Today, earning AWS Certified Professional SAP-C01 certification is one of the most productive investments to accelerate your career. The Amazon SAP-C01 certification exam is one of the most important exams that many IT aspirants dream of. You must have valid SAP-C01 exam dumps question preparation materials to prepare for the exam.
Pass4itSure Latest version SAP-C01 dumps Mar2022 https://www.pass4itsure.com/aws-solution-architect-professional.html is your best preparation material to ensure you successfully pass the exam and become certified.
Check out the following free SAP-C01 dumps Mar2022 practice questions(1-12)
An organization is undergoing a security audit. The auditor wants to view the AWS VPC configurations as the organization has hosted all the applications in the AWS VPC. The auditor is from a remote place and wants to have access to AWS to view all the VPC records.
How can the organization meet the expectations of the auditor without compromising the security of its AWS infrastructure?
A. The organization should not accept the request as sharing the credentials means compromising security.
B. Create an IAM role that will have read-only access to all EC2 services including VPC and assign that role to the auditor.
C. Create an IAM user who will have read-only access to the AWS VPC and share those credentials with the auditor.
D. The organization should create an IAM user with VPC full access but set a condition that will not allow modifying anything if the request is from any IP other than the organization\\’s data center.
Correct Answer: C
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user\\’s AWS account. The user can create subnets as per the requirement within a VPC. The VPC also works with IAM and the organization can create IAM users who have access to various VPC services. If an auditor wants to have access to the AWS VPC to verify the rules, the organization
should be careful before sharing any data which can allow making updates to the AWS infrastructure.
In this scenario, it is recommended that the organization creates an IAM user who will have read-only access to the VPC. Share the above-mentioned credentials with the auditor as it cannot harm the organization. The sample policy is given below:
“Effect”:”Allow”, “Action”: [ “ec2:DescribeVpcs”, “ec2:DescribeSubnets”,
“ec2: DescribeInternetGateways”, “ec2:DescribeCustomerGateways”, “ec2:DescribeVpnGateways”,
“ec2:DescribeVpnConnections”, “ec2:DescribeRouteTables”, “ec2:DescribeAddresses”, “ec2:DescribeSecurityGroups”,
“ec2:DescribeNetworkAcls”, “ec2:DescribeDhcpOptions”, “ec2:DescribeTags”, “ec2:DescribeInstances”
IAM users do not have permission to create Temporary Security Credentials for federated users and roles by default. In contrast, IAM users can call __ without the need of any special permissions
Correct Answer: C
Currently the STS API command GetSessionToken is available to every IAM user in your account without previous permission. In contrast, the GetFederationToken command is restricted and explicit permissions need to be granted so a user can issue calls to this particular Action.
What is the role of the PollForTask action when it is called by a task runner in AWS Data Pipeline?
A. It is used to retrieve the pipeline definition.
B. It is used to report the progress of the task runner to AWS Data Pipeline.
C. It is used to receive a task to perform from AWS Data Pipeline.
D. It is used to inform AWS Data Pipeline of the outcome when the task runner completes a task.
Correct Answer: C
Task runners call PollForTask to receive a task to perform from AWS Data Pipeline. If tasks are ready in the work queue, PollForTask returns a response immediately. If no tasks are available in the queue, PollForTask uses longpolling and holds on to a poll connection for up to 90 seconds, during which time any newly scheduled tasks are handed to the task agent.
Your remote worker should not call PollForTask again on the same worker group until it receives a response, and this may take up to 90 seconds.
Which of the following is true of an instance profile when an IAM role is created using the console?
A. The instance profile uses a different name.
B. The console gives the instance profile the same name as the role it corresponds to.
C. The instance profile should be created manually by a user.
D. The console creates the role and instance profile as separate actions.
Correct Answer: B
Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the console, the console creates an instance profile automatically and gives it the same name as the role it corresponds to.
If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role and instance profile as separate actions, and you might give them different names.
A company is configuring connectivity to a multi-account AWS environment to support application workloads that serve users in a single geographic region. The workloads depend on a highly available, on-premises legacy system deployed across two locations.
