Amazon SAP-C02 Dumps Questions Answers

Name: SAP-C02
Brand: Dumps4Download
SKU: SAP-C02
Rating: 4.6 (2762 reviews)

Exam Name:

AWS Certified Solutions Architect - Professional

Exam Code:

SAP-C02

PDF + Test Engine

$69 ~~$103.5~~

Test Engine

$59 ~~$88.5~~

PDF

$49 ~~$73.5~~

SAP-C02 Features

585 Questions
Update on Dec 02, 2025
SAP-C02 Real Exams Question Answers
Just 1 day study required
100% Passing Assurance
Money Back Guarantee
Free 3 Months Updates

Amazon SAP-C02 Last 24 Hours Result

Students Passed

96%

Average Marks

92%

Questions from this dumps

585

Total Questions

Target candidate who took SAP-C02 EXAM

The ideal candidate has two years or more of experience designing and executing cloud-based systems while holding AWS certifications. This competitor may assess the demands placed on cloud apps and provide building suggestions for forwarding usages to AWS. The aspirational newbie may also provide knowledgeable advice on creating a plan that integrates many functions and apps inside a complicated corporation.

100% Valid SAP C02 Exam Dumps PDF

With the help of our reliable preparation tool, you may become an expert in your industry, download our current SAP-C02 pdf questions, and learn as much as you can about the key concepts. You will receive the most recent and updated Amazon SAP-C02 dumps from Dump4download since the study materials have been verified. With the Amazon SAP C02 test questions, these updates are provided without further charge. Before taking the AWS Certified Solutions Architect- Professional test, your concepts should be clear so that you may prepare effectively. You cannot properly prepare for the AWS Certified Professional test without correct study materials.

Exam outline for AWS SAP-C02

Although the level of the test content related with Areas 1 and 2 has changed between the two tests, they essentially remain the same "Planning (designing) for new arrangements decreases (declines) slightly, from 31% to 29%, while Design Solutions for Organizational Complexity increases (increases) from 12.5% to 26%.

The SAP-C02 exam's third space "Continuous Improvement for Existing Solutions" corresponds to Area 5 from the SAP-C01 test, but with a corresponding level of the test content that has fallen from 29% to 25%.

Finally, with its linked rate increasing from 15% to 20%, Area 4 of the SAP-C02 test, "Accelerate Workload Migration and Modernization," matches Space 3 from the SAP-C01 test the closest. You'll notice that the "Cost Control" space from the SAP-C01 test appears to be missing from the SAP-C02 test, but a closer look at the SAP-C02 test guide reveals that Spaces 1 through 3 all include undertaking explanations that include choosing a cost optimization methodology, and one of the task announcements in Area 4 emphasizes the need for skills in ""evaluating total cost of ownership (TCO)."

Area 1: Plan Answers for Hierarchical Intricacy 26%
Area 2: Plan for New Arrangements 29%
Area 3: Consistent Improvement for Existing Arrangements 25%
Area 4: Speed up Responsibility Movement and Modernization 20%

Two types of questions should be asked in the test's content:

Multiple options: has three incorrect replies and one correct one (distractors)
Has at least two correct responses out of at least five possible responses.

Distractions are frequently possible reactions that match the drug area. Guessing is not penalized; queries with no response are marked as wrong. The test consists of 65 questions, 65 of which might lower your score.

Utilize the AWS Certified Solutions Architect- Professional Online Testing Engines to assess your abilities.

Our Amazon SAP-C02 Exam Dumps are excellent for advancing your profession and learning new material. The Amazon SAP C02 pdf dumps helped with all the essentials of the AWS Certified Professional test. Use the Amazon SAP-C02 online testing engines to prepare for your AWS Certified Solutions Architect- Professional exam; they are the finest.

You may easily become an AWS Certified Professional if you follow a thorough preparation schedule. The Amazon SAP-C02 pdf dumps are the greatest available source of up-to-date, accurate material for preparation. The SAP-C02 test questions make your preparation perfect, and you may examine the reliable information in your study plan to help you get ready for the future certifications.

100% Success Guaranteed, or Complete Refund

You may be confident that Dumps4download's SAP-C02dumps pdf will help you pass the exam. However, if you use our products and fail the SAP-C02 test on your first attempt, we will arrange for a full refund for you. Simply give us your SAP-C02 score report and a few pertinent paperwork. Once your information has been verified, our team will transfer all your valid amount immediately.

Quick Updates for SAP-C02 exam!

As soon as the SAP-C02 test is modified, we promptly update the study guides to reflect the new exam requirements. We commit to providing the finest and most recent Amazon SAP-C02 exam questions to our clients. In addition, the product you purchase will receive free, timely updates for three months.

Buy AWS SAP-C02 exam guide from dumps4download and start your preparation journey with us!

Amazon SAP-C02 Dumps

Dumps4download providing 100% reliable Exam dumps that are verified by experts panel. Our Dumps4download SAP-C02 study material are totally unique and exam questions are valid all over the world. By using our SAP-C02 dumps we assure you that you will pass your exam on first attempt. You can easily score more than 97%.

100% exam passing Guarantee on your purchased exams.

100% money back guarantee if you will not clear your exam.

Amazon SAP-C02 Practice Test Helps You Turn Dreams To Reality!

IT Professionals from every sector are looking up certifications to boost their careers. Amazon being the leader certification provider earns the most demand in the industry.

The Amazon Certification is your short-cut to an ever-growing success. In the process, Dumps4download is your strongest coordinator, providing you with the best SAP-C02 Dumps PDF as well as Online Test Engine. Let’s steer your career to a more stable future with interactive and effective SAP-C02 Practice Exam Dumps.

Many of our customers are already excelling in their careers after achieving their goals with our help. You can too be a part of that specialized bunch with a little push in the right direction. Let us help you tread the heights of success.

Apply for the SAP-C02 Exam right away so you can get certified by using our Amazon Dumps.

Bulk Exams Package

2 Exams Files

10% off

2 Different Exams
Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection

3 Exams Files

15% off

3 Different Exams
Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection

5 Exams Files

20% off

5 Different Exams
Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection

10 Exams Files

25% off

10 Different Exams
Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection

Dumps4download Leads You To A 100% Success in First Attempt!

Our SAP-C02 Dumps PDF is intended to meet the requirements of the most suitable method for exam preparation. We especially hired a team of experts to make sure you get the latest and compliant SAP-C02 Practice Test Questions Answers. These questions are been selected according to the most relevance as well as the highest possibility of appearing in the exam. So, you can be sure of your success in the first attempt.

Interactive & Effective SAP-C02 Dumps PDF + Online Test Engine

Aside from our Amazon SAP-C02 Dumps PDF, we invest in your best practice through Online Test Engine. They are designed to reflect the actual exam format covering each topic of your exam. Also, with our interactive interface focusing on the exam preparation is easier than ever. With an easy-to-understand, interactive and effective study material assisting you there is nothing that could go wrong. We are 100% sure that our SAP-C02 Questions Answers Practice Exam is the best choice you can make to pass the exam with top score.

How Dumps4download Creates Better Opportunities for You!

Dumps4download knows how hard it is for you to beat this tough Amazon Exam terms and concepts. That is why to ease your preparation we offer the best possible training tactics we know best. Online Test Engine provides you an exam-like environment and PDF helps you take your study guide wherever you are. Best of all, you can download SAP-C02 Dumps PDF easily or better print it. For the purpose of getting concepts across as easily as possible, we have used simple language. Adding explanations at the end of the SAP-C02 Questions and Answers Practice Test we ensure nothing slips your grasp.

The exam stimulation is 100 times better than any other test material you would encounter. Besides, if you are troubled with anything concerning AWS Certified Solutions Architect - Professional Exam or the SAP-C02 Dumps PDF, our 24/7 active team is quick to respond. So, leave us a message and your problem will be solved in a few minutes.

Get an Absolutely Free Demo Today!

Dumps4download offers an absolutely free demo version to test the product with sample features before actually buying it. This shows our concern for your best experience. Once you are thoroughly satisfied with the demo you can get the AWS Certified Solutions Architect - Professional Practice Test Questions instantly.

24/7 Online Support – Anytime, Anywhere

Have a question? You can contact us anytime, anywhere. Our 24/7 Online Support makes sure you have absolutely no problem accessing or using AWS Certified Solutions Architect - Professional Practice Exam Dumps. What’s more, Dumps4download is mobile compatible so you can access the site without having to log in to your Laptop or PC.

Features to use Dumps4download SAP-C02 Dumps:

Thousands of satisfied customers.
Good grades are 100% guaranteed.
100% verified by Experts panel.
Up to date exam data.
Dumps4download data is 100% trustworthy.
Passing ratio more than 99%
100% money back guarantee.

Amazon SAP-C02 Frequently Asked Questions

Amazon SAP-C02 Sample Questions

Question # 1

A startup company recently migrated a large ecommerce website to AWS The website hasexperienced a 70% increase in sates Software engineers are using a private GitHubrepository to manage code The DevOps team is using Jenkins for builds and unit testingThe engineers need to receive notifications for bad builds and zero downtime duringdeployments The engineers also need to ensure any changes to production are seamlessfor users and can be rolled back in the event of a major issueThe software engineers have decided to use AWS CodePipeline to manage their build anddeployment processWhich solution will meet these requirements'?

