Amazon AWS

AWS Certified Solutions Architect – Professional

SAP-C02
Popular

The AWS Certified Solutions Architect – Professional (SAP-C02) exam validates advanced skills in designing distributed systems on AWS. It is ideal for experienced architects looking to demonstrate their expertise.

485 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 311–320 of 485

Q311

A company needs to ensure its sensitive data is only accessible by specific users. Which feature should they utilize?

  • A IAM Policies
  • B Security Groups
  • C VPC Peering
  • D CloudFormation
Explanation IAM Policies allow fine-grained access control, whereas others are not designed for this purpose.
Q312

You are configuring an Auto Scaling group with a desired count of 3. If two instances fail simultaneously, what will happen?

  • A Launch 3 new instances
  • B Launch 2 new instances
  • C No action taken
  • D It will decrease desired count
Explanation The Auto Scaling group will launch 2 new instances to maintain the desired capacity of 3.
Q313

Which service helps in simplifying application architecture by enabling microservices?

  • A AWS Lambda
  • B Amazon EC2
  • C AWS CloudFormation
  • D Amazon RDS
Explanation AWS Lambda allows you to run code without provisioning servers, suitable for microservices; EC2 is for VMs, CloudFormation for infrastructure as code, RDS is for databases.
Q314

A company needs to improve response times for a web application in different geographic locations. What AWS service should they consider?

  • A Amazon CloudFront
  • B AWS Direct Connect
  • C Amazon Route 53
  • D AWS Global Accelerator
Explanation Amazon CloudFront is a CDN that caches content closer to users; Direct Connect is for dedicated network connections, Route 53 for DNS, and Global Accelerator enhances performance but not caching.
Q315

You are configuring IAM policies in AWS. What happens when a user has multiple conflicting policies attached?

  • A User gains all permissions
  • B Deny always takes precedence
  • C Allowed permissions override deny
  • D Conflict causes an error
Explanation Deny always takes precedence over Allow; users do not gain permissions from conflicting policies, permitted actions are only those explicitly allowed without conflict.
Q316

Which service integrates machine learning with AWS services seamlessly?

  • A Amazon SageMaker
  • B AWS Lambda
  • C AWS Glue
  • D Amazon CloudWatch
Explanation Amazon SageMaker is specifically designed to build, train, and deploy machine learning models, while other options serve different purposes.
Q317

A company needs to ensure only authorized VPN users can access their VPC resources. What should they implement?

  • A Security Group only
  • B Network ACL only
  • C AWS IAM roles
  • D VPN with IAM user policies
Explanation Implementing a VPN with IAM user policies ensures access control and security for defined users, unlike the other options which do not restrict access at the user level.
Q318

You are configuring a CloudFront distribution. What happens when the origin server returns a 404 error?

  • A CloudFront caches the 404 error
  • B CloudFront returns a 200 response
  • C CloudFront ignores the 404 error
  • D CloudFront retries the request
Explanation CloudFront does cache 404 errors based on its default behavior, while the other options do not represent how caching errors function.
Q319

Which service allows you to deploy applications without managing servers?

  • A AWS Lambda
  • B Amazon EC2
  • C Amazon RDS
  • D AWS Elastic Beanstalk
Explanation AWS Lambda offers serverless computing, while others require server management.
Q320

A company needs to securely share data between its internal network and AWS. Which solution is best?

  • A AWS Direct Connect
  • B VPC Peering
  • C Amazon CloudFront
  • D AWS VPN
Explanation AWS VPN provides encrypted connections for data sharing, unlike the alternatives.