Amazon AWS Certified Solutions Architect - Professional SAP-C01
Prev

There are 579 results

Next
#281 (Accuracy: 100% / 1 votes)
A company plans to move regulated and security-sensitive businesses to AWS. The Security team is developing a framework to validate the adoption of AWS best practices and industry-recognized compliance standards. The AWS Management Console is the preferred method for teams to provision resources.
Which strategies should a Solutions Architect use to meet the business requirements and continuously assess, audit, and monitor the configurations of AWS resources? (Choose two.)
  • A. Use AWS Config rules to periodically audit changes to AWS resources and monitor the compliance of the configuration. Develop AWS Config custom rules using AWS Lambda to establish a test-driven development approach, and further automate the evaluation of configuration changes against the required controls.
  • B. Use Amazon CloudWatch Logs agent to collect all the AWS SDK logs. Search the log data using a pre-defined set of filter patterns that matches mutating API calls. Send notifications using Amazon CloudWatch alarms when unintended changes are performed. Archive log data by using a batch export to Amazon S3 and then Amazon Glacier for a long-term retention and auditability.
  • C. Use AWS CloudTrail events to assess management activities of all AWS accounts. Ensure that CloudTrail is enabled in all accounts and available AWS services. Enable trails, encrypt CloudTrail event log files with an AWS KMS key, and monitor recorded activities with CloudWatch Logs.
  • D. Use the Amazon CloudWatch Events near-real-time capabilities to monitor system events patterns, and trigger AWS Lambda functions to automatically revert non-authorized changes in AWS resources. Also, target Amazon SNS topics to enable notifications and improve the response time of incident responses.
  • E. Use CloudTrail integration with Amazon SNS to automatically notify unauthorized API activities. Ensure that CloudTrail is enabled in all accounts and available AWS services. Evaluate the usage of Lambda functions to automatically revert non-authorized changes in AWS resources.
#282 (Accuracy: 100% / 1 votes)
A company is running multiple applications on Amazon EC2. Each application is deployed and managed by multiple business units. All applications are deployed on a single AWS account but on different virtual private clouds (VPCs). The company uses a separate VPC in the same account for test and development purposes.
Production applications suffered multiple outages when users accidentally terminated and modified resources that belonged to another business unit. A Solutions
Architect has been asked to improve the availability of the company applications while allowing the Developers access to the resources they need.
Which option meets the requirements with the LEAST disruption?
  • A. Create an AWS account for each business unit. Move each business unit's instances to its own account and set up a federation to allow users to access their business unit's account.
  • B. Set up a federation to allow users to use their corporate credentials, and lock the users down to their own VPC. Use a network ACL to block each VPC from accessing other VPCs.
  • C. Implement a tagging policy based on business units. Create an IAM policy so that each user can terminate instances belonging to their own business units only.
  • D. Set up role-based access for each user and provide limited permissions based on individual roles and the services for which each user is responsible.
#283 (Accuracy: 100% / 2 votes)
The Solutions Architect manages a serverless application that consists of multiple API gateways, AWS Lambda functions, Amazon S3 buckets, and Amazon
DynamoDB tables. Customers say that a few application components slow while loading dynamic images, and some are timing out with the `504 Gateway
Timeout` error. While troubleshooting the scenario, the Solutions Architect confirms that DynamoDB monitoring metrics are at acceptable levels.
Which of the following steps would be optimal for debugging these application issues? (Choose two.)
  • A. Parse HTTP logs in Amazon API Gateway for HTTP errors to determine the root cause of the errors.
  • B. Parse Amazon CloudWatch Logs to determine processing times for requested images at specified intervals.
  • C. Parse VPC Flow Logs to determine if there is packet loss between the Lambda function and S3.
  • D. Parse AWS X-Ray traces and analyze HTTP methods to determine the root cause of the HTTP errors.
  • E. Parse S3 access logs to determine if objects being accessed are from specific IP addresses to narrow the scope to geographic latency issues.
#284 (Accuracy: 100% / 1 votes)
Which of the following rules must be added to a mount target security group to access Amazon Elastic File System (EFS) from an on-premises server?
  • A. Configure an NFS proxy between Amazon EFS and the on-premises server to route traffic.
  • B. Set up a Point-To-Point Tunneling Protocol Server (PPTP) to allow secure connection.
  • C. Permit secure traffic to the Kerberos port 88 from the on-premises server.
  • D. Allow inbound traffic to the Network File System (NFS) port (2049) from the on-premises server.
#285 (Accuracy: 100% / 2 votes)
You have custom Network File System (NFS) client settings for your Amazon Elastic File System (EFS). It takes up to three seconds for an Amazon Elastic
Compute Cloud (EC2) instance to see a write operation performed on a file system from another Amazon EC2 instance.
Which of the following actions should you take to solve the custom NFS settings from causing delays in the write operation?
  • A. Unmount and remount the file system with the noac option to disable attribute caching.
  • B. Reduce the number of active users that have files open simultaneously on the instances.
  • C. Verify that the IP address of the specified mount target is valid.
  • D. Run the write operation from a different user ID on the same Amazon EC2 instance.
#286 (Accuracy: 100% / 2 votes)
In Amazon Elastic Compute Cloud, you can specify storage volumes in addition to the root device volume when you create an AMI or when launching a new instance using______.
  • A. block device mapping
  • B. object mapping
  • C. batch storage mapping
  • D. datacenter mapping
#287 (Accuracy: 100% / 1 votes)
Complete this statement: "When you load your table directly from an Amazon_____ table, you have the option to control the amount of provisioned throughput you consume."
  • A. RDS
  • B. DataPipeline
  • C. DynamoDB
  • D. S3
#288 (Accuracy: 100% / 2 votes)
In DynamoDB, to get a detailed listing of secondary indexes on a table, you can use the ______ action.
  • A. BatchGetItem
  • B. TableName
  • C. DescribeTable
  • D. GetItem
#289 (Accuracy: 100% / 2 votes)
In DynamoDB, which of the following operations is not possible by the console?
  • A. Updating an item
  • B. Copying an item
  • C. Blocking an item
  • D. Deleting an item
#290 (Accuracy: 100% / 1 votes)
In DynamoDB, "The data is eventually consistent" means that__________.
  • A. a read request immediately after a write operation might not show the latest change.
  • B. a read request immediately after a write operation shows the latest change.
  • C. a write request immediately after a read operation might cause data loss.
  • D. a read request immediately after a write operation might cause data loss.