Exam Logo

Amazon (SAP-C01) Exam Questions And Answers page 27

A company that runs applications on AWS recently subscribed to a new software-as-a-service (SaaS) data vendor. The vendor provides the data by way of a REST API that the vendor hosts in its AWS environment. The vendor offers multiple options for connectivity to the API and is working with the company to find the best way to connect.

The company s AWS account does not allow outbound internet access from its AWS environment. The vendor s services run on AWS in the same Region as the company s applications.

A solutions architect must implement connectivity to the vendor s API so that the API is highly available in the company s VPC.

Which solution will meet these requirements?
Designing highly available, cost-efficient, fault-tolerant, scalable systems Designing for security and compliance
A company that tracks medical devices in hospitals wants to migrate its existing storage solution to the AWS Cloud. The company equips all of its devices with sensors that collect location and usage information. This sensor data is sent in unpredictable patterns with large spikes. The data is stored in a MySQL database running on premises at each hospital. The company wants the cloud storage solution to scale with usage.

The company s analytics team uses the sensor data to calculate usage by device type and hospital. The team needs to keep analysis tools running locally while fetching data from the cloud. The team also needs to use existing Java application and SQL queries with as few changes as possible.

How should a solutions architect meet these requirements while ensuring the sensor data is secure?
Designing enterprise-wide scalable operations on AWS Designing for security and compliance
A company used Amazon EC2 instances to deploy a web fleet to host a blog site. The EC2 instances are behind an Application Load Balancer (ALB) and are configured in an Auto Scaling group. The web application stores all blog content on an Amazon EFS volume.

The company recently added a feature for bloggers to add video to their posts, attracting 10 times the previous user traffic. At peak times of day, users report buffering and timeout issues while attempting to reach the site or watch videos.

Which is the MOST cost-efficient and scalable deployment that will resolve the issues for users?
Designing highly available, cost-efficient, fault-tolerant, scalable systems Designing enterprise-wide scalable operations on AWS
A company uses Amazon S3 to host a web application. Currently, the company uses a continuous integration tool running on an Amazon EC2 instance that builds and deploys the application by uploading it to an S3 bucket. A Solutions Architect needs to enhance the security of the company s platform with the following requirements:

• A build process should be run in a separate account from the account hosting the web application.
• A build process should have minimal access in the account it operates in.
• Long-lived credentials should not be used.

As a start, the Development team created two AWS accounts: one for the application named web account process; other is a named build account.

Which solution should the Solutions Architect use to meet the security requirements?
Designing for security and compliance
A company uses Amazon S3 to store documents that may only be accessible to an Amazon EC2 instance in a certain virtual private cloud (VPC). The company fears that a malicious insider with access to this instance could also set up an EC2 instance in another VPC to access these documents.

Which of the following solutions will provide the required protection?
Designing for security and compliance
A company uses an Amazon EMR cluster to process data once a day. The raw data comes from Amazon S3, and the resulting processed data is also stored in Amazon S3. The processing must complete within 4 hours; currently, it only takes 3 hours. However, the processing time is taking 5 to 10 minutes longer each week due to an increasing volume of raw data.

The team is also concerned about rising costs as the compute capacity increases. The EMR cluster is currently running on three m3.xlarge instances (one master and two core nodes).

Which of the following solutions will reduce costs related to the increasing compute needs?
Implementing cost control strategies
A company uses AWS Organizations. The company has an organization that has a central management account. The company plans to provision multiple AWS accounts for different departments. All department accounts must be a member of the company s organization.

Compliance requirements state that each account must have only one VPC. Additionally, each VPC must have an identical network security configuration that includes fully configured subnets, gateways, network ACLs, and security groups.

The company wants this security setup to be automatically applied when a new department account is created. The company wants to use the central management account for all security operations, but the central management account should not have the security setup.

Which approach meets these requirements with the LEAST amount of setup?
Designing for security and compliance
A company uses AWS Organizations to manage one parent account and nine member accounts. The number of member accounts is expected to grow as the business grows. A security engineer has requested consolidation of AWS CloudTrail logs into the parent account for compliance purposes. Existing logs currently stored in Amazon S3 buckets in each individual member account should not be lost. Future member accounts should comply with the logging strategy.

Which operationally efficient solution meets these requirements?
Designing highly available, cost-efficient, fault-tolerant, scalable systems Designing for security and compliance
A company uses AWS Organizations with a single OU named Production to manage multiple accounts. All accounts are members of the Production OU. Administrators use deny list SCPs in the root of the organization to manage access to restricted services.

The company recently acquired a new business unit and invited the new unit s existing AWS account to the organization. Once onboarded, the administrators of the new business unit discovered that they are not able to update existing AWS Config rules to meet the company s policies.

Which option will allow administrators to make changes and continue to enforce the current policies without introducing additional long-term maintenance?
Designing highly available, cost-efficient, fault-tolerant, scalable systems Designing for security and compliance
A company wants to allow its Marketing team to perform SQL queries on customer records to identify market segments. The data is spread across hundreds of files. The records must be encrypted in transit and at rest. The Team Manager must have the ability to manage users and groups, but no team members should have access to services or resources not required for the SQL queries. Additionally, Administrators need to audit the queries made and receive notifications when a query violates rules defined by the Security team.

AWS Organizations has been used to create a new account and an AWS IAM user with administrator permissions for the Team Manager.

Which design meets these requirements?
Designing for security and compliance