SAP-C01 (Page 43)

A company is running a serverless application that consists of several AWS Lambda functions and Amazon DynamoDB tables.The company has created new functionality that requires the Lambda functions to access an Amazon Neptune DB cluster.The Neptune DB cluster is located in three subnets in a VPC.Which of the possible solutions will allow the Lambda functions to access the Neptune DB cluster and DynamoDB tables? (Choose two.)Read More →

A company is running multiple workloads in the AWS Cloud.The company has separate units for software development.The company uses AWS Organizations and federation with SAML to give permissions to developers to manage resources in their AWS accounts.The development units each deploy their production workloads into a common production account.Recently, an incident occurred in the production account in which members of a development unit terminated an EC2 instance that belonged to a different development unit.A solutions architect must create a solution that prevents a similar incident from happening in the future.The solution also must allow developers the possibility to manage the instances used for their workloads.Which strategy will meet these requirements?Read More →

A company runs an e-commerce platform with front-end and e-commerce tiers.Both tiers run on LAMP stacks with the front-end instances running behind a load balancing appliance that has a virtual offering on AWS.Currently, the Operations team uses SSH to log in to the instances to maintain patches and address other concerns.The platform has recently been the target of multiple attacks, including:✑ A DDoS attack.✑ An SQL injection attack.✑ Several successful dictionary attacks on SSH accounts on the web servers.The company wants to improve the security of the e-commerce platform by migrating to AWS.The company’s Solutions Architects have decided to use the following approach:✑ Code review the existing application and fix any SQL injection issues.✑ Migrate the web application to AWS and leverage the latest AWS Linux AMI to address initial security patching.✑ Install AWS Systems Manager to manage patching and allow the system administrators to run commands on all instances, as needed.allWhat additional steps will addressof the identified attack types while providing high availability and minimizing risk?Read More →

A company wants to migrate its on-premises data center to the AWS Cloud.This includes thousands of virtualized Linux and Microsoft Windows servers, SAN storage, Java and PHP applications with MYSQL, and Oracle databases.There are many dependent services hosted either in the same data center or externally.The technical documentation is incomplete and outdated.A solutions architect needs to understand the current environment and estimate the cloud resource costs after the migration.Which tools or services should solutions architect use to plan the cloud migration? (Choose three.)Read More →

A company is launching a web-based application in multiple regions around the world.The application consists of both static content stored in a private AmazonS3 bucket and dynamic content hosted in Amazon ECS containers content behind an Application Load Balancer (ALB).The company requires that the static and dynamic application content be accessible through Amazon CloudFront only.Which combination of steps should a solutions architect recommend to restrict direct content access to CloudFront? (Choose three.)Read More →

A company’s main intranet page has experienced degraded response times as its user base has increased although there are no reports of users seeing error pages. The application uses Amazon DynamoDB in read-only mode.Amazon DynamoDB latency metrics for successful requests have been in a steady state even during times when users have reported degradation. TheDevelopment team has correlated the issue to ProvisionedThrough put Exceeded exceptions in the application logs when doing Scan and read operations The team also identified an access pattern of steady spikes of read activity on a distributed set of individual data items.The Chief Technology Officer wants to improve the user experience.Which solutions will meet these requirements with the LEAST amount of changes to the application? (Choose two.)Read More →

A company has many AWS accounts and uses AWS Organizations to manage all of them.A solutions architect must implement a solution that the company can use to share a common network across multiple accounts.The company’s infrastructure team has a dedicated infrastructure account that has a VPC.The infrastructure team must use this account to manage the network.Individual accounts cannot have the ability to manage their own networks.However, individual accounts must be able to create AWS resources within subnets.Which combination of actions should the solutions architect perform to meet these requirements? (Choose two.)Read More →

A user is sending a custom metric to CloudWatch.If the call to the CloudWatch APIs has different dimensions, but the same metric name, how will CloudWatch treat all the requests?Read More →

A company requires that all internal application connectivity use private IP addresses.To facilitate this policy, a solutions architect has created interface endpoints to connect to AWS public services.Upon testing, the solutions architect notices that the service names are resolving to public IP addresses, and that internal services cannot connect to the interface endpoints.Which step should the solutions architect take to resolve this issue?Read More →

A company hosts a large on-premises MySQL database at its main office that supports an issue tracking system used by employees around the world.The company already uses AWS for some workloads and has created an Amazon Route 53 entry for the database endpoint that points to the on-premises database.Management is concerned about the database being a single point of failure and wants a solutions architect to migrate the database to AWS without any data loss or downtime.Which set of actions should the solutions architect implement?Read More →