AWS Certified Professional SAP-C02 Release Date

AWS Certified Solutions Architect - Professional Questions and Answers

Question 85

An environmental company is deploying sensors in major cities throughout a country to measure air quality The sensors connect to AWS loT Core to ingest timesheets data readings. The company stores the data in Amazon DynamoDB

For business continuity the company must have the ability to ingest and store data in two AWS Regions

Which solution will meet these requirements?

Options:

Create an Amazon Route 53 alias failover routing policy with values for AWS loT Core data endpoints in both Regions Migrate data to Amazon Aurora global tables

Create a domain configuration for AWS loT Core in each Region Create an Amazon Route 53 latency-based routing policy Use AWS loT Core data endpoints in both Regions as values Migrate the data to Amazon MemoryDB for Radis and configure Cross-Region replication

Create a domain configuration for AWS loT Core in each. Region Create an AmazonRoute 53 health check that evaluates domain configuration health Create a failover routing policy with values for the domain name from the AWS loT Core domain configurations Update the DynamoDB table to a global table

Create an Amazon Route 53 latency-based routing policy. Use AWS loT Core data endpoints in both Regions as values. Configure DynamoDB streams and Cross-Region data replication

Question 86

A company is creating a REST API to share information with six of its partners based in the United States. The company has created an Amazon API Gateway Regional endpoint. Each of the six partners will access the API once per day to post daily sales figures.

After initial deployment, the company observes 1.000 requests per second originating from 500 different IP addresses around the world. The company believes this traffic is originating from a botnet and wants to secure its API while minimizing cost.

Which approach should the company take to secure its API?

Options:

Create an Amazon CloudFront distribution with the API as the origin. Create an AWS WAF web ACL with a rule lo block clients thai submit more than fiverequests per day. Associate the web ACL with the CloudFront distnbution. Configure CloudFront with an origin access identity (OAI) and associate it with the distribution. Configure API Gateway to ensure only the OAI can run the POST method.

Create an Amazon CloudFront distribution with the API as the origin. Create an AWS WAF web ACL with a rule to block clients that submit more than five requests per day. Associate the web ACL with the CloudFront distnbution. Add a custom header to the CloudFront distribution populated with an API key. Configure the API to require an API key on the POST method.

Create an AWS WAF web ACL with a rule to allow access to the IP addresses used by the six partners. Associate the web ACL with the API. Create a resource policy with a request limit and associate it with the API. Configure the API to require an API key on the POST method.

Create an AWS WAF web ACL with a rule to allow access to the IP addresses used by the six partners. Associate the web ACL with the API. Create a usage plan with a request limit and associate it with the API. Create an API key and add it to the usage plan.

Question 87

A company wants to use an Amazon S3 bucket for its data scientists to store documents. The company uses AWS IAM Identity Center to authenticate users. The company created an IAM Identity Center group for the data scientists.

The company wants to grant the data scientists access to only their specific folders in the S3 bucket. The company also wants to know which documents each data scientist accessed.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

Create a custom IAM Identity Center permission set to grant the data scientists access to an S3 bucket prefix that matches their username tag. Use a policy to limit access to paths with the ${aws:PrincipalTag/userName>/" condition.

Create an IAM Identity Center role for the data scientist group that has Amazon S3 read access and write access. Add an S3 bucket policy that allows access to the IAM

Identity Center role.

Configure AWS CloudTrail to log S3 data events and deliver the logs to an S3 bucket. Use Amazon Athena to run queries on the CloudTrail logs in Amazon S3.

Configure AWS CloudTrail to log S3 management events to Amazon CloudWatch. Use the Amazon Athena CloudWatch connector to query the logs.

Enable S3 access logging to the EMR File System (EMRFS). Create an AWS Glue job to run queries on the access log data in EMRFS.

Question 88

A company operates a static content distribution platform that serves customers globally. The customers consume content from their own AWS accounts.

The company serves its content from an Amazon S3 bucket. The company uploads the content from its on-premises environment to the S3 bucket by using an S3 File Gateway.

The company wants to improve the platform's performance and reliability by serving content from the AWS Region that is geographically closest to customers. The company must route the on-premises data to Amazon S3 with minimal latency and without public internet exposure.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Select TWO.)

Options:

Implement S3 Multi-Region Access Points.

Use S3 Cross-Region Replication (CRR) to copy content to different Regions.

Create an AWS Lambda function that tracks the routing of clients to Regions.

Use an AWS Site-to-Site VPN connection to connect to a Multi-Region Access Point.

Use AWS PrivateLink and AWS Direct Connect to connect to a Multi-Region Access Point.

Answer:

A, E

Explanation:

This explanation is based on AWS documentation and best practices but is paraphrased, not a literal extract.

The company needs two things:

To serve static content from the AWS Region geographically closest to each customer.

To send data from on premises to Amazon S3 with minimal latency and without traversing the public internet, while keeping operational overhead low.

S3 Multi-Region Access Points provide a single global endpoint that fronts multiple S3 buckets in different Regions. Multi-Region Access Points use latency-based routing and failover capabilities to direct client requests automatically to the closest healthy Regional S3 bucket that is part of the Multi-Region Access Point. This directly addresses the requirement to serve content from the closest Region with high performance and reliability, and it avoids the need to build and maintain custom routing logic.

Behind the scenes, S3 Multi-Region Access Points rely on S3 Replication between the Regional buckets that participate in the Multi-Region Access Point. When you configure a Multi-Region Access Point, you set up the participating buckets and replication configuration once; AWS then manages routing and failover, reducing operational overhead compared to manually configuring and managing multiple S3 endpoints and application logic.

For the on-premises environment, the company wants to send data to S3 with minimal latency and without using the public internet. AWS Direct Connect provides a dedicated network connection from the on-premises network into AWS, avoiding the public internet and generally providing lower and more consistent latency. AWS PrivateLink allows private connectivity to supported AWS services (such as S3 Multi-Region Access Points via interface endpoints) from within a VPC using private IP addresses. When you combine Direct Connect with PrivateLink, traffic flows from on-premises over a private dedicated connection into a VPC and then privately to the Multi-Region Access Point through an interface VPC endpoint, satisfying the requirement for no public internet exposure.

Therefore, implementing S3 Multi-Region Access Points (option A) addresses the global content serving and Regional routing, and using AWS PrivateLink together with AWS Direct Connect (option E) provides low-latency, private network connectivity from on premises to the Multi-Region Access Point with minimal operational overhead.

Option B, S3 Cross-Region Replication alone, would replicate data across Regions but would not automatically route customers to the closest Region; application changes and manual routing would be required, increasing operational overhead.

Option C would require building and maintaining a custom Lambda-based routing system, which is unnecessary when S3 Multi-Region Access Points provide managed routing and failover.

Option D, AWS Site-to-Site VPN, encrypts traffic over the public internet; it does not satisfy the explicit requirement to avoid public internet exposure and typically has less predictable latency than Direct Connect.

[References:AWS documentation on Amazon S3 Multi-Region Access Points, including latency-based routing and built-in replication between Regional buckets.AWS Direct Connect documentation describing private, dedicated connectivity from on-premises to AWS to reduce latency and avoid public internet exposure.AWS PrivateLink documentation describing access to supported services over private IP addresses via interface VPC endpoints.]

New Year Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

AWS Certified Professional SAP-C02 Release Date

AWS Certified Solutions Architect - Professional Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce