CertsTopics Logo

Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Amazon Web Services SAP-C02 Exam With Confidence Using Practice Dumps

Exam Code:
SAP-C02
Exam Name:
AWS Certified Solutions Architect - Professional
Certification:
AWS Certified Professional
Vendor:
Amazon Web Services
Questions:
674
Last Updated:
Jun 21, 2026
Exam Status:
Stable
Amazon Web Services SAP-C02

SAP-C02: AWS Certified Professional Exam 2025 Study Guide Pdf and Test Engine

Are you worried about passing the Amazon Web Services SAP-C02 (AWS Certified Solutions Architect - Professional) exam? Download the most recent Amazon Web Services SAP-C02 braindumps with answers that are 100% real. After downloading the Amazon Web Services SAP-C02 exam dumps training , you can receive 99 days of free updates, making this website one of the best options to save additional money. In order to help you prepare for the Amazon Web Services SAP-C02 exam questions and verified answers by IT certified experts, CertsTopics has put together a complete collection of dumps questions and answers. To help you prepare and pass the Amazon Web Services SAP-C02 exam on your first attempt, we have compiled actual exam questions and their answers. 

Our (AWS Certified Solutions Architect - Professional) Study Materials are designed to meet the needs of thousands of candidates globally. A free sample of the CompTIA SAP-C02 test is available at CertsTopics. Before purchasing it, you can also see the Amazon Web Services SAP-C02 practice exam demo.

Get SAP-C02 Full Access

Related Amazon Web Services Exams

AWS Certified Solutions Architect - Professional Questions and Answers

Get Free SAP-C02 Questions and Answers
Question 1

A company is using AWS Control Tower to manage AWS accounts in an organization in AWS Organizations. The company has an OU that contains accounts. The company

must prevent any new or existing Amazon EC2 instances in the OUs accounts from gaining a public IP address.

Which solution will meet these requirements?

Options:

A.

Configure all instances in each account in the OU to use AWS Systems Manager. Use a Systems Manager Automation runbook to prevent public IP addressesfrom being attached to the instances.

B.

Implement the AWS Control Tower proactive control to check whether instances in the OU ' s accounts have a public IP address. Set theAssociatePubIicIpAddress property to False. Attach the proactive control to the OU.

C.

Create an SCP that prevents the launch of instances that have a public IP address. Additionally, configure the SCP to prevent the attachment of apublic IP address to existing instances. Attach the SCP to the OU.

D.

Create an AWS Config custom rule that detects instances that have a public IP address. Configure a remediation action that uses an AWS Lambda function to detach the public IP addresses from the instances.

Buy Now
Question 2

A company uses multiple software as a service SaaS applications for messaging, email, and file sharing. The SaaS applications are compatible with AWS AppFabric. The company’s web application runs in a VPC on an Amazon EKS cluster and uses Amazon S3 to store data.

The company wants to detect security incidents across the SaaS applications and the web application that could compromise company data. The company needs a centralized solution that provides a dashboard. The dashboard must show the IP addresses, email addresses, and access frequencies of unique users across its SaaS applications and the web application.

Which combination of steps will meet these requirements with the LEAST operational overhead? Select THREE.

Options:

A.

Ingest audit log data from each SaaS application into AWS AppFabric. Convert the audit log data into Open Cybersecurity Schema Framework OCSF normalized Apache Parquet format. Send the logs to Amazon Data Firehose to be delivered to an Amazon Security Lake S3 bucket.

B.

Ingest networking and usage log data from each SaaS application into AWS AppFabric. Convert the networking and usage log data into JSON format. Send the logs to Amazon Data Firehose to be delivered to Amazon OpenSearch Service.

C.

Create an Amazon S3 bucket to receive logs in JSON format through Amazon Data Firehose. Create a dashboard in Amazon CloudWatch. Configure the dashboard to visualize the location of the IP addresses, email addresses, and access frequencies of unique users by using data from the S3 bucket.

D.

Configure the logs associated with AWS CloudTrail management events, AWS CloudTrail data events for Amazon S3, Amazon EKS audit logs, and VPC Flow Logs as sources in Amazon Security Lake. Add AWS AppFabric as a custom source in Security Lake.

E.

Configure Amazon Security Lake to send security data from different sources to Amazon Redshift. Use Amazon QuickSight to create a visualization of the security data.

F.

Configure Amazon Security Lake to send security data from different sources to Amazon OpenSearch Service by using OpenSearch Ingestion. Use the OpenSearch Service dashboard to create a visualization of the security data.

Question 3

Company A recently acquired Company B. Company A requires that Company B use Amazon WorkSpaces in a separate member AWS account that Company A manages. Company A uses AWS Organizations with all features enabled. Company A also uses AWS IAM Identity Center with a SAML-based identity source for access to Company A’s AWS accounts. Company B has its own SAML-based identity provider IdP.

Company A requires that authentication to WorkSpaces use only Company B’s own IdP.

Which solution will meet these requirements?

Options:

A.

Configure a WorkSpaces application from the IAM Identity Center application catalog. Set up the SAML metadata and certificate from Company B’s IdP. Enable WorkSpaces to authenticate by using SAML 2.0.

B.

Configure IAM Identity Center with a second identity source. Configure attributes for access control to identify users from Company B. Create a new permission set that grants access to WorkSpaces to users with the correct attribute.

C.

Configure an IAM SAML IdP in the member AWS account. Create IAM roles in the member AWS account with a trust policy that allows the AssumeRoleWithSAML API operation with permissions for WorkSpaces. Create an SCP that prevents IAM roles from the member AWS account from assuming roles in other accounts. Apply the SCP to the root OU.

D.

Enable the creation of account instances in member accounts. Configure an IAM Identity Center account instance in the member AWS account. Configure the identity source to be the SAML-based IdP of Company B. Configure WorkSpaces to use the account instance as its authentication source.

Get Free SAP-C02 Questions and Answers