Question 1

A fleet of Amazon ECS instances is used to poll an Amazon SQS queue and update items in an Amazon

DynamoDB database Items in the table are not being updated, and the SQS queue Is filling up Amazon

CloudWatch Logs are showing consistent 400 errors when attempting to update the table The provisioned

write capacity units are appropriately configured, and no throttling is occurring What is the LIKELY cause of the failure*?

Options :

A : The ECS service was deleted

B : The ECS configuration does not contain an Auto Scaling group

C : The ECS instance task execution IAM role was modified

D : The ECS task role was modified

Answer: D

Question 2

A company has an organization in AWS Organizations. The company is using AWS Control Tower to deploy

a landing zone for the organization. The company wants to implement governance and policy enforcement.

The company must implement a policy that will detect Amazon RDS DB instances that are not encrypted at

rest in the company’s production OU.

Which solution will meet this requirement?

Options :

A :

Turn on mandatory guardrails in AWS Control Tower. Apply the mandatory guardrails to the production

OU

B :

Enable the appropriate guardrail from the list of strongly recommended guardrails in AWS Control

Tower. Apply the guardrail to the production OU.

C :

Use AWS Config to create a new mandatory guardrail. Apply the rule to all accounts in the production

OU.

D : Create a custom SCP in AWS Control Tower. Apply the SCP to the production OU.

Answer: B

Question 3

A company operates a fleet of servers on premises and operates a fleet of Amazon EC2 instances in its organization in AWS Organizations. The company's AWS accounts contain hundreds of VPCs. The company wants to connect its AWS accounts to its on-premises network. AWS Site-to-Site VPN connections are already established to a single AWS account. The company wants to control which VPCs can communicate with other VPCs. Which combination of steps will achieve this level of control with the LEAST operational effort? (Choose three.)

Options :

A :

Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).

B : Configure attachments to all VPCs and VPNs.

C : Set up transit gateway route tables. Associate the VPCs and VPNs with the route tables.

D : Configure VPC peering between the VPCs.

E : Configure attachments between the VPCs and VPNs.

F : Set up route tables on the VPCs and VPNs.

Answer: A,B,C

Question 4

A company is using a single AWS Region (or its ecommerce website. The website includes a web application

that runs on several Amazon EC2 instances behind an Application Load Balancer (ALB). The website also

includes an Amazon DynamoDB table. A custom domain name in Amazon Route 53 is linked to the ALB.

The company created an SSL/TLS certificate in AWS Certificate Manager (ACM) and attached the certificate

to the ALB. The company is not using a content delivery network as part of its design.

The company wants to replicate its entire application stack in a second Region to provide disaster recovery,

plan for future growth, and provide improved access time to users. A solutions architect needs to implement a

solution that achieves these goals and minimizes administrative overhead.

Which combination of steps should the solutions architect take to meet these requirements? (Select THREE.)

Options :

A :

Create an AWS Cloud Formation template for the current infrastructure design. Use parameters for

important system values, including Region. Use the CloudFormation template to create the new

infrastructure in the second Region.

B :

Use the AWS Management Console to document the existing infrastructure design in the first Region

and to create the new infrastructure in the second Region.

C :

Update the Route 53 hosted zone record for the application to use weighted routing. Send 50% of the

traffic to the ALB in each Region.

D :

Update the Route 53 hosted zone record for the application to use latency-based routing. Send traffic to

the ALB in each Region.

E :

Update the configuration of the existing DynamoDB table by enabling DynamoDB Streams Add the

second Region to create a global table.

F :

Create a new DynamoDB table. Enable DynamoDB Streams for the new table. Add the second Region

to create a global table. Copy the data from the existing DynamoDB table to the new table as a one-time

operation.

Answer: A,D

Question 5

A company has a few AWS accounts for development and wants to move its production application to AWS. The company needs to enforce Amazon Elastic Block Store (Amazon EBS) encryption at rest current production accounts and future production accounts only. The company needs a solution that includes built-in blueprints and guardrails.

Which combination of steps will meet these requirements? (Choose three.)

Options :

A : Use AWS CloudFormation StackSets to deploy AWS Config rules on production accounts.

B : Create a new AWS Control Tower landing zone in an existing developer account. Create OUs for accounts. Add production and development accounts to production and development OUs, respectively.

C : Create a new AWS Control Tower landing zone in the company-s management account. Add production and development accounts to production and development OUs. respectively.

D : Invite existing accounts to join the organization in AWS Organizations. Create SCPs to ensure compliance.

E : Create a guardrail from the management account to detect EBS encryption.

F : Create a guardrail for the production OU to detect EBS encryption.

Answer: C,D,F

Higher Test Marks with Free Online SAP-C02 Exam Practice

Buying Options: