Dumps Cafe Amazon Web Services-SAP-C02

Text Material Preview

AWS Certified
Solutions Architect -
Professional
Version: Demo
[ Total Questions: 10]
Web: www.dumpscafe.com
Email: support@dumpscafe.com
Amazon Web Services
SAP-C02
https://www.dumpscafe.com
https://www.dumpscafe.com/Braindumps-SAP-C02.html
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any 
suggestions, please feel free to contact us at feedback@dumpscafe.com
Support
If you have any questions about our product, please provide the following items:
exam code
screenshot of the question
login id/email
please contact us at and our technical experts will provide support within 24 hours.support@dumpscafe.com
Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized 
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
Amazon Web Services - SAP-C02Pass Exam
1 of 9Verified Solution - 100% Result
A. 
B. 
C. 
D. 
E. 
A. 
B. 
Category Breakdown
Category Number of Questions
Design Solutions for Organizational Complexity 6
Design for New Solutions 4
TOTAL 10
Question #:1 - [Design Solutions for Organizational Complexity]
A company needs to migrate its on-premises database fleet to Amazon RDS. The company is currently using 
a mixture of Microsoft SQL Server, and Oracle databases. Some of the databases have custom schemas and 
stored procedures.
Which combination of steps should the company take for the migration? (Select TWO.)
Use Migration Evaluator Quick Insights to analyze the source databases and to identify the stored 
procedures that need to be migrated.
Use AWS Application Migration Service to analyze the source databases and to identify the stored 
procedures that need to be migrated.
Use AWS SCT to analyze the source databases for changes that are required.
Use AWS DM5 to migrate the source databases to Amazon RD5.
Use AWS DataSync to migrate the data from the source databases to Amazon RDS.
Answer: C
Question #:2 - [Design for New Solutions]
A company's solutions architect is reviewing a web application that runs on AWS. The application references 
static assets in an Amazon S3 bucket in the us-east-1 Region. The company needs resiliency across multiple 
AWS Regions. The company already has created an S3 bucket in a second Region.
Which solution will meet these requirements with the LEAST operational overhead?
Configure the application to write each object to both S3 buckets. Set up an Amazon Route 53 public 
hosted zone with a record set by using a weighted routing policy for each S3 bucket. Configure the 
application to reference the objects by using the Route 53 DNS name.
Create an AWS Lambda function to copy objects from the S3 bucket in us-east-1 to the S3 bucket in the 
second Region. Invoke the Lambda function each time an object is written to the S3 bucket in us-east-1. 
Set up an Amazon CloudFront distribution with an origin group that contains the two S3 buckets as 
origins.
Amazon Web Services - SAP-C02Pass Exam
2 of 9Verified Solution - 100% Result
C. 
D. 
A. 
B. 
C. 
D. 
Configure replication on the S3 bucket in us-east-1 to replicate objects to the S3 bucket in the second 
Region Set up an Amazon CloudFront distribution with an origin group that contains the two S3 
buckets as origins.
Configure replication on the S3 bucket in us-east-1 to replicate objects to the S3 bucket in the second 
Region. If failover is required, update the application code to load S3 objects from the S3 bucket in the 
second Region.
Answer: C
Explanation
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.
html
Question #:3 - [Design Solutions for Organizational Complexity]
A company is building a solution in the AWS Cloud. Thousands or devices will connect to the solution and 
send data. Each device needs to be able to send and receive data in real time over the MQTT protocol. Each 
device must authenticate by using a unique X.509 certificate.
Which solution will meet these requirements with the LEAST operational overhead?
Set up AWS loT Core. For each device, create a corresponding Amazon MQ queue and provision a 
certificate. Connect each device to Amazon MQ.
Create a Network Load Balancer (NLB) and configure it with an AWS Lambda authorizer. Run an 
MQTT broker on Amazon EC2 instances in an Auto Scaling group. Set the Auto Scaling group as the 
target for the NLB. Connect each device to the NLB.
Set up AWS loT Core. For each device, create a corresponding AWS loT thing and provision a 
certificate. Connect each device to AWS loT Core.
