Free Preparation Discussions
MENU
Amazon SAP-C02 Exam Questions
- Amazon Professional Certifications
- Amazon AWS Certified Solutions Architect Professional Certifications
- Topic 1: Determine cost optimization and visibility strategies/ Architect network connectivity strategies
- Topic 2: Determine a cost optimization strategy to meet solution goals and objectives/ Determine security controls based on requirements
- Topic 3: Determine a strategy to improve overall operational excellence/ Identify opportunities for cost optimizations
- Topic 4: Determine opportunities for modernization and enhancements/ Select existing workloads and processes for potential migration
- Topic 5: Determine a strategy to improve reliability/ Determine a strategy to improve security
- Topic 6: Design a solution to meet performance objectives/ Design a deployment strategy to meet business requirements
- Topic 7: Design reliable and resilient architectures/ Design Solutions for Organizational Complexity
- Topic 8: Determine the optimal migration approach for existing workloads/ Accelerate Workload Migration and Modernization
- Topic 9: Determine a strategy to improve performance/ Continuous Improvement for Existing Solutions
- Topic 10: Design a strategy to meet reliability requirements/ Design a solution to ensure business continuity
- Topic 11: Design a multi-account AWS environment/ Determine a new architecture for existing workloads
Free Amazon SAP-C02 Exam Actual Questions
Note: Premium Questions for SAP-C02 were last updated On Nov. 08, 2024 (see below)
A company needs to improve the security of its web-based application on AWS. The application uses Amazon CloudFront with two custom origins. The first custom origin routes requests to an Amazon API Gateway HTTP API. The second custom origin routes traffic to an Application Load Balancer (ALB) The application integrates with an OpenlD Connect (OIDC) identity provider (IdP) for user management.
A security audit shows that a JSON Web Token (JWT) authorizer provides access to the API The security audit also shows that the ALB accepts requests from unauthenticated users
A solutions architect must design a solution to ensure that all backend services respond to only authenticated users
Which solution will meet this requirement?
Integrate ALB with OIDC IdP:
In the AWS Management Console, navigate to the Application Load Balancer (ALB) settings.
Configure the ALB to use the OpenID Connect (OIDC) IdP for authentication. This ensures that all requests routed through the ALB are authenticated using the IdP.
Set Up Authentication Rules:
Create a listener rule on the ALB that requires authentication. This rule will forward requests to the IdP for user authentication before allowing access to the backend services.
Restrict Unauthenticated Access:
Ensure the ALB only forwards requests to backend services if the user is authenticated. Unauthenticated requests should be blocked or redirected to the IdP for authentication.
Update CloudFront Configuration:
Modify the CloudFront distribution to forward authenticated requests to the ALB. Ensure that the ALB and API Gateway accept only requests coming through the CloudFront distribution to enforce consistent authentication and security.
By enforcing authentication at the ALB level, you ensure that all backend services are accessed only by authenticated users, enhancing the overall security of the web application
A company is running a large containerized workload in the AWS Cloud. The workload consists of approximately 100 different services. The company uses Amazon Elastic Container Service (Amazon ECS) to orchestrate the workload.
Recently, the company's development team started using AWS Fargate instead of Amazon EC2 instances in the ECS cluster. In the past, the workload has come close to running the maximum number of EC2 instances that are available in the account.
The company is worried that the workload could reach the maximum number of ECS tasks that are allowed. A solutions architect must implement a solution that will notify the development team when Fargate reaches 80% of the maximum number of tasks.
What should the solutions architect do to meet this requirement?
A company has developed a new release of a popular video game and wants to make it available for public download The new release package is approximately 5 GB in size. The company provides downloads for existing releases from a Linux-based publicly facing FTP site hosted in an on-premises data center The company expects the new release will be downloaded by users worldwide The company wants a solution that provides improved download performance and low transfer costs regardless of a user's location
Which solutions will meet these requirements'?
Create an S3 Bucket:
Navigate to Amazon S3 in the AWS Management Console and create a new S3 bucket to store the game files. Enable static website hosting on this bucket.
Upload Game Files:
Upload the 5 GB game release package to the S3 bucket. Ensure that the files are publicly accessible if required for download.
Configure Amazon Route 53:
Set up a new domain or subdomain in Amazon Route 53 and point it to the S3 bucket. This allows users to access the game files using a custom URL.
Use Amazon CloudFront:
Create a CloudFront distribution with the S3 bucket as the origin. CloudFront is a content delivery network (CDN) that caches content at edge locations worldwide, improving download performance and reducing latency for users regardless of their location.
Publish the Download URL:
Use the CloudFront distribution URL as the download link for users to access the game files. CloudFront will handle the efficient distribution and caching of the content.
This solution leverages the scalability of Amazon S3 and the performance benefits of CloudFront to provide an optimal download experience for users globally while minimizing costs.
Reference
Amazon CloudFront Documentation
Amazon S3 Static Website Hosting
A company has implemented a new security requirement According to the new requirement, the company must scan all traffic from corporate AWS instances in the company's VPC for violations of the company's security policies. As a result of these scans the company can block access to and from specific IP addresses.
To meet the new requirement, the company deploys a set of Amazon EC2 instances in private subnets to serve as transparent proxies The company installs approved proxy server software on these EC2 instances The company modifies the route tables on all subnets to use the corresponding EC2 instances with proxy software as the default route The company also creates security groups that are compliant with the security policies and assigns these security groups to the EC2 instances
Despite these configurations, the traffic of the EC2 instances in their private subnets is not being properly forwarded to the internet.
What should a solutions architect do to resolve this issue?
Identify Proxy EC2 Instances:
Determine which EC2 instances in the private subnets are running the proxy server software.
Disable Source/Destination Checks:
For each of these EC2 instances, go to the AWS Management Console.
Navigate to the EC2 dashboard, select the instance, and choose 'Actions' > 'Networking' > 'Change Source/Dest. Check'.
Disable the source/destination check for these instances.
Disabling source/destination checks allows the EC2 instances to route traffic appropriately, enabling them to function as network appliances or proxies. This ensures that traffic from other instances in the private subnets can be routed through the proxy instances to the internet, meeting the company's security requirements.
Reference
Amazon EC2 User Guide on Source/Destination Checks
A company creates an AWS Control Tower landing zone to manage and govern a multi-account AWS environment. The company's security team will deploy preventive controls and detective controls to monitor AWS services across all the accounts. The security team needs a centralized view of the security state of all the accounts.
Which solution will meet these requirements'?
Enable AWS Security Hub:
Navigate to the AWS Security Hub console in your management account and enable Security Hub. This process integrates Security Hub with AWS Control Tower, allowing you to manage and monitor security findings across all accounts within your organization.
Designate a Delegated Administrator:
In AWS Organizations, designate one of the AWS accounts as the delegated administrator for Security Hub. This account will have the responsibility to manage and oversee the security posture of all accounts within the organization.
Deploy Controls Across Accounts:
Use AWS Security Hub to automatically enable security controls across all AWS accounts in the organization. This provides a centralized view of the security state of all accounts and ensures continuous monitoring and compliance.
Utilize AWS Security Hub Features:
Leverage the capabilities of Security Hub to aggregate security alerts, run continuous security checks, and generate findings based on the AWS Foundational Security Best Practices. Security Hub integrates with other AWS services like AWS Config, Amazon GuardDuty, and AWS IAM Access Analyzer to enhance security monitoring and remediation.
By integrating AWS Security Hub with AWS Control Tower and using a delegated administrator account, you can achieve a centralized and comprehensive view of your organization's security posture, facilitating effective management and remediation of security issues.
Reference
AWS Security Hub now integrates with AWS Control Tower77
AWS Control Tower and Security Hub Integration76
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Marylou
4 days agoJoye
7 days agoMaryann
8 days agoNelida
21 days agoMargarett
22 days agoAvery
1 months agoVi
1 months agoLashawn
2 months agoBette
2 months agoTammi
2 months agoTonette
2 months agoReuben
2 months agoNorah
3 months agoBrinda
3 months agoJesus
4 months agoLizbeth
4 months agoKassandra
4 months agoDella
5 months agoCarli
5 months agoAleta
5 months agoLeonora
5 months agoMelynda
6 months ago