• Home
  • Blogs
  • Updated PDF (New 2024) Actual Amazon SAP-C01 Exam Questions [Q134-Q156]

Updated PDF (New 2024) Actual Amazon SAP-C01 Exam Questions [Q134-Q156]

Share

Updated PDF (New 2024) Actual Amazon SAP-C01 Exam Questions

Verified SAP-C01 Exam Dumps PDF [2024] Access using Test4Sure


Amazon SAP-C01 Exam is one of the most highly regarded and sought-after certifications in the IT industry. It is designed for experienced professionals who have a deep understanding of AWS services and solutions, and who are looking to validate their skills and knowledge in designing and deploying AWS-based applications. SAP-C01 exam is intended for individuals who have already passed the AWS Certified Solutions Architect - Associate exam and have at least two years of experience designing and deploying scalable, highly available, and fault-tolerant systems on AWS.


Amazon SAP-C01 (AWS Certified Solutions Architect - Professional) exam is a necessary certification for IT professionals looking to validate their skills in planning, designing, and deploying AWS solutions. AWS Certified Solutions Architect - Professional certification exam validates an individual's ability to provide advice and solutions to organizations deploying AWS services, from design to implementation. With the growing demand for AWS services, the Amazon SAP-C01 certification exam provides firms with the assurance that they are hiring individuals who possess the knowledge and skills required to design and deploy scalable AWS systems.

 

NEW QUESTION # 134
A Solutions Architect is designing a system that will collect and store data from 2,000 internet-connected sensors. Each sensor produces 1 KB of data every second. The data must be available for analysis within a few seconds of it being sent to the system and stored for analysis indefinitely.
Which is the MOST cost-effective solution for collecting and storing the data?

  • A. Put each record into an Amazon DynamoDB table. Analyze the recent data by querying the table. Use an AWS Lambda function connected to a DynamoDB stream to group records together, write them into objects in Amazon S3, and then delete the record from the DynamoDB table. Analyze recent data from the DynamoDB table and historical data from Amazon S3
  • B. Put each record in Amazon Kinesis Data Streams. Use an AWS Lambda function to write each record to an object in Amazon S3 with a prefix that organizes the records by hour and hashes the record's key.
    Analyze recent data from Kinesis Data Streams and historical data from Amazon S3.
  • C. Put each record in Amazon Kinesis Data Streams. Set up Amazon Kinesis Data Firehouse to read records from the stream and group them into objects in Amazon S3. Analyze recent data from Kinesis Data Streams and historical data from Amazon S3.
  • D. Put each record into an object in Amazon S3 with a prefix what organizes the records by hour and hashes the record's key. Use S3 lifecycle management to transition objects to S3 infrequent access storage to reduce storage costs. Analyze recent and historical data by accessing the data in Amazon S3

Answer: A


NEW QUESTION # 135
A company is running a data-intensive application on AWS. The application runs on a cluster of hundreds of Amazon EC2 instances. A shared file system also runs on several EC2 instances that store 200 TB of dat
a. The application reads and modifies the data on the shared file system and generates a report. The job runs once monthly, reads a subset of the files from the shared file system, and takes about 72 hours to complete. The compute instances scale in an Auto Scaling group, but the instances that host the shared file system run continuously. The compute and storage instances are all in the same AWS Region.
A solutions architect needs to reduce costs by replacing the shared file system instances. The file system must provide high performance access to the needed data for the duration of the 72-hour run.
Which solution will provide the LARGEST overall cost reduction while meeting these requirements?

