SAP-C02 Free Practice Test

- (Exam Topic 2)
A company hosts a blog post application on AWS using Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. The application currently does not use API keys to authorize requests. The API model is as follows: GET/posts/[postid] to get post details GET/users[userid] to get user details GET/comments/[commentid] to get comments details
The company has noticed users are actively discussing topics in the comments section, and the company wants to increase user engagement by marking the comments appears in real time.
Which design should be used to reduce comment latency and improve user experience?

1. A. Use edge-optimized API with Amazon CloudFront to cache API responses.
2. B. Modify the blog application code to request GET comment[commented] every 10 seconds.
3. C. Use AWS AppSync and leverage WebSockets to deliver comments.
4. D. Change the concurrency limit of the Lambda functions to lower the API response time.

Correct Answer: C
https://docs.aws.amazon.com/appsync/latest/devguide/graphql-overview.html
AWS AppSync is a fully managed GraphQL service that allows applications to securely access, manipulate, and receive data as well as real-time updates from multiple data sources1. AWS AppSync supports GraphQL subscriptions to perform real-time operations and can push data to clients that choose to listen to specific events from the backend1. AWS AppSync uses WebSockets to establish and maintain a secure connection between the clients and the API endpoint2. Therefore, using AWS AppSync and leveraging WebSockets is a suitable design to reduce comment latency and improve user experience.

- (Exam Topic 1)
A company is hosting a monolithic REST-based API for a mobile app on five Amazon EC2 instances in public subnets of a VPC. Mobile clients connect to the API by using a domain name that is hosted on Amazon Route 53. The company has created a Route 53 multivalue answer routing policy with the IP addresses of all the EC2 instances. Recently, the app has been overwhelmed by large and sudden increases to traffic. The app has not been able to keep up with the traffic.
A solutions architect needs to implement a solution so that the app can handle the new and varying load. Which solution will meet these requirements with the LEAST operational overhead?

1. A. Separate the API into individual AWS Lambda function
2. B. Configure an Amazon API Gateway REST API with Lambda integration for the backen
3. C. Update the Route 53 record to point to the API Gateway API.
4. D. Containerize the API logi
5. E. Create an Amazon Elastic Kubernetes Service (Amazon EKS) cluste
6. F. Run the containers in the cluster by using Amazon EC2. Create a Kubernetes ingres
7. G. Update the Route 53 record to point to the Kubernetes ingress.
8. H. Create an Auto Scaling grou
9. I. Place all the EC2 instances in the Auto Scaling grou
10. J. Configure the Auto Scaling group to perform scaling actions that are based on CPU utilizatio
11. K. Create an AWS Lambda function that reacts to Auto Scaling group changes and updates the Route 53 record.
12. L. Create an Application Load Balancer (ALB) in front of the AP
13. M. Move the EC2 instances to private subnets in the VP
14. N. Add the EC2 instances as targets for the AL
15. O. Update the Route 53 record to point to the ALB.

Correct Answer: D
By breaking down the monolithic API into individual Lambda functions and using API Gateway to handle the incoming requests, the solution can automatically scale to handle the new and varying load without the need for manual scaling actions. Additionally, this option will automatically handle the traffic without the need of having EC2 instances running all the time and only pay for the number of requests and the duration of the execution of the Lambda function.
By updating the Route 53 record to point to the API Gateway, the solution can handle the traffic and also it will direct the traffic to the correct endpoint.

- (Exam Topic 1)
A company is running an application on several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The load on the application varies throughout the day, and EC2 instances are scaled in and out on a regular basis. Log files from the EC2 instances are copied to a central Amazon S3 bucket every 15 minutes. The security team discovers that log files are missing from some of the terminated EC2 instances.
Which set of actions will ensure that log files are copied to the central S3 bucket from the terminated EC2 instances?

