(Dec-2020) AWS Certified Solutions Architect - Professional (SAP-C01) Exam Dumps

New VCE and PDF Exam Dumps from PassLeader
➢ Vendor: Amazon
➢ Exam Code: SAP-C01
➢ Exam Name: AWS Certified Solutions Architect - Professional
➢ New Questions (Dec/2020)
Visit PassLeader and Download Full Version SAP-C01 Exam Dumps
NEW QUESTION 751

A financial services company loaded millions of historical stock trades into an Amazon DynamoDB table. The table
uses on-demand capacity mode Once each day at midnight. a few million new records are loaded into the table
Application road activity against the table happens in bursts throughout the day. and a limited set of keys are
repeatedly looked up. The company needs to notice costs associated with DynamoDB. Which strategy should a
solutions architect recommend to meet this requirement?
A. Deploy an Amazon ElastiCache cluster in front of the DynamoDB table.

B. Deploy DynamoDB Accelerator (DAX) Configure DynamoDB auto scaling Purchase Savings Flans in Cost
Explorer.
C. Use provisioned capacity mode Purchase Savings Plans in Cost Explorer.
D. Deploy DynamoDB Accelerator (DAX). Use provisioned capacity mode. Configure DynamoDB auto scaling.
Answer: A
NEW QUESTION 752

A company is running a workload that consists of thousands of Amazon EC2 instances. The workload is running in a
VPC that contains several public subnets and private subnets. The public subnets have a route for 0 0.0 0/0 to an
existing internet gateway. The private subnets have a route for 0.0.0.0/0 to an existing NAT gateway. A solutions
architect needs to migrate the entire fleet of EC2 instances to use IPv6. The EC2 instances that are in private subnets
must not be accessible from the public internet. What should the solutions architect do to meet these requirements?
A. Update the existing VPC, and associate a custom IPv6 CIDR block with the VPC and all subnets.
Update all the VPC route tables, and add a route Tor 70 to the internet gateway.
B. Update the existing VPC, and associate an Amazon-provided IPv6 CIDR block with the VPC and all subnets.
Update the VPC route tables for all private subnets, and add a route for :/0 to the NAT gateway.
C. Update the existing VPC, and associate an Amazon-provided IPv6 CIDR block with the VPC and all subnets.
Create an egress-only internet gateway.
Update the VPC route tables for all private subnets, and add a route for :/0 to the egress-only internet gateway.
D. Update the existing VPC, and associate a custom IPv6 CIDR block with the VPC and all subnets.
Create a new NAT gateway, and enable IPv6 support.
Update the VPC route tables for all private subnets, and add a route for: 70 to the IPv6-enabled NAT gateway.
Answer: D
NEW QUESTION 753
SAP-C01 Exam Dumps SAP-C01 Exam Questions SAP-C01 PDF Dumps SAP-C01 VCE Dumps
https://www.passleader.com/aws-certified-solutions-architect-professional.html
A company is developing and hosting several projects in the AWS Cloud. The projects are developed across multiple
AWS accounts under the same organization in AWS Organizations. The company requires the cost for cloud
infrastructure to be allocated to the owning project. The team responsible for all of the AWS accounts has discovered
that several Amazon EC2 instances are lacking the Project tag used for cost allocation. Which actions should a
solutions architect take to resolve the problem and prevent it from happening in the future? (Choose three.)
A. Create an AWS Config rule in each account to find resources with missing tags.
B. Create an SCP in the organization with a deny action for ec2:Runlnstances if the Project tag is missing.
C. Use Amazon Inspector in the organization to find resources with missing tags.
D. Create an 1AM policy in each account with a deny action for ec2:Runlnstances if the Project tag is missing.
E. Create an AWS Config aggregator for the organization to collect a list of EC2 instances with the missing Project
tag.
F. Use AWS Security Hub to aggregate a list of EC2 instances with the missing Project tag.
Answer: ACD
NEW QUESTION 754

