AWS Certified Solutions Architect Professional (SAP C02)

The AWS Certified Solutions Architect Professional (SAP C02) were last updated on today.

Viewing page 6 out of 270 pages.
Viewing questions 26-30 out of 1,350 questions

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
- Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #26 Topic 1

A company’s factory and automation applications are running in a single VPC. More than 20 applications run on a combination of Amazon EC2, Amazon Elastic Container Service (Amazon ECS), and Amazon RDS. The company has software engineers spread across three teams. One of the three teams owns each application, and each time is responsible for the cost and performance of all of its applications. Team resources have tags that represent their application and team. The teams use IAM access for daily activities. The company needs to determine which costs on the monthly AWS bill are attributable to each application or team. The company also must be able to create reports to compare costs from the last 12 months and to help forecast costs for the next 12 months. A solutions architect must recommend an AWS Billing and Cost Management solution that provides these cost reports. Which combination of actions will meet these requirements? (Choose three.)

A Activate the user-define cost allocation tags that represent the application and the team.
B Activate the AWS generated cost allocation tags that represent the application and the team.
C Create a cost category for each application in Billing and Cost Management.
D Activate IAM access to Billing and Cost Management.
E Create a cost budget.
F Enable Cost Explorer.

Suggested Answer: ACF
NOTE: Answer is :A, C, F
Explanation :Option A: Activating the user-defined cost allocation tags that represent the application and the team would help in attributing costs to each application or team, thereby helping in cost management. Option C: Creating a cost category for each application in Billing and Cost Management would help in attributing the costs to each application. Option F: Enabling Cost Explorer would provide the capability to view and analyze cost and usage. It helps in visualizing, understanding, and managing AWS costs and usage over time. This can help in creating reports to compare costs and forecast future costs.

Question #27 Topic 1

A company has an application that runs as a ReplicaSet of multiple pods in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The EKS cluster has nodes in multiple Availability Zones. The application generates many small files that must be accessible across all running instances of the application. The company needs to back up the files and retain the backups for 1 year. Which solution will meet these requirements while providing the FASTEST storage performance?

A Create an Amazon Elastic File System (Amazon EFS) file system and a mount target for each subnet that contains nodes in the EKS cluster. Configure the ReplicaSet to mount the file system. Direct the application to store files in the file system. Configure AWS Backup to back up and retain copies of the data for 1 year.
B Create an Amazon Elastic Block Store (Amazon EBS) volume. Enable the EBS Multi-Attach feature. Configure the ReplicaSet to mount the EBS volume. Direct the application to store files in the EBS volume. Configure AWS Backup to back up and retain copies of the data for 1 year.
C Create an Amazon S3 bucket. Configure the ReplicaSet to mount the S3 bucket. Direct the application to store files in the S3 bucket. Configure S3 Versioning to retain copies of the data. Configure an S3 Lifecycle policy to delete objects after 1 year.
D Configure the ReplicaSet to use the storage available on each of the running application pods to store the files locally. Use a third-party tool to back up the EKS cluster for 1 year.

Suggested Answer: A
NOTE: Answer is :A
Explanation :Amazon Elastic File System (Amazon EFS) provides the capability for multiple pods to have simultaneous read and write access to the shared storage. It has automatic backup and can retain the backup for a whole year. It is also designed for high performance applications and can handle the generation of many small files.

Question #28 Topic 1

A financial services company in North America plans to release a new online web application to its customers on AWS. The company will launch the application in the us-east-1 Region on Amazon EC2 instances. The application must be highly available and must dynamically scale to meet user traffic. The company also wants to implement a disaster recovery environment for the application in the us-west-1 Region by using active-passive failover. Which solution will meet these requirements?

A Create a VPC in us-east-1 and a VPC in us-west-1. Configure VPC peering. In the us-east-1 VPC, create an Application Load Balancer (ALB) that extends across multiple Availability Zones in both VPCs. Create an Auto Scaling group that deploys the EC2 instances across the multiple Availability Zones in both VPCs. Place the Auto Scaling group behind the ALB.
B Create a VPC in us-east-1 and a VPC in us-west-1. In the us-east-1 VPC, create an Application Load Balancer (ALB) that extends across multiple Availability Zones in that VPC. Create an Auto Scaling group that deploys the EC2 instances across the multiple Availability Zones in the us-east-1 VPC. Place the Auto Scaling group behind the ALSet up the same configuration in the us-west-1 VPC. Create an Amazon Route 53 hosted zone. Create separate records for each ALEnable health checks to ensure high availability between Regions.
C Create a VPC in us-east-1 and a VPC in us-west-1. In the us-east-1 VPC, create an Application Load Balancer (ALB) that extends across multiple Availability Zones in that VPCreate an Auto Scaling group that deploys the EC2 instances across the multiple Availability Zones in the us-east-1 VPPlace the Auto Scaling group behind the ALB. Set up the same configuration in the us-west-1 VPCreate an Amazon Route 53 hosted zone. Create separate records for each ALB. Enable health checks and configure a failover routing policy for each record.
D Create a VPC in us-east-1 and a VPC in us-west-1. Configure VPC peering. In the us-east-1 VPC, create an Application Load Balancer (ALB) that extends across multiple Availability Zones in both VPCs. Create an Auto Scaling group that deploys the EC2 instances across the multiple Availability Zones in both VPCs. Place the Auto Scaling group behind the ALB. Create an Amazon Route 53 hosted zone. Create a record for the ALB.

Suggested Answer: C
NOTE: Answer is :C
Explanation :Option C satisfies all the requirements of the scenario. Firstly, creation of a VPC in us-east-1 and us-west-1 allows for a setup that spans across different regions. The creation of an Application Load Balancer (ALB) in each VPC extending across multiple Availability Zones helps to ensure high availability within each VPC. The Aut Scaling group deploys the EC2 instances across the multiple Availability Zones in each VPC providing dynamic scaling. With a Route 53 Hosted Zone and separate records for each ALB, it enables health checks to maintain high availability. Lastly, a failover routing policy for each record fulfills the need for a disaster recovery environment with active-passive failover.

Question #29 Topic 1

A company has a website that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB is associated with an AWS WAF web ACL. The website often encounters attacks in the application layer. The attacks produce sudden and significant increases in traffic on the application server. The access logs show that each attack originates from different IP addresses. A solutions architect needs to implement a solution to mitigate these attacks. Which solution will meet these requirements with the LEAST operational overhead?

A Create an Amazon CloudWatch alarm that monitors server access. Set a threshold based on access by IP address. Configure an alarm action that adds the IP address to the web ACL’s deny list.
B Deploy AWS Shield Advanced in addition to AWS WAF. Add the ALB as a protected resource.
C Create an Amazon CloudWatch alarm that monitors user IP addresses. Set a threshold based on access by IP address. Configure the alarm to invoke an AWS Lambda function to add a deny rule in the application server’s subnet route table for any IP addresses that activate the alarm.
D Inspect access logs to find a pattern of IP addresses that launched the attacks. Use an Amazon Route 53 geolocation routing policy to deny traffic from the countries that host those IP addresses.

Suggested Answer: B
NOTE: Answer is :B
Explanation :AWS Shield Advanced provides cost-effective protection for resources deployed on AWS against DDoS attacks. It is designed to prevent sudden and significant increases in traffic, which makes it a good fit for the company's situation. Though AWS WAF also provides protection but as the question requires least operational overhead, choosing AWS Shield Advanced is a more efficient solution because you don't have to maintain an IP deny list or manually inspect logs.

Question #30 Topic 1

A solutions architect needs to assess a newly acquired company’s portfolio of applications and databases. The solutions architect must create a business case to migrate the portfolio to AWS. The newly acquired company runs applications in an on-premises data center. The data center is not well documented. The solutions architect cannot immediately determine how many applications and databases exist. Traffic for the applications is variable. Some applications are batch processes that run at the end of each month. The solutions architect must gain a better understanding of the portfolio before a migration to AWS can begin. Which solution will meet these requirements?

A Use AWS Server Migration Service (AWS SMS) and AWS Database Migration Service (AWS DMS) to evaluate migration. Use AWS Service Catalog to understand application and database dependencies.
B Use AWS Application Migration Service. Run agents on the on-premises infrastructure. Manage the agents by using AWS Migration Hub. Use AWS Storage Gateway to assess local storage needs and database dependencies.
C Use Migration Evaluator to generate a list of servers. Build a report for a business case. Use AWS Migration Hub to view the portfolio. Use AWS Application Discovery Service to gain an understanding of application dependencies.
D Use AWS Control Tower in the destination account to generate an application portfolio. Use AWS Server Migration Service (AWS SMS) to generate deeper reports and a business case. Use a landing zone for core accounts and resources.

Suggested Answer: C
NOTE: Answer is :C
Explanation :Option C is the most suitable because it provides a comprehensive approach to understanding and assessing the environment prior to migration. The Migration Evaluator would aid in identifying the servers and building a business case, the AWS Migration Hub would offer a centralized view of the portfolio and, the AWS Application Discovery Service would aid in understanding application dependencies.