Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Oracle
Palo Alto Networks
All Vendors
  1. Home
  2. Amazon
  3. SAP-C01

Amazon SAP-C01 Exam (page: 3)
Amazon AWS Certified Solutions Architect - Professional SAP-C02
Updated on: 30-Nov-2025

Viewing Page 3 of 107
SAP-C01 PDF 533 Questions

A company wants to use a third-party software-as-a-service (SaaS) application. The third-party SaaS application is consumed through several API calls. The third-party SaaS application also runs on AWS inside a VPC.

The company will consume the third-party SaaS application from inside a VPC. The company has internal security policies that mandate the use of private connectivity that does not traverse the internet. No resources that run in the company VPC are allowed to be accessed from outside the company’s VPC. All permissions must conform to the principles of least privilege.

Which solution meets these requirements?

  1. Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint.
  2. Create an AWS Site-to-Site VPN connection between the third-party SaaS application and the company VPC. Configure network ACLs to limit access across the VPN tunnels.
  3. Create a VPC peering connection between the third-party SaaS application and the company VP Update route tables by adding the needed routes for the peering connection.
  4. Create an AWS PrivateLink endpoint service. Ask the third-party SaaS provider to create an interface VPC endpoint for this endpoint service. Grant permissions for the endpoint service to the specific account of the third-party SaaS provider.

Answer(s): A

Explanation:

A: Create an AWS PrivateLink interface VPC endpoint is the correct solution because AWS PrivateLink allows secure, private connectivity between VPCs and third-party SaaS applications without exposing traffic to the internet. The traffic between the company’s VPC and the third-party SaaS application stays within the AWS network, adhering to the company's internal security policies that mandate private connectivity.

By creating an interface VPC endpoint, the company ensures that the third-party SaaS API calls are handled privately and securely. The use of security groups on the endpoint further restricts access and conforms to the principle of least privilege, limiting communication only to the necessary resources.

This approach eliminates the need for VPNs or VPC peering, which could either expose data to unnecessary risks or lead to more complex routing configurations.



A company needs to implement a patching process for its servers. The on-premises servers and Amazon EC2 instances use a variety of tools to perform patching. Management requires a single report showing the patch status of all the servers and instances.

Which set of actions should a solutions architect take to meet these requirements?

  1. Use AWS Systems Manager to manage patches on the on-premises servers and EC2 instances. Use Systems Manager to generate patch compliance reports.
  2. Use AWS OpsWorks to manage patches on the on-premises servers and EC2 instances. Use Amazon QuickSight integration with OpsWorks to generate patch compliance reports.
  3. Use an Amazon EventBridge rule to apply patches by scheduling an AWS Systems Manager patch remediation job. Use Amazon Inspector to generate patch compliance reports.
  4. Use AWS OpsWorks to manage patches on the on-premises servers and EC2 instances. Use AWS X-Ray to post the patch status to AWS Systems Manager OpsCenter to generate patch compliance reports.

Answer(s): A

Explanation:

A: Use AWS Systems Manager to manage patches on the on-premises servers and EC2 instances is the correct solution because AWS Systems Manager provides a unified approach for patch management across both on-premises servers and EC2 instances. Systems Manager's Patch Manager component can automate the process of patching and ensure compliance with patching policies.

Additionally, Systems Manager offers the capability to generate detailed patch compliance reports, which meet the requirement for a single report showing the patch status of all servers and instances, both on-premises and in the cloud. This approach simplifies the patching process and provides centralized visibility into patch compliance across environments.



A company is running an application on several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The load on the application varies throughout the day, and EC2 instances are scaled in and out on a regular basis. Log files from the EC2 instances are copied to a central Amazon S3 bucket every 15 minutes. The security team discovers that log files are missing from some of the terminated EC2 instances.

Which set of actions will ensure that log files are copied to the central S3 bucket from the terminated EC2 instances?

  1. Create a script to copy log files to Amazon S3, and store the script in a file on the EC2 instance. Create an Auto Scaling lifecycle hook and an Amazon EventBridge rule to detect lifecycle events from the Auto Scaling group. Invoke an AWS Lambda function on the autoscaling:EC2_INSTANCE_TERMINATING transition to send ABANDON to the Auto Scaling group to prevent termination, run the script to copy the log files, and terminate the instance using the AWS SDK.
  2. Create an AWS Systems Manager document with a script to copy log files to Amazon S3. Create an Auto Scaling lifecycle hook and an Amazon EventBridge rule to detect lifecycle events from the Auto Scaling group. Invoke an AWS Lambda function on the autoscaling:EC2_INSTANCE_TERMINATING transition to call the AWS Systems Manager API SendCommand operation to run the document to copy the log files and send CONTINUE to the Auto Scaling group to terminate the instance.
  3. Change the log delivery rate to every 5 minutes. Create a script to copy log files to Amazon S3, and add the script to EC2 instance user data. Create an Amazon EventBridge rule to detect EC2 instance termination. Invoke an AWS Lambda function from the EventBridge rule that uses the AWS CLI to run the user-data script to copy the log files and terminate the instance.
  4. Create an AWS Systems Manager document with a script to copy log files to Amazon S3. Create an Auto Scaling lifecycle hook that publishes a message to an Amazon Simple Notification Service (Amazon SNS) topic. From the SNS notification, call the AWS Systems Manager API SendCommand operation to run the document to copy the log files and send ABANDON to the Auto Scaling group to terminate the instance.

Answer(s): B

Explanation:

B: Create an AWS Systems Manager document with a script to copy log files to Amazon S3... is the correct approach because it leverages AWS Systems Manager to manage the task of copying log files when an instance is being terminated. By using an Auto Scaling lifecycle hook and AWS Lambda, the system can detect when an instance is about to be terminated, execute the necessary commands via AWS Systems Manager SendCommand, and ensure that the logs are copied to the S3 bucket before the instance is shut down. This approach helps ensure log file integrity without manual intervention and respects the automated scaling and termination process of the Auto Scaling group.



A company is using multiple AWS accounts. The DNS records are stored in a private hosted zone for Amazon Route 53 in Account A. The company’s applications and databases are running in Account B.

A solutions architect will deploy a two-tier application in a new VPC. To simplify the configuration, the db.example.com CNAME record set for the Amazon RDS endpoint was created in a private hosted zone for Amazon Route 53.

During deployment, the application failed to start. Troubleshooting revealed that db.example.com is not resolvable on the Amazon EC2 instance. The solutions architect confirmed that the record set was created correctly in Route 53.

Which combination of steps should the solutions architect take to resolve this issue? (Choose two.)

  1. Deploy the database on a separate EC2 instance in the new VPC. Create a record set for the instance’s private IP in the private hosted zone.
  2. Use SSH to connect to the application tier EC2 instance. Add an RDS endpoint IP address to the /etc/resolv.conf file.
  3. Create an authorization to associate the private hosted zone in Account A with the new VPC in Account B.
  4. Create a private hosted zone for the example com domain in Account B. Configure Route 53 replication between AWS accounts.
  5. Associate a new VPC in Account B with a hosted zone in Account A. Delete the association authorization in Account A.

Answer(s): C,E

Explanation:

The correct steps to resolve the DNS resolution issue are:

C: Create an authorization to associate the private hosted zone in Account A with the new VPC in Account B: Private hosted zones need explicit authorization to associate with a VPC in a different account. This ensures that resources in Account B (like the application) can access DNS records from the private hosted zone in Account A.

E: Associate a new VPC in Account B with a hosted zone in Account A: Once the authorization is created, the next step is to associate the VPC in Account B with the private hosted zone in Account A. This allows the EC2 instances in Account B to resolve DNS queries to db.example.com, ensuring proper communication between the application and the RDS instance.



A company used Amazon EC2 instances to deploy a web fleet to host a blog site. The EC2 instances are behind an Application Load Balancer (ALB) and are configured in an Auto Scaling group. The web application stores all blog content on an Amazon EFS volume.

The company recently added a feature for bloggers to add video to their posts, attracting 10 times the previous user traffic. At peak times of day, users report buffering and timeout issues while attempting to reach the site or watch videos.

Which is the MOST cost-efficient and scalable deployment that will resolve the issues for users?

  1. Reconfigure Amazon EFS to enable maximum I/O.
  2. Update the blog site to use instance store volumes for storage. Copy the site contents to the volumes at launch and to Amazon S3 at shutdown.
  3. Configure an Amazon CloudFront distribution. Point the distribution to an S3 bucket, and migrate the videos from EFS to Amazon S3.
  4. Set up an Amazon CloudFront distribution for all site contents, and point the distribution at the ALB.