A company has a serverless application that is deployed on AWS. The application uses an Amazon API Gateway
REST API and AWS Lambda to receive and process requests from other applications within the company's on-
premises network. The application uses a pre-shared API key as the authentication method. A recent security review
showed that the application was accessible from anywhere on the internet. The company's security policy states that
requests can be accepted only from the company's on-premises network. What should a solutions architect
recommend to meet this requirement?
A. Configure a security group with rules to allow traffic only from within the company's public IP address range.
Attach the security group to the API Gateway API. and redeploy the API.
B. Create a Lambda function to inspect the requests and deny the execute-api:Invoke action if the request is not
from within the company's public IP address range.
Configure the Lambda function as a custom authorizer for the API Gateway API Redeploy the API.
C. Create a resource policy with a statement to deny the execute-api:Invoke action if the aws:Sourcelp attribute is
not from within the company's public IP address range.
Attach that resource policy to the API Gateway API Redeploy the API.
D. Configure a request validator for API Gateway to inspect the requests and deny the execute-api Invoke action if
the aws:Sourcelp attribute is not from within the company's public IP address range Redeploy the API Gateway API.
Answer: A
NEW QUESTION 755

A company wants to retire its Oracle Solans NFS storage arrays. The company requires rapid data migration over its
internet network connection to a combination of destinations for Amazon S3, Amazon Elastic File System (Amazon
EFS), and Amazon FSx for Windows File Server. The company also requires a full initial copy, as well as incremental
transfers of changes until the retirement of the storage arrays. All data must be encrypted and checked for integrity.
What should a solutions architect recommend to meet these requirements?
A. Configure CloudEndure.
Create a project and deploy the CloudEndure agent and token to the storage array.
Run the migration plan to start the transfer.
B. Configure AWS DataSync.
Configure the DataSync agent and deploy it to the local network.
Create a transfer task and start the transfer.
C. Configure the aws S3 sync command.
Configure the AWS client on the client side with credentials.
Run the sync command to start the transfer.
D. Configure AWS Transfer for FTP.
Configure the FTP client with credentials Script the client lo connect and sync to start the transfer.
Answer: A
NEW QUESTION 756

A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect must
implement a solution that the company can use to share a common network across multiple accounts. The company's
infrastructure team has a dedicated infrastructure account that has a VPC. The infrastructure team must use this
account to manage the network Individual accounts cannot have the ability to manage their own networks. However,
individual accounts must be able to create AWS resources within subnets. Which combination of actions should the
solutions architect perform to meet these requirements? (Choose two.)
A. Create a transit gateway in the infrastructure account.

B. Enable resource sharing from the AWS Organizations management account.
C. Create VPCs in each AWS account within the organization in AWS Organizations.
Configure the VPCs to share the same CIDR range and subnets as the VPC in the infrastructure account.
Peer the VPCs in each individual account with the VPC in the infrastructure account.
D. Create a resource share in AWS Resource Access Manager in the infrastructure account.
Select the specific AWS Organizations OU that will use the shared network.
Select each subnet to associate with the resource share.
E. Create a resource share in AWS Resource Access Manager in the infrastructure account.
Select the specific AWS Organizations OU that will use the shared network.
Select each prefix list to associate with the resource share.
Answer: BD
NEW QUESTION 757

A large company is running a popular web application. The application runs on several Amazon EC2 Linux instances
in an Auto Scaling group in a private subnet. An Application Load Balancer is targeting the instances in the Auto
Scaling group in the private subnet. AWS Systems Manager Session Manager is configured, and AWS Systems
Manager Agent is running on all the EC2 instances. The company recently released a new version of the application
Some EC2 instances are now being marked as unhealthy and are being terminated. As a result, the application is
running at reduced capacity. A solutions architect tries to determine the root cause by analyzing Amazon CloudWatch
logs that are collected from the application, but the logs are inconclusive. How should the solutions architect gam
access to an EC2 instance to troubleshoot the issue?
A. Suspend the Auto Scaling group's HealthCheck scaling process.

Use Session Manager to log in to an instance that is marked as unhealthy.
B. Enable EC2 instance termination protection.
C. Set the termination policy to Oldestlnstance on the Auto Scaling group.
D. Suspend the Auto Scaling group's Terminate process.
Answer: D
NEW QUESTION 758