  • A. Migrate the data from the existing shared file system to an Amazon S3 bucket that uses the S3 Standard storage class. Before the job runs each month, use Amazon FSx for Lustre to create a new file system with the data from Amazon S3 by using batch loading. Use the new file system as the shared storage for the duration of the job. Delete the file system when the job is complete.
  • B. Migrate the data from the existing shared file system to a large Amazon Elastic Block Store (Amazon EBS) volume with Multi-Attach enabled. Attach the EBS volume to each of the instances by using a user data script in the Auto Scaling group launch template. Use the EBS volume as the shared storage for the duration of the job. Detach the EBS volume when the job is complete.
  • C. Migrate the data from the existing shared file system to an Amazon S3 bucket. Before the job runs each month, use AWS Storage Gateway to create a file gateway with the data from Amazon S3. Use the file gateway as the shared storage for the job. Delete the file gateway when the job is complete.
  • D. Migrate the data from the existing shared file system to an Amazon S3 bucket that uses the S3 Intelligent-Tiering storage class. Before the job runs each month, use Amazon FSx for Lustre to create a new file system with the data from Amazon S3 by using lazy loading. Use the new file system as the shared storage for the duration of the job. Delete the file system when the job is complete.

Answer: B


NEW QUESTION # 136
A user is hosting a public website on AWS. The user wants to have the database and the app server on the AWS VPC. The user wants to setup a database that can connect to the Internet for any patch upgrade but cannot receive any request from the internet. How can the user set this up?

  • A. Setup DB in a public subnet with the security group allowing only inbound data.
  • B. Setup DB in a private subnet with the security group allowing only outbound traffic.
  • C. Setup DB in a private subnet which is connected to the internet via NAT for outbound.
  • D. Setup DB in a local data center and use a private gateway to connect the application with DB.

Answer: C

Explanation:
Explanation
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. When the user wants to setup both the DB and App on VPC, the user should make one public and one private subnet. The DB should be hosted in a private subnet and instances in that subnet cannot reach the internet. The user can allow an instance in his VPC to initiate outbound connections to the internet but prevent unsolicited inbound connections from the internet by using a Network Address Translation (NAT) instance.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html


NEW QUESTION # 137
You have set up a huge amount of network infrastructure in AWS and you now need to think about monitoring all of this. You decide CloudWatch will best fit your needs but you are unsure of the pricing structure and the limitations of CloudWatch.
Which of the following statements is TRUE in relation to the limitations of CloudWatch?

  • A. You get 10 CloudWatch metrics, 10 alarms, 1,000 API requests, and 100 Amazon SNS email notifications per customer per month for free.
  • B. You get 100 CloudWatch metrics, 100 alarms, 10,000,000 API requests, and 10,000 Amazon SNS email notifications per customer per month for free.
  • C. You get 10 CloudWatch metrics, 10 alarms, 1,000,000 API requests, and 1,000 Amazon SNS email notifications per customer per month for free.
  • D. You get 100 CloudWatch metrics, 100 alarms, 1,000,000 API requests, and 1,000 Amazon SNS email notifications per customer per month for free.

Answer: C

Explanation:
Explanation
Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time. You can use CloudWatch to collect and track metrics, which are the variables you want to measure for your resources and applications.
CloudWatch has the following limits:
You get 10 CloudWatch metrics, 10 alarms, 1,000,000 API requests, and 1,000 Amazon SNS email notifications per customer per month for free.
You can assign up to 10 dimensions per metric.
You can create up to 5000 alarms per AWS account. Metric data is kept for 2 weeks.
The size of a PutMetricData request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests.
You can include a maximum of 20 MetricDatum items in one PutMetricData request. A MetricDatum can contain a single value or a StatisticSet representing many values.
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_limits.html


NEW QUESTION # 138
A company has deployed an application to multiple environments in AWS. including production and testing the company has separate accounts for production and testing, and users are allowed to create additional application users for team members or services. as needed. The security team has asked the operations team tor better isolation between production and testing with centralized controls on security credentials and improved management of permissions between environments Which of the following options would MOST securely accomplish this goal?

