SAP-C02 Free Practice Test

- (Exam Topic 3)
A company is running an application on premises. The application uses a set of web servers that host a static React-based single-page application (SPA), a Node.js API, and a MYSQL database server. The database is read intensive. The company will need to expand the database's storage at an unpredictable rate.
The company must migrate the application to AWS. The company also must modernize the architecture to reduce infrastructure management and increase scalability.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon RDS for MySQ
2. B. Use AWS Application Migration Service to migrate the web application to a fleet of Amazon EC2 instances behind an Elastic Load Balancing (ELB) load balance
3. C. Use a Spot Fleet with a request type of request to host the API.
4. D. Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon Aurora MySQ
5. E. Copy the web files to an Amazon S3 bucket and set up web hostin
6. F. Copy the API code to AWS Lambda function
7. G. Configure Amazon API Gateway to point to the Lambda functions.
8. H. Use AWS Database Migration Service (AWS DMS) to migrate the database to a MySQL database that runs on Amazon EC2 instance
9. I. Use AWS DataSync to migrate the web files and API files to an Amazon FSx for Windows File Server file syste
10. J. Set up a fleet of EC2 instances in an Auto Scaling group as web server
11. K. Mount the FSx for Windows File Server file system.
12. L. Use AWS Application Migration Service to migrate the database to Amazon EC2 instance
13. M. Copy the web files to containers that run on Amazon Elastic Kubernetes Service (Amazon EKS). Set up an Elastic Load Balancing (ELB) load balancer for the EC2 instances and EKS container
14. N. Copy the API code to AWS Lambda function
15. O. Configure Amazon API Gateway to point to the Lambda functions.

Correct Answer: B

- (Exam Topic 1)
A software company hosts an application on AWS with resources in multiple AWS accounts and Regions. The application runs on a group of Amazon EC2 instances in an application VPC located in the us-east-1 Region with an IPv4 CIDR block of 10.10.0.0/16. In a different AWS account, a shared services VPC is located in the us-east-2 Region with an IPv4 CIDR block of 10.10.10.0/24. When a cloud engineer uses AWS CloudFormation to attempt to peer the application
VPC with the shared services VPC, an error message indicates a peering failure. Which factors could cause this error? (Choose two.)

1. A. The IPv4 CIDR ranges of the two VPCs overlap
2. B. The VPCs are not in the same Region
3. C. One or both accounts do not have access to an Internet gateway
4. D. One of the VPCs was not shared through AWS Resource Access Manager
5. E. The IAM role in the peer accepter account does not have the correct permissions

Correct Answer: AE
https://aws.amazon.com/about-aws/whats-new/2017/11/announcing-support-for-inter-region-vpc-peering/

- (Exam Topic 2)
A solutions architect needs to assess a newly acquired company’s portfolio of applications and databases. The solutions architect must create a business case to migrate the portfolio to AWS. The newly acquired company runs applications in an on-premises data center. The data center is not well documented. The solutions architect cannot immediately determine how many applications and databases exist. Traffic for the applications is variable. Some applications are batch processes that run at the end of each month.
The solutions architect must gain a better understanding of the portfolio before a migration to AWS can begin. Which solution will meet these requirements?

1. A. Use AWS Server Migration Service (AWS SMS) and AWS Database Migration Service (AWS DMS) to evaluate migratio
2. B. Use AWS Service Catalog to understand application and database dependencies.
3. C. Use AWS Application Migration Servic
4. D. Run agents on the on-premises infrastructur
5. E. Manage the agents by using AWS Migration Hu
6. F. Use AWS Storage Gateway to assess local storage needs and database dependencies.
7. G. Use Migration Evaluator to generate a list of server
8. H. Build a report for a business cas
9. I. Use AWS Migration Hub to view the portfoli
10. J. Use AWS Application Discovery Service to gain an understanding of application dependencies.
11. K. Use AWS Control Tower in the destination account to generate an application portfoli
12. L. Use AWS Server Migration Service (AWS SMS) to generate deeper reports and a business cas
13. M. Use a landing zone for core accounts and resources.

Correct Answer: C
The company should use Migration Evaluator to generate a list of servers and build a report for a business case. The company should use AWS Migration Hub to view the portfolio and use AWS Application Discovery Service to gain an understanding of application dependencies. This solution will meet the requirements because Migration Evaluator is a migration assessment service that helps create a data-driven business case for AWS cloud planning and migration. Migration Evaluator provides a clear baseline of what the company is running today and projects AWS costs based on measured on-premises provisioning and utilization1. Migration Evaluator can use an agentless collector to conduct broad-based discovery or securely upload exports from existing inventory tools2. Migration Evaluator integrates with AWS Migration Hub, which is a service that provides a single location to track the progress of application migrations across multiple AWS and partner solutions3. Migration Hub also supports AWS Application Discovery Service, which is a service that helps systems integrators quickly and reliably plan application migration projects by automatically identifying applications running in on-premises data centers, their associated dependencies, and their performance profile4.
https://aws.amazon.com/migration-evaluator/
https://docs.aws.amazon.com/migration-evaluator/latest/userguide/what-is.html
https://aws.amazon.com/migration-hub/
https://aws.amazon.com/application-discovery/
https://aws.amazon.com/server-migration-service/
https://aws.amazon.com/dms/
https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html
https://aws.amazon.com/application-migration-service/
https://aws.amazon.com/storagegateway/

- (Exam Topic 3)
A company hosts a web application on AWS in the us-east-1 Region The application servers are distributed across three Availability Zones behind an Application Load Balancer. The database is hosted in a MySQL database on an Amazon EC2 instance A solutions architect needs to design a Cross-Region data recovery solution using AWS services with an RTO of less than 5 minutes and an RPO of less than 1 minute. The solutions architect is deploying application servers in us-west-2, and has configured Amazon Route 53 hearth checks and DNS failover to us-west-2
Which additional step should the solutions architect take?

