• Home
  • Blogs
  • [Nov 30, 2024] New Real SAP-C01 Exam Dumps Questions [Q112-Q129]

[Nov 30, 2024] New Real SAP-C01 Exam Dumps Questions [Q112-Q129]

Share

[Nov 30, 2024] New Real SAP-C01 Exam Dumps Questions

Pass Your SAP-C01 Exam Easily with Accurate AWS Certified Solutions Architect - Professional PDF Questions

NEW QUESTION # 112
A company wants to host its website on AWS using Serverless architecture design patterns for global customers. The company has outline its requirements as follows
* The website should be responsive
* The website should offer minimal latency
* The website should be highly available
should be able to authenticate through social identity providers such as Google. Facebook and Amazon
* There should be baseline DoS protections for spikes in traffic
How can the design requirements be met?

  • A. Use AWS Direct Connect with Amazon CloudFront and Amazon S3 for hosting static web resources.
    Use Amazon Conito to provide user management and authentication functions. Use AWS Lambda to build an API.
  • B. Use Amazon Route 53 latency routing with an Application Load Balancer and AWS Forgate in different regions for hosting the website Use Amazon Cognito to provide user management and authentication functions Use Amazon EKS containers to build an API
  • C. Use Amazon CloudFront with Amazon S3 for hosting static web resources Use Amazon Cognito to provide user management and authentication functions. Use Amazon API Gateway Lambda to build an API.
  • D. Use Amazon CloudFront with Amazon ECS for hosting the website Use AWS Secrets Manager to provide user management and authentication functions Use ECS Docker containers to build an API

Answer: B


NEW QUESTION # 113
Does Amazon RDS API provide actions to modify DB instances inside a VPC and associate them with DB Security Groups?

  • A. Yes
  • B. Yes, Amazon does this but only for MySQL RDS.
  • C. Yes, Amazon does this but only for Oracle RDS.
  • D. No

Answer: A

Explanation:
Explanation
You can use the action Modify DB Instance, available in the Amazon RDS API, to pass values for the parameters DB Instance Identifier and DB Security Groups specifying the instance ID and the DB Security Groups you want your instance to be part of.
References:


NEW QUESTION # 114
A company is building an image service on the web that will allow users to upload and search random photos.
At peak usage, up to 10,000 users worldwide will upload their images. The service will then overlay text on the uploaded images, which will then be published on the company website.
Which design should a solutions architect implement?

  • A. Store the uploaded images on a shared Amazon Elastic Block Store (Amazon EBS) volume mounted to a fleet of Amazon EC2 Spot instances. Create an Amazon DynamoDB table that contains information about each uploaded image and whether it has been processed. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to scale out EC2 instances. Enable Amazon CloudFront and configure the origin to reference an Elastic Load Balancer in front of the fleet of EC2 instances.
  • B. Store the uploaded images in Amazon Elastic File System (Amazon EFS). Send application log information about each image to Amazon CloudWatch Logs. Create a fleet of Amazon EC2 instances that use CloudWatch Logs to determine which images need to be processed. Place processed images in another directory in Amazon EFS. Enable Amazon CloudFront and configure the origin to be the one of the EC2 instances in the fleet.
  • C. Store the uploaded images in an Amazon S3 bucket and configure an S3 bucket event notification to send a message to the Amazon Simple Queue Service (Amazon SQS) queue. Create a fleet of Amazon EC2 instances to pull messages from the SQS queue to process the images and place them in another S3 bucket. Use Amazon CloudWatch metrics for queue depth to scale out EC2 instances. Enable Amazon CloudFront and configure the origin to be the S3 bucket that contains the processed images.
  • D. Store the uploaded images in an Amazon S3 bucket and configure an S3 bucket event notification to send a message to Amazon Simple Notification Service {Amazon SNS). Create a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) to pull messages from Amazon SNS to process the images and place them in Amazon Elastic File System (Amazon EFS). Use Amazon CloudWatch metrics for the SNS message volume to scale out EC2 instances. Enable Amazon CloudFront and configure the origin to be the ALB in front of the EC2 instances.

