• Home
  • Articles
  • Pass Exam Questions Efficiently With SAP-C01 Questions (2024) [Q21-Q38]

Pass Exam Questions Efficiently With SAP-C01 Questions (2024) [Q21-Q38]

Share

Pass Exam Questions Efficiently With SAP-C01 Questions (2024) 

SAP-C01 Questions - Truly Beneficial For Your Amazon Exam 


The SAP-C01 exam is a computer-based exam that consists of multiple-choice and multiple-response questions. SAP-C01 exam is available in English and Japanese languages and can be taken at various testing centers around the world. SAP-C01 exam fee is $300, and candidates must pass the exam with a minimum score of 750 out of 1000 to earn the AWS Certified Solutions Architect - Professional certification.

 

NEW QUESTION # 21
A multimedia company needs to deliver its video-on-demand (VOD) content to its subscribers in a cost-effective way. The video files range in size from 1-15 GB and are typically viewed frequently for the first 6 months alter creation, and then access decreases considerably. The company requires all video files to remain immediately available for subscribers. There are now roughly 30.000 files, and the company anticipates doubling that number over time.
What is the MOST cost-effective solution for delivering the company's VOD content?

  • A. Store the video files in Amazon S3 Standard. Create S3 Lifecycle rules to move the video files to S3 Standard-Infrequent Access (S3 Standard-IA) after 6 months and to S3 Glacier Deep Archive after 1 year. Use Amazon CloudFront to deliver the content with the S3 bucket as the origin.
  • B. Use AWS Elemental MediaConvert and store the adaptive bitrate video files in Amazon S3. Configure an AWS Elemental MediaPackage endpoint to deliver the content from Amazon S3.
  • C. Store the video files in Amazon Elastic File System (Amazon EFS) Standard. Enable EFS lifecycle management to move the video files to EFS Infrequent Access after 6 months. Create an Amazon EC2 Auto Scaling group behind an Elastic Load Balancer to deliver the content from Amazon EFS.
  • D. Store the video files in an Amazon S3 bucket using S3 Intelligent-Tiering. Use Amazon CloudFront to deliver the content with the S3 bucket as the origin.

Answer: D


NEW QUESTION # 22
An enterprise company is building an infrastructure services platform for its users. The company has the following requirements:
* Provide least privilege access to users when launching AWS infrastructure so users cannot provision unapproved services
* Use a central account to manage the creation of infrastructure services
* Provide the ability to distribute infrastructure services to multiple accounts in AWS Organizations
* Provide the ability to enforce tags on any infrastructure that is started by users Which combination of actions using AWS services will meet these requirements? (Select THREE.)

  • A. Use the AWS CloudFormation Resource Tags property to enforce the application of tags to any CloudFormation templates that will be created for users
  • B. Allow user IAM roles to have AWSCIoudFormationFullAccess and AmazonS3ReadOnlyAccess permissions Add an Organizations SCP at the AWS account root user level to deny all services except AWS CloudFormation and Amazon S3.
  • C. Develop infrastructure services using AWS Cloud For matron templates Upload each template as an AWS Service Catalog product to portfolios created in a central AWS account Share these portfolios with the Organizations structure created for the company
  • D. Develop infrastructure services using AWS Cloud Formation templates Add the templates to a central Amazon S3 bucket and add the-IAM rotes or users that require access to the S3 bucket policy
  • E. Use the AWS Service Catalog TagOption Library to maintain a list of tags required by the company Apply the TagOption to AWS Service Catalog products or portfolios
  • F. Allow user IAM roles to have ServiceCatalogEndUserAccess permissions only Use an automation script to import the central portfolios to local AWS accounts, copy the TagOption assign users access and apply launch constraints

Answer: C,E,F

Explanation:
https://aws.amazon.com/about-aws/whats-new/2017/06/aws-service-catalog-tagoptions-library-creates-a-better-way-to-govern-your-aws-footprint/


NEW QUESTION # 23
A company uses AWS Organizations to manage one parent account and nine member accounts The number of member accounts is expected to grow as the business grows A security engineer has requested consolidation of AWS CloudTrail logs into me parent account for compliance purposes Existing logs currently stored in Amazon S3 buckets in each individual member account should not be lost Future member accounts should comply with the logging strategy Which operationally efficient solution meets these requirements?

