Amazon AWS

AWS Certified Solutions Architect – Professional

SAP-C02

Popular

The AWS Certified Solutions Architect – Professional (SAP-C02) exam validates advanced skills in designing distributed systems on AWS. It is ideal for experienced architects looking to demonstrate their expertise.

485 questions 0 views Free

Start Mock Test Timed · Full-length · Scored

Q131

A company requires cross-region backups for compliance. What is the best approach using S3?

A Use S3 Multi-Region Access Points
B Implement S3 Cross-Region Replication
C Store data in S3 Glacier
D Manually copy S3 buckets weekly

Explanation S3 Cross-Region Replication automatically copies objects to a different AWS region, ensuring compliance.

Q132

What happens when an IAM user exceeds the maximum session duration policy?

A User's session is terminated
B User can extend session duration
C User's access is revoked
D User gets a warning message

Explanation When exceeding the maximum session duration, the IAM session is terminated immediately, preventing continuous access.

Q133

Which AWS service is primarily used for logging and monitoring cloud applications?

A Amazon CloudWatch
B AWS Lambda
C AWS Config
D Amazon S3

Explanation Amazon CloudWatch provides monitoring and logging, while the others either perform different functions or specific tasks.

Q134

You are configuring AWS IAM policies for a developer team. They need granular access to specific S3 buckets with read/write permissions but no access to other resources. What is the best practice for granting this access?

A Use a wild card in the policy
B Attach a bucket policy only
C Create user-specific policies
D Use a group policy with specific permissions

Explanation Using a group policy ensures uniform permissions for the team, while other options lack granularity or security.

Q135

What happens when an EC2 instance's IAM role is misconfigured?

A The instance will not launch
B The instance cannot access AWS services
C The instance fails to terminate
D The instance operates with full permissions

Explanation A misconfigured IAM role denies the instance necessary permissions to access AWS services, while others describe incorrect behaviors.

Q136

Which service is used for automatically scaling EC2 instances?

A Auto Scaling
B Elastic Load Balancer
C EC2 Instance Scheduler
D AWS Lambda

Explanation Auto Scaling automatically adjusts EC2 instance counts based on demand, while the others serve different purposes.

Q137

A company needs to keep sensitive data encrypted both in transit and at rest. Which combination would you recommend?

A Use S3 with SSE and HTTPS
B Use EBS without encryption
C Use CloudFront without SSL
D Use RDS with no encryption

Explanation Using S3 with SSE ensures encryption at rest and HTTPS secures data in transit, while the other options do not offer proper encryption.

Q138

You are configuring a VPC and want to ensure that instances in private subnets cannot directly access the internet. What should you do?

A Associate a public IP
B Create NAT gateway in public subnet
C Add route to internet gateway
D Use a public subnet only

Explanation A NAT gateway allows outbound internet access for instances in private subnets, while the other options either expose them or enable direct internet access.

Q139

Which AWS service is best for real-time stream processing?

A Kinesis Data Stream
B S3 Batch Operations
C Glue ETL
D RDS Multi-AZ

Explanation Kinesis Data Stream is specifically designed for real-time data processing, while the others focus on storage or data transformation.

Q140

A company needs to establish a private connection between their on-premises data center and AWS. Which solution should they choose?

A AWS Direct Connect
B VPN Gateway
C Transit Gateway
D VPC Peering

Explanation AWS Direct Connect provides dedicated private connectivity, whereas the others involve different networking setups or public connections.