Amazon SAP-C02 dumps

Amazon SAP-C02 Exam Dumps

AWS Certified Solutions Architect - Professional
751 Reviews

Exam Code SAP-C02
Exam Name AWS Certified Solutions Architect - Professional
Questions 405 Questions Answers With Explanation
Update Date May 20,2024
Price Was : $81 Today : $45 Was : $99 Today : $55 Was : $117 Today : $65

Genuine Exam Dumps For SAP-C02:

Prepare Yourself Expertly for SAP-C02 Exam:

Our most skilled and experienced professionals are providing updated and accurate study material in PDF form to our customers. The material accumulators make sure that our students successfully secure at least more than 90% marks in the Amazon SAP-C02 exam. Our team of professionals is always working very keenly to keep the material updated. Hence, they communicate to the students quickly if there is change in the SAP-C02 dumps file. You and your money both are very valuable for us so we never take it lightly and have made the attempt to provide you the best work in your hands. In fact, there is not a 1% chance to ruin it.

24/7 Friendly Approach:

You can access our agents anytime for your guidance 24/7. Our agent will provide you information you need, you can ask them any questions you have. We are here to provide you with a complete study material file you need to pass your SAP-C02 exam with remarkable marks.

Recognized Dumps for Amazon SAP-C02 Exam:

Our experts are working hard to provide our customers with accurate material for their Amazon SAP-C02 exam. If you want to meet a sweeping success in your exam you must sign up for the complete preparation at Pass4surexams and we will provide you with such genuine material that will help you succeed with distinction. Our provided material is as real as you are studying the real exam questions and answers. Our experts are working hard for our customers. So that they can easily pass their exam in their first attempt without any trouble.

Our team updates the Amazon SAP-C02 questions answers frequently and if there is a change, we instantly contact our customers and provide them updated study material for the exam preparation.

Amazon SAP-C02 Real Exam Questions:

We offer our students real exam questions with 100% passing guarantee, so that they can easily pass their Amazon SAP-C02 exam in the first attempt. Our SAP-C02 dumps PDF have been carved by the experienced experts exactly on the model of real exam question answers in which you are going to appear to get your certification.


Amazon SAP-C02 Sample Questions

Question # 1

A solutions architect needs to improve an application that is hosted in the AWS Cloud. Theapplication uses an Amazon Aurora MySQL DB instance that is experiencing overloadedconnections. Most of the application's operations insert records into the database. Theapplication currently stores credentials in a text-based configuration file.The solutions architect needs to implement a solution so that the application can handle thecurrent connection load. The solution must keep the credentials secure and must providethe ability to rotate the credentials automatically on a regular basis.Which solution will meet these requirements?

A. Deploy an Amazon RDS Proxy layer in front of the DB instance. Store the connectioncredentials as a secret in AWS Secrets Manager.
B. Deploy an Amazon RDS Proxy layer in front of the DB instance. Store the connectioncredentials in AWS Systems Manager Parameter Store.
C. Create an Aurora Replica. Store the connection credentials as a secret in AWS SecretsManager.
D. Create an Aurora Replica. Store the connection credentials in AWS Systems ManagerParameter Store.



Question # 2

A company is migrating an on-premises application and a MySQL database to AWS. Theapplication processes highly sensitive data, and new data is constantly updated in thedatabase. The data must not be transferred over the internet. The company also mustencrypt the data in transit and at rest.The database is 5 TB in size. The company already has created the database schema inan Amazon RDS for MySQL DB instance. The company has set up a 1 Gbps AWS Direct Connect connection to AWS. The company also has set up a public VIF and a private VIF.A solutions architect needs to design a solution that will migrate the data to AWS with theleast possible downtime.Which solution will meet these requirements?

A. Perform a database backup. Copy the backup files to an AWS Snowball Edge StorageOptimized device. Import the backup to Amazon S3. Use server-side encryption withAmazon S3 managed encryption keys (SSE-S3) for encryption at rest. Use TLS forencryption in transit. Import the data from Amazon S3 to the DB instance.
B. Use AWS Database Migration Service (AWS DMS) to migrate the data to AWS. Createa DMS replication instance in a private subnet. Create VPC endpoints for AWS DMS.Configure a DMS task to copy data from the on-premises database to the DB instance byusing full load plus change data capture (CDC). Use the AWS Key Management Service(AWS KMS) default key for encryption at rest. Use TLS for encryption in transit.
C. Perform a database backup. Use AWS DataSync to transfer the backup files to AmazonS3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) forencryption at rest. Use TLS for encryption in transit. Import the data from Amazon S3 to theDB instance.
D. Use Amazon S3 File Gateway. Set up a private connection to Amazon S3 by using AWSPrivateLink. Perform a database backup. Copy the backup files to Amazon S3. Use serversideencryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest.Use TLS for encryption in transit. Import the data from Amazon S3 to the DB instance.



