Free Amazon SAP-C02 Exam Questions

Question 1

A company plans to deploy a new private intranet service on Amazon EC2 instances inside a VPC. An AWS Site-to-Site VPN connects the VPC to the company's on-premises network. The new service must communicate with existing on-premises services The on-premises services are accessible through the use of hostnames that reside in the company example DNS zone This DNS zone is wholly hosted on premises and is available only on the company's private network. A solutions architect must ensure that the new service can resolve hostnames on the company example domain to integrate with existing services. Which solution meets these requirements?

A : Create an empty private zone in Amazon Route 53 for company example Add an additional NS record to the company's on-premises company example zone that points to the authoritative name servers for the new private zone in Route 53

B : Turn on DNS hostnames for the VPC Configure a new outbound endpoint with Amazon Route 53 Resolver. Create a Resolver rule to forward requests for company example to the on-premises name servers

C : Turn on DNS hostnames for the VPC Configure a new inbound resolver endpointwith Amazon Route 53 Resolver. Configure the on-premises DNS server to forward requests for company example to the new resolver.

D : Use AWS Systems Manager to configure a run document that will install a hosts file that contains any required hostnames. Use an Amazon EventBndge rule to run the document when an instance is entering the running state.

Answer: B

Question 2

A company is migrating its on-premises file transfer solution to AWS Transfer Family. The onpremises host includes an SFTP server to receive files, an application that performs a transformation of the files, and a messaging server. The transformations run every 5 minutes. When a transformation is complete, the application sends a message to a queue on the messaging server. The company needs to simplify the solution and reduce the management of the components. What should the company do to meet these requirements with the LEAST operational overhead?

A : Configure Transfer Family to use Amazon EFS storage. Use a cron job on Amazon EFS to perform the transformations. Configure the cron job to publish a message to an Amazon SNS topic when a file has been transformed.

B : Configure Transfer Family to use Amazon S3 storage. Use Amazon EMR to perform the transformations. Configure Amazon EMR to send a message to an Amazon SNS topic when a file has been transformed.

C : Configure Transfer Family to use Amazon S3 storage. Use AWS Glue to perform the transformations after S3 event notifications. Configure AWS Glue to send a message to an Amazon SQS queue when a file has been transformed.

D : Configure Transfer Family to use Amazon EFS storage. Create an AWS Glue time-based job to run every 5 minutes to initiate an AWS Glue transformation. Configure AWS Glue to send a message to an Amazon SQS queue when a file has been transformed.

Answer: C

Question 3

IoT sensors are manufactured with certificates from a private C A. They must only connect to AWS after physical installation.

A : Use Lambda as apre-provisioning hookto validate serial number before registration.

B : Use Step Functions to validate before provisioning.

C : Use Lambda hook but register CA and enable auto-registration.

D : Use provisioning template and claim certificates without validation.

Answer: A

Question 4

A company is using AWS to develop and manage its production web application. The application includes anAmazon API Gateway HTTP API that invokes an AWS Lambda function. The Lambda function processesand then stores data in a database.The company wants to implement user authorization for the web application in an integrated way. Thecompany already uses a third-party identity provider that issues OAuth tokens for the company's otherapplications.Which solution will meet these requirements?

A : Integrate the company's third-party identity provider with API Gateway. Configure an API GatewayLambda authorizer to validate tokens from the identity provider. Require the Lambda authorizer on allAPI routes. Update the web application to get tokens from the identity provider and include the tokensin the Authorization header when calling the API Gateway HTTP API.

B : Integrate the company's third-party identity provider with AWS Directory Service. Configure DirectoryService as an API Gateway authorizer to validate tokens from the identity provider. Require theDirectory Service authorizer on all API routes. Configure AWS IAM Identity Center as a SAML 2.0identity provider. Configure the web application as a custom SAML 2.0 application.

C : Integrate the company's third-party identity provider with AWS IAM Identity Center. Configure APIGateway to use IAM Identity Center for zero-configuration authentication and authorization. Updatethe web application to retrieve AWS STS tokens from IAM Identity Center and include the tokens inthe Authorization header when calling the API Gateway HTTP API.

D : Integrate the company's third-party identity provider with AWS IAM Identity Center. Configure IAMusers with permissions to call the API Gateway HTTP API. Update the web application to extractrequest parameters from the IAM users and include the parameters in the Authorization header whencalling the API Gateway HTTP API.

Answer: A

Question 5

IoT sensors are manufactured with certificates from a private C A. They must only connect to AWS after physical installation.

A : Use Lambda as apre-provisioning hookto validate serial number before registration.

B : Use Step Functions to validate before provisioning.

C : Use Lambda hook but register CA and enable auto-registration.

D : Use provisioning template and claim certificates without validation.

Answer: A