  • A. Modify permissions in the production and testing accounts to limit creating new 1AM users to members of the operations team Set a strong 1AM password policy on each account Create new 1AM users and groups in each account to Limit developer access to just the services required to complete their job function.
  • B. Create all user accounts in the production account Create roles for access in me production account and testing accounts. Grant cross-account access from the production account to the testing account
  • C. Create a new AWS account to hold user and service accounts, such as an identity account Create users and groups m the identity account. Create roles with appropriate permissions in the production and testing accounts Add the identity account to the trust policies for the roles
  • D. Create a script that runs on each account that checks user accounts For adherence to a security policy.
    Disable any user or service accounts that do not comply.

Answer: C


NEW QUESTION # 139
A company is migrating a subset of its application APIs from Amazon EC2 instances to run on a serverless infrastructure. The company has set up Amazon API Gateway, AWS Lambda, and Amazon DynamoDB for the new application. The primary responsibility of the Lambda function is to obtain data from a third-party Software as a Service (SaaS) provider. For consistency, the Lambda function is attached to the same virtual private cloud (VPC) as the original EC2 instances.
Test users report an inability to use this newly moved functionality, and the company is receiving 5xx errors from API Gateway. Monitoring reports from the SaaS provider shows that the requests never made it to its systems. The company notices that Amazon CloudWatch Logs are being generated by the Lambda functions. When the same functionality is tested against the EC2 systems, it works as expected.
What is causing the issue?

  • A. The throttle limit set on API Gateway is too low and the requests are not making their way through.
  • B. The end-user application is misconfigured to continue using the endpoint backed by EC2 instances.
  • C. Lambda is in a subnet that does not have a NAT gateway attached to it to connect to the SaaS provider.
  • D. API Gateway does not have the necessary permissions to invoke Lambda.

Answer: C


NEW QUESTION # 140
A Solutions Architect must update an application environment within AWS Elastic Beanstalk using a blue/green deployment methodology. The Solutions Architect creates an environment that is identical to the existing application environment and deploys the application to the new environment.
What should be done next to complete the update?

  • A. Replace the Auto Scaling launch configuration
  • B. Select the Swap Environment URLs option
  • C. Redirect to the new environment using Amazon Route 53
  • D. Update the DNS records to point to the green environment

Answer: B


NEW QUESTION # 141
A travel company built a web application that uses Amazon Simple Email Service (Amazon SES) to send email notifications to users. The company needs to enable logging to help troubleshoot email delivery issues. The company also needs the ability to do searches that are based on recipient, subject, and time sent.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

  • A. Enable AWS CloudTrail logging. Specify an Amazon S3 bucket as the destination for the logs.
  • B. Create an Amazon CloudWatch log group. Configure Amazon SES to send logs to the log group
  • C. Use Amazon Athena to query the logs in Amazon CloudWatch for recipient, subject, and time sent.
  • D. Create an Amazon SES configuration set with Amazon Kinesis Data Firehose as the destination. Choose to send logs to an Amazon S3 bucket.
  • E. Use Amazon Athena to query the fogs in the Amazon S3 bucket for recipient, subject, and time sent.

Answer: D,E

Explanation:
https://docs.aws.amazon.com/ses/latest/dg/event-publishing-retrieving-firehose.html
To enable you to track your email sending at a granular level, you can set up Amazon SES to publish email sending events to Amazon CloudWatch, Amazon Kinesis Data Firehose, or Amazon Simple Notification Service based on characteristics that you define. https://docs.aws.amazon.com/ses/latest/dg/monitor-using-event-publishing.html
https://aws.amazon.com/getting-started/hands-on/build-serverless-real-time-data-processing-app-lambda-kinesis-s3-dynamodb-cognito-athena/4/#:~:text=Amazon%20Athena%20allows%20us%20to,to%20an%20Amazon%20S3%20bucket.


NEW QUESTION # 142
A solutions architect has implemented a SAML 2.0 federated identity solution with their company's on-premises identity provider (IdP) to authenticate users' access to the AWS environment. When the solutions architect tests authentication through the federated identity web portal, access to the AWS environment is granted. However, when test users attempt to authenticate through the federated identity web portal, they are not able to access the AWS environment.
Which items should the solutions architect check to ensure identity federation is properly configured? (Select THREE.)

  • A. The IAM roles created for the federated users' or federated groups' trust policy have set the SAML provider as the principal.
  • B. Test users are not in the AWSFederatedUsers group in the company's IdR
  • C. The IAM user's permissions policy has allowed the use of SAML federation for that user.
  • D. The company's IdP defines SAML assertions that properly map users or groups in the company to IAM roles with appropriate permissions.
  • E. The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider, the ARN of the IAM role, and the SAML assertion from IdR
  • F. The on-premises IdP's DNS hostname is reachable from the AWS environment VPCs.

Answer: A,B,D


NEW QUESTION # 143
A company has decided to move some workloads onto AWS to create a grid environment to run market analytics. The grid will consist of many similar instances, spun-up by a job-scheduling function. Each time a large analytics workload is completed, a new VPC is deployed along with job scheduler and grid nodes. Multiple grids could be running in parallel.
Key requirements are:
Grid instances must communicate with Amazon S3 retrieve data to be processed.
Grid instances must communicate with Amazon DynamoDB to track intermediate data, The job scheduler need only to communicate with the Amazon EC2 API to start new grid nodes.
A key requirement is that the environment has no access to the internet, either directly or via the on-premises proxy. However, the application needs to be able to seamlessly communicate to Amazon S3, Amazon DynamoDB, and Amazon EC2 API, without the need for reconfiguration for each new deployment.
Which of the following should the Solutions Architect do to achieve this target architecture? (Choose three.)

  • A. Enable an interface VPC endpoint for EC2.
  • B. Configure the application on the grid instances to use the private DNS name of the Amazon S3 endpoint.
  • C. Configure Amazon S3 endpoint policy to permit access only from the grid nodes.
  • D. Enable VPC endpoints for Amazon S3 and DynamoDB.
  • E. Populate the on-premises DNS server with the private IP addresses of the EC2 endpoint.
  • F. Disable Private DNS Name Support.

Answer: A,B,D

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint/
https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html


NEW QUESTION # 144
A company has an internal application running on AWS that is used to track and process shipments in the company's warehouse. Currently, after the system receives an order, it emails the staff the information needed to ship a package. Once the package is shipped, the staff replies to the email and the order is marked as shipped.
The company wants to stop using email in the application and move to a serverless application model.
Which architecture solution meets these requirements?

  • A. Store new order information in Amazon EFS. Have instances pull the new information from the NFS and send that information to printers in the warehouse. Once the label has been scanned, as it leaves the warehouse, have Amazon API Gateway call the instances to remove the order information from Amazon EFS.
  • B. When a new order is created, store the order information in Amazon SQS. Have AWS Lambda check the queue every 5 minutes and process any needed work. When an order needs to be shipped, have Lambda print the label in the warehouse. Once the label has been scanned, as it leaves the warehouse, have an Amazon EC2 instance update Amazon SQS.
  • C. Use AWS Batch to configure the different tasks required to ship a package. Have AWS Batch trigger an AWS Lambda function that creates and prints a shipping label. Once that label is scanned, as it leaves the warehouse, have another Lambda function move the process to the next step in the AWS Batch job.
  • D. Update the application to store new order information in Amazon DynamoDB. When a new order is created, trigger an AWS Step Functions workflow, mark the orders as "in progress," and print a package label to the warehouse. Once the label has been scanned and fulfilled, the application will trigger an AWS Lambda function that will mark the order as shipped and complete the workflow.

Answer: D


NEW QUESTION # 145
A company has released a new version of a website to target an audience in Asia and South America. The website's media assets are hosted on Amazon S3 and have an Amazon CloudFront distribution to improve end-user performance. However, users are having a poor login experience the authentication service is only available in the us-east-1 AWS Region.
How can the Solutions Architect improve the login experience and maintain high security and performance with minimal management overhead?

  • A. Use Amazon Lambda@Edge attached to the CloudFront viewer request trigger to authenticate and authorize users by maintaining a secure cookie token with a session expiry to improve the user experience in multiple geographies.
  • B. Use an Amazon Route 53 weighted routing policy to route traffic to the CloudFront distribution. Use CloudFront cached HTTP methods to improve the user login experience.
  • C. Replicate the setup in each geography and use Network Load Balancers to route traffic to the authentication service running in the closest region to users.
  • D. Replicate the setup in each new geography and use Amazon Route 53 geo-based routing to route traffic to the AWS Region closest to the users.

Answer: A

Explanation:
Explanation
There are several benefits to using Lambda@Edge for authorization operations. First, performance is improved by running the authorization function using Lambda@Edge closest to the viewer, reducing latency and response time to the viewer request. The load on your origin servers is also reduced by offloading CPU-intensive operations such as verification of JSON Web Token (JWT) signatures. Finally, there are security benefits such as filtering out unauthorized requests before they reach your origin infrastructure.
https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use-lambdaedge-and-


NEW QUESTION # 146
You have setup an Auto Scaling group. The cool down period for the Auto Scaling group is 7 minutes. The first scaling activity request for the Auto Scaling group is to launch two instances. It receives the activity question at time "t", and the first instance is launched at t+3 minutes, while the second instance is launched at t+4 minutes.
How many minutes after time "t" will Auto Scaling accept another scaling activity request?

  • A. 7 minutes
  • B. 14 minutes
  • C. 10 minutes
  • D. 11 minutes

Answer: D

Explanation:
Explanation
If an Auto Scaling group is launching more than one instance, the cool down period for each instance starts after that instance is launched. The group remains locked until the last instance that was launched has completed its cool down period. In this case the cool down period for the first instance starts after 3 minutes and finishes at the 10th minute (3+7 cool down), while for the second instance it starts at the 4th minute and finishes at the 11th minute (4+7 cool down). Thus, the Auto Scaling group will receive another request only after 11 minutes.
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/AS_Concepts.html


NEW QUESTION # 147
A customer has a website which shows all the deals available across the market. The site experiences a load of
5 large EC2 instances generally.
However, a week before Thanksgiving vacation they encounter a load of almost 20 large instances. The load during that period varies over the day based on the office timings.
Which of the below mentioned solutions is cost effective as well as help the website achieve better performance?

  • A. During the pre-vacation period setup 20 instances to run continuously.
  • B. Keep only 10 instances running and manually launch 10 instances every day during office hours.
  • C. During the pre-vacation period setup a scenario where the organization has 15 instances running and 5 instances to scale up and down using Auto Scaling based on the network I/O policy.
  • D. Setup to run 10 instances during the pre-vacation period and only scale up during the office time by launching 10 more instances using the AutoScaling schedule.

Answer: B

Explanation:
Explanation
AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On- Demand instances and the organization should create an AMI of the running instance. When the organization is experiencing varying loads and the time of the load is not known but it is higher than the routine traffic it is recommended that the organization launches a few instances beforehand and then setups AutoScaling with policies which scale up and down as per the EC2 metrics, such as Network I/O or CPU utilization. If the organization keeps all 10 additional instances as a part of the AutoScaling policy sometimes during a sudden higher load it may take time to launch instances and may not give an optimal performance. This is the reason it is recommended that the organization keeps an additional 5 instances running and the next 5 instances scheduled as per the AutoScaling policy for cost effectiveness.


NEW QUESTION # 148
A company has an application that generates reports and stores them in an Amazon S3 bucket. When a user accesses their report, the application generates a signed URL to allow the user to download the report. The company's security team has discovered that the files are public and that anyone can download them without authentication. The company has suspended the generation of new reports until the problem is resolved.
Which set of actions will immediately remediate the security issue without impacting the application's normal workflow?