Question # 3

A company is serving files to its customers through an SFTP server that is accessible overthe internet The SFTP server is running on a single Amazon EC2 instance with an ElasticIP address attached Customers connect to the SFTP server through its Elastic IP addressand use SSH for authentication The EC2 instance also has an attached security group thatallows access from all customer IP addresses.A solutions architect must implement a solution to improve availability minimize thecomplexity of infrastructure management and minimize the disruption to customers whoaccess files. The solution must not change the way customers connectWhich solution will meet these requirements?

A. Disassociate the Elastic IP address from the EC2 instance Create an Amazon S3 bucketto be used for SFTP file hosting Create an AWS Transfer Family server. Configure theTransfer Family server with a publicly accessible endpoint Associate the SFTP Elastic IPaddress with the new endpoint. Point the Transfer Family server to the S3 bucket Sync allfiles from the SFTP server to the S3 bucket.
B. Disassociate the Elastic IP address from the EC2 instance Create an Amazon S3 bucketto be used for SFTP file hosting Create an AWS Transfer Family Server Configure theTransfer Family server with a VPC-hosted, internet-facing endpoint Associate the SFTPElastic IP address with the new endpoint Attach the security group with customer IPaddresses to the new endpoint Point the Transfer Family server to the S3 bucket. Sync allfiles from the SFTP server to the S3 bucket.
C. Disassociate the Elastic IP address from the EC2 instance. Create a new AmazonElastic File System (Amazon EFS) file system to be used for SFTP file hosting. Create anAWS Fargate task definition to run an SFTP server Specify the EFS file system as a mountin the task definition Create a Fargate service by using the task definition, and place aNetwork Load Balancer (NLB) in front of the service. When configuring the service, attachthe security group with customer IP addresses to the tasks that run the SFTP serverAssociate the Elastic IP address with the NLB Sync all files from the SFTP server to the S3bucket.
D. Disassociate the Elastic IP address from the EC2 instance. Create a multi-attachAmazon Elastic Block Store (Amazon EBS) volume to be used for SFTP file hosting.Create a Network Load Balancer (NLB) with the Elastic IP address attached. Create anAuto Scaling group with EC2 instances that run an SFTP server. Define in the Auto Scalinggroup that instances that are launched should attach the new multi-attach EBS volumeConfigure the Auto Scaling group to automatically add instances behind the NLB. configurethe Auto Scaling group to use the security group that allows customer IP addresses for theEC2 instances that the Auto Scaling group launches Sync all files from the SFTP server tothe new multi-attach EBS volume.



Question # 4

An online retail company hosts its stateful web-based application and MySQL database inan on-premises data center on a single server. The company wants to increase itscustomer base by conducting more marketing campaigns and promotions. In preparation,the company wants to migrate its application and database to AWS to increase thereliability of its architecture.Which solution should provide the HIGHEST level of reliability?

A. Migrate the database to an Amazon RDS MySQL Multi-AZ DB instance. Deploy theapplication in an Auto Scaling group on Amazon EC2 instances behind an Application LoadBalancer. Store sessions in Amazon Neptune.
B. Migrate the database to Amazon Aurora MySQL. Deploy the application in an AutoScaling group on Amazon EC2 instances behind an Application Load Balancer. Storesessions in an Amazon ElastiCache for Redis replication group.
C. Migrate the database to Amazon DocumentDB (with MongoDB compatibility). Deploythe application in an Auto Scaling group on Amazon EC2 instances behind a Network LoadBalancer. Store sessions in Amazon Kinesis Data Firehose.
D. Migrate the database to an Amazon RDS MariaDB Multi-AZ DB instance. Deploy theapplication in an Auto Scaling group on Amazon EC2 instances behind an Application LoadBalancer. Store sessions in Amazon ElastiCache for Memcached.