A. Use GitHub websockets to trigger the CodePipeline pipeline Use the Jenkins plugin forAWS CodeBuild to conduct unit testing Send alerts to an Amazon SNS topic for any badbuilds Deploy in an in-place all-at-once deployment configuration using AWS CodeDeploy
B. Use GitHub webhooks to trigger the CodePipelme pipeline Use the Jenkins plugin forAWS CodeBuild to conduct unit testing Send alerts to an Amazon SNS topic for any bad builds Deploy in a blue'green deployment using AWS CodeDeploy
C. Use GitHub websockets to trigger the CodePipelme pipeline. Use AWS X-Ray for unittesting and static code analysis Send alerts to an Amazon SNS topic for any bad buildsDeploy in a blue/green deployment using AWS CodeDeploy.
D. Use GitHub webhooks to trigger the CodePipeline pipeline Use AWS X-Ray for unittesting and static code analysis Send alerts to an Amazon SNS topic for any bad buildsDeploy in an m-place. all-at-once deployment configuration using AWS CodeDeploy

Question # 2

To abide by industry regulations, a solutions architect must design a solution that will storea company's critical data in multiple public AWS Regions, including in the United States,where the company's headquarters is located The solutions architect is required to provideaccess to the data stored in AWS to the company's global WAN network The security teammandates that no traffic accessing this data should traverse the public internetHow should the solutions architect design a highly available solution that meets therequirements and is cost-effective'?

A. Establish AWS Direct Connect connections from the company headquarters to all AWSRegions in use the company WAN to send traffic over to the headquarters and then to the respective DX connection to access the data
B. Establish two AWS Direct Connect connections from the company headquarters to anAWS Region Use the company WAN to send traffic over a DX connection Use inter-regionVPC peering to access the data in other AWS Regions
C. Establish two AWS Direct Connect connections from the company headquarters to anAWS Region Use the company WAN to send traffic over a DX connection Use an AWStransit VPC solution to access data in other AWS Regions
D. Establish two AWS Direct Connect connections from the company headquarters to anAWS Region Use the company WAN to send traffic over a DX connection Use DirectConnect Gateway to access data in other AWS Regions.

Question # 3

A company has developed a new release of a popular video game and wants to make itavailable for public download The new release package is approximately 5 GB in size. Thecompany provides downloads for existing releases from a Linux-based publicly facing FTPsite hosted in an on-premises data center The company expects the new release will bedownloaded by users worldwide The company wants a solution that provides improveddownload performance and low transfer costs regardless of a user's locationWhich solutions will meet these requirements'?

A. Store the game files on Amazon EBS volumes mounted on Amazon EC2 instanceswithin an Auto Scaling group Configure an FTP service on the EC2 instances Use anApplication Load Balancer in front of the Auto Scaling group. Publish the game downloadURL for users to download the package
B. Store the game files on Amazon EFS volumes that are attached to Amazon EC2instances within an Auto Scaling group Configure an FTP service on each of the EC2instances Use an Application Load Balancer in front of the Auto Scaling group Publish thegame download URL for users to download the package
C. Configure Amazon Route 53 and an Amazon S3 bucket for website hosting Upload thegame files to the S3 bucket Use Amazon CloudFront for the website Publish the gamedownload URL for users to download the package
D. Configure Amazon Route 53 and an Amazon S3 bucket for website hosting Upload thegame files to the S3 bucket Set Requester Pays for the S3 bucket Publish the game download URL for users to download the package

Question # 4

A company runs an application in (he cloud that consists of a database and a websiteUsers can post data to the website, have the data processed, and have the data sent backto them in an email Data is stored in a MySQL database running on an Amazon EC2instance The database is running in a VPC with two private subnets The website is runningon Apache Tomcat in a single EC2 instance in a different VPC with one public subnetThere is a single VPC peering connection between the database and website VPC. The website has suffered several outages during the last month due to high trafficWhich actions should a solutions architect take to increase the reliability of the application?(Select THREE.)

A. Place the Tomcat server in an Auto Scaling group with multiple EC2 instances behindan Application Load Balancer
B. Provision an additional VPC peering connection
C. Migrate the MySQL database to Amazon Aurora with one Aurora Replica
D. Provision two NAT gateways in the database VPC.
E. Move the Tomcat server to the database VPC
F. Create an additional public subnet in a different Availability Zone in the website VPC

Question # 5

A company provides a centralized Amazon EC2 application hosted in a single shared VPCThe centralized application must be accessible from client applications running in the VPCsof other business units The centralized application front end is configured with a NetworkLoad Balancer (NLB) for scalability Up to 10 business unit VPCs will need to be connected to the shared VPC Some ot thebusiness unit VPC CIDR blocks overlap with the shared VPC and some overlap with eachother Network connectivity to the centralized application in the shared VPC should beallowed from authorized business unit VPCs onlyWhich network configuration should a solutions architect use to provide connectivity fromthe client applications in the business unit VPCs to the centralized application in the sharedVPC?

A. Create an AWS Transit Gateway Attach the shared VPC and the authorized businessunit VPCs to the transit gateway Create a single transit gateway route table and associateit with all of the attached VPCs Allow automatic propagation of routes from the attachmentsinto the route table Configure VPC routing tables to send traffic to the transit gateway
B. Create a VPC endpoint service using the centralized application NLB and enable theoption to require endpoint acceptance Create a VPC endpoint in each of the business unitVPCs using the service name of the endpoint service. Accept authorized endpoint requestsfrom the endpoint service console.
C. Create a VPC peering connection from each business unit VPC to the shared VPCAccept the VPC peering connections from the shared VPC console Configure VPC routingtables to send traffic to the VPC peering connection
D. Configure a virtual private gateway for the shared VPC and create customer gatewaysfor each of the authorized business unit VPCs Establish a Site-to-Site VPN connection fromthe business unit VPCs to the shared VPC Configure VPC routing tables to send traffic tothe VPN connection

Question # 6

An events company runs a ticketing platform on AWS. The company's customers configureand schedule their events on the platform The events result in large increases of traffic tothe platform The company knows the date and time of each customer's eventsThe company runs the platform on an Amazon Elastic Container Service (Amazon ECS)cluster The ECS cluster consists of Amazon EC2 On-Demand Instances that are in an AutoScaling group. The Auto Scaling group uses a predictive scaling policyThe ECS cluster makes frequent requests to an Amazon S3 bucket to download ticketassets The ECS cluster and the S3 bucket are in the same AWS Region and the sameAWS account Traffic between the ECS cluster and the S3 bucket flows across a NATgatewayThe company needs to optimize the cost of the platform without decreasing the platform'savailabilityWhich combination of steps will meet these requirements? (Select TWO)

A. Create a gateway VPC endpoint for the S3 bucket
B. Add another ECS capacity provider that uses an Auto Scaling group of Spot InstancesConfigure the new capacity provider strategy to have the same weight as the existingcapacity provider strategy
C. Create On-Demand Capacity Reservations for the applicable instance type for the timeperiod of the scheduled scaling policies
D. Enable S3 Transfer Acceleration on the S3 bucket
E. Replace the predictive scaling policy with scheduled scaling policies for the scheduled events

Question # 7

A company uses AWS Organizations to manage its development environment. Eachdevelopment team at the company has its own AWS account Each account has a singleVPC and CIDR blocks that do not overlap.The company has an Amazon Aurora DB cluster in a shared services account All thedevelopment teams need to work with live data from the DB clusterWhich solution will provide the required connectivity to the DB cluster with the LEASToperational overhead?

A. Create an AWS Resource Access Manager (AWS RAM) resource share tor the DBcluster. Share the DB cluster with all the development accounts
B. Create a transit gateway in the shared services account Create an AWS ResourceAccess Manager (AWS RAM) resource share for the transit gateway Share the transitgateway with all the development accounts Instruct the developers to accept the resourceshare Configure networking.
C. Create an Application Load Balancer (ALB) that points to the IP address of the DBcluster Create an AWS PrivateLink endpoint service that uses the ALB Add permissions toallow each development account to connect to the endpoint service
D. Create an AWS Site-to-Site VPN connection in the shared services account Configurenetworking Use AWS Marketplace VPN software in each development account to connectto the Site-to-Site VPN connection

Question # 8

A company wants to migrate virtual Microsoft workloads from an on-premises data centerto AWS The company has successfully tested a few sample workloads on AWS. Thecompany also has created an AWS Site-to-Site VPN connection to a VPC A solutionsarchitect needs to generate a total cost of ownership (TCO) report for the migration of allthe workloads from the data centerSimple Network Management Protocol (SNMP) has been enabled on each VM in the datacenter The company cannot add more VMs m the data center and cannot install additionalsoftware on the VMs The discovery data must be automatically imported into AWSMigration HubWhich solution will meet these requirements?

A. Use the AWS Application Migration Service agentless service and the AWS MigrationHub Strategy Recommendations to generate the TCO report
B. Launch a Windows Amazon EC2 instance Install the Migration Evaluator agentlesscollector on the EC2 instance Configure Migration Evaluator to generate the TCO report
C. Launch a Windows Amazon EC2 instance. Install the Migration Evaluator agentlesscollector on the EC2 instance. Configure Migration Hub to generate the TCO report
D. Use the AWS Migration Readiness Assessment tool inside the VPC Configure MigrationEvaluator to generate the TCO report

Question # 9

A software as a service (SaaS) company provides a media software solution to customersThe solution is hosted on 50 VPCs across various AWS Regions and AWS accounts Oneof the VPCs is designated as a management VPC The compute resources in the VPCswork independently The company has developed a new feature that requires all 50 VPCs to be able tocommunicate with each other. The new feature also requires one-way access from eachcustomer's VPC to the company's management VPC The management VPC hosts acompute resource that validates licenses for the media software solutionThe number of VPCs that the company will use to host the solution will continue to increaseas the solution growsWhich combination of steps will provide the required VPC connectivity with the LEASToperational overhead'' (Select TWO.)

