Free Amazon SAP-C02 Exam Questions

Question 1

A company has implemented a global multiplayer gaming platform The platform requires gaming clients to have reliable, low-latency access to the server infrastructure that is hosted on a fleet of Amazon EC2 instances in a single AWS Region The gaming clients use a custom TCP protocol to connect to the server infrastructure The application architecture requires client IP addresses to be available to the server software Which solution meets these requirements?

A : eate a Network Load Balancer (NLB), and add the EC2 instances to a target group Create an Amazon CloudFront Real Time Messaging Protocol (RTMP) distribution and configure the origin to point to the DNS endpoint of the NLB Use proxy protocol version 2 headers to preserve client IP addresses

B : an AWS Direct Connect gateway to connect multiple Direct Connect locations in different Regions globally Configure Amazon Route 53 with geolocation routing to send traffic to the nearest Direct Connect location Associate the VPC that contains the EC2 instances with the Direct Connect gateway

C : eate an accelerator in AWS Global Accelerator and configure the listener to point to a single endpoint group Add each of the EC2 instances as endpoints to the endpoint group Configure the endpoint group weighting equally across all of the EC2 endpoints

D : eate an Application Load Balancer (ALB) and add the EC2 instances to a target group Create a set of Amazon Route 53 latency-based alias records that point to the DNS endpoint of the ALB Use X-Forwarded-For headers to preserve client IP addresses

Answer: B

Question 2

A company runs an application on Amazon EC2 and AWS Lambd a. The application stores temporary data in Amazon 53. The 53 objects are deleted after 24 hours. The company deploys new versions of the application by launching AWS CloudFormation stacks. The stacks create the required resources. After validating a new version, the company deletes the old stack. The deletion of an old development stack recently failed. A solutions architect needs to resolve this Issue without major architecture changes. Which solution will meet these requirements?

A : Create a Lambda function to delete objects from an 53 bucket. Add the Lambda function as acustom resource in the CloudFormation stack with a DependsOn attribute that points to the S3 bucket resource.

B : Modify the CkxidFormatton stack to attach a DeletionPolicy attribute with a value of Delete to the S3 bucket.

C : Update the CloudFormation stack to add a DeletionPolicy attribute with a value of Snapshot for the S3 bucket resource.

D : Update the CloudFormation template to create an Amazon EFS file system to store temporary files Instead of Amazon S3. Configure the Lambda functions to run in the same VPC as the EFS file system

Answer: A

Question 3

A retail company is running an application that stores invoice files in an Amazon S3 bucket and metadata

about the files in an Amazon DynamoDB table. The application software runs in both us-east-1 and eu-west-1

The S3 bucket and DynamoDB table are in us-east-1. The company wants to protect itself from data

corruption and loss of connectivity to either Region

Which option meets these requirements?

A : Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable continuousbackup on the DynamoDB table in us-east-1. Enable versioning on the S3 bucket

B : Create an AWS Lambda function triggered by Amazon CloudWatch Events to make regular backups ofthe DynamoDB table Set up S3 cross-region replication from us-east-1 to eu-west-1 Set up MFA deleteon the S3 bucket in us-east-1.

C : Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable versioningon the S3 bucket Implement strict ACLs on the S3 bucket

D : Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable continuousbackup on the DynamoDB table in us-east-1. Set up S3 cross-region replication from us-east-1 toeu-west-1.

Answer: B

Question 4

A company wants to improve the security of its cloud resources by ensuring that all running EC2 instances were launched from pre-approved AMIs only, which are set by the Security team. Their Development team has an agile CI/CD process which should not be stalled by the new automated solution that they’ll implement. Any new application release must be deployed first before the solution could analyze if it is using a pre-approved AMI or not.

Which of the following options enforces the required controls with the LEAST impact on the development process? (Select TWO.)

A : t up IAM policies to restrict the ability of users to launch EC2 instances based on a specific set of pre-approved AMIs which were tagged by the Security team.

B : Set up Amazon Inspector to do regular scans using a custom assessment template to determine if the EC2 instance is based upon a pre-approved AMI. Terminate the instances and inform the Security team by email about the security breach.

C : t up the required policies, roles, and permissions to a centralized IT Operations team, which will manually process the security approval steps to ensure that EC2 instances are only launched from pre-approved AMIs.

D : t up AWS Config rules to determine any launches of EC2 instances based on non-approved AMIs and then trigger an AWS Lambda function to automatically terminate the instance. Afterward, publish a message to an SNS topic to inform the Security team about the occurrence.

E : t up a scheduled Lambda function to search through the list of running EC2 instances within your VPC and determine if any of these are based on unauthorized AMIs. Afterward, publish a new message to an SNS topic to inform the Security team that this occurred and then terminate the EC2 instance.

Answer: A,D

Question 5

A startup is building a web app that lets users post photos of good deeds in their neighborhood with a 143-character caption/article. The developers decided to write the application in ReactJS, a popular javascript framework so that it would run on the broadest range of browsers, mobile phones, and tablets. The app should provide access to Amazon DynamoDB to store the caption. The initial prototype shows that there aren't large spikes in usage.

Which option provides the most cost-effective and scalable architecture for this application?

A : nfigure the ReactJS client with temporary credentials from the Security Token Service using a Token Vending Machine (TVM) on an EC2 instance. This will provide signed credentials to an IAM user allowing GET and PUT operations in the DynamoDB table and the S3 bucket. You serve your mobile application out of an S3 bucket enabled as a website.

B : nfigure the ReactJS client with temporary credentials from the Security Token Service using a Token Vending Machine (TVM) to provide signed credentials to an IAM user. This will allow GET and PUT operations to DynamoDB. Serve your web application from an NGINX server hosted in a fleet of EC2 instances that are load-balanced and auto-scaled. Your EC2 instances are configured with an IAM role that allows GET and PUT operations in DynamoDB.

C : gister the web application with a Web Identity Provider such as Google, Facebook, Amazon, or any other popular social site. Create an IAM role for that web provider and set up permissions for the IAM role to allow GET and PUT operations in DynamoDB. Serve your web application from an NGINX server hosted on a fleet of EC2 instances, with a load balancer and auto-scaling. Add an IAM role to the EC2 instance to allow GET and PUT operations to DynamoDB tables.

D : gister the web application with a Web Identity Provider such as Google, Facebook, Amazon, or from any other popular social sites and use the AssumeRoleWithWebIdentity API of STS to generate temporary credentials. Create an IAM role for that web provider and set up permissions for the IAM role to allow GET and PUT operations in Amazon S3 and DynamoDB. Serve your web app out of an S3 bucket enabled as a website.

Answer: D