Amazon Web Services SAP-C02 Study & Exam Dumps 2025

AWS Certified Solutions Architect - Professional Questions and Answers

Question 1

A company is deploying a third-party web application to an AWS account. The company wants to deploy the application across multiple Amazon EC2 instances. The company must have the ability to scale horizontally when necessary. The application uses browser cookies for session state management. The application requires session affinity.

Which solution will meet these requirements?

Options:

Assign each EC2 instance a public IP address. Configure an Amazon Route 53 multivalue A record for the application. Enable health checks for the A record. Configure a Route 53 Resolver rule that ensures a specific cookie value will consistently return the same EC2 instance. Access the application by using the Route 53 A record.

Place the EC2 instances in an Auto Scaling group. Configure an Amazon CloudFront distribution and set the Auto Scaling group as the origin. Create a CloudFront function to handle viewer requests. Include cookie processing logic to ensure that users are directed to the correct EC2 instance. Access the application by using the CloudFront distribution URL.

Place the EC2 instances in an Auto Scaling group. Configure a public Application Load Balancer (ALB), and configure the ALB to direct traffic for the application to the Auto Scaling group. Enable sticky sessions on the target group for the application cookies. Access the application by using the ALB domain name.

Configure a Gateway Load Balancer (GWLB). Register the EC2 instances as a target group by using their instance IDs. Enable flow stickiness on the target group. Access the application by using the GWLB domain name.

Buy Now

Answer:

Explanation:

Comprehensive and Detailed Explanation:

This question is testing the correct load balancing design for a stateful web application that:

runs on multiple EC2 instances,

must scale horizontally,

uses browser cookies for session management,

requires session affinity.

The correct solution is to place the EC2 instances in an Auto Scaling group behind an Application Load Balancer and enable sticky sessions on the target group. This allows the application to scale out across multiple instances while ensuring that repeat requests from the same client are routed to the same target for the duration of the stickiness configuration.

Why C is correct

An Application Load Balancer is designed for Layer 7 HTTP/HTTPS traffic, which is exactly what a browser-based web application uses. Because the application uses cookies and requires session affinity, ALB is the correct AWS service since it supports sticky sessions for target groups. The EC2 instances can be placed in an Auto Scaling group so the application can add or remove instances as demand changes. This directly satisfies the horizontal scaling requirement.

ALB also integrates natively with Auto Scaling groups, health checks, and target groups. For web applications that rely on session persistence, ALB stickiness is the standard design choice. The application is third-party, so changing the application to externalize sessions may not be possible. Therefore, keeping requests bound to the same backend instance is the appropriate architecture.

Why A is incorrect

Route 53 does not provide cookie-based session affinity to specific EC2 instances. Multivalue answer routing can return multiple healthy records, but it is a DNS-level mechanism, not an HTTP session persistence mechanism. Route 53 Resolver rules also do not inspect browser cookies and do not ensure that a given cookie value maps consistently to one EC2 instance.

In addition, exposing each EC2 instance with a public IP is not the right scalable architecture for a horizontally scaled web application. This option lacks proper load balancer behavior and does not provide real application-layer stickiness.

Why B is incorrect

CloudFront cannot use an Auto Scaling group directly as an origin. CloudFront origins are typically an Application Load Balancer, Network Load Balancer, S3 bucket, custom HTTP origin, or similar endpoint. An Auto Scaling group itself is not a valid origin endpoint for CloudFront.

Also, CloudFront Functions are used for lightweight request and response manipulation at the edge. They are not the correct mechanism to implement instance-level session affinity for a fleet of EC2 instances. Even if cookies are forwarded, CloudFront is not the service that should manage sticky routing among application servers. That role belongs to the load balancer.

Why D is incorrect

Gateway Load Balancer is designed for deploying, scaling, and managing third-party virtual appliances such as firewalls, IDS, and deep packet inspection systems. It is not intended to front standard web applications for browser traffic.

Flow stickiness on GWLB is not the same as HTTP cookie-based session affinity for a web application. GWLB operates for appliance insertion use cases, not for traditional user-facing web application request distribution. Therefore, it does not meet the application requirement appropriately.

Question 2

A solutions architect is auditing the security setup of an AWS Lambda function for a company. The Lambda function retrieves the latest changes from an Amazon Aurora database. The Lambda function and the database run in the same VPC. Lambda environment variables are providing the database credentials to the Lambda function.

The Lambda function aggregates data and makes the data available in an Amazon S3 bucket that is configured for server-side encryption with AWS KMS managed encryption keys (SSE-KMS). The data must not travel across the internet. If any database credentials become compromised, the company needs a solution that minimizes the impact of the compromise.

What should the solutions architect recommend to meet these requirements?

Options:

Enable IAM database authentication on the Aurora DB cluster. Change the IAM role for the Lambda function to allow the function to access the database by using IAM database authentication. Deploy a gateway VPC endpoint for Amazon S3 in the VPC.

Enable IAM database authentication on the Aurora DB cluster. Change the IAM role for the Lambda function to allow the function to access the database by using IAM database authentication. Enforce HTTPS on the connection to Amazon S3 during data transfers.

Save the database credentials in AWS Systems Manager Parameter Store. Set up password rotation on the credentials in Parameter Store. Change the IAM role for the Lambda function to allow the function to access Parameter Store. Modify the Lambda function to retrieve the credentials from Parameter Store. Deploy a gateway VPC endpoint for Amazon S3 in the VPC.

Save the database credentials in AWS Secrets Manager. Set up password rotation on the credentials in Secrets Manager. Change the IAM role for the Lambda function to allow the function to access Secrets Manager. Modify the Lambda function to retrieve the credentials Om Secrets Manager. Enforce HTTPS on the connection to Amazon S3 during data transfers.

Question 3

A company is migrating infrastructure for its massive multiplayer game to AWS. The game ' s application features a leaderboard where players can see rankings in real time. The leaderboard requires microsecond reads and single-digit-millisecond write latencies. The datasets are single- digit terabytes in size and must be available to accept writes in less than a minute if a primary node failure occurs.

The company needs a solution in which data can persist for further analytical processing through a data pipeline.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

Create an Amazon ElastiCache (Redis OSS) cluster with cluster mode enabled. Configure the application to interact with the primary node.

Create an Amazon RDS database with a read replica. Configure the application to point writes to the writer endpoint. Configure the application to point reads to the reader endpoint.

Create an Amazon MemoryDB cluster in Multi-AZ mode. Configure the application to interact with the primary node.

Create multiple Redis nodes on Amazon EC2 instances that are spread across multiple Availability Zones. Configure backups to Amazon S3.

Answer:

Explanation:

The workload is a real-time leaderboard that needs extremely low latency: microsecond reads and single-digit millisecond writes. It also needs rapid failover (accepting writes in less than a minute after a primary node failure) and minimal operational overhead. Additionally, the data must be durable enough to persist and be used later for analytics through a data pipeline.

Amazon MemoryDB for Redis is a Redis-compatible, durable, in-memory database service designed for microsecond read latency and low-millisecond write latency while also providing durability through a distributed transaction log. MemoryDB is designed to be a primary database rather than a cache and supports Multi-AZ configurations with fast failover. These characteristics match the leaderboard’s latency requirements and the availability requirement to resume writes quickly after a failure. Because MemoryDB is fully managed, it has less operational overhead than running Redis on EC2.

Option C is the best choice because MemoryDB provides Redis compatibility, in-memory performance, Multi-AZ high availability, and durability that supports data persistence for downstream processing. The durability aspect is especially important for feeding analytics pipelines, because the data is not only cached but is retained as a database record.

Option A is not the best choice because Amazon ElastiCache for Redis is primarily used as a cache. While it can be configured for replication and can achieve low latency, it is not positioned as a durable primary data store in the same way as MemoryDB for Redis. For requirements that explicitly combine extremely low latency with persistence and database-like durability, MemoryDB is the more appropriate managed service with lower operational overhead than building custom durability mechanisms.

Option B is not suitable because Amazon RDS for MySQL typically cannot meet microsecond read latency, and write latencies are usually higher than single-digit milliseconds for non-trivial workloads. Also, read replicas do not provide multi-writer capability and do not ensure sub-minute write availability in all failure scenarios without additional architecture and failover handling.

Option D has the highest operational overhead because it requires the company to operate Redis on EC2: instance management, patching, scaling, replication, failover automation, monitoring, and backup/restore processes. This does not meet the requirement for the least operational overhead compared to fully managed services.

Therefore, an Amazon MemoryDB cluster in Multi-AZ mode provides the required ultra-low latency, rapid failover for write availability, durability for persistence, and least operational overhead.

[References:AWS documentation on Amazon MemoryDB for Redis, including Redis compatibility, microsecond read latency, Multi-AZ availability, fast failover, and durability suitable for primary database use.AWS documentation on the positioning of Amazon ElastiCache for Redis as an in-memory caching service and MemoryDB as a durable in-memory database., , ]

Get Free SAP-C02 Questions and Answers

Spring Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Amazon Web Services SAP-C02 Exam With Confidence Using Practice Dumps

SAP-C02: AWS Certified Professional Exam 2025 Study Guide Pdf and Test Engine

Related Amazon Web Services Exams

AWS Certified Solutions Architect - Professional Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce