[Q168-Q190] SAP-C01 Certification - The Ultimate Guide [Updated 2025]

SAP-C01 Certification - The Ultimate Guide [Updated 2025]

SAP-C01 Practice Exam and Study Guides - Verified By PracticeDump

The SAP-C01 certification exam covers a wide range of AWS services, including Elastic Compute Cloud (EC2), Simple Storage Service (S3), Virtual Private Cloud (VPC), Relational Database Service (RDS), and many others. It also covers advanced topics such as high availability, fault tolerance, and disaster recovery. SAP-C01 exam also tests your understanding of AWS cost optimization and security best practices.

To prepare for the SAP-C01 certification exam, you should have a solid understanding of AWS services and architecture, as well as experience designing and deploying complex systems on AWS. AWS recommends that candidates have at least two years of hands-on experience designing and deploying systems on AWS before attempting the SAP-C01 exam. Additionally, AWS offers a range of training courses and resources to help candidates prepare for the exam.

 

NEW QUESTION # 168
A large financial company is deploying applications that consist of Amazon EC2 and Amazon RDS instances to the AWS Cloud using AWS Cloud Formation.
The CloudFormation stack has the following stack policy:

The company wants to ensure that developers do not lose data by accidentally removing or replacing RDS instances when updating me Cloud Formation stack Developers also still need to be able to modify or remove EC2 instances as needed How should the company change the stack policy to meet these requirements?

• A. Modify the statement to specify "Effect" "Deny" "Action" ("Update Delete"] lor all logical RDS resources
• B. Modify the statement to specify "Effect" "Deny" "Action" ["Update *"] for all logical RDS resources
• C. Add a second statement that specifies "Effect" "Deny" "Action" ["Update'"] for all logical RDS resources
• D. Add a second statement that specifies "Effect" "Deny" "Action" ["Update Delete" "Update Replace"] for all logical RDS resources

Answer: D

Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html

NEW QUESTION # 169
Select the correct statement about Amazon ElastiCache.

• A. It cannot run in the Amazon Virtual Private Cloud (Amazon VPC) environment.
• B. It allows you to quickly deploy your cache environment only if you install software.
• C. It makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud.
• D. It does not integrate with other Amazon Web Services.

Answer: C

Explanation:
Explanation
ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in memory cache environment in the cloud. It provides a high-performance, scalable, and cost- effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment. With ElastiCache, you can quickly deploy your cache environment, without having to provision hardware or install software.
http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/WhatIs.html

NEW QUESTION # 170
A Solutions Architect is designing a multi-account structure that has 10 existing accounts. The design must meet the following requirements:
Consolidate all accounts into one organization.
Allow full access to the Amazon EC2 service from the master account and the secondary accounts.
Minimize the effort required to add additional secondary accounts.
Which combination of steps should be included in the solution? (Choose two.)

• A. Create a service control policy (SCP) that enables full EC2 access, and attach the policy to the OU.
• B. Create a full EC2 access policy and map the policy to a role in each account. Trust every other account to assume the role.
• C. Create an organization from the master account. Send invitations to the secondary accounts from the master account. Accept the invitations and create an OU.
• D. Create a VPC peering connection between the master account and the secondary accounts. Accept the request for the VPC peering connection.
• E. Create an organization from the master account. Send a join request to the master account from each secondary account. Accept the requests and create an OU.

Answer: A,C

Explanation:
There is a concept of Permission Boundary vs Actual IAM Policies That is, we have a concept of "Allow" vs "Grant". In terms of boundaries, we have the following three boundaries: 1. SCP 2. User/Role boundaries 3. Session boundaries (ex. AssumeRole ... ) In terms of actual permission granting, we have the following: 1. Identity Policies 2. Resource Policies

NEW QUESTION # 171
A company is planning the migration of several lab environments used for software testing. An assortment of custom tooling is used to manage the test runs for each lab. The labs use immutable infrastructure for the software test runs, and the results are stored in a highly available SQL database cluster. Although completely rewriting the custom tooling is out of scope for the migration project, the company would like to optimize workloads during the migration.
Which application migration strategy meets this requirement?

• A. Re-platform
• B. Re-host
• C. Re-factor/re-architect
• D. Retire

Answer: A

NEW QUESTION # 172
You are implementing a URL whitelisting system for a company that wants to restrict outbound HTTP'S connections to specific domains from their EC2-hosted applications you deploy a single EC2 instance running proxy software and configure It to accept traffic from all subnets and EC2 instances in the VPC. You configure the proxy to only pass through traffic to domains that you define in its whitelist configuration You have a nightly maintenance window or 10 minutes where all instances fetch new software updates. Each update Is about 200MB In size and there are 500 instances In the VPC that routinely fetch updates After a few days you notice that some machines are failing to successfully download some, but not all of their updates within the maintenance window. The download URLs used for these updates are correctly listed in the proxy's whitelist configuration and you are able to access them manually using a web browser on the instances.
What might be happening? (Choose 2)

• A. You have not allocated enough storage to the EC2 instance running the proxy so the network buffer is filling up, causing some requests to fail.
• B. The route table for the subnets containing the affected EC2 instances is not configured to direct network traffic for the software update locations to the proxy.
• C. You are running the proxy on an undersized EC2 instance type so network throughput is not sufficient for all instances to download their updates in time.
• D. You are running the proxy in a public subnet but have not allocated enough EIPs to support the needed network throughput through the Internet Gateway (IGW).
• E. You are running the proxy on a sufficiently-sized EC2 instance in a private subnet and its network throughput is being throttled by a NAT running on an undersized EC2 instance.

Answer: C,E

NEW QUESTION # 173
A company manages hundreds of AWS accounts centrally in an organization in AWS Organizations. The company recently started to allow product teams to create and manage their own S3 access points in their accounts. The S3 access points can be accessed only within VPCs, not on the internet.
What is the MOST operationally efficient way to enforce this requirement?

• A. Set the S3 access point resource policy to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
• B. Use AWS CloudFormation StackSets to create a new 1AM policy in each AWS account that allows the s3:CreateAccessPoint action only if the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
• C. Set the S3 bucket policy to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
• D. Create an SCP at the root level in the organization to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.

Answer: A

NEW QUESTION # 174
A company is running a commercial Apache Hadoop cluster on Amazon EC2. This cluster is being used daily to query large files on Amazon S3. The data on Amazon S3 has been curated and does not require any additional transformations steps. The company is using a commercial business intelligence (BI) tool on Amazon EC2 to run queries against the Hadoop cluster and visualize the data.
The company wants to reduce or eliminate the overhead costs associated with managing the Hadoop cluster and the BI tool. The company would like to remove to a more cost-effective solution with minimal effort. The visualization is simple and requires performing some basic aggregation steps only.
Which option will meet the company's requirements?

• A. Develop a script that uses Amazon Athena to query and analyze the files on Amazon S3. Then use Amazon QuickSight to connect to Athena and perform the visualization.
• B. Develop a stored procedure invoked from a MySQL database running on Amazon EC2 to analyze EC2 to analyze the files in Amazon S3. Then use a fast in-memory BL tool running on Amazon EC2 to visualize the data.
• C. Use a commercial extract, transform, load (ETL) tool that runs on Amazon EC2 to prepare the data for processing. Then switch to a faster and cheaper Bl tool that runs on Amazon EC2 to visualize the data from Amazon S3.
• D. Launch a transient Amazon EMR cluster daily and develop an Apache Hive script to analyze the files on Amazon S3. Shut down the Amazon EMR cluster when the job is complete. The use the Amazon QuickSight to connect to Amazon EMR and perform the visualization.

Answer: A

Explanation:
Explanation
https://docs.aws.amazon.com/quicksight/latest/user/create-a-data-set-athena.htmlhttps://aws.amazon.com/athena/

NEW QUESTION # 175
A solutions architect is designing a publicly accessible web application that is on an Amazon CloudFront distribution with an Amazon S3 website endpoint as the origin. When the solution is deployed, the website returns an Error 403: Access Denied message.
Which steps should the solutions architect take to correct the issue? (Select TWO.)

• A. Remove the S3 block public access option from the S3 bucket.
• B. Change the storage class from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA).
• C. Remove the origin access identity (OAI) from the CloudFront distribution.
• D. Remove the requester pays option trom the S3 bucket.
• E. Disable S3 object versioning.

Answer: A,C

Explanation:
See using S3 to host a static website with Cloudfront: https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-serve-static-website/
- Using a REST API endpoint as the origin, with access restricted by an origin access identity (OAI)
- Using a website endpoint as the origin, with anonymous (public) access allowed
- Using a website endpoint as the origin, with access restricted by a Referer header

NEW QUESTION # 176
A company has a standard three-tier architecture using two Availability Zones. During the company's off season, users report that the website is not working. The Solutions Architect finds that no changes have been made to the environment recently, the website is reachable, and it is possible to log in. However, when the Solutions Architect selects the "find a store near you" function, the maps provided on the site by a third-party RESTful API call do not work about 50% of the time after refreshing the page. The outbound API calls are made through Amazon EC2 NAT instances.
What is the MOST likely reason for this failure and how can it be mitigated in the future?

• A. One of the NAT instances failed. Recommend replacing the EC2 NAT instances with a NAT gateway.
  The issue is 50% failure, means the balancing over 2 AZs is failing on one NAT instance in one AZ. The solution is to replace the NAT instance with fully managed and high available NAT gateway.
• B. One NAT instance has become overloaded. Replace both EC2 NAT instances with a larger-sized instance and make sure to account for growth when making the new instance size.
• C. The fault is in the third-party environment. Contact the third party that provides the maps and request a fix that will provide better uptime.
• D. The network ACL for one subnet is blocking outbound web traffic. Open the network ACL and prevent administration from making future changes through IAM.

Answer: A

NEW QUESTION # 177
A company has a web application that securely uploads pictures and videos to an Amazon S3 bucket The company requires that only authenticated users are allowed to post content T.he application generates a presigned URL that is used to upload objects through a browser interface. Most users are reporting slow upload times for objects larger than 100 MB
What can a solutions architect do to improve the performance of these uploads while ensuring only authenticated users are allowed to post content?

• A. Set up an Amazon API Gateway with a regional API endpoint that has a resource as an S3 service proxy Configure the PUT method for this resource to expose the S3 Putobject operation Secure the API Gateway using an AWS Lambda authonzer Have the browser interface use API Gateway instead of the presigned URL to upload objects
• B. Enable an S3 Transfer Acceleration endpoint on the S3 bucket Use the endpoint when generating the presigned URL Have the browser interface upload the objects to this URL using the S3 multipart upload API
• C. Set up an Amazon API Gateway with an edge-optimized API endpoint that has a resource as an S3 service proxy Configure the PUT method for this resource to expose the S3 Putobject operation Secure the API Gateway using a cognito_user_pools authonzer Have the browser interface use API Gateway instead of the presigned URL to upload objects
• D. Configure an Amazon CloudFront distribution for the destination S3 bucket Enable PUT and POST methods for the CloudFront cache behavior Update the CloudFront origin to use an origin access identity (OAI) Give the OAl user s 3: Putobject permissions in the bucket policy Have the browser interface upload objects using the CloudFront distribution

Answer: D

NEW QUESTION # 178
A company has a media metadata extraction pipeline running on AWS. Notifications containing a reference to a file m Amazon S3 are sent to an Amazon Simple Notification Service (Amazon SNS) topic The pipeline consists of a number of AWS Lambda functions that are subscribed to the SNS topic The Lambda functions extract the S3 file and write metadata to an Amazon RDS PostgreSQL DB instance Users report that updates to the metadata are sometimes slow to appear 01 are lost During these times, the CPU utilization on the database is high and the number of failed Lambda invocations increases Which combination of actions should a solutions architect take to help resolve this issue? (Select TWO)

• A. Create an Amazon Simple Queue Service (Amazon SQS) standard queue for each Lambda function and subscribe the queues to the SNS topic. Configure the Lambda functions to consume messages from their respective SQS queue
• B. Enable the RDS Data API for the RDS instance. Update the Lambda functions to connect to the RDS instance using the Data API
• C. Create an RDS proxy tor the RDS instance Update the Lambda functions to connect to the RDS instance using the proxy
• D. Enable message delivery status on the SNS topic Configure the SNS topic delivery policy to enable retries with exponential backoff
• E. Create an Amazon Simple Queue Service (Ama7on SQS) FIFO queue and subscribe the queue to the SNS topic Configure the Lambda functions to consume messages from the SQS queue

Answer: A,C

NEW QUESTION # 179
A company runs a Windows Server host in a public subnet that is configured to allow a team of administrators to connect over RDP to troubleshoot issues with hosts in a private subnet. The host must be available at all times outside of a scheduled maintenance window, and needs to receive the latest operating system updates within 3 days of release.
What should be done to manage the host with the LEAST amount of administrative effort?

• A. Run the host in AWS OpsWorks Stacks. Use a Chief recipe to harden the AMI during instance launch.
  Use an AWS Lambda scheduled event to run the Upgrade Operating System stack command to apply system updates.
• B. Run the host on AWS WorkSpaces. Use Amazon WorkSpaces Application Manager (WAM) to harden the host. Configure Windows automatic updates to occur every 3 days.
• C. Run the host in an Auto Scaling group with a minimum and maximum instance count of 1. Use a hardened machine image from AWS Marketplace. Apply system updates with AWS Systems Manager Patch Manager.
• D. Run the host in a single-instance AWS Elastic Beanstalk environment. Configure the environment with a custom AMI to use a hardened machine image from AWS Marketplace. Apply system updates with AWS Systems Manager Patch Manager.

Answer: C

NEW QUESTION # 180
A company has an application that runs a web service on Amazon EC2 instances and stores .jpg images in Amazon S3. The web traffic has a predictable baseline, but often demand spikes unpredictably for short periods of time. The application is loosely coupled and stateless. The .jpg images stored in Amazon S3 are accessed frequently for the first 15 to 20 days, they are seldom accessed thereafter but always need to be immediately available. The CIO has asked to find ways to reduce costs.
Which of the following options will reduce costs? (Choose two.)

• A. Configure a lifecycle policy to move the .jpg images on Amazon S3 to S3 IA after 30 days.
• B. Configure a lifecycle policy to move the .jpg images on Amazon S3 to Amazon Glacier after 30 days.
• C. Use On-Demand instances for baseline capacity requirements and use Spot Fleet instances for the demand spikes.
• D. Purchase Reserved instances for baseline capacity requirements and use On-Demand instances for the demand spikes.
• E. Create a script that checks the load on all web servers and terminates unnecessary On-Demand instances.

Answer: A,D

NEW QUESTION # 181
A company wants to change its internal cloud billing strategy for each of its business units Currently, the cloud governance team shares reports for overall cloud spending with the head of each business unit. The company uses AWS Organizations to manage the separate AWS accounts for each business unit. The existing tagging standard in Organizations includes the application environment and owner. The cloud governance team wants a centralized solution so each business unit receives monthly reports on its cloud spending. The solution should also send notifications for any cloud spending that exceeds a set threshold Which solution is the MOST cost-effective way to meet these requirements?

• A. Configure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owner Add each business unit to an Amazon SNS topic for each alert. Use the AWS Blog and Cost Management dashboard in each account to create monthly reports for each business unit.
• B. Configure AWS Budgets in the organization's master account and configure budget alerts that are grouped by application, environment and owner Add each business unit to an Amazon SNS tope for each alert Use Cost Explorer in the organization's master account to create monthly reports for each business unit.
• C. Enable AWS Cost and Usage Reports m the organization's master account and configure reports grouped by application environment and owner Create an AWS Lambda function that processes AWS Cost and Usage Reports sends budget alerts and sends monthly reports to each business unit's email list.
• D. Configure AWS Budgets in each account and configure budget alerts that are grouped by application, environment and owner Add each business unit to an Amazon SNS topic for each alert. Use Cost Explorer m each account to create monthly reports for each business unit.

Answer: A

NEW QUESTION # 182
A company wants to migrate a 30 TB Oracle data warehouse from on premises to Amazon Redshift The company used the AWS Schema Conversion Tool (AWS SCT) to convert the schema of the existing data warehouse to an Amazon Redshift schema The company also used a migration assessment report to identify manual tasks to complete.
The company needs to migrate the data to the new Amazon Redshift cluster during an upcoming data freeze period of 2 weeks The only network connection between the on-premises data warehouse and AWS is a 50 Mops internet connection Which migration strategy meets these requirements?

• A. install the AWS SCT extraction agents on the on-premises servers. Create a Site-to-Site VPN connection Create an AWS Database Migration Service (AWS DMS) replication instance that is the appropriate size Authorize the IP address of the replication instance to be able to access the on-premises data warehouse through the VPN connection
• B. Create a job in AWS Snowball Edge to import data into Amazon S3 Install AWS SCT extraction agents on the on-premises servers Define the local and AWS Database Migration Service (AWS DMS) tasks to send the data to the Snowball Edge device When the Snowball Edge device is returned to AWS and the data is available in Amazon S3, run the AWS DMS subtask to copy the data to Amazon Redshift.
• C. Install the AWS SCT extraction agents on the on-premises servers. Define the extract, upload, and copy tasks to send the data to an Amazon S3 bucket. Copy the data into the Amazon Redshift cluster. Run the tasks at the beginning of the data freeze period.
• D. Create an AWS Database Migration Service (AWS DMS) replication instance. Authorize the public IP address of the replication instance to reach the data warehouse through the corporate firewall Create a migration task to run at the beginning of the data freeze period.

Answer: B

Explanation:
AWS Database Migration Service (AWS DMS) can use Snowball Edge and Amazon S3 to migrate large databases more quickly than by other methods https://docs.aws.amazon.com/dms/latest/userguide/CHAP_LargeDBs.html
https://www.calctool.org/CALC/prof/computing/transfer_time

NEW QUESTION # 183
A company has an internal application running on AWS that is used to track and process shipments in the company's warehouse. Currently, after the system receives an order, it emails the staff the information needed to ship a package. Once the package is shipped, the staff replies to the email and the order is marked as shipped.
The company wants to stop using email in the application and move to a serverless application model.
Which architecture solution meets these requirements?

• A. When a new order is created, store the order information in Amazon SQS. Have AWS Lambda check the queue every 5 minutes and process any needed work. When an order needs to be shipped, have Lambda print the label in the warehouse. Once the label has been scanned, as it leaves the warehouse, have an Amazon EC2 instance update Amazon SQS.
• B. Update the application to store new order information in Amazon DynamoDB. When a new order is created, trigger an AWS Step Functions workflow, mark the orders as "in progress," and print a package label to the warehouse. Once the label has been scanned and fulfilled, the application will trigger an AWS Lambda function that will mark the order as shipped and complete the workflow.
• C. Use AWS Batch to configure the different tasks required to ship a package. Have AWS Batch trigger an AWS Lambda function that creates and prints a shipping label. Once that label is scanned, as it leaves the warehouse, have another Lambda function move the process to the next step in the AWS Batch job.
• D. Store new order information in Amazon EFS. Have instances pull the new information from the NFS and send that information to printers in the warehouse. Once the label has been scanned, as it leaves the warehouse, have Amazon API Gateway call the instances to remove the order information from Amazon EFS.

Answer: B

NEW QUESTION # 184
A company currently uses a single 1 Gbps AWS Direct Connect connection to establish connectivity between an AWS Region and its data center. The company has five Amazon VPCs, all of which are connected to the data center using the same Direct Connect connection. The Network team is worried about the single point of failure and is interested in improving the redundancy of the connections to AWS while keeping costs to a minimum.
Which solution would improve the redundancy of the connection to AWS while meeting the cost requirements?

• A. Provision another 1 Gbps Direct Connect connection and create new VIFs to each of the VPCs.
  Configure the VIFs in a load balancing fashion using BGP.
• B. Create a public VIF on the Direct Connect connection and set up a VPN tunnel which will terminate on the virtual private gateway (VGW) of the respective VPC using the public VIF. Use BGP to handle the failover to the VPN connection.
• C. Set up VPN tunnels from the data center to each VPC. Terminate each VPN tunnel at the virtual private gateway (VGW) of the respective VPC and set up BGP for route management.
• D. Set up a new point-to-point Multiprotocol Label Switching (MPLS) connection to the AWS Region that's being used. Configure BGP to use this new circuit as passive, so that no traffic flows through this unless the AWS Direct Connect fails.

Answer: C

NEW QUESTION # 185
company is running an application distributed over several Amazon EC2 instances in an Auto Seating group behind an Application Load Balancer The security team requires that all application access attempts be made available for analysis information about the client IP address, connection type, and user agent must be included Which solution will meet these requirements?

• A. Enable EC2 detailed monitoring, and include network logs. Send all logs through Amazon Kinesis Data Firehose to an Amazon Elasticsearch Service (Amazon ES) cluster that the security team uses for analysis.
• B. Enable Traffic Mirroring and specify all EC2 instance network interfaces as the source. Send all traffic information through Amazon Kinesis Data Firehose to an Amazon Elasticsearch Service (Amazon ES) cluster that the security team uses for analysis.
• C. Enable access logs for the Application Load Balancer, and publish the logs to an Amazon S3 bucket.
  Have the security team use Amazon Athena to query and analyze the logs
• D. Enable VPC Flow Logs for all EC2 instance network interfaces Publish VPC Flow Logs to an Amazon S3 bucket Have the security team use Amazon Athena to query and analyze the logs.

Answer: B

NEW QUESTION # 186
A company runs a popular public-facing ecommerce website. Its user base is growing quickly from a local market to a national market. The website is hosted in an on-premises data center with web servers and a MySQL database. The company wants to migrate its workload (o AWS. A solutions architect needs to create a solution to:
* Improve security
* Improve reliability
Improve availability
* Reduce latency
* Reduce maintenance
Which combination of steps should the solutions architect take to meet these requirements? (Select THREE.)

• A. Host static website content in Amazon S3. Use Amazon CloudFronl to reduce latency while serving webpages. Use AWS WAF to improve website security
• B. Migrate the database to a Multi-AZ Amazon Aurora MySQL DB cluster.
• C. Host static website content in Amazon S3. Use S3 Transfer Acceleration to reduce latency while serving webpages. Use AWS WAF to improve website security.
• D. Use Amazon EC2 instances in two Availability Zones to host a highly available MySQL database cluster.
• E. Use Amazon EC2 instances in two Availability Zones for the web servers in an Auto Scaling group behind an Application Load Balancer.
• F. Migrate the database to a single-AZ Amazon RDS for MySQL DB instance.

Answer: A,B,E

NEW QUESTION # 187
A company prefers to limit running Amazon EC2 instances to those that were launched from AMIs pre-approved by the Information Security department. The Development team has an agile continuous integration and deployment process that cannot be stalled by the solution.
Which method enforces the required controls with the LEAST impact on the development process? (Choose two.)

• A. Use IAM policies to restrict the ability of users or other automated entities to launch EC2 instances based on a specific set of pre-approved AMIs, such as those tagged in a specific way by Information Security.
• B. Use regular scans within Amazon Inspector with a custom assessment template to determine if the EC2 instance that the Amazon Inspector Agent is running on is based upon a pre-approved AMI. If it is not, shut down the instance and inform information Security by email that this occurred.
• C. Only allow launching of EC2 instances using a centralized DevOps team, which is given work packages via notifications from an internal ticketing system. Users make requests for resources using this ticketing tool, which has manual information security approval steps to ensure that EC2 instances are only launched from approved AMIs.
• D. Use a scheduled AWS Lambda function to scan through the list of running instances within the virtual private cloud (VPC) and determine if any of these are based on unapproved AMIs. Publish a message to an SNS topic to inform Information Security that this occurred and then shut down the instance.
• E. Use AWS Config rules to spot any launches of EC2 instances based on non-approved AMIs, trigger an AWS Lambda function to automatically terminate the instance, and publish a message to an Amazon SNS topic to inform Information Security that this occurred.

Answer: A,E

Explanation:
Explanation
https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_getting-started.html

NEW QUESTION # 188
A large company runs workloads in VPCs that are deployed across hundreds of AWS accounts Each VPC consists of public subnets and private subnets that span across multiple Availability Zones NAT gateways are deployed in the public subnets and allow outbound connectivity to the internet from the private subnets.
A solutions architect is working on a hub-and-spoke design. All private subnets in the spoke VPCs must route traffic to the internet through an egress VPC The solutions architect already has deployed a NAT gateway in an egress VPC in a central AWS account Which set of additional steps should the solutions architect take to meet these requirements?

• A. Create an AWS PrivateLink connection between the egress VPC and the spoke VPCs Configure the required routing to allow access to the internet
• B. Create a transit gateway and share it with the existing AWS accounts Attach existing VPCs to the transit gateway Configure the required routing to allow access to the internet
• C. Create a transit gateway in every account Attach the NAT gateway to the transit gateways Configure the required routing to allow access to the internet
• D. Create peering connections between the egress VPC and the spoke VPCs Configure the required routing to allow access to the internet

Answer: B

NEW QUESTION # 189
A company's CISO has asked a Solutions Architect to re-engineer the company's current CI/CD practices to make sure patch deployments to its applications can happen as quickly as possible with minimal downtime if vulnerabilities are discovered. The company must also be able to quickly roll back a change in case of errors.
The web application is deployed in a fleet of Amazon EC2 instances behind an Application Load Balancer.
The company is currently using GitHub to host the application source code and has configured an AWS CodeBuild project to build the application. The company also intends to use AWS CodePipeLine to trigger builds form GitHub commits using the existing CodeBuild project.
What CI/CD configuration meets all of the requirements?

• A. Configure CodePipeline with a deploy stage using AWS CloudFormation to create a pipeline for test and production stacks. Monitor the newly deployed cod and if there are any issues push another code update.
• B. Configure the CodePipeline with a deploy stage using AWS OpsWorks and in-place deployments.
  Monitor the newly deployed code and if there are any issues, push another code update.
• C. Configure CodePipeline with a deploy stage using AWS CodeDeploy configure for blue/green deployments. Monitor the new deployed code and if there are any issues, trigger a manual rollback using CodeDeploy.
• D. Configure CodePipeline with a deploy stage using AWS CodeDeploy configured for in-place deployment. Monitor the newly deployed code, and if there are any issues, push another code update.

Answer: C

NEW QUESTION # 190
......

Ultimate Guide to the SAP-C01 - Latest Edition Available Now: https://torrentpdf.practicedump.com/SAP-C01-exam-questions.html