ExamGecko
Search Search Login
Home Home / Amazon / SAP-C01

Amazon SAP-C01 Practice Test - Questions Answers, Page 70

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A medical company is building a data lake on Amazon S3. The data must be encrypted in transit and at rest. The data must remain protected even if S3 bucket is inadvertently made public. Which combination of steps will meet these requirements? (Choose three.)
A company is developing a gene reporting device that will collect genomic information to assist researchers will collecting large samples of data from a diverse population. The device will push 8 KB of genomic data every second to a data platform that will need to process and analyze the data and provide information back to researchers. The data platform must meet the following requirements: Provide near-real-time analytics of the inbound genomic data Ensure the data is flexible, parallel, and durable Deliver results of processing to a data warehouse Which strategy should a solutions architect use to meet these requirements?
A solutions architect needs to advise a company on how to migrate its on-premises data processing application to the AWS Cloud. Currently, users upload input files through a web portal. The web server then stores the uploaded files on NAS and messages the processing server over a message queue. Each media file can take up to 1 hour to process. The company has determined that the number of media files awaiting processing is significantly higher during business hours, with the number of files rapidly declining after business hours. What is the MOST cost-effective migration recommendation?
An online e-commerce business is running a workload on AWS. The application architecture includes a web tier, an application tier for business logic, and a database tier for user and transactional data management. The database server has a 100 GB memory requirement. The business requires cost-efficient disaster recovery for the application with an RTO of 5 minutes and an RPO of 1 hour. The business also has a regulatory for out-of-region disaster recovery with a minimum distance between the primary and alternate sites of 250 miles. Which of the following options can the Solutions Architect design to create a comprehensive solution for this customer that meets the disaster recovery requirements?
For AWS CloudFormation, which stack state refuses UpdateStack calls?
A Solutions Architect is migrating a 10 TB PostgreSQL database to Amazon RDS for PostgreSQL. The company’s internet link is 50 MB with a VPN in the Amazon VPC, and the Solutions Architect needs to migrate the data and synchronize the changes before the cutover. The cutover must take place within an 8-day period. What is the LEAST complex method of migrating the database securely and reliably?
A company’s processing team has an AWS account with a production application. The application runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are hosted in private subnets in a VPC in the eu- west- 1 Region. The VPC was assigned the CIDR block of 10.0.0.0/16. The billing team recently created a new AWS account and deployed an application on EC2 instances that are hosted in private subnets in a VPC in the eu-central-1 Region. The new VPC is assigned the CIDR block of 10.0.0.0/16. The processing application needs to securely communicate with the billing application over a proprietary TCP port. What should a solutions architect do to meet this requirement with the LEAST amount of operational effort?
A company is hosting a critical application on a single Amazon EC2 instance. The application uses an Amazon ElastiCache for Redis single-node cluster for an in-memory data store. The application uses an Amazon RDS for MariaDB DB instance for a relational database. For the application to function, each piece of the infrastructure must be healthy and must be in an active state. A solutions architect needs to improve the application's architecture so that the infrastructure can automatically recover from failure with the least possible downtime. Which combination of steps will meet these requirements? (Select THREE.)
What is the maximum number of data points for an HTTP data request that a user can include in PutMetricRequest in theCloudWatch?
You have deployed a web application targeting a global audience across multiple AWS Regions under the domain name.example.com. You decide to use Route53 Latency-Based Routing to serve web requests to users from the region closest to the user. To provide business continuity in the event of server downtime you configure weighted record sets associated with two web servers in separate Availability Zones per region. Dunning a DR test you notice that when you disable all web servers in one of the regions Route53 does not automatically direct all users to the other region. What could be happening? (Choose two.)

Question 691

Report
Export
Collapse

A company provides auction services for artwork and has users across North America and Europe. The company hosts its application in Amazon EC2 instances in the us-east-1 Region. Artists upload photos of their work as large-size, highresolution image files from their mobile phones to a centralized Amazon S3 bucket created in the us-east-1 Region. The users in Europe are reporting slow performance for their image uploads. How can a solutions architect improve the performance of the image upload process?

A.
Redeploy the application to use S3 multipart uploads.
A.
Redeploy the application to use S3 multipart uploads.
Answers
B.
Create an Amazon CloudFront distribution and point to the application as a custom origin.
B.
Create an Amazon CloudFront distribution and point to the application as a custom origin.
Answers
C.
Configure the buckets to use S3 Transfer Acceleration.
C.
Configure the buckets to use S3 Transfer Acceleration.
Answers
D.
Create an Auto Scaling group for the EC2 instances and create a scaling policy.
D.
Create an Auto Scaling group for the EC2 instances and create a scaling policy.
Answers
Suggested answer: C

Question 692

Report
Export
Collapse

True or false: In a CloudFormation template, you can reuse the same logical ID several times to reference the resources in other parts of the template.

