SAP-C02 Exam: Absolutely Free Online Practice

Free Amazon SAP-C02 Exam Questions

A company is running a workload that consists of thousands of Amazon EC2 instances The workload is

running in a VPC that contains several public subnets and private subnets The public subnets have a route for

0 0 0 0/0 to an existing internet gateway. The private subnets have a route for 0 0 0 0/0 to an existing NAT

A solutions architect needs to migrate the entire fleet of EC2 instances to use IPv6 The EC2 instances that are

in private subnets must not be accessible from the public internet

What should the solutions architect do to meet these requirements?

Update the existing VPC and associate a custom IPv6 CIDR block with the VPC and all subnets Update

all the VPC route tables and add a route for /0 to the internet gateway

Update the existing VPC. and associate an Amazon-provided IPv6 CIDR block with the VPC and all

subnets Update the VPC route tables for all private subnets, and add a route for /0 to the NAT gateway

Update the existing VPC. and associate an Amazon-provided IPv6 CIDR block with the VPC and ail

subnets Create an egress-only internet gateway Update the VPC route tables for all private subnets, and

add a route for /0 to the egress-only internet gateway

Update the existing VPC and associate a custom IPv6 CIDR block with the VPC and all subnets Create

a new NAT gateway, and enable IPv6 support Update the VPC route tables for all private subnets and

add a route for 70 to the IPv6-enabled NAT gateway.

A company has a legacy monolithic application that is critical to the company's business. The company hosts

the application on an Amazon EC2 instance that runs Amazon Linux 2. The company's application team

receives a directive from the legal department to back up the data from the instance's encrypted Amazon

Elastic Block Store (Amazon EBS) volume to an Amazon S3 bucket. The application team does not have the

administrative SSH key pair for the instance. The application must continue to serve the users.

Which solution will meet these requirements?

Attach a role to the instance with permission to write to Amazon S3. Use the AWS Systems Manager

Session Manager option to gain access to the instance and run commands to copy data into Amazon S3.

Create an image of the instance with the reboot option turned on. Launch a new EC2 instance from the

image. Attach a role to the new instance with permission to write to Amazon S3. Run a command to

copy data into Amazon S3.

Take a snapshot of the EBS volume by using Amazon Data Lifecycle Manager (Amazon DLM). Copy

the data to Amazon S3.

Create an image of the instance. Launch a new EC2 instance from the image. Attach a role to the new

instance with permission to write to Amazon S3. Run a command to copy data into Amazon S3.

A company runs its travel and tours website on AWS. The application only supports HTTP at the moment. To improve their SEO ranking and provide more security for their customers, they decided to enable SSL on their website. The company would also like to ensure the separation of roles between the Development team and the Security team in handling the sensitive SSL certificate. The Development team can log in to EC2 Instances but they should not have access to the SSL certificate, which only the Security team has exclusive control of. Currently, they are using an Application Load Balancer which provides loads of incoming traffic to an Auto Scaling group of On-Demand EC2 instances.

Which of the following options should the solutions architect implement to satisfy the above requirements?

A multi-national tech company has multiple VPCs assigned for each of its IT departments. VPC peering has been set up whenever intercommunication is needed between the VPCs. The solutions architect has been instructed to launch a new central database server that can be accessed by the other VPCs of the company using the database.tutorialsdojo.com domain name. This server should only be resolvable and accessible within the associated VPCs since only internal applications will be using the database.

Which of the following options should the solutions architect implement to meet the above requirements?

A company is migrating its data centre from on premises to the AWS Cloud. The migration will take several

months to complete. The company will use Amazon Route 53 for private DNS zones.

During the migration, the company must Keep its AWS services pointed at the VPC's Route 53 Resolver for

DNS. The company also must maintain the ability to resolve addresses from its on-premises DNS server A

solutions architect must set up DNS so that Amazon EC2 instances can use native Route 53 endpoints to

resolve on-premises DNS queries

Which configuration writ meet these requirements?

Configure Vie VPC DHCP options set to point to on-premises DNS server IP addresses. Ensure that

security groups for EC2 instances allow outbound access to port 53 on those DNS server IP addresses.

Launch an EC2 instance that has DNS BIND installed and configured. Ensure that the security groups

that are attached to the EC2 instance can access the on-premises DNS server IP address on port 53.

Configure BIND to forward DNS queries to on-premises DNS server IP addresses Configure each

migrated EC2 instances DNS settings to point to the BIND server IP address.

Create a new outbound endpoint in Route 53. and attach me endpoint to the VPC. Ensure that the

security groups that are attached to the endpoint can access the on-premises DNS server IP address on

port 53 Create a new Route 53 Resolver rule that routes on-premises designated traffic to the

on-premises DNS server.

Create a new private DNS zone in Route 53 with the same domain name as the on-premises domain.

Create a single wildcard record with the on-premises DNS server IP address as the record-s address.

Free Amazon SAP-C02 Exam Questions

Absolute Free SAP-C02 Exam Practice for Comprehensive Preparation