A company has an on-premises Microsoft SQL Server database that writes a nightly 200 GB export to a local drive.
The company wants to move the backups to more robust cloud storage on Amazon S3. The company has set up a
10 Gbps AWS Direct Connect connection between the on-premises data center and AWS. Which solution meets
these requirements Most cost effectively?
A. Create a new S3 bucket Deploy an AWS Storage Gateway file gateway within the VPC that is connected to the
Direct Connect connection.
Create a new SMB file share.
Write nightly database exports to the new SMB file share.
B. Create an Amzon FSx for Windows File Server Single-AZ file system within the VPC that is connected to the
Direct Connect connection.
Write nightly database exports to an SMB file share on the Amazon FSx file system Enable backups.
C. Create an Amazon FSx for Windows File Server Multi-AZ system within the VPC that is connected to the Direct
Connect connection.
Write nightly database exports to an SMB file share on the Amazon FSx file system. Enable nightly backups.
D. Create a new S3 buckets Deploy an AWS Storage Gateway volume gateway within the VPC that is connected
to the Direct Connect connection.
Write nightly database exports to the new SMB file share on the volume gateway, and automate copies of this data
to an S3 bucket.
Answer: A
NEW QUESTION 759

A company that provisions job boards for a seasonal workforce is seeing an increase in traffic and usage. The
backend services run on a pair of Amazon EC2 instances behind an Application Load Balancer with Amazon
DynamoDB as the datastore Application read and write traffic is slow during peak seasons. Which option provides a
scalable application architecture to handle peak seasons with the LEAST development effort?
A. Migrate the backend services to AWS Lambda.

Increase the read and write capacity of DynamoDB.
B. Migrate the backend services to AWS Lambda.
Configure DynamoDB to use global tables.
C. Use Auto Scaling groups for the backend services.
Use DynamoDB auto scaling.
D. Use Auto Scaling groups for the backend services.
Use Amazon Simple Queue Service (Amazon SQS) and an AWS Lambda function to write to DynamoDB.
Answer: C
NEW QUESTION 760

A company requires that all internal application connectivity use private IP addresses. To facilitate this policy a
solutions architect has created interface endpoints to connect to AWS public services. Upon testing the solutions
architect notices that the service names are resolving to public IP addresses and that internal services cannot connect
to the interface endpoints. Which step should the solutions architect take to resolve this issue?
A. Update the subnet route table with a route to the interface endpoint.
B. Enable the private DNS option on the VPC attributes.
C. Configure the security group on the interface endpoint to allow connectivity to the AWS services.
D. Configure an Amazon Route 53 private hosted zone with a conditional forwarder for the internal application.
Answer: B
NEW QUESTION 761

A company manages an on-premises data ingestion application that receives metrics from loT devices in JSON
format. The data is collected transformed and stored m a data warehouse for analysis. The current infrastructure has
severe performance issues at peak loads due to insufficient compute capacity causing some of the data ingestion to
be dropped. The company wants to migrate the application to AWS. The solution must support its current analytics
tool that connects to the data warehouse with a Java Database Connectivity (JDBC) driver. The company requires a
resilient and cost-effective solution that will address the performance issues. Which solution will meet these
requirements?
A. Replatform the application.

Create an Application Load Balancer and an Amazon EC2 instance with Auto Scaling to host the application to ingest
and transform the data.
Create an Amazon RDS PostgreSQL Multi-AZ DB instance in a private subnet to store data.
Use Amazon QuickSight to generate reports and visualize data.
B. Replatform the application.
Use Amazon API Gateway to handle data ingestion.
Use AWS Lambda to transform the data.
Create an Amazon Aurora PostgreSQL DB cluster with an Aurora Replica in two private subnets to store data.
Use Amazon QuickSight to generate reports and visualize data.
C. Re-architect the application Load the data into Amazon S3.
Use AWS Glue to transform the data.
Store the table schema in an AWS Glue Data Catalog.
Use Amazon Athena to query the data.
D. Re-architect the application Load the data into Amazon S3.
Use Amazon EMR to transform the data.
Create an external schema in an AWS Glue Data Catalog.
Use Amazon Redshift Spectrum to query the data.
Answer: A
NEW QUESTION 762

A company wants to migrate an application to Amazon EC2 from VMware Infrastructure that runs in an on-premises
data center. A solutions architect must preserve the software and configuration settings during the migration. What
should the solutions architect do to meet these requirements?
A. Configure the AWS DataSync agent to start replicating the data store to Amazon FSx for Windows File Server.
Use the SMB share to host the VMware data store.
Use VM Import/Export to move the VMs to Amazon EC2.
B. Use the VMware vSphere client to export the application as an image in Open Visualization Format (OVF) format.
Create an Amazon S3 bucket to store the image in the destination AWS Region.
Create and apply an 1AM role for VM Import.
Use the AWS CLI to run the EC2 import command.
C. Configure AWS Storage Gateway for files service to export a Common Internet File System (CIFS) share.
Create a backup copy to the shared folder.
Sign in to the AWS Management Console and create an AMI from the backup copy.
Launch an EC2 instance that is based on the AMI.
D. Create a managed-instance activation for a hybrid environment in AWS Systems Manager.
Download and install Systems Manager Agent on the on-premises VM.
Register the VM with Systems Manager to be a managed instance.
Use AWS Backup to create a snapshot of the VM and create an AMI.
Launch an EC2 instance that is based on the AMI.
Answer: A
NEW QUESTION 763

