SAP-C02 Free Practice Test

- (Exam Topic 1)
A company has deployed an application on AWS Elastic Beanstalk. The application uses Amazon Aurora for the database layer. An Amazon CloudFront distribution serves web requests and includes the Elastic Beanstalk domain name as the origin server. The distribution is configured with an alternate domain name that visitors use when they access the application.
Each week, the company takes the application out of service for routine maintenance. During the time that the application is unavailable, the company wants visitors to receive an informational message instead of a
CloudFront error message.
A solutions architect creates an Amazon S3 bucket as the first step in the process.
Which combination of steps should the solutions architect take next to meet the requirements? (Choose three.)

1. A. Upload static informational content to the S3 bucket.
2. B. Create a new CloudFront distributio
3. C. Set the S3 bucket as the origin.
4. D. Set the S3 bucket as a second origin in the original CloudFront distributio
5. E. Configure the distribution and the S3 bucket to use an origin access identity (OAI).
6. F. During the weekly maintenance, edit the default cache behavior to use the S3 origi
7. G. Revert the change when the maintenance is complete.
8. H. During the weekly maintenance, create a cache behavior for the S3 origin on the new distributio
9. I. Set the path pattern to \ Set the precedence to 0. Delete the cache behavior when the maintenance is complete.
10. J. During the weekly maintenance, configure Elastic Beanstalk to serve traffic from the S3 bucket.

Correct Answer: ACD
The company wants to serve static content from an S3 bucket during the maintenance period. To do this, the following steps are required:
Upload static informational content to the S3 bucket. This will provide the source of the content that will be served to the visitors.
Set the S3 bucket as a second origin in the original CloudFront distribution. Configure the distribution and the S3 bucket to use an origin access identity (OAI). This will allow CloudFront to access the S3 bucket securely and prevent public access to the bucket.
During the weekly maintenance, edit the default cache behavior to use the S3 origin. Revert the change when the maintenance is complete. This will redirect all web requests to the S3 bucket instead of the Elastic Beanstalk domain name.
The other options are not correct because:
Creating a new CloudFront distribution is not necessary and would require changing the alternate domain name configuration.
Creating a cache behavior for the S3 origin on a new distribution would not work because the visitors would still access the original distribution using the alternate domain name.
Configuring Elastic Beanstalk to serve traffic from the S3 bucket is not possible and would not achieve the desired result.
References:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.

- (Exam Topic 2)
A company is running a web application in a VPC. The web application runs on a group of Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is using AWS WAF.
An external customer needs to connect to the web application. The company must provide IP addresses to all external customers.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Replace the ALB with a Network Load Balancer (NLB). Assign an Elastic IP address to the NLB.
2. B. Allocate an Elastic IP addres
3. C. Assign the Elastic IP address to the ALProvide the Elastic IP address to the customer.
4. D. Create an AWS Global Accelerator standard accelerato
5. E. Specify the ALB as the accelerator's endpoint.Provide the accelerator's IP addresses to the customer.
6. F. Configure an Amazon CloudFront distributio
7. G. Set the ALB as the origi
8. H. Ping the distribution's DNS name to determine the distribution's public IP addres
9. I. Provide the IP address to the customer.

Correct Answer: C
https://docs.aws.amazon.com/global-accelerator/latest/dg/about-accelerators.alb-accelerator.html Option A is wrong. AWS WAF does not support associating with NLB.
https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html Option B is wrong. An ALB does not support an Elastic IP address. https://aws.amazon.com/elasticloadbalancing/features/

- (Exam Topic 2)
A company processes environment data. The has a set up sensors to provide a continuous stream of data from different areas in a city. The data is available in JSON format.
The company wants to use an AWS solution to send the data to a database that does not require fixed schemas for storage. The data must be send in real time.
Which solution will meet these requirements?

1. A. Use Amazon Kinesis Data Firehouse to send the data to Amazon Redshift.
2. B. Use Amazon Kinesis Data streams to send the data to Amazon DynamoDB.
3. C. Use Amazon Managed Streaming for Apache Kafka (Amazon MSK) to send the data to Amazon Aurora.
4. D. Use Amazon Kinesis Data firehouse to send the data to Amazon Keyspaces (for Apache Cassandra).

Correct Answer: B
Amazon Kinesis Data Streams is a service that enables real-time data ingestion and processing. Amazon DynamoDB is a NoSQL database that does not require fixed schemas for storage. By using Kinesis Data Streams and DynamoDB, the company can send the JSON data to a database that can handle schemaless data in real time. References:
https://docs.aws.amazon.com/streams/latest/dev/introduction.html
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html

- (Exam Topic 3)
A company is planning a one-time migration of an on-premises MySQL database to Amazon Aurora MySQL in the us-east-1 Region. The company's current internet connection has limited bandwidth. The on-premises MySQL database is 60 TB in size The company estimates that it will take a month to transfer the data to AWS over the current internet connection.
The company needs a migration solution that will migrate the database more quickly Which solution will migrate the database in the LEAST amount of time?

1. A. Request a 1 Gbps AWS Direct Connect connection between the on-premises data center and AWS Use AWS Database Migration Service (AWS DMS) to migrate the on-premises MySQL database to Aurora MySQL.
2. B. Use AWS DataSync with the current internet connection to accelerate the data transfer between theon-premises data center and AWS Use AWS Application Migration Service to migrate the on-premises MySQL database to Aurora MySQL.
3. C. Order an AWS Snowball Edge Device Load the data into an Amazon S3 bucket by using the S3 interface Use AWS Database Migration Service (AWS DMS) to migrate the data from Amazon S3 to Aurora MySQL
4. D. Order an AWS Snowball Device Load the data into an Amazon S3 bucket by using the S3 Adapter for Snowball Use AWS Application Migration Service to migrate the data from Amazon S3 to Aurora MySQL.

Correct Answer: C

- (Exam Topic 2)
A solutions architect at a large company needs to set up network security tor outbound traffic to the internet from all AWS accounts within an organization in AWS Organizations. The organization has more than 100 AWS accounts, and the accounts route to each other by using a centralized AWS Transit Gateway. Each account has both an internet gateway and a NAT gateway tor outbound traffic to the internet The company deploys resources only into a single AWS Region.
The company needs the ability to add centrally managed rule-based filtering on all outbound traffic to the internet for all AWS accounts in the organization. The peak load of outbound traffic will not exceed 25 Gbps in each Availability Zone.
Which solution meets these requirements?

1. A. Create a new VPC for outbound traffic to the interne
2. B. Connect the existing transit gateway to the new VP
3. C. Configure a new NAT gatewa
4. D. Create an Auto Scaling group of Amazon EC2 instances that run an open-source internet proxy for rule-based filtering across all Availability Zones in the Regio
5. E. Modify all default routes to point to the proxy's Auto Scaling group.
6. F. Create a new VPC for outbound traffic to the interne
7. G. Connect the existing transit gateway to the new VP
8. H. Configure a new NAT gatewa
9. I. Use an AWSNetwork Firewall firewall for rule-based filterin
10. J. Create Network Firewall endpoints in each Availability Zon
11. K. Modify all default routes to point to the Network Firewall endpoints.
12. L. Create an AWS Network Firewall firewall for rule-based filtering in each AWS accoun
13. M. Modify all default routes to point to the Network Firewall firewalls in each account.
14. N. In each AWS account, create an Auto Scaling group of network-optimized Amazon EC2 instances that run an open-source internet proxy for rule-based filterin
15. O. Modify all default routes to point to the proxy's Auto Scaling group.

Correct Answer: B
https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/