It is critical for the AWS workloads to maintain connectivity to the legacy system, and a minimum of 5 Gbps of bandwidth is required. All application workloads within AWS must have connectivity with one another.
Which solution will meet these requirements?
A. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from a DX partner for each on? remises location. Create private virtual interfaces on each connection for each AWS account VPC. Associate the private virtual interface with a virtual private gateway attached to each VPC.
B. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from two DX partners for each on-premises location. Create and attach a virtual private gateway for each AWS account VPC. Create a DX gateway in a central network account and associate it with the virtual private gateways. Create a public virtual interface on each DX connection and associate the interface with the DX gateway.
C. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from two DX partners for each on-premises location. Create a transit gateway and a DX gateway in a central network account. Create a transit virtual interface for each DX interface and associate them with the DX gateway. Create a gateway association between the DX
gateway and the transit gateway.
D. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from a DX partner for each on-premises location. Create and attach a virtual private gateway for each AWS account VPC. Create a transit gateway in a central network account and associate it with the virtual private gateways. Create a transit virtual interface on each DX
connection and attach the interface to the transit gateway.
Correct Answer: B
True or False: “In the context of Amazon ElastiCache, from the application\’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node.”
A. True, from the application\’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node since, each has a unique node identifier.
B. True, from the application\’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node.
C. False, you can connect to a cache node, but not to a cluster configuration endpoint.
D. False, you can connect to a cluster configuration endpoint, but not to a cache node.
Correct Answer: B
This is true. From the application\’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node.
In the process of connecting to cache nodes, the application resolves the configuration endpoint\’s DNS name. Because the configuration endpoint maintains CNAME entries for all of the cache nodes, the DNS name resolves to one of the nodes; the client can then connect to that node.
An AWS partner company is building a service in AWS Organizations using its organization named org1. This service requires the partner company to have access to AWS resources in a customer account, which is in a separate organization named org2.
The company must establish least privilege security access using an API or command-line tool to the customer account.
What is the MOST secure way to allow org1 to access resources in org2?
A. The customer should provide the partner company with their AWS account access keys to log in and perform the required tasks.
B. The customer should create an IAM user and assign the required permissions to the IAM user. The customer should then provide the credentials to the partner company to log in and perform the required tasks.
C. The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role\’s Amazon Resource Name (ARN) when requesting access to perform the required tasks.
D. The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role\’s Amazon Resource Name (ARN), including the external ID in the IAM role\’s trust policy, when requesting access to perform the required tasks.
Correct Answer: B
A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect must implement a solution that the company can use to share a common network across multiple accounts.
The company\’s infrastructure team has a dedicated infrastructure account that has a VPC. The infrastructure team must use this account to manage the network. Individual accounts cannot have the ability to manage their own networks. However, individual accounts must be able to create AWS resources within subnets.
Which combination of actions should the solutions architect perform to meet these requirements? (Choose two.)
A. Create a transit gateway in the infrastructure account.
B. Enable resource sharing from the AWS Organizations management account.
C. Create VPCs in each AWS account within the organization in AWS Organizations. Configure the VPCs to share the same CIDR range and subnets as the VPC in the infrastructure account. Peer the VPCs in each individual account with the VPC in the infrastructure account.
D. Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to associate with the resource share.
E. Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each prefix-list to associate with the resource share.
Correct Answer: BE
A company has an application that generates a weather forecast that is updated every 15 minutes with an output resolution of 1 billion unique positions, each approximately 20 bytes in size (20 Gigabytes per forecast).
Every hour, the forecast data is globally accessed approximately 5 million times (1,400 requests per second), and up to 10 times more
during weather events.
The forecast data is overwritten in every update. Users of the current weather forecast application expect responses to queries to be returned in less than two seconds for each request.
Which design meets the required request rate and response time?
A. Store forecast locations in an Amazon ES cluster. Use an Amazon CloudFront distribution targeting an Amazon API Gateway endpoint with AWS Lambda functions responding to queries as the origin. Enable API caching on the API Gateway stage with a cache-control timeout set for 15 minutes.
B. Store forecast locations in an Amazon EFS volume. Create an Amazon CloudFront distribution that targets an Elastic Load Balancing group of an Auto Scaling fleet of Amazon EC2 instances that have mounted the Amazon EFS volume. Set the cache-control timeout for 15 minutes in the CloudFront distribution.
C. Store forecast locations in an Amazon ES cluster. Use an Amazon CloudFront distribution targeting an API Gateway endpoint with AWS Lambda functions responding to queries as the origin. Create an Amazon [email protected] function that caches the data locally at edge locations for 15 minutes.
D. Store forecast locations in Amazon S3 as individual objects. Create an Amazon CloudFront distribution targeting an Elastic Load Balancing group of an Auto Scaling fleet of EC2 instances, querying the origin of the S3 object. Set the cache-control timeout for 15 minutes in the CloudFront distribution.
Correct Answer: C
The following are AWS Storage services? (Choose two.)
A. AWS Relational Database Service (AWS RDS)
B. AWS ElastiCache
C. AWS Glacier
D. AWS Import/Export
Correct Answer: CD
An organization is trying to set up a VPC with Auto Scaling. Which configuration steps below are not required to set up AWS VPC with Auto Scaling?
A. Configure the Auto Scaling group with the VPC ID in which instances will be launched.
B. Configure the Auto Scaling Launch configuration with multiple subnets of the VPC to enable the Multi-AZ feature.
C. Configure the Auto Scaling Launch configuration which does not allow assigning a public IP to instances.
D. Configure the Auto Scaling Launch configuration with the VPC security group.
Correct Answer: B
The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an Auto Scaling group.
Before creating the Auto Scaling group it is recommended that the user creates the Launch configuration. Since it is a VPC, it is recommended to select the parameter which does not allow assigning a public IP to the instances.
The user should also set the VPC security group with the Launch configuration and select the subnets where the instances will be launched in the AutoScaling group. The HA will be provided as the subnets may be a part of separate AZs.
A company has a web application that allows users to upload short videos. The videos are stored on Amazon EBS volumes and analyzed by custom recognition software for categorization.
The website contains static content that has variable traffic with peaks in certain months. The architecture consists of Amazon EC2 instances running in an Auto Scaling group for the web application and EC2 instances running in an Auto Scaling group to process an Amazon SQS-queue.
The company wants to re-architect the application to reduce
operational overhead using AWS managed services where possible and remove dependencies on third-party software.
Which solution meets these requirements?
A. Use Amazon ECS containers for the web application and Spot instances for the Scaling group that processes the SQS queue. Replace the custom software with Amazon Rekognition to categorize the videos.
B. Store the uploaded videos in Amazon EFS and mount the file system to the EC2 instances for the web application. Process the SQS queue with an AWS Lambda function that calls the Amazon Rekognition API to categorize the videos.
C. Host the web application in Amazon S3. Store the uploaded videos in Amazon S3. Use S3 event notification to publish events to the SQS queue. Process the SQS queue with an AWS Lambda function that calls the Amazon Rekognition API to categorize the videos.
D. Use AWS Elastic Beanstalk to launch EC2 instances in an Auto Scaling group for the application and launch a working environment to process the SQS queue. Replace the custom software with Amazon Rekognition to categorize the videos.
Correct Answer: A
In addition, free SAP-C01 dumps Mar2022 PDF format is shared for you to download
Free SAP-C01 Dumps Pdf Question [google drive] https://drive.google.com/file/d/1gGGeMsq3YyCxavxldDOlVIagJ4ieNQmL/view?usp=sharing
After the above testing, you have a good experience with the latest version of SAP-C01 dumps Mar2022, so using the full Amazon SAP-C01 dumps https://www.pass4itsure.com/aws-solution-architect-professional.html easily earn your AWS Certified Professional certification.
Past articles about the SAP-C01 exam https://www.examdemosimulation.com/amazon-aws-sap-c01-dumps-pdf-top-trending-exam-questions-update/