Prepare SAP-C01 Question Answers Free Update With 100% Exam Passing Guarantee [2024] Dumps Real Amazon SAP-C01 Exam Questions [Updated 2024] Amazon SAP-C01 (AWS Certified Solutions Architect - Professional) Certification Exam is a highly sought-after certification for IT professionals who are interested in developing and managing solutions on the Amazon Web Services (AWS) platform. AWS Certified Solutions [...]

All Products Contact now

Prepare SAP-C01 Question Answers Free Update With 100% Exam Passing Guarantee [Q162-Q177]

Share

Prepare SAP-C01 Question Answers Free Update With 100% Exam Passing Guarantee [2024]

Dumps Real Amazon SAP-C01 Exam Questions [Updated 2024]


Amazon SAP-C01 (AWS Certified Solutions Architect - Professional) Certification Exam is a highly sought-after certification for IT professionals who are interested in developing and managing solutions on the Amazon Web Services (AWS) platform. AWS Certified Solutions Architect - Professional certification is designed for individuals who have already obtained the AWS Certified Solutions Architect - Associate certification and are looking to take their knowledge and skills to the next level. The SAP-C01 certification exam is challenging and comprehensive, covering a wide range of topics related to AWS architecture, deployment, and management.


Amazon SAP-C01 exam is designed for professionals who have at least two years of experience in designing and deploying applications on the AWS platform. SAP-C01 exam comprises of 75 multiple-choice and multiple-response questions and has a time limit of 180 minutes. SAP-C01 exam is available in multiple languages and can be taken online or at a testing center.

 

NEW QUESTION # 162
A Company has a security event whereby an Amazon S3 bucket with sensitive information was made public.
Company policy is to never have public S3 objects, and the Compliance team must be informed immediately when any public objects are identified.
How can the presence of a public S3 object be detected, set to trigger alarm notifications, and automatically remediated in the future? (Choose two.)

  • A. Turn on object-level logging for Amazon S3. Turn on Amazon S3 event notifications to notify by using an Amazon SNS topic when a PutObject API call is made with a public-read permission.
  • B. Use the S3 bucket permissions for AWS Trusted Advisor and configure a CloudWatch event to notify by using Amazon SNS.
  • C. Schedule a recursive Lambda function to regularly change all object permissions inside the S3 bucket.
  • D. Configure an Amazon CloudWatch Events rule that invokes an AWS Lambda function to secure the S3 bucket.
  • E. Turn on object-level logging for Amazon S3. Configure a CloudWatch event to notify by using an SNS topic when a PutObject API call with public-read permission is detected in the AWS CloudTrail logs.

Answer: D,E

Explanation:
Explanation
https://aws.amazon.com/blogs/security/how-to-detect-and-automatically-remediate-unintended-permissions-in-am


NEW QUESTION # 163
A company has an application that runs on Amazon EC2 instances in an Amazon EC2 Auto Scaling group. The company uses AWS CodePipeline to deploy the application. The instances that run in the Auto Scaling group are constantly changing because of scaling events
When the company deploys new application code versions the company Installs the AWS CodeDeploy agent on any new target EC2 instances and associates the instances with the CodeDeploy deployment group The application is set to go live within the next 24 hours
What should a solutions architect recommend to automate the application deployment process with the LEAST amount of operational overhead?

  • A. Create a new AWS CodeBuild project that creates a new AMI that contains the new code Configure CodeBuild to update the Auto Scaling group's launch template to the new AMI Run an Amazon EC2 Auto Scaling instance refresh operation.
  • B. Create a new AMI that has the CodeDeploy agent installed Configure the Auto Scaling group's launch template to use the new AMI Associate the CodeDeploy deployment group with the Auto Scaling group instead of the EC2 instances.
  • C. Write a script to suspend Amazon EC2 Auto Scaling operations before the deployment of new code. When the deployment is complete, create a new AMI and configure the Auto Scaling group's launch template to use the new AMI for new launches. Resume Amazon EC2 Auto Scaling operations
  • D. Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function when a new EC2 instance is launched into the Auto Scaling group. Code the Lambda function to associate the EC2 instances with the CodeDeploy deployment group.

Answer: A


NEW QUESTION # 164
A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect must implement a solution that the company can use to share a common network across multiple accounts.
The company's infrastructure team has a dedicated infrastructure account lhat has a VPC. The infrastructure team must use this account to manage the network. Individual accounts cannot have the ability to manage their own networks. However, individual accounts must be able to create AWS resources within subnets.
Which combination of actions should the solutions architect perform to meet these requirements? (Select TWO.)

  • A. Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each prefix list to associate with the resource share.
  • B. Enable resource sharing from the AWS Organizations management account.
  • C. Create VPCs in each AWS account within the organization in AWS Organizations. Configure the VPCs to share the same CIDR range and subnets as the VPC in the infrastructure account. Peer the VPCs in each individual account with the VPC in the infrastructure account,
  • D. Create a transit gateway in the infrastructure account.
  • E. Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to
  • F. associate with the resource share.

Answer: B,E


NEW QUESTION # 165
A company has developed a mobile flame. The backend for the game runs on several virtual machines located in an on-premises data canter. The business logic is exposed using a REST API with multiple functions. Player session data is stored in central all storage Backend services use different API keys for throttling and to distinguish between live and test traffic.
The load on the game backend varies throughout the day. During peak hours the server capacity is not sufficient. There are also latency issues when fetching player session data Management has asked a solutions architect to present a cloud architecture that can handle the game's varying load and provide low-latency data access. The API model should not be changed.
Which solution meets these requirements?

  • A. Implement the REST API using Amazon API GateWay Run the business logic in AWS Lambda Store player session data in Amazon DynamoDB win on-demand capacity
  • B. implement the REST API using a Network Load Balancer (NLB) Run the business logic on an Amazon EC2 instance behind the NLB Store player session data in Amazon Aurora Serverless.
  • C. Implement the REST API using an Application Load Balancer (ALB) Run the business logic in AWS Lambda Store player session data in Amazon DynamoDB with on-demand capacity.
  • D. Implement the RFST API using AWS AppSync Run the business logic in AWS Lambda Store player session data in Amazon Aurora Serverless.

Answer: A


NEW QUESTION # 166
What combination of steps could a Solutions Architect take to protect a web workload running on Amazon EC2 from DDoS and application layer attacks? (Select two.)

  • A. Put the EC2 instances behind a Network Load Balancer and configure AWS WAF on it.
  • B. Create and use an internet gateway in the VPC and use AWS Shield.
  • C. Create and use an Amazon CloudFront distribution and configure AWS WAF on it.
  • D. Migrate the DNS to Amazon Route 53 and use AWS Shield
  • E. Put the EC2 instances in an Auto Scaling group and configure AWS WAF on it.

Answer: B,C


NEW QUESTION # 167
A company has multiple business units. Each business unit has its own AWS account and runs a single website within that account. The company also has a single logging account Logs from each business unit website are aggregated into a single Amazon 53 bucket in the logging account The S3 bucket policy provides each business unit with access to write data into the bucket and requires data lo be encrypted The company needs to encrypt togs uploaded into the bucket using a single AWS Key Management Service (AWS KMS) CMK. The CMK that protects the data must be rotated once every 365 days Which strategy is the MOST operationally efficient for the company to use to meet these requirements?

  • A. Use an AWS managed CMK in the logging account Update the CMK key policy to provide access to the logging account and business unit accounts Manually rotate the CMK every 365 days
  • B. Create a customer managed CMK in the logging account Update the CMK key policy to provide access to the logging account only. Manually rotate the CMK every 355 days
  • C. Create a customer managed CMK in the logging account Update the CMK key policy to provide access to the logging account and business unit accounts Enable automatic rotation of the CMK
  • D. Use an AWS managed CMK in the logging account. Update the CMK key policy to provide access to the logging account only Enable automatic rotation of the CMK.

Answer: C

Explanation:
Explanation
https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html rotation is 365d


NEW QUESTION # 168
A company is designing a new highly available web application on AWS. The application requires consistent and reliable connectivity from the application servers in AWS to a backend REST API hosted in the company's on-premises environment. The backend connection between AWS and on-premises will be routed over an AWS Direct Connect connection through a private virtual interface. Amazon Route 53 will be used to manage private DNS records for the application to resolve the IP address on the backend REST API.
Which design would provide a reliable connection to the backend API?

