SAP-C02 Exam Dumps - Amazon Web Services AWS Certified Professional Questions and Answers

Question # 49

A company needs to improve the security of its web application on AWS. The application runs on a fleet of Amazon EC2 instances behind a public Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB is registered as a custom origin in an Amazon CloudFront distribution.

The company wants customers to access the website by using a fully qualified domain name (FQDN) that is associated with the CloudFront distribution. A security audit shows that the ALB can be accessed directly and that some requests bypass the CloudFront distribution.

The company needs a solution that will prevent direct access to the ALB. The solution also must ensure that all requests pass through the CloudFront distribution.

Which solution will meet these requirements?

Options:

Modify the security group that is attached to the ALB to allow incoming traffic from only the CloudFront distribution’s origin.

Configure the CloudFront distribution to use an AWS WAF web ACL to block requests that bypass the CloudFront distribution.

Add a security header to the CloudFront distribution. Implement header validation and enforcement at the ALB.

Configure an origin access control (OAC) for the CloudFront distribution. Update the ALB to allow only requests that come from the OAC.

Buy Now

Question # 50

A solutions architect needs to advise a company on how to migrate its on-premises data processing application to the AWS Cloud. Currently, users upload input files through a web portal. The web server then stores the uploaded files on NAS and messages the processing server over a message queue. Each media file can take up to 1 hour to process. The company has determined that the number of media files awaiting processing is significantly higher during business hours, with the number of files rapidly declining after business hours.

What is the MOST cost-effective migration recommendation?

Options:

Create a queue using Amazon SQS. Configure the existing web server to publish to the new queue. When there are messages in the queue, invoke an AWS Lambda function to pull requests from the queue and process the files. Store the processed files in an Amazon S3 bucket.

Create a queue using Amazon M. Configure the existing web server to publish to the new queue. When there are messages in the queue, create a new Amazon EC2 instance to pull requests from the queue and process the files. Store the processed files in Amazon EFS. Shut down the EC2 instance after the task is complete.

Create a queue using Amazon MO. Configure the existing web server to publish to the new queue. When there are messages in the queue, invoke an AWS Lambda function to pull requests from the queue and process the files. Store the processed files in Amazon EFS.

Create a queue using Amazon SOS. Configure the existing web server to publish to the new queue. Use Amazon EC2 instances in an EC2 Auto Scaling group to pull requests from the queue and process the files. Scale the EC2 instances based on the SOS queue length. Store the processed files in an Amazon S3 bucket.

Buy Now

Question # 51

A company runs applications in hundreds of production AWS accounts. The company uses AWS Organizations with all features enabled and has a centralized backup

operation that uses AWS Backup.

The company is concerned about ransomware attacks. To address this concern, the company has created a new policy that all backups must be resilient to breaches of privileged-user credentials in any production account.

Which combination of steps will meet this new requirement? (Select THREE.)

Options:

Implement cross-account backup with AWS Backup vaults in designated non-production accounts.

Add an SCP that restricts the modification of AWS Backup vaults.

Implement AWS Backup Vault Lock in compliance mode.

Configure the backup frequency, lifecycle, and retention period to ensure that at least one backup always exists in the cold tier.

Configure AWS Backup to write all backups to an Amazon S3 bucket in a designated non-production account. Ensure that the S3 bucket has S3 Object Lock enabled.

Implement least privilege access for the IAM service role that is assigned to AWS Backup.

Buy Now

Question # 52

A company is migrating its development and production workloads to a new organization in AWS Organizations. The company has created a separate member account for development and a separate member account for production. Consolidated billing is linked to the management account. In the management account, a solutions architect needs to create an 1AM user that can stop or terminate resources in both member accounts.

Which solution will meet this requirement?

Options:

Create an IAM user and a cross-account role in the management account. Configure the cross-account role with least privilege access to the member accounts.

Create an IAM user in each member account. In the management account, create a cross-account role that has least privilege access. Grant the IAM users access to the cross-account role by using a trust policy.

Create an IAM user in the management account. In the member accounts, create an IAM group that has least privilege access. Add the IAM user from the management account to each IAM group in the member accounts.

Create an IAM user in the management account. In the member accounts, create cross-account roles that have least privilege access. Grant the IAM user access to the roles by using a trust policy.

Buy Now

Question # 53

A company wants to migrate an application to Amazon EC2 from VMware Infrastructure that runs in an on-premises data center. A solutions architect must preserve the software and configuration settings during the migration.

What should the solutions architect do to meet these requirements?

