CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SAP-C01

Free SAP-C01 Exam Braindumps (page: 77)

Page 77 of 134
PDF with 529 Questions

A company uses AWS Organizations to manage a multi-account structure. The company has hundreds of AWS accounts and expects the number of accounts to increase. The company is building a new application that uses Docker images. The company will push the Docker images to Amazon Elastic Container Registry (Amazon ECR). Only accounts that are within the company’s organization should have access to the images.

The company has a CI/CD process that runs frequently. The company wants to retain all the tagged images. However, the company wants to retain only the five most recent untagged images.

Which solution will meet these requirements with the LEAST operational overhead?

  1. Create a private repository in Amazon ECR. Create a permissions policy for the repository that allows only required ECR operations. Include a condition to allow the ECR operations if the value of the aws:PrincipalOrglD condition key is equal to the ID of the company’s organization. Add a lifecycle rule to the ECR repository that deletes all untagged images over the count of five
  2. Create a public repository in Amazon ECR. Create an IAM role in the ECR account. Set permissions so that any account can assume the role if the value of the aws:PrincipalOrglD condition key is equal to the ID of the company’s organization. Add a lifecycle rule to the ECR repository that deletes all untagged images over the count of five.
  3. Create a private repository in Amazon ECR. Create a permissions policy for the repository that includes only required ECR operations. Include a condition to allow the ECR operations for all account IDs in the organization Schedule a daily Amazon EventBridge rule to invoke an AWS Lambda function that deletes all untagged images over the count of five.
  4. Create a public repository in Amazon ECR. Configure Amazon ECR to use an interface VPC endpoint with an endpoint policy that includes the required permissions for images that the company needs to pull. Include a condition to allow the ECR operations for all account IDs in the company’s organization. Schedule a daily Amazon EventBridge rule to invoke an AWS Lambda function that deletes all untagged images over the count of five.

Answer(s): A

Explanation:

To meet the company's requirements of restricting access to ECR images to accounts within the company's AWS Organization, while managing Docker image retention effectively, the solution with the least operational overhead is:
A)
-Private repository in Amazon ECR: This is ideal for limiting access to the company's organization.
-Permissions policy with aws:PrincipalOrgID condition key: This allows the company to restrict access to the repository to all accounts within the organization, ensuring only authorized accounts can access the Docker images. This meets the security requirement.
-Lifecycle rule for untagged images: The lifecycle rule automatically deletes all untagged images over the count of five, which meets the retention policy without requiring manual intervention or a scheduled job (like Lambda). This minimizes operational overhead.
Other options:
-B) uses a public repository, which is unnecessary for limiting access within an organization, and creates security risks.
-C introduces additional complexity with a Lambda function for image deletion, which increases operational overhead.
-D also uses a public repository and requires unnecessary scheduling for cleanup, adding to operational overhead.
Thus, A provides the least operational overhead while meeting both the security and retention requirements.



A solutions architect is reviewing a company's process for taking snapshots of Amazon RDS DB instances. The company takes automatic snapshots every day and retains the snapshots for 7 days.

The solutions architect needs to recommend a solution that takes snapshots every 6 hours and retains the snapshots for 30 days. The company uses AWS Organizations to manage all of its AWS accounts. The company needs a consolidated view of the health of the RDS snapshots.

Which solution will meet these requirements with the LEAST operational overhead?

  1. Turn on the cross-account management feature in AWS Backup. Create a backup plan that specifies the frequency and retention requirements. Add a tag to the DB instances. Apply the backup plan by using tags. Use AWS Backup to monitor the status of the backups.
  2. Turn on the cross-account management feature in Amazon RDS. Create a snapshot global policy that specifies the frequency and retention requirements. Use the RDS console in the management account to monitor the status of the backups.
  3. Turn on the cross-account management feature in AWS CloudFormation. From the management account, deploy a CloudFormation stack set that contains a backup plan from AWS Backup that specifies the frequency and retention requirements. Create an AWS Lambda function in the management account to monitor the status of the backups. Create an Amazon EventBridge rule in each account to run the Lambda function on a schedule.
  4. Configure AWS Backup in each account. Create an Amazon Data Lifecycle Manager lifecycle policy that specifies the frequency and retention requirements. Specify the DB instances as the target resource Use the Amazon Data Lifecycle Manager console in each member account to monitor the status of the backups.

Answer(s): A

Explanation:

The most appropriate solution to meet the requirements with the least operational overhead is:
A.
-AWS Backup is a centralized service that allows for backup management across accounts and services like Amazon RDS. By turning on cross-account management in AWS Backup, the company can consolidate its backup and snapshot management across multiple AWS accounts within an organization.
-Backup plan: AWS Backup provides the capability to create a backup plan that specifies the required backup frequency (every 6 hours) and retention period (30 days). The plan can be applied to RDS DB instances based on tags, which simplifies the process of managing the backup lifecycle.
-Monitoring with AWS Backup: AWS Backup can be used to monitor the status of backups across multiple accounts, providing a consolidated view of the backup health, which minimizes the operational overhead compared to setting up custom Lambda functions or other manual interventions.
This solution reduces manual setup and overhead because AWS Backup automates snapshot management and monitoring across accounts without requiring additional tools or custom solutions.



A company is using AWS Organizations with a multi-account architecture. The company's current security configuration for the account architecture includes SCPs, resource-based policies, identity-based policies, trust policies, and session policies.

