SAP-C01 Free Practice Test

An e-commerce company is revamping its IT infrastructure and is planning to use AWS services. The company’s CIO has asked a Solutions Architect to design a simple, highly available, and loosely coupled order processing application. The application is responsible for receiving and processing orders before storing them in an Amazon DynamoDB table. The application has a sporadic traffic pattern and should be able to scale during marketing campaigns to process the orders with minimal delays.
Which of the following is the MOST reliable approach to meet the requirements?

1. A. Receive the orders in an Amazon EC2-hosted database and use EC2 instances to process them.
2. B. Receive the orders in an Amazon SQS queue and trigger an AWS Lambda function to process them.
3. C. Receive the orders using the AWS Step Functions program and trigger an Amazon ECS container to process them.
4. D. Receive the orders in Amazon Kinesis Data Streams and use Amazon EC2 instances to process them.

Correct Answer: B

A company has a requirement that only allows specially hardened AMIs to be launched into public subnets in a VPC, and for the AMIs to be associated with a specific security group. Allowing non-compliant instances to launch into the public subnet could present a significant security risk if they are allowed to operate.
A mapping of approved AMIs to subnets to security groups exists in an Amazon DynamoDB table in the same AWS account. The company created an AWS Lambda function that, when invoked, will terminate a given Amazon EC2 instance if the combination of AMI, subnet, and security group are not approved in the DynamoDB table.
What should the Solutions Architect do to MOST quickly mitigate the risk of compliance deviations?

1. A. Create an Amazon CloudWatch Events rule that matches each time an EC2 instance is launched usingone of the allowed AMIs, and associate it with the Lambda function as the target.
2. B. For the Amazon S3 bucket receiving the Aws CloudTrail logs, create an S3 event notification configuration with a filter to match when logs contain the ec2:RunInstances action, and associate it with the Lambda function as the target.
3. C. Enable AWS CloudTrail and configure it to stream to an Amazon CloudWatch Logs grou
4. D. Create a metric filter in CloudWatch to match when the ec2:RunInstances action occurs, and trigger the Lambda function when the metric is greater than 0.
5. E. Create an Amazon CloudWatch Events rule that matches each time an EC2 instance is launched, and associate it with the Lambda function as the target.

Correct Answer: C
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html

A company would like to implement a serverless application by using Amazon API Gateway, AWS Lambda and Amazon DynamoDB. They deployed a proof of concept and stated that the average response time is greater than what their upstream services can accept Amazon CloudWatch metrics did not indicate any issues with DynamoDB but showed that some Lambda functions were hitting their timeout.
Which of the following actions should the Solutions Architect consider to improve performance? (Choose two.)

1. A. Configure the AWS Lambda function to reuse containers to avoid unnecessary startup time.
2. B. Increase the amount of memory and adjust the timeout on the Lambda functio
3. C. Complete performance testing to identify the ideal memory and timeout configuration for the Lambda function.
4. D. Create an Amazon ElastiCache cluster running Memcached, and configure the Lambda function for VPC integration with access to the Amazon ElastiCache cluster.
5. E. Enable API cache on the appropriate stage in Amazon API Gateway, and override the TTL for individual methods that require a lower TTL than the entire stage.
6. F. Increase the amount of CPU, and adjust the timeout on the Lambda functio
7. G. Complete performance testing to identify the ideal CPU and timeout configuration for the Lambda function.

Correct Answer: BD
https://lumigo.io/blog/aws-lambda-timeout-best-practices/

A company uses Amazon S3 to store documents that may only be accessible to an Amazon EC2 instance in a certain virtual private cloud (VPC). The company fears that a malicious insider with access to this instance could also set up an EC2 instance in another VPC to access these documents.
Which of the following solutions will provide the required protection?

1. A. Use an S3 VPC endpoint and an S3 bucket policy to limit access to this VPC endpoint.
2. B. Use EC2 instance profiles and an S3 bucket policy to limit access to the role attached to the instance profile.
3. C. Use S3 client-side encryption and store the key in the instance metadata.
4. D. Use S3 server-side encryption and protect the key with an encryption context.

Correct Answer: A
https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html
Endpoint connections cannot be extended out of a VPC. Resources on the other side of a VPN connection, VPC peering connection, AWS Direct Connect connection, or ClassicLink connection in your VPC cannot use the endpoint to communicate with resources in the endpoint service.

A company has decided to move some workloads onto AWS to create a grid environment to run market analytics. The grid will consist of many similar instances, spun-up by a job-scheduling function. Each time a large analytics workload is completed, a new VPC is deployed along with job scheduler and grid nodes. Multiple grids could be running in parallel.
Key requirements are:
< > >< > > >>

1. A. Enable VPC endpoints for Amazon S3 and DynamoDB.
2. B. Disable Private DNS Name Support.
3. C. Configure the application on the grid instances to use the private DNS name of the Amazon S3 endpoint.
4. D. Populate the on-premises DNS server with the private IP addresses of the EC2 endpoint.
5. E. Enable an interface VPC endpoint for EC2.
6. F. Configure Amazon S3 endpoint policy to permit access only from the grid nodes.

Correct Answer: ACE
https://aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint/ https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html