Answer: C


NEW QUESTION # 115
A Company has a security event whereby an Amazon S3 bucket with sensitive information was made public.
Company policy is to never have public S3 objects, and the Compliance team must be informed immediately when any public objects are identified.
How can the presence of a public S3 object be detected, set to trigger alarm notifications, and automatically remediated in the future? (Choose two.)

  • A. Configure an Amazon CloudWatch Events rule that invokes an AWS Lambda function to secure the S3 bucket.
  • B. Schedule a recursive Lambda function to regularly change all object permissions inside the S3 bucket.
  • C. Turn on object-level logging for Amazon S3. Turn on Amazon S3 event notifications to notify by using an Amazon SNS topic when a PutObject API call is made with a public-read permission.
  • D. Use the S3 bucket permissions for AWS Trusted Advisor and configure a CloudWatch event to notify by using Amazon SNS.
  • E. Turn on object-level logging for Amazon S3. Configure a CloudWatch event to notify by using an SNS topic when a PutObject API call with public-read permission is detected in the AWS CloudTrail logs.

Answer: A,E

Explanation:
Explanation
https://aws.amazon.com/blogs/security/how-to-detect-and-automatically-remediate-unintended-permissions-in-am


NEW QUESTION # 116
AnyCompany has acquired numerous companies over the past few years. The CIO for AnyCompany would like to keep the resources for each acquired company separate. The CIO also would like to enforce a chargeback model where each company pays for the AWS services it uses.
The Solutions Architect is tasked with designing an AWS architecture that allows AnyCompany to achieve the following:
* Implementing a detailed chargeback mechanism to ensure that each company pays for the resources it uses.
* AnyCompany can pay for AWS services for all its companies through a single invoice.
* Developers in each acquired company have access to resources in their company only.
* Developers in an acquired company should not be able to affect resources in their company only.
* A single identity store is used to authenticate Developers across all companies.
Which of the following approaches would meet these requirements? (Choose two.)

  • A. Create a multi-account strategy with an account per company. Use consolidated billing to ensure that AnyCompany needs to pay a single bill only.
  • B. Create a multi-account strategy with an account per company. For billing purposes, use a tagging solution that uses a tag to identify the company that creates each resource.
  • C. Create IAM users for each Developer in the account to which they require access. Create policies that allow the users access to all resources in that account. Attach the policies to the IAM user.
  • D. Create a federated identity store against the company's Active Directory. Create IAM roles with appropriate permissions and set the trust relationships with AWS and the identity store. Use AWS STS to grant users access based on the groups they belong to in the identity store.
  • E. Create a multi-account strategy with a virtual private cloud (VPC) for each company. Reduce impact across companies by not creating any VPC peering links. As everything is in a single account, there will be a single invoice. use tagging to create a detailed bill for each company.

Answer: A,D


NEW QUESTION # 117
A company's site reliability engineer is performing a review of Amazon FSx for Windows File Server deployments within an account that the company acquired. Company policy states that all Amazon FSx file systems must be configured to be highly available across Availability Zones.
During the review, the site reliability engineer discovers that one of the Amazon FSx file systems used a deployment type of Single-AZ 2. A solutions architect needs to minimize downtime while aligning this Amazon FSx file system with company policy.
What should the solutions architect do to meet these requirements?

  • A. Use the AWS Management Console to take a backup of the Amazon FSx file system. Create a new Amazon FSx file system with a deployment type of Multi-AZ.
    Restore the backup to the new Amazon FSx file system. Point users to the new location.
  • B. Reconfigure the deployment type to Multi-AZ for this Amazon FSx file system.
  • C. Create a new Amazon FSx file system with a deployment type of Multi-AZ. Use AWS DataSync to transfer data to the new Amazon FSx file system. Point users to the new location.
  • D. Create a second Amazon FSx file system with a deployment type of Single-AZ 2. Use AWS DataSync to keep the data in sync. Switch users to the second Amazon FSx file system in the event of failure.

