Practice Free SAP-C02 Exam Online Questions
A company is collecting a large amount of data from a fleet of loT devices Data is stored as Optimized Row Columnar (ORC) files in the Hadoop Distributed File System (HDFS) on a persistent Amazon EMR cluster. The company’s data analytics team queries the data by using SQL in Apache Presto deployed on the same EMR cluster Queries scan large amounts of data, always run for less than 15 minutes, and run only between 5 PM and 10 PM.
The company is concerned about the high cost associated with the current solution A solutions architect must propose the most cost-effective solution that will allow SQL data queries.
Which solution will meet these requirements?
- A . Store data in Amazon S3 Use Amazon Redshift Spectrum to query data.
- B . Store data in Amazon S3 Use the AWS Glue Data Catalog and Amazon Athena to query data
- C . Store data in EMR File System (EMRFS) Use Presto in Amazon EMR to query data
- D . Store data in Amazon Redshift. Use Amazon Redshift to query data.
B
Explanation:
(https://stackoverflow.com/questions/50250114/athena-vs-redshift-spectrum)
A company operates a fleet of servers on premises and operates a fleet of Amazon EC2 instances in its organization in AWS Organizations. The company’s AWS accounts contain hundreds of VPCs. The company wants to connect its AWS accounts to its on-premises network. AWS Site-to-Site VPN connections are already established to a single AWS account. The company wants to control which VPCs can communicate with other VPCs.
Which combination of steps will achieve this level of control with the LEAST operational effort? (Choose three.)
- A . Create a transit gateway in an AWS account. Share the transit gateway across accounts by using
AWS Resource Access Manager (AWS RAM). - B . Configure attachments to all VPCs and VPNs.
- C . Set up transit gateway route tables. Associate the VPCs and VPNs with the route tables.
- D . Configure VPC peering between the VPCs.
- E . Configure attachments between the VPCs and VPNs.
- F . Set up route tables on the VPCs and VPNs.
A company has a web application that uses Amazon API Gateway. AWS Lambda and Amazon DynamoDB A recent marketing campaign has increased demand Monitoring software reports that many requests have significantly longer response times than before the marketing campaign
A solutions architect enabled Amazon CloudWatch Logs for API Gateway and noticed that errors are occurring on 20% of the requests. In CloudWatch. the Lambda function. Throttles metric represents 1% of the requests and the Errors metric represents 10% of the requests Application logs indicate that, when errors occur there is a call to DynamoDB
What change should the solutions architect make to improve the current response times as the web application becomes more popular?
- A . Increase the concurrency limit of the Lambda function
- B . Implement DynamoDB auto scaling on the table
- C . Increase the API Gateway throttle limit
- D . Re-create the DynamoDB table with a better-partitioned primary index.
B
Explanation:
Enable DynamoDB Auto Scaling:
Navigate to the DynamoDB console and select the table experiencing high demand.
Go to the "Capacity" tab and enable auto scaling for both read and write capacity units. Auto scaling adjusts the provisioned throughput capacity automatically in response to actual traffic patterns, ensuring the table can handle the increased load.
Configure Auto Scaling Policies:
Set the minimum and maximum capacity units to define the range within which auto scaling can adjust the provisioned throughput.
Specify target utilization percentages for read and write operations, typically around 70%, to maintain a balance between performance and cost.
Monitor and Adjust:
Use Amazon CloudWatch to monitor the auto scaling activity and ensure it is effectively handling the
increased demand.
Adjust the auto scaling settings if necessary to better match the traffic patterns and application requirements.
By enabling DynamoDB auto scaling, you ensure that the database can handle the fluctuating traffic volumes without manual intervention, improving response times and reducing errors.
Reference
AWS Compute Blog on Using API Gateway as a Proxy for DynamoDB 【 60 】 .
AWS Database Blog on DynamoDB Accelerator (DAX) 【 59 】 .
A solutions architect is designing a solution to automatically provision new AWS accounts in an organization in AWS Organizations. The solutions architect has enabled AWS Control Tower for the organization. The solution must enable security controls and create resources such as billing alarms after creating new AWS accounts. The solution must be scalable.
Which solution meets these requirements with the LEAST operational overhead?
- A . Create a new AWS account in the organization. Deploy a blueprint to the new AWS account. Define a blueprint that creates resources such as billing alarms. Configure AWS Control Tower to apply the blueprint after creating the new AWS account
- B . Create a new AWS account in the organization. Establish trusted access to the account by using an AWS Cloud Formation template. Enroll the new AWS account into AWS Control Tower. Deploy a blueprint to the new AWS account by using AWS Control Tower to provision resources.
- C . Use Account Factory to initiate the creation of a new AWS account by using AWS Service Catalog. Configure a lifecycle event in AWS Control Tower that invokes an AWS Lambda function. Configure the Lambda function to deploy an AWS CloudFormation template by using the AWSControlTowerExecution role.
- D . Use Account Factory to initiate the creation of a new AWS account by using AWS Control Tower. Define a blueprint that creates resources such as billing alarms. Configure AWS Control Tower to apply the blueprint after creating the new AWS account.
A company is using AWS Organizations with a multi-account architecture. The company’s current security configuration for the account architecture includes SCPs, resource-based policies, identity-based policies, trust policies, and session policies.
A solutions architect needs to allow an IAM user in Account A to assume a role in Account B.
Which combination of steps must the solutions architect take to meet this requirement? (Select THREE.)
- A . Configure the SCP for Account A to allow the action.
- B . Configure the resource-based policies to allow the action.
- C . Configure the identity-based policy on the user in Account A to allow the action.
- D . Configure the identity-based policy on the user in Account B to allow the action.
- E . Configure the trust policy on the target role in Account B to allow the action.
- F . Configure the session policy to allow the action and to be passed programmatically by the GetSessionToken API operation.
B,C,E
Explanation:
Resource-based policies are policies that you attach to a resource, such as an IAM role, to specify who can access the resource and what actions they can perform on it1. Identity-based policies are policies that you attach to an IAM user, group, or role to specify what actions they can perform on which resources2. Trust policies are special types of resource-based policies that define which principals (such as IAM users or roles) can assume a role3.
To allow an IAM user in Account A to assume a role in Account B, the solutions architect needs to do the following:
Configure the resource-based policy on the target role in Account B to allow the action sts:AssumeRole for the IAM user in Account
A company’s factory and automaton applications are running in a single VPC More than 23 applications run on a combination of Amazon EC2, Amazon Elastic Container Service (Amazon ECS), are Amazon RDS.
The company has software engineers spread across three teams. One of the three teams owns each application, and each team is responsible for the cost and performance of all of its applications. Team resources have tags that represent their application and team. The learns use IAH access for daily activities.
The company needs to determine which costs on the monthly AWS bill are attributable to each application or team. The company also must be able to create reports to compare costs item the last 12 months and to help forecast costs tor the next 12 months. A solution architect must recommend an AWS Billing and Cost Management solution that provides these cost reports.
Which combination of actions will meet these requirement? Select THREE.)
- A . Activate the user-defined cost allocation tags that represent the application and the team.
- B . Activate the AWS generated cost allocation tags that represent the application and the team.
- C . Create a cost category for each application in Billing and Cost Management
- D . Activate IAM access to Billing and Cost Management.
- E . Create a cost budget
- F . Enable Cost Explorer.
A,C,F
Explanation:
To attribute AWS costs to specific applications or teams and enable detailed cost analysis and forecasting, the solution architect should recommend the following actions:
A weather service provides high-resolution weather maps from a web application hosted on AWS in the eu-west-1 Region. The weather maps are updated frequently and stored in Amazon S3 along with static HTML content. The web application is fronted by Amazon CloudFront.
The company recently expanded to serve users in the us-east-1 Region, and these new users report that viewing their respective weather maps is slow from time to time.
Which combination of steps will resolve the us-east-1 performance issues? (Choose two.)
- A . Configure the AWS Global Accelerator endpoint for the S3 bucket in eu-west-1. Configure endpoint groups for TCP ports 80 and 443 in us-east-1.
