Amazon SAP-C02 Exam Questions

Question 6 of 529

A retail company needs to provide a series of data files to another company, which is its business partner. These files are saved in an Amazon S3 bucket under Account A, which belongs to the retail company. The business partner company wants one of its IAM users, User_DataProcessor, to access the files from its own AWS account (Account B).
Which combination of steps must the companies take so that User_DataProcessor can access the S3 bucket successfully? (Choose two.)

Turn on the cross-origin resource sharing (CORS) feature for the S3 bucket in Account A.

In Account A, set the S3 bucket policy to the following:
Exam AWS Certified Solutions Architect - Professional SAP-C02: Question 6 - Image 1

In Account A, set the S3 bucket policy to the following:
Exam AWS Certified Solutions Architect - Professional SAP-C02: Question 6 - Image 2

In Account B, set the permissions of User_DataProcessor to the following:
Exam AWS Certified Solutions Architect - Professional SAP-C02: Question 6 - Image 3

Exam AWS Certified Solutions Architect - Professional SAP-C02: Question 6 - Image 3

In Account B, set the permissions of User_DataProcessor to the following:
Exam AWS Certified Solutions Architect - Professional SAP-C02: Question 6 - Image 4

Exam AWS Certified Solutions Architect - Professional SAP-C02: Question 6 - Image 4

Correct Answer: C, D

For User_DataProcessor in Account B to access the S3 bucket in Account A, two key steps are needed. Firstly, Account A needs to add a policy to the S3 bucket that explicitly allows the IAM user from Account B the necessary permissions to access the bucket. This is achieved by specifying the principal as the IAM user and granting the required actions, as shown in option C. Secondly, Account B must assign an IAM policy to User_DataProcessor that grants permission to perform the required actions (GetObject and ListBucket) on the S3 bucket in Account A, which is specified in option D. Together, these steps ensure that cross-account access is correctly configured.

Question 7 of 529

A company is running a traditional web application on Amazon EC2 instances. The company needs to refactor the application as microservices that run on containers. Separate versions of the application exist in two distinct environments: production and testing. Load for the application is variable, but the minimum load and the maximum load are known. A solutions architect needs to design the updated application with a serverless architecture that minimizes operational complexity.
Which solution will meet these requirements MOST cost-effectively?

Upload the container images to AWS Lambda as functions. Configure a concurrency limit for the associated Lambda functions to handle the expected peak load. Configure two separate Lambda integrations within Amazon API Gateway: one for production and one for testing.

Upload the container images to Amazon Elastic Container Registry (Amazon ECR). Configure two auto scaled Amazon Elastic Container Service (Amazon ECS) clusters with the Fargate launch type to handle the expected load. Deploy tasks from the ECR images. Configure two separate Application Load Balancers to direct traffic to the ECS clusters.

Upload the container images to Amazon Elastic Container Registry (Amazon ECR). Configure two auto scaled Amazon Elastic Kubernetes Service (Amazon EKS) clusters with the Fargate launch type to handle the expected load. Deploy tasks from the ECR images. Configure two separate Application Load Balancers to direct traffic to the EKS clusters.

Upload the container images to AWS Elastic Beanstalk. In Elastic Beanstalk, create separate environments and deployments for production and testing. Configure two separate Application Load Balancers to direct traffic to the Elastic Beanstalk deployments.

Correct Answer: B

To design a cost-effective serverless architecture that minimizes operational complexity while refactoring a traditional web application as microservices, using Amazon Elastic Container Service (ECS) with the Fargate launch type is a suitable solution. ECS with Fargate allows automatic scaling of containers based on the load, which handles the variable workload effectively. By uploading the container images to Amazon Elastic Container Registry (ECR) and deploying tasks from these images, the operational management is streamlined. Configuring two auto-scaled ECS clusters ensures separate environments for production and testing. Additionally, using Application Load Balancers to direct traffic to the ECS clusters aids in efficiently distributing the load. This solution fully leverages AWS managed services, reducing the overall operational burden and cost.

Question 8 of 529

A company has a multi-tier web application that runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB and the Auto Scaling group are replicated in a backup AWS Region. The minimum value and the maximum value for the Auto Scaling group are set to zero. An Amazon RDS Multi-AZ DB instance stores the application’s data. The DB instance has a read replica in the backup Region. The application presents an endpoint to end users by using an Amazon Route 53 record.
The company needs to reduce its RTO to less than 15 minutes by giving the application the ability to automatically fail over to the backup Region. The company does not have a large enough budget for an active-active strategy.
What should a solutions architect recommend to meet these requirements?

Reconfigure the application’s Route 53 record with a latency-based routing policy that load balances traffic between the two ALBs. Create an AWS Lambda function in the backup Region to promote the read replica and modify the Auto Scaling group values. Create an Amazon CloudWatch alarm that is based on the HTTPCode_Target_5XX_Count metric for the ALB in the primary Region. Configure the CloudWatch alarm to invoke the Lambda function.

Create an AWS Lambda function in the backup Region to promote the read replica and modify the Auto Scaling group values. Configure Route 53 with a health check that monitors the web application and sends an Amazon Simple Notification Service (Amazon SNS) notification to the Lambda function when the health check status is unhealthy. Update the application’s Route 53 record with a failover policy that routes traffic to the ALB in the backup Region when a health check failure occurs.

