Exam Dumps SAP-C01 Practice Free Latest Amazon Practice Tests [Q74-Q99]

Exam Dumps SAP-C01 Practice Free Latest Amazon Practice Tests

SAP-C01 Exam Questions | Real SAP-C01 Practice Dumps

NEW QUESTION 74
In the context of AWS CloudFormation, which of the following statements is correct?

• A. Actual resource names are a combination of the resource ID, stack, and logical resource name.
• B. Actual resource name is the logical resource name.
• C. Actual resource name is the stack resource name.
• D. Actual resource names are a combination of the stack and logical resource name.

Answer: D

Explanation:
Explanation
In AWS CloudFormation, actual resource names are a combination of the stack and logical resource name.
This allows multiple stacks to be created from a template without fear of name collisions between AWS resources.
https://aws.amazon.com/cloudformation/faqs/

 

NEW QUESTION 75
A company runs an e-commerce platform with front-end and e-commerce tiers. Both tiers run on LAMP stacks with the front-end instances running behind a load balancing appliance that has a virtual offering on AWS Current*/, the operations team uses SSH to log in to the instances to maintain patches and address other concerns. The platform has recently been the target of multiple attacks, including.
* A DDoS attack.
* An SOL injection attack
* Several successful dictionary attacks on SSH accounts on the web servers The company wants to improve the secunty of the e-commerce platform by migrating to AWS. The company's solutions architects have decided to use the following approach;
* Code review the existing application and fix any SQL injection issues.
* Migrate the web application to AWS and leverage the latest AWS Linux AMI to address initial secunty patching.
* Install AWS Systems Manager to manage patching and allow the system administrators to run commands on all instances, as needed.
What additional steps will address all of the identified attack types while providing high availability and minimizing risk?

• A. Enable SSH access to the Amazon EC2 instances through a bastion host secured by limiting access to specific IP addresses. Migrate on-premises MySQL to a self-managed EC2 instance. Leverage an AWS Elastic Load Balancer to spread the load, and enable AWS Shield Standard for DDoS protection Add an Amazon CloudFront distribution in front of the website.
• B. Enable SSH access to the Amazon EC2 instances using a security group that limits access to specific IPs. Migrate on-premises MySQL to Amazon RDS Multi-AZ Install the third-party load balancer from the AWS Marketplace and migrate the existing rules to the load balancer's AWS instances Enable AWS Shield Standard for DDoS protection
• C. Disable SSH access to the EC2 instances. Migrate on-premises MySQL to Amazon RDS Single-AZ.Leverage an AWS Elastic Load Balancer to spread the load Add an Amazon CloudFront distribution in front of the website Enable AWS WAF on the distribution to manage the rules.
• D. Disable SSH access to the Amazon EC2 instances. Migrate on-premises MySQL to Amazon RDS Multi-AZ Leverage an Elastic Load Balancer to spread the load and enable AWS Shield Advanced for protection. Add an Amazon CloudFront distribution in front of the website Enable AWS WAF on the distribution to manage the rules.

Answer: D

 

NEW QUESTION 76
An ecommerce website running on AWS uses an Amazon RDS for MySQL DB instance with General Purpose SSD storage. The developers chose an appropriate instance type based on demand, and configured 100 GB of storage with a sufficient amount of free space.
The website was running smoothly for a few weeks until a marketing campaign launched. On the second day of the campaign, users reported long wait times and time outs. Amazon CloudWatch metrics indicated that both reads and writes to the DB instance were experiencing long response times. The CloudWatch metrics show 40% to 50% CPU and memory utilization, and sufficient free storage space is still available. The application server logs show no evidence of database connectivity issues.
What could be the root cause of the issue with the marketing campaign?

• A. It exhausted the maximum number of allowed connections to the database instance.
• B. It caused the data in the tables to change frequently, requiring indexes to be rebuilt to optimize queries.
• C. It exhausted the network bandwidth available to the RDS for MySQL DB instance.
• D. It exhausted the I/O credit balance due to provisioning low disk storage during the setup phase.

Answer: D

 

NEW QUESTION 77
A company will several AWS accounts is using AWS Organizations and service control policies (SCPs). An Administrator created the following SCP and has attached it to an organizational unit (OU) that contains AWS account 1111-1111-1111:

Developers working in account 1111-1111-1111 complain that they cannot create Amazon S3 buckets. How should the Administrator address this problem?

• A. Instruct the Developers to add Amazon S3 permissions to their IAM entities.
• B. Remove the account from the OU, and attach the SCP directly to account 1111-1111-1111.
• C. Add s3:CreateBucket with "Allow" effect to the SCP.
• D. Remove the SCP from account 1111-1111-1111.

Answer: A

 

NEW QUESTION 78
A company has released a new version of a website to target an audience in Asia and South Americ a. The website's media assets are hosted on Amazon S3 and have an Amazon CloudFront distribution to improve end-user performance. However, users are having a poor login experience the authentication service is only available in the us-east-1 AWS Region.
How can the Solutions Architect improve the login experience and maintain high security and performance with minimal management overhead?

• A. Replicate the setup in each new geography and use Amazon Route 53 geo-based routing to route traffic to the AWS Region closest to the users.
• B. Use Amazon Lambda@Edge attached to the CloudFront viewer request trigger to authenticate and authorize users by maintaining a secure cookie token with a session expiry to improve the user experience in multiple geographies.
• C. Replicate the setup in each geography and use Network Load Balancers to route traffic to the authentication service running in the closest region to users.
• D. Use an Amazon Route 53 weighted routing policy to route traffic to the CloudFront distribution. Use CloudFront cached HTTP methods to improve the user login experience.

Answer: B

Explanation:
There are several benefits to using Lambda@Edge for authorization operations. First, performance is improved by running the authorization function using Lambda@Edge closest to the viewer, reducing latency and response time to the viewer request. The load on your origin servers is also reduced by offloading CPU-intensive operations such as verification of JSON Web Token (JWT) signatures. Finally, there are security benefits such as filtering out unauthorized requests before they reach your origin infrastructure.
https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use-lambdaedge-and-json-web-tokens-to-enhance-web-application-security/

 

NEW QUESTION 79
The company requires the lowest possible networking latency to achieve maximum performance. Which solution will meet these requirements?

• A. Launch compute optimized EC2 instances in a partition placement group
• B. Launch memory optimized EC2 instances in a partition placement group
• C. Launch compute optimized EC2 instances in a spread placement group
• D. Launch memory optimized EC2 instances in a cluster placement group

Answer: B

 

NEW QUESTION 80
A company has released a new version of a website to target an audience in Asia and South America. The website's media assets are hosted on Amazon S3 and have an Amazon CloudFront distribution to improve end-user performance. However, users are having a poor login experience the authentication service is only available in the us-east-1 AWS Region.
How can the Solutions Architect improve the login experience and maintain high security and performance with minimal management overhead?

• A. Replicate the setup in each new geography and use Amazon Route 53 geo-based routing to route traffic to the AWS Region closest to the users.
• B. Use Amazon Lambda@Edge attached to the CloudFront viewer request trigger to authenticate and authorize users by maintaining a secure cookie token with a session expiry to improve the user experience in multiple geographies.
• C. Replicate the setup in each geography and use Network Load Balancers to route traffic to the authentication service running in the closest region to users.
• D. Use an Amazon Route 53 weighted routing policy to route traffic to the CloudFront distribution. Use CloudFront cached HTTP methods to improve the user login experience.

Answer: B

Explanation:
Explanation
There are several benefits to using Lambda@Edge for authorization operations. First, performance is improved by running the authorization function using Lambda@Edge closest to the viewer, reducing latency and response time to the viewer request. The load on your origin servers is also reduced by offloading CPU-intensive operations such as verification of JSON Web Token (JWT) signatures. Finally, there are security benefits such as filtering out unauthorized requests before they reach your origin infrastructure.https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use-lam

 

NEW QUESTION 81
A company has an application that sends newsletters through email to users The application runs on two Amazon EC2 instances in a VPC The first EC2 instance contains the email application that sends email directly to users The second EC2 instance contains a MySQL database that is heavily dependent upon relational data Each EC2 instance is controlled by its own Auto Scaling group with a minimum and maximum of one instance Management wants improved application reliability and support for personalized email Which set of steps should a solutions architect take to meet these requirements?

• A. Increase the minimum number of EC2 instances in the Auto Scaling group to three Reconfigure the email application to use Amazon Simple Notification Service (Amazon SNS) to send email
• B. Migrate the database to Amazon DynamoDB global tables Reconfigure the email application to use Amazon Simple Email Service (Amazon SES) to send email
• C. Migrate the database to an Amazon Aurora MySQL DB cluster with Aurora Replicas. Reconfigure the email application to use Amazon Simple Notification Service (Amazon SNS) to send email. . . .
• D. Migrate the database to an Amazon RDS MySQL Multi-AZ DB instance Reconfigure the email application to use Amazon Pinpoint to send email

Answer: C

 

NEW QUESTION 82
A company had a tight deadline to migrate its on-premises environment to AWS. It moved over Microsoft SQL Servers and Microsoft Windows Servers using the virtual machine import/export service and rebuild other applications native to the cloud. The team created both Amazon EC2 databases and used Amazon RDS.
Each team in the company was responsible for migrating their applications, and would like suggestions on reducing its AWS spend.
Which steps should a Solutions Architect take to reduce costs?

• A. Create a budget and monitor for costs exceeding the budget. Create Amazon EC2 Auto Scaling groups for applications that experience fluctuating demand. Create an AWS Lambda function that changes instance sizes based on Amazon CloudWatch alarms. Have each team upload their bill to an Amazon S3 bucket for analysis of team spending. Use Spot instances on nightly batch processing jobs.
• B. Create an AWS Lambda function that changes the instance size based on Amazon CloudWatch alarms.
  Reserve instances based on AWS Simple Monthly Calculator suggestions. Have an AWS Well-Architected framework review and apply recommendations. Create a master account under Organizations and have teams join for consolidated billing.
• C. Enable AWS Business Support and review AWS Trusted Advisor's cost checks. Create Amazon EC2 Auto Scaling groups for applications that experience fluctuating demand. Save AWS Simple Monthly Calculator reports in Amazon S3 for trend analysis. Create a master account under Organizations and have teams join for consolidating billing.
• D. Enable Cost Explorer and AWS Business Support Reserve Amazon EC2 and Amazon RDS DB instances. Use Amazon CloudWatch and AWS Trusted Advisor for monitoring and to receive cost-savings suggestions. Create a master account under Organizations and have teams join for consolidated billing.

Answer: C

 

NEW QUESTION 83
A multimedia company needs to deliver its video-on-demand (VOD) content lo its subscribers in a cost-effective way. The video files range in size from 1-15 GB and are typically viewed frequently for the first 6 months after creation, and then access decreases considerably. The company requites all video files to remain immediately available for subscribers. There are now roughly 30.000 files, and the company anticipates doubling that number over time.
What is the MOST cost-effective solution for delivering the company's VOD content?

• A. Store the video files in Amazon Elastic File System (Amazon EFS) Standard. Enable EFS lifecycle management to move the video files to EFS Infrequent Access after 6 months. Create an Amazon EC2 Auto Scaling group behind an Elastic Load Balancer to deliver the content from Amazon EFS.
• B. Store the video files in an Amazon S3 bucket using S3 Intelligent-Tiering. Use Amazon CloudFront to deliver the content with the S3 bucket as the origin.
• C. Store the video files in Amazon S3 Standard. Create S3 Lifecycle rules to move the video files to S3 Standard-Infrequent Access (S3 Standard-IA) after 6 months and to S3 Glacier Deep Archive after 1 year. Use Amazon CloudFront to deliver the content with the S3 bucket as the origin.
• D. Use AWS Elemental MediaConvert and store the adaptive bitrate video files In Amazon S3. Configure an AWS Elemental MediaPackage endpoint to deliver the content from Amazon S3.

Answer: B

 

NEW QUESTION 84
A company is running a high-user-volume media-sharing application on premises It currently hosts about 400 TB of data with millions of video files The company is migrating this application to AWS to improve reliability and reduce costs The Solutions Architecture team plans to store the videos in an Amazon S3 bucket and use Amazon CloudFront to distribute videos to users. The company needs to migrate this application to AWS within 10 days with the least amount of downtime possible. The company currently has 1 Gbps connectivity to the internet with 30 percent free capacity Which of the following solutions would enable the company to migrate the workload to AWS and meet an of the requirements'?

• A. Request multiple AWS Snowball devices to be delivered to the data center Load the data concurrently into these devices and send it back Have AWS download that data to the Amazon S3 bucket Sync the new data that was generated while migration was in flight.
• B. Use an Amazon S3 client to transfer data from the data center to the Amazon S3 bucket over the internet Use the throttling feature to ensure the Amazon S3 client does not use more than 30 percent of available internet capacity
• C. Use a multipart upload in Amazon S3 clien at to parallel-upload the data to the Amazon S3 bucket over the internet Use the throttling feature to ensure that the Amazon S3 client does not use more than 30 percent of available internet capacity
• D. Request an AWS Snowmobile with 1 PB capacity to be delivered to the data center Load the data into Snowmobile and send it back to have AWS download that data to the Amazon S3 bucket Sync the new data that was generated white migration was in flight

Answer: A

Explanation:
Explanation
https://www.edureka.co/blog/aws-snowball-and-snowmobile-tutorial/

 

NEW QUESTION 85
You have a periodic Image analysis application that gets some files In Input analyzes them and tor each file writes some data in output to a ten file the number of files in input per day is high and concentrated in a few hours of the day.
Currently you have a server on EC2 with a large EBS volume that hosts the input data and the results it takes almost 20 hours per day to complete the process.
What services could be used to reduce the elaboration time and improve the availability of the solution?

• A. S3 to store I/O files. SQS to distribute elaboration commands to a group of hosts working in parallel.
  Auto scaling to dynamically size the group of hosts depending on the length of the SQS queue
• B. EBS with Provisioned IOPS (PIOPS) to store I/O files SQS to distribute elaboration commands to a group of hosts working in parallel Auto Scaling to dynamically size the group of hosts depending on the length of the SQS queue.
• C. S3 to store I/O files, SNS to distribute evaporation commands to a group of hosts working in parallel.
  Auto scaling to dynamically size the group of hosts depending on the number of SNS notifications
• D. EBS with Provisioned IOPS (PIOPS) to store I/O files. SNS to distribute elaboration commands to a group of hosts working in parallel Auto Scaling to dynamically size the group of hosts depending on the number of SNS notifications

Answer: B

Explanation:
Explanation
Amazon EBS allows you to create storage volumes and attach them to Amazon EC2 instances. Once attached, you can create a file system on top of these volumes, run a database, or use them in any other way you would use a block device. Amazon EBS volumes are placed in a specific Availability Zone, where they are automatically replicated to protect you from the failure of a single component.
Amazon EBS provides three volume types: General Purpose (SSD), Provisioned IOPS (SSD), and Magnetic.
The three volume types differ in performance characteristics and cost, so you can choose the right storage performance and price for the needs of your applications. All EBS volume types offer the same durable snapshot capabilities and are designed for 99.999% availability.

 

NEW QUESTION 86
A company is creating a sequel for a popular online game. A large number of users from all over the world will play the game within the first week after launch. Currently, the game consists of the following components deployed in a single AWS Region:
* Amazon S3 bucket that stores game assets
* Amazon DynamoDB table that stores player scores
A solutions architect needs to design a Region solution that wifi reduce latency improve reliability, and require the least effort to implement What should the solutions architect do to meet these requirements'

• A. Create an Amazon CloudFront distribution to serve assets from the S3 bucket. Configure S3 Same-Region Replication. Create a new DynamoDB able m a new Region. Configure asynchronous replication between the DynamoDB tables by using AWS Database Migration Service (AWS DMS) with change data capture (CDC)
• B. Create another S3 bucket in a new Region and configure S3 Cross-Region Replication between the buckets Create an Amazon CloudFront distribution and configure origin failover with two origins accessing the S3 buckets in each Region. Configure DynamoDB global tables by enabling Amazon DynamoDB Streams, and add a replica table in a new Region.
• C. Create another S3 bucket in the same Region, and configure S3 Same-Region Replication between the buckets- Create an Amazon CloudFront distribution and configure origin failover with two origin accessing the S3 buckets Create a new DynamoDB table m a new Region Use the new table as a replica target for DynamoDB global tables.
• D. Create an Amazon CloudFront distribution to serve assets from the S3 bucket Configure S3 Cross-Region Replication Create a new DynamoDB able in a new Region Use the new table as a replica target tor DynamoDB global tables.

Answer: A

 

NEW QUESTION 87
A company with multiple accounts is currently using a configuration that does not meet the following security governance policies
* Prevent ingress from port 22 to any Amazon EC2 instance
* Require billing and application tags for resources
* Encrypt all Amazon EBS volumes
A Solutions Architect wants to provide preventive and detective controls including notifications about a specific resource, if there are policy deviations.
Which solution should the Solutions Architect implement?

• A. Use AWS Service Catalog to build a portfolio with products that are in compliance with the governance policies in a central account Restrict users across all accounts lo AWS Service Catalog products Share a compliant portfolio to other accounts Use AWS Config managed rules to detect deviations from the policies Configure an Amazon CloudWatch Events rule to send a notification when a deviation occurs
• B. Create an AWS CodeCommit repository containing policy-compliant AWS Cloud Formation templates.
  Create an AWS Service Catalog portfolio Import the Cloud Formation templates by attaching the CodeCommit repository to the portfolio Restrict users across all accounts to items from the AWS Service Catalog portfolio Use AWS Config managed rules to detect deviations from the policies.
  Configure an Amazon CloudWatch Events rule for deviations, and associate a CloudWatch alarm to send notifications when the TriggeredRules metric is greater than zero.
• C. Implement policy-compliant AWS Cloud Formation templates for each account and ensure that all provisioning is completed by Cloud Formation Configure Amazon Inspector to perform regular checks against resources Perform policy validation and write the assessment output to Amazon CloudWatch Logs. Create a CloudWatch Logs metric filter to increment a metric when a deviation occurs Configure a CloudWatch alarm to send notifications when the configured metric is greater than zero
• D. Restrict users and enforce least privilege access using AWS I AM. Consolidate all AWS CloudTrail logs into a single account Send the CloudTrail logs to Amazon Elasticsearch Service (Amazon ES). Implement monitoring alerting, and reporting using the Kibana dashboard in Amazon ES and with Amazon SNS.

Answer: B

Explanation:
Explanation
https://aws.amazon.com/blogs/mt/use-aws-service-catalog-to-build-a-custom-catalog-of-products-from-aws-mar

 

NEW QUESTION 88
A Solutions Architect must update an application environment within AWS Elastic Beanstalk using a blue/green deployment methodology. The Solutions Architect creates an environment that is identical to the existing application environment and deploys the application to the new environment.
What should be done next to complete the update?

• A. Replace the Auto Scaling launch configuration
• B. Redirect to the new environment using Amazon Route 53
• C. Update the DNS records to point to the green environment
• D. Select the Swap Environment URLs option

Answer: D

Explanation:
Explanation
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.CNAMESwap.html

 

NEW QUESTION 89
A company stores sales transaction data in Amazon DynamoDB tables. To detect anomalous behaviors and respond quickly, all changes lo the items stored in the DynamoDB tables must be logged within 30 minutes.
Which solution meets the requirements?

• A. Use event patterns in Amazon CloudWatch Events to capture DynamoDB API call events with an AWS Lambda (unction as a target to analyze behavior. Send SNS notifications when anomalous behaviors are detected.
• B. Use Amazon DynamoDB Streams to capture and send updates to AWS Lambda. Create a Lambda function to output records lo Amazon Kinesis Data Streams. Analyze any anomalies with Amazon Kinesis Data Analytics. Send SNS notifications when anomalous behaviors are detected.
• C. Use AWS CloudTrail to capture all the APIs that change the DynamoDB tables. Send SNS notifications when anomalous behaviors are detected using CloudTrail event filtering.
• D. Copy the DynamoDB tables into Apache Hive tables on Amazon EMR every hour and analyze them (or anomalous behaviors. Send Amazon SNS notifications when anomalous behaviors are detected.

Answer: B

 

NEW QUESTION 90
A company has a VPC with two domain controllers running Active Directory in the default configuration. The VPC DHCP options set is configured to use the IP addresses of the two domain controllers. There is a VPC interface endpoint defined; but instances within the VPC are not able to resolve the private endpoint addresses.
Which strategies would resolve this issue? (Select TWO)

• A. Update the DNS service on the client instances to split DNS queries between the Active Directory servers and the VPC Resolver
• B. Update the DNS service on the Active Directory servers to forward all non-authoritative queries to the VPC Resolver
• C. Update the DNS service on the Active Directory servers to forward all queries lo the VPC Resolver.
• D. Define an outbound Amazon Route 53 Resolver. Set a conditional forward rule for the Active Directory domain to the Active Directory servers. Update the VPC DHCP options set to AmazonProvidedDNS.
• E. Define an inbound Amazon Route 53 Resolver Set a conditional forward rule for the Active Directory domain to the Active Directory servers Update the VPC DHCP options set to AmazonProvidedDNS.

Answer: B,C

 

NEW QUESTION 91
A digital marketing company has multiple AWS accounts that belong to various teams. The creative team uses an Amazon S3 bucket in its AWS account to securely store images and media files that are used as content for the company's marketing campaigns. The creative team wants to share the S3 bucket with the strategy team so that the strategy team can view the objects.
A solutions architect has created an 1AM role that is named strategy_reviewer in the Strategy account. The solutions architect also has set up a custom AWS Key Management Service (AWS KMS) key in the Creative account and has associated the key with the S3 bucket. However, when users from the Strategy account assume the 1AM role and try to access objects in the S3 bucket, they receive an Account.
The solutions architect must ensure that users in the Strategy account can access the S3 bucket. The solution must provide these users with only the minimum permissions that they need.
Which combination of steps should the solutions architect take to meet these requirements? (Select THREE.)

• A. Update the custom KMS key policy in the Creative account to grant encrypt permissions to the strategy_reviewer 1AM role.
• B. Update the strategy_reviewer 1AM role to grant read permissions for the S3 bucket and to grant decrypt permissions for the custom KMS key
• C. Create a bucket policy that includes read permissions for the S3 bucket. Set the principal of the bucket policy to an anonymous user.
• D. Update the strategy_reviewer 1AM role to grant full permissions for the S3 bucket and to grant decrypt permissions for the custom KMS key.
• E. Update the custom KMS key policy in the Creative account to grant decrypt permissions to the strategy_reviewer 1AM role.
• F. Create a bucket policy that includes read permissions for the S3 bucket. Set the principal of the bucket policy to the account ID of the Strategy account

Answer: A,E,F

 

NEW QUESTION 92
During an audit a Security team discovered that a Development team was putting IAM user secret access keys in their code and then committing it to an AWS CodeCommit repository The Security team wants to automatically find and remediate instances of this security vulnerability Which solution will ensure that the credentials are appropriately secured automatically?

• A. Run a script rightly using AWS Systems Manager Run Command to search (or credentials on the development instances It found, use AWS Secrets Manager to rotate the credentials
• B. Configure a CodeCommit trigger to invoke an AWS Lambda function to scan new code submissions for credentials lf credentials are found, disable them in AWS IAM and notify the user
• C. Use a scheduled AWS Lambda function to download and scan the application code from CodeCommit If credentials are found generate new credentials and store them in AWS KMS
• D. Configure Amazon Macie to scan for credentials in CodeCommit repositories If credentials are found, trigger an AWS Lambda function to disable the credentials and notify the user

Answer: D

 

NEW QUESTION 93
A company's service for video game recommendations has just gone viral The company has new users from all over the world The website for the service is hosted on a set of Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The website consists of static content with different resources being loaded depending on the device type.
Users recently reported that the load time for the website has increased Administrators are reporting high loads on the EC2 instances that host the service.
Which set actions should a solutions architect take to improve response times?

• A. Move content to Amazon S3 Create an Amazon CloudFront distribution to serve content out of the S3 bucket Use the User-Agent HTTP header to load different content
• B. Move content to Amazon S3 Create an Amazon CloudFront distribution to serve content out of the S3 bucket Use Lambda@Edge to load different resources based on the User-Agent HTTP header
• C. Create separate Auto Scaling groups based on device types Switch to a Network Load Balancer (NLB) Use the User-Agent HTTP header in the NLB to route to a different set of EC2 instances.
• D. Create a separate ALB for each device type. Create one Auto Scaling group behind each ALB Use Amazon Route 53 to route to different ALBs depending on the User-Agent HTTP header

Answer: C

 

NEW QUESTION 94
A company has an on-premises Microsoft SQL Server database that writes a nightly 200 GB export to a local drive. The company wants to move the backups to more robust cloud storage on Amazon S3. The company has set up a 10 Gbps AWS Direct Connect connection between the on-premises data center and AWS. Which solution meets these requirements Most cost effectively?

• A. Create an Amazon FSx for Windows File Server Multi-AZ system within the VPC that is connected to the Direct Connect connection. Create a new SMB file share. Write nightly database exports to an SMB file share on the Amazon FSx file system. Enable nightly backups.
• B. Create a new S3 bucket Deploy an AWS Storage Gateway file gateway within the VPC that is connected to the Direct Connect connection. Create a new SMB file share. Write nightly database exports to the new SMB file share.
• C. Create a new S3 buckets. Deploy an AWS Storage Gateway volume gateway within the VPC that is connected to the Direct Connect connection. Create a new SMB file share. Write nightly database exports to the new SMB file share on the volume gateway, and automate copies of this data to an S3 bucket.
• D. Create an Amzon FSx for Windows File Server Single-AZ file system within the VPC that is connected to the Direct Connect connection. Create a new SMB file share. Write nightly database exports to an SMB file share on the Amazon FSx file system Enable backups.

Answer: B

 

NEW QUESTION 95
A company with global offices has a single 1 Gbps AWS Direct Connect connection to a single AWS Region. The company's on-premises network uses the connection to communicate with the company's resources in the AWS Cloud. The connection has a single private virtual interface that connects to a single VPC.
A solutions architect must implement a solution that adds a redundant Direct Connect connection in the same Region. The solution also must provide connectivity to other Regions through the same pair of Direct Connect connections as the company expands into other Regions.
Which solution meets these requirements?

• A. Keep the existing private virtual interface. Create the second Direct Connect connection. Create a new private virtual interface on the new connection, and connect the new private virtual interface to the single VPC.
• B. Provision a Direct Connect gateway. Delete the existing private virtual interface from the existing connection. Create the second Direct Connect connection. Create a new private virtual interlace on each connection, and connect both private victual interfaces to the Direct Connect gateway. Connect the Direct Connect gateway to the single VPC.
• C. Keep the existing private virtual interface. Create the second Direct Connect connection. Create a new public virtual interface on the new connection, and connect the new public virtual interface to the single VPC.
• D. Provision a transit gateway. Delete the existing private virtual interface from the existing connection. Create the second Direct Connect connection. Create a new private virtual interface on each connection, and connect both private virtual interfaces to the transit gateway. Associate the transit gateway with the single VPC.

Answer: B

 

NEW QUESTION 96
A solution architect is migrating an existing workload to AWS Fargate. The task can only run in a private subnet within the VPC where there is no direct connectivity from outside the system to the application. When the Fargate task is launched, the task fails with the following error:

How should the solution architect correct this error?

• A. Ensure the task Is set to DISABLED for the auto-assign public IP setting when launching the task.
  Configure a NAT gateway in the private subnet in the VPC to route requests to the internet
• B. Ensure the task is set to ENABLED for the auto-assign public IP selling when launching the task.
• C. Ensure the network mode is set to bridge in the Fargate task definition.
• D. Ensure the task is set to DISABLED for the auto-assign public IP setting when launching the task.
  Configure a NAT gateway in the public subnet in the VPC to route requests to the internet

Answer: A

 

NEW QUESTION 97
A user is planning to use EBS for his DB requirement. The user already has an EC2 instance running in the VPC private subnet.
How can the user attach the EBS volume to a running instance?

• A. The user can create EBS in the same zone as the subnet of instance and attach that EBS to instance.
• B. It is not possible to attach an EBS to an instance running in VPC until the instance is stopped.
• C. The user must create EBS within the same VPC and then attach it to a running instance.
• D. The user can specify the same subnet while creating EBS and then attach it to a running instance.

Answer: A

Explanation:
Explanation
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. The user can create subnets as per the requirement within a VPC. The VPC is always specific to a region. The user can create a VPC which can span multiple Availability Zones by adding one or more subnets in each Availability Zone.
The instance launched will always be in the same availability zone of the respective subnet. When creating an EBS the user cannot specify the subnet or VPC. However, the user must create the EBS in the same zone as the instance so that it can attach the EBS volume to the running instance.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#VPCSubnet

 

NEW QUESTION 98
A company has been using a third-party provider for its content delivery network and recently decided to switch to Amazon CloudFront the Development team wants to maximize performance for the global user base.
The company uses a content management system (CMS) that serves both static and dynamic content. The CMS is both md an Application Load Balancer (ALB) which is set as the default origin for the distribution.
Static assets are served from an Amazon S3 bucket. The Origin Access Identity (OAI) was created property d the S3 bucket policy has been updated to allow the GetObject action from the OAI, but static assets are receiving a 404 error Which combination of steps should the Solutions Architect take to fix the error? (Select TWO. )

• A. Add a behavior to the CloudFront distribution for the path pattern and the origin of the static assets
• B. Add a host header condition to the ALB listener and forward the header from CloudFront to add traffic to the allow list
• C. Add another origin to the CloudFront distribution for the static assets
• D. Add a path-based rule to the ALB to forward requests for the static assets
• E. Add an RTMP distribution to allow caching of both static and dynamic content

Answer: A,D

 

NEW QUESTION 99
......

AWS Certified SAP - Solutions Architect Exam Certification Path

Knowledge of the use of AWS resources in computing, networking, storage, and database AWS implementation, and operations systems hands-on insight. The capacity of an AWS-based program to recognize and specify functional specifications. The ability to define which AWS programs satisfy particular technological needs. Knowledge of recommended best practices for safe and trustworthy AWS platform applications. Understanding the core architectural tenets of AWS Cloud construction. AWS global infrastructure awareness. An understanding of AWS-related network technology. Understand the security characteristics and resources provided by AWS and its ties with conventional providers.

 

Verified SAP-C01 Exam Dumps Q&As - Provide SAP-C01 with Correct Answers: https://www.crampdf.com/SAP-C01-exam-prep-dumps.html

Pass Your SAP-C01 Dumps Free Latest Amazon Practice Tests: https://drive.google.com/open?id=1zqDyaksDdgEq8CMCVBoTl5gPMn_8tVQE