AWS SAP-C01 Certification Exam Sample Questions

SAP-C01 Braindumps, SAP-C01 Exam Dumps, SAP-C01 Examcollection, SAP-C01 Questions PDF, SAP-C01 Sample Questions, AWS-SAP Dumps, AWS-SAP Official Cert Guide PDF, AWS-SAP VCEWe have prepared AWS Solutions Architect Professional (SAP-C01) certification sample questions to make you aware of actual exam properties. This sample question set provides you with information about the AWS-SAP exam pattern, question formate, a difficulty level of questions and time required to answer each question. To get familiar with AWS Certified Solutions Architect - Professional exam, we suggest you try our Sample AWS SAP-C01 Certification Practice Exam in simulated AWS certification exam environment.

To test your knowledge and understanding of concepts with real-time scenario based AWS SAP-C01 questions, we strongly recommend you to prepare and practice with Premium AWS-SAP Certification Practice Exam. The premium AWS-SAP certification practice exam helps you identify topics in which you are well prepared and topics in which you may need further training to achieving great score in actual AWS Certified Solutions Architect - Professional exam.

AWS SAP-C01 Sample Questions:

01. A company is launching a new web service on an Amazon ECS cluster. Company policy requires that the security group on the cluster instances block all inbound traffic but HTTPS (port 443).
The cluster consists of Amazon 100 EC2 instances. Security engineers are responsible for managing and updating the cluster instances. The security engineering team is small, so any management efforts must be minimized.
How can the service be designed to meet these operational requirements?
a) Change the SSH port to 2222 on the cluster instances with a user data script. Log in to each instance using SSH over port 2222.
b) Change the SSH port to 2222 on the cluster instances with a user data script. Use AWS Trusted Advisor to remotely manage the cluster instances over port 2222.
c) Launch the cluster instances with no SSH key pairs. Use the Amazon EC2 Systems Manager Run Command to remotely manage the cluster instances.
d) Launch the cluster instances with no SSH key pairs. Use AWS Trusted Advisor to remotely manage the cluster instances.
 
02. A company has multiple AWS accounts. The company has integrated its on-premises Active Directory (AD) with AWS SSO to grant AD users least privilege abilities to manage infrastructure across all the accounts.
A solutions architect must integrate a third-party monitoring solution that requires read-only access across all AWS accounts. The monitoring solutions will run in its own AWS account.
How can the monitoring solution be given the required permissions?
a) Create a user in an AWS SSO directory and assign a read-only permissions set. Assign all AWS accounts to be monitored to the new user. Provide the third-party monitoring solution with the user name and password.
b) Create an AWS IAM role in the organization's master account. Allow the AWS account of the third-party monitoring solution to assume the role.
c) Invite the AWS account of the third-party monitoring solution to join the organization. Enable all features.
d) Create an AWS CloudFormation template that defines a new AWS IAM role for the third-party monitoring solution with the account of the third party listed in the trust policy. Create the IAM role across all linked AWS accounts by using a stack set.
 
03. A company is migrating an Apache Hadoop cluster from its data center to AWS. The cluster consists of 60 VMware Linux virtual machines (VMs). During the migration cluster, downtime should be minimized.
Which process will minimize downtime?
a) Use the AWS Management Portal for vCenter to migrate the VMs to AWS as Amazon EC2 instances.
b) Use AWS SMS to migrate the VMs to AWS as AMIs. Launch the cluster on AWS as Amazon EC2 instances from the migrated AMIs.
c) Create OVA files of the VMs. Upload the OVA files to Amazon S3. Use VM Import/Export to create AMIs from the OVA files. Launch the cluster on AWS as Amazon EC2 instances from the AMIs.
d) Export the HDFS data from the VMs to a new Amazon Aurora database. Launch a new Hadoop cluster on Amazon EC2 instances. Import the data from the Aurora database to HDFS on the new cluster.
 
04. A team is building an HTML form hosted in a public Amazon S3 bucket. The form uses JavaScript to post data to an Amazon API Gateway endpoint. The endpoint is integrated with AWS Lambda functions. The team has tested each method in the API Gateway console and received valid responses.
Which combination of steps must be completed for the form to successfully post to the API Gateway and receive a valid response?
(Select TWO.)
a) Configure the S3 bucket to allow cross-origin resource sharing (CORS).
b) Host the form on Amazon EC2 rather than Amazon S3.
c) Request a limit increase for API Gateway.
d) Enable cross-origin resource sharing (CORS) in API Gateway.
e) Configure the S3 bucket for web hosting.
 
05. A retail company runs a serverless mobile app built on Amazon API Gateway, AWS Lambda, Amazon Cognito, and Amazon DynamoDB.
During heavy holiday traffic spikes, the company receives complaints of intermittent system failures. Developers find that the API Gateway endpoint is returning 502 Bad Gateway errors to seemingly valid requests.
Which method should address this issue?
a) Increase the concurrency limit for Lambda functions and configure notification alerts to be sent by Amazon CloudWatch when the ConcurrentExecutions metric approaches the limit.
b) Configure notification alerts for the limit of transactions per second on the API Gateway endpoint and create a Lambda function that will increase this limit, as needed.
c) Shard users to Amazon Cognito user pools in multiple regions to reduce user authentication latency.
d) Use DynamoDB strongly consistent reads to ensure the latest data is always returned to the client application.
 
06. A company has two AWS accounts: one for production workloads and one for development workloads. Creating and managing these workloads are a development team and an operations team.
The company needs a security strategy that meets the following requirements:
- Developers need to create and delete development application infrastructure.
- Operators need to create and delete both development and production application infrastructure.
- Developers should have no access to production infrastructure.
- All users should have a single set of AWS credentials.
What strategy meets these requirements?
a) In the development account:
- Create a development IAM group with the ability to create and delete application infrastructure.
- Create an IAM user for each operator and developer and assign them to the development group.
In the production account:
- Create an operations IAM group with the ability to create and delete application infrastructure.
- Create an IAM user for each operator and assign them to the operations group.
b) In the development account:
- Create a development IAM group with the ability to create and delete application infrastructure.
- Create an IAM user for each developer and assign them to the development group.
- Create an IAM user for each operator and assign them to the development group and the operations group in the production account.
In the production account:
- Create an operations IAM group with the ability to create and delete application infrastructure.
c) In the development account:
- Create a shared IAM role with the ability to create and delete application infrastructure in the production account.
- Create a development IAM group with the ability to create and delete application infrastructure.
- Create an operations IAM group with the ability to assume the shared role.
- Create an IAM user for each developer and assign them to the development group.
- Create an IAM user for each operator and assign them to the development group and the operations group.
d) In the development account:
- Create a development IAM group with the ability to create and delete application infrastructure.
- Create an operations IAM group with the ability to assume the shared role in the production account.
- Create an IAM user for each developer and assign them to the development group.
- Create an IAM user for each operator and assign them to the development group and the operations group.
In the production account:
- Create a shared IAM role with the ability to create and delete application infrastructure.
- Add the development account to the trust policy for the shared role.
 
07. A solutions architect needs to reduce costs for a big data application. The application environment consists of hundreds of devices that send events to Amazon Kinesis Data Streams. The device ID is used as the partition key, so each device gets a separate shard.
Each device sends between 50 KB and 450 KB of data per second. The shards are polled by an AWS Lambda function that processes the data and stores the result on Amazon S3. Every hour, an AWS Lambda function runs an Amazon Athena query against the result data that identifies any outliers and places them in an Amazon SQS queue.
An Amazon EC2 Auto Scaling group of two EC2 instances monitors the queue and runs a short (approximately 30-second) process to address the outliers. The devices submit an average of 10 outlying values every hour.
Which combination of changes to the application would MOST reduce costs?
(Select TWO.)
a) Change the Auto Scaling group launch configuration to use smaller instance types in the same instance family.
b) Replace the Auto Scaling group with an AWS Lambda function triggered by messages arriving in the Amazon SQS queue.
c) Reconfigure the devices and data stream to set a ratio of 10 devices to 1 data stream shard.
d) Reconfigure the devices and data stream to set a ratio of 2 devices to 1 data stream shard.
e) Change the desired capacity of the Auto Scaling group to a single EC2 instance.
 
08. An enterprise has a large number of AWS accounts owned by separate business groups. One of the accounts was recently compromised. The attacker launched a large number of instances, resulting in a high bill for that account.
The security breach was addressed, but management has asked a solutions architect to develop a solution to prevent excessive spending in all accounts. Each business group wants to retain full control over its AWS account.
Which solution should the solutions architect recommend to meet these requirements?
a) Use AWS Organizations to add each AWS account to the master account. Create a service control policy (SCP) that uses the ec2:instanceType condition key to prevent the launch of high-cost instance types in each account.
b) Attach a new customer-managed IAM policy to an IAM group in each account that uses the ec2:instanceType condition key to prevent the launch of high-cost instance types. Place all of the existing IAM users in each group.
c) Enable billing alerts on each AWS account. Create Amazon CloudWatch alarms that send an Amazon SNS notification to the account administrator whenever their account exceeds the spending budget.
d) Enable AWS Cost Explorer in each account. Regularly review the Cost Explorer reports for each account to ensure spending does not exceed the planned budget.
 
09. A company operates an ecommerce application on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones.
After an order is successfully processed, the application immediately posts order data to an external third-party affiliate tracking system that pays sales commissions for order referrals.
During a highly successful marketing promotion, the number of EC2 instances increased from 2 to 20. The application continued to work correctly, but the increased request rate overwhelmed the third-party affiliate and resulted in failed requests.
Which combination of architectural changes could ensure that the entire process functions correctly under load?
(Select TWO.)
a) Move the code that calls the affiliate to a new AWS Lambda function. Modify the application to invoke the Lambda function asynchronously.
b) Move the code that calls the affiliate to a new AWS Lambda function. Modify the application to place the order data in an Amazon SQS queue. Trigger the Lambda function from the queue.
c) Increase the timeout of the new AWS Lambda function.
d) Adjust the concurrency limit of the new AWS Lambda function.
e) Increase the memory of the new AWS Lambda function.
 
10. A web hosting company has enabled Amazon GuardDuty in every AWS Region for all of its accounts. A system administrator must create an automated response to high-severity events.
How should this be accomplished?
a) Create rules through VPC Flow Logs that trigger an AWS Lambda function that programmatically addresses the issue.
b) Create an AWS CloudWatch Events rule that triggers an AWS Lambda function that programmatically addresses the issue.
c) Configure AWS Trusted Advisor to trigger an AWS Lambda function that programmatically addresses the issue.
d) Configure AWS CloudTrail to trigger an AWS Lambda function that programmatically addresses the issue.

Answers:

Question: 01
Answer: c
Question: 02
Answer: d
Question: 03
Answer: b
Question: 04
Answer: d, e
Question: 05
Answer: a
Question: 06
Answer: d
Question: 07
Answer: b, d
Question: 08
Answer: c
Question: 09
Answer: b, d
Question: 10
Answer: b

Note: Please update us by writing an email on feedback@vmexam.com for any error in AWS Certified Solutions Architect - Professional certification exam sample questions

Your rating: None Rating: 4.9 / 5 (32 votes)