Answer(s): C

Explanation:

C) Configure an Amazon CloudFront distribution. Point the distribution to an S3 bucket, and migrate the videos from EFS to Amazon S3 is the correct answer because Amazon CloudFront is a content delivery network (CDN) that can cache static and dynamic content closer to the users, significantly reducing latency and improving performance for video streaming. Migrating the video content from Amazon EFS to Amazon S3 provides cost-effective storage for large objects like videos, while CloudFront ensures fast and efficient delivery. This solution also scales automatically with increased traffic, making it the most cost-efficient and scalable option.



Viewing Page 3 of 107



Share your comments for Amazon SAP-C01 exam with other users:

Satish 11/6/2023 4:27:00 AM

it is very useful, thank you
Anonymous


Chinna 7/30/2023 8:37:00 AM

need safe rte dumps
FRANCE


1234 6/30/2023 3:40:00 AM

can you upload the cis - cpg dumps
Anonymous


Did 1/12/2024 3:01:00 AM

q6 = 1. download odt application 2. create a configuration file (xml) 3. setup.exe /download to download the installation files 4. setup.exe /configure to deploy the application
FRANCE


John 10/12/2023 12:30:00 PM

great material
Anonymous


Dinesh 8/1/2023 2:26:00 PM

could you please upload sap c_arsor_2302 questions? it will be very much helpful.
Anonymous


LBert 6/19/2023 10:23:00 AM

vraag 20c: rsa veilig voor symmtrische cryptografie? antwoord c is toch fout. rsa is voor asymmetrische cryptogafie??
NETHERLANDS


g 12/22/2023 1:51:00 PM

so far good
UNITED STATES


Milos 8/4/2023 9:33:00 AM

question 31 has obviously wrong answers. tls and ssl are used to encrypt data at transit, not at rest.
Serbia And Montenegro


Diksha 9/25/2023 2:32:00 AM

pls provide dump for 1z0-1080-23 planning exams
Anonymous


H 7/17/2023 4:28:00 AM

could you please upload the exam?
Anonymous


Anonymous 9/14/2023 4:47:00 AM

please upload this
UNITED STATES


Naveena 1/13/2024 9:55:00 AM

good material
Anonymous


WildWilly 1/19/2024 10:43:00 AM

lets see if this is good stuff...
Anonymous


Lavanya 11/2/2023 1:53:00 AM

useful information
UNITED STATES


Moussa 12/12/2023 5:52:00 AM

intéressant
BURKINA FASO


Madan 6/22/2023 9:22:00 AM

thank you for making the interactive questions
Anonymous


Vavz 11/2/2023 6:51:00 AM

questions are accurate
Anonymous


Su 11/23/2023 4:34:00 AM

i need questions/dumps for this exam.
Anonymous


LuvSN 7/16/2023 11:19:00 AM

i need this exam, when will it be uploaded
ROMANIA


Mihai 7/19/2023 12:03:00 PM

i need the dumps !
Anonymous


Wafa 11/13/2023 3:06:00 AM

very helpful
Anonymous


Alokit 7/3/2023 2:13:00 PM

good source
Anonymous


Show-Stopper 7/27/2022 11:19:00 PM

my 3rd test and passed on first try. hats off to this brain dumps site.
UNITED STATES


Michelle 6/23/2023 4:06:00 AM

please upload it
Anonymous


Lele 11/20/2023 11:55:00 AM

does anybody know if are these real exam questions?
EUROPEAN UNION


Girish Jain 10/9/2023 12:01:00 PM

are these questions similar to actual questions in the exam? because they seem to be too easy
Anonymous


Phil 12/8/2022 11:16:00 PM

i have a lot of experience but what comes in the exam is totally different from the practical day to day tasks. so i thought i would rather rely on these brain dumps rather failing the exam.
GERMANY


BV 6/8/2023 4:35:00 AM

good questions
NETHERLANDS


krishna 12/19/2023 2:05:00 AM

valied exam dumps. they were very helpful and i got a pretty good score. i am very grateful for this service and exam questions
Anonymous


Pie 9/3/2023 4:56:00 AM

will it help?
INDIA


Lucio 10/6/2023 1:45:00 PM

very useful to verify knowledge before exam
POLAND


Ajay 5/17/2023 4:54:00 AM

good stuffs
Anonymous


TestPD1 8/10/2023 12:19:00 PM

question 17 : responses arent b and c ?
EUROPEAN UNION