SAP-C02 Free Practice Test

- (Exam Topic 2)
A company is storing sensitive data in an Amazon S3 bucket. The company must log all activities for objects in the S3 bucket and must keep the logs for 5 years. The company's security team also must receive an email notification every time there is an attempt to delete data in the S3 bucket.
Which combination of steps will meet these requirements MOST cost-effectively? (Select THREE.)

1. A. Configure AWS CloudTrail to log S3 data events.
2. B. Configure S3 server access logging for the S3 bucket.
3. C. Configure Amazon S3 to send object deletion events to Amazon Simple Email Service (Amazon SES).
4. D. Configure Amazon S3 to send object deletion events to an Amazon EventBridge event bus that publishes to an Amazon Simple Notification Service (Amazon SNS) topic.
5. E. Configure Amazon S3 to send the logs to Amazon Timestream with data storage tiering.
6. F. Configure a new S3 bucket to store the logs with an S3 Lifecycle policy.

Correct Answer: ADF
Configuring AWS CloudTrail to log S3 data events will enable logging all activities for objects in the S3 bucket1. Data events are object-level API operations such as GetObject, DeleteObject, and PutObject1. Configuring Amazon S3 to send object deletion events to an Amazon EventBridge event bus that publishes to an Amazon Simple Notification Service (Amazon SNS) topic will enable sending email notifications every time there is an attempt to delete data in the S3 bucket2. EventBridge can route events from S3 to SNS, which can send emails to subscribers2. Configuring a new S3 bucket to store the logs with an S3 Lifecycle policy will enable keeping the logs for 5 years in a cost-effective way3. A lifecycle policy can transition the logs to a cheaper storage class such as Glacier or delete them after a specified period of time3.

- (Exam Topic 1)
A large company is running a popular web application. The application runs on several Amazon EC2 Linux Instances in an Auto Scaling group in a private subnet. An Application Load Balancer is targeting the Instances In the Auto Scaling group in the private subnet. AWS Systems Manager Session Manager Is configured, and AWS Systems Manager Agent is running on all the EC2 instances.
The company recently released a new version of the application Some EC2 instances are now being marked as unhealthy and are being terminated As a result, the application is running at reduced capacity A solutions architect tries to determine the root cause by analyzing Amazon CloudWatch logs that are collected from the application, but the logs are inconclusive
How should the solutions architect gain access to an EC2 instance to troubleshoot the issue1?

1. A. Suspend the Auto Scaling group's HealthCheck scaling proces
2. B. Use Session Manager to log in to an instance that is marked as unhealthy
3. C. Enable EC2 instance termination protection Use Session Manager to log In to an instance that is marked as unhealthy.
4. D. Set the termination policy to Oldestinstance on the Auto Scaling grou
5. E. Use Session Manager to log in to an instance that is marked as unhealthy
6. F. Suspend the Auto Scaling group's Terminate proces
7. G. Use Session Manager to log in to an instance thatis marked as unhealthy

Correct Answer: D
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html

- (Exam Topic 3)
A company is planning to migrate its on-premises VMware cluster of 120 VMS to AWS. The VMS have many different operating systems and many custom software packages installed. The company also has an on-premises NFS server that is 10 TB in size. The company has set up a 10 GbpsAWS Direct Connect connection to AWS for the migration
Which solution will complete the migration to AWS in the LEAST amount of time?

1. A. Export the on-premises VMS and copy them to an Amazon S3 bucke
2. B. Use VM Import/Export to create AMIS from the VM images that are stored in Amazon S3. Order an AWS Snowball Edge devic
3. C. Copy the NFS server data to the devic
4. D. Restore the NFS server data to an Amazon EC2 instance that has NFS configured.
5. E. Configure AWS Application Migration Service with a connection to the VMware cluste
6. F. Create a replication job for the VM
7. G. Create an Amazon Elastic File System (Amazon EFS) file syste
8. H. Configure AWS DataSync to copy the NFS server data to the EFS file system over the Direct Connect connection.
9. I. Recreate the VMS on AWS as Amazon EC2 instance
10. J. Install all the required software package
11. K. Create an Amazon FSx for Lustre file syste
12. L. Configure AWS DataSync to copy the NFS server data to the FSx for Lustre file system over the Direct Connect connection.
13. M. Order two AWS Snowball Edge device
14. N. Copy the VMS and the NFS server data to the device
15. O. Run VM Import/Export after the data from the devices is loaded to an Amazon S3 bucke
16. P. Create an Amazon Elastic File System (Amazon EFS) file syste
17. Q. Copy the NFS server data from Amazon S3 to the EFS file system.

Correct Answer: B
This option will complete the migration to AWS in the least amount of time because it uses two AWS services that are designed to simplify and accelerate data transfers and migrations. AWS Application Migration Service (AWS MGN) is a highly automated lift-and-shift solution that helps you migrate applications from any source infrastructure that runs supported operating systems to AWS1. It replicates your source servers into your AWS account and automatically converts and launches them on AWS so you can quickly benefit from the cloud1. You can use AWS MGN to migrate your on-premises VMware VMs to AWS by configuring a connection to your VMware cluster and creating a replication job for the VMs2. This process will minimize the time-intensive, error-prone manual processes of exporting and importing VM images.
AWS DataSync is an online data movement and discovery service that simplifies and accelerates data migrations to AWS and helps you move data quickly and securely between on-premises storage, edge locations, other cloud providers, and AWS Storage3. It can transfer data between Network File System (NFS) shares, Server Message Block (SMB) shares, Hadoop Distributed File Systems (HDFS), self-managed object storage, AWS Snowcone, Amazon Simple Storage Service (Amazon S3) buckets, Amazon Elastic File System (Amazon EFS) file systems, Amazon FSx for Windows File Server file systems, Amazon FSx for Lustre file systems, Amazon FSx for OpenZFS file systems, and Amazon FSx for NetApp ONTAP file systems3. You can use AWS DataSync to copy your on-premises NFS server data to an Amazon EFS file system over the Direct Connect connection4. This process will leverage the high bandwidth and low latency of Direct Connect and the encryption and data integrity validation of DataSync.

- (Exam Topic 1)
A company's solutions architect is reviewing a web application that runs on AWS. The application references static assets in an Amazon S3 bucket in the us-east-1 Region. The company needs resiliency across multiple AWS Regions. The company already has created an S3 bucket in a second Region.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Configure the application to write each object to both S3 bucket
2. B. Set up an Amazon Route 53 public hosted zone with a record set by using a weighted routing policy for each S3 bucke
3. C. Configure the application to reference the objects by using the Route 53 DNS name.
4. D. Create an AWS Lambda function to copy objects from the S3 bucket in us-east-1 to the S3 bucket in the second Regio
5. E. Invoke the Lambda function each time an object is written to the S3 bucket in us-east-1. Set up an Amazon CloudFront distribution with an origin group that contains the two S3 buckets as origins.
6. F. Configure replication on the S3 bucket in us-east-1 to replicate objects to the S3 bucket in the second Region Set up an Amazon CloudFront distribution with an origin group that contains the two S3 buckets as origins.
7. G. Configure replication on the S3 bucket in us-east-1 to replicate objects to the S3 bucket in the second Regio
8. H. If failover is required, update the application code to load S3 objects from the S3 bucket in the second Region.

Correct Answer: C
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html

- (Exam Topic 1)
A finance company hosts a data lake in Amazon S3. The company receives financial data records over SFTP each night from several third parties. The company runs its own SFTP server on an Amazon EC2 instance in a public subnet of a VPC. After the files ate uploaded, they are moved to the data lake by a cron job that runs on the same instance. The SFTP server is reachable on DNS sftp.examWe.com through the use of Amazon Route 53.
What should a solutions architect do to improve the reliability and scalability of the SFTP solution?

1. A. Move the EC2 instance into an Auto Scaling grou
2. B. Place the EC2 instance behind an Application Load Balancer (ALB). Update the DNS record sftp.example.com in Route 53 to point to the ALB.
3. C. Migrate the SFTP server to AWS Transfer for SFT
4. D. Update the DNS record sftp.example.com in Route 53 to point to the server endpoint hostname.
5. E. Migrate the SFTP server to a file gateway in AWS Storage Gatewa
6. F. Update the DNS record sflp.example.com in Route 53 to point to the file gateway endpoint.
7. G. Place the EC2 instance behind a Network Load Balancer (NLB). Update the DNS record sftp.example.com in Route 53 to point to the NLB.

Correct Answer: B
https://aws.amazon.com/aws-transfer-family/faqs/ https://docs.aws.amazon.com/transfer/latest/userguide/what-is-aws-transfer-family.html
https://aws.amazon.com/about-aws/whats-new/2018/11/aws-transfer-for-sftp-fully-managed-sftp-for-s3/?nc1=h_