  • A. Create an AWS Lambda function that applies a deny all policy for users who are not authenticated. Create a scheduled event to invoke the Lambda function.
  • B. Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcls option to TRUE on the bucket.
  • C. Review the AWS Trusted Advisor bucket permissions check and implement the recommended actions.
  • D. Run a script that puts a private ACL on all of the objects in the bucket.

Answer: B

Explanation:
The S3 bucket is allowing public access and this must be immediately disabled. Setting the IgnorePublicAcls option to TRUE causes Amazon S3 to ignore all public ACLs on a bucket and any objects that it contains.
The other settings you can configure with the Block Public Access Feature are:
o BlockPublicAcls - PUT bucket ACL and PUT objects requests are blocked if granting public access.
o BlockPublicPolicy - Rejects requests to PUT a bucket policy if granting public access.
o RestrictPublicBuckets - Restricts access to principles in the bucket owners' AWS account.
https://aws.amazon.com/s3/features/block-public-access/


NEW QUESTION # 149
A company is migrating an application to the AWS Cloud. The application runs in an on-premises data center and writes thousands of images into a mounted NFS file system each night After the company migrates the application, the company will host the application on an Amazon EC2 instance with a mounted Amazon Elastic File System (Amazon EFS) file system.
The company has established an AWS Direct Connect connection to AWS Before the migration cutover. a solutions architect must build a process that will replicate the newly created on-premises images to the EFS file system
What is the MOST operationally efficient way to replicate the images?

  • A. Deploy an AWS Storage Gateway file gateway with an NFS mount point. Mount the file gateway file system on the on-premises server. Configure a process to periodically copy the images to the mount point
  • B. Deploy an AWS DataSync agent to an on-premises server that has access to the NFS file system Send data over the Direct Connect connection to an S3 bucket by using a public VIF Configure an AWS Lambda function to process event notifications from Amazon S3 and copy the images from Amazon S3 to the EFS file system
  • C. Deploy an AWS DataSync agent to an on-premises server that has access to the NFS file system Send data over the Direct Connect connection to an AWS PrivateLink interface VPC endpoint for Amazon EFS by using a private VIF Configure a DataSync scheduled task to send the images to the EFS file system every 24 hours.
  • D. Configure a periodic process to run the aws s3 sync command from the on-premises file system to Amazon S3 Configure an AWS Lambda function to process event notifications from Amazon S3 and copy the images from Amazon S3 to the EFS file system

Answer: D


NEW QUESTION # 150
A company wants to migrate its website from an on-premises data center onto AWS. At the same time, it wants to migrate the website to a containerized microservice-based architecture to improve the availability and cost efficiency. The company's security policy states that privileges and network permissions must be configured according to best practice, using least privilege.
A Solutions Architect must create a containerized architecture that meets the security requirements and has deployed the application to an Amazon ECS cluster.
What steps are required after the deployment to meet the requirements? (Choose two.)

  • A. Apply security groups to the tasks, and pass IAM credentials into the container at launch time to access other resources.
  • B. Create tasks using the awsvpc network mode.
  • C. Create tasks using the bridge network mode.
  • D. Apply security groups to the tasks, and use IAM roles for tasks to access other resources.
  • E. Apply security groups to Amazon EC2 instances, and use IAM roles for EC2 instances to access other resources.

Answer: B,D


NEW QUESTION # 151
A company that is new to AWS reports it has exhausted its service limits across several accounts that are on the Basic Support plan. The company would like to prevent this from happening in the future.
What is the MOST efficient way of monitoring and managing all service limits in the company's accounts?

