aws SAP-C01 practice test

Welcome to your aws SAP-C01 practice test


You\\’ve been brought in as solutions architect to assist an enterprise customer with their migration of an e-commerce
platform to Amazon Virtual Private Cloud (VPC) The previous architect has already deployed a 3-tier VPC.
The configuration is as follows: VPC: vpc-2f8bc447 IGW: igw-2d8bc445 NACL: ad-208bc448 Subnets and Route
Tables: Web servers: subnet-258bc44d Application servers: subnet-248bc44c Database servers: subnet-9189c6f9
Route Tables: rrb-218bc449 rtb-238bc44b Associations: subnet-258bc44d : rtb-218bc449 subnet-248bc44c :
rtb-238bc44b subnet-9189c6f9 : rtb-238bc44b
You are now ready to begin deploying EC2 instances into the VPC Web servers must have direct access to the internet
Application and database servers cannot have direct access to the internet.
Which configuration below will allow you the ability to remotely administer your application and database servers, as
well as allow these servers to retrieve updates from the Internet?


A user has created a MySQL RDS instance with PIOPS. Which of the below mentioned statements will help the user understand the advantage of PIOPS?


A company manages more than 200 separate internet-facing web applications. All of the applications are deployed to
AWS in a single AWS Region. The fully qualified domain names (FQDNs) of all of the applications are made available
through HTTPS using Application Load Balancers (ALBs). The ALBs are configured to use public SSL/TLS certificates.
A Solutions Architect needs to migrate the web applications to a multi-region architecture. All HTTPS services should
continue to work without interruption.
Which approach meets these requirements?


A large company with hundreds of AWS accounts has a newly established centralized internal process for purchasing
new or modifying existing Reserved Instances. This process requires all business units that want to purchase or modify
Reserved Instances to submit requests to a dedicated team for procurement or execution. Previously, business units
would directly purchase or modify Reserved Instances in their own respective AWS accounts autonomously.
Which combination of steps should be taken to proactively enforce the new process in the MOST secure way possible?
(Choose two.)


A Solutions Architect must establish a patching plan for a large mixed fleet of Windows and Linux servers. The patching plan must be implemented securely, be audit-ready, and comply with the company\\’s business requirements.
Which option will meet these requirements with MINIMAL effort?


An AWS customer is deploying an application mat is composed of an AutoScaling group of EC2 Instances.
The customer’s security policy requires that every outbound connection from these instances to any other service within
the customer’s Virtual Private Cloud must be authenticated using a unique x 509 certificate that contains the specific
In addition, an x 509 certificates must be Designed by the customer\\’s Key management service in order to be trusted for
Which of the following configurations will support these requirements?


A company is migrating its on-premises systems to AWS. The user environment consists of the following systems:
Windows and Linux virtual machines running on VMware.
Physical servers running Red Hat Enterprise Linux.
The company wants to be able to perform the following steps before migrating to AWS:
Identify dependencies between on-premises systems.
Group systems together into applications to build migration plans.
Review performance data using Amazon Athena to ensure that Amazon EC2 instances are right-sized.
How can these requirements be met?


A web company is looking to implement an intrusion detection and prevention system into its deployed VPC. This platform should have the ability to scale to thousands of instances running inside of the VPC.
How should they architect their solution to achieve these goals?


A 3-Ber e-commerce web application is currently deployed on-premises and will be migrated to AWS for greater
scalability and elasticity. The web tier currently shares read-only data using a network distributed file system. The app
server tier uses a clustering mechanism for discovery and shared session state that depends on IP multicast. The
database tier uses shared-storage clustering to provide database failover capability and uses several read slaves for
scaling. Data on all servers and the distributed file system directory is backed up weekly to off-site tapes.
Which AWS storage and database architecture meets the requirements of the application?


After setting an AWS Direct Connect, which of the following cannot be done with an AWS Direct Connect Virtual


You want to use Amazon Redshift and you are planning to deploy dw1.8xlarge nodes. What is the minimum amount of
nodes that you need to deploy with this kind of configuration?


Which of the following is true of an instance profile when an IAM role is created using the console?


A healthcare company runs a production workload on AWS that stores highly sensitive personal information. The
security team mandates that, for auditing purposes, any AWS API action using AWS account root user credentials must
automatically create a high-priority ticket in the company\\’s ticketing system. The ticketing system has a monthly 3-hour
maintenance window when no tickets can be created.
To meet security requirements, the company enabled AWS CloudTrail logs and wrote a scheduled AWS Lambda
function that uses Amazon Athena to query API actions performed by the root user. The Lambda function submits any
actions found to the ticketing system API. During a recent security audit, the security team discovered that several
tickets were not created because the ticketing system was unavailable due to planned maintenance.
Which combination of steps should a solutions architect take to ensure that the incidents are reported to the ticketing
system even during planned maintenance? (Choose two.)