1. A. Migrate the database to an Amazon RDS tor MySQL instance with a cross-Region read replica in us-west-2
2. B. Migrate the database to an Amazon Aurora global database with the primary in us-east-1 and the secondary in us-west-2
3. C. Migrate the database to an Amazon RDS for MySQL instance with a Multi-AZ deployment.
4. D. Create a MySQL standby database on an Amazon EC2 instance in us-west-2

Correct Answer: B
https://aws.amazon.com/rds/aurora/global-database/

- (Exam Topic 2)
A company runs an intranet application on premises. The company wants to configure a cloud backup of the application. The company has selected AWS Elastic Disaster Recovery for this solution.
The company requires that replication traffic does not travel through the public internet. The application also must not be accessible from the internet. The company does not want this solution to consume all available network bandwidth because other applications require bandwidth.
Which combination of steps will meet these requirements? (Select THREE.)

1. A. Create a VPC that has at least two private subnets, two NAT gateways, and a virtual private gateway.
2. B. Create a VPC that has at least two public subnets, a virtual private gateway, and an internet gateway.
3. C. Create an AWS Site-to-Site VPN connection between the on-premises network and the target AWS network.
4. D. Create an AWS Direct Connect connection and a Direct Connect gateway between the on-premises network and the target AWS network.
5. E. During configuration of the replication servers, select the option to use private IP addresses for data replication.
6. F. During configuration of the launch settings for the target servers, select the option to ensure that the Recovery instance's private IP address matches the source server's private IP address.

Correct Answer: BDE
AWS Elastic Disaster Recovery (AWS DRS) is a service that minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery1. Users can set up AWS DRS on their source servers to initiate secure data replication to a staging area subnet in their AWS account, in the AWS Region they select. Users can then launch recovery instances on AWS within minutes, using the most up-to-date server state or a previous point in time.
To configure a cloud backup of the application with AWS DRS, users need to create a VPC that has at least
two public subnets, a virtual private gateway, and an internet gateway. A VPC is a logically isolated section of the AWS Cloud where users can launch AWS resources in a virtual network that they define2. A public subnet is a subnet that has a route to an internet gateway3. A virtual private gateway is the VPN concentrator on the Amazon side of the Site-to-Site VPN connection4. An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in the VPC and the internet. Users need to create at least two public subnets for redundancy and high availability. Users need to create a virtual private gateway and attach it to the VPC to enable VPN connectivity between the on-premises network and the target AWS network. Users need to create an internet gateway and attach it to the VPC to enable internet access for the replication servers.
To ensure that replication traffic does not travel through the public internet, users need to create an AWS Direct Connect connection and a Direct Connect gateway between the on-premises network and the target AWS network. AWS Direct Connect is a service that establishes a dedicated network connection from an on-premises network to one or more VPCs. A Direct Connect gateway is a globally available resource that allows users to connect multiple VPCs across different Regions to their on-premises networks using one or more Direct Connect connections. Users need to create an AWS Direct Connect connection between their on-premises network and an AWS Region. Users need to create a Direct Connect gateway and associate it with their VPC and their Direct Connect connection.
To ensure that the application is not accessible from the internet, users need to select the option to use private IP addresses for data replication during configuration of the replication servers. This option configures the replication servers with private IP addresses only, without assigning any public IP addresses or Elastic IP addresses. This way, the replication servers can only communicate with other resources within the VPC or through VPN connections.
Option A is incorrect because creating a VPC that has at least two private subnets, two NAT gateways, and a virtual private gateway is not necessary or cost-effective. A private subnet is a subnet that does not have a route to an internet gateway3. A NAT gateway is a highly available, managed Network Address Translation (NAT) service that enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating connections with those instances. Users do not need to create private subnets or NAT gateways for this use case, as they can use public subnets with private IP addresses for data replication.
Option C is incorrect because creating an AWS Site-to-Site VPN connection between the on-premises network and the target AWS network will not ensure that replication traffic does not travel through the public
internet. A Site-to-Site VPN connection consists of two VPN tunnels between an on-premises customer
gateway device and a virtual private gateway in your VPC4. The VPN tunnels are encrypted using IPSec protocols, but they still use public IP addresses for communication. Users need to use AWS Direct Connect instead of Site-to-Site VPN for this use case.
Option F is incorrect because selecting the option to ensure that the Recovery instance’s private IP address matches the source server’s private IP address during configuration of the launch settings for the target servers will not ensure that the application is not accessible from the internet. This option configures the Recovery instance with an identical private IP address as its source server when launched in drills or recovery mode. However, this option does not prevent assigning public IP addresses or Elastic IP addresses to the Recovery instance. Users need to select the option to use private IP addresses for data replication instead.