Answer: A


NEW QUESTION # 118
AnyCompany has acquired numerous companies over the past few years. The CIO for AnyCompany would like to keep the resources for each acquired company separate. The CIO also would like to enforce a chargeback model where each company pays for the AWS services it uses.
The Solutions Architect is tasked with designing an AWS architecture that allows AnyCompany to achieve the following:
* Implementing a detailed chargeback mechanism to ensure that each company pays for the resources it uses.
* AnyCompany can pay for AWS services for all its companies through a single invoice.
* Developers in each acquired company have access to resources in their company only.
* Developers in an acquired company should not be able to affect resources in their company only.
* A single identity store is used to authenticate Developers across all companies.
Which of the following approaches would meet these requirements? (Choose two.)

  • A. Create a multi-account strategy with an account per company. Use consolidated billing to ensure that AnyCompany needs to pay a single bill only.
  • B. Create a multi-account strategy with an account per company. For billing purposes, use a tagging solution that uses a tag to identify the company that creates each resource.
  • C. Create IAM users for each Developer in the account to which they require access. Create policies that allow the users access to all resources in that account. Attach the policies to the IAM user.
  • D. Create a federated identity store against the company's Active Directory. Create IAM roles with appropriate permissions and set the trust relationships with AWS and the identity store. Use AWS STS to grant users access based on the groups they belong to in the identity store.
  • E. Create a multi-account strategy with a virtual private cloud (VPC) for each company. Reduce impact across companies by not creating any VPC peering links. As everything is in a single account, there will be a single invoice. use tagging to create a detailed bill for each company.

Answer: A,D


NEW QUESTION # 119
An organization is setting up RDS for their applications. The organization wants to secure RDS access with VPC.
Which of the following options is not required while designing the RDS with VPC?

  • A. The organization should keep minimum of one IP address in each subnet reserved for RDS failover.
  • B. The organization must create a subnet group with VPC using more than one subnet which are a part of separate AZs.
  • C. The organization must create a subnet group with public and private subnets. Both the subnets can be in the same or separate AZ.
  • D. If the organization is connecting RDS from the internet it must enable the VPC attributes DNS hostnames and DNS resolution.

Answer: C

Explanation:
Explanation
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources, such as RDS into a virtual network that the user has defined. Subnets are segments of a VPC's IP address range that the user can designate to a group of VPC resources based on security and operational needs. A DB subnet group is a collection of subnets (generally private) that the user can create in a VPC and assign to the RDS DB instances. A DB subnet group allows the user to specify a particular VPC when creating the DB instances.
Each DB subnet group should have subnets in at least two Availability Zones in a given region. If the RDS instance is required to be accessible from the internet the organization must enable the VPC attributes, DNS hostnames and DNS resolution. For each RDS DB instance that the user runs in a VPC, he should reserve at least one address in each subnet in the DB subnet group for use by Amazon RDS for recovery actions.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html


NEW QUESTION # 120
A company has an application that generates a weather forecast that is updated every 15 minutes with an output resolution of 1 billion unique positions, each approximately 20 bytes in size (20 Gigabytes per forecast). Every hour, the forecast data is globally accessed approximately 5 million times (1,400 requests per second), and up to 10 times more during weather events. The forecast data is overwritten every update. Users of the current weather forecast application expect responses to queries to be returned in less than two seconds for each request.
Which design meets the required request rate and response time?

  • A. Store forecast locations in an Amazon ES cluster. Use an Amazon CloudFront distribution targeting an Amazon API Gateway endpoint with AWS Lambda functions responding to queries as the origin. Enable API caching on the API Gateway stage with a cache-control timeout set for 15 minutes.
  • B. Store forecast locations in an Amazon ES cluster. Use an Amazon CloudFront distribution targeting an API Gateway endpoint with AWS Lambda functions responding to queries as the origin. Create an Amazon Lambda@Edge function that caches the data locally at edge locations for 15 minutes.
  • C. Store forecast locations in an Amazon S3 as individual objects. Create an Amazon CloudFront distribution targeting an Elastic Load Balancing group of an Auto Scaling fleet of EC2 instances, querying the origin of the S3 object. Set the cache-control timeout for 15 minutes in the CloudFront distribution.
    https://aws.amazon.com/blogs/networking-and-content-delivery/lambdaedge-design-best-practices/
  • D. Store forecast locations in an Amazon EFS volume. Create an Amazon CloudFront distribution that targets an Elastic Load Balancing group of an Auto Scaling fleet of Amazon EC2 instances that have mounted the Amazon EFS volume. Set the set cache-control timeout for 15 minutes in the CloudFront distribution.

Answer: A


NEW QUESTION # 121
A company has an organization in AWS Organizations that has a large number of AWS accounts. One of the AWS accounts is designated as a transit account and has a transit gateway that is shared with all of the other AWS accounts AWS Site-to-Site VPN connections are configured between ail of the company's global offices and the transit account The company has AWS Config enabled on all of its accounts.
The company's networking team needs to centrally manage a list of internal IP address ranges that belong to the global offices Developers Will reference this list to gain access to applications securely.
Which solution meets these requirements with the LEAST amount of operational overhead?

  • A. Create a JSON file that is hosted in Amazon S3 and that lists all of the internal IP address ranges Configure an Amazon Simple Notification Service (Amazon SNS) topic in each of the accounts that can be involved when the JSON file is updated. Subscribe an AWS Lambda function to the SNS topic to update all relevant security group rules with Vie updated IP address ranges.
  • B. In the transit account, create a VPC prefix list with all of the internal IP address ranges. Use AWS Resource Access Manager to share the prefix list with all of the other accounts. Use the shared prefix list to configure security group rules is the other accounts.
  • C. In the transit account create a security group with all of the internal IP address ranges. Configure the security groups in me other accounts to reference the transit account's security
  • D. Create a new AWS Config managed rule that contains all of the internal IP address ranges Use the rule to check the security groups in each of the accounts to ensure compliance with the list of IP address ranges. Configure the rule to automatically remediate any noncompliant security group that is detected.

Answer: B

Explanation:
group by using a nested security group reference of *<transit-account-id>./sg-1a2b3c4d".


NEW QUESTION # 122
A large company is migrating its entire IT portfolio to AWS. Each business unit in the company has a standalone AWS account that supports both development and test environments. New accounts to support production workloads will be needed soon.
The Finance department requires a centralized method for payment but must maintain visibility into each group's spending to allocate costs.
The Security team requires a centralized mechanism to control IAM usage in all the company's accounts.
What combination of the following options meet the company's needs with LEAST effort? (Choose two.)

  • A. Use AWS Organizations to create a new organization from a chosen payer account and define an organizational unit hierarchy. Invite the existing accounts to join the organization and create new accounts using Organizations.
  • B. Require each business unit to use its own AWS accounts. Tag each AWS account appropriately and enable Cost Explorer to administer chargebacks.
  • C. Use a collection of parameterized AWS CloudFormation templates defining common IAM permissions that are launched into each account. Require all new and existing accounts to launch the appropriate stacks to enforce the least privilege model.
  • D. Enable all features of AWS Organizations and establish appropriate service control policies that filter IAM permissions for sub-accounts.
  • E. Consolidate all of the company's AWS accounts into a single AWS account. Use tags for billing purposes and IAM's Access Advice feature to enforce the least privilege model.

Answer: A,D

Explanation:
Explanation
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ce-what-is.html


NEW QUESTION # 123
A finance company is storing financial records in an Amazon S3 bucket. The company persists a record for every financial transaction. According to regulatory requirements, the records cannot be modified for at least 1 year after they are written. The records are read on a regular basis and must be immediately accessible.
Which solution will meet these requirements?

