Free SAP-C01 Exam Braindumps (page: 32)

Page 32 of 134

A delivery company needs to migrate its third-party route planning application to AWS. The third party supplies a supported Docker image from a public registry. The image can run in as many containers as required to generate the route map.

The company has divided the delivery area into sections with supply hubs so that delivery drivers travel the shortest distance possible from the hubs to the customers. To reduce the time necessary to generate route maps, each section uses its own set of Docker containers with a custom configuration that processes orders only in the section's area.

The company needs the ability to allocate resources cost-effectively based on the number of running containers.

Which solution will meet these requirements with the LEAST operational overhead?

  1. Create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on Amazon EC2. Use the Amazon EKS CLI to launch the planning application in pods by using the --tags option to assign a custom tag to the pod.
  2. Create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on AWS Fargate. Use the Amazon EKS CLI to launch the planning application. Use the AWS CLI tag-resource API call to assign a custom tag to the pod.
  3. Create an Amazon Elastic Container Service (Amazon ECS) cluster on Amazon EC2. Use the AWS CLI with run-tasks set to true to launch the planning application by using the --tags option to assign a custom tag to the task.
  4. Create an Amazon Elastic Container Service (Amazon ECS) cluster on AWS Fargate. Use the AWS CLI run-task command and set enableECSManagedTags to true to launch the planning application. Use the --tags option to assign a custom tag to the task.

Answer(s): D

Explanation:

The best solution to meet the requirements of the delivery company with the least operational overhead is:

D) Create an Amazon Elastic Container Service (Amazon ECS) cluster on AWS Fargate. Use the AWS CLI run-task command and set enableECSManagedTags to true to launch the planning application. Use the --tags option to assign a custom tag to the task.

This solution is optimal for several reasons:

AWS Fargate: This serverless compute engine for containers allows the company to run containers without managing the underlying EC2 instances. This significantly reduces operational overhead because it abstracts away the infrastructure management.
Dynamic Resource Allocation: With Fargate, the company can easily scale the number of containers based on demand, allowing cost-effective resource allocation based on the number of running containers.
Managed Tags: By using enableECSManagedTags, the company can automatically manage and track resources, making it easier to categorize and manage costs effectively.
Overall, this approach provides a scalable, flexible, and low-maintenance solution for running the third-party application in a containerized environment.



A software company hosts an application on AWS with resources in multiple AWS accounts and Regions. The application runs on a group of Amazon EC2 instances in an application VPC located in the us-east-1 Region with an IPv4 CIDR block of 10.10.0.0/16. In a different AWS account, a shared services VPC is located in the us-east-2 Region with an IPv4 CIDR block of 10.10.10.0/24. When a cloud engineer uses AWS CloudFormation to attempt to peer the application VPC with the shared services VPC, an error message indicates a peering failure.

Which factors could cause this error? (Choose two.)

  1. The IPv4 CIDR ranges of the two VPCs overlap
  2. The VPCs are not in the same Region
  3. One or both accounts do not have access to an Internet gateway
  4. One of the VPCs was not shared through AWS Resource Access Manager
  5. The IAM role in the peer accepter account does not have the correct permissions

Answer(s): A,E

Explanation:

The factors that could cause the peering failure between the application VPC and the shared services VPC are:

A) The IPv4 CIDR ranges of the two VPCs overlap.

The CIDR blocks provided (10.10.0.0/16 for the application VPC and 10.10.10.0/24 for the shared services VPC) show that there is an overlap in the address space. Peering connections cannot be established between VPCs if their IP address ranges overlap, which would lead to a peering failure.
B) The VPCs are not in the same Region.

Peering connections must be established between VPCs in the same region or through inter-region VPC peering. However, the current setup indicates that one VPC is in us-east-1 and the other is in us-east-2, which does not inherently prevent peering but indicates that a cross-region peering connection must be specifically supported and configured correctly.
C) One or both accounts do not have access to an Internet gateway.

