ExamGecko
Search Search Login
Home Home / Amazon / SAP-C01

Amazon SAP-C01 Practice Test - Questions Answers, Page 38

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company is developing a gene reporting device that will collect genomic information to assist researchers will collecting large samples of data from a diverse population. The device will push 8 KB of genomic data every second to a data platform that will need to process and analyze the data and provide information back to researchers. The data platform must meet the following requirements: Provide near-real-time analytics of the inbound genomic data Ensure the data is flexible, parallel, and durable Deliver results of processing to a data warehouse Which strategy should a solutions architect use to meet these requirements?
A medical company is building a data lake on Amazon S3. The data must be encrypted in transit and at rest. The data must remain protected even if S3 bucket is inadvertently made public. Which combination of steps will meet these requirements? (Choose three.)
A solutions architect needs to advise a company on how to migrate its on-premises data processing application to the AWS Cloud. Currently, users upload input files through a web portal. The web server then stores the uploaded files on NAS and messages the processing server over a message queue. Each media file can take up to 1 hour to process. The company has determined that the number of media files awaiting processing is significantly higher during business hours, with the number of files rapidly declining after business hours. What is the MOST cost-effective migration recommendation?
An online e-commerce business is running a workload on AWS. The application architecture includes a web tier, an application tier for business logic, and a database tier for user and transactional data management. The database server has a 100 GB memory requirement. The business requires cost-efficient disaster recovery for the application with an RTO of 5 minutes and an RPO of 1 hour. The business also has a regulatory for out-of-region disaster recovery with a minimum distance between the primary and alternate sites of 250 miles. Which of the following options can the Solutions Architect design to create a comprehensive solution for this customer that meets the disaster recovery requirements?
For AWS CloudFormation, which stack state refuses UpdateStack calls?
A Solutions Architect is migrating a 10 TB PostgreSQL database to Amazon RDS for PostgreSQL. The company’s internet link is 50 MB with a VPN in the Amazon VPC, and the Solutions Architect needs to migrate the data and synchronize the changes before the cutover. The cutover must take place within an 8-day period. What is the LEAST complex method of migrating the database securely and reliably?
A company’s processing team has an AWS account with a production application. The application runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are hosted in private subnets in a VPC in the eu- west- 1 Region. The VPC was assigned the CIDR block of 10.0.0.0/16. The billing team recently created a new AWS account and deployed an application on EC2 instances that are hosted in private subnets in a VPC in the eu-central-1 Region. The new VPC is assigned the CIDR block of 10.0.0.0/16. The processing application needs to securely communicate with the billing application over a proprietary TCP port. What should a solutions architect do to meet this requirement with the LEAST amount of operational effort?
A company is hosting a critical application on a single Amazon EC2 instance. The application uses an Amazon ElastiCache for Redis single-node cluster for an in-memory data store. The application uses an Amazon RDS for MariaDB DB instance for a relational database. For the application to function, each piece of the infrastructure must be healthy and must be in an active state. A solutions architect needs to improve the application's architecture so that the infrastructure can automatically recover from failure with the least possible downtime. Which combination of steps will meet these requirements? (Select THREE.)
What is the maximum number of data points for an HTTP data request that a user can include in PutMetricRequest in theCloudWatch?
You have deployed a web application targeting a global audience across multiple AWS Regions under the domain name.example.com. You decide to use Route53 Latency-Based Routing to serve web requests to users from the region closest to the user. To provide business continuity in the event of server downtime you configure weighted record sets associated with two web servers in separate Availability Zones per region. Dunning a DR test you notice that when you disable all web servers in one of the regions Route53 does not automatically direct all users to the other region. What could be happening? (Choose two.)

Question 371

Report
Export
Collapse

In the context of AWS IAM, identify a true statement about user passwords (login profiles).

A.
They must contain Unicode characters.
A.
They must contain Unicode characters.
Answers
B.
They can contain any Basic Latin (ASCII) characters.
B.
They can contain any Basic Latin (ASCII) characters.
Answers
C.
They must begin and end with a forward slash (/).
C.
They must begin and end with a forward slash (/).
Answers
D.
They cannot contain Basic Latin (ASCII) characters.
D.
They cannot contain Basic Latin (ASCII) characters.
Answers
Suggested answer: B

Explanation:

The user passwords (login profiles) of IAM users can contain any Basic Latin (ASCII)characters.

Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html

Question 372

Report
Export
Collapse

A company manages hundreds of AWS accounts centrally in an organization in AWS Organizations. The company recently started to allow product teams to create and manage their own S3 access points in their accounts. The S3 access points can be accessed only within VPCs, not on the Internet.

What is the MOST operationally efficient way to enforce this requirement?

A.
Set the S3 access point resource policy to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
A.
Set the S3 access point resource policy to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
Answers
B.
Create an SCP at the root level in the organization to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
B.
Create an SCP at the root level in the organization to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
Answers
C.
Use AWS CloudFormation StackSets to create a new IAM policy in each AWS account that allows the s3:CreateAccessPoint action only if the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
C.
Use AWS CloudFormation StackSets to create a new IAM policy in each AWS account that allows the s3:CreateAccessPoint action only if the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
Answers
D.
Set the S3 bucket policy to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
D.
Set the S3 bucket policy to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
Answers
Suggested answer: D

Explanation:

Reference: https://aws.amazon.com/blogs/storage/managing-amazon-s3-access-with-vpc-endpoints-and-s3-access-points/

Question 373

Report
Export
Collapse

A software company has deployed an application that consumes a REST API by using Amazon API Gateway, AWS Lambda functions, and an Amazon DynamoDB table. The application is showing an increase in the number of errors during PUT requests. Most of the PUT calls come from a small number of clients that are authenticated with specific API keys. A solutions architect has identified that a large number of the PUT requests originate from one client. The API is noncritical, and clients can tolerate retries of unsuccessful calls. However, the errors are displayed to customers and are causing damage to the API’s reputation.

What should the solutions architect recommend to improve the customer experience?

A.
Implement retry logic with exponential backoff and irregular variation in the client application. Ensure that the errors are caught and handled with descriptive error messages.
A.
Implement retry logic with exponential backoff and irregular variation in the client application. Ensure that the errors are caught and handled with descriptive error messages.
Answers
B.
Implement API throttling through a usage plan at the API Gateway level. Ensure that the client application handles code 429 replies without error.
B.
Implement API throttling through a usage plan at the API Gateway level. Ensure that the client application handles code 429 replies without error.
Answers
C.
Turn on API caching to enhance responsiveness for the production stage. Run 10-minute load tests. Verify that the cache capacity is appropriate for the workload.
C.
Turn on API caching to enhance responsiveness for the production stage. Run 10-minute load tests. Verify that the cache capacity is appropriate for the workload.
Answers
D.
Implement reserved concurrency at the Lambda function level to provide the resources that are needed during sudden increases in traffic.
D.
Implement reserved concurrency at the Lambda function level to provide the resources that are needed during sudden increases in traffic.
Answers
Suggested answer: C

Explanation:

API Gateway recommends that you run a 10-minute load test to verify that your cache capacity is appropriate for your workload.

Reference: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html

Question 374

Report
Export
Collapse

In which step of "start using AWS Direct Connect" steps is the virtual interface you created tagged with a customer-provided tag that complies with the Ethernet 802.1Q standard?

A.
Download Router Configuration.
A.
Download Router Configuration.
Answers
B.
Complete the Cross Connect.
B.
Complete the Cross Connect.
Answers
C.
Configure Redundant Connections with AWS Direct Connect.
C.
Configure Redundant Connections with AWS Direct Connect.
Answers
D.
Create a Virtual Interface.
D.
Create a Virtual Interface.
Answers
Suggested answer: D

Explanation:

In the list of using Direct Connect steps, the create a Virtual Interface step is to provision your virtual interfaces. Each virtual interface must be tagged with a customer-provided tag that complies with the Ethernet 802.1Q standard. This tag is required for any traffic traversing the AWS Direct Connect connection.

Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#createvirtualinterface

Question 375

Report
Export
Collapse

A company has a data lake in Amazon S3 that needs to be accessed by hundreds of applications across many AWS accounts. The company’s information security policy states that the S3 bucket must not be accessed over the public internet and that each application should have the minimum permissions necessary to function.

To meet these requirements, a solutions architect plans to use an S3 access point that is restricted to specific VPCs for each application. Which combination of steps should the solutions architect take to implement this solution? (Choose two.)

A.
Create an S3 access point for each application in the AWS account that owns the S3 bucket. Configure each access point to be accessible only from the application’s VPC. Update the bucket policy to require access from an access point
A.
Create an S3 access point for each application in the AWS account that owns the S3 bucket. Configure each access point to be accessible only from the application’s VPC. Update the bucket policy to require access from an access point
Answers
B.
Create an interface endpoint for Amazon S3 in each application’s VPC. Configure the endpoint policy to allow access to an S3 access point. Create a VPC gateway attachment for the S3 endpoint
B.
Create an interface endpoint for Amazon S3 in each application’s VPC. Configure the endpoint policy to allow access to an S3 access point. Create a VPC gateway attachment for the S3 endpoint
Answers
C.
Create a gateway endpoint for Amazon S3 in each application’s VPConfigure the endpoint policy to allow access to an S3 access point. Specify the route table that is used to access the access point.
C.
Create a gateway endpoint for Amazon S3 in each application’s VPConfigure the endpoint policy to allow access to an S3 access point. Specify the route table that is used to access the access point.
Answers
D.
Create an S3 access point for each application in each AWS account and attach the access points to the S3 bucket. Configure each access point to be accessible only from the application’s VPC. Update the bucket policy to require access from an access point.
D.
Create an S3 access point for each application in each AWS account and attach the access points to the S3 bucket. Configure each access point to be accessible only from the application’s VPC. Update the bucket policy to require access from an access point.
Answers
E.
Create a gateway endpoint for Amazon S3 in the data lake’s VPC. Attach an endpoint policy to allow access to the S3 bucket. Specify the route table that is used to access the bucket
E.
Create a gateway endpoint for Amazon S3 in the data lake’s VPC. Attach an endpoint policy to allow access to the S3 bucket. Specify the route table that is used to access the bucket
Answers
Suggested answer: A, C

Question 376

Report
Export
Collapse

What is the network performance offered by the c4.8xlarge instance in Amazon EC2?

A.
Very High but variable
A.
Very High but variable
Answers
B.
20 Gigabit
B.
20 Gigabit
Answers
C.
5 Gigabit
C.
5 Gigabit
Answers
D.
10 Gigabit
D.
10 Gigabit
Answers
Suggested answer: D

Explanation:

Networking performance offered by the c4.8xlarge instance is 10 Gigabit.

Reference: http://aws.amazon.com/ec2/instance-types/

Question 377

Report
Export
Collapse

What is the default maximum number of VPCs allowed per region?

A.
5
A.
5
Answers
B.
10
B.
10
Answers
C.
100
C.
100
Answers
D.
15
D.
15
Answers
Suggested answer: A

Explanation:

The maximum number of VPCs allowed per region is 5.

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_Limits.html

Question 378

Report
Export
Collapse

A company is using AWS for production and development workloads. Each business unit has its own AWS account for production, and a separate AWS account to develop and deploy its applications. The Information Security department has introduced new security policies that limit access for terminating certain Amazon EC2 instances in all accounts to a small group of individuals from the Security team. How can the Solutions Architect meet these requirements?

