AWS Certified Solutions Architect Professional (SAP C02)

The AWS Certified Solutions Architect Professional (SAP C02) were last updated on today.

Viewing page 2 out of 270 pages.
Viewing questions 6-10 out of 1,350 questions

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
- Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #6 Topic 1

A finance company is running its business-critical application on current-generation Linux EC2 instances. The application includes a self-managed MySQL database performing heavy I/O operations. The application is working fine to handle a moderate amount of traffic during the month. However, it slows down during the final three days of each month due to month-end reporting, even though the company is using Elastic Load Balancers and Auto Scaling within its infrastructure to meet the increased demand. Which of the following actions would allow the database to handle the month-end load with the LEAST impact on performance?

A Pre-warming Elastic Load Balancers, using a bigger instance type, changing all Amazon EBS volumes to GP2 volumes.
B Performing a one-time migration of the database cluster to Amazon RDS, and creating several additional read replicas to handle the load during end of month.
C Using Amazon CloudWatch with AWS Lambda to change the type, size, or IOPS of Amazon EBS volumes in the cluster based on a specific CloudWatch metric.
D Replacing all existing Amazon EBS volumes with new PIOPS volumes that have the maximum available storage size and I/O per second by taking snapshots before the end of the month and reverting back afterwards.

Suggested Answer: B
NOTE: Answer is :B
Explanation :Performing a one-time migration of the database cluster to Amazon RDS, and creating several additional read replicas can help in balancing the heavy load at the end of the month. This is because Amazon RDS is a managed service that makes it easier to set up, operate, and scale a relational database, including MySQL, in the cloud. Read replicas in RDS can take a heavy read traffic load off of the primary db instance, thereby allowing the application to handle higher traffic during the high load period.

Question #7 Topic 1

A large company is running a popular web application. The application runs on several Amazon EC2 Linux instances in an Auto Scaling group in a private subnet. An Application Load Balancer is targeting the instances in the Auto Scaling group in the private subnet. AWS Systems Manager Session Manager is configured, and AWS Systems Manager Agent is running on all the EC2 instances. The company recently released a new version of the application. Some EC2 instances are now being marked as unhealthy and are being terminated. As a result, the application is running at reduced capacity. A solutions architect tries to determine the root cause by analyzing Amazon CloudWatch logs that are collected from the application, but the logs are inconclusive. How should the solutions architect gain access to an EC2 instance to troubleshoot the issue?

A Suspend the Auto Scaling group’s HealthCheck scaling process. Use Session Manager to log in to an instance that is marked as unhealthy.
B Enable EC2 instance termination protection. Use Session Manager to log in to an instance that is marked as unhealthy.
C Set the termination policy to OldestInstance on the Auto Scaling group. Use Session Manager to log in to an instance that is marked an unhealthy.
D Suspend the Auto Scaling group’s Terminate process. Use Session Manager to log in to an instance that is marked as unhealthy.

Suggested Answer: A
NOTE: Answer is :A
Explanation :Suspend the Auto Scaling group’s HealthCheck scaling process. Use Session Manager to log in to an instance is a more direct and less harmful way to handle the situation. By doing so, the Auto Scaling process can still run, while providing a chance to log in to the unhealthy instance for troubleshooting, without triggering unnecessary instance termination.

Question #8 Topic 1

A solutions architect is auditing the security setup or an AWS Lambda function for a company. The Lambda function retrieves, the latest changes from an Amazon Aurora database. The Lambda function and the database run in the same VPC. Lambda environment variables are providing the database credentials to the Lambda function. The Lambda function aggregates data and makes the data available in an Amazon S3 bucket that is configured for server-side encryption with AWS KMS managed encryption keys (SSE-KMS). The data must not travel across the Internet. If any database credentials become compromised, the company needs a solution that minimizes the impact of the compromise. What should the solutions architect recommend to meet these requirements?

A Enable IAM database authentication on the Aurora DB cluster. Change the IAM role for the Lambda function to allow the function to access the database by using IAM database authentication. Deploy a gateway VPC endpoint for Amazon S3 in the VPC.
B Enable IAM database authentication on the Aurora DB cluster. Change the IAM role for the Lambda function to allow the function to access the database by using IAM database authentication. Enforce HTTPS on the connection to Amazon S3 during data transfers.
C Save the database credentials in AWS Systems Manager Parameter Store. Set up password rotation on the credentials in Parameter Store. Change the IAM role for the Lambda function to allow the function to access Parameter Store. Modify the Lambda function to retrieve the credentials from Parameter Store. Deploy a gateway VPC endpoint for Amazon S3 in the VPC.
D Save the database credentials in AWS Secrets Manager. Set up password rotation on the credentials in Secrets Manager. Change the IAM role for the Lambda function to allow the function to access Secrets Manager. Modify the Lambda function to retrieve the credentials from Secrets Manager. Enforce HTTPS on the connection to Amazon S3 during data transfers.

Suggested Answer: A
NOTE: Answer is :A
Explanation :IAM database authentication and a gateway VPC endpoint for Amazon S3 in the VPC provide the needed security in this scenario. IAM for database is more secure, negating the need for storing database credentials. Meanwhile, a gateway VPC endpoint for Amazon S3 will allow the data to transfer without crossing the public Internet.

Question #9 Topic 1

A company is developing and hosting several projects in the AWS Cloud. The projects are developed across multiple AWS accounts under the same organization in AWS Organizations. The company requires the cost for cloud infrastructure to be allocated to the owning project. The team responsible for all of the AWS accounts has discovered that several Amazon EC2 instances are lacking the Project tag used for cost allocation. Which actions should a solutions architect lake to resolve the problem and prevent it from happening in the future? (Choose three.)

A Create an AWS Config rule in each account to find resources with missing tags.
B Create an SCP in the organization with a deny action for ec2:RunInstances if the Project tag is missing.
C Use Amazon Inspector in the organization to find resources with missing tags.
D Create an IAM policy in each account with a deny action for ec2:RunInstances if the Project tag is missing.
E Create an AWS Config aggregator for the organization to collect a list of EC2 instances with the missing Project tag.
F Use AWS Security Hub to aggregate a list of EC2 instances with the missing Project tag.

Suggested Answer: ABE
NOTE: Answer is :A,B,E
Explanation :AWS Config can discover resources with missing tags, SCP can enforce necessary tagging policies, and AWS Config aggregator can collect the list of instances with the missing tags efficiently which would help to resolve the issue.

Question #10 Topic 1

A company runs a Java application that has complex dependencies on VMs that are in the company's data center. The application is stable. but the company wants to modernize the technology stack. The company wants to migrate the application to AWS and minimize the administrative overhead to maintain the servers. Which solution will meet these requirements with the LEAST code changes?

A Migrate the application to Amazon Elastic Container Service (Amazon ECS) on AWS Fargate by using AWS App2Container. Store container images in Amazon Elastic Container Registry (Amazon ECR). Grant the ECS task execution role permission 10 access the ECR image repository. Configure Amazon ECS to use an Application Load Balancer (ALB). Use the ALB to interact with the application.
B Migrate the application code to a container that runs in AWS Lambda. Build an Amazon API Gateway REST API with Lambda integration. Use API Gateway to interact with the application.
C Migrate the application to Amazon Elastic Kubernetes Service (Amazon EKS) on EKS managed node groups by using AWS App2Container. Store container images in Amazon Elastic Container Registry (Amazon ECR). Give the EKS nodes permission to access the ECR image repository. Use Amazon API Gateway to interact with the application.
D Migrate the application code to a container that runs in AWS Lambda. Configure Lambda to use an Application Load Balancer (ALB). Use the ALB to interact with the application.

Suggested Answer: A
NOTE: Answer is :A
Explanation :Option A is the best choice since ECS on AWS Fargate is a managed service that will minimize the overhead of maintaining servers. The application does not need to be adapted and re-coded to a serverless architecture as in options B and D, or switch to a different orchestration service like in option C. This means less code changes, which aligns with the requirement. AWS App2Container is a tool that helps containerize applications that are currently being run on-premises, thus it enable smooth migration to AWS. The other components such as ALB, ECR are all fitting well into this scenario