Question # 5

A car rental company has built a serverless REST API to provide data to its mobile app.The app consists of an Amazon API Gateway API with a Regional endpoint, AWS Lambdafunctions, and an Amazon Aurora MySQL Serverless DB cluster. The company recentlyopened the API to mobile apps of partners. A significant increase in the number of requestsresulted, causing sporadic database memory errors. Analysis of the API traffic indicatesthat clients are making multiple HTTP GET requests for the same queries in a short periodof time. Traffic is concentrated during business hours, with spikes around holidays andother events.The company needs to improve its ability to support the additional usage while minimizingthe increase in costs associated with the solution.Which strategy meets these requirements?

A. Convert the API Gateway Regional endpoint to an edge-optimized endpoint. Enablecaching in the production stage.
B. Implement an Amazon ElastiCache for Redis cache to store the results of the databasecalls. Modify the Lambda functions to use the cache.
C. Modify the Aurora Serverless DB cluster configuration to increase the maximum amountof available memory.
D. Enable throttling in the API Gateway production stage. Set the rate and burst values tolimit the incoming calls.



Question # 6

A company has a web application that securely uploads pictures and videos to an AmazonS3 bucket. The company requires that only authenticated users are allowed to postcontent. The application generates a presigned URL that is used to upload objects througha browser interface. Most users are reporting slow upload times for objects larger than 100MB.What can a Solutions Architect do to improve the performance of these uploads whileensuring only authenticated users are allowed to post content?

A. Set up an Amazon API Gateway with an edge-optimized API endpoint that has aresource as an S3 service proxy. Configure the PUT method for this resource to exposethe S3 PutObject operation. Secure the API Gateway using a COGNITO_USER_POOLSauthorizer. Have the browser interface use API Gateway instead of the presigned URL toupload objects.
B. Set up an Amazon API Gateway with a regional API endpoint that has a resource as anS3 service proxy. Configure the PUT method for this resource to expose the S3 PutObjectoperation. Secure the API Gateway using an AWS Lambda authorizer. Have the browserinterface use API Gateway instead of the presigned URL to upload API objects.
C. Enable an S3 Transfer Acceleration endpoint on the S3 bucket. Use the endpoint whengenerating the presigned URL. Have the browser interface upload the objects to this URLusing the S3 multipart upload API.
D. Configure an Amazon CloudFront distribution for the destination S3 bucket. Enable PUTand POST methods for the CloudFront cache behavior. Update the CloudFront origin touse an origin access identity (OAI). Give the OAI user s3:PutObject permissions in the bucket policy. Have the browser interface upload objects using the CloudFront distribution.



Question # 7

A company has a website that runs on four Amazon EC2 instances that are behind anApplication Load Balancer (ALB). When the ALB detects that an EC2 instance is no longeravailable, an Amazon CloudWatch alarm enters the ALARM state. A member of thecompany's operations team then manually adds a new EC2 instance behind the ALB.A solutions architect needs to design a highly available solution that automatically handlesthe replacement of EC2 instances. The company needs to minimize downtime during theswitch to the new solution.Which set of steps should the solutions architect take to meet these requirements?

A. Delete the existing ALB. Create an Auto Scaling group that is configured to handle theweb application traffic. Attach a new launch template to the Auto Scaling group. Create anew ALB. Attach the Auto Scaling group to the new ALB. Attach the existing EC2 instancesto the Auto Scaling group.
B. Create an Auto Scaling group that is configured to handle the web application traffic.Attach a new launch template to the Auto Scaling group. Attach the Auto Scaling group tothe existing ALB. Attach the existing EC2 instances to the Auto Scaling group.
C. Delete the existing ALB and the EC2 instances. Create an Auto Scaling group that isconfigured to handle the web application traffic. Attach a new launch template to the AutoScaling group. Create a new ALB. Attach the Auto Scaling group to the new ALB. Wait forthe Auto Scaling group to launch the minimum number of EC2 instances.
D. Create an Auto Scaling group that is configured to handle the web application traffic. Attach a new launch template to the Auto Scaling group. Attach the Auto Scaling group tothe existing ALB. Wait for the existing ALB to register the existing EC2 instances with theAuto Scaling group.



