SAP-C01 (Page 67)

A company has a data lake in Amazon S3 that needs to be accessed by hundreds of applications across many AWS accounts.The company’s information security policy states that the S3 bucket must not be accessed over the public internet and that each application should have the minimum permissions necessary to function.To meet these requirements, a solutions architect plans to use an S3 access point that is restricted to specific VPCs for each application.Which combination of steps should the solutions architect take to implement this solution? (Choose two.)Read More →

A company is using AWS Organizations to manage multiple AWS accounts.For security purposes, the company requires the creation of an Amazon SimpleNotification Service (Amazon SNS) topic that enables integration with a third-party alerting system in all the Organizations member accounts.A solutions architect used an AWS CloudFormation template to create the SNS topic and stack sets to automate the deployment of CloudFormation stacks.Trusted access has been enabled in Organizations.What should the solutions architect do to deploy the CloudFormation StackSets in all AWS accounts?Read More →

A company is using AWS Organizations to manage 15 AWS accounts.A solutions architect wants to run advanced analytics on the company’s cloud expenditures.The cost data must be gathered and made available from an analytics account.The analytics application runs in a VPC and must receive the raw cost data each night to run the analytics.The solutions architect has decided to use the Cost Explorer API to fetch the raw data and store the data in Amazon S3 in JSON format.Access to the raw cost data must be restricted to the analytics application.The solutions architect has already created an AWS Lambda function to collect data by using the Cost ExplorerAPI.Which additional actions should the solutions architect take to meet these requirements?Read More →

A company deployed a three-tier web application in two regions: us-east-1 and eu-west-1.The application must be active in both regions at the same time.The database tier of the application uses a single Amazon RDS Aurora database globally, with a master in us-east-1 and a read replica in eu-west-1.Both regions are connected by a VPN.The company wants to ensure that the application remains available even in the event of a region-level failure of all of the application’s components.It is acceptable for the application to be in read-only mode for up to 1 hour.The company plans to configure two Amazon Route 53 record sets, one for each of the regions.How should the company complete the configuration to meet its requirements while providing the lowest latency for the application end-users? (Choose two.)Read More →

A large mobile gaming company has successfully migrated all of its on-premises infrastructure to the AWS Cloud.A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework.While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs.The solutions architect finds out that the company’s developers are launching new Amazon EC2 instances as part of their testing and that the developers are not using the appropriate instance types.The solutions architect must implement a control mechanism to limit the instance types that only the developers can launch.Which solution will meet these requirements?Read More →

A company is planning to migrate an Amazon RDS for Oracle database to an RDS for PostgreSQL DB instance in another AWS account.A solutions architect needs to design a migration strategy that will require no downtime and that will minimize the amount of time necessary to complete the migration.The migration strategy must replicate all existing data and any new data that is created during the migration.The target database must be identical to the source database at completion of the migration process.All applications currently use an Amazon Route 53 CNAME record as their endpoint for communication with the RDS for Oracle DB instance.The RDS for Oracle DB instance is in a private subnet.Which combination of steps should the solutions architect take to meet these requirements? (Choose three.)Read More →

A company has an application that runs on a fleet of Amazon EC2 instances and stores 70 GB of device data for each instance in Amazon S3.Recently, some of the S3 uploads have been failing.At the same time, the company is seeing an unexpected increase in storage data costs.The application code cannot be modified.What is the MOST efficient way to upload the device data to Amazon S3 while managing storage costs?Read More →

A hedge fund company is developing a new web application to handle trades.Traders around the world will use the application.The application will handle hundreds of thousands of transactions, especially during overlapping work hours between Europe and the United States.According to the company’s disaster recovery plan, the data that is generated must be replicated to a second AWS Region.Each transaction item will be less than100 KB in size.The company wants to simplify the CI/CD pipeline as much as possible.Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)Read More →

A company is planning a migration from an on-premises data center to the AWS Cloud.The company plans to use multiple AWS accounts that are managed in an organization in AWS Organizations.The company will create a small number of accounts initially and will add accounts as needed.A solutions architect must design a solution that turns on AWS CloudTrail in all AWS accounts.What is the MOST operationally efficient solution that meets these requirements?Read More →

A company is deploying a distributed in-memory database on a fleet of Amazon EC2 instances.The fleet consists of a primary node and eight worker nodes.The primary node is responsible for monitoring cluster health, accepting user requests, distributing user requests to worker nodes, and sending an aggregate response back to a client.Worker nodes communicate with each other to replicate data partitions.The company requires the lowest possible networking latency to achieve maximum performance.Which solution will meet these requirements?Read More →