A company hosts a photography website on AWS hat has global visitors. The website has experienced steady
increases in traffic during the last 12 months, and users have reported a delay in displaying images. The company
wants to configure Amazon CloudFront to deliver photos to visitors with minimal latency. Which actions will achieve
this goal? (Choose two.)
A. A Set the Minimum TTL and Maximum TTL to 0 in the CloudFront distribution.
B. Set the Minimum TTL and Maximum TTL to a high value in the CloudFront distribution.
C. Set the CloudFront distribution to forward all headers, all cookies, and all query strings to the origin.
D. Set up additional origin servers that are geographically closer to the requesters. Configure latency-based routing
in Amazon Route 53.
E. Select Price Class 100 on the CloudFront distribution.
Answer: AE
NEW QUESTION 764

A company that tracks medical devices in hospitals wants to migrate its existing storage solution to the AWS Cloud.
The company equips all of its devices with sensors that collect location and usage information. This sensor data is
sent in unpredictable patterns with large spikes. The data is stored in a MySQL database running on premises at
each hospital. The company wants the cloud storage solution to scale with usage. The company's analytics team
uses the sensor data to calculate usage by device type and hospital. The team needs to keep analysis tools running
locally while fetching data from the cloud. The team also needs to use existing Java application and SQL queries
with as few changes as possible. How should a solutions architect meet these requirements while ensuring the sensor
data is secure?
A. Store the data in an Amazon Aurora Serverless database.

Serve the data through a Network Load Balancer (NLB).
Authenticate users using the NLB with credentials stored in AWS Secrets Manager.
B. Store the data in an Amazon S3 bucket.
Serve the data through Amazon QuickSight using an IAM user authorized with AWS Identity and Access Management
(IAM) with the S3 bucket as the data source.
C. Store the data in an Amazon Aurora Serverless database.
Serve the data through the Aurora Data API using an IAM user authorized with AWS Identity and Access Management
(IAM) and the AWS Secrets Manager ARN.
D. Store the data in an Amazon S3 bucket.
Serve the data through Amazon Athena using AWS PrivateLink to secure the data in transit.
Answer: A
NEW QUESTION 765

A company built an application based on AWS Lambda deployed in an AWS Cloud Formation stack. The last
production release of the web application introduced an issue that resulted in an outage lasting several minutes. A
solutions architect must adjust the deployment process to support a canary release. Which solution will meet these
requirements?
A. Create an alias for every new deployed version of the Lambda function.
Use the AWS CLI update- alias command with the routing-config parameter to distribute the load.
B. Deploy the application into a new Cloud Format ion stack.
Use an Amazon Route 53 weighted routing policy to distribute the load.
C. Create a version (or every new deployed Lambda function.
Use the AWS CLI update-function- configuration command with the routing-config parameter to distribute the load.
D. Configure AWS CodeDeploy and use Code Deploy.
Default OneAtATime in the Deployment configuration to distribute the load.
Answer: D
NEW QUESTION 766

A company has many services running in its on-premises data center. The data center is connected to AWS using
AWS Direct Connect (DX) and an iPSec VPN. The service data is sensitive and connectivity cannot traverse the
internet. The company wants to expand into a new market segment and begin offering its services to other companies
that are using AWS. Which solution will meet these requirements?
A. Create a VPC Endpoint Service that accepts TCP traffic host it behind a Network Load Balancer and make the
service available over DX.
B. Create a VPC Endpoint Service that accepts HTTP or HTTPS traffic host It behind an Application Load Balancer
and make the service available over DX.
C. Attach an internet gateway to the VPC, and ensure that network access control and security group rules allow
the relevant inbound and outbound traffic.
D. Attach a NAT gateway to the VPC and ensure that network access control and security group rules allow the
rele ant inbound and outbound traffic.
Answer: A
NEW QUESTION 767

A company maintains a restaurant review website. The website is a single-page application where files are stored m
Amazon S3 and delivered using Amazon CloudFront. The company receives several fake postings every day that
are manually removed. The security team has identified that most of the fake posts are from Dots with IP addresses
that have a bad reputation within the same global region. The team needs to create a solution to help restrict the bots
from accessing the website. Which strategy should a solutions architect use?
A. Use AWS Firewall Manager to control the CloudFront distribution security settings.
Create a geographical block rule and associate it with Firewall Manager.
B. Associate an AWS WAF web ACL with the CloudFront distribution.
Select the managed Amazon IP reputation rule group for the web ACL with a deny action.
C. Use AWS Firewall Manager to control the CloudFront distribution security settings.
Select the managed Amazon IP reputation rule group and associate it with Firewall Manager with a deny action.
D. Associate an AWS WAF web ACL with the CloudFront distribution.
Create a rule group for the web ACL with a geographical match statement with a deny action.
Answer: B
NEW QUESTION 768

A company is building a sensor data collection pipeline in which thousands of sensors write data to an Amazon Simple
Queue Service (Amazon SQS) queue every minute. The queue is processed by an AWS Lambda function that
extracts a standard set of metrics from the sensor data. The company wants to send the data to Amazon CloudWatch.
The solution should allow lor viewing individual and aggregate sensor metrics and interactively querying the sensor
log data using CloudWatch Logs Insights. What is the MOST cost-effective solution that meets these requirements?
A. Write the processed data to CloudWatch Logs in the CloudWatch embedded metric format.
B. Write the processed data to CloudWatch Logs.
Then write the data to CloudWatch by using the PutMetricData API call.
C. Write the processed data to CloudWatch Logs in a structured format.
Create a CloudWatch metric filter to parse he logs and publish the metrics to CloudWatch with dimensions to uniquely
identify a sensor.
D. Configure the CloudWatch Logs agent for AWS Lambda Output the metrics for each sensor in stated format with
tags to uniquely identify a sensor.
Write the processed data to CloudWatch Logs.
Answer: C
NEW QUESTION 769

An education company Is running a web application used by college students around the world. The application runs
in an Amazon Elastic Container Service (Amazon ECS) cluster in an Auto Scaling group behind an Application Load
Balancer (ALB). A system administrator detects a weekly spike. In the number of failed login attempts which
overwhelm the application's authentication service. All the tailed login attempts originate from about 500 different IP
addresses that change each week. A solutions architect must prevent the tailed login attempts from overwhelming
the authentication service. Which solution meets these requirements with the MOST operational efficiency?
A. Use AWS Firewall Manager to create a security group and security group policy to deny access from the IP
addresses.
B. Create an AWS WAF web ACL with a rate-based rule and set the rule action to Block Connect the web ACL to
the ALB.
C. Use AWS Firewall Manager To create a security group and security group policy to allow access only to specific
CIDR ranges.
D. Create an AWS WAF web ACL with an IP set match rule, and set the rule action to Block Connect the web ACL
to the ALB.
Answer: B
NEW QUESTION 770

A company's site reliability engineer is performing a review of Amazon FSx for Windows File Server deployments
within an account that the company acquired. Company policy states that all Amazon FSx file systems must be
configured to be highly available across Availability Zones. During the review, the site reliability engineer discovers
that one of the Amazon FSx file systems used a deployment type of Single-AZ 2. A solutions architect needs to
minimize downtime while aligning this Amazon FSx file system with company policy. What should the solutions
architect do to meet these requirements?
A. Reconfigure the deployment type to Multi-AZ for this Amazon FSx file system.
B. Create a new Amazon FSx file system with a deployment type of Multi-AZ.
Use AWS DataSync to transfer data to the new Amazon FSx file system.
Point users to the new location.
C. Create a second Amazon FSx file system with a deployment type of Single-AZ 2.
Use AWS DataSync to keep the data in sync. Switch users to the second Amazon FSx file system in the event of
failure.
D. Use the AWS Management Console to take a backup of the Amazon FSx file system.
Create a new Amazon FSx file system with a deployment type of Multi-AZ.
Restore the backup to the new Amazon FSx file system.
Point users to the new location.
Answer: D
NEW QUESTION 771