Options:

Configure the AWS DataSync agent to start replicating the data store to Amazon FSx for Windows File Server Use the SMB share to host the VMware data store. Use VM Import/Export to move the VMs to Amazon EC2.

Use the VMware vSphere client to export the application as an image in Open Virealization Format (OVF) format Create an Amazon S3 bucket to store the image in the destination AWS Region. Create and apply an IAM role for VM Import Use the AWS CLI to run the EC2 import command.

. Configure AWS Storage Gateway for files service to export a Common Internet File System(CIFSJ share. Create a backup copy to the shared folder. Sign in to the AWS Management Console and create an AMI from the backup copy Launch an EC2 instance that is based on the AMI.

Create a managed-instance activation for a hybrid environment in AWS Systems Manager. Download and install Systems Manager Agent on the on-premises VM Register the VM with Systems Manager to be a managed instance Use AWS Backup to create a snapshot of the VM and create an AMI. Launch an EC2 instance that is based on the AMI

Buy Now

Question # 54

A retail company wants to improve its application architecture. The company ' s applications register new orders, handle returns of merchandise, and provide analytics. The applications store retail data in a MySQL database and an Oracle OLAP analytics database. All the applications and databases are hosted on Amazon EC2 instances.

Each application consists of several components that handle different parts of the order process. These components use incoming data from different sources. A separate ETL job runs every week and copies data from each application to the analytics database.

A solutions architect must redesign the architecture into an event-driven solution that uses serverless services. The solution must provide updated analytics in near real time.

Which solution will meet these requirements?

Options:

Migrate the individual applications as microservices to Amazon ECS containers that use AWS Fargate. Keep the retail MySQL database on Amazon EC2. Move the analytics database to Amazon Neptune. Use Amazon SQS to send all the incoming data to the microservices and the analytics database.

Create an Auto Scaling group for each application. Specify the necessary number of EC2 instances in each Auto Scaling group. Migrate the retail MySQL database and the analytics database to Amazon Aurora MySQL. Use Amazon SNS to send all the incoming data to the correct EC2 instances and the analytics database.

Migrate the individual applications as microservices to Amazon EKS containers that use AWS Fargate. Migrate the retail MySQL database to Amazon Aurora Serverless MySQL. Migrate the analytics database to Amazon Redshift Serverless. Use Amazon EventBridge to send all the incoming data to the microservices and the analytics database.

Migrate the individual applications as microservices to Amazon AppStream 2.0. Migrate the retail MySQL database to Amazon Aurora MySQL. Migrate the analytics database to Amazon Redshift Serverless. Use AWS IoT Core to send all the incoming data to the microservices and the analytics database.

Buy Now

Answer:

Explanation:

The requirements call for an event-driven redesign that uses serverless services and provides near real-time analytics updates. The current architecture relies on weekly ETL jobs, which is incompatible with near real-time analytics.

A serverless, event-driven architecture on AWS typically uses a managed event bus for decoupling producers and consumers and enabling routing/filtering to multiple targets. The analytics requirement suggests that events (orders, returns, updates) should be streamed to an analytics store continuously rather than copied on a weekly schedule.

Option C aligns with these goals. It modernizes the application components into microservices on a serverless compute substrate (AWS Fargate) and modernizes the databases to managed serverless offerings where possible. Aurora Serverless for MySQL provides an on-demand relational database option that reduces operational overhead for the transactional store. Redshift Serverless provides a managed data warehousing service suitable for analytics without provisioning clusters. Using Amazon EventBridge provides a serverless event routing layer that can deliver events from multiple sources to multiple targets, which supports near real-time propagation of business events from the applications into analytics ingestion and processing.

Option A is not fully aligned: it retains the transactional MySQL database on EC2 (not serverless/managed for the database layer) and moves analytics to Amazon Neptune, which is a graph database, not the typical replacement for an OLAP analytics database. SQS is a queue suited for point-to-point message processing, not a flexible event bus for fan-out to multiple analytics consumers and routing based on event patterns.

Option B is not serverless because it uses EC2 Auto Scaling groups for application compute. Although SNS can distribute messages, this option keeps compute server-based and does not directly provide a near real-time analytics warehouse pattern; it also uses Aurora MySQL for analytics, which is not a typical OLAP warehouse replacement compared to Redshift.

Option D is not appropriate: Amazon AppStream 2.0 is a service for streaming desktop applications to users, not for hosting microservices. AWS IoT Core is optimized for IoT device messaging and telemetry and is not the standard integration backbone for business application event routing across microservices and analytics.

