CertsTopics Logo

Spring Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

SAP-C02 Reviews Questions

Page: 24 / 50
Total 674 questions
Get SAP-C02 Full Access Download SAP-C02 PDF

AWS Certified Solutions Architect - Professional Questions and Answers

Question 93

A company has an application that runs on Amazon EC2 instances. A solutions architect is designing VPC infrastructure in an AWS Region where the application needs to access an Amazon Aurora DB cluster. The EC2 instances are all associated with the same security group. The DB cluster is associated with its own security group.

The solutions architect needs to add rules to the security groups to provide the application with least privilege access to the DB cluster.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.

Add an inbound rule to the EC2 instances ' security group. Specify the DB cluster ' s security group as the source over the default Aurora port.

B.

Add an outbound rule to the EC2 instances ' security group. Specify the DB cluster ' s security group as the destination over the default Aurora port.

C.

Add an inbound rule to the DB cluster ' s security group. Specify the EC2 instances ' security group as the source over the default Aurora port.

D.

Add an outbound rule to the DB cluster ' s security group. Specify the EC2 instances ' security group as the destination over the default Aurora port.

E.

Add an outbound rule to the DB cluster ' s security group. Specify the EC2 instances ' security group as the destination over the ephemeral ports.

Question 94

A company manages multiple AWS accounts by using AWS Organizations. Under the root OU. the company has two OUs: Research and DataOps.

Because of regulatory requirements, all resources that the company deploys in the organizationmust reside in the ap-northeast-1 Region. Additionally. EC2 instances that the company deploys in the DataOps OU must use a predefined list of instance types

A solutions architect must implement a solution that applies these restrictions. The solution must maximize operational efficiency and must minimize ongoing maintenance

Which combination of steps will meet these requirements? (Select TWO )

Options:

A.

Create an IAM role in one account under the DataOps OU Use the ec2 Instance Type condition key in an inline policy on the role to restrict access to specific instance types.

B.

Create an IAM user in all accounts under the root OU Use the aws RequestedRegion condition key in an inline policy on each user to restrict access to all AWS Regions except ap-northeast-1.

C.

Create an SCP Use the aws:RequestedRegion condition key to restrict access to all AWS Regions except ap-northeast-1 Apply the SCP to the root OU.

D.

Create an SCP Use the ec2Reo»on condition key to restrict access to all AWS Regions except ap-northeast-1. Apply the SCP to the root OU. the DataOps OU. and the Research OU.

E.

Create an SCP Use the ec2:lnstanceType condition key to restrict access to specific instance types Apply the SCP to the DataOps OU.

Question 95

A digital marketing company has multiple AWS accounts that belong to various teams. The creative team uses an Amazon S3 bucket in its AWS account to securely store images and media files that are used as content for the company ' s marketing campaigns. The creative team wants to share the S3 bucket with the strategy team so that the strategy team can view the objects.

A solutions architect has created an IAM role that is named strategy_reviewer in the Strategy account. The solutions architect also has set up a custom AWS Key Management Service (AWS KMS) key in the Creative account and has associated the key with the S3 bucket. However, when users from the Strategy account assume the IAM role and try to access objects in the S3 bucket, they receive an Account.

The solutions architect must ensure that users in the Strategy account can access the S3 bucket. The solution must provide these users with only the minimum permissions that they need.

Which combination of steps should the solutions architect take to meet these requirements? (Select THREE.)

Options:

A.

Create a bucket policy that includes read permissions for the S3 bucket. Set the principal ofthe bucket policy to the account ID of the Strategy account

B.

Update the strategy_reviewer IAM role to grant full permissions for the S3 bucket and to grant decrypt permissions for the custom KMS key.

C.

Update the custom KMS key policy in the Creative account to grant decrypt permissions to the strategy_reviewer IAM role.

D.

Create a bucket policy that includes read permissions for the S3 bucket. Set the principal of the bucket policy to an anonymous user.

E.

Update the custom KMS key policy in the Creative account to grant encrypt permissions to the strategy_reviewer IAM role.

F.

Update the strategy_reviewer IAM role to grant read permissions for the S3 bucket and to grant decrypt permissions for the custom KMS key

Question 96

A global company operates a platform that serves customers across multiple AWS Regions. The platform stores customer behavioral data.

For data residency compliance, the company must ensure that personally identifiable information (PII) data remains within the Region where the data is collected. Additionally, the company must ensure that cross-Region data analysis uses only anonymized datasets.

Which solution will meet these requirements?

Options:

A.

Deploy AWS Outposts in each Region to keep data on premises. Store data in Amazon S3 on Outposts. Use AWS Glue DataBrew to anonymize PII data. Analyze cross-Region data by using Amazon Athena.

B.

Deploy Amazon Aurora PostgreSQL clusters in separate Regions. Use AWS Glue DataBrew to anonymize PII data. Analyze cross-Region data by using Amazon Redshift Serverless.

C.

Deploy Amazon Aurora PostgreSQL clusters in separate Regions. Use AWS Lambda functions to anonymize PII data before replication. Use AWS PrivateLink to connect Amazon QuickSight to cross-Region databases for analysis.

D.

Deploy Amazon S3 buckets in each Region. Enable S3 Block Public Access and bucket policies to prevent cross-Region replication. Use Amazon Macie to anonymize data. Analyze cross-Region data by using Amazon Athena.

Page: 24 / 50
Total 674 questions
Get SAP-C02 Full Access Download SAP-C02 PDF