This factor is not relevant to the peering itself; VPC peering does not depend on Internet gateways since it is meant for private communication between VPCs.
D) One of the VPCs was not shared through AWS Resource Access Manager.

This is also not directly related to VPC peering. AWS Resource Access Manager (RAM) is used for sharing resources across accounts, but the ability to peer VPCs does not require sharing through RAM.
E) The IAM role in the peer accepter account does not have the correct permissions.

If the IAM role that is being used to accept the peering request does not have the necessary permissions to create VPC peering connections, this could prevent the peering from being established successfully.
Thus, the correct answers indicating factors that could cause the peering failure are A and E.



An external audit of a company’s serverless application reveals IAM policies that grant too many permissions. These policies are attached to the company's AWS Lambda execution roles. Hundreds of the company's Lambda functions have broad access permissions such as full access to Amazon S3 buckets and Amazon DynamoDB tables. The company wants each function to have only the minimum permissions that the function needs to complete its task.

A solutions architect must determine which permissions each Lambda function needs.

What should the solutions architect do to meet this requirement with the LEAST amount of effort?

  1. Set up Amazon CodeGuru to profile the Lambda functions and search for AWS API calls. Create an inventory of the required API calls and resources for each Lambda function. Create new IAM access policies for each Lambda function. Review the new policies to ensure that they meet the company's business requirements.
  2. Turn on AWS CloudTrail logging for the AWS account. Use AWS Identity and Access Management Access Analyzer to generate IAM access policies based on the activity recorded in the CloudTrail log. Review the generated policies to ensure that they meet the company's business requirements.
  3. Turn on AWS CloudTrail logging for the AWS account. Create a script to parse the CloudTrail log, search for AWS API calls by Lambda execution role, and create a summary report. Review the report. Create IAM access policies that provide more restrictive permissions for each Lambda function.
  4. Turn on AWS CloudTrail logging for the AWS account. Export the CloudTrail logs to Amazon S3. Use Amazon EMR to process the CloudTrail logs in Amazon S3 and produce a report of API calls and resources used by each execution role. Create a new IAM access policy for each role. Export the generated roles to an S3 bucket. Review the generated policies to ensure that they meet the company’s business requirements.

Answer(s): B

Explanation:

To meet the requirement of identifying and assigning the least privilege permissions to the AWS Lambda functions with the least amount of effort, the best approach is:
B) Turn on AWS CloudTrail logging for the AWS account. Use AWS Identity and Access Management (IAM) Access Analyzer to generate IAM access policies based on the activity recorded in the CloudTrail log. Review the generated policies to ensure that they meet the company's business requirements.
-Why this is the best option:
oAWS CloudTrail provides a comprehensive log of API calls made within the AWS account, including those made by Lambda functions. By enabling CloudTrail, the solutions architect can capture detailed activity logs.
oIAM Access Analyzer can analyze the CloudTrail logs and generate IAM policies based on actual usage, identifying the minimum permissions needed for each Lambda function. This approach automates much of the work involved in auditing permissions and significantly reduces manual effort.
oOnce the policies are generated, the architect can review and adjust them to ensure compliance with business requirements, ensuring that only the necessary permissions are granted.
This solution minimizes operational overhead and effort while providing a clear pathway to implement least privilege access effectively.



A solutions architect must analyze a company’s Amazon EC2 instances and Amazon Elastic Block Store (Amazon EBS) volumes to determine whether the company is using resources efficiently. The company is running several large, high-memory EC2 instances to host database clusters that are deployed in active/passive configurations. The utilization of these EC2 instances varies by the applications that use the databases, and the company has not identified a pattern.

The solutions architect must analyze the environment and take action based on the findings.

Which solution meets these requirements MOST cost-effectively?

  1. Create a dashboard by using AWS Systems Manager OpsCenter. Configure visualizations for Amazon CloudWatch metrics that are associated with the EC2 instances and their EBS volumes. Review the dashboard periodically, and identify usage patterns. Rightsize the EC2 instances based on the peaks in the metrics.
  2. Turn on Amazon CloudWatch detailed monitoring for the EC2 instances and their EBS volumes. Create and review a dashboard that is based on the metrics. Identify usage patterns. Rightsize the EC2 instances based on the peaks in the metrics.
  3. Install the Amazon CloudWatch agent on each of the EC2 instances. Turn on AWS Compute Optimizer, and let it run for at least 12 hours. Review the recommendations from Compute Optimizer, and rightsize the EC2 instances as directed.
  4. Sign up for the AWS Enterprise Support plan. Turn on AWS Trusted Advisor. Wait 12 hours. Review the recommendations from Trusted Advisor, and rightsize the EC2 instances as directed.

Answer(s): C

Explanation:

To analyze the company's Amazon EC2 instances and Amazon EBS volumes for efficient resource usage, the best solution is:
C) Install the Amazon CloudWatch agent on each of the EC2 instances. Turn on AWS Compute Optimizer, and let it run for at least 12 hours. Review the recommendations from Compute Optimizer, and rightsize the EC2 instances as directed.
-Why this is the best option:
oAWS Compute Optimizer provides insights into how to optimize your AWS resources for performance and cost. By enabling it, the solutions architect can get detailed recommendations for rightsizing EC2 instances based on actual usage patterns and performance data.
oThe CloudWatch agent enhances monitoring capabilities by collecting additional metrics that can help identify performance bottlenecks and utilization trends.
oThis approach allows for informed decisions based on actual resource usage rather than assumptions, ensuring that the company can effectively reduce costs while maintaining performance.
oSince AWS Compute Optimizer specifically focuses on resource efficiency and provides actionable insights, it directly addresses the requirement to analyze and optimize the use of EC2 instances and EBS volumes.
This solution is both effective and cost-efficient, leveraging existing AWS services to analyze and optimize resource usage.



Page 32 of 134



Post your Comments and Discuss Amazon SAP-C01 exam with other Community members:

Mike commented on October 08, 2024
Not bad at all
CANADA
upvote

Petro UA commented on October 01, 2024
hate DNS questions. So need to practice more
UNITED STATES
upvote

Gilbert commented on September 14, 2024
Cant wait to pass mine
Anonymous
upvote

Paresh commented on April 19, 2023
There were only 3 new questions that I did not see in this exam dumps. There rest of the questions were all word by word from this dump.
UNITED STATES
upvote

Matthew commented on October 18, 2022
An extremely helpful study package. I highly recommend.
UNITED STATES
upvote

Peter commented on June 23, 2022
I thought these were practice exam questions but they turned out to be real questoins from the actual exam.
NETHERLANDS
upvote

Henry commented on September 29, 2021
I do not have the words to thank you guys. Passing this exam was creting many scary thoughts. I am gold I used your braindumps and passed. I can get a beer and relax now.
AUSTRALIA
upvote

Nik commented on April 12, 2021
I would not be able to pass my exam without your help. You guys rock!
SINGAPOR
upvote

Rohit commented on January 09, 2021
Thank you for the 50% sale. I really appreicate this price cut during this extra ordinary time where everyone is having financial problem.
INDIA
upvote

Roger-That commented on December 23, 2020
The 20% holiday discount is a sweet deal. Thank you for the discount code.
UNITED STATES
upvote

Duke commented on October 23, 2020
It is helpful. Questions are real. Purcahse is easy but the only problem, there is no option to pay in Euro. Only USD.
GERMANY
upvote

Tan Jin commented on September 09, 2020
The questions from this exam dumps is valid. I got 88% in my exam today.
SINGAPORE
upvote

Dave commented on November 05, 2019
Useful practice questions to get a feel of the actual exam. Some of the answers are not correct so please exercise caution.
EUROPEAN UNION
upvote

Je commented on October 02, 2018
Great
UNITED STATES
upvote

Invisible Angel commented on January 11, 2018
Have yet to try. But most recommend it
NEW ZEALAND
upvote

Mic commented on December 26, 2017
Nice dumps, site is secure and checkout process is a breeze.
UNITED STATES
upvote