Question 1

A software company needs to create short-lived test environments to test pull requests as part of its development process. Each test environment consists of a single Amazon EC2 instance that is in an Auto Scaling group. The test environments must be able to communicate with a central server to report test results. The central server is located in an on-premises data center. A solutions architect must implement a solution so that the company can create and delete test environments without any manual intervention. The company has created a transit gateway with a VPN attachment to the on-premises network. Which solution will meet these requirements with the LEAST operational overhead?

Options :

A :

Create an AWS CloudFormation template that contains a transit gateway attachment and related routing configurations. Create a CloudFormation stack set that includes this template. Use CloudFormation StackSets to deploy a new stack for each VPC in the account. Deploy a new VPC for each test environment.

B :

Create a single VPC for the test environments. Include a transit gateway attachment and related routing configurations. Use AWS CloudFormation to deploy all test environments into the VPC.

C :

Create a new OU in AWS Organizations for testing. Create an AWS CloudFormation template that contains a VPC, necessary networking resources, a transit gateway attachment, and related routing configurations. Create a CloudFormation stack set that includes this template. Use CloudFormation StackSets for deployments into each account under the testing 01.1. Create a new account for each test environment.

D :

Convert the test environment EC2 instances into Docker images. Use AWS CloudFormation to configure an Amazon Elastic Kubernetes Service (Amazon EKS) cluster in a new VPC, create a transit gateway attachment, and create related routing configurations. Use Kubernetes to manage the deployment and lifecycle of the test environments.

Answer: B

Question 2

A software company is using three AWS accounts for each of its 1 0 development teams The company has

developed an AWS CloudFormation standard VPC template that includes three NAT gateways The template is

added to each account for each team The company is concerned that network costs will increase each time a

new development team is added A solutions architect must maintain the reliability of the company's solutions

and minimize operational complexity What should the solutions architect do to reduce the network costs while meeting these requirements?

Options :

A :

Create a single VPC with three NAT gateways in a shared services account Configure each account VPC with a default route through a transit gateway to the NAT gateway in the shared services account VPC Remove all NAT gateways from the standard VPC template

B : Create a single VPC with three NAT gateways in a shared services account Configure each account VPC with a default route through a VPC peering connection to the NAT gateway in the shared services account VPC Remove all NAT gateways from the standard VPC template

C : Remove two NAT gateways from the standard VPC template Rely on the NAT gateway SLA to cover reliability for the remaining NAT gateway.

D : Create a single VPC with three NAT gateways in a shared services account Configure a Site-to-Site VPN connection from each account to the shared services account Remove all NAT gateways from the standard VPC template

Answer: A

Question 3

A cryptocurrency exchange company has recently signed up for a 3rd party online auditing system, which is also using AWS, to perform regulatory compliance audits on their cloud systems. The online auditing system needs to access certain AWS resources in your network to perform the audit.

In this scenario, which of the following approach is the most secure way of providing access to the 3rd party online auditing system?

Options :

A : Create a new IAM user and assign a user policy to the IAM user that allows full and unrestricted access to all AWS resources. Create a new access and secret key for the IAM user and provide these credentials to the 3rd party auditing company.

B : Create a new IAM role for cross-account access which allows the online auditing system account to assume the role. Assign it a policy that allows only the actions required for the compliance audit.

C : Create a new IAM role for cross-account access which allows the online auditing system account to assume the role. Assign a policy that allows full and unrestricted access to all AWS resources.

D : Create a new IAM user and assign a user policy to the IAM user that allows only the actions required by the online audit system. Create a new access and secret key for the IAM user and provide these credentials to the 3rd party auditing company.

Answer: B

Question 4

A publishing company's design team updates the icons and other static assets that an ecommerce web

application uses. The company serves the icons and assets from an Amazon S3 bucket that is hosted in the

company's production account. The company also uses a development account that members of the design

team can access.

After the design team tests the static assets in the development account, the design team needs to load the

assets into the S3 bucket in the production account. A solutions architect must provide the design team with

access to the production account without exposing other parts of the web application to the risk of unwanted

changes.

Which combination of steps will meet these requirements? (Select THREE.)

Options :

A :

In the production account, create a new IAM policy that allows read and write access to the S3 bucket.

B : In the development account, create a new IAM policy that allows read and write access to the S3 bucket.

C :

In the production account, create a role. Attach the new policy to the role. Define the development

account as a trusted entity.

D :

In the development account, create a role. Attach the new policy to the role. Define the production

account as a trusted entity.

E :

In the development account, create a group that contains all the IAM users of the design team. Attach a

different IAM policy to the group to allow the sts:AssumeRole action on the role in the production

account.

F :

In the development account, create a group that contains all tfje IAM users of the design team. Attach a

different IAM policy to the group to allow the sts;AssumeRole action on the role in the development

account.

Answer: A,C,E

Question 5

A company wants to migrate its data analytics environment from on premises to AWS The environment

consists of two simple Node js applications One of the applications collects sensor data and loads it into a

MySQL database The other application aggregates the data into reports When the aggregation jobs run. some

of the load jobs fail to run correctly

The company must resolve the data loading issue The company also needs the migration to occur without

interruptions or changes for the company's customers

What should a solutions architect do to meet these requirements?

Options :

A :

Set up an Amazon Aurora MySQL database as a replication target for the on-premises database Create

an Aurora Replica for the Aurora MySQL database, and move the aggregation jobs to run against the

Aurora Replica Set up collection endpomts as AWS Lambda functions behind a Network Load Balancer

(NLB). and use Amazon RDS Proxy to wnte to the Aurora MySQL database When the databases are

synced disable the replication job and restart the Aurora Replica as the primary instance. Point the

collector DNS record to the NLB.

B :

Set up an Amazon Aurora MySQL database Use AWS Database Migration Service (AWS DMS) to

perform continuous data replication from the on-premises database to Aurora Move the aggregation jobs

to run against the Aurora MySQL database Set up collection endpomts behind an Application Load

Balancer (ALB) as Amazon EC2 instances in an Auto Scaling group When the databases are synced,

point the collector DNS record to the ALB Disable the AWS DMS sync task after the cutover from on

premises to AWS

C :

Set up an Amazon Aurora MySQL database Use AWS Database Migration Service (AWS DMS) to

perform continuous data replication from the on-premises database to Aurora Create an Aurora Replica

for the Aurora MySQL database and move the aggregation jobs to run against the Aurora Replica Set up

collection endpoints as AWS Lambda functions behind an Application Load Balancer (ALB) and use

Amazon RDS Proxy to write to the Aurora MySQL database When the databases are synced, point the

collector DNS record to the ALB Disable the AWS DMS sync task after the cutover from on premises

to AWS

D :

Set up an Amazon Aurora MySQL database Create an Aurora Replica for the Aurora MySQL database

and move the aggregation jobs to run against the Aurora Replica Set up collection endpoints as an

Amazon Kinesis data stream Use Amazon Kinesis Data Firehose to replicate the data to the Aurora

MySQL database When the databases are synced disable the replication job and restart the Aurora

Replica as the primary instance Point the collector DNS record to the Kinesis data stream.

Answer: C

Higher Test Marks with Free Online SAP-C02 Exam Practice

Buying Options: