• Home
  • Articles
  • [Jul-2021] Pass Amazon SAP-C01 Exam in First Attempt Guaranteed! [Q34-Q52]

[Jul-2021] Pass Amazon SAP-C01 Exam in First Attempt Guaranteed! [Q34-Q52]

Share

[Jul-2021] Pass Amazon SAP-C01 Exam in First Attempt Guaranteed!

Full SAP-C01 Practice Test and 215 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 34
A user is trying to create a PIOPS EBS volume with 4000 IOPS and 100 GB size. AWS does not allow the user to create this volume.
What is the possible root cause for this?

  • A. The ratio between IOPS and the EBS volume is higher than 30
  • B. The maximum IOPS supported by EBS is 3000
  • C. The ratio between IOPS and the EBS volume is lower than 50
  • D. PIOPS is supported for EBS higher than 500 GB size

Answer: A

Explanation:
Explanation
A Provisioned IOPS (SSD) volume can range in size from 4 GiB to 16 TiB and you can provision up to 20,000 IOPS per volume. The ratio of IOPS provisioned to the volume size requested should be a maximum of 30; for example, a volume with 3000 IOPS must be at least 100 GB.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html#EBSVolumeTypes_piops

 

NEW QUESTION 35

Refer to the architecture diagram above of a batch processing solution using Simple Queue Service (SQS) to set up a message queue between EC2 instances which are used as batch processors Cloud Watch monitors the number of Job requests (queued messages) and an Auto Scaling group adds or deletes batch servers automatically based on parameters set in Cloud Watch alarms.
You can use this architecture to implement which of the following features in a cost effective and efficient manner?

  • A. Reduce the overall lime for executing jobs through parallel processing by allowing a busy EC2 instance that receives a message to pass it to the next instance in a daisy-chain setup.
  • B. Implement fault tolerance against EC2 instance failure since messages would remain in SQS and worn can continue with recovery of EC2 instances implement fault tolerance against SQS failure by backing up messages to S3.
  • C. Implement message passing between EC2 instances within a batch by exchanging messages through SQS.
  • D. Coordinate number of EC2 instances with number of job requests automatically thus Improving cost effectiveness.
  • E. Handle high priority jobs before lower priority jobs by assigning a priority metadata field to SQS messages.

Answer: D

Explanation:
Explanation
There are cases where a large number of batch jobs may need processing, and where the jobs may need to be re-prioritized.
For example, one such case is one where there are differences between different levels of services for unpaid users versus subscriber users (such as the time until publication) in services enabling, for example, presentation files to be uploaded for publication from a web browser. When the user uploads a presentation file, the conversion processes, for example, for publication are performed as batch processes on the system side, and the file is published after the conversion. Is it then necessary to be able to assign the level of priority to the batch processes for each type of subscriber?
Explanation of the Cloud Solution/Pattern
A queue is used in controlling batch jobs. The queue need only be provided with priority numbers. Job requests are controlled by the queue, and the job requests in the queue are processed by a batch server. In Cloud computing, a highly reliable queue is provided as a service, which you can use to structure a highly reliable batch system with ease. You may prepare multiple queues depending on priority levels, with job requests put into the queues depending on their priority levels, to apply prioritization to batch processes. The performance (number) of batch servers corresponding to a queue must be in accordance with the priority level thereof.
Implementation
In AWS, the queue service is the Simple Queue Service (SQS). Multiple SQS queues may be prepared to prepare queues for individual priority levels (with a priority queue and a secondary queue). Moreover, you may also use the message Delayed Send function to delay process execution.
Use SQS to prepare multiple queues for the individual priority levels.
Place those processes to be executed immediately (job requests) in the high priority queue.
Prepare numbers of batch servers, for processing the job requests of the queues, depending on the priority levels.
Queues have a message "Delayed Send" function. You can use this to delay the time for starting a process.
Configuration

Benefits
You can increase or decrease the number of servers for processing jobs to change automatically the processing speeds of the priority queues and secondary queues.
You can handle performance and service requirements through merely increasing or decreasing the number of EC2 instances used in job processing.
Even if an EC2 were to fail, the messages (jobs) would remain in the queue service, enabling processing to be continued immediately upon recovery of the EC2 instance, producing a system that is robust to failure.
Cautions
Depending on the balance between the number of EC2 instances for performing the processes and the number of messages that are queued, there may be cases where processing in the secondary queue may be completed first, so you need to monitor the processing speeds in the primary queue and the secondary queue.

 

NEW QUESTION 36
A company has decided to move some workloads onto AWS to create a grid environment to run market analytics. The grid will consist of many similar instances, spun-up by a job-scheduling function. Each time a large analytics workload is completed, a new VPC is deployed along with job scheduler and grid nodes. Multiple grids could be running in parallel.
Key requirements are:
* Grid instances must communicate with Amazon S3 retrieve data to be processed.
* Grid instances must communicate with Amazon DynamoDB to track intermediate data,
* The job scheduler need only to communicate with the Amazon EC2 API to start new grid nodes.
A key requirement is that the environment has no access to the internet, either directly or via the on-premises proxy. However, the application needs to be able to seamlessly communicate to Amazon S3, Amazon DynamoDB, and Amazon EC2 API, without the need for reconfiguration for each new deployment.
Which of the following should the Solutions Architect do to achieve this target architecture? (Choose three.)

  • A. Configure the application on the grid instances to use the private DNS name of the Amazon S3 endpoint.
  • B. Enable VPC endpoints for Amazon S3 and DynamoDB.
  • C. Populate the on-premises DNS server with the private IP addresses of the EC2 endpoint.
  • D. Enable an interface VPC endpoint for EC2.
  • E. Configure Amazon S3 endpoint policy to permit access only from the grid nodes.
  • F. Disable Private DNS Name Support.

Answer: A,B,D

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint/
https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html

 

NEW QUESTION 37
A company has an application that runs a web service on Amazon EC2 instances and stores .jpg images in Amazon S3. The web traffic has a predictable baseline, but often demand spikes unpredictably for short periods of time. The application is loosely coupled and stateless. The .jpg images stored in Amazon S3 are accessed frequently for the first 15 to 20 days, they are seldom accessed thereafter but always need to be immediately available. The CIO has asked to find ways to reduce costs.
Which of the following options will reduce costs? (Choose two.)

  • A. Use On-Demand instances for baseline capacity requirements and use Spot Fleet instances for the demand spikes.
  • B. Configure a lifecycle policy to move the .jpg images on Amazon S3 to Amazon Glacier after 30 days.
  • C. Purchase Reserved instances for baseline capacity requirements and use On-Demand instances for the demand spikes.
  • D. Configure a lifecycle policy to move the .jpg images on Amazon S3 to S3 IA after 30 days.
  • E. Create a script that checks the load on all web servers and terminates unnecessary On-Demand instances.

Answer: C,D

 

NEW QUESTION 38
A Solutions Architect must migrate an existing on-premises web application with 70 TB of static files supporting a public open-data initiative. The architect wants to upgrade to the latest version of the host operating system as part of the migration effort.
Which is the FASTEST and MOST cost-effective way to perform the migration?

  • A. Run a physical-to-virtual conversion on the application server. Transfer the server image over AWS Direct Connect, and transfer the static data to Amazon S3.
  • B. Re-platform the server to Amazon EC2, and use AWS Snowball to transfer the static data to Amazon S3.
  • C. Re-platform the server by using the AWS Server Migration Service to move the code and data to a new Amazon EC2 instance.
  • D. Run a physical-to-virtual conversion on the application server. Transfer the server image over the internet, and transfer the static data to Amazon S3.

Answer: B

 

NEW QUESTION 39
Is there any way to own a direct connection to Amazon Web Services?

  • A. No, AWS only allows access from the public Internet.
  • B. Yes, you can via Amazon Dedicated Connection
  • C. Yes, you can via AWS Direct Connect.
  • D. No, you can create an encrypted tunnel to VPC, but you cannot own the connection.

Answer: C

Explanation:
Explanation
AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS Direct Connect router. With this connection in place, you can create virtual interfaces directly to the AWS cloud (for example, to Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3)) and to Amazon Virtual Private Cloud (Amazon VPC), bypassing Internet service providers in your network path.
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

 

NEW QUESTION 40
A company has developed a single-page web application in JavaScript. The source code is stored in a single Amazon S3 bucket in the us-east-1 Region. The company serves the web application to a global user base through Amazon CloudFront.
The company wants to experiment with two versions of the website without informing application users. Each version of the website will reside in its own S3 bucket. The company wants to determine which version is most successful in marketing a new product.
The solution must send application users that are based in Europe to the new website design. The solution must send application users that are based in the United States to the current website design. However, some exceptions exist. The company needs to be able to redirect specific users to the new website design, regardless of the users' location.
Which solution meets these requirements?

  • A. Configure a single CloudFront distribution. Configure an alternate domain name on the distribution. Configure two behaviors to route users to the different S3 origins based on the domain name that the client uses in the HTTP request.
  • B. Configure a single CloudFront distribution. Create a behavior with different paths for each version of the site. Configure Lambda@Edge on the default path to generate redirects and send the client to the correct version of the website.
  • C. Configure two CloudFront distributions. Configure a geolocation routing policy in Amazon Route 53 to route traffic to the appropriate CloudFront endpoint based on the location of clients.

Answer: C

Explanation:
D.
Configure a single CloudFront distribution with Lambda@Edge. Use Lambda@Edge to send user requests to different origins based on request attributes.

 

NEW QUESTION 41
If a single condition within an IAM policy includes multiple values for one key, it will be evaluated using a logical______.

  • A. AND
  • B. NAND
  • C. OR
  • D. NOR

Answer: C

Explanation:
Explanation
If a single condition within an IAM policy includes multiple values for one key, it will be evaluated using a logical OR.
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html

 

NEW QUESTION 42
A company has an application that uses Amazon EC2 instances in an Auto Scaling group. The Quality Assurance (QA) department needs to launch a large number of short-lived environments to test the application.
The application environments are currently launched by the Manager of the department using an AWS CloudFormation template. To launch the stack, the Manager uses a role with permission to use CloudFormation, EC2 and Auto Scaling APIs. The Manager wants to allow testers to launch their own environments, but does not want to grant broad permission to each user. Which set up would achieve these goals?

  • A. Upload the AWS CloudFormation template to Amazon S3. Give users in the QA department permission to use CloudFormation and S3 APIs, with conditions that restrict the permission to the template and the resources it creates. Train users to launch the template form the CloudFormation console.
  • B. Create an AWS Elastic Beanstalk application from the environment template. Give users in the QA department permission to use Elastic Beanstalk permissions only. Train users to launch Elastic beanstalk environments with the Elastic Beanstalk CLI, passing the existing role to the environment as a service role.
  • C. Create an AWS Service Catalog product form the environment template. Add a launch constraint to the product with the existing role. Give users in the QA department permission to use AWS Service Catalog APIs only. Train users to launch the templates form the AWS Service Catalog console.
  • D. Upload the AWS CloudFormation template to Amazon S3. Give users in the QA department permission to assume the Manager's role and add a policy that restricts the permissions to the template and the resources it creates. Train users to launch the template from the CloudFormation console.

Answer: C

Explanation:
Explanation
https://aws.amazon.com/blogs/mt/how-to-launch-secure-and-governed-aws-resources-with-aws-cloudformation-

 

NEW QUESTION 43
A large company recently experienced an unexpected increase in Amazon RDS and Amazon DynamoDB costs. The company needs to increase visibility into delays of AWS Billing and Cost Management. There are various accounts associated with AWS Organizations, including many development and production accounts.
There is no consistent tagging strategy across the organization, but there are guidelines in place that require all infrastructure to be deployed using AWS CloudFormation with consistent tagging Management requires cost center numbers and project ID numbers for all existing and future DynamoOB tables and RDS instances.
Which strategy should the solutions architect provide to meet these requirements?

  • A. Use Tag Editor to tag existing resources. Create cost allocation tags to define the cost center and project ID and allow 24 hours for lags to propagate to existing resources.
  • B. Use an AWS Config rule to alert the finance team of untagged resources. Create a centralized AWS Lambda based solution to tag untagged RDS databases and DynamoOB resources every hour using a cross-account role
  • C. Use Tag Editor to tag existing resources. Create cost allocation lags to define the cost center and project ID Use SCPs to restrict resource creation that do not have the cost center and project ID on the resource.
  • D. Create cost allocation tags to define the cost center and project ID and allow 24 hours for tags to propagate to existing resources. Update existing federated roles to restrict privileges to provision resources that do not include the cost center and project ID on the resource

Answer: B

 

NEW QUESTION 44
A Solutions Architect is designing the storage layer for a recently purchased application. The application will be running on Amazon EC2 instances and has the following layers and requirements:
Data layer: A POSIX file system shared across many systems.
Service layer: Static file content that requires block storage with more than 100k IOPS.
Which combination of AWS services will meet these needs? (Choose two.)

  • A. Service layer - Amazon EC2 Ephemeral Storage
  • B. Data layer - Amazon S3
  • C. Data layer - Amazon EFS
  • D. Data layer - Amazon EC2 Ephemeral Storage
  • E. Service layer - Amazon EBS volumes with Provisioned IOPS

Answer: A,C

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/storage-optimized-instances.html

 

NEW QUESTION 45
A company had a tight deadline to migrate its on-premises environment to AWS. It moved over Microsoft SQL Servers and Microsoft Windows Servers using the virtual machine import/export service and rebuild other applications native to the cloud. The team created both Amazon EC2 databases and used Amazon RDS.
Each team in the company was responsible for migrating their applications, and they have created individual accounts for isolation of resources. The company did not have much time to consider costs, but now it would like suggestions on reducing its AWS spend.
Which steps should a Solutions Architect take to reduce costs?

  • A. Enable Cost Explorer and AWS Business Support Reserve Amazon EC2 and Amazon RDS DB instances. Use Amazon CloudWatch and AWS Trusted Advisor for monitoring and to receive cost-savings suggestions. Create a master account under Organizations and have teams join for consolidated billing.
  • B. Create an AWS Lambda function that changes the instance size based on Amazon CloudWatch alarms.
    Reserve instances based on AWS Simple Monthly Calculator suggestions. Have an AWS Well-Architected framework review and apply recommendations. Create a master account under Organizations and have teams join for consolidated billing.
  • C. Create a budget and monitor for costs exceeding the budget. Create Amazon EC2 Auto Scaling groups for applications that experience fluctuating demand. Create an AWS Lambda function that changes instance sizes based on Amazon CloudWatch alarms. Have each team upload their bill to an Amazon S3 bucket for analysis of team spending. Use Spot instances on nightly batch processing jobs.
  • D. Enable AWS Business Support and review AWS Trusted Advisor's cost checks. Create Amazon EC2 Auto Scaling groups for applications that experience fluctuating demand. Save AWS Simple Monthly Calculator reports in Amazon S3 for trend analysis. Create a master account under Organizations and have teams join for consolidating billing.

Answer: C

 

NEW QUESTION 46
A company is running a containerized application in the AWS Cloud. The application is running by using Amazon Elastic Container Service (Amazon ECS) on a set Amazon EC2 instances. The EC2 instances run in an Auto Scaling group.
The company uses Amazon Elastic Container Registry (Amazon ECRJ to store its container images When a new image version is uploaded, the new image version receives a unique tag The company needs a solution that inspects new image versions for common vulnerabilities and exposures The solution must automatically delete new image tags that have Cntical or High severity findings The solution also must notify the development team when such a deletion occurs Which solution meets these requirements'?

  • A. Schedule an AWS Lambda function to start a manual image scan every hour Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke another Lambda function when a scan is complete. Use the second Lambda function to delete the image tag for images that have Cnocal or High severity findings. Notify the development team by using Amazon Simple Notification Service (Amazon SNS)
  • B. Configure scan on push on the repository. Use Amazon EventBndge (Amazon ClouoWatch Events) to invoke an AWS Step Functions state machine when a scan is complete for images that have Cntical or High severity findings Use the Step Functions state machine to delete the image tag for those images and to notify the development team through Amazon Simple Notification Service (Amazon SNS)
  • C. Configure periodic image scan on the repository Configure scan results to be added to an Amazon Simple Queue Service (Amazon SQS) queue Invoke an AWS Step Functions state machine when a new message is added to the SQS queue Use the Step Functions state machine to delete the image tag for images that have Critical or High severity findings. Notify the development team by using Amazon Simple Email Service (Amazon SES).
  • D. Configure scan on push on the repository Configure scan results to be pushed to an Amazon Simple Queue Service (Amazon SQS) queue Invoke an AWS Lambda function when a new message is added to the SOS queue Use the Lambda function to delete the image tag for images that have Critical or High seventy findings. Notify the development team by using Amazon Simple Email Service (Amazon SES).

Answer: A

 

NEW QUESTION 47
A Solutions Architect has been asked to look at a company's Amazon Redshift cluster, which has quickly become an integral part of its technology and supports key business process. The Solutions Architect is to increase the reliability and availability of the cluster and provide options to ensure that if an issue arises, the cluster can either operate or be restored within four hours.
Which of the following solution options BEST addresses the business need in the most cost-effective manner?

  • A. Create two identical Amazon Redshift clusters in different regions (one as the primary, one as the secondary). Use Amazon S3 cross-region replication from the primary to secondary). Use Amazon S3 cross-region replication from the primary to secondary region, which triggers an AWS Lambda function to populate the cluster in the secondary region.
  • B. Ensure that the Amazon Redshift cluster has been set up to make use of Auto Scaling groups with the nodes in the cluster spread across multiple Availability Zones.
  • C. Ensure that the Amazon Redshift cluster creation has been template using AWS CloudFormation so it can easily be launched in another Availability Zone and data populated from the automated Redshift back-ups stored in Amazon S3.
  • D. Use Amazon Kinesis Data Firehose to collect the data ahead of ingestion into Amazon Redshift and create clusters using AWS CloudFormation in another region and stream the data to both clusters.

Answer: C

 

NEW QUESTION 48
A media company has a static web application that is generated programmatically. The company has a build pipeline that generates HTML content that is uploaded to an Amazon S3 bucket served by Amazon CloudFront. The build pipeline runs inside a Build Account. The S3 bucket and CloudFront distribution are in a Distribution Account. The build pipeline uploads the files to Amazon S3 using an IAM role in the Build Account. The S3 bucket has a bucket policy that only allows CloudFront to read objects using an origin access identity (OAI). During testing, all attempts to access the application using the CloudFront URL result in an HTTP 403 Access Denied response.
What should a solutions architect suggest to the company to allow access the objects in Amazon S3 through CloudFront?

  • A. Modify the S3 upload process in the Build Account to add the bucket-owner-full-control ACL to the objects at upload.
  • B. Create a new cross-account IAM role in the Distribution Account with write access to the S3 bucket.
    Modify the build pipeline to assume this role to upload the files to the Distribution Account.
  • C. Modify the S3 upload process in the Build Account to set the object owner to the Distribution Account.
  • D. Create a new IAM role in the Distribution Account with read access to the S3 bucket. Configure CloudFront to use this new role as its OAI. Modify the build pipeline to assume this role when uploading files from the

Answer: D

 

NEW QUESTION 49
You are implementing a URL whitelisting system for a company that wants to restrict outbound HTTP'S connections to specific domains from their EC2-hosted applications you deploy a single EC2 instance running proxy software and configure It to accept traffic from all subnets and EC2 instances in the VPC. You configure the proxy to only pass through traffic to domains that you define in its whitelist configuration You have a nightly maintenance window or 10 minutes where all instances fetch new software updates. Each update Is about 200MB In size and there are 500 instances In the VPC that routinely fetch updates After a few days you notice that some machines are failing to successfully download some, but not all of their updates within the maintenance window. The download URLs used for these updates are correctly listed in the proxy's whitelist configuration and you are able to access them manually using a web browser on the instances.
What might be happening? (Choose 2)

  • A. You are running the proxy on a sufficiently-sized EC2 instance in a private subnet and its network throughput is being throttled by a NAT running on an undersized EC2 instance.
  • B. You have not allocated enough storage to the EC2 instance running the proxy so the network buffer is filling up, causing some requests to fail.
  • C. The route table for the subnets containing the affected EC2 instances is not configured to direct network traffic for the software update locations to the proxy.
  • D. You are running the proxy on an undersized EC2 instance type so network throughput is not sufficient for all instances to download their updates in time.
  • E. You are running the proxy in a public subnet but have not allocated enough EIPs to support the needed network throughput through the Internet Gateway (IGW).

Answer: A,D

 

NEW QUESTION 50
In Amazon IAM, what is the maximum length for a role name?

  • A. 128 characters
  • B. 64 characters
  • C. 512 characters
  • D. 256 characters

Answer: B

Explanation:
Explanation
In Amazon IAM, the maximum length for a role name is 64 characters.
http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html

 

NEW QUESTION 51
A solutions architect has implemented a SAML 2.0 federated identity solution with their company's on-premises identity provider (IdP) to authenticate users' access to the AWS environment. When the solutions architect tests authentication through the federated identity web portal, access to the AWS environment is granted. However, when test users attempt to authenticate through the federated identity web portal, they are not able to access the AWS environment.
Which items should the solutions architect check to ensure identity federation is properly configured? (Select THREE.)

  • A. The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider, the ARN of the IAM role, and the SAML assertion from IdR
  • B. The IAM user's permissions policy has allowed the use of SAML federation for that user.
  • C. The on-premises IdP's DNS hostname is reachable from the AWS environment VPCs.
  • D. The IAM roles created for the federated users' or federated groups' trust policy have set the SAML provider as the principal.
  • E. The company's IdP defines SAML assertions that properly map users or groups in the company to IAM roles with appropriate permissions.
  • F. Test users are not in the AWSFederatedUsers group in the company's IdR

Answer: A,D,E

Explanation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html

 

NEW QUESTION 52
......

Prepare for your Amazon certification with the updated PassLeader SAP-C01 exam questions: https://drive.google.com/open?id=16XvS5ssia4acmAhizeZIZZMd7zVGrfkK

Get Latest SAP-C01 Dumps Exam Questions in here: https://www.passleader.top/Amazon/SAP-C01-exam-braindumps.html

Related Articles

more
Amazon SAP-C01 Certification Practice Exam