SAP-C02 Practice Online

Question 1

A company wants to deploy an AWS WAF solution to manage AWS WAF rules across multiple AWS accounts. The accounts are managed under different OUs in AWS Organizations. Administrators must be able to add or remove accounts or OUs from managed AWS WAF rule sets as needed Administrators also must have the ability to automatically update and remediate noncompliant AWS WAF rules in all accounts Which solution meets these requirements with the LEAST amount of operational overhead?

A : Use AWS Firewall Manager to manage AWS WAF rules across accounts in the organization. Use an AWS Systems Manager Parameter Store parameter to store account numbers and OUs to manage Update the parameter as needed to add or remove accounts or OUs Use an Amazon EventBridge (Amazon CloudWatch Events) rule to identify any changes to the parameter and to invoke an AWS Lambda function to update the security policy in the Firewall Manager administrative account

B : Deploy an organization-wide AWS Config rule that requires all resources in the selected OUs to associate the AWS WAF rules. Deploy automated remediation actions by using AWS Lambda to fix noncompliant resources Deploy AWS WAF rules by using an AWS CloudFormation stack set to target the same OUs where the AWS Config rule is applied.

C : Create AWS WAF rules in the management account of the organization Use AWS Lambda environment variables to store account numbers and OUs to manage Update environment variables as needed to add or remove accounts or OUs Create cross-account IAM roles in member accounts Assume the rotes by using AWS Security Token Service (AWS STS) in the Lambda function to create and update AWS WAF rules in the member accounts.

D : Use AWS Control Tower to manage AWS WAF rules across accounts in the organization Use AWS Key Management Service (AWS KMS) to store account numbers and OUs to manage Update AWS KMS as needed to add or remove accounts or OUs Create IAM users in member accounts Allow AWS Control Tower in the management account to use the access key and secret access key to create and update AWS WAF rules in the member accounts

Answer: D

Question 2

A company hosts its multi-tiered web application on a fleet of Auto Scaling EC2 instances spread across two Availability Zones. The Application Load Balancer is in the public subnets and the Amazon EC2 instances are in the private subnets. After a few weeks of operations, the users are reporting that the web application is not working properly. Upon testing, the Solutions Architect found that the website is accessible and the login is successful. However, when the “find a nearby store” function is clicked on the website, the map loads only about 50% of the time when the page is refreshed. This function involves a third-party RESTful API call to a maps provider. Amazon EC2 NAT instances are used for these outbound API calls.

Which of the following options are the MOST likely reason for this failure and the recommended solution?

A : This error is caused by failed NAT instance in one of the public subnets. Use NAT Gateways instead of EC2 NAT instances to ensure availability and scalability.

B : This error is caused by an overloaded NAT instance in one of the subnets. Scale the EC2 NAT instances to larger-sized instances to ensure that they can handle the growing traffic.

C : One of the subnets in the VPC has a misconfigured Network ACL that blocks outbound traffic to the third-party provider. Update the network ACL to allow this connection and configure IAM permissions to restrict these changes in the future.

D : The error is caused by a failure in one of their availability zones in the VPC of the third-party provider. Contact the third-party provider support hotline and request for them to fix it.

Answer: A

Question 3

A company uses a load balancer to distribute traffic to Amazon EC2 instances in a single Availability Zone. The company is concerned about security and wants a solutions architect to re-architect the solution to meet the following requirements: • Inbound requests must be filtered for common vulnerability attacks. • Rejected requests must be sent to a third-party auditing application. • All resources should be highly available. Which solution meets these requirements?

A : Configure a Multi-AZ Auto Scaling group using the application's AMI. Create an Application Load Balancer (ALB) and select the previously created Auto Scaling group as the target. Use Amazon Inspector to monitor traffic to the ALB and EC2 instances. Create a web ACL in WAF. Create an AWS WAF using the web ACL and ALB. Use an AWS Lambda function to frequently push the Amazon Inspector report to the third-party auditing application.

B : Configure an Application Load Balancer (ALB) and add the EC2 instances as targets Create a web ACL in WAF. Create an AWS WAF using the web ACL and ALB name and enable logging with Amazon CloudWatch Logs. Use an AWS Lambda function to frequently push the logs to the third-party auditing application.

C : Configure an Application Load Balancer (ALB) along with a target group adding the EC2 instances as targets. Create an Amazon Kinesis Data Firehose with the destination of the third-party auditing application. Create a web ACL in WAF. Create an AWS WAF using the web ACL and ALB then enable logging by selecting the Kinesis Data Firehose as the destination. Subscribe to AWS Managed Rules in AWS Marketplace, choosing the WAF as the subscriber.

D : Configure a Multi-AZ Auto Scaling group using the application's AMI. Create an Application Load Balancer (ALB) and select the previously created Auto Scaling group as the target. Create an Amazon Kinesis Data Firehose with a destination of the third-party auditing application. Create a web ACL in WAF. Create an AWS WAF using the WebACL and ALB then enable logging by selecting the Kinesis Data Firehose as the destination. Subscribe to AWS Managed Rules in AWS Marketplace, choosing the WAF as the subscriber.

Answer: D

Question 4

A company is collecting a large amount of data from a fleet of loT devices. Data is stored as Optimized Row

Columnar (ORC) files in the Hadoop Distributed File System (HDFS) on a persistent Amazon EMR cluster.

The company's data analytics team queries the data by using SQL in Apache Presto deployed on the same

EMR cluster Queries scan large amounts of data always run for less than 15 minutes, and run only between 5

PM and 10 PM.

The company is concerned about the high cost associated with the current solution A solutions architect must

propose the most cost-effective solution that will allow SQL data queries.

Which solution will meet these requirements?

A : Store data m Amazon S3 Use Amazon Redshift Spectrum to query data.

B : Store data m Amazon S3 Use the AWS Glue Data Catalog and Amazon Athena to query data.

C : Store data in EMR File System (EMRFS). Use Presto n Amazon EMR to query data.

D : Store data in Amazon Redshift Use Amazon Redshift to query data

Answer: D

Question 5

A FinTech startup has recently consolidated its multiple AWS accounts using AWS Organizations. It currently has two teams in its organization, a security team and a development team. The former is responsible for protecting their cloud infrastructure and making sure that all of their resources are compliant, while the latter is responsible for developing new applications that are deployed to EC2 instances. The security team is required to set up a system that will check if all of the running EC2 instances are using an approved AMI. However, the solution should not stop the development team from deploying an EC2 instance running on a non-approved AMI. The disruption is only allowed once the deployment has been completed. In addition, they have to set up a notification system that sends the compliance state of the resources to determine whether they are compliant.

Which of the following options is the most suitable solution that the security team should implement?

A : Set up a Trusted Advisor check that will verify whether the running EC2 instances in your VPCs are using approved AMIs. Create a CloudWatch alarm and integrate it with the Trusted Advisor metrics that will check all of the AMIs being used by your EC2 instances and that will send a notification if there is a running instance which uses an unapproved AMI

B : Create and assign an SCP and an IAM policy that restricts the AWS accounts and the development team from launching an EC2 instance using an unapproved AMI. Create a CloudWatch alarm that will automatically notify the security team if there are non-compliant EC2 instances running in their VPCs.

C : Use an AWS Config Managed Rule and specify a list of approved AMI IDs. This rule will check whether running EC2 instances are using specified AMIs. Configure AWS Config to stream configuration changes and notifications to an Amazon SNS topic which will send a notification for non-compliant instances.

D : Use the Amazon Inspector service to automatically check all of the AMIs that are being used by your EC2 instances. Set up an SNS topic that will send a notification to both the security and development teams if there is a non-compliant EC2 instance running in their VPCs.

Answer: C

Name:	AWS Certified Solutions Architect- Professional
Exam Code:	SAP-C02
Certification:	AWS Certified Professional
Vendor:	Amazon
Total Questions:	891
Last Updated:	Apr 25, 2024

Download Demo SAP-C02 Dumps

Create Account

Password Recovery

SAP-C02 Practice Online

Download Demo SAP-C02 Dumps

Member Login

Create Account

Password Recovery

SAP-C02 Practice Online