A.
True, a logical ID can be used several times to reference the resources in other parts of the template.
A.
True, a logical ID can be used several times to reference the resources in other parts of the template.
Answers
B.
False, a logical ID must be unique within the template.
B.
False, a logical ID must be unique within the template.
Answers
C.
False, you can mention a resource only once and you cannot reference it in other parts of a template.
C.
False, you can mention a resource only once and you cannot reference it in other parts of a template.
Answers
D.
False, you cannot reference other parts of the template.
D.
False, you cannot reference other parts of the template.
Answers
Suggested answer: B

Explanation:

In AWS CloudFormation, the logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. You use the logical name to reference the resource in other parts of the template.

Reference: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/concept-resources.html

Question 693

Report
Export
Collapse

A customer is deploying an SSL enabled web application to AWS and would like to implement a separation of roles between the EC2 service administrators that are entitled to login to instances as well as making API calls and the security officers who will maintain and have exclusive access to the application’s X.509 certificate that contains the private key.

A.
Upload the certificate on an S3 bucket owned by the security officers and accessible only by EC2 Role of the web servers.
A.
Upload the certificate on an S3 bucket owned by the security officers and accessible only by EC2 Role of the web servers.
Answers
B.
Configure the web servers to retrieve the certificate upon boot from an CloudHSM is managed by the security officers.
B.
Configure the web servers to retrieve the certificate upon boot from an CloudHSM is managed by the security officers.
Answers
C.
Configure system permissions on the web servers to restrict access to the certificate only to the authority security officers
C.
Configure system permissions on the web servers to restrict access to the certificate only to the authority security officers
Answers
D.
Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.
D.
Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.
Answers
Suggested answer: D

Explanation:

You'll terminate the SSL at ELB. and the web request will get unencrypted to the EC2 instance, even if the certs are stored in S3, it has to be configured on the web servers or load balancers somehow, which becomes difficult if the keys are stored in S3. However, keeping the keys in the cert store and using IAM to restrict access gives a clear separation of concern between security officers and developers. Developer’s personnel can still configure SSL on ELB without actually handling the keys.

Question 694

Report
Export
Collapse

A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect must implement a solution that the company can use to share a common network across multiple accounts. The company’s infrastructure team has a dedicated infrastructure account that has a VPC. The infrastructure team must use this account to manage the network. Individual accounts cannot have the ability to manage their own networks. However, individual accounts must be able to create AWS resources within subnets.

Which combination of actions should the solutions architect perform to meet these requirements? (Choose two.)

A.
Create a transit gateway in the infrastructure account.
A.
Create a transit gateway in the infrastructure account.
Answers
B.
Enable resource sharing from the AWS Organizations management account.
B.
Enable resource sharing from the AWS Organizations management account.
Answers
C.
Create VPCs in each AWS account within the organization in AWS Organizations. Configure the VPCs to share the same CIDR range and subnets as the VPC in the infrastructure account. Peer the VPCs in each individual account with the VPC in the infrastructure account.
C.
Create VPCs in each AWS account within the organization in AWS Organizations. Configure the VPCs to share the same CIDR range and subnets as the VPC in the infrastructure account. Peer the VPCs in each individual account with the VPC in the infrastructure account.
Answers
D.
Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to associate with the resource share.
D.
Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to associate with the resource share.
Answers
E.
Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each prefix list to associate with the resource share.
E.
Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each prefix list to associate with the resource share.
Answers
Suggested answer: B, E

Question 695

Report
Export
Collapse

Identify a true statement about the statement ID (Sid) in IAM.

A.
You cannot expose the Sid in the IAM API.
A.
You cannot expose the Sid in the IAM API.
Answers
B.
You cannot use a Sid value as a sub-ID for a policy document's ID for services provided by SQS and SNS.
B.
You cannot use a Sid value as a sub-ID for a policy document's ID for services provided by SQS and SNS.
Answers
C.
You can expose the Sid in the IAM API.
C.
You can expose the Sid in the IAM API.
Answers
D.
You cannot assign a Sid value to each statement in a statement array.
D.
You cannot assign a Sid value to each statement in a statement array.
Answers
Suggested answer: A

Explanation:

The Sid (statement ID) is an optional identifier that you provide for the policy statement. You can assign a Sid a value to each statement in a statement array. In IAM, the Sid is not exposed in the IAM API. You can't retrieve a particular statement based on this ID.

Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Sid

Question 696

Report
Export
Collapse

A company’s processing team has an AWS account with a production application. The application runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are hosted in private subnets in a VPC in the eu- west- 1 Region. The VPC was assigned the CIDR block of 10.0.0.0/16. The billing team recently created a new AWS account and deployed an application on EC2 instances that are hosted in private subnets in a VPC in the eu-central-1 Region. The new VPC is assigned the CIDR block of 10.0.0.0/16.

The processing application needs to securely communicate with the billing application over a proprietary TCP port. What should a solutions architect do to meet this requirement with the LEAST amount of operational effort?

A.
In the billing team’s account, create a new VPC and subnets in eu-central-1 that use the CIDR block of 192.168.0.0/16. Redeploy the application to the new subnets. Configure a VPC peering connection between the two VPCs.
A.
In the billing team’s account, create a new VPC and subnets in eu-central-1 that use the CIDR block of 192.168.0.0/16. Redeploy the application to the new subnets. Configure a VPC peering connection between the two VPCs.
Answers
B.
In the processing team’s account, add an additional CIDR block of 192.168.0.0/16 to the VPC in eu-west-1. Restart each of the EC2 instances so that they obtain a new IP address. Configure an interRegion VPC peering connection between the two VPCs.
B.
In the processing team’s account, add an additional CIDR block of 192.168.0.0/16 to the VPC in eu-west-1. Restart each of the EC2 instances so that they obtain a new IP address. Configure an interRegion VPC peering connection between the two VPCs.
Answers
C.
In the billing team’s account, create a new VPC and subnets in eu-west-1 that use the CIDR block of 192.168.0.0/16. Create a VPC endpoint service (AWS PrivateLink) in the processing team’s account and an interface VPC endpoint in the new VPConfigure an inter-Region VPC peering connection in the billing team’s account between the two VPCs.
C.
In the billing team’s account, create a new VPC and subnets in eu-west-1 that use the CIDR block of 192.168.0.0/16. Create a VPC endpoint service (AWS PrivateLink) in the processing team’s account and an interface VPC endpoint in the new VPConfigure an inter-Region VPC peering connection in the billing team’s account between the two VPCs.
Answers
D.
In each account, create a new VPC with the CIDR blocks of 192.168.0.0/16 and 172.16.0.0/16. Create inter-Region VPC peering connections between the billing team’s VPCs and the processing team’s VPCs. Create gateway VPC endpoints to allow traffic to route between the VPCs.
D.
In each account, create a new VPC with the CIDR blocks of 192.168.0.0/16 and 172.16.0.0/16. Create inter-Region VPC peering connections between the billing team’s VPCs and the processing team’s VPCs. Create gateway VPC endpoints to allow traffic to route between the VPCs.
Answers
Suggested answer: A

Question 697

Report
Export
Collapse

A company is refactoring an existing web service that provides read and write access to structured data. The service must respond to short but significant spikes in the system load. The service must be fault tolerant across multiple AWS Regions.

Which actions should be taken to meet these requirements?

A.
Store the data in Amazon DocumentDB. Create a single global Amazon CloudFront distribution with a custom origin built on edge-optimized Amazon API Gateway and AWS Lambda. Assign the company’s domain as an alternate domain for the distribution, and configure Amazon Route 53 with an alias to the CloudFront distribution.
A.
Store the data in Amazon DocumentDB. Create a single global Amazon CloudFront distribution with a custom origin built on edge-optimized Amazon API Gateway and AWS Lambda. Assign the company’s domain as an alternate domain for the distribution, and configure Amazon Route 53 with an alias to the CloudFront distribution.
Answers
B.
Store the data in replicated Amazon S3 buckets in two Regions. Create an Amazon CloudFront distribution in each Region, with custom origins built on Amazon API Gateway and AWS Lambda launched in each Region. Assign the company’s domain as an alternate domain for both distributions, and configure Amazon Route 53 with a failover routing policy between them.
B.
Store the data in replicated Amazon S3 buckets in two Regions. Create an Amazon CloudFront distribution in each Region, with custom origins built on Amazon API Gateway and AWS Lambda launched in each Region. Assign the company’s domain as an alternate domain for both distributions, and configure Amazon Route 53 with a failover routing policy between them.
Answers
C.
Store the data in an Amazon DynamoDB global table in two Regions using on-demand capacity mode. In both Regions, run the web service as Amazon ECS Fargate tasks in an Auto Scaling ECS service behind an Application Load Balancer (ALB). In Amazon Route 53, configure an alias record in the company’s domain and a Route 53 latency-based routing policy with health checks to distribute traffic between the two ALBs.
C.
Store the data in an Amazon DynamoDB global table in two Regions using on-demand capacity mode. In both Regions, run the web service as Amazon ECS Fargate tasks in an Auto Scaling ECS service behind an Application Load Balancer (ALB). In Amazon Route 53, configure an alias record in the company’s domain and a Route 53 latency-based routing policy with health checks to distribute traffic between the two ALBs.
Answers
D.
Store the data in Amazon Aurora global databases. Add Auto Scaling replicas to both Regions. Run the web service on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer in each Region. Configure the instances to download the web service code in the user data. In Amazon Route 53, configure an alias record for the company’s domain and a multi-value routing policy
D.
Store the data in Amazon Aurora global databases. Add Auto Scaling replicas to both Regions. Run the web service on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer in each Region. Configure the instances to download the web service code in the user data. In Amazon Route 53, configure an alias record for the company’s domain and a multi-value routing policy
Answers
Suggested answer: A

Question 698

Report
Export
Collapse

While assigning a tag to an instance, which of the below mentioned options is not a valid tag key/value pair?

A.
ey : "aws" Value:"aws"
A.
ey : "aws" Value:"aws"
Answers
B.
Key: "aws:name" Value: "instanceAnswer: Aws
B.
Key: "aws:name" Value: "instanceAnswer: Aws
Answers
C.
Key: "Name :aws" Value: "instanceAnswer: Aws
C.
Key: "Name :aws" Value: "instanceAnswer: Aws
Answers
D.
Key : "nameAnswer: Aws" Value:"aws:instance
D.
Key : "nameAnswer: Aws" Value:"aws:instance
Answers
Suggested answer: B

Explanation:

In Amazon Web Services, to help manage EC2 instances as well their usage in a better way, the user can tag the instances. The tags are metadata assigned by the user which consists of a key and value. The tag key cannot have a prefix as "aws:", although it can have only "aws".

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html

Question 699

Report
Export
Collapse

A company requires that all internal application connectivity use private IP addresses. To facilitate this policy, a solutions architect has created interface endpoints to connect to AWS public services. Upon testing, the solutions architect notices that the service names are resolving to public IP addresses, and that internal services cannot connect to the interface endpoints. Which step should the solutions architect take to resolve this issue?

A.
Update the subnet route table with a route to the interface endpoint
A.
Update the subnet route table with a route to the interface endpoint
Answers
B.
Enable the private DNS option on the VPC attributes
B.
Enable the private DNS option on the VPC attributes
Answers
C.
Configure the security group on the interface endpoint to allow connectivity to the AWS services
C.
Configure the security group on the interface endpoint to allow connectivity to the AWS services
Answers
D.
Configure an Amazon Route 53 private hosted zone with a conditional forwarder for the internal application
D.
Configure an Amazon Route 53 private hosted zone with a conditional forwarder for the internal application
Answers
Suggested answer: B

Question 700

Report
Export
Collapse

A solutions architect is migrating an existing workload to AWS Fargate. The task can only run in a private subnet within the VPC where there is no direct connectivity from outside the system to the application. When the Fargate task is launched, the task fails with the following error:

CannotPullContainerError: API error (500): Get https://111122223333.dkr.ecr.us-east-1.amazonaws.com/v2/: net/http:request canceled while waiting for connectionHow should the solutions architect correct this error?

A.
Ensure the task is set to ENABLED for the auto-assign public IP setting when launching the task.
A.
Ensure the task is set to ENABLED for the auto-assign public IP setting when launching the task.
Answers
B.
Ensure the task is set to DISABLED for the auto-assign public IP setting when launching the task. Configure a NAT gateway in the public subnet in the VPC to route requests to the internet.
B.
Ensure the task is set to DISABLED for the auto-assign public IP setting when launching the task. Configure a NAT gateway in the public subnet in the VPC to route requests to the internet.
Answers
C.
Ensure the task is set to DISABLED for the auto-assign public IP setting when launching the task. Configure a NAT gateway in the private subnet in the VPC to route requests to the internet.
C.
Ensure the task is set to DISABLED for the auto-assign public IP setting when launching the task. Configure a NAT gateway in the private subnet in the VPC to route requests to the internet.
Answers
D.
Ensure the network mode is set to bridge in the Fargate task definition.
D.
Ensure the network mode is set to bridge in the Fargate task definition.
Answers
Suggested answer: C
Total 906 questions
Go to page: of 91
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms