CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SAP-C01

Free SAP-C01 Exam Braindumps (page: 50)

Page 50 of 134
PDF with 529 Questions

A company is using an organization in AWS Organizations to manage hundreds of AWS accounts. A solutions architect is working on a solution to provide baseline protection for the Open Web Application Security Project (OWASP) top 10 web application vulnerabilities. The solutions architect is using AWS WAF for all existing and new Amazon CloudFront distributions that are deployed within the organization.

Which combination of steps should the solutions architect take to provide the baseline protection? (Choose three.)

  1. Enable AWS Config in all accounts
  2. Enable Amazon GuardDuty in all accounts
  3. Enable all features for the organization
  4. Use AWS Firewall Manager to deploy AWS WAF rules in all accounts for all CloudFront distributions
  5. Use AWS Shield Advanced to deploy AWS WAF rules in all accounts for all CloudFront distributions
  6. Use AWS Security Hub to deploy AWS WAF rules in all accounts for all CloudFront distributions

Answer(s): A,C,D

Explanation:

-A) Enable AWS Config in all accounts: AWS Config is essential for tracking configuration changes and compliance across all accounts. It ensures that security measures like AWS WAF and other services are properly monitored and consistently applied across the organization.
-C) Enable all features for the organization: Enabling all features in AWS Organizations allows centralized management and the use of AWS Security and Compliance services like AWS Firewall Manager across all AWS accounts. This step is necessary for organization-wide security control.
-D) Use AWS Firewall Manager to deploy AWS WAF rules in all accounts for all CloudFront distributions: AWS Firewall Manager simplifies the deployment and management of AWS WAF rules across multiple AWS accounts and resources, including CloudFront distributions, ensuring baseline protection against OWASP top 10 vulnerabilities.
This combination ensures centralized, consistent security policies across all accounts with minimal operational overhead.



A solutions architect has implemented a SAML 2.0 federated identity solution with their company's on-premises identity provider (IdP) to authenticate users' access to the AWS environment. When the solutions architect tests authentication through the federated identity web portal, access to the AWS environment is granted. However, when test users attempt to authenticate through the federated identity web portal, they are not able to access the AWS environment.

Which items should the solutions architect check to ensure identity federation is properly configured? (Choose three.)

  1. The IAM user's permissions policy has allowed the use of SAML federation for that user.
  2. The IAM roles created for the federated users' or federated groups' trust policy have set the SAML provider as the principal.
  3. Test users are not in the AWSFederatedUsers group in the company's IdP.
  4. The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider, the ARN of the IAM role, and the SAML assertion from IdP.
  5. The on-premises IdP's DNS hostname is reachable from the AWS environment VPCs.
  6. The company's IdP defines SAML assertions that properly map users or groups. In the company to IAM roles with appropriate permissions.

Answer(s): B,C,E

Explanation:

-B) The IAM roles created for the federated users' or federated groups' trust policy have set the SAML provider as the principal: The trust policy of the IAM roles must properly set the SAML provider as the principal to allow federated users access to AWS resources. Without this, the SAML assertions won't map correctly, causing access issues.
-C) Test users are not in the AWSFederatedUsers group in the company's IdP: Federated users must belong to the correct group in the IdP for their SAML assertions to map to the corresponding IAM roles in AWS. Ensuring the users are in the right group is critical for proper access.
-F) The company's IdP defines SAML assertions that properly map users or groups to IAM roles with appropriate permissions: The SAML assertions from the IdP must be correctly configured to map users or groups to corresponding IAM roles with appropriate permissions in AWS. This ensures that users receive the permissions they are entitled to when authenticating.
These checks ensure proper configuration for the federated identity solution.



A solutions architect needs to improve an application that is hosted in the AWS Cloud. The application uses an Amazon Aurora MySQL DB instance that is experiencing overloaded connections. Most of the application’s operations insert records into the database. The application currently stores credentials in a text-based configuration file.

The solutions architect needs to implement a solution so that the application can handle the current connection load. The solution must keep the credentials secure and must provide the ability to rotate the credentials automatically on a regular basis.

Which solution will meet these requirements?

  1. Deploy an Amazon RDS Proxy layer. In front of the DB instance. Store the connection credentials as a secret in AWS Secrets Manager.
  2. Deploy an Amazon RDS Proxy layer in front of the DB instance. Store the connection credentials in AWS Systems Manager Parameter Store
  3. Create an Aurora Replica. Store the connection credentials as a secret in AWS Secrets Manager
  4. Create an Aurora Replica. Store the connection credentials in AWS Systems Manager Parameter Store.

Answer(s): A

Explanation:

-A) Deploy an Amazon RDS Proxy layer in front of the DB instance. Store the connection credentials as a secret in AWS Secrets Manager: RDS Proxy helps manage and pool database connections efficiently, which can reduce the load on the database by reusing connections. Storing the credentials in AWS Secrets Manager ensures that the credentials are kept secure and can be rotated automatically. This solution addresses both the connection load issue and the need for secure and regularly rotated credentials.
This approach meets the requirements for connection load management and credential security with minimal operational complexity.



A company needs to build a disaster recovery (DR) solution for its ecommerce website. The web application is hosted on a fleet of t3.large Amazon EC2 instances and uses an Amazon RDS for MySQL DB instance. The EC2 instances are in an Auto Scaling group that extends across multiple Availability Zones.

In the event of a disaster, the web application must fail over to the secondary environment with an RPO of 30 seconds and an RTO of 10 minutes.

Which solution will meet these requirements MOST cost-effectively?

  1. Use infrastructure as code (IaC) to provision the new infrastructure in the DR Region. Create a cross-Region read replica for the DB instance. Set up a backup plan in AWS Backup to create cross-Region backups for the EC2 instances and the DB instance. Create a cron expression to back up the EC2 instances and the DB instance every 30 seconds to the DR Region. Recover the EC2 instances from the latest EC2 backup. Use an Amazon Route 53 geolocation routing policy to automatically fail over to the DR Region in the event of a disaster.
  2. Use infrastructure as code (IaC) to provision the new infrastructure in the DR Region. Create a cross-Region read replica for the DB instance. Set up AWS Elastic Disaster Recovery to continuously replicate the EC2 instances to the DR Region. Run the EC2 instances at the minimum capacity in the DR Region. Use an Amazon Route 53 failover routing policy to automatically fail over to the DR Region in the event of a disaster. Increase the desired capacity of the Auto Scaling group.
  3. Set up a backup plan in AWS Backup to create cross-Region backups for the EC2 instances and the DB instance. Create a cron expression to back up the EC2 instances and the DB instance every 30 seconds to the DR Region. Use infrastructure as code (IaC) to provision the new infrastructure in the DR Region. Manually restore the backed-up data on new instances. Use an Amazon Route 53 simple routing policy to automatically fail over to the DR Region in the event of a disaster.
  4. Use infrastructure as code (IaC) to provision the new infrastructure in the DR Region. Create an Amazon Aurora global database. Set up AWS Elastic Disaster Recovery to continuously replicate the EC2 instances to the DR Region. Run the Auto Scaling group of EC2 instances at full capacity in the DR Region. Use an Amazon Route 53 failover routing policy to automatically fail over to the DR Region in the event of a disaster.

Answer(s): B

Explanation:

-B) Use infrastructure as code (IaC) to provision the new infrastructure in the DR Region. Create a cross-Region read replica for the DB instance. Set up AWS Elastic Disaster Recovery to continuously replicate the EC2 instances to the DR Region. Run the EC2 instances at the minimum capacity in the DR Region. Use an Amazon Route 53 failover routing policy to automatically fail over to the DR Region in the event of a disaster. Increase the desired capacity of the Auto Scaling group: This solution is cost-effective and meets the RPO of 30 seconds and the RTO of 10 minutes. The cross-Region read replica ensures near-real-time data availability in the DR Region, and AWS Elastic Disaster Recovery ensures continuous replication of EC2 instances. Running EC2 instances at the minimum capacity in the DR Region saves costs while ensuring quick recovery. Route 53 failover routing allows for automatic failover to the DR Region in case of a disaster.
This solution balances cost and performance while meeting the RPO and RTO requirements.



Page 50 of 134



Post your Comments and Discuss Amazon SAP-C01 exam with other Community members:

Mike commented on October 08, 2024
Not bad at all
CANADA
upvote

Petro UA commented on October 01, 2024
hate DNS questions. So need to practice more
UNITED STATES
upvote

Gilbert commented on September 14, 2024
Cant wait to pass mine
Anonymous
upvote

Paresh commented on April 19, 2023
There were only 3 new questions that I did not see in this exam dumps. There rest of the questions were all word by word from this dump.
UNITED STATES
upvote

Matthew commented on October 18, 2022
An extremely helpful study package. I highly recommend.
UNITED STATES
upvote

Peter commented on June 23, 2022
I thought these were practice exam questions but they turned out to be real questoins from the actual exam.
NETHERLANDS
upvote

Henry commented on September 29, 2021
I do not have the words to thank you guys. Passing this exam was creting many scary thoughts. I am gold I used your braindumps and passed. I can get a beer and relax now.
AUSTRALIA
upvote

Nik commented on April 12, 2021
I would not be able to pass my exam without your help. You guys rock!
SINGAPOR
upvote

Rohit commented on January 09, 2021
Thank you for the 50% sale. I really appreicate this price cut during this extra ordinary time where everyone is having financial problem.
INDIA
upvote

Roger-That commented on December 23, 2020
The 20% holiday discount is a sweet deal. Thank you for the discount code.
UNITED STATES
upvote

Duke commented on October 23, 2020
It is helpful. Questions are real. Purcahse is easy but the only problem, there is no option to pay in Euro. Only USD.
GERMANY
upvote

Tan Jin commented on September 09, 2020
The questions from this exam dumps is valid. I got 88% in my exam today.
SINGAPORE
upvote

Dave commented on November 05, 2019
Useful practice questions to get a feel of the actual exam. Some of the answers are not correct so please exercise caution.
EUROPEAN UNION
upvote

Je commented on October 02, 2018
Great
UNITED STATES
upvote

Invisible Angel commented on January 11, 2018
Have yet to try. But most recommend it
NEW ZEALAND
upvote

Mic commented on December 26, 2017
Nice dumps, site is secure and checkout process is a breeze.
UNITED STATES
upvote