Amazon AWS

AWS Certified Solutions Architect – Professional

SAP-C02
Popular

The AWS Certified Solutions Architect – Professional (SAP-C02) exam validates advanced skills in designing distributed systems on AWS. It is ideal for experienced architects looking to demonstrate their expertise.

485 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 321–330 of 485

Q321

What happens when an IAM user is not granted any permissions?

  • A The user can access all resources
  • B The user can access only EC2
  • C The user cannot access anything
  • D The user can access IAM resources
Explanation IAM users without permissions cannot access any AWS resources.
Q322

Which service allows you to create and manage AWS infrastructure as code?

  • A AWS CloudFormation
  • B AWS CodeDeploy
  • C AWS Elastic Beanstalk
  • D AWS IAM
Explanation AWS CloudFormation enables infrastructure as code, while others focus on deployment or access control.
Q323

A company needs to control access to resources based on users' location. Which service can help implement this?

  • A AWS IAM
  • B Amazon CloudFront
  • C AWS Organizations
  • D AWS WAF
Explanation AWS IAM policies can include conditions for IP address ranges, while others do not primarily control access based on location.
Q324

You are configuring an Amazon RDS instance with Multi-AZ. What happens during a failover?

  • A No downtime, seamless transition
  • B Instance switched with no data loss
  • C Total downtime until manual intervention
  • D Switch to Read Replica only
Explanation Multi-AZ failover transitions to a standby without data loss, while other options misrepresent the failover mechanism.
Q325

Which service can initiate an AWS Lambda function in response to changes in an S3 bucket?

  • A S3 Event Notifications
  • B CloudTrail
  • C CloudWatch Events
  • D SNS Messaging
Explanation S3 Event Notifications directly trigger Lambda functions, unlike the other options.
Q326

A company needs to securely share access to their AWS resources with third-party vendors. What should they use?

  • A IAM Roles
  • B VPC Peering
  • C Amazon Cognito
  • D AWS Lambda
Explanation IAM Roles allow secure access sharing, while others do not handle third-party access directly.
Q327

You are configuring routing within an AWS VPC. What happens if you specify a route with a CIDR block that is a superset of your existing routes?

  • A The superset route overwrites existing routes
  • B Existing routes are preserved regardless
  • C Traffic is blocked immediately
  • D Only some routes are overwritten
Explanation A superset route will take precedence, replacing existing narrow routes.
Q328

Which service allows you to deploy applications using Docker containers?

  • A Amazon ECS
  • B Amazon RDS
  • C AWS Lambda
  • D Amazon S3
Explanation Amazon ECS is designed specifically for container orchestration, while RDS is for databases, Lambda for serverless functions, and S3 for object storage.
Q329

A company needs to ensure that its sensitive data is not accessible from the public internet. What is the best solution?

  • A Use AWS IAM Roles
  • B Utilize VPC with private subnets
  • C Enable AWS CloudTrail
  • D Implement Multi-Factor Authentication
Explanation Using VPC with private subnets restricts access from the public internet, whereas IAM Roles and MFA do not restrict network access, and CloudTrail is for logging activities.
Q330

What happens when an AWS Auto Scaling group reaches its maximum instance limit?

  • A Scaling operations are stopped
  • B New instances are added immediately
  • C Instances are removed randomly
  • D Error notifications are sent out
Explanation Once the maximum limit is reached, additional scaling activities are halted until capacity is reduced, while other options do not accurately describe the behavior.