A. Create a transit gateway Attach all the company's VPCs and relevant subnets to thetransit gateway
B. Create VPC peering connections between all the company's VPCs
C. Create a Network Load Balancer (NLB) that points to the compute resource for licensevalidation. Create an AWS PrivateLink endpoint service that is available to each customer'sVPC Associate the endpoint service with the NLB
D. Create a VPN appliance in each customer's VPC Connect the company's managementVPC to each customer's VPC by using AWS Site-to-Site VPN
E. Create a VPC peering connection between the company's management VPC and eachcustomer's VPC

Question # 10

A company creates an AWS Control Tower landing zone to manage and govern a multiaccountAWS environment. The company's security team will deploy preventive controlsand detective controls to monitor AWS services across all the accounts. The security teamneeds a centralized view of the security state of all the accounts.Which solution will meet these requirements'?

A. From the AWS Control Tower management account, use AWS CloudFormationStackSets to deploy an AWS Config conformance pack to all accounts in the organization
B. Enable Amazon Detective for the organization in AWS Organizations Designate oneAWS account as the delegated administrator for Detective
C. From the AWS Control Tower management account, deploy an AWS CloudFormationstack set that uses the automatic deployment option to enable Amazon Detective for theorganization
D. Enable AWS Security Hub for the organization in AWS Organizations Designate oneAWS account as the delegated administrator for Security Hub

Question # 11

A medical company is running a REST API on a set of Amazon EC2 instances The EC2instances run in an Auto Scaling group behind an Application Load Balancer (ALB) TheALB runs in three public subnets, and the EC2 instances run in three private subnets Thecompany has deployed an Amazon CloudFront distribution that has the ALB as the only originWhich solution should a solutions architect recommend to enhance the origin security?

A. Store a random string in AWS Secrets Manager Create an AWS Lambda function forautomatic secret rotation Configure CloudFront to inject the random string as a customHTTP header for the origin request Create an AWS WAF web ACL rule with a string matchrule for the custom header Associate the web ACL with the ALB
B. Create an AWS WAF web ACL rule with an IP match condition of the CloudFront serviceIP address ranges Associate the web ACL with the ALB Move the ALB into the threeprivate subnets
C. Store a random string in AWS Systems Manager Parameter Store Configure ParameterStore automatic rotation for the string Configure CloudFront to inject the random string as acustom HTTP header for the origin request Inspect the value of the custom HTTP header,and block access in the ALB
D. Configure AWS Shield Advanced. Create a security group policy to allow connectionsfrom CloudFront service IP address ranges. Add the policy to AWS Shield Advanced, andattach the policy to the ALB

Question # 12

A company is running its solution on AWS in a manually created VPC. The company isusing AWS CloudFormation to provision other parts of the infrastructure According to anew requirement the company must manage all infrastructure in an automatic wayWhat should the comp any do to meet this new requirement with the LEAST effort?

A. Create a new AWS Cloud Development Kit (AWS CDK) stack that strictly provisions theexisting VPC resources and configuration Use AWS CDK to import the VPC into the stackand to manage the VPC
B. Create a CloudFormation stack set that creates the VPC Use the stack set to import theVPC into the stack
C. Create a new CloudFormation template that strictly provisions the existing VPCresources and configuration From the CloudFormation console, create a new stack byimporting the existing resources
D. Create a new CloudFormation template that creates the VPC Use the AWS ServerlessApplication Model (AWS SAM) CLI to import the VPC

Question # 13

A company is launching a new online game on Amazon EC2 instances. The game must beavailable globally. The company plans to run the game in three AWS Regions: us-east-1,eu-west-1, and ap-southeast-1. The game's leaderboards. player inventory, and eventstatus must be available across Regions.A solutions architect must design a solution that will give any Region the ability to scale tohandle the load of all Regions. Additionally, users must automatically connect to the Regionthat provides the least latency.Which solution will meet these requirements with the LEAST operational overhead?

A. Create an EC2 Spot Fleet. Attach the Spot Fleet to a Network Load Balancer (NLB) ineach Region. Create an AWS Global Accelerator IP address that points to the NLB. Createan Amazon Route 53 latency-based routing entry for the Global Accelerator IP address.Save the game metadata to an Amazon RDS for MySQL DB instance in each Region. Setup a read replica in the other Regions.
B. Create an Auto Scaling group for the EC2 instances. Attach the Auto Scaling group to aNetwork Load Balancer (NLB) in each Region. For each Region, create an Amazon Route53 entry that uses geoproximity routing and points to the NLB in that Region. Save thegame metadata to MySQL databases on EC2 instances in each Region. Save the gamemetadata to MySQL databases on EC2 instances in each Region. Set up replicationbetween the database EC2 instances in each Region.
C. Create an Auto Scaling group for the EC2 instances. Attach the Auto Scaling group to aNetwork Load Balancer (NLB) in each Region. For each Region, create an Amazon Route53 entry that uses latency-based routing and points to the NLB in that Region. Save thegame metadata to an Amazon DynamoDB global table.
D. Use EC2 Global View. Deploy the EC2 instances to each Region. Attach the instancesto a Network Load Balancer (NLB). Deploy a DNS server on an EC2 instance in eachRegion. Set up custom logic on each DNS server to redirect the user to the Region thatprovides the lowest latency. Save the game metadata to an Amazon Aurora globaldatabase.

Question # 14

A company is planning to migrate an application from on premises to the AWS Cloud Thecompany will begin the migration by moving the application underlying data storage toAWS The application data is stored on a shared tile system on premises and theapplication servers connect to the shared file system through SMBA solutions architect must implement a solution that uses an Amazon S3 bucket for sharedstorage. Until the application is fully migrated and code is rewritten to use native AmazonS3 APIs the application must continue to have access to the data through SMB Thesolutions architect must migrate the application data to AWS (o its new location while stillallowing the on-premises application to access the dataWhich solution will meet these requirements?

A. Create a new Amazon FSx for Windows File Server file system Configure AWSDataSync with one location for the on-premises file share and one location for the newAmazon FSx file system Create a new DataSync task to copy the data from the onpremisesfile share location to the Amazon FSx file system
B. Create an S3 bucket for the application Copy the data from the on-premises storage to the S3 bucket
C. Deploy an AWS Server Migration Service (AWS SMS) VM to the on-premisesenvironment Use AWS SMS to migrate the file storage server from on premises to anAmazon EC2 instance
D. Create an S3 bucket for the application Deploy a new AWS Storage Gateway filegateway on an on-premises VM Create a new file share that stores data in the S3 bucketand is associated with the file gateway Copy the data from the on-premises storage to thenew file gateway endpoint

Question # 15

A company has an application that analyzes and stores image data on premises Theapplication receives millions of new image files every day Files are an average of 1 MB insize The files are analyzed in batches of 1 GB When the application analyzes a batch theapplication zips the images together The application then archives the images as a singlefile in an on-premises NFS server for long-term storageThe company has a Microsoft Hyper-V environment on premises and has computecapacity available The company does not have storage capacity and wants to archive theimages on AWS The company needs the ability to retrieve archived data within t week of arequest.The company has a 10 Gbps AWS Direct Connect connection between its on-premisesdata center and AWS. The company needs to set bandwidth limits and schedule archivedimages to be copied to AWS dunng non-business hours.Which solution will meet these requirements MOST cost-effectively?

A. Deploy an AWS DataSync agent on a new GPU-based Amazon EC2 instance Configurethe DataSync agent to copy the batch of files from the NFS on-premises server to AmazonS3 Glacier Instant Retrieval After the successful copy delete the data from the on-premisesstorage
B. Deploy an AWS DataSync agent as a Hyper-V VM on premises Configure the DataSyncagent to copy the batch of files from the NFS on-premises server to Amazon S3 GlacierDeep Archive After the successful copy delete the data from the on-premises storage
C. Deploy an AWS DataSync agent on a new general purpose Amazon EC2 instanceConfigure the DataSync agent to copy the batch of files from the NFS on-premises serverto Amazon S3 Standard After the successful copy deletes the data from the on-premisesstorage Create an S3 Lifecycle rule to transition objects from S3 Standard to S3 GlacierDeep Archive after 1 day
D. Deploy an AWS Storage Gateway Tape Gateway on premises in the Hyper-Venvironment Connect the Tape Gateway to AWS Use automatic tape creation Specify anAmazon S3 Glacier Deep Archive pool Eject the tape after the batch of images is copied

Question # 16

A solutions architect is creating an AWS CloudFormation template from an existingmanually created non-production AWS environment The CloudFormation template can bedestroyed and recreated as needed The environment contains an Amazon EC2 instanceThe EC2 instance has an instance profile that the EC2 instance uses to assume a role in aparent accountThe solutions architect recreates the role in a CloudFormation template and uses the samerole name When the CloudFormation template is launched in the child account, the EC2instance can no longer assume the role in the parent account because of insufficientpermissionsWhat should the solutions architect do to resolve this issue?

