Amazon AWS

AWS Certified Solutions Architect – Professional

SAP-C02
Popular

The AWS Certified Solutions Architect – Professional (SAP-C02) exam validates advanced skills in designing distributed systems on AWS. It is ideal for experienced architects looking to demonstrate their expertise.

485 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 281–290 of 485

Q281

A company needs to distribute its applications across multiple regions for high availability. Which AWS service should they use?

  • A Amazon Route 53
  • B AWS CloudFront
  • C AWS Global Accelerator
  • D AWS Direct Connect
Explanation AWS Global Accelerator improves availability by directing traffic through the AWS global network while maintaining performance.
Q282

You are configuring IAM roles for an application on EC2. What happens when a user assumes a role?

  • A Gains permissions from the trust policy
  • B Loses all existing permissions
  • C Only gains permissions temporarily
  • D Can combine with user policies
Explanation When a user assumes a role, they gain the permissions of that role temporarily; existing permissions do not accumulate.
Q283

Which service provides managed NoSQL databases?

  • A DynamoDB
  • B EC2
  • C RDS
  • D S3
Explanation DynamoDB is specifically designed for Fast NoSQL databases, while EC2 is for compute resources, RDS is for relational databases, and S3 is for object storage.
Q284

A company needs to migrate its on-premises data securely to AWS. What is the best solution?

  • A AWS Snowball
  • B Direct Connect
  • C Amazon S3 Transfer Acceleration
  • D AWS VPN
Explanation AWS Snowball allows secure, large-scale data transfers without requiring internet bandwidth, unlike Direct Connect, Transfer Acceleration, and VPN which do not directly address bulk transfer without exposure.
Q285

You are configuring IAM policies for team members. What should you do to ensure the principle of least privilege?

  • A Assign full admin access for ease
  • B Use IAM roles for specific tasks
  • C Copy existing policies from users
  • D Give permissions based on role hierarchy
Explanation Using IAM roles tailored for specific tasks ensures users only have necessary permissions, while the other options either grant excessive or inappropriate access.
Q286

Which service allows you to run containers without managing servers?

  • A Amazon ECS
  • B AWS Lambda
  • C Amazon EC2
  • D AWS Fargate
Explanation AWS Fargate runs containers without provisioning servers; ECS and EC2 require server management, while Lambda is for serverless functions.
Q287

A company needs to maintain compliance logging for regulatory purposes. Which AWS service should they use?

  • A AWS CloudTrail
  • B Amazon CloudWatch
  • C AWS Config
  • D Amazon S3
Explanation AWS CloudTrail records API calls for auditing while Config monitors configuration changes; CloudWatch is for performance monitoring, S3 is a storage service.
Q288

What happens when an EC2 instance protected by a security group is launched with an open inbound rule for all traffic?

  • A Instance cannot access the Internet.
  • B Instance is vulnerable to attacks.
  • C Instance will be terminated immediately.
  • D No network traffic allowed.
Explanation An open inbound rule allows all traffic, increasing vulnerability; the other options incorrectly describe network access behavior.
Q289

Which service is primarily used for email notifications in AWS?

  • A Amazon Simple Notification Service
  • B AWS Lambda
  • C Amazon S3
  • D AWS CloudFormation
Explanation Amazon Simple Notification Service (SNS) is specifically designed for notifications, while the others serve different purposes.
Q290

A company needs to implement cross-account access for an IAM role; which solution is correct?

  • A Use trust policy in role
  • B Use IAM user permissions
  • C Use security groups
  • D Use EC2 instance profiles
Explanation Trust policies allow one account to assume a role in another, making A correct while the others do not address cross-account access.