- B . Create a new S3 bucket in us-east-1. Configure S3 cross-Region replication to synchronize from the
S3 bucket in eu-west-1. - C . Use Lambda@Edge to modify requests from North America to use the S3 Transfer Acceleration endpoint in us-east-1.
- D . Use Lambda@Edge to modify requests from North America to use the S3 bucket in us-east-1.
- E . Configure the AWS Global Accelerator endpoint for us-east-1 as an origin on the CloudFront distribution. Use Lambda@Edge to modify requests from North America to use the new origin.
B,D
Explanation:
https://aws.amazon.com/about-aws/whats-new/2016/04/transfer-files-into-amazon-s3-up-to-300-percent-faster/
A company runs its application on Amazon EC2 instances and AWS Lambda functions. The EC2 instances experience a continuous and stable load. The Lambda functions experience a varied and unpredictable load. The application includes a caching layer that uses an Amazon MemoryDB for Redis cluster.
A solutions architect must recommend a solution to minimize the company’s overall monthly costs.
Which solution will meet these requirements?
- A . Purchase an EC2 Instance Savings Plan to cover the EC2 instances. Purchase a Compute Savings Plan for Lambda to cover the minimum expectedconsumption of the Lambda functions. Purchase reserved nodes to cover the MemoryDB cache nodes.
- B . Purchase a Compute Savings Plan to cover the EC2 instances. Purchase Lambda reserved concurrency to cover the expected Lambda usage. Purchasereserved nodes to cover the MemoryDB cache nodes.
- C . Purchase a Compute Savings Plan to cover the entire expected cost of the EC2 instances, Lambda functions, and MemoryDB cache nodes.
- D . Purchase a Compute Savings Plan to cover the EC2 instances and the MemoryDB cache nodes. Purchase Lambda reserved concurrency to cover theexpected Lambda usage.
A
Explanation:
This option uses different types of savings plans and reserved nodes to minimize the company’s overall monthly costs for running its application on EC2 instances, Lambda functions, and MemoryDB cache nodes. Savings plans are flexible pricing models that offer significant savings on AWS usage (up to 72%) in exchange for a commitment of a consistent amount of usage (measured in $/hour) for a one-year or three-year term. There are two types of savings plans: Compute Savings Plans and EC2 Instance Savings Plans. Compute Savings Plans apply to any compute usage across EC2 instances, Fargate containers, Lambda functions, SageMaker notebooks, and ECS tasks. EC2 Instance Savings Plans apply to a specific instance family within a region and provide more savings than Compute Savings Plans (up to 66% versus up to 54%). Reserved nodes are similar to savings plans but apply only to MemoryDB cache nodes. They offer up to 55% savings compared to on-demand pricing.
How can a company patch EC2 instances without internet access, using apatch source in another account, while accessing Systems Manager and S3?
- A . Custom VPN servers
- B . Transit Gateway + private VIFs
- C . VPC endpoints+VPC peering with patch source
- D . Network ACLs + Transit Gateway
C
Explanation:
The most secure and manageable solution is to use VPC interface endpointsforS3andSystems Manager, and establish VPC peering to privately access the patch repo in the core account.
Systems Manager VPC setup
A large mobile gaming company has successfully migrated all of its on-premises infrastructure to the AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework.
While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions architect finds out that the company’s developers are launching new Amazon EC2 instances as part of their testing and that the developers are not using the appropriate instance types.
The solutions architect must implement a control mechanism to limit the instance types that only the developers can launch.
Which solution will meet these requirements?
- A . Create a desired-instance-type managed rule in AWS Config. Configure the rule with the instance types that are allowed. Attach the rule to an event to run each time a new EC2 instance is launched.
- B . In the EC2 console, create a launch template that specifies the instance types that are allowed. Assign the launch template to the developers’ IAM accounts.
- C . Create a new IAM policy. Specify the instance types that are allowed. Attach the policy to an IAM group that contains the IAM accounts for the developers
- D . Use EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image.
C
Explanation:
This is doable with IAM policy creation to restrict users to specific instance types. Found the below article. https://blog.vizuri.com/limiting-allowed-aws-instance-type-with-iam-policy