A company has several applications running in an on-premises data center. The data center runs a mix of Windows
and Linux VMs managed by VMware vCenter. A solution architect needs to create a plan to migrate the application
to AWS. However, the solution architect discovers that the documentation for the applications is not up to date and
that there are no complete infrastructure diagrams. The company's developers lack time to discuss their applications
and current usage with the solutions architect. What should the solutions architect do the gather the required
information?
A. Deploy the AWS server migration service (AWS SMS) connector using the OVA image on the VMware cluster
to collect configuration data from the VMs.
B. Use the AWS Migration Portfolio Assessment (MPA) tool to connect to each of the VMs to collect the
configuration and utilization data.
C. Install the AWS Application Discovery Service on each of the VMs to collect the configuration and utilization data.
D. Register the on-premises VMs with the AWS Migration Hub to collect configuration and utilization data.
Answer: A
NEW QUESTION 772

A company wants to use Amazon WorkSpaces in combination with the client devices to replace aging desktops.
Employees use the desktops to access applications that work with clinical trial data. Corporate security policy states
that access to the applications must be restricted to only company branch office locations. The company is
considering adding an additional branch in the next 6 months. Which solution meets these requirements with the
Most operational efficiency?
A. Create an IP access control group rule with the list of public addresses from the branch offices.
Associate the IPaccess control group with the WorkSpaces directory.
B. Use AWS Firewall Manager to create a web ACL rule with an IPSET with the list of public addresses from the
branch office locations.
Associate the web ACL with the WorkSpaces directory.
C. USE AWS Certificate Manager (ACM) to issue trusted device certificates to the machine deployed in the branch
office locations.
Enable restricted access on the WorkSpaces directory.
D. Create a custom WorkSpaces image with Windows Firewall configured to restrict configured access to the public
address of the branch offices.
Use the image to deploy the Workspace.
Answer: C
NEW QUESTION 773

A company has multiple business units. Each business unit has i s own AWS account and runs a single website within
that account. The company also has a single logging account Logs from each business unit website are aggregated
into a single Amazon 53 bucket in the logging account. The S3 bucket policy provides each business unit with access
to write data into the bucket and requires data lo be encrypted. The company needs to encrypt togs uploaded into
the bucket using a single AWS Key Management Service (AWS KMS) CMK. The CMK that protects the data must
be rotated once every 365 days. Which strategy is the MOST operationally efficient for the company to use to meet
these requirements?
A. Create a customer managed CMK in the logging account.

Update the CMK key policy to provide access to the logging account only. Manually rotate the CMK every 355 days.
B. Create a customer managed CMK in the logging account.
Update the CMK key policy to provide access to the logging account and business unit accounts Enable automatic
rotation of the CMK.
C. Use an AWS managed CMK in the logging account.
Update the CMK key policy to provide access to the logging account and business unit accounts Manually rotate the
CMK every 365 days.
D. Use an AWS managed CMK in the logging account.
Update the CMK key policy to provide access to the logging account only Enable automatic rotation of the CMK.
Answer: C
NEW QUESTION 774

A new application is running on Amazon Elastic Container Service (Amazon ECS) with AWS Fargate. The application
uses an Amazon Aurora MySQL database. The application and the database run in the same subnets of a VPC with
distinct security groups that are configured. The password for the database is stored in AWS Secrets Manager and
is passed to the application through the DB_PASSWORD environment variable. The hostname of the database is
passed to the application through the DB_HOST environment variable. The application is failing to access the
database. Which combination of actions should a solutions architect take to resolve this error? (Choose three.)
A. Ensure that the container has the environment variable with name "DB_PASSWORD" specified with a
"ValueFrom" and the ARN of the secret.
B. Ensure that the container has the environment variable with name "DB_PASSWORD" specified with a
"ValueFrom" and the secret name of the secret.
C. Ensure that the Fargate service security group allows inbound network traffic from the Aurora MySQL database
on the MySQL TCP port 3306.
D. Ensure that the Aurora MySQL database security group allows inbound network traffic from the Fargate service
on the MySQL TCP port 3306.
E. Ensure that the container has the environment variable with name "DB_HOST" specified with the hostname of
a DB instance endpoint.
F. Ensure that the container has the environment variable with name "DB_HOST" specified with the hostname of
the DB cluster endpoint.
Answer: BCE
NEW QUESTION 775
A company has a media metadata extraction pipeline running on AWS. Notifications containing a reference to a file
m Amazon S3 are sent to an Amazon Simple Notification Service (Amazon SNS) topic. The pipeline consists of a
number of AWS Lambda functions that are subscribed to the SNS topic. The Lambda functions extract the S3 file
and write metadata to an Amazon RDS PostgreSQL DB instance. Users report that updates to the metadata are
sometimes slow to appear 01 are lost. During these times, the CPU utilization on the database is high and the number
of failed Lambda invocations increases. Which combination of actions should a solutions architect take to help resolve
this issue? (Choose two.)
A. Enable message delivery status on the SNS topic.

