Passed Exam Today SAP-C02

AWS Certified Solutions Architect - Professional Questions and Answers

Question 105

A company stores a static website on Amazon S3. AWS Lambda functions retrieve content from an S3 bucket and serve the content as a website. An Application Load Balancer (ALB) directs incoming traffic to the Lambda functions. An Amazon CloudFront distribution routes requests to the ALB.

The company has set up an AWS Certificate Manager (ACM) certificate on the HTTPS listener of the ALB. The company needs all users to communicate with the website through HTTPS. HTTP users must not receive an error.

Which combination of steps will meet these requirements? (Select THREE.)

Options:

Configure the ALB with a TCP listener on port 443 for passthrough to backend systems.

Create an S3 bucket policy that denies access to the S3 bucket if the aws:SecureTransport request is false.

Configure HTTP to HTTPS redirection on the S3 bucket.

Set the origin protocol policy to HTTPS Only for CloudFront.

Set the viewer protocol policy to HTTPS Only for CloudFront.

Set the viewer protocol policy to Redirect HTTP to HTTPS for CloudFront.

Question 106

A company has a platform that consists of an on-premises single-node Kubernetes cluster. The cluster uses Windows-based and Linux-based file storage as shared storage. The company wants to migrate its platform to AWS.

The cluster has multiple containerized applications that are continuously scanned for operating system vulnerabilities and programming language package vulnerabilities. The company needs a highly available solution that supports monitoring, logging, and multiprotocol shared storage.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Select TWO.)

Options:

Replace the existing Kubernetes cluster with a single-node Amazon EKS cluster that is managed by AWS. Install Prometheus and Grafana on the EKS cluster by using public Docker images. Store the application Docker images in Amazon ECR. Enable ECR enhanced scanning.

Replace the existing Kubernetes cluster with a multi-node Amazon EKS cluster that is managed by AWS. Set up Amazon Managed Service for Prometheus and Amazon Managed Grafana for monitoring. Store the application Docker images in Amazon ECR. Enable ECR enhanced scanning.

Replace the existing Kubernetes cluster with a multi-node Amazon EKS cluster that is managed by AWS. Install open source versions of Prometheus and Grafana on Amazon EC2 instances. Store the application Docker images in Amazon ECR. Enable ECR enhanced scanning.

Provision an Amazon FSx for Windows File Server file share and an Amazon EFS file system. Mount the file share and the file system on the containers launched on the Amazon EKS cluster as persistent volumes.

Provision an Amazon FSx for NetApp ONTAP file system. Mount the file system on the containers launched on the Amazon EKS cluster as a persistent volume.

Question 107

A company is deploying a third-party web application to an AWS account. The company wants to deploy the application across multiple Amazon EC2 instances. The company must have the ability to scale horizontally when necessary. The application uses browser cookies for session state management. The application requires session affinity.

Which solution will meet these requirements?

Options:

Assign each EC2 instance a public IP address. Configure an Amazon Route 53 multivalue A record for the application. Enable health checks for the A record. Configure a Route 53 Resolver rule that ensures a specific cookie value will consistently return the same EC2 instance. Access the application by using the Route 53 A record.

Place the EC2 instances in an Auto Scaling group. Configure an Amazon CloudFront distribution and set the Auto Scaling group as the origin. Create a CloudFront function to handle viewer requests. Include cookie processing logic to ensure that users are directed to the correct EC2 instance. Access the application by using the CloudFront distribution URL.

Place the EC2 instances in an Auto Scaling group. Configure a public Application Load Balancer (ALB), and configure the ALB to direct traffic for the application to the Auto Scaling group. Enable sticky sessions on the target group for the application cookies. Access the application by using the ALB domain name.

Configure a Gateway Load Balancer (GWLB). Register the EC2 instances as a target group by using their instance IDs. Enable flow stickiness on the target group. Access the application by using the GWLB domain name.