  • A. Create an S3 Lifecycle rule to immediately transfer new objects to the S3 Glacier storage tier Create an S3 Glacier Vault Lock policy that has a retention period of 1 year.
  • B. Create a new S3 bucket. Turn on S3 Object Lock, set a default retention period of 1 year, and set the retention mode to compliance mode. Store all records in the new S3 bucket.
  • C. Create an S3 bucket policy with a Deny action for PutObject operations with a condition where the s3:x-amz-object-retention header is not equal to 1 year.
  • D. Create an S3 Lifecycle rule to immediately transfer new objects to the S3 Intelligent-Tiering storage tier. Set a retention period of 1 year.

Answer: B


NEW QUESTION # 124
A company wants to follow its website on AWS using serverless architecture design patterns for global customers. The company has outlined its requirements as follow:
* The website should be responsive.
* The website should offer minimal latency.
* The website should be highly available.
* Users should be able to authenticate through social identity providers such as Google, Facebook, and Amazon.
* There should be baseline DDoS protections for spikes in traffic.
How can the design requirements be met?

  • A. Use Amazon CloudFront with Amazon S3 for hosting static web resources. Use Amazon Cognito to provide user management and authentication functions. Use Amazon API Gateway with AWS Lambda to build an API.
  • B. Use Amazon CloudFront with Amazon ECS for hosting the website. Use AWS Secrets Manager to provide user management and authentication functions. Use ECS Docker containers to build an API.
  • C. Use AWS Direct Connect with Amazon CloudFront and Amazon S3 for hosting static web resources.
    Use Amazon Cognito to provide user management and authentication functions. Use AWS Lambda to build an API.
  • D. Use Amazon Route 53 latency routing with an Application Load Balancer and AWS Fargate in different regions for hosting the website. Use Amazon Cognito to provide user management and authentication functions. Use Amazon EKS containers to build an APL

Answer: D


NEW QUESTION # 125
You are running a successful multitier web application on AWS and your marketing department has asked you to add a reporting tier to the application. The reporting tier will aggregate and publish status reports every 30 minutes from user-generated information that is being stored in your web application s database. You are currently running a Multi-AZ RDS MySQL instance for the database tier. You also have implemented Elasticache as a database caching layer between the application tier and database tier.
Please select the answer that will allow you to successfully implement the reporting tier with as little impact as possible to your database.

  • A. Generate the reports by querying the synchronously replicated standby RDS MySQL instance maintained through Multi-AZ.
  • B. Generate the reports by querying the ElastiCache database caching tier.
  • C. Continually send transaction logs from your master database to an S3 bucket and generate the reports off the S3 bucket using S3 byte range requests.
  • D. Launch a RDS Read Replica connected to your Multi AZ master database and generate reports by querying the Read Replica.

Answer: D

Explanation:
Explanation
Amazon RDS allows you to use read replicas with Multi-AZ deployments. In Multi-AZ deployments for MySQL, Oracle, SQL Server, and PostgreSQL, the data in your primary DB Instance is synchronously replicated to to a standby instance in a different Availability Zone (AZ). Because of their synchronous replication, Multi-AZ deployments for these engines offer greater data durability benefits than do read replicas. (In all Amazon RDS for Aurora deployments, your data is automatically replicated across 3 Availability Zones.) You can use Multi-AZ deployments and read replicas in conjunction to enjoy the complementary benefits of each. You can simply specify that a given Multi-AZ deployment is the source DB Instance for your Read replicas. That way you gain both the data durability and availability benefits of Multi-AZ deployments and the read scaling benefits of read replicas.
Note that for Multi-AZ deployments, you have the option to create your read replica in an AZ other than that of the primary and the standby for even more redundancy. You can identify the AZ corresponding to your standby by looking at the "Secondary Zone" field of your DB Instance in the AWS Management Console.


NEW QUESTION # 126
Identify a correct statement about the expiration date of the "Letter of Authorization and Connecting Facility Assignment (LOA-CFA)," which lets you complete the Cross Connect step of setting up your AWS Direct Connect.

  • A. If the cross connect is not completed within the specified duration from the appropriate provider, the LOA-CFA expires.
  • B. If the virtual interface is not created within 72 days, the LOA-CFA becomes outdated.
  • C. If the cross connect is not completed within a user-defined time, the authority granted by the LOA- CFA expires.
  • D. If the cross connect is not completed within 90 days, the authority granted by the LOA-CFA expires.

