Amazon SAP-C02 Practice Test - Questions Answers, Page 48
Question list
List of questions
Related questions
A company is running a large containerized workload in the AWS Cloud. The workload consists of approximately 100 different services. The company uses Amazon Elastic Container Service (Amazon ECS) to orchestrate the workload.
Recently, the company's development team started using AWS Fargate instead of Amazon EC2 instances in the ECS cluster. In the past, the workload has come close to running the maximum number of EC2 instances that are available in the account.
The company is worried that the workload could reach the maximum number of ECS tasks that are allowed. A solutions architect must implement a solution that will notify the development team when Fargate reaches 80% of the maximum number of tasks.
What should the solutions architect do to meet this requirement?
Use Amazon CloudWatch to monitor the Sample Count statistic for each service in the ECS cluster. Set an alarm for when the math expression sample count/SERVICE_QUOTA(service)'100 is greater than 80. Notify the development team by using Amazon Simple Notification Service (Amazon SNS).
Use Amazon CloudWatch to monitor service quotas that are published under the AWS/Usage metric namespace. Set an alarm for when the math expression metric/SERVICE_QUOTA(metric)*100 is greater than 80. Notify the development team by using Amazon Simple Notification Service (Amazon SNS).
Create an AWS Lambda function to poll detailed metrics from the ECS cluster. When the number of running Fargate tasks is greater than 80, invoke Amazon Simple Email Service (Amazon SES) to notify the development team.
Create an AWS Config rule to evaluate whether the Fargate SERVICE_OUOTA is greater than 80. Use Amazon Simple Email Service (Amazon SES) to notify the development team when the AWS Config rule is not compliant.
A company has a new requirement to store all database backups in an isolated AWS account. The company is using AWS Organizations and has created a central write-once, read-many (WORM) account for the backups.
The company has 40 Amazon RDS tor MySQL databases in its production account. The databases are encrypted with the default RDS AWS Key Management Service (AWS KMS) key. RDS automated backups of the databases occur daily and have a retention period of 30 days.
Which solution will successfully copy the database backups to the central account?
Enable Organizations trusted access and backup policies for AWS Backup. Configure the central account as the delegated administrator for AWS Backup. Create 1AM policies and backup policies. Enable cross-account management. Create a backup vault in the central account. Create a KMS key for the backup vault and share the key with the production account. In the production account, restore the databases from a snapshot and apply the shared KMS key to the new DB instances. Create a backup plan in the central account to back up the databases to The backup vault.
Enable Organizations trusted access and backup policies for AWS Backup. Configure the central account as the delegated administrator for AWS Backup. Create 1AM policies and backup policies. Enable cross-account management. In the production account, share the default RDS KMS key with the central account. Create a backup vault in the central account. Apply the shared default RDS KMS key to the backup vault. Create a backup plan in the central account to back up the databases to the backup vault.
Create an Amazon EventBridge rule to invoke an AWS Lambda function every day. Program the Lambda function to decrypt the snapshots and to initiate a copy request of all unencrypted snapshots to the central account. After the copy job is complete, create a new KMS key. Use the new KMS key to encrypt the database snapshots in the central account.
Create an Amazon EventBridge rule to invoke an AWS Lambda function every day. In the production account, share the default RDS KMS key with the central account. Program the Lambda function to decrypt the snapshots and to initiate a copy request of all unencrypted snapshots to the central account. After the copy job is complete, encrypt the database snapshots with the shared default RDS KMS key in the central account.
A company has a single AWS account. The company runs workloads on Amazon EC2 instances in multiple VPCs in one AWS Region. The company also runs workloads in an on-premises data center that connects to the company's AWS account by using AWS Direct Connect.
The company needs all EC2 instances in the VPCs to resolve DNS queries tor the internal.company.com domain to the authoritative DNS server that is located in the on-premises data center. The solution must use private communication between the VPCs and the on-premises network. All route tables, network ACLs. and security groups are configured correctly between AWS and the on-premises data center.
Which combination of actions will meet these requirements? (Select THREE)
Create an Amazon Route 53 inbound endpoint in all the workload VPCs.
Create an Amazon Route 53 outbound endpoint in one of the workload VPCs.
Create an Amazon Route 53 Resolver rule with the Forward type configured to forward queries for internal.company.com for the on-premises DNS server.
Create an Amazon Route 53 Resolver rule with the System type configured to forward queries for internal.company.com to the on-premises DNS server.
Associate the Amazon Route 53 Resolver rule with all the workload VPCs.
Associate the Amazon Route 53 Resolver rule with the workload VPC with the new Route 53 endpoint.
A company is running several applications in the AWS Cloud. The applications are specific to separate business units in the company. The company is running the components of the applications in several AWS accounts that are in an organization in AWS Organizations.
Every cloud resource in the company's organization has a tag that is named BusinessUnit. Every lag already has the appropriate value of the business unit name.
The company needs to allocate its cloud costs to different business units. The company also needs to visualize the cloud costs for each business unit.
Which solution will meet these requirements?
In the organization's management account, create a cost allocation tag that is named BusinessUnit. Also in the management account, create an Amazon S3 bucket and an AWS Cost and Usage Report (AWS CUR). Configure the S3 bucket as the destination for the AWS CUR. From the management account, query the AWS CUR data by using Amazon Athena. Use Amazon QuickSight for visualization.
In each member account, create a cost allocation tag that is named BusinessUnit. In the organization's management account, create an Amazon S3 bucket and an AWS Cost and Usage Report (AWS CUR). Configure the S3 bucket as the destination for the AWS CUR. Create an Amazon CloudWatch dashboard for visualization.
In the organization's management account, create a cost allocation tag that is named BusinessUnit. In each member account, create an Amazon S3 bucket and an AWS Cost and Usage Report (AWS CUR). Configure each S3 bucket as the destination for its respective AWS CUR. In the management account, create an Amazon CloudWatch dashboard for visualization.
In each member account, create a cost allocation tag that is named BusinessUnit. Also in each member account, create an Amazon S3 bucket and an AWS Cost and Usage Report (AWS CUR). Configure each S3 bucket as the destination for its respective AWS CUR. From the management account, query the AWS CUR data by using Amazon Athena. Use Amazon QuickSight for visualization.
A company wants to create a single Amazon S3 bucket for its data scientists to store work-related documents. The company uses AWS 1AM Identity Center to authenticate all users. A group for the data scientists was created.
The company wants to give the data scientists access lo only their own work. The company also wants to create monthly reports that show which documents each user accessed.
Which combination of steps will meet these requirements? (Select TWO)
Create a custom 1AM Identity Center permission set to grant the data scientists access to an S3 bucket prefix that matches their username tag. Use a policy to limit access to paths with the S{aws:PrincipalTag/userName}/* condition.
Create an 1AM Identity Center role for the data scientists group that has Amazon S3 read access and write access. Add an S3 bucket policy that allows access to the 1AM Identity Center role.
Configure AWS CloudTrail to log S3 data events and deliver the logs to an S3 bucket. Use Amazon Athena to run queries on the CloudTrail logs in Amazon S3 and generate reports.
Configure AWS CloudTrail to log S3 management events to CloudWatch. Use Amazon Athena's CloudWatch connector to query the logs and generate reports.
Enable S3 access logging to EMR File System (EMRFS). Use Amazon S3 Select to query logs and generate reports.
A company hosts a public software as a service (SaaS) application on Amazon EC2 instances that run Linux. The EC2 instances are in multiple Availability Zones behind an Application Load Balancer. The application uses an Amazon RDS Multi-AZ database to store application data, including user sessions.
The company needs to minimize the latency that is involved in storing and accessing the user sessions.
Which solution will meet this requirement?
Create an Amazon S3 bucket. Store the user sessions in S3 Standard storage.
Create an Amazon FSx for Windows File Server volume. Mount the volume on each EC2 instance. Store the user sessions in the volume.
Create a Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume. Enable Multi-Attach. Attach the volume to each EC2 instance. Store the user sessions in the volume.
Create an Amazon ElastiCache for Redis cluster. Store the user sessions in the Redis cache.
A company is migrating a monolithic on-premises .NET Framework production application to AWS. Application demand will grow exponentially in the next 6 months. The company must ensure that the application can scale appropriately.
The application currently connects to a Microsoft SQL Server transactional database. The company has well-documented source code for the application. Some business logic is contained within stored procedures.
A solutions architect must recommend a solution to redesign the application to meet the growth in demand.
Which solution will meet this requirement MOST cost-effectively?
Use Amazon API Gateway APIs and Amazon EC2 Spot Instances to rehost the application with a scalable microservices architecture. Deploy the EC2 instances in a cluster placement group. Configure EC2 Auto Scaling. Store the data and stored procedures in Amazon RDS for SQL Server.
Use AWS Application Migration Service to migrate the application to AWS Elastic Beanstalk. Deploy Elastic Beanstalk packages to configure and deploy the application as microservices. Deploy Elastic Beanstalk across multiple Availability Zones and configure auto scaling. Store the data and stored procedures in Amazon RDS for MySQL.
Migrate the applications by using AWS App2Container. Use AWS Fargate in multiple AWS Regions to host the containers. Use Amazon API Gateway APIs and AWS Lambda functions to call the containers. Store the data and stored procedures in Amazon DynamoDB Accelerator (DAX).
Use Amazon API Gateway APIs and AWS Lambda functions to decouple the application into microservices. Use the AWS Schema Conversion Tool (AWS SCT) to review and modify the stored procedures. Store the data in Amazon Aurora Serverless v2.
A company is migrating its blog platform to AWS. The company's on-premises servers connect to AWS through an AWS Site-to-Site VPN connection. The blog content is updated several times a day by multiple authors and is served from a file share on a network-attached storage (NAS) server.
The company needs to migrate the blog platform without delaying the content updates. The company has deployed Amazon EC2 instances across multiple Availability Zones to run the blog platform behind an Application Load Balancer. The company also needs to move 200 TB of archival data from its on-premises servers to Amazon S3 as soon as possible.
Which combination of steps will meet these requirements? (Select TWO)
Create a weekly cron job in Amazon EventBridge. Use the cron job to invoke an AWS Lambda function to update the EC2 instances from the NAS server.
Configure an Amazon Elastic Block Store (Amazon EBS) Multi-Attach volume for the EC2 instances to share for content access. Write code to synchronize the EBS volume with the NAS server weekly.
Mount an Amazon Elastic File System (Amazon EFS) file system to the on-premises servers to act as the NAS server. Copy the blog data to the EPS file system. Mount the EFS file system to the EC2 instances to serve the content.
Order an AWS Snowball Edge Storage Optimized device. Copy the static data artifacts to the device. Ship the device to AWS.
Order an AWS Snowcone SSD device. Copy the static data artifacts to the device. Ship the device to AWS.
A company is designing its network configuration in the AWS Cloud. The company uses AWS Organizations to manage a multi-account setup. The company has three OUs. Each OU contains more than 100 AWS accounts. Each account has a single VPC. and all the VPCs in each OU are in the same AWS Region.
The CIDR ranges for all the AWS accounts do not overlap. The company needs to implement a solution in which VPCs in the same OU can communicate with each other but cannot communicate with VPCs in other OUs.
Which solution will meet these requirements with the LEAST operational overhead?
Create an AWS CloudFormation stack set that establishes VPC peering between accounts in each OU. Provision the stack set in each OU.
In each OU. create a dedicated networking account that has a single VPC. Share this VPC with all the other accounts in the OU by using AWS Resource Access Manager (AWS RAM). Create a VPC peering connection between the networking account and each account in the OU.
Provision a transit gateway in an account in each OU. Share the transit gateway across the organization by using AWS Resource Access Manager {AWS RAM). Create transit gateway VPC attachments for each VPC.
In each OU. create a dedicated networking account that has a single VPC. Establish a VPN connection between the networking account and the other accounts in the OU. Use third-party routing software to route transitive traffic between the VPCs.
A company is using AWS Cloud Formation as its deployment tool for all applications. It stages all application binaries and templates within Amazon S3 buckets with versioning enabled. Developers have access to an Amazon EC2 instance that hosts the integrated development environment (IDE). The developers download the application binaries from Amazon S3 to the EC2 instance, make changes, and upload the binaries to an S3 bucket after running the unit tests locally. The developers want to improve the existing deployment mechanism and implement CI/CD using AWS CodePipeline.
The developers have the following requirements:
* Use AWS CodeCommit for source control.
* Automate unit testing and security scanning.
* Alert the developers when unit tests fail.
* Turn application features on and off, and customize deployment dynamically as part of CI/CD. Have the lead developer provide approval before deploying an application.
Which solution will meet these requirements?
Use AWS CodeBuild to run unit tests and security scans. Use an Amazon EventBridge rule to send Amazon SNS alerts to the developers when unit tests fail. Write AWS Cloud Development Kit (AWS CDK) constructs for different solution features, and use a manifest file to turn features on and off in the AWS CDK application. Use a manual approval stage in the pipeline to allow the lead developer to approve applications.
Use AWS Lambda to run unit tests and security scans. Use Lambda in a subsequent stage in the pipeline to send Amazon SNS alerts to the developers when unit tests fail. Write AWS Amplify plugins for different solution features and utilize user prompts to turn features on and off. Use Amazon SES in the pipeline to allow the lead developer to approve applications.
Use Jenkins to run unit tests and security scans. Use an Amazon EventBridge rule in the pipeline to send Amazon SES alerts to the developers when unit tests fail. Use AWS CloudFormation nested stacks for different solution features and parameters to turn features on and off. Use AWS Lambda in the pipeline to allow the lead developer to approve applications.
Use AWS CodeDeploy to run unit tests and security scans. Use an Amazon CloudWatch alarm in the pipeline to send Amazon SNS alerts to the developers when unit tests fail. Use Docker images for different solution features and the AWS CLI to turn features on and off. Use a manual approval stage in the pipeline to allow the lead developer to approve applications.
Question