Answer:

Explanation:

Comprehensive and Detailed Explanation:

This question is testing the correct load balancing design for a stateful web application that:

runs on multiple EC2 instances,

must scale horizontally,

uses browser cookies for session management,

requires session affinity.

The correct solution is to place the EC2 instances in an Auto Scaling group behind an Application Load Balancer and enable sticky sessions on the target group. This allows the application to scale out across multiple instances while ensuring that repeat requests from the same client are routed to the same target for the duration of the stickiness configuration.

Why C is correct

An Application Load Balancer is designed for Layer 7 HTTP/HTTPS traffic, which is exactly what a browser-based web application uses. Because the application uses cookies and requires session affinity, ALB is the correct AWS service since it supports sticky sessions for target groups. The EC2 instances can be placed in an Auto Scaling group so the application can add or remove instances as demand changes. This directly satisfies the horizontal scaling requirement.

ALB also integrates natively with Auto Scaling groups, health checks, and target groups. For web applications that rely on session persistence, ALB stickiness is the standard design choice. The application is third-party, so changing the application to externalize sessions may not be possible. Therefore, keeping requests bound to the same backend instance is the appropriate architecture.

Why A is incorrect

Route 53 does not provide cookie-based session affinity to specific EC2 instances. Multivalue answer routing can return multiple healthy records, but it is a DNS-level mechanism, not an HTTP session persistence mechanism. Route 53 Resolver rules also do not inspect browser cookies and do not ensure that a given cookie value maps consistently to one EC2 instance.

In addition, exposing each EC2 instance with a public IP is not the right scalable architecture for a horizontally scaled web application. This option lacks proper load balancer behavior and does not provide real application-layer stickiness.

Why B is incorrect

CloudFront cannot use an Auto Scaling group directly as an origin. CloudFront origins are typically an Application Load Balancer, Network Load Balancer, S3 bucket, custom HTTP origin, or similar endpoint. An Auto Scaling group itself is not a valid origin endpoint for CloudFront.

Also, CloudFront Functions are used for lightweight request and response manipulation at the edge. They are not the correct mechanism to implement instance-level session affinity for a fleet of EC2 instances. Even if cookies are forwarded, CloudFront is not the service that should manage sticky routing among application servers. That role belongs to the load balancer.

Why D is incorrect

Gateway Load Balancer is designed for deploying, scaling, and managing third-party virtual appliances such as firewalls, IDS, and deep packet inspection systems. It is not intended to front standard web applications for browser traffic.

Flow stickiness on GWLB is not the same as HTTP cookie-based session affinity for a web application. GWLB operates for appliance insertion use cases, not for traditional user-facing web application request distribution. Therefore, it does not meet the application requirement appropriately.

Question 108

A company plans to migrate a legacy on-premises application to AWS. The application is a Java web application that runs on Apache Tomcat with a PostgreSQL database.

The company does not have access to the source code but can deploy the application Java Archive (JAR) files. The application has increased traffic at the end of each month.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

Launch Amazon EC2 instances in multiple Availability Zones. Deploy Tomcat and PostgreSQL to all the instances by using Amazon EFS mount points. Use AWS Step Functions to deploy additional EC2 instances to scale for increased traffic.

Provision Amazon EKS in an Auto Scaling group across multiple AWS Regions. Deploy Tomcat and PostgreSQL in the container images. Use a Network Load Balancer to scale for increased traffic.

Refactor the Java application into Python-based containers. Use AWS Lambda functions for the application logic. Store application data in Amazon DynamoDB global tables. Use AWS Storage Gateway and Lambda concurrency to scale for increased traffic.

Use AWS Elastic Beanstalk to deploy the Tomcat servers with auto scaling in multiple Availability Zones. Store application data in an Amazon RDS for PostgreSQL database. Deploy Amazon CloudFront and an Application Load Balancer to scale for increased traffic.

Spring Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

AWS Certified Solutions Architect - Professional Questions and Answers

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

CompTIA

Fortinet

Microsoft

Salesforce