Free SAP-C01 Exam Braindumps (page: 27)

Page 27 of 134

A company has an asynchronous HTTP application that is hosted as an AWS Lambda function. A public Amazon API Gateway endpoint invokes the Lambda function. The Lambda function and the API Gateway endpoint reside in the us-east-1 Region. A solutions architect needs to redesign the application to support failover to another AWS Region.

Which solution will meet these requirements?

  1. Create an API Gateway endpoint in the us-west-2 Region to direct traffic to the Lambda function in us-east-1. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.
  2. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure API Gateway to direct traffic to the SQS queue instead of to the Lambda function. Configure the Lambda function to pull messages from the queue for processing.
  3. Deploy the Lambda function to the us-west-2 Region. Create an API Gateway endpoint in us-west-2 10 direct traffic to the Lambda function in us-west-2. Configure AWS Global Accelerator and an Application Load Balancer to manage traffic across the two API Gateway endpoints.
  4. Deploy the Lambda function and an API Gateway endpoint to the us-west-2 Region. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.

Answer(s): D

Explanation:

D) Deploy the Lambda function and an API Gateway endpoint to the us-west-2 Region. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.
This solution ensures that both the Lambda function and the API Gateway are deployed in the secondary region (us-west-2), providing a complete failover setup. By using Amazon Route 53 with a failover routing policy, traffic can be directed to the primary region (us-east-1) unless it is unhealthy, at which point it will automatically route traffic to the backup in the secondary region. This setup meets the requirement for failover while ensuring that the application remains operational in the event of a regional failure.



A retail company has structured its AWS accounts to be part of an organization in AWS Organizations. The company has set up consolidated billing and has mapped its departments to the following OUs: Finance, Sales, Human Resources (HR), Marketing, and Operations. Each OU has multiple AWS accounts, one for each environment within a department. These environments are development, test, pre-production, and production.

The HR department is releasing a new system that will launch in 3 months. In preparation, the HR department has purchased several Reserved Instances (RIs) in its production AWS account. The HR department will install the new application on this account. The HR department wants to make sure that other departments cannot share the RI discounts.

Which solution will meet these requirements?

  1. In the AWS Billing and Cost Management console for the HR department's production account turn off RI sharing.
  2. Remove the HR department's production AWS account from the organization. Add the account 10 the consolidating billing configuration only.
  3. In the AWS Billing and Cost Management console. use the organization’s management account 10 turn off RI Sharing for the HR departments production AWS account.
  4. Create an SCP in the organization to restrict access to the RIs. Apply the SCP to the OUs of the other departments.

Answer(s): C

Explanation:

To prevent other departments from sharing the Reserved Instance (RI) discounts in the HR department's production AWS account, you need to manage the RI sharing settings at the organizational level.

Option C allows you to use the management account of the AWS Organization to turn off RI sharing specifically for the HR department's production account. This ensures that the RIs purchased by the HR department will only apply to that account and cannot be utilized by any other accounts in the organization, effectively isolating the RI discounts as required.

Other options either do not directly address the need to restrict RI sharing (like A), would unnecessarily remove the account from the organization (B), or would not effectively prevent sharing as SCPs cannot restrict RI sharing directly (D). Thus, option C is the most suitable and efficient solution for the given requirements.



A large company is running a popular web application. The application runs on several Amazon EC2 Linux instances in an Auto Scaling group in a private subnet. An Application Load Balancer is targeting the instances in the Auto Scaling group in the private subnet. AWS Systems Manager Session Manager is configured, and AWS Systems Manager Agent is running on all the EC2 instances.

The company recently released a new version of the application. Some EC2 instances are now being marked as unhealthy and are being terminated. As a result, the application is running at reduced capacity. A solutions architect tries to determine the root cause by analyzing Amazon CloudWatch logs that are collected from the application, but the logs are inconclusive.

How should the solutions architect gain access to an EC2 instance to troubleshoot the issue?

  1. Suspend the Auto Scaling group’s HealthCheck scaling process. Use Session Manager to log in to an instance that is marked as unhealthy.
  2. Enable EC2 instance termination protection. Use Session Manager to log in to an instance that is marked as unhealthy.
  3. Set the termination policy to OldestInstance on the Auto Scaling group. Use Session Manager to log in to an instance that is marked an unhealthy.
  4. Suspend the Auto Scaling group’s Terminate process. Use Session Manager to log in to an instance that is marked as unhealthy.

Answer(s): D

Explanation:

To troubleshoot the issue with the unhealthy EC2 instances in the Auto Scaling group, the solutions architect should suspend the Auto Scaling group's Terminate process. This allows the affected instance to remain running even if it is marked as unhealthy. Once suspended, the architect can use AWS Systems Manager Session Manager to gain access to the instance without needing to rely on SSH access, which is especially useful in a private subnet where direct access may not be available.

Option D is the best approach because it ensures the instance stays up for investigation, allowing for troubleshooting of the application issues that are causing the unhealthy status. The other options either do not prevent termination of the instance or do not directly facilitate access for troubleshooting.



A company wants to deploy an AWS WAF solution to manage AWS WAF rules across multiple AWS accounts. The accounts are managed under different OUs in AWS Organizations.

Administrators must be able to add or remove accounts or OUs from managed AWS WAF rule sets as needed. Administrators also must have the ability to automatically update and remediate noncompliant AWS WAF rules in all accounts.

Which solution meets these requirements with the LEAST amount of operational overhead?

  1. Use AWS Firewall Manager to manage AWS WAF rules across accounts in the organization. Use an AWS Systems Manager Parameter Store parameter to store account numbers and OUs to manage. Update the parameter as needed to add or remove accounts or OUs. Use an Amazon EventBridge rule to identify any changes to the parameter and to invoke an AWS Lambda function to update the security policy in the Firewall Manager administrative account.
  2. Deploy an organization-wide AWS Config rule that requires all resources in the selected OUs to associate the AWS WAF rules. Deploy automated remediation actions by using AWS Lambda to fix noncompliant resources. Deploy AWS WAF rules by using an AWS CloudFormation stack set to target the same OUs where the AWS Config rule is applied.
  3. Create AWS WAF rules in the management account of the organization. Use AWS Lambda environment variables to store account numbers and OUs to manage. Update environment variables as needed to add or remove accounts or OUs. Create cross-account IAM roles in member accounts. Assume the roles by using AWS Security Token Service (AWS STS) in the Lambda function to create and update AWS WAF rules in the member accounts.
  4. Use AWS Control Tower to manage AWS WAF rules across accounts in the organization. Use AWS Key Management Service (AWS KMS) to store account numbers and OUs to manage. Update AWS KMS as needed to add or remove accounts or OUs. Create IAM users in member accounts. Allow AWS Control Tower in the management account to use the access key and secret access key to create and update AWS WAF rules in the member accounts.

Answer(s): A

Explanation:

The most efficient way to manage AWS WAF rules across multiple accounts in an organization is to use AWS Firewall Manager. This service allows centralized management of WAF rules, making it easier for administrators to add or remove accounts or OUs as needed.

Option A provides a streamlined approach by leveraging AWS Firewall Manager for rule management while using AWS Systems Manager Parameter Store to dynamically store and update the account numbers and OUs. The integration with Amazon EventBridge and AWS Lambda facilitates automated updates and remediation for noncompliant WAF rules across all accounts. This setup requires minimal operational overhead, as administrators can manage the parameter store easily and trigger necessary updates without extensive manual intervention.

The other options involve more complex setups or require more manual processes, which could lead to increased operational overhead, making Option A the most suitable choice for the given requirements.



Page 27 of 134



Post your Comments and Discuss Amazon SAP-C01 exam with other Community members:

Mike commented on October 08, 2024
Not bad at all
CANADA
upvote

Petro UA commented on October 01, 2024
hate DNS questions. So need to practice more
UNITED STATES
upvote

Gilbert commented on September 14, 2024
Cant wait to pass mine
Anonymous
upvote

Paresh commented on April 19, 2023
There were only 3 new questions that I did not see in this exam dumps. There rest of the questions were all word by word from this dump.
UNITED STATES
upvote

Matthew commented on October 18, 2022
An extremely helpful study package. I highly recommend.
UNITED STATES
upvote

Peter commented on June 23, 2022
I thought these were practice exam questions but they turned out to be real questoins from the actual exam.
NETHERLANDS
upvote

Henry commented on September 29, 2021
I do not have the words to thank you guys. Passing this exam was creting many scary thoughts. I am gold I used your braindumps and passed. I can get a beer and relax now.
AUSTRALIA
upvote

Nik commented on April 12, 2021
I would not be able to pass my exam without your help. You guys rock!
SINGAPOR
upvote

Rohit commented on January 09, 2021
Thank you for the 50% sale. I really appreicate this price cut during this extra ordinary time where everyone is having financial problem.
INDIA
upvote

Roger-That commented on December 23, 2020
The 20% holiday discount is a sweet deal. Thank you for the discount code.
UNITED STATES
upvote

Duke commented on October 23, 2020
It is helpful. Questions are real. Purcahse is easy but the only problem, there is no option to pay in Euro. Only USD.
GERMANY
upvote

Tan Jin commented on September 09, 2020
The questions from this exam dumps is valid. I got 88% in my exam today.
SINGAPORE
upvote

Dave commented on November 05, 2019
Useful practice questions to get a feel of the actual exam. Some of the answers are not correct so please exercise caution.
EUROPEAN UNION
upvote

Je commented on October 02, 2018
Great
UNITED STATES
upvote

Invisible Angel commented on January 11, 2018
Have yet to try. But most recommend it
NEW ZEALAND
upvote

Mic commented on December 26, 2017
Nice dumps, site is secure and checkout process is a breeze.
UNITED STATES
upvote