SAP-C02 Exam Dumps - AWS Certified Solutions Architect - Professional

Searching for workable clues to ace the Amazon Web Services SAP-C02 Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s SAP-C02 PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:

Question # 153

Question:

A company runs a Linux app on Amazon EKS usingM6iEC2 instances under a Savings Plan that is about to expire. They want toreduce costsafter expiration.

Rebuild containers forARM64architecture.

Rebuild containers for container compatibility (invalid/unclear).

Migrate EKS nodes toGraviton(e.g., C7g, M7g).

Replace nodes with latestx86_64instances.

Purchase new Savings Plan for Graviton instance family.

Purchase new Savings Plan for x86_64 instances.

Full Access

Question # 154

A public retail web application uses an Application Load Balancer (ALB) in front of Amazon EC2 instances running across multiple Availability Zones (AZs) in a Region backed by an Amazon RDS MySQL Multi-AZ deployment. Target group health checks are configured to use HTTP and pointed at the product catalog page. Auto Scaling is configured to maintain the web fleet size based on the ALB health check.

Recently, the application experienced an outage. Auto Scaling continuously replaced the instances during the outage. A subsequent investigation determined that the web server metrics were within the normal range, but the database tier was experiencing high toad, resulting in severely elevated query response times.

Which of the following changes together would remediate these issues while improving monitoring capabilities for the availability and functionality of the entire application stack for future growth? (Select TWO.)

Configure read replicas for Amazon RDS MySQL and use the single reader endpoint in the web application to reduce the load on the backend database tier.

Configure the target group health check to point at a simple HTML page instead of a product catalog page and the Amazon Route 53 health check against the product page to evaluate full application functionality. Configure Ama7on CloudWatch alarms to notify administrators when the site fails.

Configure the target group health check to use a TCP check of the Amazon EC2 web server and the Amazon Route S3 health check against the product page to evaluate full application functionality. Configure Amazon CloudWatch alarms to notify administrators when the site fails.

Configure an Amazon CtoudWatch alarm for Amazon RDS with an action to recover a high-load, impaired RDS instance in the database tier.

Configure an Amazon Elastic ache cluster and place it between the web application and RDS MySQL instances to reduce the load on the backend database tier.

Full Access

Question # 155

A company is building an application on Amazon EMR to analyze data. The following user groups need to perform different actions:

â€¢ Administrator: Provision EMR clusters from different configurations.

â€¢ Data engineer: Create an EMR cluster from a small set of available configurations. Run ETL scripts to process data.

â€¢ Data analyst: Create an EMR cluster with a specific configuration. Run SQL queries and Apache Hive queries on the data.

A solutions architect must design a solution that gives each group the ability to launch only its authorized EMR configurations. The solution must provide the groups with least privilege access to only the resources that they need. The solution also must provide tagging for all resources that the groups create.

Which solution will meet these requirements?

Configure AWS Service Catalog to control the Amazon EMR versions available for deployment, the cluster configurations, and the permissions for each user group.

Configure Kerberos-based authentication for EMR clusters when the EMR clusters launch. Specify a Kerberos security configuration and cluster-specific Kerberos options.

Create IAM roles for each user group. Attach policies to the roles to define allowed actions for users. Create an AWS Config rule to check for noncompliant resources. Configure the rule to notify the company to address noncompliant resources.

Use AWS CloudFormation to launch EMR clusters with attached resource policies. Create an AWS Config rule to check for noncompliant resources. Configure the rule to notify the company to address noncompliant resources.

Full Access

Question # 156

A company operates a static content distribution platform that serves customers globally. The customers consume content from their own AWS accounts.

The company serves its content from an Amazon S3 bucket. The company uploads the content from its on-premises environment to the S3 bucket by using an S3 File Gateway.

The company wants to improve the platform's performance and reliability by serving content from the AWS Region that is geographically closest to customers. The company must route the on-premises data to Amazon S3 with minimal latency and without public internet exposure.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Select TWO.)

Implement S3 Multi-Region Access Points.

Use S3 Cross-Region Replication (CRR) to copy content to different Regions.

Create an AWS Lambda function that tracks the routing of clients to Regions.

Use an AWS Site-to-Site VPN connection to connect to a Multi-Region Access Point.

Use AWS PrivateLink and AWS Direct Connect to connect to a Multi-Region Access Point.

Full Access

Answer:

Explanation:

This explanation is based on AWS documentation and best practices but is paraphrased, not a literal extract.

The company needs two things:

To serve static content from the AWS Region geographically closest to each customer.

To send data from on premises to Amazon S3 with minimal latency and without traversing the public internet, while keeping operational overhead low.

S3 Multi-Region Access Points provide a single global endpoint that fronts multiple S3 buckets in different Regions. Multi-Region Access Points use latency-based routing and failover capabilities to direct client requests automatically to the closest healthy Regional S3 bucket that is part of the Multi-Region Access Point. This directly addresses the requirement to serve content from the closest Region with high performance and reliability, and it avoids the need to build and maintain custom routing logic.

Behind the scenes, S3 Multi-Region Access Points rely on S3 Replication between the Regional buckets that participate in the Multi-Region Access Point. When you configure a Multi-Region Access Point, you set up the participating buckets and replication configuration once; AWS then manages routing and failover, reducing operational overhead compared to manually configuring and managing multiple S3 endpoints and application logic.

For the on-premises environment, the company wants to send data to S3 with minimal latency and without using the public internet. AWS Direct Connect provides a dedicated network connection from the on-premises network into AWS, avoiding the public internet and generally providing lower and more consistent latency. AWS PrivateLink allows private connectivity to supported AWS services (such as S3 Multi-Region Access Points via interface endpoints) from within a VPC using private IP addresses. When you combine Direct Connect with PrivateLink, traffic flows from on-premises over a private dedicated connection into a VPC and then privately to the Multi-Region Access Point through an interface VPC endpoint, satisfying the requirement for no public internet exposure.

Therefore, implementing S3 Multi-Region Access Points (option A) addresses the global content serving and Regional routing, and using AWS PrivateLink together with AWS Direct Connect (option E) provides low-latency, private network connectivity from on premises to the Multi-Region Access Point with minimal operational overhead.

Option B, S3 Cross-Region Replication alone, would replicate data across Regions but would not automatically route customers to the closest Region; application changes and manual routing would be required, increasing operational overhead.

Option C would require building and maintaining a custom Lambda-based routing system, which is unnecessary when S3 Multi-Region Access Points provide managed routing and failover.

Option D, AWS Site-to-Site VPN, encrypts traffic over the public internet; it does not satisfy the explicit requirement to avoid public internet exposure and typically has less predictable latency than Direct Connect.

[References:AWS documentation on Amazon S3 Multi-Region Access Points, including latency-based routing and built-in replication between Regional buckets.AWS Direct Connect documentation describing private, dedicated connectivity from on-premises to AWS to reduce latency and avoid public internet exposure.AWS PrivateLink documentation describing access to supported services over private IP addresses via interface VPC endpoints.]

Question # 157

A company hosts a software as a service (SaaS) solution on AWS. The solution has an Amazon API Gateway API that serves an HTTPS endpoint. The API uses AWS Lambda functions for compute. The Lambda functions store data in an Amazon Aurora Serverless VI database.

The company used the AWS Serverless Application Model (AWS SAM) to deploy the solution. The solution extends across multiple Availability Zones and has nodisaster recovery (DR) plan.

A solutions architect must design a DR strategy that can recover the solution in another AWS Region. The solution has an R TO of 5 minutes and an RPO of 1 minute.

What should the solutions architect do to meet these requirements?

Create a read replica of the Aurora Serverless VI database in the target Region. Use AWS SAM to create a runbook to deploy the solution to the target Region. Promote the read replica to primary in case of disaster.

Change the Aurora Serverless VI database to a standard Aurora MySQL global database that extends across the source Region and the target Region. Use AWS SAM to create a runbook to deploy the solution to the target Region.

Create an Aurora Serverless VI DB cluster that has multiple writer instances in the target Region. Launch the solution in the target Region. Configure the two Regional solutions to work in an active-passive configuration.

Change the Aurora Serverless VI database to a standard Aurora MySQL global database that extends across the source Region and the target Region. Launch the solution in the target Region. Configure the two Regional solutions to work in an active-passive configuration.

Full Access

Question # 158

A company has an organization in AWS Organizations. The company is using AWS Control Tower to deploy a landing zone for the organization. The company wants to implement governance and policy enforcement. The company must implement a policy that will detect Amazon RDS DB instances that are not encrypted at rest in the companyâ€™s production OU.

Which solution will meet this requirement?

Turn on mandatory guardrails in AWS Control Tower. Apply the mandatory guardrails to the production OU.

Enable the appropriate guardrail from the list of strongly recommended guardrails in AWS Control Tower. Apply the guardrail to the production OU.

Use AWS Config to create a new mandatory guardrail. Apply the rule to all accounts in the production OU.

Create a custom SCP in AWS Control Tower. Apply the SCP to the production OU.

Full Access

Question # 159

A company operates a fleet of servers on premises and operates a fleet of Amazon EC2 instances in its organization in AWS Organizations. The company's AWS accounts contain hundreds of VPCs. The company wants to connect its AWS accounts to its on-premises network. AWS Site-to-Site VPN connections are already established to a single AWS account. The company wants to control which VPCs can communicate with other VPCs.

Which combination of steps will achieve this level of control with the LEAST operational effort? (Choose three.)

Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).

Configure attachments to all VPCs and VPNs.

Set up transit gateway route tables. Associate the VPCs and VPNs with the route tables.

Configure VPC peering between the VPCs.

Configure attachments between the VPCs and VPNs.

Set up route tables on the VPCs and VPNs.

Full Access

Question # 160

A financial company is planning to migrate its web application from on premises to AWS. The company uses a third-party security tool to monitor the inbound traffic to the application. The company has used the security tool for the last 15 years, and the tool has no cloud solutions available from its vendor. The company's security team is concerned about how to integrate the security tool with AWS technology.

The company plans to deploy the application migration to AWS on Amazon EC2 instances. The EC2 instances will run in an Auto Scaling group in a dedicated VPC. The company needs to use the security tool to inspect all packets that come in and out of the VPC. This inspection must occur in real time and must not affect the application's performance. A solutions architect must design a target architecture on AWS that is highly available within an AWS Region.

Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

Deploy the security tool on EC2 instances in a new Auto Scaling group in the existing VPC.

Deploy the web application behind a Network Load Balancer.

Deploy an Application Load Balancer in front of the security tool instances.

Provision a Gateway Load Balancer for each Availability Zone to redirect the traffic to the security tool.

Provision a transit gateway to facilitate communication between VPCs.

Full Access