Set up an Amazon API Gateway HTTP API and a Network Load Balancer (NLB). Create integration 
between API Gateway and the NLB. Configure a mutual TLS certificate authorizer on the HTTP API. 
Run an MQTT broker on an Amazon EC2 instance that the NLB targets. Connect each device to the 
NLB.
Answer: C
Explanation
This solution requires minimal operational overhead, as it only requires setting up AWS IoT Core and 
creating a thing for each device. (Reference: AWS Certified Solutions Architect - Professional Official 
Amazon Text Book, Page 537)
AWS IoT Core is a fully managed service that enables secure, bi-directional communication between internet-
connected devices and the AWS Cloud. It supports the MQTT protocol and includes built-in device 
Amazon Web Services - SAP-C02Pass Exam
3 of 9Verified Solution - 100% Result
A. 
B. 
C. 
D. 
authentication and access control. By using AWS IoT Core, the company can easily provision and manage the 
X.509 certificates for each device, and connect the devices to the service with minimal operational overhead.
Question #:4 - [Design Solutions for Organizational Complexity]
A company is designing its network configuration in the AWS Cloud. The company uses AWS Organizations 
to manage a multi-account setup. The company has three OUs. Each OU contains more than 100 AWS 
accounts. Each account has a single VPC, and all the VPCs in each OU are in the same AWS Region.
The CIDR ranges for all the AWS accounts do not overlap. The company needs to implement a solution in 
which VPCs in the same OU can communicate with each other but cannot communicatewith VPCs in other 
OUs.
Which solution will meet these requirements with the LEAST operational overhead?
Create an AWS CloudFormation stack set that establishes VPC peering between accounts in each OU. 
Provision the stack set in each OU.
In each OU, create a dedicated networking account that has a single VPC. Share this VPC with all the 
other accounts in the OU by using AWS Resource Access Manager (AWS RAM). Create a VPC 
peering connection between the networking account and each account in the OU.
Provision a transit gateway in an account in each OU. Share the transit gateway across the organization 
by using AWS Resource Access Manager (AWS RAM). Create transit gateway VPC attachments for 
each VPC.
In each OU, create a dedicated networking account that has a single VPC. Establish a VPN connection 
between the networking account and the other accounts in the OU. Use third-party routing software to 
route transitive traffic between the VPCs.
Answer: C
Explanation
Comprehensive and Detailed in Depth Explanation:
C is correct because AWS Transit Gateway is the most scalable and efficient way to interconnect hundreds of 
VPCs. By deploying one transit gateway per OU and sharing it with AWS RAM, each OU can isolate its 
network traffic and maintain internal communication without affecting or exposing other OUs.
References:
AWS Transit Gateway Best Practices
Using RAM with Transit Gateway
Question #:5 - [Design Solutions for Organizational Complexity]
Amazon Web Services - SAP-C02Pass Exam
4 of 9Verified Solution - 100% Result
A. 
B. 
C. 
D. 
A company's public API runs as tasks on Amazon Elastic Container Service (Amazon ECS). The tasksrun on 
AWS Fargate behind an Application Load Balancer (ALB) and are configured with Service Auto Scaling for 
the tasks based on CPU utilization. This service has been running well for several months.
Recently, API performance slowed down and made the application unusable. The company discovered that a 
significant number of SQL injection attacks had occurred against the API and that the API service had scaled 
to its maximum amount.
A solutions architect needs to implement a solution that prevents SQL injection attacks from reaching the 
ECS API service. The solution must allow legitimate traffic through and must maximize operational 
efficiency.
Which solution meets these requirements?
Create a new AWS WAF web ACL to monitor the HTTP requests and HTTPS requests that are 
forwarded to the ALB in front of the ECS tasks.
Create a new AWS WAF Bot Control implementation. Add a rule in the AWS WAF Bot Control 
managed rule group to monitor traffic and allow only legitimate traffic to the ALB in front of the ECS 
tasks.
