Passing the Amazon AWS Certified Solutions Architect – Professional (SAP-C01) exam is absolutely challenging! You need to update the AWS SAP-C01 dumps pdf >>> https://www.pass4itsure.com/aws-solution-architect-professional.html (SAP-C01 exam questions total 827).
I will mention, free SAP-C01 pdf download, latest SAP-C01 test questions…
Where can I find good practice exams for AWS SAP-C01?
You are the one who is looking for more practice tests to improve your abilities before taking the real exam. Try the practice test provided by Pass4itSure AWS SAP-C01 dumps pdf. Safe, reliable, and the most worry-free.
Free download SAP-C01 pdf format now – Google Drive
SAP-C01 dumps pdf free https://drive.google.com/file/d/1L1UCWyGxzZ0WGsX9hcpsf_QcXG8QSJca/view?usp=sharing
AWS SAP-C01 dumps pdf latest test questions
An organization is setting up a backup and restoring the system in AWS of their on-premise system. The organization needs High Availability(HA) and Disaster Recovery(DR) but is okay to have a longer recovery time to save costs.
Which of the below-mentioned setup options helps achieve the objective of cost-saving as well as DR in the most effective way?
A. Setup pre-configured servers and create AMIs. Use EIP and Route 53 to quickly switch over to AWS from in-premise.
B. Setup the backup data on S3 and transfer data to S3 regularly using the storage gateway.
C. Setup a small instance with AutoScaling; in case of DR start diverting all the load to AWS from on-premise.
D. Replicate on-premise DB to EC2 at regular intervals and set up a scenario similar to the pilot light.
Correct Answer: B
Explanation: AWS has many solutions for Disaster Recovery(DR) and High Availability(HA). When the organization wants to have HA and DR but is okay to have a longer recovery time they should select the option backup and restore with S3.
The data can be sent to S3 using either Direct Connect, Storage Gateway, or over the internet. The EC2 instance will pick the data from the S3 bucket when started and set up the environment. This process takes longer but is very cost-effective due to the low pricing of S3. In all the other options, the EC2 instance might be running or there will be AMI storage costs.
Thus, it will be a costlier option. In this scenario, the organization should plan appropriate tools to take a backup, plan the retention policy for data, and set up the security of the data.
An organization is setting up a web application with the JEE stack. The application uses the JBoss app server and MySQL DB. The application has a logging module that logs all the activities whenever a business function of the JEE application is called. The logging activity takes some time due to the large size of the log file.
If the application wants to set up a scalable infrastructure which of the below-mentioned options will help achieve this setup?
A. Host the log files on EBS with PIOPS which will have higher I/O.
B. Host logging and the app server on separate servers such that they are both in the same zone.
C. Host logging and the app server on the same instance so that the network latency will be shorter.
D. Create a separate module for logging and using SQS compartmentalize the module such that all calls to logging are asynchronous.
Correct Answer: D
Explanation: The organization can always launch multiple EC2 instances in the same region across multiple AZs for HA and DR. The AWS architecture practice recommends compartmentalizing the functionality such that they can both run in parallel without affecting the performance of the main application.
In this scenario, logging takes a longer time due to the large size of the log file. Thus, it is recommended that the organization should separate them out and make separate
modules and make asynchronous calls among them. This way the application can scale as per the requirement and the performance will not bear the impact of logging.
A user is planning to host a web server as well as an app server on a single EC2 instance which is a part of the public subnet of a VPC.
How can the user setup have two separate public IPs and separate security groups for both the application as well as the webserver?
A. Launch VPC with two separate subnets and make the instance a part of both the subnets.
B. Launch a VPC instance with two network interfaces. Assign a separate security group and elastic IP to them.
C. Launch a VPC instance with two network interfaces. Assign a separate security group to each and AWS will assign a separate public IP to them.
D. Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subnet.
Correct Answer: B
If you need to host multiple websites (with different IPs) on a single EC2 instance, the following is the
suggested method from AWS.
Launch a VPC instance with two network interfaces.
Assign elastic IPs from the VPC EIP pool to those interfaces (Because, when the user has attached more than one network interface with an instance, AWS cannot assign public IPs to them.) Assign separate Security Groups if separate Security Groups are needed This scenario also helps for operating network appliances, such as firewalls or load balancers that have multiple private IP addresses for each network interface.
A company is running an application on several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The load on the application varies throughout the day, and EC2 instances are scaled in and out on a regular basis.
Log files from the EC2 instances are copied to a central Amazon S3 bucket every 15 minutes. The security team discovers that log files are missing from some of the terminated EC2 instances.
Which set of actions will ensure that log files are copied to the central S3 bucket from the terminated EC2 instances?
