SAP-C02 Free Practice Test

- (Exam Topic 1)
A company is planning to migrate its business-critical applications from an on-premises data center to AWS. The company has an on-premises installation of a Microsoft SQL Server Always On cluster. The company wants to migrate to an AWS managed database service. A solutions architect must design a heterogeneous database migration on AWS.
Which solution will meet these requirements?

1. A. Migrate the SQL Server databases to Amazon RDS for MySQL by using backup and restore utilities.
2. B. Use an AWS Snowball Edge Storage Optimized device to transfer data to Amazon S3. Set up Amazon RDS for MySQ
3. C. Use S3 integration with SQL Server features, such as BULK INSERT.
4. D. Use the AWS Schema Conversion Tool to translate the database schema to Amazon RDS for MeSQ
5. E. Then use AWS Database Migration Service (AWS DMS) to migrate the data from on-premises databases to Amazon RDS.
6. F. Use AWS DataSync to migrate data over the network between on-premises storage and Amazon S3. Set up Amazon RDS for MySQ
7. G. Use S3 integration with SQL Server features, such as BULK INSERT.

Correct Answer: C
https://aws.amazon.com/dms/schema-conversion-tool/
AWS Schema Conversion Tool (SCT) can automatically convert the database schema from Microsoft SQL Server to Amazon RDS for MySQL. This allows for a smooth transition of the database schema without any manual intervention. AWS DMS can then be used to migrate the data from the on-premises databases to the newly created Amazon RDS for MySQL instance. This service can perform a one-time migration of the data or can set up ongoing replication of data changes to keep the on-premises and AWS databases in sync.

- (Exam Topic 1)
A software as a service (SaaS) based company provides a case management solution to customers A3 part of the solution. The company uses a standalone Simple Mail Transfer Protocol (SMTP) server to send email messages from an application. The application also stores an email template for acknowledgement email messages that populate customer data before the application sends the email message to the customer.
The company plans to migrate this messaging functionality to the AWS Cloud and needs to minimize operational overhead.
Which solution will meet these requirements MOST cost-effectively?

1. A. Set up an SMTP server on Amazon EC2 instances by using an AMI from the AWS Marketplac
2. B. Store the email template in an Amazon S3 bucke
3. C. Create an AWS Lambda function to retrieve the template from the S3 bucket and to merge the customer data from the application with the templat
4. D. Use an SDK in the Lambda function to send the email message.
5. E. Set up Amazon Simple Email Service (Amazon SES) to send email message
6. F. Store the email template in an Amazon S3 bucke
7. G. Create an AWS Lambda function to retrieve the template from the S3 bucket and to merge the customer data from the application with the templat
8. H. Use an SDK in the Lambda function to send the email message.
9. I. Set up an SMTP server on Amazon EC2 instances by using an AMI from the AWS Marketplac
10. J. Store the email template in Amazon Simple Email Service (Amazon SES) with parameters for the customer dat
11. K. Create an AWS Lambda function to call the SES template and to pass customer data to replace the parameter
12. L. Use the AWS Marketplace SMTP server to send the email message.
13. M. Set up Amazon Simple Email Service (Amazon SES) to send email message
14. N. Store the email template on Amazon SES with parameters for the customer dat
15. O. Create an AWS Lambda function to call the SendTemplatedEmail API operation and to pass customer data to replace the parameters and the email destination.

Correct Answer: D
In this solution, the company can use Amazon SES to send email messages, which will minimize operational overhead as SES is a fully managed service that handles sending and receiving email messages. The company can store the email template on Amazon SES with parameters for the customer data and use an AWS Lambda function to call the SendTemplatedEmail API operation, passing in the customer data to replace the parameters and the email destination. This solution eliminates the need to set up and manage an SMTP server on EC2 instances, which can be costly and time-consuming.

- (Exam Topic 2)
A company is using AWS Organizations to manage multiple AWS accounts. For security purposes, the company requires the creation of an Amazon Simple Notification Service (Amazon SNS) topic that enables integration with a third-party alerting system in all the Organizations member accounts.
A solutions architect used an AWS CloudFormation template to create the SNS topic and stack sets to automate the deployment of Cloud Formation stacks. Trusted access has been enabled in Organizations.
What should the solutions architect do to deploy the CloudFormation StackSets in all AWS accounts?

1. A. Create a stack set in the Organizations member account
2. B. Use service-managed permission
3. C. Set deployment options to deploy to an organizatio
4. D. Use CloudFormation StackSets drift detection.
5. E. Create stacks in the Organizations member account
6. F. Use self-service permission
7. G. Set deploymentoptions to deploy to an organizatio
8. H. Enable the CloudFormation StackSets automatic deployment.
9. I. Create a stack set in the Organizations management accoun
10. J. Use service-managed permission
11. K. Set deployment options to deploy to the organizatio
12. L. Enable CloudFormation StackSets automatic deployment.
13. M. Create stacks in the Organizations management accoun
14. N. Use service-managed permission
15. O. Set deployment options to deploy to the organizatio
16. P. Enable CloudFormation StackSets drift detection.

Correct Answer: C
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.h

- (Exam Topic 1)
A retail company has an on-premises data center in Europe. The company also has a multi-Region AWS presence that includes the eu-west-1 and us-east-1 Regions. The company wants to be able to route network traffic from its on-premises infrastructure into VPCs in either of those Regions. The company also needs to support traffic that is routed directly between VPCs in those Regions. No single points of failure can exist on the network.
The company already has created two 1 Gbps AWS Direct Connect connections from its on-premises data center. Each connection goes into a separate Direct Connect location in Europe for high availability. These two locations are named DX-A and DX-B, respectively. Each Region has a single AWS Transit Gateway that is configured to route all inter-VPC traffic within that Region.
Which solution will meet these requirements?

1. A. Create a private VIF from the DX-A connection into a Direct Connect gatewa
2. B. Create a private VIF from the DX-B connection into the same Direct Connect gateway for high availabilit
3. C. Associate both the eu-west-1 and us-east-1 transit gateways with the Direct Connect gatewa
4. D. Peer the transit gatewayswith each other to support cross-Region routing.
5. E. Create a transit VIF from the DX-A connection into a Direct Connect gatewa
6. F. Associate the eu-west-1 transit gateway with this Direct Connect gatewa
7. G. Create a transit VIF from the DX-B connection into a separate Direct Connect gatewa
8. H. Associate the us-east-1 transit gateway with this separate Direct Connect gatewa
9. I. Peer the Direct Connect gateways with each other to support high availability and cross-Region routing.
10. J. Create a transit VIF from the DX-A connection into a Direct Connect gatewa
11. K. Create a transit VIF from the DX-B connection into the same Direct Connect gateway for high availabilit
12. L. Associate both the eu-west-1 and us-east-1 transit gateways with this Direct Connect gatewa
13. M. Configure the Direct Connect gateway to route traffic between the transit gateways.
14. N. Create a transit VIF from the DX-A connection into a Direct Connect gatewa
15. O. Create a transit VIF from the DX-B connection into the same Direct Connect gateway for high availabilit
16. P. Associate both the eu-west-1 and us-east-1 transit gateways with this Direct Connect gatewa
17. Q. Peer the transit gateways with each other to support cross-Region routing.

Correct Answer: D
in this solution, two transit VIFs are created - one from the DX-A connection and one from the DX-B connection - into the same Direct Connect gateway for high availability. Both the eu-west-1 and us-east-1 transit gateways are then associated with this Direct Connect gateway. The transit gateways are then peered with each other to support cross-Region routing. This solution meets the requirements of the company by creating a highly available connection between the on-premises data center and the VPCs in both the eu-west-1 and us-east-1 regions, and by enabling direct traffic routing between VPCs in those regions.

- (Exam Topic 1)
A health insurance company stores personally identifiable information (PII) in an Amazon S3 bucket. The company uses server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the objects. According to a new requirement, all current and future objects in the S3 bucket must be encrypted by keys that the company’s security team manages. The S3 bucket does not have versioning enabled. Which solution will meet these requirements?

1. A. In the S3 bucket properties, change the default encryption to SSE-S3 with a customer managed ke
2. B. Use the AWS CLI to re-upload all objects in the S3 bucke
3. C. Set an S3 bucket policy to deny unencrypted PutObject requests.
4. D. In the S3 bucket properties, change the default encryption to server-side encryption with AWS KMS managed encryption keys (SSE-KMS). Set an S3 bucket policy to deny unencrypted PutObject request
5. E. Use the AWS CLI to re-upload all objects in the S3 bucket.
6. F. In the S3 bucket properties, change the default encryption to server-side encryption with AWS KMS managed encryption keys (SSE-KMS). Set an S3 bucket policy to automatically encrypt objects on GetObject and PutObject requests.
7. G. In the S3 bucket properties, change the default encryption to AES-256 with a customer managed key.Attach a policy to deny unencrypted PutObject requests to any entities that access the S3 bucke
8. H. Use the AWS CLI to re-upload all objects in the S3 bucket.

Correct Answer: D
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html Clearly says we need following header for SSE-C x-amz-server-side-encryption-customer-algorithm Use this header to specify the encryption algorithm. The header value must be AES256.