Create a new AWS WAF web ACL. Add a new rule that blocks requests that match the SQL database 
rule group. Set the web ACL to allow all other traffic that does not match those rules. Attach the web 
ACL to the ALB in front of the ECS tasks.
Create a new AWS WAF web ACL. Create a new empty IP set in AWS WAF. Add a new rule to the 
web ACL to block requests that originate from IP addresses in the new IP set. Create an AWS Lambda 
function that scrapes the API logs for IP addresses that send SQL injection attacks, and add those IP 
addresses to the IP set. Attach the web ACL to the ALB in front of the ECS tasks.
Answer: C
Explanation
The company should create a new AWS WAF web ACL. The company should add a new rule that blocks 
requests that match the SQL database rule group. The company should set the web ACL to allow all other 
traffic that does not match those rules. The company should attach the web ACL to the ALB in front of the 
ECS tasks. This solution will meet the requirements because AWS WAF is a web application firewall that lets 
you monitor and control web requests that are forwarded to your web applications. You can use AWS WAF 
to define customizable web security rules that control which traffic can access your web applications and 
which traffic should be blocked1. By creating a new AWS WAF web ACL, the company can create a 
collection of rules that define the conditions for allowing or blocking web requests. By adding a new rule that 
blocks requests that match the SQL database rule group, the company can prevent SQL injection attacks from 
reaching the ECS API service. The SQL database rule group is a managed rule group provided by AWS that 
contains rules to protect against common SQL injection attack patterns2. By setting the web ACL to allow all 
other traffic that does not match those rules, the company can ensure that legitimate traffic can access the API 
service. By attaching the web ACL to the ALB in front of the ECS tasks, the company can apply the web 
security rules to all requests that are forwarded by the load balancer.
The other options are not correct because:
Amazon Web Services - SAP-C02Pass Exam
5 of 9Verified Solution - 100% Result
A. 
B. 
C. 
D. 
Creating a new AWS WAF Bot Control implementation would not prevent SQL injection attacks from 
reaching the ECS API service. AWS WAF Bot Control is a feature that gives you visibility and control over 
common and pervasive bot traffic that can consume excess resources, skew metrics, cause downtime, or 
perform other undesired activities. However, it does not protect against SQL injection attacks, which are 
malicious attempts to execute unauthorized SQL statements against your database3.
Creating a new AWS WAF web ACL to monitor the HTTP requests and HTTPS requests that are forwarded 
to the ALB in front of the ECS tasks would not prevent SQL injection attacks from reaching the ECS API 
service. Monitoring mode is a feature that enables you to evaluate how your rules would perform without 
actually blocking any requests. However, this mode does not provide any protection against attacks, as it only 
logs and counts requests that match your rules4.
Creating a new AWS WAF web ACL and creating a new empty IP set in AWS WAF would not prevent SQL 
injection attacks from reaching the ECS API service. An IP set is a feature that enables you to specify a list of 
IP addresses or CIDR blocks that you want to allow or block based on their source IP address. However, this 
approach would not be effective or efficient against SQL injection attacks, as it would require constantly 
updating the IP set with new IP addresses of attackers, and it would not block attackers who use proxies or 
VPNs.
References:
https://aws.amazon.com/waf/
https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html#sql-injection-rule-
group
https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html
https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-monitoring-mode.html
https://docs.aws.amazon.com/waf/latest/developerguide/waf-ip-sets.html
Question #:6 - [Design for New Solutions]
A company runs AWS workloads that are integrated with software as a service (SaaS) applications. The 
company needs to analyze the SaaS applications to identify unused licenses. Which solution will meet this 
requirement with the LEAST operational overhead?
Use AWS License Manager automated discovery to retrieve audit logs from the SaaS applications. Use 
Amazon Athena to analyze the data and to identify unused SaaS licenses.
Create an AWS Lambda function to retrieve audit logs from the SaaS applications and to store the data 
in Amazon S3. Use Amazon EMR to analyze the data and to identify unused SaaS licenses.
Use AWS AppFabric to ingest audit logs from the SaaS applications into Amazon S3. Use Amazon 
Athena to analyze the data and to identify unused SaaS licenses.
