SAP-C02 Free Practice Test

- (Exam Topic 1)
A company is hosting a single-page web application in the AWS Cloud. The company is using Amazon CloudFront to reach its goal audience. The CloudFront distribution has an Amazon S3 bucket that is configured as its origin. The static files for the web application are stored in this S3 bucket.
The company has used a simple routing policy to configure an Amazon Route 53 A record The record points to the CloudFront distribution The company wants to use a canary deployment release strategy for new versions of the application.
What should a solutions architect recommend to meet these requirements?

1. A. Create a second CloudFront distribution for the new version of the applicatio
2. B. Update the Route 53 record to use a weighted routing policy.
3. C. Create a Lambda@Edge functio
4. D. Configure the function to implement a weighting algorithm and rewrite the URL to direct users to a new version of the application.
5. E. Create a second S3 bucket and a second CloudFront origin for the new S3 bucket Create a CloudFrontorigin group that contains both origins Configure origin weighting for the origin group.
6. F. Create two Lambda@Edge function
7. G. Use each function to serve one of the application versions Set up a CloudFront weighted Lambda@Edge invocation policy

Correct Answer: A

- (Exam Topic 1)
A company's AWS architecture currently uses access keys and secret access keys stored on each instance to access AWS services. Database credentials are hard-coded on each instance. SSH keys for command-tine remote access are stored in a secured Amazon S3 bucket. The company has asked its solutions architect to improve the security posture of the architecture without adding operational complexity.
Which combination of steps should the solutions architect take to accomplish this? (Select THREE.)

1. A. Use Amazon EC2 instance profiles with an IAM role.
2. B. Use AWS Secrets Manager to store access keys and secret access keys.
3. C. Use AWS Systems Manager Parameter Store to store database credentials.
4. D. Use a secure fleet of Amazon EC2 bastion hosts (or remote access.
5. E. Use AWS KMS to store database credentials.
6. F. Use AWS Systems Manager Session Manager tor remote access

Correct Answer: ACF
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html

- (Exam Topic 1)
A financial company is building a system to generate monthly, immutable bank account statements for its users. Statements are stored in Amazon S3. Users should have immediate access to their monthly statements for up to 2 years. Some users access their statements frequently, whereas others rarely access their statements. The company's security and compliance policy requires that the statements be retained for at least 7 years.
What is the MOST cost-effective solution to meet the company's needs?

1. A. Create an S3 bucket with Object Lock disable
2. B. Store statements in S3 Standar
3. C. Define an S3 Lifecycle policy to transition the data to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 day
4. D. Define another S3 Lifecycle policy to move the data to S3 Glacier Deep Archive after 2 year
5. E. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.
6. F. Create an S3 bucket with versioning enable
7. G. Store statements in S3 Intelligent-Tierin
8. H. Usesame-Region replication to replicate objects to a backup S3 bucke
9. I. Define an S3 Lifecycle policy for the backup S3 bucket to move the data to S3 Glacie
10. J. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.
11. K. Create an S3 bucket with Object Lock enable
12. L. Store statements in S3 Intelligent-Tierin
13. M. Enable compliance mode with a default retention period of 2 year
14. N. Define an S3 Lifecycle policy to move the data to S3 Glacier after 2 year
15. O. Attach an S3 Glacier Vault Lock policy with deny delete permissionsfor archives less than 7 years old.
16. P. Create an S3 bucket with versioning disable
17. Q. Store statements in S3 One Zone-Infrequent Access (S3 One Zone-IA). Define an S3 Lifecyde policy to move the data to S3 Glacier Deep Archive after 2 year
18. R. Attach an S3 Glader Vault Lock policy with deny delete permissions for archives less than 7 years old.

Correct Answer: C
https://aws.amazon.com/about-aws/whats-new/2018/11/s3-object-lock/
Create an S3 bucket with Object Lock enabled. Store statements in S3 Intelligent-Tiering. Enable compliance mode with a default retention period of 2 years. Define an S3 Lifecycle policy to move the data to S3 Glacier after 2 years. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html

- (Exam Topic 2)
A company recently deployed an application on AWS. The application uses Amazon DynamoDB. The company measured the application load and configured the RCUs and WCUs on the DynamoDB table to match the expected peak load. The peak load occurs once a week for a 4-hour period and is double the average load. The application load is close to the average load tor the rest of the week. The access pattern includes many more writes to the table than reads of the table.
A solutions architect needs to implement a solution to minimize the cost of the table. Which solution will meet these requirements?

1. A. Use AWS Application Auto Scaling to increase capacity during the peak perio
2. B. Purchase reserved RCUs and WCUs to match the average load.
3. C. Configure on-demand capacity mode for the table.
4. D. Configure DynamoDB Accelerator (DAX) in front of the tabl
5. E. Reduce the provisioned read capacity to match the new peak load on the table.
6. F. Configure DynamoDB Accelerator (DAX) in front of the tabl
7. G. Configure on-demand capacity mode for the table.

Correct Answer: D

- (Exam Topic 2)
A company has developed a new billing application that will be released in two weeks. Developers are testing the application running on 10 EC2 instances managed by an Auto Scaling group in subnet 172.31.0.0/24 within VPC A with CIDR block 172.31.0.0/16. The developers noticed connection timeout errors in the application logs while connecting to an Oracle database running on an Amazon EC2 instance in the same region within VPC B with CIDR block 172.50.0.0/16. The IP of the database instance is hard-coded in the application instances.
Which recommendations should a solutions architect present to the developers to solve the problem in a secure way with minimal maintenance and overhead''

1. A. Disable the SrcDestCheck attribute for all instances running the application and Oracle Database.Change the default route of VPC A to point ENI of the Oracle Database that has an IP address assigned within the range of 172.50.0.0/16
2. B. Create and attach internet gateways for both VPC
3. C. Configure default routes to the internet gateways for both VPC
4. D. Assign an Elastic IP for each Amazon EC2 instance in VPC A
5. E. Create a VPC peering connection between the two VPCs and add a route to the routing table of VPC A that points to the IP address range of 172.50.0.0/16
6. F. Create an additional Amazon EC2 instance for each VPC as a customer gateway; create one virtual private gateway (VGW) for each VP
7. G. configure an end-to-end VPC, and advertise the routes for 172.50.0.0/16

Correct Answer: C