  • A. Install a second cross connect for the same Direct Connect connection from the same network carrier, and join both connections to the same link aggregation group (LAG) on the same private virtual interface.
  • B. Create an IPSec VPN connection routed over the public internet from the on-premises data center to AWS and attach it to the same virtual private gateway as the Direct Connect connection.
  • C. Install a second Direct Connect connection from a different network carrier and attach it to the same virtual private gateway as the first Direct Connect connection.
  • D. Implement at least two backend endpoints for the backend REST API, and use Route 53 health checks to monitor the availability of each backend endpoint and perform DNS-level failover.

Answer: C

Explanation:
https://aws.amazon.com/answers/networking/aws-single-data-center-ha-network-connectivity/


NEW QUESTION # 169
A fitness tracking company serves users around the world, with its primary markets in North America and Asi a. The company needs to design an infrastructure for its read-heavy user authorization application with the following requirements:
* Be resilient to problems with the application in any Region.
* Write to a database in a single Region.
* Read from multiple Regions.
* Support resiliency across application tiers in each Region.
* Support the relational database semantics reflected in the application.
Which combination of steps should a solutions architect take? (Select TWO.)

  • A. Use an Amazon Route 53 geolocation routing policy combined with a failover routing policy.
  • B. Use an Amazon Route 53 geoproximity routing policy combined with a multivalue answer routing policy.
  • C. Set up web, application, and Amazon RDS for MySQL instances in each Region. Set up the application so that reads are local and writes are partitioned based on the user. Set up a Multi-AZ failover for the web, application, and database servers. Set up cross-Region replication for the database layer.
  • D. Deploy web. application, and MySQL database servers to Amazon EC2 instances in each Region. Set up the application so that reads and writes are local to the Region. Create snapshots of the web, application, and database servers and store the snapshots in an Amazon S3 bucket in both Regions. Set up cross-Region replication for the database layer.
  • E. Set up active-active web and application servers in each Region. Deploy an Amazon Aurora global database with clusters in each Region. Set up the application to use the in-Region Aurora database endpoints. Create snapshots of the web and application servers and store them in an Amazon S3 bucket in both Regions.

Answer: A,E

Explanation:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html Geoproximity routing policy is good to control the user traffic to specific regions. However, a multivalue answer routing policy may cause the users to be randomly sent to other healthy regions that may be far away from the user's location. You can use geolocation routing policy to direct the North American users to your servers on the North America region and configure failover routing to the Asia region in case the North America region fails. You can configure the same for the Asian users pointed to the Asia region servers and have the North America region as its backup.


NEW QUESTION # 170
A Solutions Architect is designing a network solution for a company that has applications running in a data center in Northern Virgini a. The applications in the company's data center require predictable performance to applications running in a virtual private cloud (VPC) located in us-east-1, and a secondary VPC in us-west-2 within the same account. The company data center is collocated in an AWS Direct Connect facility that serves the us-est-1 region. The company has already ordered an AWS Direct Connect connection and a cross-connect has been established.
Which solution will meet the requirements at the LOWEST cost?

  • A. Order a second Direct Connect connection to a Direct Connect facility with connectivity to the us-west-2 region. Work with partner to establish a network extension link over dark fiber from the Direct Connect facility to the company's data center. Establish private VIFs on the Direct Connect connections for each of the company's VPCs in the respective regions. Configure the company's data center router to connect directly with the VPCs in those regions via the private VIFs.
  • B. Deploy a transit VPC solution using Amazon EC2-based router instances in the us-east-1 region. Establish IPsec VPN tunnels between the transit routers and virtual private gateways (VGWs) located in the us-east-1 and us-west-2 regions, which are attached to the company's VPCs in those regions. Create a public VIF on the Direct Connect connection and establish IPsec VPN tunnels over the public VIF between the transit routers and the company's data center router.
  • C. Provision a Direct Connect gateway and attach the virtual private (VGW) for the VPC in us-east-1 and the VGW for the VPC in us-west-2. Create a private VIF on the Direct Connect connection and associate it to the Direct Connect gateway.
  • D. Create private VIFs on the Direct Connect connection for each of the company's VPCs in the us-est-1 and us-west-2 regions. Configure the company's data center router to connect directly with the VPCs in those regions via the private VIFs.

Answer: B

Explanation:
https://aws.amazon.com/blogs/aws/new-aws-direct-connect-gateway-inter-region-vpc-access/


NEW QUESTION # 171
A company is developing and hosting several projects in the AWS Cloud. The projects are developed across multiple AWS accounts under the same organization in AWS Organizations. The company requires the cost lor cloud infrastructure to be allocated to the owning project. The team responsible for all of the AWS accounts has discovered that several Amazon EC2 instances are lacking the Project tag used for cost allocation.
Which actions should a solutions architect take to resolve the problem and prevent it from happening in the future? (Select THREE.)

  • A. Use AWS Security Hub to aggregate a list of EC2 instances with the missing Project tag.
  • B. Create an AWS Config aggregator for the organization to collect a list of EC2 instances with the missing Project tag.
  • C. Create an SCP in the organization with a deny action for ec2:Runlnstances if the Project tag is missing.
  • D. Create an AWS Config rule in each account to find resources with missing tags.
  • E. Create an IAM policy in each account with a deny action for ec2:RunInstances if the Project tag is missing.
  • F. Use Amazon Inspector in the organization to find resources with missing tags.

Answer: B,C,E


NEW QUESTION # 172
A company is running multiple workloads in the AWS Cloud The company has separate units for software development The company uses AWS Organizations and federation with SAML to give permissions to developers to manage resources in their AWS accounts The development units each deploy their production workloads into a common production account Recently, an incident occurred in the production account in which members of a development unit terminated an EC2 instance that belonged to a different development unit. A solutions architect must create a solution that prevents a similar incident from happening in the future. The solution also must a low developers the possibilityy to manage the instances used for their workloads.
Which strategy will meet these requirements?

  • A. Create separate OUs in AWS Organizations for each development unit Assign the created OUs to the company AWS accounts Create separate SCPs with a deny action and a StringNotEquals condition for the DevelopmentUnit resource tag that matches the development unit name Assign the SCP to the corresponding OU
  • B. Pass an attribute for DevelopmentUnit as an AWS Secunty Token Service (AWS STS) session tag during SAML federation Update the 1AM policy for the developers' assumed 1AM role with a deny action and a StringNotEquals condition for the DevelopmentUnit resource tag and aws PrincipalTag/DevelopmentUnit
  • C. Create separate 1AM policies for each development unit For every 1AM policy add an allow action and a StringEquals condition for the DevelopmentUnit resource tag and the development unit name During SAML federation use AWS Security Token Service (AWS STS) to assign the 1AM policy and match the development unit name to the assumed IAM role
  • D. Pass an attribute for DevelopmentUnit as an AWS Security Token Service (AWS STS) session tag during SAML federation Create an SCP with an allow action and a StrmgEquals condition for the DevelopmentUnit resource tag and aws Principal Tag 'DevelopmentUnit Assign the SCP to the root OU.

Answer: A


NEW QUESTION # 173
A company wants to improve cost awareness for its Amazon EMR platform. The company has allocated budgets for each team's Amazon EMR usage. When a budgetary threshold is reached, a notification should be sent by email to the budget office's distribution list. Teams should be able to view their EMR cluster expenses to date. A solutions architect needs to create a solution that ensures the policy is proactively and centrally enforced in a multi-account environment.
Which combination of steps should the solutions architect take to meet these requirements? (Select TWO )

  • A. Implement Amazon CloudWatch dashboards for Amazon EMR usage
  • B. Create an EMR bootstrap action that runs at startup that calls the Cost Explorer API to set the budget on the cluster with the GetCostForecast and NotificationsWithSubscribers actions.
  • C. Create an AWS Service Catalog portfolio tor each team. Add each team's Amazon EMR cluster as an AWS Cloud Formationtemplate to their Service Catalog portfolio as a Product.
  • D. Update the AWS ClouddFormation template to include the AWS::Budgets::Budget::resource with the NotificationsWithSubscribers property.
  • E. Create an Amazon CloudWatch metric for billing. Create a custom alert when costs exceed the budgetary threshold.

Answer: C,D

Explanation:
https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_budgets.html


NEW QUESTION # 174
A large company recently experienced an unexpected increase in Amazon RDS and Amazon DynamoDB costs. The company needs to increase visibility into delays of AWS Billing and Cost Management. There are various accounts associated with AWS Organizations, including many development and production accounts.
There is no consistent tagging strategy across the organization, but there are guidelines in place that require all infrastructure to be deployed using AWS CloudFormation with consistent tagging Management requires cost center numbers and project ID numbers for all existing and future DynamoOB tables and RDS distances.
Which strategy should the solutions architect provide to meet these requirements?

  • A. Create cost allocation tags to define the cost center and project ID and allow 24 hours for tags to propagate to existing resources. Update existing federated roles to restrict privileges to provision resources that do not include the cost center and project ID on the resource
  • B. Use an AWS Config rule to alert the finance team of untagged resources. Create a centralized AWS Lambda based solution to tag untagged RDS databases and DynamoOB resources every hour using a cross-account role
  • C. Use Tag Editor to tag existing resources. Create cost allocation tags to define the cost center and project ID and allow 24 hours for lags to propagate to existing resources.
  • D. Use Tag Editor to tag existing resources. Create cost allocation lags to define the cost center and project ID Use SCPs to restrict resource creation that do not have the cost center and project ID on the resource.

Answer: C


NEW QUESTION # 175
You are the new IT architect in a company that operates a mobile sleep tracking application.
When activated at night, the mobile app is sending collected data points of 1 kilobyte every 5 minutes to your backend.
The backend takes care of authenticating the user and writing the data points into an Amazon DynamoDB table.
Every morning, you scan the table to extract and aggregate last night's data on a per user basis, and store the results in Amazon S3. Users are notified via Amazon SNS mobile push notifications that new data is available, which is parsed and visualized by the mobile app.
Currently you have around 100k users who are mostly based out of North America.
You have been tasked to optimize the architecture of the backend system to lower cost.
What would you recommend? (Choose 2)

  • A. Introduce an Amazon SQS queue to buffer writes to the Amazon DynamoDB table and reduce provisioned write throughput.
  • B. Introduce Amazon Elasticache to cache reads from the Amazon DynamoDB table and reduce provisioned read throughput.
  • C. Have the mobile app access Amazon DynamoDB directly Instead of JSON files stored on Amazon S3.
  • D. Create a new Amazon DynamoDB table each day and drop the one for the previous day after its data is on Amazon S3.
  • E. Write data directly into an Amazon Redshift cluster replacing both Amazon DynamoDB and Amazon S3.

Answer: A,D


NEW QUESTION # 176
A company is deploying a public-facing global application on AWS using Amazon CloudFront. The application communicates with an external system A solutions architect needs to ensure the data is secured during end-to-end transit and at rest Which combination of steps will satisfy these requirements? (Select THREE)

  • A. Create a public certificate for the requited domain in AWS Certificate Manager and deploy it to CloudFront an Application Load Balancer and Amazon EC2 instances
  • B. Provision Amazon EBS encrypted volumes using AWS KMS and ensure explicit encryption of data when writing to Amazon EBS
  • C. Acquire a public certificate from a third-party vendor and deploy it to CloudFront an Application Load Balancer and Amazon EC2 instances
  • D. Use SSL or encrypt data while communicating with the external system using a VPN
  • E. Communicate with the external system using plaintext and use the VPN to encrypt the data in transit
  • F. Provision Amazon EBS encrypted volumes using AWS KMS

Answer: A,D,F

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html


NEW QUESTION # 177
......

SAP-C01 Exam Dumps, SAP-C01 Practice Test Questions: https://actualtests.realvalidexam.com/SAP-C01-real-exam-dumps.html

Related Articles

more
Amazon SAP-C01 Certification Practice Exam

Our Study Torrent has reached high pass rate can help you pass the exam. Our Practice materials will be the best choice for you to prepare your actual. Our Exam Questions have been widely praised by all of our customers in many countries.

Tags

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealValidExam NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy