AWS SAP-C02 Study Notes

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

A company is planning to host a web application on AWS and wants to load balance the traffic across a group of Amazon EC2 instances. One of the security requirements is to enable end-to-end encryption in transit between the client and the web server. Which solution will meet this requirement?

Place the EC2 instances behind an Application Load Balancer (ALB). Provision an SSL certificate using AWS Certificate Manager (ACM), and associate the SSL certificate with the ALB. Export the SSL certificate and install it on each EC2 instance. Configure the ALB to listen on port 443 and to forward traffic to port 443 on the instances.

Place the EC2 instances behind a Network Load Balancer (NLB). Provision a third-party SSL certificate and install it on the NLB and on each EC2 instance. Configure the NLB to listen on port 443 and to forward traffic to port 443 on the instances.

Associate the EC2 instances with a target group. Provision an SSL certificate using AWS Certificate Manager (ACM). Create an Amazon CloudFront distribution and configure it to use the SSL certificate. Set CloudFront to use the target group as the origin server.

Place the EC2 instances behind an Application Load Balancer (ALB) Provision an SSL certificate using AWS Certificate Manager (ACM), and associate the SSL certificate with the ALB. Provision a third-party SSL certificate and install it on each EC2 instance. Configure the ALB to listen on port 443 and to forward traffic to port 443 on the instances. (correct)

A company migrated to AWS and uses AWS Business Support. The company wants to monitor the cost-effectiveness of Amazon EC2 instances across AWS accounts. The EC2 instances have tags for department, business unit, and environment. Development EC2 instances have high cost but low utilization. The company needs to detect and stop any underutilized development EC2 instances. Instances are underutilized if they had 10% or less average daily CPU utilization and 5 MB or less network I/O for at least 4 of the past 14 days. Which solution will meet these requirements with the LEAST operational overhead?

Create an AWS Lambda function to run daily to retrieve utilization data for all EC2 instances. Save the data to an Amazon DynamoDB table. Create an Amazon QuickSight dashboard that uses the DynamoDB table as a data source to identify and stop underutilized development EC2 instances.

Configure AWS Systems Manager to track EC2 instance utilization and report underutilized instances to Amazon CloudWatch. Filter the CloudWatch data by tags for department, business unit, and environment. Create an Amazon EventBridge rule that invokes an AWS Lambda function to stop underutilized development EC2 instances.

Configure Amazon CloudWatch dashboards to monitor EC2 instance utilization based on tags for department, business unit, and environment. Create an Amazon EventBridge rule that invokes an AWS Lambda function to stop underutilized development EC2 instances.

Create an Amazon EventBridge rule to detect low utilization of EC2 instances reported by AWS Trusted Advisor. Configure the rule to invoke an AWS Lambda function that filters the data by tags for department, business unit, and environment and stops underutilized development EC2 instances. (correct)

A company is running a serverless ecommerce application on AWS. The application uses Amazon API Gateway to invoke AWS Lambda Java functions. The Lambda functions connect to an Amazon RDS for MySQL database to store data. During a recent sale event, a sudden increase in web traffic resulted in poor API performance and database connection failures. The company needs to implement a solution to minimize the latency for the Lambda functions and to support bursts in traffic. Which solution will meet these requirements with the LEAST amount of change to the application?

Create an RDS Proxy endpoint for the database. Store database secrets in AWS Secrets Manager. Set up the required IAM permissions. Update the Lambda functions to connect to the RDS Proxy endpoint. Increase the reserved concurrency for the Lambda functions.

Create a custom parameter group. Increase the value of the max_connections parameter. Associate the custom parameter group with the RDS DB instance and schedule a reboot. Increase the reserved concurrency for the Lambda functions.

Update the code of the Lambda functions so that the Lambda functions open the database connection outside of the function handler. Increase the provisioned concurrency for the Lambda functions.

A company has registered 10 new domain names. The company uses the domains for online marketing. The company needs a solution that will redirect online visitors to a specific URL for each domain. All domains and target URLs are defined in a JSON document. All DNS records are managed by Amazon Route 53. A solutions architect must implement a redirect service that accepts HTTP and HTTPS requests. Which combination of steps should the solutions architect take to meet these requirements with the LEAST amount of operational effort? (Choose three.)

<p>Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect URL.</p> Signup and view all the answers

Study Notes

AWS SAP-C02 Study Notes

Question 1: A company wants to load balance traffic to Amazon EC2 instances with end-to-end encryption. The best solution is to place the EC2 instances behind an Application Load Balancer (ALB) and use an SSL certificate from AWS Certificate Manager (ACM). This certificate is associated with the ALB and installed on each EC2 instance. The ALB listens on port 443 and forwards traffic to port 443 on the EC2 instances.
Question 2: A company wants to monitor the cost-effectiveness of Amazon EC2 instances across AWS accounts. EC2 instances have tags for department, business unit, and environment. Development EC2 instances have high cost and low utilization.
Question 3: A company wants to detect and stop underutilized development EC2 instances. Instances are considered underutilized if they have 10% or less average daily CPU utilization and 5 MB or less network I/O for at least 4 of the past 14 days. The best solution with the least overhead is to use an Amazon EventBridge rule to detect low utilization reported by AWS Trusted Advisor and invoke an AWS Lambda function.
Question 4: A company wants to deploy a customer-facing image storage solution on AWS. The solution needs to handle high volume, reliability, and the ability to rerun processing jobs. The best solution is to use Amazon EventBridge to process S3 events, resize images in place using an AWS Lambda function, and store the original file in S3. An S3 Lifecycle policy should be created to expire images after 6 months.
Question 5: A company is running a serverless application on AWS. The application uses Amazon API Gateway, Lambda Java functions, and an Amazon RDS for MySQL database. During a recent surge in traffic, API performance and database connection failures occurred. The best solution to minimize latency and support bursts in traffic is to create an Amazon RDS Proxy endpoint, store database secrets in AWS Secrets Manager, and adjust the Lambda functions to connect to the RDS Proxy endpoint. Increased provisioned concurrency for Lambda functions is also recommended.
Question 6: A company is hosting a monolithic REST-based API on Amazon EC2 instances in subnets of a VPC. Recently, the application is under high traffic. The best solution to handle varying load is to separate the API into individual AWS Lambda functions and configure an Amazon API Gateway REST API.
Question 7: An entertainment company hosts a ticketing service on Amazon EC2 instances with a pricing file stored in S3 Standard storage. The pricing file is updated frequently. The best solution to resolve outdated pricing information and ensure cost-effectiveness is to use an AWS Lambda function to update an Amazon DynamoDB table with new pricing, then update the ticketing service to use DynamoDB for pricing information.
Question 8: A company runs a web application on a single Amazon EC2 instance. The application experiences slow performance when CPU utilization is above 95%. The best solution to reduce application latency during auto-scaling is to use a dynamic scaling policy with associated lifecycle hooks to run the user data script and enable warm pools.
Question 9: A SaaS company wants to give new customers in a different region access to the service without immediate EC2 resource deployment in the new region. The best solution to achieve this is to create temporary AWS resources to allow access with the existing resources in the original region. Subsequently, new resources in the new region can be deployed when needed, after configuration adjustments.
Question 10: A company runs an IoT platform on AWS. IoT sensors send data to Node.js API servers on Amazon EC2 instances behind an Application Load Balancer. The data is stored in an Amazon RDS MySQL DB instance. The number of sensors has increased, and API servers are overloaded. Effective solutions to maintain efficiency include Resizing the MySQL DB instance's storage to have increased IOPS and re-architecting the database layer using Amazon Aurora.
Question 11: A company wants to fetch game assets from the closest AWS Region or the other region if the primary location is unavailable. The solution is to create an Amazon Route 53 health check for each ALB. Create a Route 53 failover routing record pointing to the two ALBs and Set the Evaluate Target Health value to Yes.
Question 12: A company wants to load balance traffic to Amazon EC2 instances with end-to-end encryption. The best solution is to place the EC2 instances behind an Application Load Balancer (ALB), provision an SSL certificate from AWS Certificate Manager (ACM), associate the certificate with the ALB and install the certificate on each EC2 instance, and configure the ALB to listen on port 443 and forward traffic to port 443 on the instances.
Question 13: A company has a data-intensive application on AWS. The application reads and modifies data on a shared file system (200 TB) and takes 72 hours. The best solution to reduce costs and provide high performance for the 72-hour run is to migrate the data from the existing file system to an Amazon S3 bucket using S3 Intelligent-Tiering. Then use Amazon FSx for Lustre to create a new file system with the data, using lazy loading.
Question 14: Data scientists need access to an Amazon S3 data lake in a separate AWS account. The best solution is to create an S3 access point in the data scientists' AWS account. This allows authorized access to the data lake. Additionally, update the EC2 instance role to allow Amazon S3 access.
Question 15: A company wants to use its on-premises Active Directory for user authentication in AWS. The best solution to meet the company's security policy requirements for conditional access is to configure AWS IAM Identity Center (AWS Single Sign-On), connect to Active Directory using SAML 2.0, and allow automatic user provisioning using SCIM v2.0. Grant access to AWS accounts using IAM Identity Center permission sets.
Question 16: A company wants to create a storage solution for archived documents accessible via an on-premises client VPN. The best solution to meet these criteria is launch an AWS S3 bucket, configure it to use the One Zone-Infrequent Access (S3 One Zone-IA) storage class, configure for website hosting, create as an interface endpoint, and grant access only through this endpoint to mitigate cost.
Question 17: A company's application deployed on AWS using Amazon DynamoDB with high and consistent peak application load (4 hours). The solution to minimize costs is to use AWS Application Auto Scaling to increase capacity during the peak period and to purchase reserved RCUs and WCUs to match the average load.
Question 18: A company needs a solution to redirect online visitors defined in a JSON document to specific URLs managed by Amazon Route 53. The solution to implement a redirect service is to create an Application Load Balancer or AWS Lambda functions to make use of the JSON to determine and respond with the redirect URL.
Question 19: A company wants to ensure high availability across two AWS regions. The best solution is to create a connection alias in the primary and failover regions, associate the aliases with directories in the primary and failover region, and create a Route 53 failover routing policy to evaluate target health.
Question 20: A company needs to manage AWS accounts and share a common network, but individual accounts can't manage network resources or create resources in specific subnets. The best solutions are to create a transit gateway in the infrastructure account and enable resource sharing from the AWS Organizations management account.
Question 21: A company's AWS CloudFormation stack with AWS Lambda functions experiences a brief outage during a large release. A solution that meets the requirements is deploying the application to a new CloudFormation stack. Use Amazon Route 53 weighted routing policy to distribute the load.
Question 22: A company needs to back up data from an Amazon EC2 instance running Amazon Linux 2 to an Amazon S3 bucket without an SSH key. The best solution is to create an image of the instance, launch a new EC2 instance from the image, attach a role to the new instance with permission to write to Amazon S3, and run a command to copy the data from the EBS volume.
Question 23: A company has a transit account that shares a transit gateway with other AWS accounts. The networking team needs to centrally manage a list of internal IP address ranges. A good solution is to use AWS Resource Access Manager to share a VPC prefix list, configure security group rules, and modify other account configurations to reference the transit account's security group directly.
Question 24: A company wants to generate a CSV report using Amazon CloudWatch logs every two weeks. The way to do this with the least development time is to leverage the Lambda function to extract and process metrics from Amazon CloudWatch Logs, store the data in an S3 bucket in the appropriate format, and create an EventBridge rule to schedule the Lambda function to run every two weeks.
Question 25: An external customer needs to connect to a web application running on Amazon EC2 instances behind an Application Load Balancer (ALB) that uses AWS WAF. The best way to handle this without significant operational overhead is to use an AWS Global Accelerator to allocate an Elastic IP address to the ALB and use it to provide IP access to the customer.
Question 26: A company with multiple business units wants to view detailed costing and utilization data using Amazon Athena in each business unit. Data should be isolated per business unit. A solution that meets the requirement is that each business unit needs a Cost and Usage report that is managed and stored under a different prefix in the organization's central S3 bucket.
Question 27: An application deployed on Amazon EC2 instances in an Auto Scaling group using a single instance type has underutilized CPU and memory. The solution to reduce costs and increase utilization is to use the AWS Price List Bulk API to select appropriate instance types and create a new version of the Auto Scaling group's launch template.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

Test your knowledge on AWS EC2 load balancing, monitoring costs, and optimizing instance utilization with these study notes for the SAP-C02 certification. This quiz covers important concepts and scenarios that AWS professionals encounter in cloud architecture.