Configure the SNS top delivery policy to enable retries with exponential backoff.
B. Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue and subscribe the queue to the SNS
topic.
Configure the Lambda functions to consume messages from the SQS queue.
C. Create an RDS proxy tor the RDS instance.
Update the Lambda functions to connect to the RDS instance using the proxy.
D. Enable the RDS Data API for the RDS instance.
Update the Lambda functions to connect to the RDS instance using the Data API.
E. Create an Amazon Simple Queue Service (Amazon SQS) standard queue for each Lambda function and
subscribe the queues to the SNS topic.
Configure the Lambda functions to consume messages from their respective SQS queue.
Answer: CE
NEW QUESTION 776

A company is planning to host a three-tier application in the AWS Cloud. The application layer will use Amazon EC2
in an Auto Scaling group. A custom EC2 role named AppServer will be created and associated with the application
instances. The entire application stack will be deployed using AWS Cloud Formation. The company's security team
requires encryption of all AMI snapshots and Amazon Plastic Block Store (Amazon TBS) volumes with an AWS Key
Management Service (AWS KMS) CMK. Which action will deploy the stack correctly after the AMI snapshot is
encrypted with the KMS key?
A. Update the KMS key policy to provide the required permissions to the AppServer role.
B. Update the KMS key policy to provide the required permissions to the AWSServiceRoleForAutoScaling service-
linked role.
C. Update the AppServer role to have the required permissions to access the KMS key.
D. Update the CloudFormation stack role to have the required permissions to access the KMS key.
Answer: D
NEW QUESTION 777

A company is running an Apache Hadoop cluster on Amazon EC2 instances. The Hadoop cluster stores
approximately 100 TB of data for weekly operational reports and allows occasional access for data scientists to
retrieve data. The company needs to reduce the cost and operational complexity for strong and serving this data.
Which solution meets these requirements in the MOST cost-effective manner?
A. Move the Hadoop cluster from EC2 instances to Amazon EMR.

Allow data access patterns to remain the same.
B. Write a script resizes the EC2 instances to a smaller instance type during downtime and resizes the instances
to a larger instance type the report are created.
C. Move the data to Amazon S3 and use Amazon Athena to query the data for reports.
Allow the data scientists to access the data directly in Amazon S3.
D. Migrate the data in Amazon DynamoDB and modify the reports to fetch data from DynamoDB.
Allow the data scientists to access the data directly in DynamoDB.
Answer: A
NEW QUESTION 778
A government agency is building a forms submission portal using AWS to allow citizen to submit and retrieve sensitive
documents. The solution was built using serverless architecture, with the front-end code developed using HTML and
JavaScript and the backend architecture using Amazon API Gateway and Amazon S3. The portal must meet the
following security requirements:
- Requests to the backend infrastructure should be allowed only if they originate from a specific country.
- Requests to the backend infrastructure should prevent brute attacks from individual IP addresses by not allowing
more than 3000 requests per minutes for 10 requests per seconds for each IP address.
- All access attempts to the backend infrastructure must be logged.
Which steps should a solution architect take to meet these requirements? (Choose two.)
A. Configure the API Gateway API with a custom rule condition that allow APIs to be called from the authorized
country only.
Then enable default method throttling, setting the rate limit in 10 requests per seconds.
B. Create an AWS WAP web ACL with a custom condition that allows access attempts from the authorized country
only, and a rate-based rule with a rate-based rule with rate limit 3000 requests per 5 minutes.
Then associate the web ACL with the API Gateway API.
C. ConfigureAmazon Cloud with a geographical restriction that allows access attempts from the authorized country
only, and a rate-based rule with a rate limit of 3000 requests per 5 minutes.
Then Add the API Gateway API as a custom origin.
D. Configure the AWS WAF web ACL to log to an Amazon Kinesis Data Firehose delivery with Amazon
Elasticsearch Service (Amazon ES) as the destination.
Configure API Gateway to log to an Amazon CloudWatch Logs group.
E. Configure the AWS WAF web ACL to an Amazon CloudWatch Logs group.
Configure API Gateway to log to an Amazon Cloudwatch Logs group.
Answer: BE
NEW QUESTION 779

A company uses multiple AWS accounts in a single AWS Region. A solution architect is designing a solution to
consolidate logs generated by Elastic Load Balancers (ELBs) in the AppDev, AppTest and AppProd accounts. The
logs should be stored in an existing Amazon S3 bucket named s3-eib-logs in the central AWS accounts. The central
account is used for log consolidation only does not have ELBs deployed. ELB logs must be encrypted at rest. Which
combination of steps should the solutions architect take to build the solution? (Choose two.)
A. Update the S3 bucket policy for s3-elb-logs bucket to allow the s3 PutBucketLogging action for the central AWS
account ID.
B. Update the S3 bucket policy for s3-elb-logs bucket to allow the s3 PutObject and s3 DeleteObject actions for
the AppDev, App Test and AppProd account IDs.
C. Update the S3 bucket policy for the s3-elb-logs bucket to allow the s3:PutObject action for the AppDev.
AppTest and AppProd account IDs.
D. Enable access logging for the ELBs.
Set the S3 location to the s3-elb-logs bucket.
E. Enable Amazon S3 default encryption using server-side encryption with s3 managed encryption keys (SSE-S3)
for the s3-elb-logs s3 bucket.
Answer: AE
NEW QUESTION 780

A company is collecting a large amount of data from a fleet of IoT devices. Data is stored as Optimized ROW
Columnar (ORC) files in the Hadoop Distributed File System (HDFS) on a persistent Amazon EMR cluster. The
company's data analytics team queries the data by using SQL in APache Presto deployed on the same EMR cluster.
Queries scan large amounts of data, always run for less 15 minutes, and run only between 5 PM and 10 PM. The
company is concerned about the high cost associated with the current solution. A solution architect must propose the
most cost-effective solution that will allow SQL data queries. Which solution will meet these requirements?
A. Store data in Amazon S3 Amazon Redshift Spectrum to query data.
B. Store data in Amazon S3.
Use the AWS Glue Data Catalog and Amazon Athena to query data.
C. Store data in EMR File System (EMRFS).
Use Presto in Amazon EMR to query data.
D. Store data in Amazon Redshift.
Use Amazon Redshift to query data.
Answer: D
NEW QUESTION 781

......
Visit PassLeader and Download Full Version SAP-C01 Exam Dumps

(Dec-2020) AWS Certified Solutions Architect - Professional (SAP-C01) Exam Dumps

Uploaded by

Copyright:

Available Formats

(Dec-2020) AWS Certified Solutions Architect - Professional (SAP-C01) Exam Dumps

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

(Dec-2020) AWS Certified Solutions Architect - Professional (SAP-C01) Exam Dumps

Uploaded by

Copyright:

Available Formats

New VCE and PDF Exam Dumps from PassLeader

➢ Exam Code: SAP-C01

➢ Exam Name: AWS Certified Solutions Architect - Professional

➢ New Questions (Dec/2020)

Visit PassLeader and Download Full Version SAP-C01 Exam Dumps

NEW QUESTION 751

A. Deploy an Amazon ElastiCache cluster in front of the DynamoDB table.

NEW QUESTION 752

NEW QUESTION 753

NEW QUESTION 754

NEW QUESTION 755

NEW QUESTION 756

A. Create a transit gateway in the infrastructure account.

NEW QUESTION 757

A. Suspend the Auto Scaling group's HealthCheck scaling process.

NEW QUESTION 758

NEW QUESTION 759

A. Migrate the backend services to AWS Lambda.

NEW QUESTION 760

NEW QUESTION 761

A. Replatform the application.

NEW QUESTION 762

NEW QUESTION 763

NEW QUESTION 764

A. Store the data in an Amazon Aurora Serverless database.

NEW QUESTION 765

NEW QUESTION 766

NEW QUESTION 767

NEW QUESTION 768

NEW QUESTION 769

NEW QUESTION 770

NEW QUESTION 771

NEW QUESTION 772

NEW QUESTION 773

A. Create a customer managed CMK in the logging account.

NEW QUESTION 774

NEW QUESTION 775

A. Enable message delivery status on the SNS topic.

NEW QUESTION 776

NEW QUESTION 777

A. Move the Hadoop cluster from EC2 instances to Amazon EMR.

NEW QUESTION 779

NEW QUESTION 780

NEW QUESTION 781

Visit PassLeader and Download Full Version SAP-C01 Exam Dumps

You might also like