Therefore, option C best satisfies the requirement for an event-driven, serverless architecture with near real-time analytics.

[References:AWS documentation on event-driven architectures using Amazon EventBridge for routing events from producers to multiple consumers with filtering rules.AWS documentation on Amazon Aurora Serverless for managed, on-demand relational database capacity with reduced operational management.AWS documentation on Amazon Redshift Serverless as a managed analytics warehouse that supports near real-time ingestion and querying without provisioning clusters., , , , ]

Question # 55

A live-events company is designing a scaling solution for its ticket application on AWS. The application has high peaks of utilization during sale events. Each sale event is a one-time event that is scheduled. The application runs on Amazon EC2 instances that are in an Auto Scaling group.

The application uses PostgreSQL for the database layer.

The company needs a scaling solution to maximize availability during the sale events.

Which solution will meet these requirements?

Options:

Use a predictive scaling policy for the EC2 instances. Host the database on an Amazon Aurora PostgreSQL Serverless v2 Multi-AZ DB instance with automatically scaling read replicas. Create an AWS Step Functions state machine to run parallel AWS Lambda functions to pre-warm the database before a sale event. Create an Amazon EventBridge rule to invoke the state machine.

Use a scheduled scaling policy for the EC2 instances. Host the database on an Amazon RDS for PostgreSQL Multi-AZ DB instance with automatically scaling read replicas. Create an Amazon EventBridge rule that invokes an AWS Lambda function to create a larger read replica before a sale event. Fail over to the larger read replica. Create another EventBridge rule that invokes another Lambda function to scale down the read replica after the sale e

Use a predictive scaling policy for the EC2 instances. Host the database on an Amazon RDS for PostgreSQL Multi-AZ DB instance with automatically scaling read replicas. Create an AWS Step Functions state machine to run parallel AWS Lambda functions to pre-warm the database before a sale event. Create an Amazon EventBridge rule to invoke the state machine.

Use a scheduled scaling policy for the EC2 instances. Host the database on an Amazon Aurora PostgreSQL Multi-AZ DB cluster. Create an Amazon EventBridge rule that invokes an AWS Lambda function to create a larger Aurora Replica before a sale event. Fail over to the larger Aurora Replica. Create another EventBridge rule that invokes another Lambda function to scale down the Aurora Replica after the sale event.

Buy Now

Answer:

Explanation:

The correct answer is D.

D. This solution meets the requirements because it uses a scheduled scaling policy for the EC2 instances, which can adjust the capacity according to the known sale events. It also uses Amazon Aurora PostgreSQL Multi-AZ DB cluster, which provides high availability and durability for the database. It uses Amazon EventBridge rules and AWS Lambda functions to create a larger Aurora Replica before a sale event and fail over to it, which can improve the performance and handle the increased traffic.It also uses anotherEventBridge rule and Lambda function to scale down the Aurora Replica after the sale event, which can save costs123

A. This solution is incorrect because it uses predictive scaling policy for the EC2 instances, which is not suitable for one-time events that are scheduled. Predictive scaling is based on historical data and machine learning, which may not accurately forecast the demand for sale events. It also uses Amazon Aurora PostgreSQL Serverless v2 Multi-AZ DB instance, which does not support read replicas.The use of AWS Step Functions state machine and Lambda functions to pre-warm the database is unnecessary and adds complexity45

B. This solution is incorrect because it uses Amazon RDS for PostgreSQL Multi-AZ DB instance with automatically scaling read replicas, which may not provide enough performance improvement for the sale events. The use of EventBridge rules and Lambda functions to create a larger read replica and fail over to it is risky and may cause downtime ordata loss.The use of another EventBridge rule and Lambda function to scale down the read replica is also risky and may cause inconsistency or data loss67

C. This solution is incorrect because it uses predictive scaling policy for the EC2 instances, which is not suitable for one-time events that are scheduled. Predictive scaling is based on historical data and machine learning, which may not accurately forecast the demand for sale events.The use of AWS Step Functions state machine and Lambda functions to pre-warm the database is unnecessary and adds complexity45

[References:, 1:Scheduled scaling for Amazon EC2 Auto Scaling2:Amazon Aurora PostgreSQL features3:Amazon EventBridge rules4:Predictive scaling for Amazon EC2 Auto Scaling5:Amazon Aurora Serverless v26:Multi-AZ DB instance deployments - Amazon Relational Database Service7:Working with PostgreSQL read replicas - Amazon Relational Database Service, , , , , , , , , ]

Question # 56

A company is designing a new website that hosts static content. The website will give users the ability to upload and download large files. According to company requirements, all data must be encrypted in transit and at rest. A solutions architect is building the solution by using Amazon S3 and Amazon CloudFront.