Use AWS App Runner to ingest audit logs from the SaaS applications into Amazon S3. Use Amazon 
EMR to analyze the data and to identify unused SaaS licenses.
Amazon Web Services - SAP-C02Pass Exam
6 of 9Verified Solution - 100% Result
A. 
B. 
C. 
D. 
A. 
B. 
C. 
D. 
Answer: C
Question #:7 - [Design Solutions for Organizational Complexity]
A company has a website that serves many visitors. The company deploys a backend service for the website 
in a primary AWS Region and a disaster recovery (DR) Region.
A single Amazon CloudFront distribution is deployed for the website. The company creates an Amazon Route 
53 record set with health checks and a failover routing policy for the primary Region's backend service. The 
company configures the Route 53 record set as an origin for the CloudFront distribution. The company 
configures another record set that points to the backend service's endpoint in the DR Region as a secondary 
failover record type. The TTL for both record sets is 60 seconds.
Currently, failover takes more than 1 minute. A solutions architect must design a solution that will provide the 
fastest failover time.
Which solution will achieve this goal?
Deploy an additional CloudFront distribution. Create a new Route 53 failover record set with health 
checks for both CloudFront distributions.
Set the TTL to 1 second for the existing Route 53 record sets that are used for the backend service in 
each Region.
Create new record sets for the backend services by using a latency routing policy. Use the record sets as 
an origin in the CloudFront distribution.
Create a CloudFront origin group that includes two origins, one for each backend service Region. 
Configure origin failover as a cache behavior for the CloudFront distribution.
Answer: D
Question #:8 - [Design for New Solutions]
Question:
A company is replicating an application in asecondary Region. The application usesDynamoDBandRDS for 
MySQL. The secondary Region must function independently during adisaster.
Use DynamoDBglobal tables and an RDS read replica.
Use DAX and a read replica.
Use global tables and RDS Multi-AZ with standby in secondary Region.
Use Streams and Lambda to copy data. Use read replica.
Amazon Web Services - SAP-C02Pass Exam
7 of 9Verified Solution - 100% Result
A. 
B. 
C. 
D. 
Answer: A
Explanation
A is correct because:
DynamoDB global tablesallow for multi-Region, active-active usage.
RDS MySQL read replicain another Region supports read workloads and can bepromotedduring disaster to 
act as a standalone DB.
B is incorrect: DAX is a cache, not a replication mechanism.
C is wrong because Multi-AZ doesn’t span Regions.
D is more manual and error-prone.
Reference:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GlobalTables.
htmlhttps://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html
Question #:9 - [Design Solutions for Organizational Complexity]
A company wants to use AWS IAM Identity Center (AWS Single Sign-On) to manage employee access to 
AWS services. The company uses AWS Organizations to manage its AWS accounts.
Each employee has their own IAM user. Each IAM user is a member of at least one IAM group. Each IAM 
group has an attached policy that allows members to assume
specific roles across the accounts. The roles contain appropriate policies for the expected activities of each 
group of users in each account. All relevant accounts exist inside a single OU.
The company has already created new users and groups in IAM Identity Center to match the permissions that 
exist in IAM.
How should the company use IAM Identity Center to implement the existing permissions?
For each group, create policies in each account. Give the policies the same name in each account. 
Create a new permission set. Add the name of the newpolicies to the permission set. Assign user access 
to the AWS accounts in IAM Identity Center.
For each group, create a new permission set. Attach the relevant existing IAM roles in each account to 
the permission set. Create a new customer managedpolicy that allows the group to assume the roles. 
Assign user access to the AWS accounts in IAM Identity Center.
For each group, create a new permission set. Create policies in each account. Give each policy a unique 
name. Set the path of each policy to match thename of the permission set. Assign user access to the 
AWS accounts in IAM Identity Center.
Add the OU to the accounts configuration in IAM Identity Center. For each group, create policies in 
each account. Create a new permission set. Add the newpolicies to the permission set as customer 
Amazon Web Services - SAP-C02Pass Exam
8 of 9Verified Solution - 100% Result
A. 
B. 
C. 
D. 
managed policies. Attach each new policy to the correct account in the account configuration in IAM 
IdentityCenter.
Answer: B
Explanation
The correct answer is B. This option uses IAM Identity Center to create permission sets that map to the 
existing IAM roles in each account. This way, the company can leverage the existing policies and roles that 
are already configured for the expected activities of each group of users in each account. The company also 
needs to create a customer managed policy that allows the group to assume the roles and attach it to 
thepermission set. This policy grants the necessary permissions for IAM Identity Center to assume the roles 
on behalf of the users. Finally, the company can assign user access to the AWS accounts in IAM Identity 
Center, which will automatically create IAM users and groups in each account based on the permission sets.
Option A is incorrect because it requires creating new policies in each account and giving them the same 
name. This is not necessary and adds complexity and overhead. The company can use the existing IAM roles 
and policies that are already configured for each account.
Option C is incorrect because it requires creating new policies in each account and giving them unique names. 
This is also not necessary and adds complexity and overhead. The company can use the existing IAM roles 
and policies that are already configured for each account.
Option D is incorrect because it requires adding the OU to the accounts configuration in IAM Identity Center. 
This is not supported by IAM Identity Center, which only allows adding individual accounts or all accounts in 
an organization.
Reference: AWS Single Sign-On Permission Sets
Question #:10 - [Design for New Solutions]
A company is running a three-tier web application in an on-premises data center. The frontend is a PHP 
application that is served by an Apache web server. The middle tier is a monolithic Java SE application. The 
storage tier is a 60 TB PostgreSQL database.
The three-tier web application recently crashed and became unresponsive. The database also reached capacity 
because of read operations. The company wants to migrate to AWS to resolve these issues and improve 
scalability,
Which combination of steps will meet these requirements with the LEAST development effort? (Select 
THREE.)
Configure an Auto Scaling group of Amazon EC2 instances behind an Application Load Balancer to 
host the web server. Use Amazon EFS for the frontend static assets.
Host the static single-page application on Amazon S3. Use an Amazon CloudFront distribution to serve 
the application.
Create a Docker container to run the Java SE application. Use AWS Fargate to host the container.
Amazon Web Services - SAP-C02Pass Exam
9 of 9Verified Solution - 100% Result
D. 
E. 
F. 
Create an AWS Elastic Beanstalk environment for Java to host the Java SE application.
Migrate the PostgreSQL database to an Amazon EC2 instance that is larger than the on-
premisesPostgreSQL database.
Use AWS DMS to replatform the PostgreSQL database to an Amazon Aurora PostgreSQL database. 
Use Aurora Auto Scaling for read replicas.
Answer: A D F
About dumpscafe.com
dumpscafe.com was founded in 2007. We provide latest & high quality IT / Business Certification Training Exam 
Questions, Study Guides, Practice Tests.
We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially 
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.
View list of all certification exams: All vendors
 
 
 
We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses 
listed below.
Sales: sales@dumpscafe.com
Feedback: feedback@dumpscafe.com
Support: support@dumpscafe.com
Any problems about IT certification or our products, You can write us back and we will get back to you within 24 
hours.
https://www.dumpscafe.com
https://www.dumpscafe.com/allproducts.html
https://www.dumpscafe.com/Microsoft-exams.html
https://www.dumpscafe.com/Cisco-exams.html
https://www.dumpscafe.com/Citrix-exams.html
https://www.dumpscafe.com/CompTIA-exams.html
https://www.dumpscafe.com/EMC-exams.html
https://www.dumpscafe.com/ISC-exams.html
https://www.dumpscafe.com/Checkpoint-exams.html
https://www.dumpscafe.com/Juniper-exams.html
https://www.dumpscafe.com/Apple-exams.html
https://www.dumpscafe.com/Oracle-exams.html
https://www.dumpscafe.com/Symantec-exams.html
https://www.dumpscafe.com/VMware-exams.html
mailto:sales@dumpscafe.com
mailto:feedback@dumpscafe.com
mailto:support@dumpscafe.com