Amazon AWS

AWS Certified Solutions Architect – Professional

SAP-C02
Popular

The AWS Certified Solutions Architect – Professional (SAP-C02) exam validates advanced skills in designing distributed systems on AWS. It is ideal for experienced architects looking to demonstrate their expertise.

485 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 251–260 of 485

Q251

A company needs to securely share data between multiple AWS accounts. Which approach should be implemented?

  • A Enable bucket versioning
  • B Create a resource-based policy
  • C Use EC2 for managing data
  • D Utilize IAM roles only
Explanation Resource-based policies allow shared access across accounts, unlike versioning or EC2 use.
Q252

What happens when an IAM user exceeds their permissions in a policy?

  • A Access is fully granted
  • B Access is denied
  • C Access is partially granted
  • D Access is granted based on least privilege
Explanation Exceeding permissions will result in access being denied, not partially allowed.
Q253

Which service allows you to run containers without managing servers?

  • A AWS Lambda
  • B Amazon EC2
  • C Amazon ECS
  • D AWS Batch
Explanation Amazon ECS enables container orchestration without server management; Lambda is for serverless functions, EC2 is for VMs, and AWS Batch manages batch processing jobs.
Q254

A company needs to grant read-only access to S3 buckets for a group of users. What is the best method?

  • A Create users in IAM with S3 policies.
  • B Attach policies directly to S3 buckets.
  • C Use an IAM role for S3 access.
  • D Create a group in IAM with permissions.
Explanation Creating a group with permissions allows easy management; individual user policies and roles complicate access management.
Q255

You are configuring a CloudFront distribution. What happens if you do not set an origin?

  • A The distribution will function properly.
  • B Requests will fail immediately.
  • C Content will serve from the edge locations.
  • D CloudFront uses default settings.
Explanation Without an origin, CloudFront cannot retrieve content, resulting in failed requests; edge locations can't serve anything absent an origin.
Q256

Which service allows temporary access to AWS resources?

  • A IAM Roles
  • B AWS Shield
  • C CloudFormation
  • D AWS Direct Connect
Explanation IAM Roles provide temporary security credentials, while the others serve different purposes.
Q257

A company wants to reduce latency for users in multiple geographic regions. What is the best architectural approach?

  • A Use Multi-AZ RDS
  • B Implement an AWS Global Accelerator
  • C Deploy a Virtual Private Cloud
  • D Leverage AWS Snowball
Explanation AWS Global Accelerator improves latency globally; the others address different needs.
Q258

You are configuring an S3 bucket with a public read policy. What happens if you enable Block Public Access for the bucket?

  • A Public access is allowed
  • B Only authenticated users can access
  • C Public access is blocked
  • D Access denied for all users
Explanation Block Public Access capabilities override bucket policies, ensuring no public access.
Q259

Which service provides serverless computing capabilities?

  • A AWS Lambda
  • B Amazon EC2
  • C RDS
  • D Amazon S3
Explanation AWS Lambda offers serverless execution; EC2 requires provisioning servers and S3 is for storage.
Q260

A company needs to store data that can be accessed frequently but may not require real-time access. Which storage solution is the most cost-effective?

  • A Amazon S3 Standard
  • B Amazon EFS
  • C S3 Intelligent-Tiering
  • D Amazon S3 Glacier
Explanation S3 Intelligent-Tiering automatically moves data between tiers, balancing cost and access needs.