SAP-C02 Exam Dumps - AWS Certified Solutions Architect - Professional

Installing AWS Outposts for the applications that have data regulatory requirements or requirements for latency of single-digit milliseconds will provide a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises1. AWS Outposts allows customers to run some AWS services locally and connect to a broad range of services available in the local AWS Region1. Using AWS Snowball Edge Compute Optimized devices to host the workloads in the factory sites will provide local compute and storage resources for locations with limited network infrastructure2. AWS Snowball Edge devices can run Amazon EC2 instances and AWS Lambda functions locally and sync data with AWS when network connectivity is available2.

Deploy AWS DataSync Agent:

Install the DataSync agent on your on-premises environment. This can be done by downloading the agent as a virtual appliance and deploying it on VMware ESXi, Hyper-V, or KVM hypervisors.

Configure Source and Destination Locations:

Set up the source location pointing to your on-premises storage where the software images are currently stored.

Configure the destination location to point to your Amazon S3 bucket in the ap-northeast-1 Region.

Create and Schedule DataSync Tasks:

Create a DataSync task to automate the transfer process. This task will specify the source and destination locations and set options for how the data should be transferred.

Schedule the task to run at intervals that suit your data transfer requirements, ensuring new images are transferred as they are created.

Encryption in Transit:

AWS DataSync automatically encrypts data in transit using TLS, ensuring that your data is secure during the transfer process.

Monitoring and Management:

Use the DataSync console or the AWS CLI to monitor the progress of your data transfers and manage the tasks.

AWS DataSync is an efficient solution that automates and accelerates the process of transferring large amounts of data to AWS, handling encryption, data integrity checks, and optimizing network usage without requiring custom development.

References

AWS Storage Blog on DataSync【40】.

AWS DataSync Documentation【41】.

step function could run a scheduled task when triggered by eventbrige, but why would you add that layer of complexity just to run aws batch when you could directly invoke it through eventbridge. The link provided - https://aws.amazon.com/pt/blogs/compute/orchestrating-high- performance-computing-with-aws-step-functions-and-aws-batch/ makes sense only for HPC, this is a single instance that needs to be run

Enable AWS Security Hub:

Navigate to the AWS Security Hub console in your management account and enable Security Hub. This process integrates Security Hub with AWS Control Tower, allowing you to manage and monitor security findings across all accounts within your organization.

Designate a Delegated Administrator:

In AWS Organizations, designate one of the AWS accounts as the delegated administrator for Security Hub. This account will have the responsibility to manage and oversee the security posture of all accounts within the organization.

Deploy Controls Across Accounts:

Use AWS Security Hub to automatically enable security controls across all AWS accounts in the organization. This provides a centralized view of the security state of all accounts and ensures continuous monitoring and compliance.

Utilize AWS Security Hub Features:

Leverage the capabilities of Security Hub to aggregate security alerts, run continuous security checks, and generate findings based on the AWS Foundational Security Best Practices. Security Hub integrates with other AWS services like AWS Config, Amazon GuardDuty, and AWS IAM Access Analyzer to enhance security monitoring and remediation.

By integrating AWS Security Hub with AWS Control Tower and using a delegated administrator account, you can achieve a centralized and comprehensive view of your organization’s security posture, facilitating effective management and remediation of security issues.

References

AWS Security Hub now integrates with AWS Control Tower【77】

AWS Control Tower and Security Hub Integration【76】

AWS Security Hub Features【79】

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-overview-developer-experience.html

The correct answer is C. To add an existing standalone AWS account to an organization, the invitation must be initiated from the organization’s management account. The invited account then accepts the invitation. For accounts that are invited into an organization, the OrganizationAccountAccessRole role is not automatically created in the same way it is when an account is created through Organizations. AWS documentation explains that an equivalent administrator role can be created manually in the invited member account. Option A reverses the invitation flow. Option B is unnecessary because AWS Support is not required for the standard account invitation process. Option D is incomplete because a standalone account cannot independently configure itself as a member without accepting an invitation from the management account. (AWS Documentation)

===============

Taking a snapshot of the EBS volume using Amazon Data Lifecycle Manager (DLM) will meet the requirements because it allows you to create a backup of the volumewithout the need to access the instance or its SSH key pair. Additionally, DLM allows you to schedule the backups to occur at specific intervals and also enables you to copy the snapshots to an S3 bucket. This approach will not impact the running application as the backup is performed on the EBS volume level.

A is correct because AWS recommends using oneconnection alias per Region, associated witheach directory. Then, configure a Route 53 failover policy so that if the primary Region becomes unhealthy, users are directed to the failover Region automatically. “Evaluate Target Health” ensures automatic detection and failover.