Configure the Auto Scaling group in the backup Region to have the same values as the Auto Scaling group in the primary Region. Reconfigure the application’s Route 53 record with a latency-based routing policy that load balances traffic between the two ALBs. Remove the read replica. Replace the read replica with a standalone RDS DB instance. Configure Cross-Region Replication between the RDS DB instances by using snapshots and Amazon S3.

Configure an endpoint in AWS Global Accelerator with the two ALBs as equal weighted targets. Create an AWS Lambda function in the backup Region to promote the read replica and modify the Auto Scaling group values. Create an Amazon CloudWatch alarm that is based on the HTTPCode_Target_5XX_Count metric for the ALB in the primary Region. Configure the CloudWatch alarm to invoke the Lambda function.

Correct Answer: B

To achieve an automatic failover to the backup region and maintain an RTO of less than 15 minutes within a limited budget, the solution should include mechanisms for monitoring the primary region and taking swift action if it becomes unhealthy. Configuring an AWS Lambda function in the backup region to promote the read replica and modify the Auto Scaling group values of instances ensures that resources can quickly be provisioned in the backup region when needed. Using Route 53 with a health check to monitor the web application and sending an SNS notification to trigger the Lambda function when the primary region is unhealthy allows traffic to be rerouted to the backup region promptly. This setup avoids the need for an expensive active-active strategy while providing the necessary failover capability.

Question 9 of 529

A company is hosting a critical application on a single Amazon EC2 instance. The application uses an Amazon ElastiCache for Redis single-node cluster for an in-memory data store. The application uses an Amazon RDS for MariaDB DB instance for a relational database. For the application to function, each piece of the infrastructure must be healthy and must be in an active state.
A solutions architect needs to improve the application's architecture so that the infrastructure can automatically recover from failure with the least possible downtime.
Which combination of steps will meet these requirements? (Choose three.)

Use an Elastic Load Balancer to distribute traffic across multiple EC2 instances. Ensure that the EC2 instances are part of an Auto Scaling group that has a minimum capacity of two instances.

Use an Elastic Load Balancer to distribute traffic across multiple EC2 instances. Ensure that the EC2 instances are configured in unlimited mode.

Modify the DB instance to create a read replica in the same Availability Zone. Promote the read replica to be the primary DB instance in failure scenarios.

Modify the DB instance to create a Multi-AZ deployment that extends across two Availability Zones.

Create a replication group for the ElastiCache for Redis cluster. Configure the cluster to use an Auto Scaling group that has a minimum capacity of two instances.

Create a replication group for the ElastiCache for Redis cluster. Enable Multi-AZ on the cluster.

Correct Answer: A, D, F

To ensure automatic recovery from failure with minimal downtime, several steps can be taken. First, using an Elastic Load Balancer to distribute traffic across multiple EC2 instances and ensuring these instances are part of an Auto Scaling group with a minimum capacity of two instances can help maintain application availability if one instance fails. Then, modifying the DB instance to create a Multi-AZ deployment ensures that the database remains available by automatically failing over to a secondary availability zone in the event of an issue. Finally, creating a replication group for the ElastiCache for Redis cluster and enabling Multi-AZ on the cluster ensures that the in-memory data store is resilient and can fail over to another availability zone if necessary. This combination achieves a robust, highly available architecture capable of automatically recovering from failures with minimal downtime.

Question 10 of 529

A retail company is operating its ecommerce application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses an Amazon RDS DB instance as the database backend. Amazon CloudFront is configured with one origin that points to the ALB. Static content is cached. Amazon Route 53 is used to host all public zones.
After an update of the application, the ALB occasionally returns a 502 status code (Bad Gateway) error. The root cause is malformed HTTP headers that are returned to the ALB. The webpage returns successfully when a solutions architect reloads the webpage immediately after the error occurs.
While the company is working on the problem, the solutions architect needs to provide a custom error page instead of the standard ALB error page to visitors.
Which combination of steps will meet this requirement with the LEAST amount of operational overhead? (Choose two.)

Create an Amazon S3 bucket. Configure the S3 bucket to host a static webpage. Upload the custom error pages to Amazon S3.

Create an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Target.FailedHealthChecks is greater than 0. Configure the Lambda function to modify the forwarding rule at the ALB to point to a publicly accessible web server.

Modify the existing Amazon Route 53 records by adding health checks. Configure a fallback target if the health check fails. Modify DNS records to point to a publicly accessible webpage.

Create an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Elb.InternalError is greater than 0. Configure the Lambda function to modify the forwarding rule at the ALB to point to a public accessible web server.

Add a custom error response by configuring a CloudFront custom error page. Modify DNS records to point to a publicly accessible web page.

Correct Answer: A, E

To provide a custom error page instead of the standard ALB error page with the least operational overhead, two steps are necessary. First, create an Amazon S3 bucket to host a static webpage and upload the custom error pages to that S3 bucket. This allows for a highly-available location to store the error pages. Second, configure a CloudFront custom error page to handle the custom error responses effectively. This setup leverages existing services with minimal additional configuration, offering an efficient and scalable solution without the need for complex DNS changes or handling custom code for each error.