unit tests. Use AWS CodeBuild to stage the artifacts within different S3 buckets in the same production account.
Create a separate CodeCommit repository for feature development and use it to trigger the pipeline. Use AWS Lambda for running unit tests. Use AWS CodeBuild to stage the artifacts within different S3 buckets in the same production account.
Suggested answer: A

Explanation:

Reference:

https://docs.aws.amazon.com/codebuild/latest/userguide/how-to-create-pipeline.html

asked 16/09/2024
Budi Gunawan
46 questions
Total 906 questions
Go to page: of 91
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company is running an application on several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The load on the application varies throughout the day, and EC2 instances are scaled in and out on a regular basis. Log files from the EC2 instances are copied to a central Amazon S3 bucket every 15 minutes. The security team discovers that log files are missing from some of the terminated EC2 instances. Which set of actions will ensure that log files are copied to the central S3 bucket from the terminated EC2 instances?
A company is developing a gene reporting device that will collect genomic information to assist researchers will collecting large samples of data from a diverse population. The device will push 8 KB of genomic data every second to a data platform that will need to process and analyze the data and provide information back to researchers. The data platform must meet the following requirements: Provide near-real-time analytics of the inbound genomic data Ensure the data is flexible, parallel, and durable Deliver results of processing to a data warehouse Which strategy should a solutions architect use to meet these requirements?
A medical company is running an application in the AWS Cloud. The application simulates the effect of medical drugs in development. The application consists of two parts: configuration and simulation. The configuration part runs in AWS Fargate containers in an Amazon Elastic Container Service (Amazon ECS) cluster. The simulation part runs on large, compute optimized Amazon EC2 instances. Simulations can restart if they are interrupted. The configuration part runs 24 hours a day with a steady load. The simulation part runs only for a few hours each night with a variable load. The company stores simulation results in Amazon S3, and researchers use the results for 30 days. The company must store simulations for 10 years and must be able to retrieve the simulations within 5 hours. Which solution meets these requirements MOST cost-effectively?
A Solutions Architect must build a highly available infrastructure for a popular global video game that runs on a mobile phone platform. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The database tier is an Amazon RDS MySQL Multi-AZ instance. The entire application stack is deployed in both us-east-1 and eu-central-1. Amazon Route 53 is used to route traffic to the two installations using a latency-based routing policy. A weighted routing policy is configured in Route 53 as a fail over to another region in case the installation in a region becomes unresponsive. During the testing of disaster recovery scenarios, after blocking access to the Amazon RDS MySQL instance in eu-central-1 from all the application instances running in that region. Route 53 does not automatically failover all traffic to us- east-1. Based on this situation, which changes would allow the infrastructure to failover to us-east-1? (Choose two.)
Your firm has uploaded a large amount of aerial image data to S3. In the past, in your on-premises environment, you used a dedicated group of servers to oaten process this data and used Rabbit MQ - An open source messaging system to get job information to the servers. Once processed the data would go to tape and be shipped offsite. Your manager told you to stay with the current design, and leverage AWS archival storage and messaging services to minimize cost. Which is correct?
A company’s processing team has an AWS account with a production application. The application runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are hosted in private subnets in a VPC in the eu- west- 1 Region. The VPC was assigned the CIDR block of 10.0.0.0/16. The billing team recently created a new AWS account and deployed an application on EC2 instances that are hosted in private subnets in a VPC in the eu-central-1 Region. The new VPC is assigned the CIDR block of 10.0.0.0/16. The processing application needs to securely communicate with the billing application over a proprietary TCP port. What should a solutions architect do to meet this requirement with the LEAST amount of operational effort?
A company is using multiple AWS accounts. The DNS records are stored in a private hosted zone for Amazon Route 53 in Account A. The company’s applications and databases are running in Account B. A solutions architect will deploy a two-tier application in a new VPC. To simplify the configuration, the db.example.com CNAME record set for the Amazon RDS endpoint was created in a private hosted zone for Amazon Route 53. During deployment the application failed to start. Troubleshooting revealed that db.example.com is not resolvable on the Amazon EC2 instance. The solutions architect confirmed that the record set was created correctly in Route 53. Which combination of steps should the solutions architect take to resolve this issue? (Choose two.)
A company runs an application on AWS. An AWS Lambda function uses credentials to authenticate to an Amazon RDS for MySQL DB instance. A security risk assessment identified that these credentials are not frequently rotated. Also, encryption at rest is not enabled for the DB instance. The security team requires that both of these issues be resolved. Which strategy should a solutions architect recommend to remediate these security risks?
A company runs a dynamic mission-critical web application that has an SLA of 99.99%. Global application users access the application 24/7. The application is currently hosted on premises and routinely fails to meet its SLA, especially when millions of users access the application concurrently. Remote users complain of latency. How should this application be redesigned to be scalable and allow for automatic failover at the lowest cost?
A 3-Ber e-commerce web application is currently deployed on-premises, and will be migrated to AWS for greater scalability and elasticity. The web tier currently shares read-only data using a network distributed file system. The app server tier uses a clustering mechanism for discovery and shared session state that depends on IP multicast. The database tier uses sharedstorage clustering to provide database failover capability, and uses several read slaves for scaling. Data on all servers and the distributed file system directory is backed up weekly to off-site tapes. Which AWS storage and database architecture meets the requirements of the application?