Amazon Web Services SAP-C02 Exam With Confidence Using Practice Dumps

The requirement has two separate controls: customer-controlled cryptographic root of trust and preventive regional governance. AWS KMS external key store (XKS) is the correct encryption model because AWS KMS forwards cryptographic operations to an external key manager that the customer controls outside AWS, such as an in-country HSM environment. That satisfies the requirement to operate the HSMs and retain control of the key root. AWS Control Tower Region deny control is the correct preventive governance control because it denies access to unlisted operations outside approved governed Regions for the selected organizational scope. AWS Config is detective, not preventive. AWS KMS multi-Region keys and standard customer managed keys do not keep the cryptographic root in customer-operated in-country HSMs. AWS CloudHSM custom key stores still use AWS CloudHSM clusters, not external in-country HSMs.

Using an Amazon Kinesis data stream as a target for the IoT Core rule ensures durable and scalable buffering of data during traffic spikes.

An ECS Fargate application reads data from Kinesis, processes it, and stores it in Aurora, meeting the requirement for flexible, serverless data handling.

This solution guarantees no data loss while providing real-time or near-real-time data processing capabilities.

The requirement is to estimate total cost of ownership before migration. This includes comparing current on-premises costs with projected AWS costs for compute, storage, databases, and related services, and producing a consolidated business-focused TCO view.

AWS Migration Evaluator is the AWS service specifically designed to help customers build data-driven business cases for migrating workloads to AWS. Migration Evaluator collects inventory and utilization data from on-premises environments by using a collector. It then allows architects to model different migration scenarios, map on-premises resources to AWS services such as Amazon EKS managed node groups and Amazon RDS for PostgreSQL, and generate reports that estimate costs, savings, and TCO impacts. The Quick Insights report provides a summarized, executive-level view of the estimated AWS costs, on-premises costs, and projected savings, which directly satisfies the requirement.

Option B is not sufficient because AWS DMS assessment reports focus on database migration feasibility and compatibility, not full workload TCO. The AWS Pricing Calculator can estimate AWS service costs, but it does not automatically incorporate on-premises cost data or provide a consolidated TCO comparison without significant manual effort.

Option C is incorrect because AWS Application Migration Service focuses on rehosting servers and testing migrations. It does not produce comprehensive TCO reports comparing on-premises and AWS environments for container platforms like EKS and managed databases.

Option D is incorrect because the AWS Cloud Economics Center and Cloud Value Framework provide conceptual guidance and methodology, not a workload-specific TCO report. AWS Cost and Usage Reports are used to analyze existing AWS usage, not to estimate costs for workloads that have not yet been migrated.

Therefore, using Migration Evaluator to collect on-premises data, model the target EKS and RDS architecture, and export a Quick Insights TCO report is the correct solution.