Question # 8

A company is deploying a third-party firewall appliance solution from AWS Marketplace tomonitor and protect traffic that leaves the company's AWS environments. The companywants to deploy this appliance into a shared services VPC and route all outbound internetboundtraffic through the appliances.A solutions architect needs to recommend a deployment method that prioritizes reliabilityand minimizes failover time between firewall appliances within a single AWS Region. Thecompany has set up routing from the shared services VPC to other VPCs.Which steps should the solutions architect recommend to meet these requirements?(Select THREE.)

A. Deploy two firewall appliances into the shared services VPC, each in a separateAvailability Zone.
B. Create a new Network Load Balancer in the shared services VPC. Create a new targetgroup, and attach it to the new Network Load Balancer. Add each of the firewall applianceinstances to the target group.
C. Create a new Gateway Load Balancer in the shared services VPC. Create a new targetgroup, and attach it to the new Gateway Load Balancer. Add each of the firewall applianceinstances to the target group.
D. Create a VPC interface endpoint. Add a route to the route table in the shared servicesVPC. Designate the new endpoint as the next hop for traffic that enters the shared servicesVPC from other VPCs.
E. Deploy two firewall appliances into the shared services VPC. each in the sameAvailability Zone.
F. Create a VPC Gateway Load Balancer endpoint. Add a route to the route table in theshared services VPC. Designate the new endpoint as the next hop for traffic that enters theshared services VPC from other VPCs.



Question # 9

An ecommerce company runs an application on AWS. The application has an Amazon APIGateway API that invokes an AWS Lambda function. The data is stored in an Amazon RDSfor PostgreSQL DB instance.During the company's most recent flash sale, a sudden increase in API calls negativelyaffected the application's performance. A solutions architect reviewed the AmazonCloudWatch metrics during that time and noticed a significant increase in Lambdainvocations and database connections. The CPU utilization also was high on the DBinstance.What should the solutions architect recommend to optimize the application's performance?

A. Increase the memory of the Lambda function. Modify the Lambda function to close thedatabase connections when the data is retrieved.
B. Add an Amazon ElastiCache for Redis cluster to store the frequently accessed datafrom the RDS database.
C. Create an RDS proxy by using the Lambda console. Modify the Lambda function to usethe proxy endpoint.
D. Modify the Lambda function to connect to the database outside of the function's handler.Check for an existing database connection before creating a new connection.



Question # 10

A company hosts a software as a service (SaaS) solution on AWS. The solution has anAmazon API Gateway API that serves an HTTPS endpoint. The API uses AWS Lambdafunctions for compute. The Lambda functions store data in an Amazon Aurora ServerlessVI database.The company used the AWS Serverless Application Model (AWS SAM) to deploy thesolution. The solution extends across multiple Availability Zones and has no disasterrecovery (DR) plan.A solutions architect must design a DR strategy that can recover the solution in anotherAWS Region. The solution has an R TO of 5 minutes and an RPO of 1 minute.What should the solutions architect do to meet these requirements?

A. Create a read replica of the Aurora Serverless VI database in the target Region. UseAWS SAM to create a runbook to deploy the solution to the target Region. Promote theread replica to primary in case of disaster.
B. Change the Aurora Serverless VI database to a standard Aurora MySQL globaldatabase that extends across the source Region and the target Region. Use AWS SAM tocreate a runbook to deploy the solution to the target Region.
C. Create an Aurora Serverless VI DB cluster that has multiple writer instances in the targetRegion. Launch the solution in the target Region. Configure the two Regional solutions towork in an active-passive configuration.
D. Change the Aurora Serverless VI database to a standard Aurora MySQL globaldatabase that extends across the source Region and the target Region. Launch thesolution in the target Region. Configure the two Regional solutions to work in an activepassiveconfiguration.



Question # 11

A company is deploying a new cluster for big data analytics on AWS. The cluster will runacross many Linux Amazon EC2 instances that are spread across multiple AvailabilityZones.All of the nodes in the cluster must have read and write access to common underlying filestorage. The file storage must be highly available, must be resilient, must be compatiblewith the Portable Operating System Interface (POSIX). and must accommodate high levelsof throughput.Which storage solution will meet these requirements?

A. Provision an AWS Storage Gateway file gateway NFS file share that is attached to anAmazon S3 bucket. Mount the NFS file share on each EC2 instance in the duster.
B. Provision a new Amazon Elastic File System (Amazon EFS) file system that usesGeneral Purpose performance mode. Mount the EFS file system on each EC2 instance inthe cluster.
C. Provision a new Amazon Elastic Block Store (Amazon EBS) volume that uses the io2volume type. Attach the EBS volume to all of the EC2 instances in the cluster.
D. Provision a new Amazon Elastic File System (Amazon EFS) file system that uses MaxI/O performance mode. Mount the EFS file system on each EC2 instance in the cluster.



Question # 12

A company deploys a new web application. As pari of the setup, the company configuresAWS WAF to log to Amazon S3 through Amazon Kinesis Data Firehose. The companydevelops an Amazon Athena query that runs once daily to return AWS WAF log data fromthe previous 24 hours. The volume of daily logs is constant. However, over time, the samequery is taking more time to run.A solutions architect needs to design a solution to prevent the query time from continuing toincrease. The solution must minimize operational overhead.Which solution will meet these requirements?

A. Create an AWS Lambda function that consolidates each day's AWS WAF logs into onelog file.
B. Reduce the amount of data scanned by configuring AWS WAF to send logs to adifferent S3 bucket each day.
C. Update the Kinesis Data Firehose configuration to partition the data in Amazon S3 bydate and time. Create external tables for Amazon Redshift. Configure Amazon RedshiftSpectrum to query the data source.
D. Modify the Kinesis Data Firehose configuration and Athena table definition to partitionthe data by date and time. Change the Athena query to view the relevant partitions.



Question # 13

A solutions architect has an operational workload deployed on Amazon EC2 instances inan Auto Scaling Group The VPC architecture spans two Availability Zones (AZ) with asubnet in each that the Auto Scaling group is targeting. The VPC is connected to an onpremisesenvironment and connectivity cannot be interrupted The maximum size of theAuto Scaling group is 20 instances in service. The VPC IPv4 addressing is as follows:VPCCIDR 10 0 0 0/23AZ1 subnet CIDR: 10 0 0 0724AZ2 subnet CIDR: 10.0.1 0724Since deployment, a third AZ has become available in the Region The solutions architectwants to adopt the new AZ without adding additional IPv4 address space and withoutservice downtime. Which solution will meet these requirements?

A. Update the Auto Scaling group to use the AZ2 subnet only Delete and re-create the AZ1subnet using half the previous address space Adjust the Auto Scaling group to also use the new AZI subnet When the instances are healthy, adjust the Auto Scaling group to use theAZ1 subnet only Remove the current AZ2 subnet Create a new AZ2 subnet using thesecond half of the address space from the original AZ1 subnet Create a new AZ3 subnetusing half the original AZ2 subnet address space, then update the Auto Scaling group totarget all three new subnets.
B. Terminate the EC2 instances in the AZ1 subnet Delete and re-create the AZ1 subnetusing hall the address space. Update the Auto Scaling group to use this new subnet.Repeat this for the second AZ. Define a new subnet in AZ3: then update the Auto Scalinggroup to target all three new subnets
C. Create a new VPC with the same IPv4 address space and define three subnets, withone for each AZ Update the existing Auto Scaling group to target the new subnets in thenew VPC
D. Update the Auto Scaling group to use the AZ2 subnet only Update the AZ1 subnet tohave halt the previous address space Adjust the Auto Scaling group to also use the AZ1subnet again. When the instances are healthy, adjust the Auto Seating group to use theAZ1 subnet only. Update the current AZ2 subnet and assign the second half of the addressspace from the original AZ1 subnet Create a new AZ3 subnet using half the original AZ2subnet address space, then update the Auto Scaling group to target all three new subnets



Question # 14

A data analytics company has an Amazon Redshift cluster that consists of several reservednodes. The cluster is experiencing unexpected bursts of usage because a team ofemployees is compiling a deep audit analysis report. The queries to generate the report arecomplex read queries and are CPU intensive.Business requirements dictate that the cluster must be able to service read and writequeries at all times. A solutions architect must devise a solution that accommodates thebursts of usage.Which solution meets these requirements MOST cost-effectively?

A. Provision an Amazon EMR cluster. Offload the complex data processing tasks.
B. Deploy an AWS Lambda function to add capacity to the Amazon Redshift cluster byusing a classic resize operation when the cluster's CPU metrics in Amazon CloudWatchreach 80%.
C. Deploy an AWS Lambda function to add capacity to the Amazon Redshift cluster byusing an elastic resize operation when the cluster's CPU metrics in Amazon CloudWatchreach 80%.
D. Turn on the Concurrency Scaling feature for the Amazon Redshift cluster.



Question # 15

An online survey company runs its application in the AWS Cloud. The application isdistributed and consists of microservices that run in an automatically scaled AmazonElastic Container Service (Amazon ECS) cluster. The ECS cluster is a target for anApplication Load Balancer (ALB). The ALB is a custom origin for an Amazon CloudFrontdistribution.The company has a survey that contains sensitive data. The sensitive data must beencrypted when it moves through the application. The application's data-handlingmicroservice is the only microservice that should be able to decrypt the data.Which solution will meet these requirements?

A. Create a symmetric AWS Key Management Service (AWS KMS) key that is dedicated tothe data-handling microservice. Create a field-level encryption profile and a configuration.Associate the KMS key and the configuration with the CloudFront cache behavior.
B. Create an RSA key pair that is dedicated to the data-handling microservice. Upload thepublic key to the CloudFront distribution. Create a field-level encryption profile and aconfiguration. Add the configuration to the CloudFront cache behavior.
C. Create a symmetric AWS Key Management Service (AWS KMS) key that is dedicated tothe data-handling microservice. Create a Lambda@Edge function. Program the function touse the KMS key to encrypt the sensitive data.
D. Create an RSA key pair that is dedicated to the data-handling microservice. Create aLambda@Edge function. Program the function to use the private key of the RSA key pair toencrypt the sensitive data.



Question # 16

A company uses an organization in AWS Organizations to manage the company's AWSaccounts. The company uses AWS CloudFormation to deploy all infrastructure. A financeteam wants to buikJ a chargeback model The finance team asked each business unit to tagresources by using a predefined list of project values.When the finance team used the AWS Cost and Usage Report in AWS Cost Explorer andfiltered based on project, the team noticed noncompliant project values. The companywants to enforce the use of project tags for new resources.Which solution will meet these requirements with the LEAST effort?

A. Create a tag policy that contains the allowed project tag values in the organization'smanagement account. Create an SCP that denies the cloudformation:CreateStack APIoperation unless a project tag is added. Attach the SCP to each OU.
B. Create a tag policy that contains the allowed project tag values in each OU. Create anSCP that denies the cloudformation:CreateStack API operation unless a project tag isadded. Attach the SCP to each OU.
C. Create a tag policy that contains the allowed project tag values in the AWS managementaccount. Create an 1AM policy that denies the cloudformation:CreateStack API operationunless a project tag is added. Assign the policy to each user.
D. Use AWS Service Catalog to manage the CloudFoanation stacks as products. Use aTagOptions library to control project tag values. Share the portfolio with all OUs that are inthe organization.



Question # 17

A company is running a serverless application that consists of several AWS Lambdafunctions and Amazon DynamoDB tables. The company has created new functionality thatrequires the Lambda functions to access an Amazon Neptune DB cluster. The Neptune DBcluster is located in three subnets in a VPC.Which of the possible solutions will allow the Lambda functions to access the Neptune DBcluster and DynamoDB tables? (Select TWO.)

A. Create three public subnets in the Neptune VPC, and route traffic through an internetgateway. Host the Lambda functions in the three new public subnets.
B. Create three private subnets in the Neptune VPC, and route internet traffic through aNAT gateway. Host the Lambda functions in the three new private subnets.
C. Host the Lambda functions outside the VPC. Update the Neptune security group to allowaccess from the IP ranges of the Lambda functions.
D. Host the Lambda functions outside the VPC. Create a VPC endpoint for the Neptunedatabase, and have the Lambda functions access Neptune over the VPC endpoint.
E. Create three private subnets in the Neptune VPC. Host the Lambda functions in thethree new isolated subnets. Create a VPC endpoint for DynamoDB, and route DynamoDBtraffic to the VPC endpoint.



Question # 18

A company is running multiple workloads in the AWS Cloud. The company has separateunits for software development. The company uses AWS Organizations and federation withSAML to give permissions to developers to manage resources in their AWS accounts. Thedevelopment units each deploy their production workloads into a common productionaccount.Recently, an incident occurred in the production account in which members of adevelopment unit terminated an EC2 instance that belonged to a different developmentunit. A solutions architect must create a solution that prevents a similar incident fromhappening in the future. The solution also must allow developers the possibility to managethe instances used for their workloads.Which strategy will meet these requirements?

A. Create separate OUs in AWS Organizations for each development unit. Assign thecreated OUs to the company AWS accounts. Create separate SCPs with a deny action anda StringNotEquals condition for the DevelopmentUnit resource tag that matches thedevelopment unit name. Assign the SCP to the corresponding OU.
B. Pass an attribute for DevelopmentUnit as an AWS Security Token Service (AWS STS)session tag during SAML federation. Update the IAM policy for the developers' assumedIAM role with a deny action and a StringNotEquals condition for the DevelopmentUnitresource tag and aws:PrincipalTag/ DevelopmentUnit.
C. Pass an attribute for DevelopmentUnit as an AWS Security Token Service (AWS STS)session tag during SAML federation. Create an SCP with an allow action and aStringEquals condition for the DevelopmentUnit resource tag andaws:PrincipalTag/DevelopmentUnit. Assign the SCP to the root OU.
D. Create separate IAM policies for each development unit. For every IAM policy, add anallow action and a StringEquals condition for the DevelopmentUnit resource tag and thedevelopment unit name. During SAML federation, use AWS Security Token Service (AWSSTS) to assign the IAM policy and match the development unit name to the assumed IAMrole.



Question # 19

A company has an organization in AWS Organizations that includes a separate AWSaccount for each of the company's departments. Application teams from differentdepartments develop and deploy solutions independently.The company wants to reduce compute costs and manage costs appropriately acrossdepartments. The company also wants to improve visibility into billing for individual departments. The company does not want to lose operational flexibility when the companyselects compute resources.Which solution will meet these requirements?

A. Use AWS Budgets for each department. Use Tag Editor to apply tags to appropriateresources. Purchase EC2 Instance Savings Plans.
B. Configure AWS Organizations to use consolidated billing. Implement a tagging strategythat identifies departments. Use SCPs to apply tags to appropriate resources. PurchaseEC2 Instance Savings Plans.
C. Configure AWS Organizations to use consolidated billing. Implement a tagging strategythat identifies departments. Use Tag Editor to apply tags to appropriate resources.Purchase Compute Savings Plans.
D. Use AWS Budgets for each department. Use SCPs to apply tags to appropriateresources. Purchase Compute Savings Plans.



Question # 20

A company is developing a web application that runs on Amazon EC2 instances in an AutoScaling group behind a public-facing Application Load Balancer (ALB). Only users from aspecific country are allowed to access the application. The company needs the ability to logthe access requests that have been blocked. The solution should require the least possiblemaintenance.Which solution meets these requirements?

A. Create an IPSet containing a list of IP ranges that belong to the specified country.Create an AWS WAF web ACL. Configure a rule to block any requests that do not originatefrom an IP range in the IPSet. Associate the rule with the web ACL. Associate the web ACLwith the ALB.
B. Create an AWS WAF web ACL. Configure a rule to block any requests that do notoriginate from the specified country. Associate the rule with the web ACL. Associate theweb ACL with the ALB.
C. Configure AWS Shield to block any requests that do not originate from the specifiedcountry. Associate AWS Shield with the ALB.
D. Create a security group rule that allows ports 80 and 443 from IP ranges that belong tothe specified country. Associate the security group with the ALB.



Amazon SAP-C02 Exam Reviews

    Raiden         May 25, 2024

I am grateful for pass4surexams study materials, which provided a comprehensive overview of the exam content and objectives. With their resources, I was able to build a solid foundation and pass the Amazon SAP-C02 exam with confidence.

    Kenneth2323         May 24, 2024

I appeared in the AWS SAP-C02 and prepared through pass4surexams which has all the relevant topics explained in detail along with pastpapers. I got 890/1000 on the exam.

    Trump         May 24, 2024

The SAP-C02 exam was no match for the study materials provided by Pass4surexamss.

    Wright         May 23, 2024

The practice questions on Pass4surexams helped me to better prepare for the SAP-C02 exam.

    Barry         May 23, 2024

Very nice prep.

Leave Your Review