  • A. Reach out to AWS Support to proactively increase the limits across all accounts. That way, the customer avoids creating and managing infrastructure just to raise the service limits.
  • B. Use Amazon CloudWatch and AWS Lambda to periodically calculate the limits across all linked accounts using AWS Trusted Advisor, programmatically increase the limits that are close to exceeding the threshold.
  • C. Use Amazon CloudWatch and AWS Lambda to periodically calculate the limits across all linked accounts using AWS Trusted Advisor, provide notifications using Amazon SNS if the limits are close to exceeding the threshold.
  • D. Use Amazon CloudWatch and AWS Lambda to periodically calculate the limits across all linked accounts using AWS Trusted Advisor, and use Amazon SNS for notifications if a limit is close to exceeding the threshold. Ensure that the accounts are using the AWS Business Support plan at a minimum.

Answer: D


NEW QUESTION # 152
A large company with hundreds of AWS accounts has a newly established centralized internal process for purchasing new or modifying existing Reserved Instances. This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement or execution. Previously, business units would directly purchase or modify Reserved Instances in their own respective AWS accounts autonomously.
Which combination of steps should be taken to proactively enforce the new process in the MOST secure way possible? (Select TWO.)

  • A. Use AWS Contig lo report on the attachment of an 1AM policy that denies access to the ec2:PurchaseReservedlnstancesOffering and ec2:ModifyReservedlnstances actions.
  • B. Ensure that all AWS accounts are part of an AWS Organizations structure operating in consolidated billing features mode.
  • C. Create an SCP that contains a deny rule to the ec2:PurchaseReservedlnstancesOffering and ec2: Modify Reserved Instances actions. Attach the SCP to each organizational unit (OU) of the AWS Organizations structure.
  • D. Ensure all AWS accounts are part of an AWS Organizations structure operating in all features mode.
  • E. In each AWS account, create an 1AM policy with a DENY rule to the ec2:PurchaseReservedlnstancesOffering and ec2:ModifyReservedInstances actions.

Answer: C,D


NEW QUESTION # 153
A government agency is building a forms submission portal using AWS to allow citizen to submit and retrieve sensitive documents. The solution was built using serverless architecture, with the front-end code developed using HTML and JavaScript and the backend architecture using Amazon API Gateway and Amazon S3.
The portal must meet the following security requirements:
Requests to the backend infrastructure should be allowed only if they originate from a specific country.
Requests to the backend infrastructure should prevent brute attacks from individual IP addresses by not allowing more than 3000 requests per minutes for 10 requests per seconds for each IP address.
All access attempts to the backend infrastructure must be logged.
Which steps should a solution architect take to meet these requirements? (Select Two)

  • A. Create an AWS WAP web ACL with a custom condition that allows access attempts from the authorized country only, and a rate-based rule with a rate-based rule with rate limit 3000 requests per 5 minutes. Then associate the web ACL with the API Gateway API
  • B. Configure the AWS WAF web ACL to an Amazon CloudWatch Logs group. Configure API Gateway to log to an Amazon Cloudwatch Logs group
  • C. Configure the AWS WAF web ACL to log to an Amazon Kinesis Data Firehose delivery with Amazon Elasticsearch Service (Amazon ES) as the destination. Configure API Gateway to log to an Amazon CloudWatch Logs group.
  • D. Configure the API Gateway API with a custom rule condition that allow APIs to be called from the authorized country only. Then enable default method throttling, setting the rate limit in 10 requests per seconds.
  • E. ConfigureAmazon Cloud with a geographical restriction that allows access attempts from the authorized country only, and a rate-based rule with a rate limit of 3000 requests per 5 minutes. Then Add the API Gateway API as a custom origin.

Answer: A,C

Explanation:
https://aws.amazon.com/fr/blogs/security/how-to-analyze-aws-waf-logs-using-amazon-elasticsearch-service/


NEW QUESTION # 154
A large education company recently introduced Amazon Workspaces to provide access to internal applications across multiple universities. The company is storing user proxies on an Amazon FSx for Windows File Server tile system. The Me system is configured with a DNS alias and is connected to a self-managed Active Directory As more users begin to use the Workspaces login time increases to unacceptable levels An investigation reveals a degradation in performance of the file system. The company created the file system on HDD storage with a throughput of 16 MBps A solutions architect must improve the performance of the file system during a defined maintenance window What should the solutions architect do to meet these requirements with the LEAST administrative effort?