Which combination of steps will meet the encryption requirements? (Select THREE.)

Options:

Turn on S3 server-side encryption for the S3 bucket that the web application uses.

Add a policy attribute of " aws:SecureTransport " : " true " for read and write operations in the S3 ACLs.

Create a bucket policy that denies any unencrypted operations in the S3 bucket that the web application uses.

Configure encryption at rest on CloudFront by using server-side encryption with AWS KMS keys (SSE-KMS).

Configure redirection of HTTP requests to HTTPS requests in CloudFront.

Use the RequireSSL option in the creation of presigned URLs for the S3 bucket that the web application uses.

Buy Now

Question # 57

A company provides auction services for artwork and has users across North America and Europe. The company hosts its application in Amazon EC2 instances in the us-east-1 Region. Artists upload photos of their work as large-size, high-resolution image files from their mobile phones to a centralized Amazon S3 bucket created in the us-east-l Region. The users in Europe are reporting slow performance for their Image uploads.

How can a solutions architect improve the performance of the image upload process?

Options:

Redeploy the application to use S3 multipart uploads.

Create an Amazon CloudFront distribution and point to the application as a custom origin

Configure the buckets to use S3 Transfer Acceleration.

Create an Auto Scaling group for the EC2 instances and create a scaling policy.

Buy Now

Question # 58

A company is migrating to AWS and needs to inventory physical and virtual servers, apps, and database relationships to properly rightsize and plan migration.

Options:

Use Migration Evaluator with Agentless Collector.

Use Migration Hub with Discovery Agent and Strategy Recommendations.

Use Migration Hub with Agentless Collector and Migration Service.

Use Migration Hub import tool.

Buy Now

Question # 59

A company is using AWS Organizations lo manage multiple AWS accounts For security purposes, the company requires the creation of an Amazon Simple Notification Service (Amazon SNS) topic that enables integration with a third-party alerting system in all the Organizations member accounts

A solutions architect used an AWS CloudFormation template to create the SNS topic and stack sets to automate the deployment of CloudFormation stacks Trusted access has been enabled in Organizations

What should the solutions architect do to deploy the CloudFormation StackSets in all AWS accounts?

Options:

Create a stack set in the Organizations member accounts. Use service-managed permissions. Set deployment options to deploy to an organization. Use CloudFormation StackSets drift detection.

Create stacks in the Organizations member accounts. Use self-service permissions. Set deployment options to deploy to an organization. Enable the CloudFormation StackSets automatic deployment.

Create a stack set in the Organizations management account Use service-managed permissions. Set deployment options to deploy to the organization. Enable CloudFormation StackSets automatic deployment.

Create stacks in the Organizations management account. Use service-managed permissions. Set deployment options to deploy to the organization. Enable CloudFormation StackSets drift detection.

Buy Now

Question # 60

A company is storing data in several Amazon DynamoDB tables. A solutions architect must use a serverless architecture to make the data accessible publicly through a simple API over HTTPS. The solution must scale automatically in response to demand.

Which solutions meet these requirements? (Choose two.)

Options:

Create an Amazon API Gateway REST API. Configure this API with direct integrations to DynamoDB by using API Gateway’s AWS integration type.

Create an Amazon API Gateway HTTP API. Configure this API with direct integrations to Dynamo DB by using API Gateway’s AWS integration type.

Create an Amazon API Gateway HTTP API. Configure this API with integrations to AWS Lambda functions that return data from the DynamoDB tables.

Create an accelerator in AWS Global Accelerator. Configure this accelerator with AWS Lambda@Edge function integrations that return data from the DynamoDB tables.

Create a Network Load Balancer. Configure listener rules to forward requests to the appropriate AWS Lambda functions

Buy Now

Question # 61

A global company operates a platform that serves customers across multiple AWS Regions. The platform stores customer behavioral data.

For data residency compliance, the company must ensure that personally identifiable information (PII) data remains within the Region where the data is collected. Additionally, the company must ensure that cross-Region data analysis uses only anonymized datasets.

Which solution will meet these requirements?

Options:

Deploy AWS Outposts in each Region to keep data on premises. Store data in Amazon S3 on Outposts. Use AWS Glue DataBrew to anonymize PII data. Analyze cross-Region data by using Amazon Athena.

Deploy Amazon Aurora PostgreSQL clusters in separate Regions. Use AWS Glue DataBrew to anonymize PII data. Analyze cross-Region data by using Amazon Redshift Serverless.

Deploy Amazon Aurora PostgreSQL clusters in separate Regions. Use AWS Lambda functions to anonymize PII data before replication. Use AWS PrivateLink to connect Amazon QuickSight to cross-Region databases for analysis.

Deploy Amazon S3 buckets in each Region. Enable S3 Block Public Access and bucket policies to prevent cross-Region replication. Use Amazon Macie to anonymize data. Analyze cross-Region data by using Amazon Athena.

Buy Now

Question # 62

A company operates an on-premises software-as-a-service (SaaS) solution that ingests several files daily. The company provides multiple public SFTP endpoints to its customers to facilitate the file transfers. The customers add the SFTP endpoint IP addresses to their firewall allow list for outbound traffic. Changes to the SFTP endmost IP addresses are not permitted.

The company wants to migrate the SaaS solution to AWS and decrease the operational overhead of the file transfer service.

Which solution meets these requirements?

Options:

Register the customer-owned block of IP addresses in the company ' s AWS account. Create Elastic IP addresses from the address pool and assign them to an AWS Transfer for SFTP endpoint. Use AWS Transfer to store the files in Amazon S3.

Add a subnet containing the customer-owned block of IP addresses to a VPC Create Elastic IP addresses from the address pool and assign them to an Application Load Balancer (ALB). Launch EC2 instances hosting FTP services in an Auto Scaling group behind the ALB. Store the files in attached Amazon Elastic Block Store (Amazon EBS) volumes.

Register the customer-owned block of IP addresses with Amazon Route 53. Create alias records in Route 53 that point to a Network Load Balancer (NLB). Launch EC2 instances hosting FTP services in an Auto Scaling group behind the NLB. Store the files in Amazon S3.

Register the customer-owned block of IP addresses in the company ' s AWS account. Create Elastic IP addresses from the address pool and assign them to an Amazon S3 VPC endpoint. Enable SFTP support on the S3 bucket.

Buy Now

Question # 63

A company wants to optimize AWS data-transfer costs and compute costs across developer accounts within the company ' s organization in AWS Organizations Developers can configure VPCs and launch Amazon EC2 instances in a single AWS Region The EC2 instances retrieve approximately 1 TB of data each day from Amazon S3

The developer activity leads to excessive monthly data-transfer charges and NAT gateway processing charges between EC2 instances and S3 buckets, along with high compute costs The company wants to proactively enforce approved architectural patterns for any EC2 instance and VPC infrastructure that developers deploy within the AWS accounts The company does not wantthis enforcement to negatively affect the speed at which the developers can perform their tasks

Which solution will meet these requirements MOST cost-effectively?

Options:

Create SCPs to prevent developers from launching unapproved EC2 instance types Provide the developers with an AWS CloudFormation template to deploy an approved VPC configuration with S3 interface endpoints Scope the developers* IAM permissions so that the developers can launch VPC resources only with CloudFormation

Create a daily forecasted budget with AWS Budgets to monitor EC2 compute costs and S3 data-transfer costs across the developer accounts When the forecasted cost is 75% of the actual budget cost, send an alert to the developer teams If the actual budget cost is 100%. create a budget action to terminate the developers ' EC2 instances and VPC infrastructure

Create an AWS Service Catalog portfolio that users can use to create an approved VPC configuration with S3 gateway endpoints and approved EC2 instances Share the portfolio with the developer accounts Configure an AWS Service Catalog launch constraint to use an approved IAM role Scope the developers ' IAM permissions to allow access only to AWS Service Catalog

Create and deploy AWS Config rules to monitor the compliance of EC2 and VPC resources in the developer AWS accounts If developers launch unapproved EC2 instances or if developers create VPCs without S3 gateway endpoints perform a remediation action to terminate the unapproved resources

Buy Now

Exam Code: SAP-C02

Exam Name: AWS Certified Solutions Architect - Professional

Last Update: Jun 15, 2026

Questions: 674

SAP-C02 PDF

$25.5 ~~$84.99~~

Add to Cart

SAP-C02 Testing Engine

$28.5 ~~$94.99~~

Add to Cart

SAP-C02 PDF + Testing Engine

$40.5 ~~$134.99~~

Add to Cart

Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

certsboard certification exams

Navigation:

SAP-C02 Exam Dumps - Amazon Web Services AWS Certified Professional Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

SAP-C02 PDF

SAP-C02 Testing Engine

SAP-C02 PDF + Testing Engine

Quick Links

Recently New Released Certification Exams

Site Secure