A company is storing data in several Amazon DynamoDB tables. A solutions architect must use a serverless architecture to make the data accessible publicly through a simple API over HTTPS. The solution must scale automatically in response to demand.Which solutions meet these requirements? (Choose two.)
Answer(s): A,C
A) Create an Amazon API Gateway REST API. Configure this API with direct integrations to DynamoDB by using API Gateway’s AWS integration type andC) Create an Amazon API Gateway HTTP API. Configure this API with integrations to AWS Lambda functions that return data from the DynamoDB tables are the correct answers because they both meet the requirements of making data accessible publicly through a simple API over HTTPS.Amazon API Gateway is a serverless option that automatically scales in response to demand, making it suitable for this architecture.API Gateway's AWS integration type allows direct interaction with DynamoDB without needing intermediary Lambda functions in the case of the REST API.Using AWS Lambda for the HTTP API option adds flexibility in handling requests and returning data from DynamoDB tables.Both options allow for a scalable, serverless architecture that integrates with DynamoDB and responds to HTTPS requests.
A company has registered 10 new domain names. The company uses the domains for online marketing. The company needs a solution that will redirect online visitors to a specific URL for each domain. All domains and target URLs are defined in a JSON document. All DNS records are managed by Amazon Route 53.A solutions architect must implement a redirect service that accepts HTTP and HTTPS requests.Which combination of steps should the solutions architect take to meet these requirements with the LEAST amount of operational effort? (Choose three.)
Answer(s): B,C,F
B) Create an Application Load Balancer that includes HTTP and HTTPS listeners,C) Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect URL, andF) Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names are the correct answers because they provide a low operational effort solution for setting up domain redirection.Application Load Balancer (ALB) allows handling both HTTP and HTTPS requests, ensuring the redirect service can accept traffic over both protocols.AWS Lambda provides a serverless way to handle the redirects based on the JSON document, ensuring that the appropriate URL is returned.AWS Certificate Manager (ACM) provides SSL certificates for secure HTTPS connections with minimal operational overhead, allowing you to include multiple domain names with Subject Alternative Names (SANs) in a single certificate.This combination creates a cost-efficient, scalable, and secure solution with minimal operational effort.
A company that has multiple AWS accounts is using AWS Organizations. The company’s AWS accounts host VPCs, Amazon EC2 instances, and containers.The company’s compliance team has deployed a security tool in each VPC where the company has deployments. The security tools run on EC2 instances and send information to the AWS account that is dedicated for the compliance team. The company has tagged all the compliance-related resources with a key of “costCenter” and a value or “compliance”.The company wants to identify the cost of the security tools that are running on the EC2 instances so that the company can charge the compliance team’s AWS account. The cost calculation must be as accurate as possible.What should a solutions architect do to meet these requirements?
Answer(s): A
A) In the management account of the organization, activate the costCenter user-defined tag. Configure monthly AWS Cost and Usage Reports to save to an Amazon S3 bucket in the management account. Use the tag breakdown in the report to obtain the total cost for the costCenter tagged resources is the correct answer because the AWS Cost and Usage Report (CUR) provides detailed cost allocation data, including custom tags like costCenter. By enabling the tag in the management account and configuring the Cost and Usage Reports to be stored in an S3 bucket, the company can get a detailed breakdown of costs associated with the tagged resources, making it possible to accurately charge the compliance team's account.
A company has 50 AWS accounts that are members of an organization in AWS Organizations. Each account contains multiple VPCs. The company wants to use AWS Transit Gateway to establish connectivity between the VPCs in each member account. Each time a new member account is created, the company wants to automate the process of creating a new VPC and a transit gateway attachment.Which combination of steps will meet these requirements? (Choose two.)
A) From the management account, share the transit gateway with member accounts by using AWS Resource Access Manager andC) Launch an AWS CloudFormation stack set from the management account that automatically creates a new VPC and a VPC transit gateway attachment in a member account. Associate the attachment with the transit gateway in the management account by using the transit gateway ID are the correct answers.AWS Resource Access Manager (RAM) allows the sharing of resources such as transit gateways across AWS accounts within an organization, which is crucial for setting up the connectivity between VPCs across multiple accounts.AWS CloudFormation stack sets automate the creation of new VPCs and transit gateway attachments in member accounts, ensuring that the process is streamlined whenever new accounts are added. This automation ensures consistency and reduces manual configuration errors.This combination ensures the connectivity and automation needed to manage the multi-account VPC setup using AWS Transit Gateway.
An enterprise company wants to allow its developers to purchase third-party software through AWS Marketplace. The company uses an AWS Organizations account structure with full features enabled, and has a shared services account in each organizational unit (OU) that will be used by procurement managers. The procurement team’s policy indicates that developers should be able to obtain third-party software from an approved list only and use Private Marketplace in AWS Marketplace to achieve this requirement. The procurement team wants administration of Private Marketplace to be restricted to a role named procurement-manager-role, which could be assumed by procurement managers. Other IAM users, groups, roles, and account administrators in the company should be denied Private Marketplace administrative access.What is the MOST efficient way to design an architecture to meet these requirements?
Answer(s): C
C) Create an IAM role named procurement-manager-role in all the shared services accounts in the organization. Add the AWSPrivateMarketplaceAdminFullAccess managed policy to the role. Create an organization root-level SCP to deny permissions to administer Private Marketplace to everyone except the role named procurement-manager-role. Create another organization root-level SCP to deny permissions to create an IAM role named procurement-manager-role to everyone in the organization is the correct answer.This solution efficiently restricts administrative access to Private Marketplace while allowing only the procurement managers to manage it through the procurement-manager-role in shared services accounts. The Service Control Policies (SCPs) at the organization root level enforce these restrictions across the entire AWS Organization, preventing unauthorized access to manage Private Marketplace or to create an impersonating role. This ensures compliance with the procurement team's policy while minimizing operational overhead.This design meets the company’s requirements for security and control over the management of AWS Marketplace, ensuring that only approved software is available for developers through Private Marketplace.
Post your Comments and Discuss Amazon SAP-C02 exam dumps with other Community members:
AWS Learner Commented on April 11, 2025 This sample questions for SAP-C02 exam really helped me pass the exam from the first try. Anonymous
Mini monk Commented on March 09, 2025 Didn't test yet Anonymous
ry Commented on February 12, 2025 very helpful Anonymous
Vlad Commented on February 06, 2024 This is my 2nd time getting a test from you for AWS and first one worked out well lets hope this one does too UNITED STATES
Darnell Morris Commented on February 05, 2024 I'm looking forward to passing the AWS Solutions Architect Professional exam. My system crashed with my previous purchase and my subscription expired therefore I need to renew. UNITED STATES
Roberts Commented on October 24, 2023 I gave the AWS SAP-C02 test and studied through as it has latest mock tests available which helped me evaluate my performance and got me 906/1000. Anonymous
Andrew Commented on August 23, 2023 very helpful Anonymous
Mukesh Commented on July 10, 2023 Good questions UNITED KINGDOM
Mukesh Commented on July 10, 2023 good questions UNITED KINGDOM
Willard Commented on March 18, 2023 This guide is a one-way ticket to Successville - Passed my exam and now I am the mayor! AUSTRALIA
Mora Commented on February 09, 2023 Free-Braindumps.com helped me ace my exam. The practice practice questions were spot on and the explanations were helpful. UNITED STATES