  • A. Configure an organization-level CloudTrail in the parent account to deliver tog events to a central S3 bucket Configure CloudTrail in each member account to deliver log events to the central S3 bucket
  • B. Configure an organization-level CloudTrail in the parent account to deliver tog events to a central S3 bucket Migrate the existing CloudTrail logs from each member account to the central S3 bucket Delete the existing CloudTrail and logs in the member accounts
  • C. Create an AWS Lambda function m each member account with a cross-account role Trigger the Lambda functions when new CloudTrail logs are created and copy the CloudTrail logs to a centralized S3 bucket Set up an Amazon CloudWatch alarm to alert if CloudTrail is not configured properly
  • D. Configure CloudTrail in each member account lo deliver log events to a central S3 bucket Ensure the central bucket policy allows Put Object access from the member accounts Migrate existing logs to the central S3 bucket Set up an Amazon CloudWatch alarm to alert if CloudTrail is not configured properly

Answer: D


NEW QUESTION # 24
In Amazon Redshift, how many slices does a dw2.8xlarge node have?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

Explanation:
Explanation
The disk storage for a compute node in Amazon Redshift is divided into a number of slices, equal to the number of processor cores on the node. For example, each DW1.XL compute node has two slices, and each DW2.8XL compute node has 32 slices.
http://docs.aws.amazon.com/redshift/latest/dg/t_Distributing_data.html


NEW QUESTION # 25
A company is finalizing the architecture for its backup solution for applications running on AWS. All of the applications run on AWS and use at least two Availability Zones in each tier.
Company policy requires IT to durably store nightly backups for all its data in at least two locations: production and disaster recovery. The locations must be in different geographic regions. The company also needs the backup to be available to restore immediately at the production data center, and within 24 hours at the disaster recovery location. All backup processes must be fully automated.
What is the MOST cost-effective backup solution that will meet all requirements?

  • A. Back up all the data to a large Amazon EBS volume attached to the backup media server in the production region. Run automated scripts to snapshot these volumes nightly, and copy these snapshots to the disaster recovery region.
  • B. Back up all the data to Amazon S3 in the production region. Set up cross-region replication of this S3 bucket to another region and set up a lifecycle policy in the second region to immediately move this data to Amazon Glacier.
  • C. Back up all the data to Amazon Glacier in the production region. Set up cross-region replication of this data to Amazon Glacier in the disaster recovery region. Set up a lifecycle policy to delete any data older than 60 days.
  • D. Back up all the data to Amazon S3 in the disaster recovery region. Use a lifecycle policy to move this data to Amazon Glacier in the production region immediately. Only the data is replicated; remove the data from the S3 bucket in the disaster recovery region.

Answer: B


NEW QUESTION # 26
Your customer wishes to deploy an enterprise application to AWS which will consist of several web servers, several application servers and a small (50GB) Oracle database information is stored, both in the database and the file systems of the various servers. The backup system must support database recovery whole server and whole disk restores, and individual file restores with a recovery time of no more than two hours. They have chosen to use RDS Oracle as the database.
Which backup architecture will meet these requirements?

  • A. Backup RDS using automated daily DB backups Backup the EC2 instances using EBS snapshots and supplement with file-level backups to Amazon Glacier using traditional enterprise backup software to provide file level restore
  • B. Backup RDS using a Multi-AZ Deployment Backup the EC2 instances using Amis, and supplement by copying file system data to S3 to provide file level restore.
  • C. Backup RDS using automated daily DB backups Backup the EC2 instances using AMIs and supplement with file-level backup to S3 using traditional enterprise backup software to provide file level restore
  • D. Backup RDS database to S3 using Oracle RMAN Backup the EC2 instances using Amis, and supplement with EBS snapshots for individual volume restore.

Answer: C

Explanation:
Explanation
Point-In-Time Recovery
In addition to the daily automated backup, Amazon RDS archives database change logs. This enables you to recover your database to any point in time during the backup retention period, up to the last five minutes of database usage.
Amazon RDS stores multiple copies of your data, but for Single-AZ DB instances these copies are stored in a single availability zone. If for any reason a Single-AZ DB instance becomes unusable, you can use point-in-time recovery to launch a new DB instance with the latest restorable data. For more information on working with point-in-time recovery, go to Restoring a DB Instance to a Specified Time.
Note
Multi-AZ deployments store copies of your data in different Availability Zones for greater levels of data durability. For more information on Multi-AZ deployments, see High Availability (Multi-AZ).


NEW QUESTION # 27
In the context of AWS Cloud Hardware Security Module(HSM), does your application need to reside in the same VPC as the CloudHSM instance?

  • A. No, but it should reside in same Availability Zone as the DB instance.
  • B. Yes, always
  • C. No, but the server or instance on which your application and the HSM client is running must have network (IP) reachability to the HSM.
  • D. No, but they must reside in the same Availability Zone.