A. In the parent account edit the trust policy for the role that the EC2 instance needs toassume Ensure that the target role ARN in the existing statement that allows the stsAssumeRole action is correct Save the trust policy
B. In the parent account edit the trust policy for the role that the EC2 instance needs toassume Add a statement that allows the sts AssumeRole action for the root principal of thechild account Save the trust policy
C. Update the CloudFormation stack again Specify only the CAPABILITY_NAMED_IAMcapability
D. Update the CloudFormation stack again Specify the CAPABIUTYJAM capability and theCAPABILITY_NAMEDJAM capability

Question # 17

A company runs a software-as-a-service <SaaS) application on AWS The applicationconsists of AWS Lambda functions and an Amazon RDS for MySQL Multi-AZ databaseDuring market events the application has a much higher workload than normal Users noticeslow response times during the peak periods because of many database connections Thecompany needs to improve the scalable performance and availability of the databaseWhich solution meets these requirements'?

A. Create an Amazon CloudWatch alarm action that triggers a Lambda function to add anAmazon RDS for MySQL read replica when resource utilization hits a threshold
B. Migrate the database to Amazon Aurora, and add a read replica Add a databaseconnection pool outside of the Lambda handler function
C. Migrate the database to Amazon Aurora and add a read replica Use Amazon Route 53weighted records
D. Migrate the database to Amazon Aurora and add an Aurora Replica Configure AmazonRDS Proxy to manage database connection pools

Question # 18

A company has multiple lines of business (LOBs) that toll up to the parent company. Thecompany has asked its solutions architect to develop a solution with the followingrequirements • Produce a single AWS invoice for all of the AWS accounts used by its LOBs.• The costs for each LOB account should be broken out on the invoice• Provide the ability to restrict services and features in the LOB accounts, as defined by thecompany's governance policy• Each LOB account should be delegated full administrator permissions regardless of thegovernance policyWhich combination of steps should the solutions architect take to meet theserequirements'? (Select TWO.)

A. Use AWS Organizations to create an organization in the parent account for each LOBThen invite each LOB account to the appropriate organization
B. Use AWS Organizations to create a single organization in the parent account Then,invite each LOB's AWS account lo join the organization.
C. Implement service quotas to define the services and features that are permitted andapply the quotas to each LOB. as appropriate
D. Create an SCP that allows only approved services and features then apply the policy tothe LOB accounts
E. Enable consolidated billing in the parent account's billing console and link the LOB accounts

Question # 19

A company needs to improve the security of its web-based application on AWS. Theapplication uses Amazon CloudFront with two custom origins. The first custom origin routesrequests to an Amazon API Gateway HTTP API. The second custom origin routes traffic to an Application Load Balancer (ALB) The application integrates with an OpenlD Connect(OIDC) identity provider (IdP) for user management.A security audit shows that a JSON Web Token (JWT) authorizer provides access to theAPI The security audit also shows that the ALB accepts requests from unauthenticatedusersA solutions architect must design a solution to ensure that all backend services respond toonly authenticated usersWhich solution will meet this requirement?

A. Configure the ALB to enforce authentication and authorization by integrating the ALBwith the IdP Allow only authenticated users to access the backend services
B. Modify the CloudFront configuration to use signed URLs Implement a permissive signingpolicy that allows any request to access the backend services
C. Create an AWS WAF web ACL that filters out unauthenticated requests at the ALB level.Allow only authenticated traffic to reach the backend services.
D. Enable AWS CloudTrail to log all requests that come to the ALB Create an AWSLambda function to analyze the togs and block any requests that come fromunauthenticated users.

Question # 20

A delivery company is running a serverless solution in tneAWS Cloud The solutionmanages user data, delivery information and past purchase details The solution consists ofseveral microservices The central user service stores sensitive data in an AmazonDynamoDB table Several of the other microservices store a copy of parts of the sensitivedata in different storage servicesThe company needs the ability to delete user information upon request As soon as thecentral user service deletes a user every other microservice must also delete its copy of the data immediatelyWhich solution will meet these requirements?

A. Activate DynamoDB Streams on the DynamoDB table Create an AWS Lambda triggerfor the DynamoDB stream that will post events about user deletion in an Amazon SimpleQueue Service (Amazon SQS) queue Configure each microservice to poll the queue anddelete the user from the DynamoDB table
B. Set up DynamoDB event notifications on the DynamoDB table Create an AmazonSimple Notification Service (Amazon SNS) topic as a target for the DynamoDB eventnotification Configure each microservice to subscribe to the SNS topic and to delete theuser from the DynamoDB table
C. Configure the central user service to post an event on a custom Amazon EventBridgeevent bus when the company deletes a user Create an EventBndge rule for eachmicroservice to match the user deletion event pattern and invoke logic in the microserviceto delete the user from the DynamoDB table
D. Configure the central user service to post a message on an Amazon Simple QueueService (Amazon SQS) queue when the company deletes a user Configure eachmicroservice to create an event filter on the SQS queue and to delete the user from theDynamoDB table

Question # 21

A company has developed an application that is running Windows Server on VMwarevSphere VMs that the company hosts on premises The application data is stored in aproprietary format that must be read through the application The company manuallyprovisioned the servers and the applicationAs part of its disaster recovery plan, the company wants the ability to host its application onAWS temporarily if the company's on-premises environment becomes unavailable Thecompany wants the application to return to on-premises hosting after a disaster recoveryevent is complete The RPO is 5 minutes.Which solution meets these requirements with the LEAST amount of operationaloverhead?

A. Configure AWS DataSync Replicate the data to Amazon Elastic Block Store (AmazonEBS) volumes When the on-premises environment is unavailable, use AWS Cloud Formation templates to provision Amazon EC2 instances and attach the EBS volumes
B. Configure AWS Elastic Disaster Recovery Replicate the data to replication Amazon EC2instances that are attached to Amazon Elastic Block Store (Amazon EBS) volumes Whenthe on-premises environment is unavailable use Elastic Disaster Recovery to launch EC2instances that use the replicated volumes
C. Provision an AWS Storage Gateway file gateway. Replicate the data to an Amazon S3bucket When the on-premises environment is unavailable, use AWS Backup to restore thedata to Amazon Elastic Block Store (Amazon EBS) volumes and launch Amazon EC2instances from these EBS volumes
D. Provision an Amazon FSx for Windows File Server file system on AWS Replicate thedata to the file system When the on-premises environment is unavailable, use AWS CloudFormat ion templates to provision Amazon EC2 instances and use AWS CloudFormationInit commands to mount the Amazon FSx file shares

Question # 22

A company that develops consumer electronics with offices in Europe and Asia has 60 TBof software images stored on premises in Europe The company wants to transfer theimages to an Amazon S3 bucket in the ap-northeast-1 Region New software images arecreated daily and must be encrypted in transit The company needs a solution that does notrequire custom development to automatically transfer all existing and new software imagesto Amazon S3What is the next step in the transfer process?

A. Deploy an AWS DataSync agent and configure a task to transfer the images to the S3bucket
B. Configure Amazon Kinesis Data Firehose to transfer the images using S3 TransferAcceleration
C. Use an AWS Snowball device to transfer the images with the S3 bucket as the target
D. Transfer the images over a Site-to-Site VPN connection using the S3 API with multipartupload

Question # 23

A company runs an unauthenticated static website (www.example.com) that includes aregistration form for users. The website uses Amazon S3 for hosting and uses AmazonCloudFront as the content delivery network with AWS WAF configured. When theregistration form is submitted, the website calls an Amazon API Gateway API endpoint thatinvokes an AWS Lambda function to process the payload and forward the payload to anexternal API call.During testing, a solutions architect encounters a cross-origin resource sharing (CORS)error. The solutions architect confirms that the CloudFront distribution origin has theAccess-Control-Allow-Origin header set to www.example.com.What should the solutions architect do to resolve the error?

A. Change the CORS configuration on the S3 bucket. Add rules for CORS to the AllowedOrigin element for www.example.com.
B. Enable the CORS setting in AWS WAF. Create a web ACL rule in which the Access-Control-Allow-Origin header is set to www.example.com.
C. Enable the CORS setting on the API Gateway API endpoint. Ensure that the APIendpoint is configured to return all responses that have the Access-Control -Allow-Originheader set to www.example.com.
D. Enable the CORS setting on the Lambda function. Ensure that the return code of thefunction has the Access-Control-Allow-Origin header set to www.example.com.

Question # 24

Question # 25

A company uses AWS Organizations AWS account. A solutions architect must design asolution in which only administrator roles are allowed to use IAM actions. However thesolutions archited does not have access to all the AWS account throughout the company.Which solution meets these requirements with the LEAST operational overhead?

A. Create an SCP that applies to at the AWS accounts to allow I AM actions only foradministrator roles. Apply the SCP to the root OLI.
B. Configure AWS CloudTrai to invoke an AWS Lambda function for each event that isrelated to 1AM actions. Configure the function to deny the action. If the user who invokedthe action is not an administator.
C. Create an SCP that applies to all the AWS accounts to deny 1AM actions for all usersexcept for those with administrator roles. Apply the SCP to the root OU.
D. Set an 1AM permissions boundary that allows 1AM actions. Attach the permissionsboundary to every administrator role across all the AWS accounts.

Question # 26

A company use an organization in AWS Organizations to manage multiple AWS accounts.The company hosts some applications in a VPC in the company's snared services account.The company has attached a transit gateway to the VPC in the Shared services account.The company is developing a new capability and has created a development environmentthat requires access to the applications that are in the snared services account. Thecompany intends to delete and recreate resources frequently in the development account.The company also wants to give a development team the ability to recreate the team'sconnection to the shared services account as required.Which solution will meet these requirements?

A. Create a transit gateway in the development account. Create a transit gateway peeringrequest to the shared services account. Configure the snared services transit gateway toautomatically accept peering connections.
B. Turn on automate acceptance for the transit gateway in the shared services account.Use AWS Resource Access Manager (AWS RAM) to share the transit gateway resource inthe shared services account with the development account. Accept the resource in tie development account. Create a transit gateway attachment in the development account.
C. Turn on automate acceptance for the transit gateway in the shared services account.Create a VPC endpoint. Use the endpoint policy to grant permissions on the VPC endpointfor the development account. Configure the endpoint service to automatically acceptconnection requests. Provide the endpoint details to the development team.
D. Create an Amazon EventBridge rule to invoke an AWS Lambda function that acceptsthe transit gateway attachment value the development account makes an attachmentrequest. Use AWS Network Manager to store. The transit gateway in the shared servicesaccount with the development account. Accept the transit gateway in the developmentaccount.

Question # 27

A company has a web application that uses Amazon API Gateway. AWS Lambda andAmazon DynamoDB A recent marketing campaign has increased demand Monitoringsoftware reports that many requests have significantly longer response times than beforethe marketing campaignA solutions architect enabled Amazon CloudWatch Logs for API Gateway and noticed thaterrors are occurring on 20% of the requests. In CloudWatch. the Lambda function.Throttles metric represents 1% of the requests and the Errors metric represents 10% of therequests Application logs indicate that, when errors occur there is a call to DynamoDBWhat change should the solutions architect make to improve the current response times asthe web application becomes more popular'?

A. Increase the concurrency limit of the Lambda function
B. Implement DynamoDB auto scaling on the table
C. Increase the API Gateway throttle limit
D. Re-create the DynamoDB table with a better-partitioned primary index.

Question # 28

A company wants to migrate an Amazon Aurora MySQL DB cluster from an existing AWSaccount to a new AWS account in the same AWS Region. Both accounts are members ofthe same organization in AWS Organizations.The company must minimize database service interruption before the company performsDNS cutover to the new database.Which migration strategy will meet this requirement?

A. Take a snapshot of the existing Aurora database. Share the snapshot with the new AWSaccount. Create an Aurora DB cluster in the new account from the snapshot.
B. Create an Aurora DB cluster in the new AWS account. Use AWS Database MigrationService (AWS DMS) to migrate data between the two Aurora DB clusters.
C. Use AWS Backup to share an Aurora database backup from the existing AWS accountto the new AWS account. Create an Aurora DB cluster in the new AWS account from thesnapshot.
D. Create an Aurora DB cluster in the new AWS account. Use AWS Application MigrationService to migrate data between the two Aurora DB clusters.

Question # 29

A company is planning a migration from an on-premises data center to the AWS cloud. Thecompany plans to use multiple AWS accounts that are managed in an organization in AWSorganizations. The company will cost a small number of accounts initially and will addaccounts as needed. A solution architect must design a solution that turns on AWSaccounts.What is the MOST operationally efficient solution that meets these requirements.

A. Create an AWS Lambda function that creates a new cloudTrail trail in all AWS accountin the organization. Invoke the Lambda function dally by using a scheduled action inAmazon EventBridge.
B. Create a new CloudTrail trail in the organizations management account. Configure the trail to log all events for all AYYS accounts in the organization.
C. Create a new CloudTrail trail in all AWS accounts in the organization. Create new trailswhenever a new account is created.
D. Create an AWS systems Manager Automaton runbook that creates a cloud trail in allAWS accounts in the organization. Invoke the automation by using Systems Manager StateManager.

Question # 30

A solutions architect is preparing to deploy a new security tool into several previouslyunused AWS Regions. The solutions architect will deploy the tool by using an AWSCloudFormation stack set. The stack set's template contains an 1AM role that has acustom name. Upon creation of the stack set. no stack instances are created successfully.What should the solutions architect do to deploy the stacks successfully?

A. Enable the new Regions in all relevant accounts. Specify theCAPABILITY_NAMED_IAM capability during the creation of the stack set.
B. Use the Service Quotas console to request a quota increase for the number ofCloudFormation stacks in each new Region in all relevant accounts. Specify theCAPABILITYJAM capability during the creation of the stack set.
C. Specify the CAPABILITY_NAMED_IAM capability and the SELF_MANAGEDpermissions model during the creation of the stack set.
D. Specify an administration role ARN and the CAPABILITYJAM capability during thecreation of the stack set.

Question # 31

A company has an loT platform that runs in an on-premises environment. The platformconsists of a server that connects to loT devices by using the MQTT protocol. The platformcollects telemetry data from the devices at least once every 5 minutes The platform alsostores device metadata in a MongoDB clusterAn application that is installed on an on-premises machine runs periodic jobs to aggregateand transform the telemetry and device metadata The application creates reports thatusers view by using another web application that runs on the same on-premises machineThe periodic jobs take 120-600 seconds to run However, the web application is alwaysrunning.The company is moving the platform to AWS and must reduce the operational overhead ofthe stack.Which combination of steps will meet these requirements with the LEAST operationaloverhead? (Select THREE.)

A. Use AWS Lambda functions to connect to the loT devices
B. Configure the loT devices to publish to AWS loT Core
C. Write the metadata to a self-managed MongoDB database on an Amazon EC2 instance
D. Write the metadata to Amazon DocumentDB (with MongoDB compatibility)
E. Use AWS Step Functions state machines with AWS Lambda tasks to prepare thereports and to write the reports to Amazon S3 Use Amazon CloudFront with an S3 origin toserve the reports
F. Use an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with Amazon EC2instances to prepare the reports Use an ingress controller in the EKS cluster to serve thereports

Question # 32

A company is designing an AWS environment tor a manufacturing application. Theapplication has been successful with customers, and the application's user base hasincreased. The company has connected the AWS environment to the company's onpremisesdata center through a 1 Gbps AWS Direct Connect connection. The company hasconfigured BGP for the connection.The company must update the existing network connectivity solution to ensure that thesolution is highly available, fault tolerant, and secure.Which solution win meet these requirements MOST cost-effectively?

A. Add a dynamic private IP AWS Site-to-Site VPN as a secondary path to secure data intransit and provide resilience for the Direct Conned connection. Configure MACsec toencrypt traffic inside the Direct Connect connection.
B. Provision another Direct Conned connection between the company's on-premises datacenter and AWS to increase the transfer speed and provide resilience. Configure MACsecto encrypt traffic inside the Dried Conned connection.
C. Configure multiple private VIFs. Load balance data across the VIFs between the onpremisesdata center and AWS to provide resilience.
D. Add a static AWS Site-to-Site VPN as a secondary path to secure data in transit and toprovide resilience for the Direct Connect connection.

Question # 33

A company deploys workloads in multiple AWS accounts. Each account has a VPC withVPC flow logs published in text log format to a centralized Amazon S3 bucket. Each log fileis compressed with gzjp compression. The company must retain the log files indefinitely.A security engineer occasionally analyzes the togs by using Amazon Athena to query theVPC flow logs. The query performance is degrading over time as the number of ingestedtogs is growing. A solutions architect: must improve the performance of the tog analysis and reduce the storage space that the VPC flow logs use.Which solution will meet these requirements with the LARGEST performanceimprovement?

A. Create an AWS Lambda function to decompress the gzip flies and to compress the tileswith bzip2 compression. Subscribe the Lambda function to an s3: ObiectCrealed;Put S3event notification for the S3 bucket.
B. Enable S3 Transfer Acceleration for the S3 bucket. Create an S3 Lifecycle configurationto move files to the S3 Intelligent-Tiering storage class as soon as the ties are uploaded
C. Update the VPC flow log configuration to store the files in Apache Parquet format.Specify Hourly partitions for the log files.
D. Create a new Athena workgroup without data usage control limits. Use Athena engineversion 2.

Question # 34

An e-commerce company is revamping its IT infrastructure and is planning to use AWSservices. The company's CIO has asked a solutions architect to design a simple, highlyavailable, and loosely coupled order processing application. The application is responsiblefor receiving and processing orders before storing them in an Amazon DynamoDB table.The application has a sporadic traffic pattern and should be able to scale during marketingcampaigns to process the orders with minimal delays.Which of the following is the MOST reliable approach to meet the requirements?

A. Receive the orders in an Amazon EC2-hosted database and use EC2 instances toprocess them.
B. Receive the orders in an Amazon SQS queue and invoke an AWS Lambda function toprocess them.
C. Receive the orders using the AWS Step Functions program and launch an Amazon ECScontainer to process them.
D. Receive the orders in Amazon Kinesis Data Streams and use Amazon EC2 instances toprocess them.

Question # 35

A company that is developing a mobile game is making game assets available in two AWSRegions. Game assets are served from a set of Amazon EC2 instances behind anApplication Load Balancer (ALB) in each Region. The company requires game assets to befetched from the closest Region. If game assess become unavailable in the closest Region,they should the fetched from the other Region. What should a solutions architect do to meet these requirement?

A. Create an Amazon CloudFront distribution. Create an origin group with one origin foreach ALB. Set one of the origins as primary.
B. Create an Amazon Route 53 health check tor each ALB. Create a Route 53 failoverrouting record pointing to the two ALBs. Set the Evaluate Target Health value Yes.
C. Create two Amazon CloudFront distributions, each with one ALB as the origin. Createan Amazon Route 53 failover routing record pointing to the two CloudFront distributions.Set the Evaluate Target Health value to Yes.
D. Create an Amazon Route 53 health check tor each ALB. Create a Route 53 latency aliasrecord pointing to the two ALBs. Set the Evaluate Target Health value to Yes.

Question # 36

A flood monitoring agency has deployed more than 10.000 water-level monitoring sensors.Sensors send continuous data updates, and each update is less than 1 MB in size. Theagency has a fleet of on-premises application servers. These servers receive upda.es 'onthe sensors, convert the raw data into a human readable format, and write the results loanon-premises relational database server. Data analysts then use simple SOL queries tomonitor the data.The agency wants to increase overall application availability and reduce the effort that isrequired to perform maintenance tasks These maintenance tasks, which include updatesand patches to the application servers, cause downtime. While an application server isdown, data is lost from sensors because the remaining servers cannot handle the entireworkload.The agency wants a solution that optimizes operational overhead and costs. A solutionsarchitect recommends the use of AWS loT Core to collect the sensor data. What else should the solutions architect recommend to meet these requirements?

A. Send the sensor data to Amazon Kinesis Data Firehose. Use an AWS Lambda functionto read the Kinesis Data Firehose data, convert it to .csv format, and insert it into anAmazon Aurora MySQL DB instance. Instruct the data analysts to query the data directlyfrom the DB instance.
B. Send the sensor data to Amazon Kinesis Data Firehose. Use an AWS Lambda functionto read the Kinesis Data Firehose data, convert it to Apache Parquet format and save it toan Amazon S3 bucket. Instruct the data analysts to query the data by using AmazonAthena.
C. Send the sensor data to an Amazon Managed Service for Apache Flink {previouslyknown as Amazon Kinesis Data Analytics) application to convert the data to .csv formatand store it in an Amazon S3 bucket. Import the data into an Amazon Aurora MySQL DBinstance. Instruct the data analysts to query the data directly from the DB instance.
D. Send the sensor data to an Amazon Managed Service for Apache Flink (previouslyknown as Amazon Kinesis Data Analytics) application to convert the data to ApacheParquet format and store it in an Amazon S3 bucket Instruct the data analysis to query thedata by using Amazon Athena.

Question # 37

A company has many services running in its on-premises data center. The data center isconnected to AWS using AWS Direct Connect (DX)and an IPsec VPN. The service data issensitive and connectivity cannot traverse the interne. The company wants to expand to a new market segment and begin offering Is services to other companies that are usingAWS.Which solution will meet these requirements?

A. Create a VPC Endpoint Service that accepts TCP traffic, host it behind a Network LoadBalancer, and make the service available over DX.
B. Create a VPC Endpoint Service that accepts HTTP or HTTPS traffic, host it behind anApplication Load Balancer, and make the service available over DX.
C. Attach an internet gateway to the VPC. and ensure that network access control andsecurity group rules allow the relevant inbound and outbound traffic.
D. Attach a NAT gateway to the VPC. and ensue that network access control and securitygroup rules allow the relevant inbound and outbound traffic.

Question # 38

A company wants to establish a dedicated connection between its on-premisesinfrastructure and AWS. The company is setting up a 1 Gbps AWS Direct Connectconnection to its account VPC. The architecture includes a transit gateway and a DirectConnect gateway to connect multiple VPCs and the on-premises infrastructure.The company must connect to VPC resources over a transit VIF by using the DirectConnect connection.Which combination of steps will meet these requirements? (Select TWO.)

A. Update the 1 Gbps Direct Connect connection to 10 Gbps.
B. Advertise the on-premises network prefixes over the transit VIF.
C. Adverse the VPC prefixes from the Direct Connect gateway to the on-premises networkover the transit VIF.
D. Update the Direct Connect connection's MACsec encryption mode attribute to mustencrypt.
E. Associate a MACsec Connection Key Name-Connectivity Association Key (CKN/CAK)pair with the Direct Connect connection.

Question # 39

A company hosts an intranet web application on Amazon EC2 instances behind anApplication Load Balancer (ALB). Currently, users authenticate to the application againstan internal user database.The company needs to authenticate users to the application by using an existing AWSDirectory Service for Microsoft Active Directory directory. All users with accounts in thedirectory must have access to the application.Which solution will meet these requirements?

A. Create a new app client in the directory. Create a listener rule for the ALB. Specify theauthenticate-oidc action for the listener rule. Configure the listener rule with the appropriateissuer, client ID and secret, and endpoint details for the Active Directory service. Configurethe new app client with the callback URL that the ALB provides.
B. Configure an Amazon Cognito user pool. Configure the user pool with a federatedidentity provider (IdP) that has metadata from the directory. Create an app client. Associatethe app client with the user pool. Create a listener rule for the ALB. Specify theauthenticate-cognito action for the listener rule. Configure the listener rule to use the userpool and app client.
C. Add the directory as a new 1AM identity provider (IdP). Create a new 1AM role that hasan entity type of SAML 2.0 federation. Configure a role policy that allows access to theALB. Configure the new role as the default authenticated user role for the IdP. Create alistener rule for the ALB. Specify the authenticate-oidc action for the listener rule.
D. Enable AWS 1AM Identity Center (AWS Single Sign-On). Configure the directory as anexternal identity provider (IdP) that uses SAML. Use the automatic provisioning method.Create a new 1AM role that has an entity type of SAML 2.0 federation. Configure a rolepolicy that allows access to the ALB. Attach the new role to all groups. Create a listenerrule for the ALB. Specify the authenticate-cognito action for the listener rule.

Question # 40

A public retail web application uses an Application Load Balancer (ALB) in front of AmazonEC2 instances running across multiple Availability Zones (AZs) in a Region backed by anAmazon RDS MySQL Multi-AZ deployment. Target group health checks are configured touse HTTP and pointed at the product catalog page. Auto Scaling is configured to maintainthe web fleet size based on the ALB health check.Recently, the application experienced an outage. Auto Scaling continuously replaced theinstances during the outage. A subsequent investigation determined that the web servermetrics were within the normal range, but the database tier was experiencing high toad,resulting in severely elevated query response times.Which of the following changes together would remediate these issues while improvingmonitoring capabilities for the availability and functionality of the entire application stack forfuture growth? (Select TWO.)

A. Configure read replicas for Amazon RDS MySQL and use the single reader endpoint inthe web application to reduce the load on the backend database tier.
B. Configure the target group health check to point at a simple HTML page instead of aproduct catalog page and the Amazon Route 53 health check against the product page toevaluate full application functionality. Configure Ama7on CloudWatch alarms to notifyadministrators when the site fails.
C. Configure the target group health check to use a TCP check of the Amazon EC2 webserver and the Amazon Route S3 health check against the product page to evaluate fullapplication functionality. Configure Amazon CloudWatch alarms to notify administratorswhen the site fails.
D. Configure an Amazon CtoudWatch alarm for Amazon RDS with an action to recover ahigh-load, impaired RDS instance in the database tier.
E. Configure an Amazon Elastic ache cluster and place it between the web application andRDS MySQL instances to reduce the load on the backend database tier.

Question # 41

A company needs to implement disaster recovery for a critical application that runs in asingle AWS Region. The application's users interact with a web frontend that is hosted onAmazon EC2 Instances behind an Application Load Balancer (ALB). The application writesto an Amazon RD5 tor MySQL DB instance. The application also outputs processeddocuments that are stored in an Amazon S3 bucketThe company's finance team directly queries the database to run reports. During busyperiods, these queries consume resources and negatively affect application performance.A solutions architect must design a solution that will provide resiliency during a disaster.The solution must minimize data loss and must resolve the performance problems thatresult from the finance team's queries.Which solution will meet these requirements?

A. Migrate the database to Amazon DynamoDB and use DynamoDB global tables. Instructthe finance team to query a global table in a separate Region. Create an AWS Lambdafunction to periodically synchronize the contents of the original S3 bucket to a new S3bucket in the separate Region. Launch EC2 instances and create an ALB in the separateRegion. Configure the application to point to the new S3 bucket.
B. Launch additional EC2 instances that host the application in a separate Region. Add theadditional instances to the existing ALB. In the separate Region, create a read replica ofthe RDS DB instance. Instruct the finance team to run queries ageist the read replica. UseS3 Cross-Region Replication (CRR) from the original S3 bucket to a new S3 Docket in theseparate Region. During a disaster, promote the read replace to a standalone DB instance.Configure the application to point to the new S3 bucket and to the newly project readreplica.
C. Create a read replica of the RDS DB instance in a separate Region. Instruct the financeteam to run queries against the read replica. Create AMIs of the EC2 instances mat hostthe application frontend- Copy the AMIs to the separate Region. Use S3 Cross-RegionReplication (CRR) from the original S3 bucket to a new S3 bucket in the separate Region.During a disaster, promote the read replica to a standalone DB instance. Launch EC2instances from the AMIs and create an ALB to present the application to end users.Configure the application to point to the new S3 bucket.
D. Create hourly snapshots of the RDS DB instance. Copy the snapshots to a separateRegion. Add an Amazon Elastic ache cluster m front of the existing RDS database. CreateAMIs of the EC2 instances that host the application frontend Copy the AMIs to the separateRegion. Use S3 Cross-Region Replication (CRR) from the original S3 bucket to a new S3bucket in the separate Region. During a disaster, restore The database from the latestRDS snapshot. Launch EC2 Instances from the AMIs and create an ALB to present theapplication to end users. Configure the application to point to the new S3 bucket

Question # 42

A company wants to use Amazon Workspaces in combination with thin client devices toreplace aging desktops. Employees use the desktops to access applications that work withclinical trial data. Corporate security policy states that access to the applications must be restricted to only company branch office locations. The company is considering adding anadditional branch office in the next 6 months.Which solution meets these requirements with the MOST operational efficiency?

A. Create an IP access control group rule with the list of public addresses from the branchoffices. Associate the IP access control group with the Workspaces directory.
B. Use AWS Firewall Manager to create a web ACL rule with an IPSet with the list to publicaddresses from the branch office Locations-Associate the web ACL with the Workspacesdirectory.
C. Use AWS Certificate Manager (ACM) to issue trusted device certificates to the machinesdeployed in the branch office locations. Enable restricted access on the Workspacesdirectory.
D. Create a custom Workspace image with Windows Firewall configured to restrict accessto the public addresses of the branch offices. Use the image to deploy the Workspaces.

Question # 43

A software development company has multiple engineers who ate working remotely. Thecompany is running Active Directory Domain Services (AD DS) on an Amazon EC2instance. The company's security policy states that al internal, nonpublic services that aredeployed in a VPC must be accessible through a VPN. Multi-factor authentication (MFA)must be used for access to a VPN.What should a solutions architect do to meet these requirements?

A. Create an AWS Sire-to-Site VPN connection. Configure Integration between a VPN andAD DS. Use an Amazon Workspaces client with MFA support enabled to establish a VPNconnection.
B. Create an AWS Client VPN endpoint Create an AD Connector directory tor integrationwith AD DS. Enable MFA tor AD Connector. Use AWS Client VPN to establish a VPNconnection.
C. Create multiple AWS Site-to-Site VPN connections by using AWS VPN CloudHub.Configure integration between AWS VPN CloudHub and AD DS. Use AWS Copilot toestablish a VPN connection.
D. Create an Amazon WorkLink endpoint. Configure integration between AmazonWorkLink and AD DS. Enable MFA in Amazon WorkLink. Use AWS Client VPN to establisha VPN connection.

Question # 44

A company needs to improve the reliability ticketing application. The application runs on anAmazon Elastic Container Service (Amazon ECS) cluster. The company uses AmazonCloudFront to servo the application. A single ECS service of the ECS cluster is theCloudFront distribution's origin.The application allows only a specific number of active users to enter a ticket purchasingflow. These users are identified by an encrypted attribute in their JSON Web Token (JWT).All other users are redirected to a waiting room module until there is available capacity forpurchasing.The application is experiencing high loads. The waiting room modulo is working asdesigned, but load on the waiting room is disrupting the application's availability. Thisdisruption is negatively affecting the application's ticket sale Transactions.Which solution will provide the MOST reliability for ticket sale transactions during periods ofhigh load? '

A. Create a separate service in the ECS cluster for the waiting room. Use a separatescaling configuration. Ensure that the ticketing service uses the JWT info-nation andappropriately forwards requests to the waring room service.
B. Move the application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster.Split the wailing room module into a pod that is separate from the ticketing pod. Make theticketing pod part of a StatefuISeL Ensure that the ticketing pod uses the JWT informationand appropriately forwards requests to the waiting room pod.
C. Create a separate service in the ECS cluster for the waiting room. Use a separatescaling configuration. Create a CloudFront function That inspects the JWT information andappropriately forwards requests to the ticketing service or the waiting room service
D. Move the application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster.Split the wailing room module into a pod that is separate from the ticketing pod. Use AWSApp Mesh by provisioning the App Mesh controller for Kubermetes. Enable mTLSauthentication and service-to-service authentication for communication between theticketing pod and the waiting room pod. Ensure that the ticketing pod uses The JWTinformation and appropriately forwards requests to the waiting room pod.

Question # 45

A company is currently in the design phase of an application that will need an RPO of lessthan 5 minutes and an RTO of less than 10 minutes. The solutions architecture team isforecasting that the database will store approximately 10 TB of data. As part of the design, they are looking for a database solution that will provide the company with the ability to failover to a secondary Region.Which solution will meet these business requirements at the LOWEST cost?

A. Deploy an Amazon Aurora DB cluster and take snapshots of the cluster every 5minutes. Once a snapshot is complete, copy the snapshot to a secondary Region to serveas a backup in the event of a failure.
B. Deploy an Amazon RDS instance with a cross-Region read replica in a secondaryRegion. In the event of a failure, promote the read replica to become the primary.
C. Deploy an Amazon Aurora DB cluster in the primary Region and another in a secondaryRegion. Use AWS DMS to keep the secondary Region in sync.
D. Deploy an Amazon RDS instance with a read replica in the same Region. In the event ofa failure, promote the read replica to become the primary.

Question # 46

A company is using an organization in AWS organization to manage AWS accounts. Foreach new project the company creates a new linked account. After the creation of a newaccount, the root user signs in to the new account and creates a service request to increase the service quota for Amazon EC2 instances. A solutions architect needs toautomate this process.Which solution will meet these requirements with tie LEAST operational overhead?

A. Create an Amazon EventBridge rule to detect creation of a new account Send the eventto an Amazon Simple Notification Service (Amazon SNS) topic that invokes an AWSLambda function. Configure the Lambda function to run the request-service-quota-increasecommand to request a service quota increase for EC2 instances.
B. Create a Service Quotas request template in the management account. Configure thedesired service quota increases for EC2 instances.
C. Create an AWS Config rule in the management account to set the service quota for EC2instances.
D. Create an Amazon EventBridge rule to detect creation of a new account. Send the eventto an Amazon simple Notification service (Amazon SNS) topic that involves an AWSLambda function. Configure the Lambda function to run the create-case command torequest a service quota increase for EC2 instances.

Question # 47

A company needs to gather data from an experiment in a remote location that does nothave internet connectivity. During the experiment, sensors that are connected to a totalnetwork will generate 6 TB of data in a preprimary formal over the course of 1 week. Thesensors can be configured to upload their data files to an FTP server periodically, but thesensors do not have their own FTP server. The sensors also do not support otherprotocols. The company needs to collect the data centrally and move lie data to objectstorage in the AWS Cloud as soon. as possible after the experiment.Which solution will meet these requirements?

A. Order an AWS Snowball Edge Compute Optimized device. Connect the device to thelocal network. Configure AWS DataSync with a target bucket name, and unload the dataover NFS to the device. After the experiment return the device to AWS so that the data canbe loaded into Amazon S3.
B. Order an AWS Snowcone device, including an Amazon Linux 2 AMI. Connect the deviceto the local network. Launch an Amazon EC2 instance on the device. Create a shell script that periodically downloads data from each sensor. After the experiment, return the deviceto AWS so that the data can be loaded as an Amazon Elastic Block Store [Amazon EBS)volume.
C. Order an AWS Snowcone device, including an Amazon Linux 2 AMI. Connect the deviceto the local network. Launch an Amazon EC2 instance on the device. Install and configurean FTP server on the EC2 instance. Configure the sensors to upload data to the EC2instance. After the experiment, return the device to AWS so that the data can be loadedinto Amazon S3.
D. Order an AWS Snowcone device. Connect the device to the local network. Configurethe device to use Amazon FSx. Configure the sensors to upload data to the device.Configure AWS DataSync on the device to synchronize the uploaded data with an AmazonS3 bucket Return the device to AWS so that the data can be loaded as an Amazon ElasticBlock Store (Amazon EBS) volume.

Question # 48

A company has Linux-based Amazon EC2 instances. Users must access the instances byusing SSH with EC2 SSH Key pairs. Each machine requires a unique EC2 Key pair.The company wants to implement a key rotation policy that will, upon request,automatically rotate all the EC2 key pairs and keep the key in a securely encrypted place.The company will accept less than 1 minute of downtime during key rotation.Which solution will meet these requirement?

A. Store all the keys in AWS Secrets Manager. Define a Secrets Manager rotationschedule to invoke an AWS Lambda function to generate new key pairs. Replace publicKeys on EC2 instances. Update the private keys in Secrets Manager.
B. Store all the keys in Parameter. Store, a capability of AWS Systems Manager, as astring. Define a Systems Manager maintenance window to invoke an AWS Lambdafunction to generate new key pairs. Replace public keys on EC2 instance. Update theprivate keys in parameter.
C. Import the EC2 key pairs into AWS Key Management Service (AWS KMS). Configureautomatic key rotation for these key pairs. Create an Amazon EventlBridge scheduled ruleto invoke an AWS Lambda function to initiate the key rotation AWS KMS.
D. Add all the EC2 instances to Feet Manager, a capability of AWS Systems Manager.Define a Systems Manager maintenance window to issue a Systems Manager RunCommand document to generate new Key pairs and to rotate public keys to all theinstances in Feet Manager.

Question # 49

A company has a Windows-based desktop application that is packaged and deployed to the users' Windows machines. The company recently acquired another company that hasemployees who primarily use machines with a Linux operating system. The acquiringcompany has decided to migrate and rehost the Windows-based desktop application loAWS.All employees must be authenticated before they use the application. The acquiringcompany uses Active Directory on premises but wants a simplified way to manage accessto the application on AWS (or all the employees.Which solution will rehost the application on AWS with the LEAST development effort?

A. Set up and provision an Amazon Workspaces virtual desktop for every employee.Implement authentication by using Amazon Cognito identity pools. Instruct employees torun the application from their provisioned Workspaces virtual desktops.
B. Create an Auto Scarlet group of Windows-based Ama7on EC2 instances. Join eachEC2 instance to the company's Active Directory domain. Implement authentication by usingthe Active Directory That is running on premises. Instruct employees to run the applicationby using a Windows remote desktop.
C. Use an Amazon AppStream 2.0 image builder to create an image that includes theapplication and the required configurations. Provision an AppStream 2.0 On-Demand fleetwith dynamic Fleet Auto Scaling process for running the image. Implement authenticationby using AppStream 2.0 user pools. Instruct the employees to access the application bystarling browse'-based AppStream 2.0 streaming sessions.
D. Refactor and containerize the application to run as a web-based application. Run theapplication in Amazon Elastic Container Service (Amazon ECS) on AWS Fargate with stepscaling policies Implement authentication by using Amazon Cognito user pools. Instruct theemployees to run the application from their browsers.

Question # 50

A company is developing an application that will display financial reports. The companyneeds a solution that can store financial Information that comes from multiple systems. Thesolution must provide the reports through a web interface and must serve the data will lessman 500 milliseconds or latency to end users. The solution also must be highly availableand must have an RTO or 30 seconds.Which solution will meet these requirements?

A. Use an Amazon Redshift cluster to store the data. Use a state website that is hosted onAmazon S3 with backend APIs that ate served by an Amazon Elastic Cubemates Service(Amazon EKS) cluster to provide the reports to the application.
B. Use Amazon S3 to store the data Use Amazon Athena to provide the reports to theapplication. Use AWS App Runner to serve the application to view the reports.
C. Use Amazon DynamoDB to store the data, use an embedded Amazon QuickStightdashboard with direct Query datasets to provide the reports to the application.
D. Use Amazon Keyspaces (for Apache Cassandra) to store the data, use AWS ElasticBeanstalk to provide the reports to the application.

Question # 51

A company is planning to migrate an on-premises data center to AWS. The companycurrently hosts the data center on Linux-based VMware VMs. A solutions architect mustcollect information about network dependencies between the VMs. The information mustbe in the form of a diagram that details host IP addresses, hostnames, and networkconnection information.Which solution will meet these requirements?

A. Use AWS Application Discovery Service. Select an AWS Migration Hub home AWSRegion. Install the AWS Application Discovery Agent on the on-premises servers for datacollection. Grant permissions to Application Discovery Service to use the Migration Hubnetwork diagrams.
B. Use the AWS Application Discovery Service Agentless Collector for server datacollection. Export the network diagrams from the AWS Migration Hub in .png format.
C. Install the AWS Application Migration Service agent on the on-premises servers for datacollection. Use AWS Migration Hub data in Workload Discovery on AWS to generatenetwork diagrams.
D. Install the AWS Application Migration Service agent on the on-premises servers for datacollection. Export data from AWS Migration Hub in .csv format into an Amazon CloudWatchdashboard to generate network diagrams.

Question # 52

A company maintains information on premises in approximately 1 million .csv files that arehosted on a VM. The data initially is 10 TB in size and grows at a rate of 1 TB each week.The company needs to automate backups of the data to the AWS Cloud.Backups of the data must occur daily. The company needs a solution that applies customfilters to back up only a subset of the data that is located in designated source directories.The company has set up an AWS Direct Connect connection.Which solution will meet the backup requirements with the LEAST operational overhead?

A. Use the Amazon S3 CopyObject API operation with multipart upload to copy the existingdata to Amazon S3. Use the CopyObject API operation to replicate new data to Amazon S3daily.
B. Create a backup plan in AWS Backup to back up the data to Amazon S3. Schedule thebackup plan to run daily.
C. Install the AWS DataSync agent as a VM that runs on the on-premises hypervisor.Configure a DataSync task to replicate the data to Amazon S3 daily.
D. Use an AWS Snowball Edge device for the initial backup. Use AWS DataSync forincremental backups to Amazon S3 daily.

Question # 53

A company needs to migrate an on-premises SFTP site to AWS. The SFTP site currentlyruns on a Linux VM. Uploaded files are made available to downstream applications throughan NFS share.As part of the migration to AWS, a solutions architect must implement high availability. Thesolution must provide external vendors with a set of static public IP addresses that thevendors can allow. The company has set up an AWS Direct Connect connection betweenits on-premises data center and its VPC.Which solution will meet these requirements with the least operational overhead?

A. Create an AWS Transfer Family server, configure an internet-facing VPC endpoint forthe Transfer Family server, specify an Elastic IP address for each subnet, configure theTransfer Family server to pace files into an Amazon Elastic Files System (Amazon EFS)file system that is deployed across multiple Availability Zones Modify the configuration onthe downstream applications that access the existing NFS share to mount the EFSendpoint instead.
B. Create an AWS Transfer Family server. Configure a publicly accessible endpoint for theTransfer Family server. Configure the Transfer Family server to place files into an AmazonElastic Files System [Amazon EFS} the system that is deployed across multiple AvailabilityZones. Modify the configuration on the downstream applications that access the existingNFS share to mount the its endpoint instead.
C. Use AWS Application Migration service to migrate the existing Linux VM to an AmazonEC2 instance. Assign an Elastic IP address to the EC2 instance. Mount an Amazon ElasticFie system (Amazon EFS) the system to the EC2 instance. Configure the SFTP server toplace files in. the EFS file system. Modify the configuration on the downstream applicationsthat access the existing NFS share to mount the EFS endpoint instead.
D. Use AWS Application Migration Service to migrate the existing Linux VM to an AWSTransfer Family server. Configure a publicly accessible endpoint for the Transfer Familyserver. Configure the Transfer Family sever to place files into an Amazon FSx for Lusterthe system that is deployed across multiple Availability Zones. Modify the configuration onthe downstream applications that access the existing NFS share to mount the FSx forLuster endpoint instead.

Question # 54

A company's factory and automaton applications are running in a single VPC More than 23applications run on a combination of Amazon EC2, Amazon Elastic Container Service(Amazon ECS), are Amazon RDS.The company has software engineers spread across three teams. One of the three teamsowns each application, and each team is responsible for the cost and performance of all ofits applications. Team resources have tags that represent their application and team. Thelearns use IAH access for daily activities.The company needs to determine which costs on the monthly AWS bill are attributable toeach application or team. The company also must be able to create reports to comparecosts item the last 12 months and to help forecast costs tor the next 12 months. A solutionarchitect must recommend an AWS Billing and Cost Management solution that provides these cost reports.Which combination of actions will meet these requirement? Select THREE.)

A. Activate the user-defined cost allocation tags that represent the application and theteam.
B. Activate the AWS generated cost allocation tags that represent the application and theteam.
C. Create a cost category for each application in Billing and Cost Management
D. Activate IAM access to Billing and Cost Management.
E. Create a cost budget
F. Enable Cost Explorer.

Question # 55

A company's compliance audit reveals that some Amazon Elastic Block Store (AmazonEBS) volumes that were created in an AWS account were not encrypted. A solutionsarchitect must Implement a solution to encrypt all new EBS volumes at restWhich solution will meet this requirement with the LEAST effort?

A. Create an Amazon EventBridge rule to detect the creation of unencrypted EBS volumes.Invoke an AWS Lambda function to delete noncompliant volumes.
B. Use AWS Audit Manager with data encryption.
C. Create an AWS Config rule to detect the creation of a new EBS volume. Encrypt thevolume by using AWS Systems Manager Automation.
D. Turn in EBS encryption by default in all AWS Regions.

Testimonials

Dumps4download SAP-C02 study Guide provides the most valid material among all the dumps providing sites. It is satisfying for so many people around the globe. My all the attempts without Dumps4download were unsuccessful so I chose it and aced the exam. I will choose it for all the next exams because it is fully satisfied for me.

XKXqQRoVsnawKxU

I have never met a person who used Dumps4download SAP-C02 study Guide and got disappointed. It brings full satisfaction for you if you work hard. I think it is better because of its simplicity and easiness that suites to all the candidates. I prepared my exams very easily because of its help.

Evan

To use a guide for SAP-C02 is obvious. Almost everyone uses dumps but the best dumps material in my view is Dumps4download because they have set questions in the actual simulation. So you don't find any difficult to solve questions in the real situation as well. Because you are trained to do this beforehand by Dumps4download.

safa

To buy Dumps4download SAP-C02 study Guide is equal to the result card in your hands with handsome grades. To this guide means to let all the worries be off. I was very much worried about my exams but later I was suggested Dumps4download and by preparing I through all the worries away because now I was confident for the results. Their name is because of their standard material that fulfills the needs of the candidates.

tech

SAP-C02 is considered a difficult task for normal learners but now Dumps4download has made everything far more easy for everyone by producing their material suitable even for average students. The more you work the more you gain, same is with their material.

HBkgcXIW

Cisco

Microsoft

Amazon