  • A. Deploy an AWS DataSync agent onto a new Amazon EC2 instance. Create a task Configure the existing file system as the source location Configure a new FSx for Windows File Server file system with SSD storage and 32 MBps of throughput as the target location Schedule the task When the task is completed adjust the DNS alias accordingly Delete the original file system.
  • B. Enable shadow copies on the existing file system by using a Windows PowerShell command Schedule the shadow copy job to create a point-in-time backup of the file system Choose to restore previous versions Create a new FSx for Windows File Server file system with SSD storage and 32 MBps of throughput When the copy job is completed, adjust the DNS alias Delete the original file system
  • C. Use AWS Backup to create a point-in-time backup of the file system Restore the backup to a new FSx for Windows File Server file system Select SSD as the storage type Select 32 MBps as the throughput capacity When the backup and restore process is completed adjust the DNS alias accordingly Delete the original file system
  • D. Disconnect users from the file system In the Amazon FSx console, update the throughput capacity to 32 MBps Update the storage type to SSD Reconnect users to the file system

Answer: B


NEW QUESTION # 155
A Solutions Architect is designing a highly available and reliable solution for a cluster of Amazon EC2 instances.
The Solutions Architect must ensure that any EC2 instance within the cluster recovers automatically after a system failure. The solution must ensure that the recovered instance maintains the same IP address.
How can these requirements be met?

  • A. Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric, and then configure an EC2 action to recover the instance.
  • B. Create an Auto Scaling group for each EC2 instance that has a minimum and maximum size of 1.
  • C. Create an AWS Lambda script to restart any EC2 instances that shut down unexpectedly.
  • D. Create a new t2.micro instance to monitor the cluster instances. Configure the t2.micro instance to issue an aws ec2 reboot-instances command upon failure.

Answer: A

Explanation:
https://docs.aws.amazon.com/fr_fr/AWSEC2/latest/UserGuide/ec2-instance-recover.html


NEW QUESTION # 156
......


What do you need to begin preparation for AWS Certified SAP - Solutions Architect Exam?

AWS Certified SAP - Solutions Architect Exam is not easy to pass. Tolerant is one of the most important tips for the AWS Certified SAP - Solutions Architect Exam. Satisfy the IRS requirement. Keep in mind that passing the exam depends heavily on your ability. Transfer your learning and ensure that there is a good similarity between the real exam and the test questions. Finishing the test early with a good score is also important. Finishing the test in a timely manner will give you ample time to obtain more questions and memorize them. Recognize, however, that the delivery of the questions is not necessarily immediate. Determine how many questions you should achieve at a time. Make sure to keep a schedule and make a timetable.

Paper, writing, and memorizing are three methods that can be used to get ready for the AWS Certified SAP - Solutions Architect exam. Overseeing his progress is also important. Amazon SAP-C01 exam dumps can help you prepare for AWS Certified SAP - Solutions Architect Exam. Aspects to consider when preparing for the exam include the amount of AWS Certified SAP - Solutions Architect exam questions you have to answer. Functional knowledge is needed to pass the AWS Certified SAP - Solutions Architect exam. Practice for the exam under exam conditions. Hands-on experience with different AWS Certified SAP - Solutions Architect solutions. AWS Certified SAP - Solutions Architect Exam is the result of the work of ten years.

 

Try Best SAP-C01 Exam Questions from Training Expert Test4Sure: https://freecert.test4sure.com/SAP-C01-exam-materials.html

Related Blogs

more
Amazon SAP-C01 Certification Practice Exam

Copyright © 2026 TEST4SURE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.