AWS Certified Solutions Architect Professional (SAP C02)

The AWS Certified Solutions Architect Professional (SAP C02) were last updated on today.
  • Viewing page 4 out of 270 pages.
  • Viewing questions 16-20 out of 1,350 questions
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #16 Topic 1

A video streaming company recently launched a mobile app for video sharing. The app uploads various files to an Amazon S3 bucket in the us-east-1 Region. The files range in size from 1 GB to 10 GB. Users who access the app from Australia have experienced uploads that take long periods of time. Sometimes the files fail to completely upload for these users. A solutions architect must improve the app’s performance for these uploads. Which solutions will meet these requirements? (Choose two.)

  • A Enable S3 Transfer Acceleration on the S3 bucket. Configure the app to use the Transfer Acceleration endpoint for uploads.
  • B Configure an S3 bucket in each Region to receive the uploads. Use S3 Cross-Region Replication to copy the files to the distribution S3 bucket.
  • C Set up Amazon Route 53 with latency-based routing to route the uploads to the nearest S3 bucket Region.
  • D Configure the app to break the video files into chunks. Use a multipart upload to transfer files to Amazon S3.
  • E Modify the app to add random prefixes to the files before uploading.
Suggested Answer: AD
NOTE: Answer is :A,D
Explanation :S3 Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations to help speed up the transfer of files into your S3 bucket over long distances. This feature can significantly improve the upload speed for users in Australia. Multipart upload allows you to upload a single object as a set of parts, this way if a part fails to upload it can be redone without affecting others. Both solutions are effective in enhancing the performance of video file uploads especially over long distances and for large files.
Question #17 Topic 1

A publishing company's design team updates the icons and other static assets that an ecommerce web application uses. The company serves the icons and assets from an Amazon S3 bucket that is hosted in the company's production account. The company also uses a development account that members of the design team can access. After the design team tests the static assets in the development account, the design team needs to load the assets into the S3 bucket in the production account. A solutions architect must provide the design team with access to the production account without exposing other parts of the web application to the risk of unwanted changes. Which combination of steps will meet these requirements? (Choose three.)

  • A In the production account, create a new IAM policy that allows read and write access to the S3 bucket.
  • B In the development account, create a new IAM policy that allows read and write access to the S3 bucket.
  • C In the production account, create a role Attach the new policy to the role. Define the development account as a trusted entity.
  • D In the development account, create a role. Attach the new policy to the role Define the production account as a trusted entity.
  • E In the development account, create a group that contains all the IAM users of the design team Attach a different IAM policy to the group to allow the sts:AssumeRole action on the role In the production account.
  • F In the development account, create a group that contains all the IAM users of the design team Attach a different IAM policy to the group to allow the sts:AssumeRole action on the role in the development account.
Suggested Answer: ACE
NOTE: Answer is :A, C, E
Explanation :This is because the design team needs both read and write access to the S3 bucket in the production account. Therefore, a new IAM policy should be created in the production account (A). To allow access to the S3 bucket without exposing other parts of the application, a role should be created in the production account and the new policy should be attached to this role. Also, the development account should be defined as a trusted entity (C). Finally, in the development account, a group containing all IAM users of the design team can be created. A different IAM policy should be attached to this group to allow the sts:AssumeRole action on the role in the production account (E). The other choices either create unnecessary access or do not provide enough access.
Question #18 Topic 1

A company is running an application in the AWS Cloud. Recent application metrics show inconsistent response times and a significant increase in error rates. Calls to third-party services are causing the delays. Currently, the application calls third-party services synchronously by directly invoking an AWS Lambda function. A solutions architect needs to decouple the third-party service calls and ensure that all the calls are eventually completed. Which solution will meet these requirements?

  • A Use an Amazon Simple Queue Service (Amazon SQS) queue to store events and invoke the Lambda function.
  • B Use an AWS Step Functions state machine to pass events to the Lambda function.
  • C Use an Amazon EventBridge rule to pass events to the Lambda function.
  • D Use an Amazon Simple Notification Service (Amazon SNS) topic to store events and Invoke the Lambda function.
Suggested Answer: A
NOTE: Answer is :A
Explanation :Amazon Simple Queue Service (SQS) allows decoupling of microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message oriented middleware, and empowers developers to focus on differentiating work. In this case, decoupling third-party service calls and ensuring all the calls are eventually completed can be achieved by storing events in SQS and then invoking the Lambda function, thereby ensuring application reliability and consistent response time.
Question #19 Topic 1

A company runs an IoT platform on AWS. IoT sensors in various locations send data to the company’s Node.js API servers on Amazon EC2 instances running behind an Application Load Balancer. The data is stored in an Amazon RDS MySQL DB instance that uses a 4 TB General Purpose SSD volume. The number of sensors the company has deployed in the field has increased over time, and is expected to grow significantly. The API servers are consistently overloaded and RDS metrics show high write latency. Which of the following steps together will resolve the issues permanently and enable growth as new sensors are provisioned, while keeping this platform cost-efficient? (Choose two.)

  • A Resize the MySQL General Purpose SSD storage to 6 TB to improve the volume’s IOPS.
  • B Re-architect the database tier to use Amazon Aurora instead of an RDS MySQL DB instance and add read replicas.
  • C Leverage Amazon Kinesis Data Streams and AWS Lambda to ingest and process the raw data.
  • D Use AWS X-Ray to analyze and debug application issues and add more API servers to match the load.
  • E Re-architect the database tier to use Amazon DynamoDB instead of an RDS MySQL DB instance.
Suggested Answer: BC
NOTE: Answer is :B, C
Explanation :B is chosen because Amazon Aurora provides better performance than MySQL. It allows read replicas which can enhance the performance by dividing the read traffic among multiple instances. C is chosen because Amazon Kinesis Data Streams and AWS Lambda can be used to ingest and process the raw data. This effectively streams the data from the IoT sensors, reducing the overload at the API server and reducing the write latency at the DB side.
Question #20 Topic 1

A company has developed a web application. The company is hosting the application on a group of Amazon EC2 instances behind an Application Load Balancer. The company wants to improve the security posture of the application and plans to use AWS WAF web ACLs. The solution must not adversely affect legitimate traffic to the application. How should a solutions architect configure the web ACLs to meet these requirements?

  • A Set the action of the web ACL rules to Count. Enable AWS WAF logging. Analyze the requests for false positives. Modify the rules to avoid any false positive. Over time, change the action of the web ACL rules from Count to Block.
  • B Use only rate-based rules in the web ACLs, and set the throttle limit as high as possible. Temporarily block all requests that exceed the limit. Define nested rules to narrow the scope of the rate tracking.
  • C Set the action of the web ACL rules to Block. Use only AWS managed rule groups in the web ACLs. Evaluate the rule groups by using Amazon CloudWatch metrics with AWS WAF sampled requests or AWS WAF logs.
  • D Use only custom rule groups in the web ACLs, and set the action to Allow. Enable AWS WAF logging. Analyze the requests for false positives. Modify the rules to avoid any false positive. Over time, change the action of the web ACL rules from Allow to Block.
Suggested Answer: A
NOTE: Answer is :A
Explanation :Setting the action of web ACL rules to 'Count' and enabling AWS WAF logging would allow for false positives to be analyzed without affecting legitimate traffic. Once false positives are modified, the function of the web ACL rules can be gradually changed from 'Count' to 'Block' ensuring that security is improved without affecting legitimate traffic.
Previous Questions Next Questions