Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Amazon
  3. SAP-C02

Amazon SAP-C02 Exam (page: 11)
Amazon AWS Certified Solutions Architect - Professional SAP-C02
Updated on: 09-Feb-2026

Viewing Page 11 of 68
SAP-C02 PDF 533 Questions

An adventure company has launched a new feature on its mobile app. Users can use the feature to upload their hiking and rafting photos and videos anytime. The photos and videos are stored in Amazon S3 Standard storage in an S3 bucket and are served through Amazon CloudFront.

The company needs to optimize the cost of the storage. A solutions architect discovers that most of the uploaded photos and videos are accessed infrequently after 30 days. However, some of the uploaded photos and videos are accessed frequently after 30 days. The solutions architect needs to implement a solution that maintains millisecond retrieval availability of the photos and videos at the lowest possible cost.

Which solution will meet these requirements?

  1. Configure S3 Intelligent-Tiering on the S3 bucket.
  2. Configure an S3 Lifecycle policy to transition image objects and video objects from S3 Standard to S3 Glacier Deep Archive after 30 days.
  3. Replace Amazon S3 with an Amazon Elastic File System (Amazon EFS) file system that is mounted on Amazon EC2 instances.
  4. Add a Cache-Control: max-age header to the S3 image objects and S3 video objects. Set the header to 30 days.

Answer(s): A

Explanation:

A) Configure S3 Intelligent-Tiering on the S3 bucket.

S3 Intelligent-Tiering automatically moves data between frequent and infrequent access tiers based on changing access patterns, which ensures that data accessed infrequently is stored in a lower-cost tier while still providing millisecond retrieval. This solution is ideal for cases where the access frequency of objects is unpredictable, making it the most cost-effective and efficient choice to meet the company's needs.



A company uses Amazon S3 to store files and images in a variety of storage classes. The company's S3 costs have increased substantially during the past year.

A solutions architect needs to review data trends for the past 12 months and identity the appropriate storage class for the objects.

Which solution will meet these requirements?

  1. Download AWS Cost and Usage Reports for the last 12 months of S3 usage. Review AWS Trusted Advisor recommendations for cost savings.
  2. Use S3 storage class analysis. Import data trends into an Amazon QuickSight dashboard to analyze storage trends.
  3. Use Amazon S3 Storage Lens. Upgrade the default dashboard to include advanced metrics for storage trends.
  4. Use Access Analyzer for S3. Download the Access Analyzer for S3 report for the last 12 months. Import the .csv file to an Amazon QuickSight dashboard.

Answer(s): C

Explanation:

C) Use Amazon S3 Storage Lens. Upgrade the default dashboard to include advanced metrics for storage trends.

Amazon S3 Storage Lens provides a comprehensive view of S3 storage usage and activity, allowing you to analyze trends over the past 12 months. By upgrading to advanced metrics, the company can access detailed data on object storage, including recommendations on optimizing costs by adjusting storage class usage. This solution helps identify opportunities for cost savings in the most efficient manner.



A company has its cloud infrastructure on AWS. A solutions architect needs to define the infrastructure as code. The infrastructure is currently deployed in one AWS Region. The company’s business expansion plan includes deployments in multiple Regions across multiple AWS accounts.

What should the solutions architect do to meet these requirements?

  1. Use AWS CloudFormation templates. Add IAM policies to control the various accounts, Deploy the templates across the multiple Regions.
  2. Use AWS Organizations. Deploy AWS CloudFormation templates from the management account Use AWS Control Tower to manage deployments across accounts.
  3. Use AWS Organizations and AWS CloudFormation StackSets. Deploy a Cloud Formation template from an account that has the necessary IAM permissions.
  4. Use nested stacks with AWS CloudFormation templates. Change the Region by using nested stacks.

Answer(s): C

Explanation:

C) Use AWS Organizations and AWS CloudFormation StackSets. Deploy a CloudFormation template from an account that has the necessary IAM permissions.

AWS CloudFormation StackSets allow you to deploy CloudFormation templates across multiple AWS accounts and Regions from a central account. By integrating with AWS Organizations, you can automate and manage deployments across various accounts, ensuring consistent infrastructure as code deployment across multiple Regions and accounts. This is the most scalable and efficient solution for multi-Region and multi-account setups.



A company has several AWS accounts. A development team is building an automation framework for cloud governance and remediation processes. The automation framework uses AWS Lambda functions in a centralized account. A solutions architect must implement a least privilege permissions policy that allows the Lambda functions to run in each of the company's AWS accounts.

Which combination of steps will meet these requirements? (Choose two.)

  1. In the centralized account. create an IAM role that has the Lambda service as a trusted entity. Add an inline policy to assume the roles of the other AWS accounts.
  2. In the other AWS accounts, create an IAM role that has minimal permissions. Add the centralized account's Lambda IAM rote as a trusted entity.
  3. In the centralized account, create an IAM role that has roles of the other accounts as trusted entities. Provide minimal permissions.
  4. In the other AWS accounts, create an IAM role that has permissions to assume the role of the centralized account. Add the Lambda service as a trusted entity.
  5. In the other AWS accounts, create an IAM role that has minimal permissions. Add the Lambda service as a trusted entity.

Answer(s): A,B

Explanation:

A) In the centralized account, create an IAM role that has the Lambda service as a trusted entity. Add an inline policy to assume the roles of the other AWS accounts.
This step allows the Lambda function in the centralized account to assume roles in the other AWS accounts for executing governance and remediation tasks.

B) In the other AWS accounts, create an IAM role that has minimal permissions. Add the centralized account's Lambda IAM role as a trusted entity.
This step ensures that the centralized Lambda function can assume the roles in the other AWS accounts. The minimal permissions approach ensures the least privilege principle is followed.

Together, these steps implement a least privilege permission model where the Lambda functions in the centralized account can perform necessary tasks in the other AWS accounts with minimal permissions and trust relationships established between the accounts.



A company plans to refactor a monolithic application into a modern application design deployed on AWS. The CI/CD pipeline needs to be upgraded to support the modern design for the application with the following requirements:

-It should allow changes to be released several times every hour.
-It should be able to roll back the changes as quickly as possible.

Which design will meet these requirements?

  1. Deploy a CI/CD pipeline that incorporates AMIs to contain the application and their configurations. Deploy the application by replacing Amazon EC2 instances.
  2. Specify AWS Elastic Beanstalk to stage in a secondary environment as the deployment target for the CI/CD pipeline of the application. To deploy, swap the staging and production environment URLs.
  3. Use AWS Systems Manager to re-provision the infrastructure for each deployment. Update the Amazon EC2 user data to pull the latest code artifact from Amazon S3 and use Amazon Route 53 weighted routing to point to the new environment.
  4. Roll out the application updates as part of an Auto Scaling event using prebuilt AMIs. Use new versions of the AMIs to add instances. and phase out all instances that use the previous AMI version with the configured termination policy during a deployment event.

Answer(s): B

Explanation:

B) Specify AWS Elastic Beanstalk to stage in a secondary environment as the deployment target for the CI/CD pipeline of the application. To deploy, swap the staging and production environment URLs.

Using AWS Elastic Beanstalk with a secondary staging environment allows rapid deployments several times an hour, and supports quick rollbacks by swapping the URLs between staging and production environments. This design allows you to release changes quickly and rollback easily if issues arise, meeting both the requirements of rapid deployment and minimal downtime during rollbacks.



A company has an application that runs on Amazon EC2 instances. A solutions architect is designing VPC infrastructure in an AWS Region where the application needs to access an Amazon Aurora DB Cluster. The EC2 instances are all associated with the same security group. The DB cluster is associated with its own security group.

The solutions architect needs to add rules to the security groups to provide the application with least privilege access to the DB Cluster.

Which combination of steps will meet these requirements? (Choose two.)

  1. Add an inbound rule to the EC2 instances' security group. Specify the DB cluster's security group as the source over the default Aurora port.
  2. Add an outbound rule to the EC2 instances' security group. Specify the DB cluster's security group as the destination over the default Aurora port.
  3. Add an inbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the source over the default Aurora port.
  4. Add an outbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the destination over the default Aurora port.
  5. Add an outbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the destination over the ephemeral ports.

Answer(s): B,C

Explanation:

B) Add an outbound rule to the EC2 instances' security group. Specify the DB cluster's security group as the destination over the default Aurora port.
This allows the EC2 instances to send requests to the Aurora DB cluster over the appropriate port, typically 3306 for MySQL-based Aurora.

C) Add an inbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the source over the default Aurora port.
This allows the Aurora DB cluster to receive traffic from the EC2 instances, ensuring that only the specific EC2 instances' security group can access the DB cluster.

This combination follows the principle of least privilege, ensuring that only the necessary traffic is allowed between the EC2 instances and the Aurora DB cluster over the required port.



A company wants to change its internal cloud billing strategy for each of its business units. Currently, the cloud governance team shares reports for overall cloud spending with the head of each business unit. The company uses AWS Organizations to manage the separate AWS accounts for each business unit. The existing tagging standard in Organizations includes the application, environment, and owner. The cloud governance team wants a centralized solution so each business unit receives monthly reports on its cloud spending. The solution should also send notifications for any cloud spending that exceeds a set threshold.

Which solution is the MOST cost-effective way to meet these requirements?

  1. Configure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owner. Add each business unit to an Amazon SNS topic for each alert. Use Cost Explorer in each account to create monthly reports for each business unit.
  2. Configure AWS Budgets in the organization's management account and configure budget alerts that are grouped by application, environment, and owner. Add each business unit to an Amazon SNS topic for each alert. Use Cost Explorer in the organization's management account to create monthly reports for each business unit.
  3. Configure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owner. Add each business unit to an Amazon SNS topic for each alert. Use the AWS Billing and Cost Management dashboard in each account to create monthly reports for each business unit.
  4. Enable AWS Cost and Usage Reports in the organization's management account and configure reports grouped by application, environment. and owner. Create an AWS Lambda function that processes AWS Cost and Usage Reports, sends budget alerts, and sends monthly reports to each business unit's email list.

Answer(s): B

Explanation:

B) Configure AWS Budgets in the organization's management account and configure budget alerts that are grouped by application, environment, and owner. Add each business unit to an Amazon SNS topic for each alert. Use Cost Explorer in the organization's management account to create monthly reports for each business unit.

This solution is cost-effective because it centralizes cost management using AWS Budgets and Cost Explorer in the organization's management account. This allows the cloud governance team to configure budget alerts and generate monthly reports grouped by tags such as application, environment, and owner for each business unit. Notifications for budget thresholds are easily managed through Amazon SNS, ensuring each business unit is kept informed.



A company is using AWS CloudFormation to deploy its infrastructure. The company is concerned that, if a production CloudFormation stack is deleted, important data stored in Amazon RDS databases or Amazon EBS volumes might also be deleted.

How can the company prevent users from accidentally deleting data in this way?

  1. Modify the CloudFormation templates to add a DeletionPolicy attribute to RDS and EBS resources.
  2. Configure a stack policy that disallows the deletion of RDS and EBS resources.
  3. Modify IAM policies lo deny deleting RDS and EBS resources that are tagged with an "aws:cloudformation:stack-name" tag.
  4. Use AWS Config rules to prevent deleting RDS and EBS resources.

Answer(s): A

Explanation:

A) Modify the CloudFormation templates to add a DeletionPolicy attribute to RDS and EBS resources.

By adding the DeletionPolicy attribute to the RDS and EBS resources in the CloudFormation template, you can specify actions to be taken when a stack is deleted. For critical resources like databases or EBS volumes, you can set the DeletionPolicy to Retain, ensuring that these resources are not deleted even if the CloudFormation stack is removed. This approach effectively prevents accidental data loss.



Viewing Page 11 of 68



Share your comments for Amazon SAP-C02 exam with other users:

Andrew 8/23/2023 6:02:00 PM

very helpful
Anonymous


Mukesh 7/10/2023 4:14:00 PM

good questions
UNITED KINGDOM