SAP-C02 Free Practice Test

- (Exam Topic 1)
A company has a complex web application that leverages Amazon CloudFront for global scalability and performance. Over time, users report that the web application is slowing down.
The company's operations team reports that the CloudFront cache hit ratio has been dropping steadily. The cache metrics report indicates that query strings on some URLs are inconsistently ordered and are specified sometimes in mixed-case letters and sometimes in lowercase letters.
Which set of actions should the solutions architect take to increase the cache hit ratio as quickly as possible?

1. A. Deploy a Lambda@Edge function to sort parameters by name and force them to be lowercas
2. B. Select the CloudFront viewer request trigger to invoke the function.
3. C. Update the CloudFront distribution to disable caching based on query string parameters.
4. D. Deploy a reverse proxy after the load balancer to post-process the emitted URLs in the application to force the URL strings to be lowercase.
5. E. Update the CloudFront distribution to specify casing-insensitive query string processing.

Correct Answer: A
https://docs.amazonaws.cn/en_us/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-ex Before CloudFront serves content from the cache it will trigger any Lambda function associated with the Viewer Request, in which we can normalize parameters.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-examp

- (Exam Topic 1)
A large payroll company recently merged with a small staffing company. The unified company now has multiple business units, each with its own existing AWS account.
A solutions architect must ensure that the company can centrally manage the billing and access policies for all the AWS accounts. The solutions architect configures AWS Organizations by sending an invitation to all member accounts of the company from a centralized management account.
What should the solutions architect do next to meet these requirements?

1. A. Create the OrganizationAccountAccess IAM group in each member accoun
2. B. Include the necessary IAM roles for each administrator.
3. C. Create the OrganizationAccountAccessPolicy IAM policy in each member accoun
4. D. Connect the member accounts to the management account by using cross-account access.
5. E. Create the OrganizationAccountAccessRole IAM role in each member accoun
6. F. Grant permission to the management account to assume the IAM role.
7. G. Create the OrganizationAccountAccessRole IAM role in the management account Attach the Administrator Access AWS managed policy to the IAM rol
8. H. Assign the IAM role to the administrators in each member account.

Correct Answer: C

- (Exam Topic 1)
A company is running a tone-of-business (LOB) application on AWS to support its users The application runs in one VPC. with a backup copy in a second VPC in a different AWS Region for disaster recovery The company has a single AWS Direct Connect connection between its on-premises network and AWS The connection terminates at a Direct Connect gateway
All access to the application must originate from the company's on-premises network, and traffic must be encrypted in transit through the use of Psec. The company is routing traffic through a VPN tunnel over the Direct Connect connection to provide the required encryption.
A business continuity audit determines that the Direct Connect connection represents a potential single point of failure for access to the application The company needs to remediate this issue as quickly as possible.
Which approach will meet these requirements?

1. A. Order a second Direct Connect connection to a different Direct Connect locatio
2. B. Terminate the second Direct Connect connection at the same Direct Connect gateway.
3. C. Configure an AWS Site-to-Site VPN connection over the internet Terminate the VPN connection at a virtual private gateway in the secondary Region
4. D. Create a transit gateway Attach the VPCs to the transit gateway, and connect the transit gateway to the Direct Connect gateway Configure an AWS Site-to-Site VPN connection, and terminate it at the transit gateway
5. E. Create a transit gatewa
6. F. Attach the VPCs to the transit gateway, and connect the transit gateway to the Direct Connect gatewa
7. G. Order a second Direct Connect connection, and terminate it at the transit gateway.

Correct Answer: C
Create a transit gateway. Attach the VPCs to the transit gateway, and connect the transit gateway to the Direct Connect gateway. Configure an AWS Site-to- Site VPN connection, and terminate it at the transit gateway
https://aws.amazon.com/premiumsupport/knowledge-center/dx-configure-dx-and-vpn-failover-tgw/
All access to the application must originate from the company’s on-premises network and traffic must be encrypted in transit through the use of IPsec. = need to use VPN.

- (Exam Topic 2)
A company has an application Once a month, the application creates a compressed file that contains every object within an Amazon S3 bucket The total size of the objects before compression is 1 TB.
The application runs by using a scheduled cron job on an Amazon EC2 instance that has a 5 TB Amazon Elastic Block Store (Amazon EBS) volume attached The application downloads all the files from the source S3 bucket to the EBS volume, compresses the file, and uploads the file to a target S3 bucket Every invocation of the application takes 2 hours from start to finish
Which combination of actions should a solutions architect take to OPTIMIZE costs for this application? (Select TWO.)

1. A. Migrate the application to run an AWS Lambda function Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the Lambda function to run once each month
2. B. Configure the application to download the source files by using streams Direct the streams into a compression library Direct the output of the compression library into a target object in Amazon S3
3. C. Configure the application to download the source files from Amazon S3 and save the files to local storage Compress the files and upload them to Amazon S3
4. D. Configure the application to run as a container in AWS Fargate Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the task to run once each month
5. E. Provision an Amazon Elastic File System (Amazon EFS) file system Attach the file system to the AWS Lambda function

Correct Answer: CD

- (Exam Topic 1)
A medical company is running a REST API on a set of Amazon EC2 instances. The EC2 instances run in an Auto Scaling group behind an Application Load Balancer (ALB). The ALB runs in three public subnets, and the EC2 instances run in three private subnets. The company has deployed an Amazon CloudFront distribution that has the AL8 as the only origin.
Which solution should a solutions architect recommend to enhance the origin security?

1. A. Store a random string in AWS Secrets Manage
2. B. Create an AWS Lambda (unction for automatic secret rotatio
3. C. Configure CloudFront to inject the random string as a custom HTTP header for the origin reques
4. D. Create an AWS WAF web ACL rule with a string match rule for the custom heade
5. E. Associate the web ACL with the ALB.
6. F. Create an AWS WAF web ACL rule with an IP match condition of the CloudFront service IP address range
7. G. Associate the web ACL with the AL
8. H. Move the ALB into the three private subnets.
9. I. Store a random string in AWS Systems Manager Parameter Stor
10. J. Configure Parameter Store automatic rotation for the strin
11. K. Configure CloudFront to inject the random siring as a custom HTTP header for the origin reques
12. L. Inspect the value of the custom HTTP header, and block access in the ALB.
13. M. Configure AWS Shield Advance
14. N. Create a security group policy to allow connections from CloudFront service IP address range
15. O. Add the policy to AWS Shield Advanced, and attach the policy to the ALB.

Correct Answer: D
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html
it shows For Amazon EC2 Auto Scaling, there are two primary process types: Launch and Terminate. The Launch process adds a new Amazon EC2 instance to an Auto Scaling group, increasing its capacity. The Terminate process removes an Amazon EC2 instance from the group, decreasing its capacity. HealthCheck process for EC2 autoscaling is not a primary process! It is a process along with the following AddToLoadBalancer AlarmNotification AZRebalance HealthCheck InstanceRefresh ReplaceUnhealthy ScheduledActions From the requirements, Some EC2 instances are now being marked as unhealthy and are being terminated. Application is running at reduced capacity not because instances are marked unhealthy but because they are being terminated.
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html#choosing-suspend-r