CertsTopics Logo

Spring Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

SAP-C02 Exam Questions Tutorials

Page: 3 / 50
Total 674 questions
Get SAP-C02 Full Access Download SAP-C02 PDF

AWS Certified Solutions Architect - Professional Questions and Answers

Question 9

A company needs a hybrid DNS architecture. The architecture must include the company’s on-premises network and a VPC. An AWS Site-to-Site VPN connection connects the VPC to the on-premises network. The company already hosts the onprem.mydc.com domain name on premises.

The company wants to host the myvpc.example.com domain name in the company’s AWS account and resolve it to the VPC. The company also needs the on-premises devices to resolve DNS queries to the myvpc.example.com domain.

Which combination of steps will meet these requirements? Select THREE.

Options:

A.

Create an Amazon Route 53 private hosted zone for the myvpc.example.com domain. Associate the domain with the VPC.

B.

Create an Amazon Route 53 public hosted zone for the myvpc.example.com domain. Associate the domain with the VPC.

C.

Use Amazon Route 53 Resolver to create an inbound endpoint in the AWS Region of the VPC.

D.

Use Amazon Route 53 Resolver to create an outbound endpoint in the AWS Region of the VPC.

E.

Use Amazon Route 53 Resolver to create a forwarding rule for the Route 53 private hosted zone domain and IP addresses of the outbound endpoint.

F.

Configure the on-premises DNS resolvers with a conditional forwarding rule for DNS queries for the Amazon Route 53 private hosted zone domain and IP addresses of the inbound endpoint.

Question 10

A company creates an AWS Control Tower landing zone to manage and govern a multi-account AWS environment. The company ' s security team will deploy preventive controls and detective controls to monitor AWS services across all the accounts. The security team needs a centralized view of the security state of all the accounts.

Which solution will meet these requirements ' ?

Options:

A.

From the AWS Control Tower management account, use AWS CloudFormation StackSets to deploy an AWS Config conformance pack to all accounts in the organization

B.

Enable Amazon Detective for the organization in AWS Organizations Designate one AWS account as the delegated administrator for Detective

C.

From the AWS Control Tower management account, deploy an AWS CloudFormation stack set that uses the automatic deployment option to enable Amazon Detective for the organization

D.

Enable AWS Security Hub for the organization in AWS Organizations Designate one AWS account as the delegated administrator for Security Hub

Question 11

A company is expanding. The company plans to separate its resources into hundreds of different AWS accounts in multiple AWS Regions. A solutions architect must recommend a solution that denies access to any operations outside of specifically designated Regions.

Which solution will meet these requirements?

Options:

A.

Create IAM roles for each account. Create IAM policies with conditional allow permissions that include only approved Regions for the accounts.

B.

Create an organization in AWS Organizations. Create IAM users for each account. Attach a policy to each user to block access to Regions where an account cannot deploy infrastructure.

C.

Launch an AWS Control Tower landing zone. Create OUs and attach SCPs that deny access to run services outside of the approved Regions.

D.

Enable AWS Security Hub in each account. Create controls to specify the Regions where an account can deploy infrastructure.

Question 12

A company plans to refactor a monolithic application into a modern application designed deployed or AWS. The CLCD pipeline needs to be upgraded to support the modem design for the application with the following requirements

• It should allow changes to be released several times every hour.

* It should be able to roll back the changes as quickly as possible.

Which design will meet these requirements?

Options:

A.

Deploy a Cl-CD pipeline that incorporates AMIs to contain the application and their configurations Deploy the application by replacing Amazon EC2 instances

B.

Specify AWS Elastic Beanstak to sage in a secondary environment as the deployment target for the CI/CD pipeline of the application. To deploy swap the staging and production environment URLs.

C.

Use AWS Systems Manager to re-provision the infrastructure for each deployment Update the Amazon EC2 user data to pull the latest code art-fact from Amazon S3 and use Amazon Route 53 weighted routing to point to the new environment

D.

Roll out the application updates as pan of an Auto Scaling event using prebuilt AMIs. Use new versions of the AMIs to add instances, and phase out all instances that use the previous AMI version with the configured termination policy during a deployment event.

Page: 3 / 50
Total 674 questions
Get SAP-C02 Full Access Download SAP-C02 PDF