Answer: C

Explanation:
Explanation
Your application does not need to reside in the same VPC as the CloudHSM instance. However, the server or instance on which your application and the HSM client is running must have network (IP) reachability to the HSM. You can establish network connectivity in a variety of ways, including operating your application in the same VPC, with VPC peering, with a VPN connection, or with Direct Connect.
https://aws.amazon.com/cloudhsm/faqs/


NEW QUESTION # 28
A company is currently using AWS CodeCommit for its source control and AWS CodePipeline for continuous integration. The pipeline has a build stage for building the artifacts which is then staged in an Amazon S3 bucket.
The company has identified various improvement opportunities in the existing process, and a Solutions Architect has been given the following requirement:
* Create a new pipeline to support feature development
* Support feature development without impacting production applications
* Incorporate continuous testing with unit tests
* Isolate development and production artifacts
* Support the capability to merge tested code into production code.
How should the Solutions Architect achieve these requirements?

  • A. Trigger a separate pipeline from CodeCommit feature branches. Use AWS Lambda for running unit tests. Use AWS CodeDeploy to stage the artifacts within an S3 bucket in a separate testing account.
  • B. Trigger a separate pipeline from CodeCommit feature branches. Use AWS CodeBuild for running unit tests. Use CodeBuild to stage the artifacts within an S3 bucket in a separate testing account.
  • C. Trigger a separate pipeline from CodeCommit tags Use Jenkins for running unit tests. Create a stage in the pipeline with S3 as the target for staging the artifacts with an S3 bucket in a separate testing account.
  • D. Create a separate CodeCommit repository for feature development and use it to trigger the pipeline. Use AWS Lambda for running unit tests. Use AWS CodeBuild to stage the artifacts within different S3 buckets in the same production account.

Answer: B

Explanation:
https://docs.aws.amazon.com/codebuild/latest/userguide/how-to-create-pipeline.html


NEW QUESTION # 29
A company that develops consumer electronics with offices in Europe and Asia has 60 TB of software images stored on premises in Europe. The company wants to transfer the images to an Amazon S3 bucket in the ap-northeast-1 Region. New software images are created daily and must be encrypted in transit. The company needs a solution that does not require custom development to automatically transfer all existing and new software images to Amazon S3.
What is the next step in the transfer process?

  • A. Use an AWS Snowball device to transfer the images with the S3 bucket as the target.
  • B. Deploy an AWS DataSync agent and configure a task to transfer the images to the S3 bucket.
  • C. Transfer the images over a Site-to-Site VPN connection using the S3 API with multipart upload.
  • D. Configure Amazon Kinesis Data Firehose to transfer the images using S3 Transfer Acceleration.

Answer: B


NEW QUESTION # 30
An organization is planning to setup a management network on the AWS VPC. The organization is trying to secure the webserver on a single VPC instance such that it allows the internet traffic as well as the back-end management traffic. The organization wants to make so that the back end management network interface can receive the SSH traffic only from a selected IP range, while the internet facing webserver will have an IP address which can receive traffic from all the internet IPs.
How can the organization achieve this by running web server on a single instance?

  • A. The organization should launch an instance with two separate subnets using the same network interface which allows to have a separate CIDR as well as security groups.
  • B. The organization should create two network interfaces with separate subnets so one instance can have two subnets and the respective security groups for controlled access.
  • C. It is not possible to have two IP addresses for a single instance.
  • D. The organization should create two network interfaces with the same subnet and security group to assign separate IPs to each network interface.

Answer: B

Explanation:
Explanation
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. An Elastic Network Interface (ENI) is a virtual network interface that the user can attach to an instance in a VPC. The user can create a management network using two separate network interfaces. For the present scenario it is required that the secondary network interface on the instance handles the public facing traffic and the primary network interface handles the back-end management traffic and it is connected to a separate subnet in the VPC that has more restrictive access controls. The public facing interface, which may or may not be behind a load balancer, has an associated security group to allow access to the server from the internet while the private facing interface has an associated security group allowing SSH access only from an allowed range of IP addresses either within the VPC or from the internet, a private subnet within the VPC or a virtual private gateway.
References:


NEW QUESTION # 31
In regard to DynamoDB, when you create a table with a hash-and-range key.

  • A. You must define one or more Global secondary indexes on that table
  • B. You must define one or more Local secondary indexes on that table
  • C. You must define one or more secondary indexes on that table
  • D. You can optionally define one or more secondary indexes on that table

Answer: D

Explanation:
Explanation
When you create a table with a hash-and-range key, you can optionally define one or more secondary indexes on that table. A secondary index lets you query the data in the table using an alternate key, in addition to queries against the primary key.
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html


NEW QUESTION # 32
A large company has many business units. Each business unit has multiple AWS accounts for different purposes. The CIO of the company sees that each business unit has data that would be useful to share with other parts of the company. In total, there are about 10 PB of data that needs to be shared with users in 1,000 AWS accounts. The data is proprietary, so some of it should only be available to users with specific job types.
Some of the data is used for throughput of intensive workloads, such as simulations. The number of accounts changes frequently because of new initiatives, acquisitions, and divestitures.
A Solutions Architect has been asked to design a system that will allow for sharing data for use in AWS with all of the employees in the company.
Which approach will allow for secure data sharing in scalable way?

  • A. Store the data in a series of Amazon S3 buckets. Create an application running in Amazon EC2 that is integrated with the company's identity provider (IdP) that authenticates users and allows them to download or upload data through the application. The application uses the business unit and job type information in the IdP to control what users can upload and download through the application. The users can access the data through the application's API.
  • B. Store the data in a single Amazon S3 bucket. Create an IAM role for every combination of job type and business unit that allows to appropriate read/write access based on object prefixes in the S3 bucket. The roles should have trust policies that allow the business unit's AWS accounts to assume their roles. Use IAM in each business unit's AWS account to prevent them from assuming roles for a different job type.
    Users get credentials to access the data by using AssumeRole from their business unit's AWS account.
    Users can then use those credentials with an S3 client.
  • C. Store the data in a single Amazon S3 bucket. Write a bucket policy that uses conditions to grant read and write access where appropriate, based on each user's business unit and job type. Determine the business unit with the AWS account accessing the bucket and the job type with a prefix in the IAM user's name. Users can access data by using IAM credentials from their business unit's AWS account with an S3 client.
  • D. Store the data in a series of Amazon S3 buckets. Create an AWS STS token vending machine that is integrated with the company's identity provider (IdP). When a user logs in, have the token vending machine attach an IAM policy that assumes the role that limits the user's access and/or upload only the data the user is authorized to access. Users can get credentials by authenticating to the token vending machine's website or API and then use those credentials with an S3 client.

Answer: B


NEW QUESTION # 33
A media company has a static web application that is generated programmatically. The company has a build pipeline that generates HTML content that is uploaded to an Amazon S3 bucket served by Amazon CloudFront. The build pipeline runs inside a Build Account. The S3 bucket and CloudFront distribution are in a Distribution Account. The build pipeline uploads the files to Amazon S3 using an IAM role in the Build Account. The S3 bucket has a bucket policy that only allows CloudFront to read objects using an origin access identity (OAI). During testing, all attempts to access the application using the CloudFront URL result in an HTTP 403 Access Denied response.
What should a solutions architect suggest to the company to allow access the objects in Amazon S3 through CloudFront?

  • A. Create a new cross-account IAM role in the Distribution Account with write access to the S3 bucket.
    Modify the build pipeline to assume this role to upload the files to the Distribution Account.
  • B. Modify the S3 upload process in the Build Account to add the bucket-owner-full-control ACL to the objects at upload.
  • C. Modify the S3 upload process in the Build Account to set the object owner to the Distribution Account.
  • D. Create a new IAM role in the Distribution Account with read access to the S3 bucket. Configure CloudFront to use this new role as its OAI. Modify the build pipeline to assume this role when uploading files from the

Answer: A


NEW QUESTION # 34
A company uses multiple AWS accounts in a single AWS Region A solutions architect is designing a solution to consolidate logs generated by Elastic Load Balancers (ELBs) in the AppDev, AppTest and AppProd accounts. The logs should be stored in an existing Amazon S3 bucket named s3-eib-logs in the central AWS account. The central account is used for log consolidation only and does not have ELBs deployed ELB logs must be encrypted at rest
Which combination of steps should the solutions architect take to build the solution'' (Select TWO )

  • A. Enable Amazon S3 default encryption using server-side encryption with S3 managed encryption keys (SSE-S3) for the s3-elb-logs S3 bucket
  • B. Update the S3 bucket policy for the s3-elb-logs bucket to allow the s3 PutObject action for the AppDev AppTest and AppProd account IDs
  • C. Enable access logging for the ELBs. Set the S3 location to the s3-elb-logs bucket
  • D. Update the S3 bucket policy for the s3-eib-logs bucket to allow the s3 PutObject and s3 DeleteObject actions for the AppDev AppTest and AppProd account IDs
  • E. Update the S3 bucket policy for the s3-elb-logs bucket to allow the s3 PutBucketLogging action for the central AWS account ID

Answer: A,E


NEW QUESTION # 35
A company requires that all internal application connectivity use private IP addresses To facilitate this policy a solutions architect has created interface endpoints to connect to AWS public services Upon testing the solutions architect notices that the service names are resolving to public IP addresses and that internal services cannot connect to the interface endpoints Which step should the solutions architect take to resolve this issue?

