SAP-C01 (Page 13)

A large company with hundreds of AWS accounts has a newly established centralized internal process for purchasing new or modifying existing ReservedInstances.This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement or execution.Previously, business units would directly purchase or modify Reserved Instances in their own respective AWS accounts autonomously.Which combination of steps should be taken to proactively enforce the new process in the MOST secure way possible? (Choose two.)Read More →

A Solutions Architect wants to make sure that only AWS users or roles with suitable permissions can access a new Amazon API Gateway endpoint.The SolutionsArchitect wants an end-to-end view of each request to analyze the latency of the request and create service maps.How can the Solutions Architect design the API Gateway access control and perform request inspections?Read More →

A company experienced a breach of highly confidential personal information due to permission issues on an Amazon S3 bucket.The Information Security team has tightened the bucket policy to restrict access.Additionally, to be better prepared for future attacks, these requirements must be met:✑ Identify remote IP addresses that are accessing the bucket objects.✑ Receive alerts when the security policy on the bucket is changed.✑ Remediate the policy changes automatically.Which strategies should the Solutions Architect use?Read More →

A company uses Amazon S3 to host a web application.Currently, the company uses a continuous integration tool running on an Amazon EC2 instance that builds and deploys the application by uploading it to an S3 bucket.A Solutions Architect needs to enhance the security of the company’s platform with the following requirements:✑ A build process should be run in a separate account from the account hosting the web application.✑ A build process should have minimal access in the account it operates in.✑ Long-lived credentials should not be used.As a start, the Development team created two AWS accounts: one for the application named web account process; other is a named build account.Which solution should the Solutions Architect use to meet the security requirements?Read More →

A company has a web application that securely uploads pictures and videos to an Amazon S3 bucket.The company requires that only authenticated users are allowed to post content.The application generates a presigned URL that is used to upload objects through a browser interface.Most users are reporting slow upload times for objects larger than 100 MB.What can a Solutions Architect do to improve the performance of these uploads while ensuring only authenticated users are allowed to post content?Read More →

A company’s CISO has asked a Solutions Architect to re-engineer the company’s current CI/CD practices to make sure patch deployments to its applications can happen as quickly as possible with minimal downtime if vulnerabilities are discovered.The company must also be able to quickly roll back a change in case of errors.The web application is deployed in a fleet of Amazon EC2 instances behind an Application Load Balancer.The company is currently using GitHub to host the application source code, and has configured an AWS CodeBuild project to build the application.The company also intends to use AWS CodePipeline to trigger builds from GitHub commits using the existing CodeBuild project.What CI/CD configuration meets all of the requirements?Read More →

A large global financial services company has multiple business units.The company wants to allow Developers to try new services, but there are multiple compliance requirements for different workloads.The Security team is concerned about the access strategy for on-premises and AWS implementations.They would like to enforce governance for AWS services used by business teams for regulatory workloads, including Payment Card Industry (PCI) requirements.Which solution will address the Security team’s concerns and allow the Developers to try new services?Read More →

A company needs to migrate two individual applications from on premises to AWS:• The first application is a legacy custom application that is hosted on a physical Windows server.The application source code is no longer available.The application has little documentation, has hardcoded operating system configuration settings, and is used by an external third party.• The second application is an IBM Db2 database that is hosted on a single Linux VM that uses network-attached storage (NAS) to store the database data.The company uses this database internally for employee records.The applications are hosted in a data center that the company plans to decommission in 90 days.Where possible, the company must use managed AWS services.Which actions for migration should a solutions architect recommend to meet these requirements? (Choose two.)Read More →

A company wants to replace its call centersystem with a solution built using AWS managed services.The company call center would like the solution to receive calls, create contact flows, and scale to handle growth projections.The call center would also like the solution to use deep learning capabilities to recognize the intent of the callers and handle basic tasks, reducing the need to speak to an agent.The solution should also be able to query business applications and provide relevant information back to callers as requested.Which services should the Solutions Architect use to build this solution? (Choose three.)Read More →

A large company is migrating its entire IT portfolio to AWS.Each business unit in the company has a standalone AWS account that supports both development and test environments.New accounts to support production workloads will be needed soon.The Finance department requires a centralized method for payment but must maintain visibility into each group’s spending to allocate costs.The Security team requires a centralized mechanism to control IAM usage in all the company’s accounts.What combination of the following options meet the company’s needs with the LEAST effort? (Choose two.)Read More →