1. A. Create a script to copy log files to Amazon S3, and store the script in a file on the EC2 instanc
2. B. Create an Auto Scaling lifecycle hook and an Amazon EventBridge (Amazon CloudWatch Events) rule to detect lifecycle events from the Auto Scaling grou
3. C. Invoke an AWS Lambda function on the autoscaling:EC2_INSTANCE_TERMINATING transition to send ABANDON to the Auto Scaling group to prevent termination, run the script to copy the log files, and terminate the instance using the AWS SDK.
4. D. Create an AWS Systems Manager document with a script to copy log files to Amazon S3. Create an Auto Scaling lifecycle hook and an Amazon EventBridge (Amazon CloudWatch Events) rule to detect lifecycle events from the Auto Scaling grou
5. E. Invoke an AWS Lambda function on the autoscaling:EC2_INSTANCE_TERMINATING transition to call the AWS Systems Manager API SendCommand operation to run the document to copy the log files and send CONTINUE to the Auto Scaling group to terminate the instance.
6. F. Change the log delivery rate to every 5 minute
7. G. Create a script to copy log files to Amazon S3, and add the script to EC2 instance user dat
8. H. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to detect EC2 instance terminatio
9. I. Invoke an AWS Lambda function from the EventBridge (CloudWatch Events) rule that uses the AWS CLI to run the user-data script to copy the log files and terminate the instance.
10. J. Create an AWS Systems Manager document with a script to copy log files to Amazon S3. Create an Auto Scaling lifecycle hook that publishes a message to an Amazon Simple Notification Service (Amazon SNS) topi
11. K. From the SNS notification, call the AWS Systems Manager API SendCommand operation to run the document to copy the log files and send ABANDON to the Auto Scaling group to terminate the instance.

Correct Answer: B
https://docs.aws.amazon.com/autoscaling/ec2/userguide/adding-lifecycle-hooks.html
- Refer to Default Result section - If the instance is terminating, both abandon and continue allow the instance to terminate. However, abandon stops any remaining actions, such as other lifecycle hooks, and continue allows any other lifecycle hooks to complete.
https://aws.amazon.com/blogs/infrastructure-and-automation/run-code-before-terminating-an-ec2-auto-scaling-i https://github.com/aws-samples/aws-lambda-lifecycle-hooks-function
https://github.com/aws-samples/aws-lambda-lifecycle-hooks-function/blob/master/cloudformation/template.yam

- (Exam Topic 2)
A company is running an application that uses an Amazon ElastiCache for Redis cluster as a caching layer A recent security audit revealed that the company has configured encryption at rest for ElastiCache However the company did not configure ElastiCache to use encryption in transit Additionally, users can access the cache without authentication
A solutions architect must make changes to require user authentication and to ensure that the company is using end-to-end encryption
Which solution will meet these requirements?

1. A. Create an AUTH token Store the token in AWS System Manager Parameter Store, as an encrypted parameter Create a new cluster with AUTH and configure encryption in transit Update the application toretrieve the AUTH token from Parameter Store when necessary and to use the AUTH token for authentication
2. B. Create an AUTH token Store the token in AWS Secrets Manager Configure the existing cluster to use the AUTH token and configure encryption in transit Update the application to retrieve the AUTH token from Secrets Manager when necessary and to use the AUTH token for authentication.
3. C. Create an SSL certificate Store the certificate in AWS Secrets Manager Create a new cluster and configure encryption in transit Update the application to retrieve the SSL certificate from Secrets Manager when necessary and to use the certificate for authentication.
4. D. Create an SSL certificate Store the certificate in AWS Systems Manager Parameter Store, as an encrypted advanced parameter Update the existing cluster to configure encryption in transit Update the application to retrieve the SSL certificate from Parameter Store when necessary and to use the certificate for authentication

Correct Answer: B
Creating an AUTH token and storing it in AWS Secrets Manager and configuring the existing cluster to use the AUTH token and configure encryption in transit, and updating the application to retrieve the AUTH token from Secrets Manager when necessary and to use the AUTH token for authentication, would meet the requirements for user authentication and end-to-end encryption.
AWS Secrets Manager is a service that enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Secrets Manager also enables you to encrypt the data and ensure that only authorized users and applications can access it.
By configuring the existing cluster to use the AUTH token and encryption in transit, all data will be encrypted as it is sent over the network, providing additional security for the data stored in ElastiCache.
Additionally, by updating the application to retrieve the AUTH token from Secrets Manager when necessary and to use the AUTH token for authentication, it ensures that only authorized users and applications can access the cache.
Reference:
AWS Secrets Manager documentation: https://aws.amazon.com/secrets-manager/ Encryption in transit for ElastiCache:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/encryption.html
Authentication and Authorization for ElastiCache: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/accessing-elasticache.html

- (Exam Topic 3)
An online gaming company needs to optimize the cost of its workloads on AWS. The company uses a dedicated account to host the production environment for its online gaming application and an analytics application.
Amazon EC2 instances host the gaming application and must always be vailable. The EC2 instances run all year. The analytics application uses data that is stored in Amazon S3. The analytics application can be interrupted and resumed without issue.
Which solution will meet these requirements MOST cost-effectively?

1. A. Purchase an EC2 Instance Savings Plan for the online gaming application instance
2. B. Use On-Demand Instances for the analytics application.
3. C. Purchase an EC2 Instance Savings Plan for the online gaming application instance
4. D. Use Spot Instances for the analytics application.
5. E. Use Spot Instances for the online gaming application and the analytics applicatio
6. F. Set up a catalog in AWS Service Catalog to provision services at a discount.
7. G. Use On-Demand Instances for the online gaming applicatio
8. H. Use Spot Instances for the analytics applicatio
9. I. Set up a catalog in AWS Service Catalog to provision services at a discount.

Correct Answer: B
The correct answer is B.
* B. This solution is the most cost-effective because it uses an EC2 Instance Savings Plan for the online gaming application instances, which provides the lowest prices and savings up to 72% compared to On-Demand prices. The EC2 Instance Savings Plan applies to any instance size within the same family and region, regardless of availability zone, operating system, or tenancy. The online gaming application instances run all year and must always be available, so they are not suitable for Spot Instances, which can be interrupted with a two-minute notice. This solution also uses Spot Instances for the analytics application, which can reduce the cost by up to 90% compared to On-Demand prices. The analytics application can be interrupted and resumed without issue, so it is a good fit for Spot Instances, which use spare EC2 capacity. This solution does not require AWS Service Catalog, which is a service that helps to create and manage catalogs of IT services that are approved for use on AWS, but does not provide any discounts123
* A. This solution is incorrect because it uses On-Demand Instances for the analytics application, which are more expensive than Spot Instances. The analytics application can be interrupted and resumed without issue, so it can benefit from the lower cost of Spot Instances, which use spare EC2 capacity.
* C. This solution is incorrect because it uses Spot Instances for the online gaming application, which can be interrupted with a two-minute notice. The online gaming application instances must always be available, so they are not suitable for Spot Instances, which use spare EC2 capacity. This solution also uses AWS Service Catalog, which is a service that helps to create and manage catalogs of IT services that are approved for use on AWS, but does not provide any discounts.
* D. This solution is incorrect because it uses On-Demand Instances for the online gaming application, which are more expensive than an EC2 Instance Savings Plan. The online gaming application instances run all year and must always be available, so they are suitable for an EC2 Instance Savings Plan, which provides the lowest prices and savings up to 72% compared to On-Demand prices. This solution also uses AWS Service Catalog, which is a service that helps to create and manage catalogs of IT services that are approved for use on AWS, but does not provide any discounts.
References:
1: EC2 Instance Savings Plans – Amazon Web Services 2: Amazon EC2 Spot Instances 3: Cloud Management and Governance – AWS Service Catalog – Amazon Web Services