Amazon AWS

AWS Certified Solutions Architect – Professional

SAP-C02
Popular

The AWS Certified Solutions Architect – Professional (SAP-C02) exam validates advanced skills in designing distributed systems on AWS. It is ideal for experienced architects looking to demonstrate their expertise.

485 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 141–150 of 485

Q141

What happens when an EC2 instance is stopped and then started again?

  • A It retains the same IP address
  • B It loses all data on EBS
  • C It charges for EBS only
  • D It retains instance metadata
Explanation A stopped and restarted EC2 retains its Elastic IP address but can lose public IP unless assigned an Elastic IP; data on EBS is preserved unless it’s an instance store volume.
Q142

Which service provides a fully managed database option that scales automatically?

  • A Amazon Aurora
  • B Amazon DynamoDB
  • C Amazon RDS
  • D Amazon Redshift
Explanation DynamoDB is fully managed and scales seamlessly, while RDS and Aurora require instance management.
Q143

You are configuring an EC2 instance for a web application. What happens if you use an incompatible security group?

  • A Instance will not start.
  • B Instance will have restricted access.
  • C Instance will terminate automatically.
  • D Instance will function normally.
Explanation Incompatible security groups lead to access restrictions but don't prevent instance startup.
Q144

A company needs to ensure compliance for personal data. Which AWS service should they use for monitoring and reporting?

  • A AWS CloudTrail
  • B AWS Config
  • C Amazon GuardDuty
  • D Amazon Inspector
Explanation AWS Config monitors compliance against policies, while CloudTrail logs API calls without compliance checks.
Q145

Which service is best for real-time streaming analytics?

  • A AWS Lambda
  • B Amazon Kinesis
  • C AWS Glue
  • D Amazon S3
Explanation Amazon Kinesis is designed for real-time streaming data, while Lambda is for event-driven compute, Glue is for ETL, and S3 is for storage.
Q146

A company needs to ensure that specific users have permission to only access certain AWS resources. What should they implement?

  • A IAM roles
  • B IAM policies
  • C AWS Organizations
  • D VPC security groups
Explanation IAM policies allow precise access control to resources, whereas roles and organizations serve broader management purposes, and security groups control network access, not resource permissions.
Q147

You are configuring a VPC peering connection. What happens if the route tables are not updated?

  • A VPCs do not connect
  • B Traffic is still routed
  • C Only DNS resolve works
  • D No traffic flows between VPCs
Explanation Without updated route tables, traffic cannot flow between peered VPCs; they remain unable to communicate over the peering connection.
Q148

Which AWS service can automatically scale resources based on demand?

  • A Amazon Elastic Load Balancing
  • B AWS Lambda
  • C Amazon EC2 Auto Scaling
  • D Amazon RDS
Explanation EC2 Auto Scaling adjusts instance count automatically; others do not.
Q149

A company needs to securely manage keys used to encrypt data in Amazon S3. Which service should they use?

  • A AWS Secrets Manager
  • B AWS Key Management Service (KMS)
  • C Amazon Macie
  • D AWS Config
Explanation AWS KMS manages encryption keys for S3 securely; others are not designed for this purpose.
Q150

What happens when a non-root IAM user tries to attach an IAM policy to itself?

  • A The policy is attached successfully.
  • B An error is shown due to permissions.
  • C The IAM policies are merged.
  • D Nothing, they cannot attach policies.
Explanation Non-root IAM users cannot modify their own permissions; other options imply incorrect permissions management.