SAP-C02 Free Practice Test

- (Exam Topic 1)
A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect must implement a solution that the company can use to share a common network across multiple accounts.
The company's infrastructure team has a dedicated infrastructure account that has a VPC. The infrastructure team must use this account to manage the network. Individual accounts cannot have the ability to manage their own networks. However, individual accounts must be able to create AWS resources within subnets.
Which combination of actions should the solutions architect perform to meet these requirements? (Select TWO.)

1. A. Create a transit gateway in the infrastructure account.
2. B. Enable resource sharing from the AWS Organizations management account.
3. C. Create VPCs in each AWS account within the organization in AWS Organization
4. D. Configure the VPCs to share the same CIDR range and subnets as the VPC in the infrastructure accoun
5. E. Peer the VPCs in each individual account with the VPC in the infrastructure account,
6. F. Create a resource share in AWS Resource Access Manager in the infrastructure accoun
7. G. Select the specific AWS Organizations OU that will use the shared networ
8. H. Select each subnet to associate with the resource share.
9. I. Create a resource share in AWS Resource Access Manager in the infrastructure accoun
10. J. Select the specific AWS Organizations OU that will use the shared networ
11. K. Select each prefix list to associate with the resource share.

Correct Answer: AE
https://docs.aws.amazon.com/vpc/latest/userguide/sharing-managed-prefix-lists.html

- (Exam Topic 2)
A company has an application in the AWS Cloud. The application runs on a fleet of 20 Amazon EC2 instances. The EC2 instances are persistent and store data on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes.
The company must maintain backups in a separate AWS Region. The company must be able to recover the EC2 instances and their configuration within I business day, with loss of no more than I day's worth of data. The company has limited staff and needs a backup solution that optimizes operational efficiency and cost. The company already has created an AWS CloudFormation template that can deploy the required network configuration in a secondary Region.
Which solution will meet these requirements?

1. A. Create a second CloudFormation template that can recreate the EC2 instances in the secondary Region.Run daily multivolume snapshots by using AWS Systems Manager Automation runbook
2. B. Copy the snapshots to the secondary Regio
3. C. In the event of a failure, launch the CloudFormation templates, restore the EBS volumes from snapshots, and transfer usage to the secondary Region.
4. D. Use Amazon Data Lifecycle Manager (Amazon DLM) to create daily multivolume snapshots of the EBS volume
5. E. In the event of a failure, launch theCloudFormation template and use Amazon DLM to restore the EBS volumes and transfer usage to the secondary Region.
6. F. Use AWS Backup to create a scheduled daily backup plan for the EC2 instance
7. G. Configure the backup task to copy the backups to a vault in the secondary Regio
8. H. In the event of a failure, launch the CloudFormation template, restore the instance volumes and configurations from the backup vault, and transfer usage to the secondary Region.
9. I. Deploy EC2 instances of the same size and configuration to the secondary Regio
10. J. Configure AWS DataSync daily to copy data from the primary Region to the secondary Regio
11. K. In the event of a failure, launch the CloudFormation template and transfer usage to the secondary Region.

Correct Answer: C
Using AWS Backup to create a scheduled daily backup plan for the EC2 instances will enable taking snapshots of the EC2 instances and their attached EBS volumes1. Configuring the backup task to copy the backups to a vault in the secondary Region will enable maintaining backups in a separate Region1. In the event of a failure, launching the CloudFormation template will enable deploying the network configuration in the secondary Region2. Restoring the instance volumes and configurations from the backup vault will enable recovering the EC2 instances and their data1. Transferring usage to the secondary Region will enable resuming operations2.

- (Exam Topic 1)
A company uses a service to collect metadata from applications that the company hosts on premises. Consumer devices such as TVs and internet radios access the applications. Many older devices do not support certain HTTP headers and exhibit errors when these headers are present in responses. The company has configured an on-premises load balancer to remove the unsupported headers from responses sent to older devices, which the company identified by the User-Agent headers.
The company wants to migrate the service to AWS, adopt serverless technologies, and retain the ability to support the older devices. The company has already migrated the applications into a set of AWS Lambda functions.
Which solution will meet these requirements?

1. A. Create an Amazon CloudFront distribution for the metadata servic
2. B. Create an Application Load Balancer (ALB). Configure the CloudFront distribution to forward requests to the AL
3. C. Configure the ALB to invoke the correct Lambda function for each type of reques
4. D. Create a CloudFront function to remove the problematic headers based on the value of the User-Agent header.
5. E. Create an Amazon API Gateway REST API for the metadata servic
6. F. Configure API Gateway to invoke the correct Lambda function for each type of reques
7. G. Modify the default gateway responses to remove the problematic headers based on the value of the User-Agent header.
8. H. Create an Amazon API Gateway HTTP API for the metadata servic
9. I. Configure API Gateway to invoke the correct Lambda function for each type of reques
10. J. Create a response mapping template to remove the problematic headers based on the value of the User-Agen
11. K. Associate the response data mapping with the HTTP API.
12. L. Create an Amazon CloudFront distribution for the metadata servic
13. M. Create an Application Load Balancer (ALB). Configure the CloudFront distribution to forward requests to the AL
14. N. Configure the ALB to invoke the correct Lambda function for each type of reques
15. O. Create a Lambda@Edge function that will remove the problematic headers in response to viewer requests based on the value of theUser-Agent header.

Correct Answer: D
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html

- (Exam Topic 3)
A company is building an image service on the web that will allow users to upload and search random photos. At peak usage, up to 10.000 users worldwide will upload their images. The service will then overlay text on the uploaded images, which will then be published on the company website.
Which design should a solutions architect implement?

1. A. Store the uploaded images in Amazon Elastic File System (Amazon EFS). Send application log information about each image to Amazon CloudWatch Logs Create a fleet of Amazon EC2 instances that use CloudWatch Logs to determine which images need to be processed Place processed images in another directory in Amazon EF
2. B. Enable Amazon CloudFront and configure the origin to be the one of the EC2 instances in the fleet
3. C. Store the uploaded images in an Amazon S3 bucket and configure an S3 bucket event notification to send a message to Amazon Simple Notification Service (Amazon SNS) Create a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) to pull messages from Amazon SNS to process the images and place them in Amazon Elastic File System (Amazon EFS) Use Amazon CloudWatch metrics for the SNS message volume to scale out EC2 instance
4. D. Enable Amazon CloudFront and configure the origin to be the ALB in front of the EC2 instances
5. E. Store the uploaded images in an Amazon S3 bucket and configure an S3 bucket event notification to send a message to the Amazon Simple Queue Service (Amazon SQS) queue Create a fleet of Amazon EC2 instances to pull messages from the SQS queue to process the images and place them in another S3 bucke
6. F. Use Amazon CloudWatch metncs for queue depth to scale out EC2 instances Enable Amazon CloudFront and configure the origin to be the S3 bucket that contains the processed images.
7. G. Store the uploaded images on a shared Amazon Elastic Block Store (Amazon EBS) volume amounted to a fleet of Amazon EC2 Spot instance
8. H. Create an AmazonDynamoDB table that contains information about each uploaded image and whether it has been processed Use an Amazon EventBndge rule to scale out EC2 instance
9. I. Enable Amazon CloudFront and configure the origin to reference an Elastic Load Balancer in front of the fleet of EC2 instances.

Correct Answer: C
(Store the uploaded images in an S3 bucket and use S3 event notification with SQS queue) is the most suitable design. Amazon S3 provides highly scalable and durable storage for the uploaded images. Configuring S3 event notifications to send messages to an SQS queue allows for decoupling the processing of images from the upload process. A fleet of EC2 instances can pull messages from the SQS queue to process the images and store them in another S3 bucket. Scaling out the EC2 instances based on SQS queue depth using CloudWatch metrics ensures efficient utilization of resources. Enabling Amazon CloudFront with the origin set to the S3 bucket containing the processed images improves the global availability and performance of image delivery.

- (Exam Topic 2)
A company has several AWS accounts. A development team is building an automation framework for cloud governance and remediation processes. The automation framework uses AWS Lambda functions in a centralized account. A solutions architect must implement a least privilege permissions policy that allows the Lambda functions to run in each of the company's AWS accounts.
Which combination of steps will meet these requirements? (Choose two.)

1. A. In the centralized account, create an IAM role that has the Lambda service as a trusted entit
2. B. Add an inline policy to assume the roles of the other AWS accounts.
3. C. In the other AWS accounts, create an IAM role that has minimal permission
4. D. Add the centralized account's Lambda IAM role as a trusted entity.
5. E. In the centralized account, create an IAM role that has roles of the other accounts as trusted entities.Provide minimal permissions.
6. F. In the other AWS accounts, create an IAM role that has permissions to assume the role of the centralized accoun
7. G. Add the Lambda service as a trusted entity.
8. H. In the other AWS accounts, create an IAM role that has minimal permission
9. I. Add the Lambda service as a trusted entity.

Correct Answer: AB
https://medium.com/@it.melnichenko/invoke-a-lambda-across-multiple-aws-accounts-8c094b2e70be