A solutions architect needs to allow an IAM user in Account A to assume a role in Account B.

Which combination of steps must the solutions architect take to meet this requirement? (Choose three.)

  1. Configure the SCP for Account A to allow the action.
  2. Configure the resource-based policies to allow the action.
  3. Configure the identity-based policy on the user in Account A to allow the action.
  4. Configure the identity-based policy on the user in Account B to allow the action.
  5. Configure the trust policy on the target role in Account B to allow the action.
  6. Configure the session policy to allow the action and to be passed programmatically by the GetSessionToken API operation.

Answer(s): A,C,E

Explanation:

To allow an IAM user in Account A to assume a role in Account B, the solutions architect must complete the following steps:
-A. Configure the SCP (Service Control Policy) for Account A to allow the action. SCPs control the maximum available permissions within an organization. If an SCP restricts role assumption across accounts, it must be adjusted to allow this action.
-C. Configure the identity-based policy on the user in Account A to allow the action. This policy must explicitly allow the user in Account A to assume the role in Account B by including the sts:AssumeRole permission.
-E. Configure the trust policy on the target role in Account B to allow the action. The trust policy on the role in Account B must trust the user (or entity) in Account A, enabling the user to assume the role.
These steps ensure that the IAM user in Account A has the necessary permissions and that Account B allows this role assumption through its trust policy.



A company wants to use Amazon S3 to back up its on-premises file storage solution. The company’s on-premises file storage solution supports NFS, and the company wants its new solution to support NFS. The company wants to archive the backup files after 5 days. If the company needs archived files for disaster recovery, the company is willing to wait a few days for the retrieval of those files.

Which solution meets these requirements MOST cost-effectively?

  1. Deploy an AWS Storage Gateway file gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the file gateway. Create an S3 Lifecycle rule to move the files to S3 Standard-Infrequent Access (S3 Standard-IA) after 5 days.
  2. Deploy an AWS Storage Gateway volume gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the volume gateway. Create an S3 Lifecycle rule to move the files to S3 Glacier Deep Archive after 5 days.
  3. Deploy an AWS Storage Gateway tape gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the tape gateway. Create an S3 Lifecycle rule to move the files to S3 Standard-Infrequent Access (S3 Standard-IA) after 5 days.
  4. Deploy an AWS Storage Gateway file gateway that is associated with an S3 bucket. Move the files from the on-premises file storage solution to the file gateway. Create an S3 Lifecycle rule to move the files to S3 Glacier Deep Archive after 5 days.

Answer(s): D

Explanation:

The most cost-effective solution for backing up on-premises file storage that uses NFS and wants to archive files after 5 days while being willing to wait a few days for disaster recovery retrieval is:
D. Deploy an AWS Storage Gateway file gateway that is associated with an Amazon S3 bucket. This solution allows the company to:
-Use NFS, which is supported by the file gateway.
-Move the files to S3 for backup.
-Apply an S3 Lifecycle rule to automatically transition the files to S3 Glacier Deep Archive after 5 days, which is the most cost-effective storage class for long-term archiving. Retrieval from Glacier Deep Archive can take a few days, which aligns with the company's willingness to wait for disaster recovery.
This approach meets the company's requirements in terms of both NFS support and cost-effective archiving.



Page 77 of 134



Post your Comments and Discuss Amazon SAP-C01 exam with other Community members:

Mike commented on October 08, 2024
Not bad at all
CANADA
upvote

Petro UA commented on October 01, 2024
hate DNS questions. So need to practice more
UNITED STATES
upvote

Gilbert commented on September 14, 2024
Cant wait to pass mine
Anonymous
upvote

Paresh commented on April 19, 2023
There were only 3 new questions that I did not see in this exam dumps. There rest of the questions were all word by word from this dump.
UNITED STATES
upvote

Matthew commented on October 18, 2022
An extremely helpful study package. I highly recommend.
UNITED STATES
upvote

Peter commented on June 23, 2022
I thought these were practice exam questions but they turned out to be real questoins from the actual exam.
NETHERLANDS
upvote

Henry commented on September 29, 2021
I do not have the words to thank you guys. Passing this exam was creting many scary thoughts. I am gold I used your braindumps and passed. I can get a beer and relax now.
AUSTRALIA
upvote

Nik commented on April 12, 2021
I would not be able to pass my exam without your help. You guys rock!
SINGAPOR
upvote

Rohit commented on January 09, 2021
Thank you for the 50% sale. I really appreicate this price cut during this extra ordinary time where everyone is having financial problem.
INDIA
upvote

Roger-That commented on December 23, 2020
The 20% holiday discount is a sweet deal. Thank you for the discount code.
UNITED STATES
upvote

Duke commented on October 23, 2020
It is helpful. Questions are real. Purcahse is easy but the only problem, there is no option to pay in Euro. Only USD.
GERMANY
upvote

Tan Jin commented on September 09, 2020
The questions from this exam dumps is valid. I got 88% in my exam today.
SINGAPORE
upvote

Dave commented on November 05, 2019
Useful practice questions to get a feel of the actual exam. Some of the answers are not correct so please exercise caution.
EUROPEAN UNION
upvote

Je commented on October 02, 2018
Great
UNITED STATES
upvote

Invisible Angel commented on January 11, 2018
Have yet to try. But most recommend it
NEW ZEALAND
upvote

Mic commented on December 26, 2017
Nice dumps, site is secure and checkout process is a breeze.
UNITED STATES
upvote