Answer: D

Explanation:
Explanation
An AWS Direct Connect location provides access to AWS in the region it is associated with. You can establish connections with AWS Direct Connect locations in multiple regions, but a connection in one region does not provide connectivity to other regions. Note: If the cross connect is not completed within 90 days, the authority granted by the LOA-CFA expires.
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Colocation.html


NEW QUESTION # 127
A company has developed a web application that runs on Amazon EC2 instances in one AWS Region. The company has taken on new business in other countries and must deploy its application into other to meet low-latency requirements for its users. The regions can be segregated, and an application running in one region does not need to communicate with instances in other regions.
How should the company's Solutions Architect automate the deployment of the application so that it can be MOST efficiently deployed into multiple regions?

  • A. Write a bash script that uses the AWS CLI to query the current state in one region and output an AWS CloudFormation template. Create a CloudFormation stack from the template by using the AWS CLI, specifying the --region parameter to deploy the application to other regions.
  • B. Write a CloudFormation template describing the application's infrastructure in the resources section. Create a CloudFormation stack from the template by using the AWS CLI, specify multiple regions using the --regions parameter to deploy the application.
  • C. Write a CloudFormation template describing the application's infrastructure in the Resources section. Use a CloudFormation stack set from an administrator account to launch stack instances that deploy the application to other regions.
  • D. Write a bash script that uses the AWS CLI to query the current state in one region and output a JSON representation. Pass the JSON representation to the AWS CLI, specifying the --region parameter to deploy the application to other regions.

Answer: C

Explanation:
A stack set lets you create stacks in AWS accounts across regions by using a single AWS CloudFormation template. All the resources included in each stack are defined by the stack set's AWS CloudFormation template. As you create the stack set, you specify the template to use, as well as any parameters and capabilities that template requires. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html
https://sanderknape.com/2017/07/cloudformation-stacksets-automated-cross-account-region-deployments/


NEW QUESTION # 128
An enterprise company is building an infrastructure services platform for its users. The company has the following requirements:
* Provide least privilege access to users when launching AWS infrastructure so users cannot provision unapproved services
* Use a central account to manage the creation of infrastructure services
* Provide the ability to distribute infrastructure services to multiple accounts in AWS Organizations
* Provide the ability to enforce tags on any infrastructure that is started by users Which combination of actions using AWS services will meet these requirements? (Select THREE.)

  • A. Develop infrastructure services using AWS Cloud For matron templates Upload each template as an AWS Service Catalog product to portfolios created in a central AWS account Share these portfolios with the Organizations structure created for the company
  • B. Allow user IAM roles to have AWSCIoudFormationFullAccess and AmazonS3ReadOnlyAccess permissions Add an Organizations SCP at the AWS account root user level to deny all services except AWS CloudFormation and Amazon S3.
  • C. Use the AWS Service Catalog TagOption Library to maintain a list of tags required by the company Apply the TagOption to AWS Service Catalog products or portfolios
  • D. Allow user IAM roles to have ServiceCatalogEndUserAccess permissions only Use an automation script to import the central portfolios to local AWS accounts, copy the TagOption assign users access and apply launch constraints
  • E. Use the AWS CloudFormation Resource Tags property to enforce the application of tags to any CloudFormation templates that will be created for users
  • F. Develop infrastructure services using AWS Cloud Formation templates Add the templates to a central Amazon S3 bucket and add the-IAM rotes or users that require access to the S3 bucket policy

Answer: A,C,D

Explanation:
https://aws.amazon.com/about-aws/whats-new/2017/06/aws-service-catalog-tagoptions-library-creates-a-better-way-to-govern-your-aws-footprint/


NEW QUESTION # 129
......

Updated SAP-C01 Exam Practice Test Questions: https://crucialexams.lead1pass.com/Amazon/SAP-C01-practice-exam-dumps.html

Related Blogs

more
Amazon SAP-C01 Certification Practice Exam