ExamGecko
Search Search Login
Home Home / Amazon / SAP-C01

Amazon SAP-C01 Practice Test - Questions Answers, Page 44

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company is developing a gene reporting device that will collect genomic information to assist researchers will collecting large samples of data from a diverse population. The device will push 8 KB of genomic data every second to a data platform that will need to process and analyze the data and provide information back to researchers. The data platform must meet the following requirements: Provide near-real-time analytics of the inbound genomic data Ensure the data is flexible, parallel, and durable Deliver results of processing to a data warehouse Which strategy should a solutions architect use to meet these requirements?
A medical company is building a data lake on Amazon S3. The data must be encrypted in transit and at rest. The data must remain protected even if S3 bucket is inadvertently made public. Which combination of steps will meet these requirements? (Choose three.)
A solutions architect needs to advise a company on how to migrate its on-premises data processing application to the AWS Cloud. Currently, users upload input files through a web portal. The web server then stores the uploaded files on NAS and messages the processing server over a message queue. Each media file can take up to 1 hour to process. The company has determined that the number of media files awaiting processing is significantly higher during business hours, with the number of files rapidly declining after business hours. What is the MOST cost-effective migration recommendation?
An online e-commerce business is running a workload on AWS. The application architecture includes a web tier, an application tier for business logic, and a database tier for user and transactional data management. The database server has a 100 GB memory requirement. The business requires cost-efficient disaster recovery for the application with an RTO of 5 minutes and an RPO of 1 hour. The business also has a regulatory for out-of-region disaster recovery with a minimum distance between the primary and alternate sites of 250 miles. Which of the following options can the Solutions Architect design to create a comprehensive solution for this customer that meets the disaster recovery requirements?
A company’s processing team has an AWS account with a production application. The application runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are hosted in private subnets in a VPC in the eu- west- 1 Region. The VPC was assigned the CIDR block of 10.0.0.0/16. The billing team recently created a new AWS account and deployed an application on EC2 instances that are hosted in private subnets in a VPC in the eu-central-1 Region. The new VPC is assigned the CIDR block of 10.0.0.0/16. The processing application needs to securely communicate with the billing application over a proprietary TCP port. What should a solutions architect do to meet this requirement with the LEAST amount of operational effort?
For AWS CloudFormation, which stack state refuses UpdateStack calls?
A Solutions Architect is migrating a 10 TB PostgreSQL database to Amazon RDS for PostgreSQL. The company’s internet link is 50 MB with a VPN in the Amazon VPC, and the Solutions Architect needs to migrate the data and synchronize the changes before the cutover. The cutover must take place within an 8-day period. What is the LEAST complex method of migrating the database securely and reliably?
A company is hosting a critical application on a single Amazon EC2 instance. The application uses an Amazon ElastiCache for Redis single-node cluster for an in-memory data store. The application uses an Amazon RDS for MariaDB DB instance for a relational database. For the application to function, each piece of the infrastructure must be healthy and must be in an active state. A solutions architect needs to improve the application's architecture so that the infrastructure can automatically recover from failure with the least possible downtime. Which combination of steps will meet these requirements? (Select THREE.)
What is the maximum number of data points for an HTTP data request that a user can include in PutMetricRequest in theCloudWatch?
You have deployed a web application targeting a global audience across multiple AWS Regions under the domain name.example.com. You decide to use Route53 Latency-Based Routing to serve web requests to users from the region closest to the user. To provide business continuity in the event of server downtime you configure weighted record sets associated with two web servers in separate Availability Zones per region. Dunning a DR test you notice that when you disable all web servers in one of the regions Route53 does not automatically direct all users to the other region. What could be happening? (Choose two.)

Question 431

Report
Export
Collapse

What is a possible reason you would need to edit claims issued in a SAML token?

A.
The NameIdentifier claim cannot be the same as the username stored in AD.
A.
The NameIdentifier claim cannot be the same as the username stored in AD.
Answers
B.
Authentication fails consistently.
B.
Authentication fails consistently.
Answers
C.
The NameIdentifier claim cannot be the same as the claim URI.
C.
The NameIdentifier claim cannot be the same as the claim URI.
Answers
D.
The NameIdentifier claim must be the same as the username stored in AD.
D.
The NameIdentifier claim must be the same as the username stored in AD.
Answers
Suggested answer: A

Explanation:

The two reasons you would need to edit claims issued in a SAML token are:

The NameIdentifier claim cannot be the same as the username stored in AD, and The app requires a different set of claim URIs.

Reference:

https://azure.microsoft.com/en-us/documentation/articles/active-directory-saml-claims-customization/

Question 432

Report
Export
Collapse

A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the subnet. Which of the below mentioned statements is true with respect to this scenario?

A.
The subnet to which the instances were launched with will be deleted
A.
The subnet to which the instances were launched with will be deleted
Answers
B.
When the user launches a new instance it cannot use the same subnet
B.
When the user launches a new instance it cannot use the same subnet
Answers
C.
The user cannot delete the VPC since the subnet is not deleted
C.
The user cannot delete the VPC since the subnet is not deleted
Answers
D.
Secondary network interfaces attached to the terminated instances may persist.
D.
Secondary network interfaces attached to the terminated instances may persist.
Answers
Suggested answer: D

Explanation:

A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he terminates the instance and deletes the network interface. By default, network interfaces that are automatically created and attached to instances using the console are set to terminate when the instance terminates. However, network interfaces created using the command line interface aren't set to terminate when the instance terminates.

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Question 433

Report
Export
Collapse

A team collects and routes behavioral data for an entire company. The company runs a Multi-AZ VPC environment with public subnets, private subnets, and in internet gateway. Each public subnet also contains a NAT gateway. Most of the company’s applications read from and write to Amazon Kinesis Data Streams. Most of the workloads run in private subnets. A solutions architect must review the infrastructure. The solution architect needs to reduce costs and maintain the function of the applications. The solutions architect uses Cost Explorer and notices that the cost in the EC2-Other category is consistently high. A further review shows that NatGateway-Bytes charges are increasing the cost in the EC2-Other category. What should the solutions architect do to meet these requirements?

A.
Enable VPC Flow Logs. Use Amazon Athena to analyze the logs for traffic that can be removed. Ensure that security groups are blocking traffic that is responsible for high costs.
A.
Enable VPC Flow Logs. Use Amazon Athena to analyze the logs for traffic that can be removed. Ensure that security groups are blocking traffic that is responsible for high costs.
Answers
B.
Add an interface VPC endpoint for Kinesis Data Streams to the VPC. Ensure that applications have the correct IAM permissions to use the interface VPC endpoint.
B.
Add an interface VPC endpoint for Kinesis Data Streams to the VPC. Ensure that applications have the correct IAM permissions to use the interface VPC endpoint.
Answers
C.
Enable VPC Flow Logs and Amazon Detective. Review Detective findings for traffic that is not related to Kinesis Data Streams. Configure security groups to block that traffic.
C.
Enable VPC Flow Logs and Amazon Detective. Review Detective findings for traffic that is not related to Kinesis Data Streams. Configure security groups to block that traffic.
Answers
D.
Add an interface VPC endpoint for Kinesis Data Streams to the VPC. Ensure that the VPC endpoint policy allows traffic from the applications.
D.
Add an interface VPC endpoint for Kinesis Data Streams to the VPC. Ensure that the VPC endpoint policy allows traffic from the applications.
Answers
Suggested answer: B

Question 434

Report
Export
Collapse

A company is running a .NET three-tier web application on AWS. The team currently uses XL storage optimized instances to store and serve the website’s image and video files on local instance storage. The company has encountered issues with data loss from replication and instance failures. The Solutions Architect has been asked to redesign this application to improve its reliability while keeping costs low. Which solution will meet these requirements?

A.
Set up a new Amazon EFS share, move all image and video files to this share, and then attach this new drive as a mount point to all existing servers. Create an Elastic Load Balancer with Auto Scaling general purpose instances. Enable Amazon CloudFront to the Elastic Load Balancer. Enable Cost Explorer and use AWS Trusted Advisor checks to continue monitoring the environment for future savings.
A.
Set up a new Amazon EFS share, move all image and video files to this share, and then attach this new drive as a mount point to all existing servers. Create an Elastic Load Balancer with Auto Scaling general purpose instances. Enable Amazon CloudFront to the Elastic Load Balancer. Enable Cost Explorer and use AWS Trusted Advisor checks to continue monitoring the environment for future savings.
Answers
B.
Implement Auto Scaling with general purpose instance types and an Elastic Load Balancer. Enable an Amazon CloudFront distribution to Amazon S3 and move images and video files to Amazon S3. Reserve general purpose instances to meet base performance requirements. Use Cost Explorer and AWS Trusted Advisor checks to continue monitoring the environment for future savings.
B.
Implement Auto Scaling with general purpose instance types and an Elastic Load Balancer. Enable an Amazon CloudFront distribution to Amazon S3 and move images and video files to Amazon S3. Reserve general purpose instances to meet base performance requirements. Use Cost Explorer and AWS Trusted Advisor checks to continue monitoring the environment for future savings.
Answers
C.
Move the entire website to Amazon S3 using the S3 website hosting feature. Remove all the web servers and have Amazon S3 communicate directly with the application servers in Amazon VPC.
C.
Move the entire website to Amazon S3 using the S3 website hosting feature. Remove all the web servers and have Amazon S3 communicate directly with the application servers in Amazon VPC.
Answers
D.
Use AWS Elastic Beanstalk to deploy the .NET application. Move all images and video files to Amazon EFS. Create an Amazon CloudFront distribution that points to the EFS share. Reserve the m4.4xl instances needed to meet base performance requirements.
D.
Use AWS Elastic Beanstalk to deploy the .NET application. Move all images and video files to Amazon EFS. Create an Amazon CloudFront distribution that points to the EFS share. Reserve the m4.4xl instances needed to meet base performance requirements.
Answers
Suggested answer: B

Question 435

Report
Export
Collapse

An AWS customer is deploying an application mat is composed of an AutoScaling group of EC2 Instances. The customers security policy requires that every outbound connection from these instances to any other service within the customers Virtual Private Cloud must be authenticated using a unique x 509 certificate that contains the specific instance-id.

In addition, an x 509 certificates must Designed by the customer's Key management service in order to be trusted for authentication. Which of the following configurations will support these requirements?

A.
Configure an IAM Role that grants access to an Amazon S3 object containing a signed certificate and configure the Auto Scaling group to launch instances with this role. Have the instances bootstrap get the certificate from Amazon S3 upon first boot.
A.
Configure an IAM Role that grants access to an Amazon S3 object containing a signed certificate and configure the Auto Scaling group to launch instances with this role. Have the instances bootstrap get the certificate from Amazon S3 upon first boot.
Answers
B.
Embed a certificate into the Amazon Machine Image that is used by the Auto Scaling group. Have the launched instances generate a certificate signature request with the instance's assigned instanceid to the key management service for signature.
B.
Embed a certificate into the Amazon Machine Image that is used by the Auto Scaling group. Have the launched instances generate a certificate signature request with the instance's assigned instanceid to the key management service for signature.
Answers
C.
Configure the Auto Scaling group to send an SNS notification of the launch of a new instance to the trusted key management service. Have the Key management service generate a signed certificate and send it directly to the newly launched instance.
C.
Configure the Auto Scaling group to send an SNS notification of the launch of a new instance to the trusted key management service. Have the Key management service generate a signed certificate and send it directly to the newly launched instance.
Answers
D.
Configure the launched instances to generate a new certificate upon first boot. Have the Key management service poll the Auto Scaling group for associated instances and send new instances a certificate signature (hat contains the specific instance-id.
D.
Configure the launched instances to generate a new certificate upon first boot. Have the Key management service poll the Auto Scaling group for associated instances and send new instances a certificate signature (hat contains the specific instance-id.
Answers
Suggested answer: A

Question 436

Report
Export
Collapse

Can a Direct Connect link be connected directly to the Internet?

