SAP-C01 (Page 29)

A company wants to migrate its website from an on-premises data center onto AWS.At the same time, it wants to migrate the website to a containerized microservice-based architecture to improve the availability and cost efficiency.The company’s security policy states that privileges and network permissions must be configured according to best practice, using least privilege.A Solutions Architect must create a containerized architecture that meets the security requirements and has deployed the application to an Amazon ECS cluster.What steps are required after the deployment to meet the requirements? (Choose two.)Read More →

As a part of building large applications in the AWS Cloud, the Solutions Architect is required to implement the perimeter security protection.Applications running on AWS have the following endpoints:✑ Application Load Balancer✑ Amazon API Gateway regional endpoint✑ Elastic IP address-based EC2 instances.✑ Amazon S3 hosted websites.✑ Classic Load BalancerThe Solutions Architect must design a solution to protect all of the listed web front ends and provide the following security capabilities:✑ DDoS protection✑ SQL injection protection✑ IP address whitelist/blacklist✑ HTTP flood protection✑ Bad bot scraper protectionHow should the Solutions Architect design the solution?Read More →

A solutions architect must analyze a company’s Amazon EC2 instances and Amazon Elastic Block Store (Amazon EBS) volumes to determine whether the company is using resources efficiently.The company is running several large, high-memory EC2 instances to host database clusters that are deployed in active/ passive configurations.The utilization of these EC2 instances varies by the applications that use the databases, and the company has not identified a pattern.The solutions architect must analyze the environment and take action based on the findings.Which solution meets these requirements MOST cost-effectively?Read More →

A company needs to create a centralized logging architecture for all of its AWS accounts.The architecture should provide near-real-time data analysis for all AWSCloudTrail logs and VPC Flow Logs across all AWS accounts.The company plans to use Amazon Elasticsearch Service (Amazon ES) to perform log analysis in the logging account.Which strategy a solutions architect use to meet these requirements?Read More →

A company runs an application on AWS.An AWS Lambda function uses credentials to authenticate to an Amazon RDS for MySQL DB instance.A security risk assessment identified that these credentials are not frequently rotated.Also, encryption at rest is not enabled for the DB instance.The security team requires that both of these issues be resolved.Which strategy should a solutions architect recommend to remediate these security risks?Read More →

A company is deploying a third-party firewall appliance solution from AWS Marketplace to monitor and protect traffic that leaves the company’s AWS environments. The company wants to deploy this appliance into a shared services VPC and route all outbound internet-bound traffic through the appliances.A solutions architect needs to recommend a deployment method that prioritizes reliability and minimizes failover time between firewall appliances within a singleAWS Region. The company has set up routing from the shared services VPC to other VPCs.Which steps should the solutions architect recommend to meet these requirements? (Choose three.)Read More →

An enterprise company wants to implement cost controls for all its accounts in AWS Organizations, which has full features enabled.The company has mapped organizational units (OUs) to its business units, and it wants to bill these business units for their individual AWS spending.There has been a recent spike in the company’s AWS bill, which is generating attention from the Finance team.A Solutions Architect needs to investigate the cause of the spike while designing a solution that will track AWS costs in Organizations and generate a notification to the required teams if costs from a business unit exceed a specific monetary threshold.Which solution will meet these requirements?Read More →

A company has multiple lines of business (LOBs) that roll up to the parent company.The company has asked its solutions architect to develop a solution with the following requirements:✑ Produce a single AWS invoice for all of the AWS accounts used by its LOBs.✑ The costs for each LOB account should be broken out on the invoice.✑ Provide the ability to restrict services and features in the LOB accounts, as defined by the company’s governance policy.✑ Each LOB account should be delegated full administrator permissions, regardless of the governance policy.Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)Read More →

A video streaming company recently launched a mobile app for video sharing.The app uploads various files to an Amazon S3 bucket in the us-east-1 Region.The files range in size from 1 GB to 10 GB.Users who access the app from Australia have experienced uploads that take long periods of time.Sometimes the files fail to completely upload for these users.A solutions architect must improve the app’s performance for these uploads.Which solutions will meet these requirements? (Choose two.)Read More →

A company wants to launch an online shopping website in multiple countries and must ensure that customers are protected against potential `man-in-the-middle` attacks.Which architecture will provide the MOST secure site access?Read More →