A. Create a script to copy log files to Amazon S3, and store the script in a file on the EC2 instance. Create an Auto Scaling lifecycle hook and an Amazon EventBridge (Amazon CloudWatch Events) rule to detect lifecycle events from the Auto Scaling group. Invoke an AWS Lambda function on the autoscaling: EC2_INSTANCE_TERMINATING transition to send ABANDON to the Auto Scaling group to prevent termination run the script to copy the log files, and terminate the instance using the AWS SDK.
B. Create an AWS Systems Manager document with a script to copy log files to Amazon S3. Create an Auto Scaling lifecycle hook and an Amazon EventBridge (Amazon CloudWatch Events) rule to detect lifecycle events from the Auto Scaling group. Invoke an AWS Lambda function on the autoscaling: EC2_INSTANCE_TERMINATING transition to calling the AWS Systems Manager API SendCommand operation to run the document to copy the log files and send CONTINUE to the Auto Scaling group to terminate the instance.
C. Change the log delivery rate to every 5 minutes. Create a script to copy log files to Amazon S3, and add the script to EC2 instance user data Create an Amazon EventBridge (Amazon CloudWatch Events) rule to detect EC2 instance termination. Invoke an AWS Lambda function from the EventBridge (CloudWatch Events) rule that uses the AWS CLI to run the user-data script to copy the log files and terminate the instance.
D. Create an AWS Systems Manager document with a script to copy log files to Amazon S3. Create an Auto Scaling lifecycle hook that publishes a message to an Amazon Simple Notification Service (Amazon SNS) topic. From the SNS a notification call the AWS Systems Manager API SendCommand operation to run the document to copy the log files and send ABANDON to the Auto Scaling group to terminate the instance.
Correct Answer: D
What is the default maximum number of VPCs allowed per region?
Correct Answer: A
The maximum number of VPCs allowed per region is 5.
A user is trying to create a vault in AWS Glacier. The user wants to enable notifications.
In which of the below-mentioned options can the user enable the notifications from the AWS console?
A. Glacier does not support the AWS console
B. Archival Upload Complete
C. Vault Upload Job Complete
D. Vault Inventory Retrieval Job Complete
Correct Answer: D
From the AWS console, the user can configure to have notifications sent to Amazon Simple Notifications Service (SNS). The user can select specific jobs that, on completion, will trigger the notifications such as Vault Inventory Retrieval Job Complete and Archive Retrieval Job Complete.
A company has several Amazon EC2 instances to both public and private subnets within a VPC that is not connected to the corporate network.
A security group associated with the EC2 instances allows the company to use the Windows remote desktop protocol (RDP) over the internet to access the instances. The security team has noticed connection attempts from unknown sources. The company wants to implement a more secure solution to access the EC2 instances.
Which strategy should a solutions architect implement?
A. Deploy a Linux bastion host on the corporate network that has access to all instances in the VPC.
B. Deploy AWS Systems Manager Agent on the EC2 instances. Access the EC2 instances using Session Manager restricting access to users with permission.
C. Deploy a Linux bastion host with an Elastic IP address in the public subnet. Allow access to the bastion host from 0.0.0.0/0.
D. Establish a Site-to-Site VPN connecting the corporate network to the VPC. Update the security groups to allow access from the corporate network only.
Correct Answer: A
A group of research institutions and hospitals are in a partnership to study 2 PBs of genomic data. The institute that owns the data stores it in an Amazon S3 bucket and updates it regularly. The institute would like to give all of the organizations in the partnership read access to the data. All members of the partnership are extremely cost-conscious, and the institute that owns the account with the S3 bucket is concerned about covering the costs for requests and data transfers from Amazon S3.
Which solution allows for secure data sharing without causing the institute that owns the bucket to assume all the costs for S3 requests and data transfers?
A. Ensure that all organizations in the partnership have AWS accounts. In the account with the S3 bucket, create a cross-account role for each account in the partnership that allows read access to the data. Have the organizations assume and use that read role when accessing the data.
B. Ensure that all organizations in the partnership have AWS accounts. Create a bucket policy on the bucket that owns the data. The policy should allow the accounts in the partnership to read access to the bucket. Enable Requester Pays on the bucket. Have the organizations use their AWS credentials when accessing the data.
C. Ensure that all organizations in the partnership have AWS accounts. Configure buckets in each of the accounts with a bucket policy that allows the institute that owns the data the ability to write to the bucket. Periodically sync the data from the institute\’s account to the other organizations. Have the organizations use their AWS credentials when accessing the data using their accounts.
D. Ensure that all organizations in the partnership have AWS accounts. In the account with the S3 bucket, create a cross-account role for each account in the partnership that allows read access to the data. Enable Requester Pays on the bucket. Have the organizations assume and use that read role when accessing the data.
Correct Answer: A
A company has used infrastructure as code (IaC) to provision a set of two Amazon EC2 instances. The instances have remained the same for several years.
The company\’s business has grown rapidly in the past few months. In response, the company\’s operations team has implemented an Auto Scaling group to manage the sudden increases in traffic. Company policy requires a monthly installation of security updates on all operating systems that are running.
The most recent security update required a reboot. As a result, the Auto Scaling group terminated the instances and replaced them with new, unpatched instances.
Which combination of steps should a solutions architect recommend to avoid a recurrence of this issue? (Choose two.)
A. Modify the Auto Scaling group by setting the Update policy to target the oldest launch configuration for replacement.
B. Create a new Auto Scaling group before the next patch maintenance. During the maintenance window, patch both groups and reboot the instances.
C. Create an Elastic Load Balancer in front of the Auto Scaling group. Configure monitoring to ensure that target group health checks return healthy after the Auto Scaling group replaces the terminated instances.
D. Create automation scripts to patch an AMI, update the launch configuration, and invoke an Auto Scaling instance refresh.
E. Create an Elastic Load Balancer in front of the Auto Scaling group. Configure termination protection on the instances.
Correct Answer: AC
Reference: https://medium.com/@endofcake/using-terraform-for-zero-downtime-updates-of-an-autoscaling-group-inaws-60faca582664 https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-add-elb-healthcheck.html
In Amazon Cognito what is a silent push notification?
A. It is a push message that is received by your application on a user\\’s device that will not be seen by the user.
B. It is a push message that is received by your application on a user\\’s device that will return the user\\’s geolocation.
C. It is a push message that is received by your application on a user\\’s device that will not be heard by the user.
D. It is a push message that is received by your application on a user\\’s device that will return the user\\’s authentication credentials.
Correct Answer: A
Amazon Cognito uses the Amazon Simple Notification Service (SNS) to send silent push notifications to devices. A silent push notification is a push message that is received by your application on a user\\’s device that will not be seen by the user.
A solutions architect is implementing federated access to AWS for users of the company\’s mobile application. Due to regulatory and security requirements, the application must use a custom-built solution for authenticating users and must use IAM roles for authorization.
Which of the following actions would enable authentication and authorization and satisfy the requirements? (Choose two.)
A. Use a custom-built SAML-compatible solution for authentication and AWS SSO for authorization.
B. Create a custom-built LDAP connector using Amazon API Gateway and AWS Lambda for authentication. Store
authorization tokens in Amazon DynamoDB, and validate authorization requests using another Lambda function that reads the credentials from DynamoDB.
C. Use a custom-built OpenID Connect-compatible solution with AWS SSO for authentication and authorization.
D. Use a custom-built SAML-compatible solution that uses LDAP for authentication and uses a SAML assertion to perform authorization to the IAM identity provider.
E. Use a custom-built OpenID Connect-compatible solution for authentication and use Amazon Cognito for authorization.
Correct Answer: AC
A company has a complex web application that leverages Amazon CloudFront for global scalability and performance. Over time, users report that the web application is slowing down.
The company\\’s operations team reports that the CloudFront cache hit ratio has been dropping steadily.
The cache metrics report indicates that query strings on some URLs are inconsistently ordered and are
specified sometimes in mixed-case letters and sometimes in lowercase letters.
Which set of actions should the solutions architect take to increase the cache hit ratio as quickly as possible?
A. Deploy a [email protected] function to sort parameters by name and force them to be lowercase. Select the CloudFront viewer request trigger to invoke the function.
B. Update the CloudFront distribution to disable caching based on query string parameters.
C. Deploy a reverse proxy after the load balancer to post-process the emitted URLs in the application to force the URL strings to be lowercase.
D. Update the CloudFront distribution to specify case-insensitive query string processing.
Correct Answer: B
Thank you also for using our practice test! You can check out our other free Amazon AWS practice tests for your next exam here https://www.examdemosimulation.com/category/amazon-exam-practice-test/
AWS Certified Professional exam, exams are hard, but it’s not the hardest exam. According to what I said at the beginning, a really in-depth understanding of SAP-C01 dumps pdf is very easy.
Full SAP-C01 dumps pdf https://www.pass4itsure.com/aws-solution-architect-professional.html (SAP-C01 PDF +SAP-C01 VCE)
Pass4itSure You can fully trust, with years of exam experience, always offering the latest exam practice tests! Help you get through.
Have a great 2022 ahead!