A.
Yes, this can be done if you pay for it.
A.
Yes, this can be done if you pay for it.
Answers
B.
Yes, this can be done only for certain regions.
B.
Yes, this can be done only for certain regions.
Answers
C.
Yes
C.
Yes
Answers
D.
No
D.
No
Answers
Suggested answer: D

Explanation:

AWS Direct Connect is a network service that provides an alternative to using the Internet to utilize AWS cloud service. Hence, a Direct Connect link cannot be connected to the Internet directly.

Reference: http://aws.amazon.com/directconnect/faqs/

Question 437

Report
Export
Collapse

Which system is used by Amazon Machine Images paravirtual (PV) virtualization during the boot process?

A.
PV-BOOT
A.
PV-BOOT
Answers
B.
PV-AMI
B.
PV-AMI
Answers
C.
PV-WORM
C.
PV-WORM
Answers
D.
PV-GRUB
D.
PV-GRUB
Answers
Suggested answer: D

Explanation:

Amazon Machine Images that use paravirtual (PV) virtualization use a system called PV-GRUB during the boot process. PVGRUB is a paravirtual boot loader that runs a patched version of GNU GRUB 0.97. When you start an instance, PV- GRUB starts the boot process and then chain loads the kernel specified by your image's menu.lst file.

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedKernels.html

Question 438

Report
Export
Collapse

An organization is planning to host a web application in the AWS VPC. The organization does not want to host a database in the public cloud due to statutory requirements. How can the organization setup in this scenario?

A.
The organization should plan the app server on the public subnet and database in the organization's data center and connect them with the VPN gateway.
A.
The organization should plan the app server on the public subnet and database in the organization's data center and connect them with the VPN gateway.
Answers
B.
The organization should plan the app server on the public subnet and use RDS with the private subnet for a secure data operation.
B.
The organization should plan the app server on the public subnet and use RDS with the private subnet for a secure data operation.
Answers
C.
The organization should use the public subnet for the app server and use RDS with a storage gateway to access as well as sync the data securely from the local data center.
C.
The organization should use the public subnet for the app server and use RDS with a storage gateway to access as well as sync the data securely from the local data center.
Answers
D.
The organization should plan the app server on the public subnet and database in a private subnet so it will not be in the public cloud.
D.
The organization should plan the app server on the public subnet and database in a private subnet so it will not be in the public cloud.
Answers
Suggested answer: A

Explanation:

A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all the traffic of the VPN subnet. If the virtual private gateway is attached with VPC and the user deletes the VPC from the console it will first automatically detach the gateway and only then delete the VPC.

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

Question 439

Report
Export
Collapse

In the Amazon RDS Oracle DB engine, the Database Diagnostic Pack and the Database Tuning Pack are only available with __________.

A.
Oracle Standard Edition
A.
Oracle Standard Edition
Answers
B.
Oracle Express Edition
B.
Oracle Express Edition
Answers
C.
Oracle Enterprise Edition
C.
Oracle Enterprise Edition
Answers
D.
None of these
D.
None of these
Answers
Suggested answer: C

Explanation:

Reference:

https://blog.pythian.com/a-most-simple-cloud-is-amazon-rds-for-oracle-right-for-you/

Question 440

Report
Export
Collapse

Which of the following is true while using an IAM role to grant permissions to applications running on Amazon EC2 instances?

A.
All applications on the instance share the same role, but different permissions.
A.
All applications on the instance share the same role, but different permissions.
Answers
B.
All applications on the instance share multiple roles and permissions.
B.
All applications on the instance share multiple roles and permissions.
Answers
C.
Multiple roles are assigned to an EC2 instance at a time.
C.
Multiple roles are assigned to an EC2 instance at a time.
Answers
D.
Only one role can be assigned to an EC2 instance at a time.
D.
Only one role can be assigned to an EC2 instance at a time.
Answers
Suggested answer: D

Explanation:

Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.

Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/role-usecase-ec2app.html

Total 906 questions
Go to page: of 91
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms