SAP-C02 Exam: Absolutely Free Online Practice

Question 1
- A multinational bank has recently set up AWS Organizations to manage its several AWS accounts from their various business units. The Senior Solutions Architect attached the SCP below to an Organizational Unit (OU) to define the services that its member accounts can use:
  1. {
  2. "Version":"2012-10-17",
  3. "Statement":[
  4. {
  5. "Effect":"Allow",
  6. "Action":["EC2:*","S3:*"],
  7. "Resource":"*"
  8. }
  9. ]
  10. }
  In one of the member accounts under that OU, an IAM user tried to create a new S3 bucket but was getting a permission denied error.
  Which of the following options is the most likely cause of this issue?
  
  A : The IAM user in the member account does not have IAM policies that explicitly grant EC2 or S3 service actions.
  
  B : An IAM policy that allows the use of S3 and EC2 services should be the one attached in the OU instead of an SCP.
  
  C : All accounts within the OU does not automatically inherit the policy attached to them. You still have to manually attach the SCP to the individual AWS accounts of the OU.
  
  D : You should use the root user of the account to be able to create the new S3 bucket.
  
  Answer: A
Question 2
- A company wants to use AWS for disaster recovery for an on-premises application. The company has hundreds of Windows-based servers that run the application. All the servers mount a common share. The company has an RTO of 15 minutes and an RPO of 5 minutes. The solution must support native failover and fallback capabilities. Which solution will meet these requirements MOST cost-effectively?
  
  A :
  Create an AWS Storage Gateway File Gateway. Schedule daily Windows server backups. Save the data lo Amazon S3. During a disaster, recover the on-premises servers from the backup. During failback. run the on-premises servers on Amazon EC2 instances.
  
  B :
  Create a set of AWS CloudFormation templates to create infrastructure. Replicate all data to Amazon Elastic File System (Amazon EFS) by using AWS DataSync. During a disaster, use AWS CodePipeline to deploy the templates to restore the on-premises servers. Fail back the data by using DataSync.
  
  C :
  Create an AWS Cloud Development Kit (AWS CDK) pipeline to stand up a multi-site active-active environment on AWS. Replicate data into Amazon S3 by using the s3 sync command. During a disaster, swap DNS endpoints to point to AWS. Fail back the data by using the s3 sync command.
  
  D :
  Use AWS Elastic Disaster Recovery to replicate the on-premises servers. Replicate data to an Amazon FSx for Windows File Server file system by using AWS DataSync. Mount the file system to AWS servers. During a disaster, fail over the on-premises servers to AWS. Fail back to new or existing servers by using Elastic Disaster Recovery.
  
  Answer: D
Question 3
- A flood monitoring agency has deployed more than 10.000 water-level monitoring sensors. Sensors send
  continuous data updates, and each update Is less than 1 MB in size. The agency has a fleet of on-premises
  application servers. These servers receive updates from the sensors, convert the raw data into a human
  readable format, and write the results to an on-premises relational database server Data analysts then use
  simple SQL queries to monitor the data.
  The agency wants to increase overall application availability and reduce the effort that is required to perform
  maintenance tasks. These maintenance tasks, which include updates and patches to the application servers,
  cause downtime. While an application server is down, data is lost from sensors because the remaining servers
  cannot handle the entire workload.
  The agency wants a solution that optimizes operational overhead and costs. A solutions architect recommends
  the use of AWS loT Core to collect the sensor data.
  What else should the solutions architect recommend to meet these requirements?
  
  A :
  Send the sensor data to Amazon Kinesis Data Firehose. Use an AWS Lambda function to read the
  Kinesis Data Firehose data, convert it to .csv format, and insert it into an Amazon Aurora MySQL DB
  Instance. Instruct the data analysts to query the data directly from the DB Instance.
  
  B :
  Send the sensor data to Amazon Kinesis Data Firehose. Use an AWS Lambda function to read the
  Kinesis Data Firehose data, convert it to Apache Parquet format, and save it to an Amazon S3 bucket.
  Instruct the data analysts to query the data by using Amazon Athena.
  
  C :
  Send the sensor data to an Amazon Kinesis Data Analytics application to convert the data to csv format
  and store it in an Amazon S3 bucket. Import the data Into an Amazon Aurora MySQL DB instance.
  Instruct the data analysts to query the data directly from the DB instance
  
  D :
  Send the sensor data to an Amazon Kinesis Data Analytics application to convert the data to Apache
  Parquet format and store it in an Amazon S3 bucket. Instruct the data analysts to query the data by using
  Amazon Athena.
  
  Answer: B
Question 4
- A solutions architect is building a web application that uses an Amazon RDS for PostgreSQL DB instance The
  DB instance is expected to receive many more reads than writes. The solutions architect needs to ensure that
  the large amount of read traffic can be accommodated and that the DB instance is highly available.
  Which steps should the solutions architect take to meet these requirements? (Select THREE)
  
  A : Create multiple read replicas and put them into an Auto Scaling group.
  
  B : Create multiple read replicas in different Availability Zones.
  
  C : Create an Amazon Route 53 hosted zone and a record set for each read replica with a TTL and a weighted routing policy.
  
  D : Create an Application Load Balancer (ALB) and put the read replicas behind the ALB.
  
  E : Configure an Amazon CloudWatch alarm to detect a failed read replica. Set the alarm to directly invoke an AWS Lambda function to delete its Route 53 record set.
  
  F : Configure an Amazon Route 53 health check for each read replica using its endpoint
  
  Answer: A,B,C
Question 5
- A company wants to deploy an AWS WAF solution to manage AWS WAF rules across multiple AWS accounts. The accounts are managed under different OUs in AWS Organizations. Administrators must be able to add or remove accounts or OUs from managed AWS WAF rule sets as needed Administrators also must have the ability to automatically update and remediate noncompliant AWS WAF rules in all accounts Which solution meets these requirements with the LEAST amount of operational overhead?
  A : Use AWS Firewall Manager to manage AWS WAF rules across accounts in the organization. Use an AWS Systems Manager Parameter Store parameter to store account numbers and OUs to manage Update the parameter as needed to add or remove accounts or OUs Use an Amazon EventBridge (Amazon CloudWatch Events) rule to identify any changes to the parameter and to invoke an AWS Lambda function to update the security policy in the Firewall Manager administrative account
  
  B : Deploy an organization-wide AWS Config rule that requires all resources in the selected OUs to associate the AWS WAF rules. Deploy automated remediation actions by using AWS Lambda to fix noncompliant resources Deploy AWS WAF rules by using an AWS CloudFormation stack set to target the same OUs where the AWS Config rule is applied.
  
  C : Create AWS WAF rules in the management account of the organization Use AWS Lambda environment variables to store account numbers and OUs to manage Update environment variables as needed to add or remove accounts or OUs Create cross-account IAM roles in member accounts Assume the rotes by using AWS Security Token Service (AWS STS) in the Lambda function to create and update AWS WAF rules in the member accounts.
  
  D : Use AWS Control Tower to manage AWS WAF rules across accounts in the organization Use AWS Key Management Service (AWS KMS) to store account numbers and OUs to manage Update AWS KMS as needed to add or remove accounts or OUs Create IAM users in member accounts Allow AWS Control Tower in the management account to use the access key and secret access key to create and update AWS WAF rules in the member accounts
  
  Answer: D

Free Amazon SAP-C02 Exam Questions

Absolute Free SAP-C02 Exam Practice for Comprehensive Preparation