Amazon Web Services SAP-C02 Study & Exam Dumps 2025

AWS Certified Solutions Architect - Professional Questions and Answers

Question 1

A company runs a customer service center that accepts calls and automatically sends all customers a managed, interactive, two-way experience survey by text message.

The applications that support the customer service center run on machines that the company hosts in an on-premises data center. The hardware that the company uses is old, and the company is experiencing downtime with the system. The company wants to migrate the system to AWS to improve reliability.

Which solution will meet these requirements with the LEAST ongoing operational overhead?

Options:

Use Amazon Connect to replace the old call center hardware. Use Amazon Pinpoint to send text message surveys to customers.

Use Amazon Connect to replace the old call center hardware. Use Amazon Simple Notification Service (Amazon SNS) to send text message surveys to customers.

Migrate the call center software to Amazon EC2 instances that are in an Auto Scaling group. Use the EC2 instances to send text message surveys to customers.

Use Amazon Pinpoint to replace the old call center hardware and to send text message surveys to customers.

Buy Now

Question 2

A research company conducts mathematical simulations in the AWS Cloud. The simulations run on several hundred Amazon EC2 Linux instances. If a simulation encounters an issue, an engineer establishes an SSH connection to the affected EC2 instance.

Company policy requires that each EC2 instance session is established with a unique SSH key and that all SSH connections are logged in AWS CloudTrail. CloudTrail is enabled for the company’s account and the AWS Regions that the company uses.

Which solution will meet these requirements?

Options:

Answer:

Launch new EC2 instances. Generate an individual SSH key for each new EC2 instance. Store the SSH key in AWS Secrets Manager. Create a new IAM policy. Attach the IAM policy to the engineers ' IAM role with an Allow statement for the GetSecretValue action. Instruct the engineers to retrieve the SSH key from Secrets Manager when the engineers connect through any SSH client.

Answer:

Create an AWS Systems Manager document to run commands on EC2 instances to set a new unique SSH key. Create a new IAM policy. Attach the IAM policy to the engineers ' IAM role with an Allow statement to run Systems Manager documents. Instruct the engineers to run the document to set an SSH key and to connect through any SSH client.

Answer:

Launch new EC2 instances without setting up any SSH key for the new EC2 instances. Set up EC2 Instance Connect on each new EC2 instance. Create a new IAM policy. Attach the IAM policy to the engineers ' IAM role with an Allow statement for the SendSSHPublicKey action. Instruct the engineers to connect to the EC2 instances by using Instance Connect from the AWS CLI.

Answer:

Set up AWS Secrets Manager to store the EC2 SSH key. Create an AWS Lambda function to create a new SSH key and to call AWS Systems Manager Session Manager to set the SSH key on the EC2 instance. Configure Secrets Manager to use the Lambda function to automatically rotate the SSH key once daily. Instruct the engineers to retrieve the SSH key from Secrets Manager when the engineers connect through any SSH client.

Answer:

C is correct because EC2 Instance Connect pushes a temporary SSH public key to the instance for a short connection window instead of relying on long-lived shared key pairs. This satisfies the requirement that each SSH session use a unique key. AWS documentation states that the SendSSHPublicKey API pushes an SSH public key to the specified instance and that the key remains for 60 seconds. EC2 API calls, including SendSSHPublicKey, are recorded in CloudTrail, which gives the company auditable connection records. Secrets Manager key storage does not inherently log actual SSH connection attempts and still leaves operational complexity around key retrieval and rotation. Systems Manager documents also do not provide the clean session-specific SSH key behavior that EC2 Instance Connect provides.

Question 3

A company creates an AWS Control Tower landing zone to manage and govern a multi-account AWS environment. The company ' s security team will deploy preventive controls and detective controls to monitor AWS services across all the accounts. The security team needs a centralized view of the security state of all the accounts.

Which solution will meet these requirements ' ?

Options:

From the AWS Control Tower management account, use AWS CloudFormation StackSets to deploy an AWS Config conformance pack to all accounts in the organization

Enable Amazon Detective for the organization in AWS Organizations Designate one AWS account as the delegated administrator for Detective

From the AWS Control Tower management account, deploy an AWS CloudFormation stack set that uses the automatic deployment option to enable Amazon Detective for the organization

Enable AWS Security Hub for the organization in AWS Organizations Designate one AWS account as the delegated administrator for Security Hub

Get Free SAP-C02 Questions and Answers

Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Amazon Web Services SAP-C02 Exam With Confidence Using Practice Dumps

SAP-C02: AWS Certified Professional Exam 2025 Study Guide Pdf and Test Engine

Related Amazon Web Services Exams

AWS Certified Solutions Architect - Professional Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce