Practice SAP-C02 Exam Online

Question 1

A company has built a high performance computing (HPC) cluster in AWS for a tightly coupled workload that

generates a large number of shared files stored in Amazon EFS. The cluster was performing well when the

number of Amazon EC2 instances in the cluster was 100. However, when the company increased the cluster

size to 1,000 EC2 instances, overall performance was well below expectations

Which collection of design choices should a solutions architect make to achieve the maximum performance

from the HPC cluster? (Select THREE.)

A :

Ensure the HPC cluster is launched within a single Availability Zone.

B :

Launch the EC2 instances and attach elastic network interfaces in multiples of four.

C :

Select EC2 instance types with an Elastic Fabric Adapter (EFA) enabled

D : Ensure the cluster is launched across multiple Availability Zones.

E : Replace Amazon EFS with multiple Amazon EBS volumes in a RAID array.

F : Replace Amazon EFS with Amazon FSx for Lustre.

Answer: A,C

Question 2

A large company has multiple AWS accounts with multiple IAM Users that launch different types of Amazon EC2 instances and EBS volumes every day. As a result, most accounts quickly hit the service limit and IAM users can no longer create any new instances. When cleaning up the AWS accounts, the solutions architect noticed that the majority of the instances and volumes are untagged. Therefore, it is difficult to pinpoint the owner of these resources and verify if they are safe to terminate. Because of this, the management had issued a new protocol that requires adding a predefined set of tags before anyone can launch their EC2 instances.

Which of the following options is the simplest way to enforce this new requirement?

A : Configure AWS Organizations to group different accounts into separate Organizational Units (OU) depending on the business function. Create a rule in AWS Config requiring users to tag specific resources and raise an alert whenever the rule is violated. The Config Rule should allow a user to launch EC2 instances only if the user adds all the tags defined in the rule. If the user applies any other tag then the action is denied

B : Configure AWS Organizations to group different accounts into separate Organizational Units (OU) depending on the business function. Create a rule using AWS Systems Manager requiring users to tag specific resources and raise an alert whenever the rule is violated. This will allow a user to launch EC2 instances only if certain tags were defined. If the user applies any other tag then the action is denied.

C : Apply an IAM policy to the individual member accounts of the OU that includes a Condition element in the policy containing the ForAllValues qualifier and the aws:TagKeys condition. This policy will require its principals to attach specific tags to their resources during creation.

D : Configure AWS Organizations to group different accounts into separate Organizational Units (OU) depending on the business function. Create a Service Control Policy that restricts launching any AWS resources without a tag by including the Condition element in the policy which uses the ForAllValues qualifier and the aws:TagKeys condition. This policy will require its principals to tag resources during creation. Apply the SCP to the OU which will automatically cascade the policy to individual member accounts.

Answer: D

Question 3

An e-commerce company is revamping its IT infrastructure and is planning to use AWS services. The

company's CIO has asked a solutions architect to design a simple, highly available, and loosely coupled order

processing application. The application is responsible (or receiving and processing orders before storing them

in an Amazon DynamoDB table. The application has a sporadic traffic pattern and should be able to scale

during markeling campaigns to process the orders with minimal delays.

Which of the following is the MOST reliable approach to meet the requirements?

A : Receive the orders in an Amazon EC2-hosted database and use EC2 instances to process them.

B : Receive the orders in an Amazon SOS queue and trigger an AWS Lambda function lo process them.

C : Receive the orders using the AWS Step Functions program and trigger an Amazon ECS container lo process them.

D : Receive the orders in Amazon Kinesis Data Streams and use Amazon EC2 instances to process them

Answer: B

Question 4

A company uses AWS Organizations for a multi-account setup in the AWS Cloud. The company uses AWS

Control Tower for governance and uses AWS Transit Gateway for VPC connectivity across accounts.

In an AWS application account, the company's application team has deployed a web application that uses

AWS Lambda and Amazon RDS. The company's database administrators have a separate DBA account and

use the account to centrally manage all the databases across the organization. The database administrators use

an Amazon EC2 instance that is deployed in the DBA account to access an RDS database that is deployed in

the application account.

The application team has stored the database credentials as secrets in AWS Secrets Manager in the application

account. The application team is manually sharing the secrets with the database administrators. The secrets are

encrypted by the default AWS managed key for Secrets Manager in the application account. A solutions

architect needs to implement a solution that gives the database administrators access to the database and

eliminates the need to manually share the secrets.

Which solution will meet these requirements?

A :

Use AWS Resource Access Manager (AWS RAM) to share the secrets from the application account

with the DBA account. In the DBA account, create an IAM role that is named DBA-Admin. Grant the

role the required permissions to access the shared secrets. Attach the DBA-Admin role to the EC2

instance for access to the cross-account secrets.

B :

In the application account, create an IAM role that is named DBA-Secret. Grant the role the required

permissions to access the secrets. In the DBA account, create an IAM role that is named DBA-Admin.

Grant the DBA-Admin role the required permissions to assume the DBA-Secret role in the application

account. Attach the DBA-Admin role to the EC2 instance for access to the cross-account secrets.

C :

In the DBA account, create an IAM role that is named DBA-Admin. Grant the role the required

permissions to access the secrets and the default AWS managed key in the application account. In the

application account, attach resource-based policies to the key to allow access from the DBA account.

Attach the DBA-Admin role to the EC2 instance for access to the cross-account secrets.

D :

In the DBA account, create an IAM role that is named DBA-Admin. Grant the role the required

permissions to access the secrets in the application account. Attach an SCP to the application account to

allow access to the secrets from the DBA account. Attach the DBA-Admin role to the EC2 instance for

access to the cross-account secrets.

Answer: A

Question 5

A startup develops Internet-Of-Things (IoT) devices that provide health monitoring for dogs and cats which is integrated into their collars. The startup has an engineering team to build a smart pet collar that collects biometric information of the pet every second and then sends it to a web portal through a POST API request. The Solutions Architect has been tasked to set up the API services and the web portal that will accept and process the biometric data as well as provide complete trends and health reports to pet owners around the globe. The portal should be highly durable, available, and scalable with an additional feature for showing real-time biometric data analytics and monitoring.

Which of the following is the best architecture that the Solutions Architect should implement to meet the above requirement?

A :

1. Use Amazon Kinesis Data Streams to collect the incoming biometric data.

2. Analyze the data using Amazon Kinesis and show the results in a real-time dashboard.

3. Set up a simple data aggregation process and pass the results to Amazon S3.

4. Store the data to Amazon Redshift, configured with automated backups, to handle complex analytics.

B :

1. Create an Amazon S3 bucket to collect the incoming biometric data from the smart pet collar.

2. Use Amazon Data Pipeline to run a data analysis task in the S3 bucket every day.

3. Use Amazon Redshift as the online analytic processing (OLAP) database for the web portal.

C :

1. Create an Amazon SQS queue to collect the incoming biometric data.

2. Analyze the data from SQS with Amazon Kinesis.

3. Store the results to an Amazon RDS for MySQL database.

D :

1. Launch an Amazon Elastic MapReduce instance to collect the incoming biometrics data.

2. Use Amazon Kinesis to analyze the data.

3. Save the results to an Amazon DynamoDB table.

Answer: A

Name:	AWS Certified Solutions Architect- Professional
Exam Code:	SAP-C02
Certification:	AWS Certified Professional
Vendor:	Amazon
Total Questions:	891
Last Updated:	Apr 22, 2024

Amazon SAP-C02