SAP-C02 Free Practice Test

- (Exam Topic 3)
A company has used infrastructure as code (IaC) to provision a set of two Amazon EC2 instances. The instances have remained the same for several years.
The company's business has grown rapidly in the past few months. In response the company's operations team has implemented an Auto Scaling group to manage the sudden increases in traffic. Company policy requires a monthly installation of security updates on all operating systems that are running.
The most recent security update required a reboot. As a result, the Auto Scaling group terminated the instances and replaced them with new, unpatched instances.
Which combination of steps should a solutions architect recommend to avoid a recurrence of this issue? (Choose two.)

1. A. Modify the Auto Scaling group by setting the Update policy to target the oldest launch configuration for replacement.
2. B. Create a new Auto Scaling group before the next patch maintenanc
3. C. During the maintenance window, patch both groups and reboot the instances.
4. D. Create an Elastic Load Balancer in front of the Auto Scaling grou
5. E. Configure monitoring to ensure that target group health checks return healthy after the Auto Scaling group replaces the terminated instances.
6. F. Create automation scripts to patch an AMI, update the launch configuration, and invoke an Auto Scaling instance refresh.
7. G. Create an Elastic Load Balancer in front of the Auto Scaling grou
8. H. Configure termination protection on the instances.

Correct Answer: CD

- (Exam Topic 1)
A solutions architect has developed a web application that uses an Amazon API Gateway Regional endpoint and an AWS Lambda function. The consumers of the web application are all close to the AWS Region where the application will be deployed. The Lambda function only queries an Amazon Aurora MySQL database. The solutions architect has configured the database to have three read replicas.
During testing, the application does not meet performance requirements. Under high load, the application opens a large number of database connections. The solutions architect must improve the application's performance.
Which actions should the solutions architect take to meet these requirements? (Choose two.)

1. A. Use the cluster endpoint of the Aurora database.
2. B. Use RDS Proxy to set up a connection pool to the reader endpoint of the Aurora database.
3. C. Use the Lambda Provisioned Concurrency feature.
4. D. Move the code for opening the database connection in the Lambda function outside of the event handler.
5. E. Change the API Gateway endpoint to an edge-optimized endpoint.

Correct Answer: BD
Connect to RDS outside of Lambda handler method to improve performance https://awstut.com/en/2022/04/30/connect-to-rds-outside-of-lambda-handler-method-to-improve-performance-en
Using RDS Proxy, you can handle unpredictable surges in database traffic. Otherwise, these surges might cause issues due to oversubscribing connections or creating new connections at a fast rate. RDS Proxy establishes a database connection pool and reuses connections in this pool. This approach avoids the memory and CPU overhead of opening a new database connection each time. To protect the database against oversubscription, you can control the number of database connections that are created. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.html

- (Exam Topic 3)
A company runs an unauthenticated static website (www.example.com) that includes a registration form for users. The website uses Amazon S3 for hosting and uses Amazon CloudFront as the content delivery network with AWS WAF configured. When the registration form is submitted, the website calls an Amazon API Gateway API endpoint that invokes an AWS Lambda function to process the payload and forward the payload to an external API call.
During testing, a solutions architect encounters a cross-origin resource sharing (CORS) error. The solutions architect confirms that the CloudFront distribution origin has the Access-Control-Allow-Origin header set to www.example.com.
What should the solutions architect do to resolve the error?

1. A. Change the CORS configuration on the S3 bucke
2. B. Add rules for CORS to the Allowed Origin element for www.example.com.
3. C. Enable the CORS setting in AWS WA
4. D. Create a web ACL rule in which the Access-Control-Allow-Origin header is set to www.example.com.
5. E. Enable the CORS setting on the API Gateway API endpoin
6. F. Ensure that the API endpoint is configured to return all responses that have the Access-Control -Allow-Origin header set to www.example.com.
7. G. Enable the CORS setting on the Lambda functio
8. H. Ensure that the return code of the function has the Access-Control-Allow-Origin header set to www.example.com.

Correct Answer: C
CORS errors occur when a web page hosted on one domain tries to make a request to a server hosted on another domain. In this scenario, the registration form hosted on the static website is trying to make a request to the API Gateway API endpoint hosted on a different domain, which is causing the error. To resolve this error, the Access-Control-Allow-Origin header needs to be set to the domain from which the request is being made. In this case, the header is already set to www.example.com on the CloudFront distribution origin. Therefore, the solutions architect should enable the CORS setting on the API Gateway API endpoint and ensure that the API endpoint is configured to return all responses that have the Access-Control-Allow-Origin header set to www.example.com. This will allow the API endpoint to respond to requests from the static website without a CORS error.
https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-cors-errors/

- (Exam Topic 2)
A company plans to migrate a three-tiered web application from an on-premises data center to AWS The company developed the Ui by using server-side JavaScript libraries The business logic and API tier uses a Python-based web framework The data tier runs on a MySQL database
The company custom built the application to meet business requirements The company does not want to
re-architect the application The company needs a solution to replatform the application to AWS with the least possible amount of development The solution needs to be highly available and must reduce operational overhead
Which solution will meet these requirements?

1. A. Deploy the UI to a static website on Amazon S3 Use Amazon CloudFront to deliver the website Build the business logic in a Docker image Store the image in AmazonElastic Container Registry (Amazon ECR) Use Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type to host the website with an Application Load Balancer in front Deploy the datalayer to an Amazon Aurora MySQL DB cluster
2. B. Build the UI and business logic in Docker images Store the images in Amazon Elastic Container Registry (Amazon ECR) Use Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type to host the UI and business logic applications with an Application Load Balancer in front Migrate the database to an Amazon RDS for MySQL Multi-AZ DB instance
3. C. Deploy the UI to a static website on Amazon S3 Use Amazon CloudFront to deliver the website Convert the business logic to AWS Lambda functions Integrate the functions with Amazon API Gateway Deploy the data layer to an Amazon Aurora MySQL DB cluster
4. D. Build the UI and business logic in Docker images Store the images in Amazon Elastic Container Registry (Amazon ECR) Use Amazon Elastic Kubernetes Service(Amazon EKS) with Fargate profiles to host the UI and business logic Use AWS Database Migration Service (AWS DMS) to migrate the data layer to Amazon DynamoDB

Correct Answer: A
This solution utilizes Amazon S3 and CloudFront to deploy the UI as a static website, which can be done with minimal development effort. The business logic and API tier can be containerized in a Docker image and stored in Amazon Elastic Container Registry (ECR) and run on Amazon Elastic Container Service (ECS) with the Fargate launch type, which allows the application to be highly available with minimal operational overhead. The data layer can be deployed on an Amazon Aurora MySQL DB cluster which is a fully managed relational database service.
Amazon Aurora provides high availability and performance for the data layer without the need for managing the underlying infrastructure.

- (Exam Topic 3)
A company has multiple AWS accounts. The company recently had a security audit that revealed many unencrypted Amazon Elastic Block Store (Amazon EBS) volumes attached to Amazon EC2 instances.
A solutions architect must encrypt the unencrypted volumes and ensure that unencrypted volumes will be detected automatically in the future. Additionally, the company wants a solution that can centrally manage multiple AWS accounts with a focus on compliance and security.
Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

1. A. Create an organization in AWS Organization
2. B. Set up AWS Control Tower, and turn on the strongly recommended guardrail
3. C. Join all accounts to the organizatio
4. D. Categorize the AWS accounts into OUs.
5. E. Use the AWS CLI to list all the unencrypted volumes in all the AWS account
6. F. Run a script to encrypt all the unencrypted volumes in place.
7. G. Create a snapshot of each unencrypted volum
8. H. Create a new encrypted volume from the unencrypted snapsho
9. I. Detach the existing volume, and replace it with the encrypted volume.
10. J. Create an organization in AWS Organization
11. K. Set up AWS Control Tower, and turn on the mandatory guardrail
12. L. Join all accounts to the organizatio
13. M. Categorize the AWS accounts into OUs.
14. N. Turn on AWS CloudTrai
15. O. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to detect and automatically encrypt unencrypted volumes.

Correct Answer: AC
(https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-guardrails.html)