  • A. Configure an Amazon Route 53 private hosted zone with a conditional forwarder for the internal application
  • B. Update the subnet route table with a route to the interface endpoint
  • C. Enable the private DNS option on the VPC attributes
  • D. Configure the security group on the interface endpoint to allow connectivity to the AWS services

Answer: C

Explanation:
Explanation
https://aws.amazon.com/blogs/aws/cross-region-read-replicas-for-amazon-rds-for-mysql/


NEW QUESTION # 36
A company runs a legacy system on a single m4.2xlarge Amazon EC2 instance with Amazon EBS2 storage. The EC2 instance runs both the web server and a self-managed Oracle database. A snapshot is made of the EBS volume every 12 hours, and an AMI was created from the fully configured EC2 instance.
A recent event that terminated the EC2 instance led to several hours of downtime. The application was successfully launched from the AMI, but the age of the EBS snapshot and the repair of the database resulted in the loss of 8 hours of dat a. The system was also down for 4 hours while the Systems Operators manually performed these processes.
What architectural changes will minimize downtime and reduce the chance of lost data?

  • A. Run the application on m4.2xlarge EC2 instances behind an Elastic Load Balancer/Application Load Balancer. Run the EC2 instances in an Auto Scaling group across multiple Availability Zones with a minimum instance count of one. Migrate the database to an Amazon RDS Oracle Multi-AZ DB instance.
  • B. Increase the web server instance count to two m4.xlarge instances and use Amazon Route 53 round-robin load balancing to spread the load. Enable Route 53 health checks on the web servers. Migrate the database to an Amazon RDS Oracle Multi-AZ DB instance.
  • C. Create an Amazon CloudWatch alarm to automatically recover the instance. Create a script that will check and repair the database upon reboot. Subscribe the Operations team to the Amazon SNS message generated by the CloudWatch alarm.
  • D. Run the application on m4.xlarge EC2 instances behind an Elastic Load Balancer/Application Load Balancer. Run the EC2 instances in an Auto Scaling group across multiple Availability Zones with a minimum instance count of two. Migrate the database to an Amazon RDS Oracle Multi-AZ DB instance.

Answer: D

Explanation:
Ensures that there are at least two EC instances, each of which is in a different AZ. It also ensures that the database spans multiple AZs. Hence this meets all the criteria.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html


NEW QUESTION # 37
A company would like to implement a serverless application by using Amazon API Gateway, AWS Lambda and Amazon DynamoDB. They deployed a proof of concept and stated that the average response time is greater than what their upstream services can accept Amazon CloudWatch metrics did not indicate any issues with DynamoDB but showed that some Lambda functions were hitting their timeout.
Which of the following actions should the Solutions Architect consider to improve performance? (Choose two.)

  • A. Increase the amount of memory and adjust the timeout on the Lambda function. Complete performance testing to identify the ideal memory and timeout configuration for the Lambda function.
  • B. Enable API cache on the appropriate stage in Amazon API Gateway, and override the TTL for individual methods that require a lower TTL than the entire stage.
  • C. Increase the amount of CPU, and adjust the timeout on the Lambda function. Complete performance testing to identify the ideal CPU and timeout configuration for the Lambda function.
  • D. Create an Amazon ElastiCache cluster running Memcached, and configure the Lambda function for VPC integration with access to the Amazon ElastiCache cluster.
  • E. Configure the AWS Lambda function to reuse containers to avoid unnecessary startup time.

Answer: A,B

Explanation:
Explanation
https://lumigo.io/blog/aws-lambda-timeout-best-practices/


NEW QUESTION # 38
......


The SAP-C01 certification exam covers a wide range of AWS services, including Elastic Compute Cloud (EC2), Simple Storage Service (S3), Virtual Private Cloud (VPC), Relational Database Service (RDS), and many others. It also covers advanced topics such as high availability, fault tolerance, and disaster recovery. SAP-C01 exam also tests your understanding of AWS cost optimization and security best practices.

 

Truly Beneficial For Your Amazon Exam: https://www.newpassleader.com/Amazon/SAP-C01-exam-preparation-materials.html

Download Amazon SAP-C01 Sample Questions: https://drive.google.com/open?id=1rFyOk90Uxo0K4jDeg2c-ezofsKNLfxuq

Related Articles

more
Amazon SAP-C01 Certification Practice Exam