A.
Create a new IAM policy that allows access to those EC2 instances only for the Security team. Apply this policy to the AWS Organizations master account.
A.
Create a new IAM policy that allows access to those EC2 instances only for the Security team. Apply this policy to the AWS Organizations master account.
Answers
B.
Create a new tag-based IAM policy that allows access to these EC2 instances only for the Security team. Tag the instances appropriately, and apply this policy in each account.
B.
Create a new tag-based IAM policy that allows access to these EC2 instances only for the Security team. Tag the instances appropriately, and apply this policy in each account.
Answers
C.
Create an organizational unit under AWS Organizations. Move all the accounts into this organizational unit and use SCP to apply a whitelist policy to allow access to these EC2 instances for the Security team only.
C.
Create an organizational unit under AWS Organizations. Move all the accounts into this organizational unit and use SCP to apply a whitelist policy to allow access to these EC2 instances for the Security team only.
Answers
D.
Set up SAML federation for all accounts in AWS. Configure SAML so that it checks for the service API call before authenticating the user. Block SAML from authenticating API calls if anyone other than the Security team accesses these instances.
D.
Set up SAML federation for all accounts in AWS. Configure SAML so that it checks for the service API call before authenticating the user. Block SAML from authenticating API calls if anyone other than the Security team accesses these instances.
Answers
Suggested answer: C

Explanation:

Reference:

https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-to-set-permission-guardrails-across-accounts-inyour-aws-organization/ https://docs.aws.amazon.com/organizations/latest/userguide/ orgs_manage_policies_examplescps.html

Question 379

Report
Export
Collapse

A Solutions Architect is designing a multi-account structure that has 10 existing accounts. The design must meet the following requirements:

Consolidate all accounts into one organization.

Allow full access to the Amazon EC2 service from the master account and the secondary accounts. Minimize the effort required to add additional secondary accounts. Which combination of steps should be included in the solution? (Choose two.)

A.
Create an organization from the master account. Send invitations to the secondary accounts from the master account. Accept the invitations and create an OU.
A.
Create an organization from the master account. Send invitations to the secondary accounts from the master account. Accept the invitations and create an OU.
Answers
B.
Create an organization from the master account. Send a join request to the master account from each secondary account. Accept the requests and create an OU.
B.
Create an organization from the master account. Send a join request to the master account from each secondary account. Accept the requests and create an OU.
Answers
C.
Create a VPC peering connection between the master account and the secondary accounts. Accept the request for the VPC peering connection.
C.
Create a VPC peering connection between the master account and the secondary accounts. Accept the request for the VPC peering connection.
Answers
D.
Create a service control policy (SCP) that enables full EC2 access, and attach the policy to the OU.
D.
Create a service control policy (SCP) that enables full EC2 access, and attach the policy to the OU.
Answers
E.
Create a full EC2 access policy and map the policy to a role in each account. Trust every other account to assume the role.
E.
Create a full EC2 access policy and map the policy to a role in each account. Trust every other account to assume the role.
Answers
Suggested answer: A, D

Explanation:

There is a concept of Permission Boundary vs Actual IAM Policies. That is, we have a concept of “Allow” vs “Grant”. In terms of boundaries, we have the following three boundaries:

1. SCP

2. User/Role boundaries

3. Session boundaries (ex. AssumeRole ... )

In terms of actual permission granting, we have the following:

1. Identity Policies

2. Resource Policies

Question 380

Report
Export
Collapse

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24) and VPN only subnets CIDR (20.0.1.0/24) along with the VPN gateway (vgw123456) to connect to the user's data center.

The user's data center has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456) to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

A.
Destination: 20.0.0.0/16 and Target: local
A.
Destination: 20.0.0.0/16 and Target: local
Answers
B.
Destination: 0.0.0.0/0 and Target: i-123456
B.
Destination: 0.0.0.0/0 and Target: i-123456
Answers
C.
Destination: 172.28.0.0/12 and Target: vgw-123456
C.
Destination: 172.28.0.0/12 and Target: vgw-123456
Answers
D.
Destination: 20.0.1.0/24 and Target: i-123456
D.
Destination: 20.0.1.0/24 and Target: i-123456
Answers
Suggested answer: D

Explanation:

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests, then all requests to the internet should be routed to it.

All requests to the organization's DC will be routed to the VPN gateway. Here are the valid entries for the main route table in this scenario:

Destination: 0.0.0.0/0 & Target: i-123456 (To route all internet traffic to the NAT Instance) Destination: 172.28.0.0/12 & Target: vgw-123456 (To route all the organization's data centre traffic to the VPN gateway) Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC)

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario3.html

Total 906 questions
Go to page: of 91
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms