Amazon AWS

AWS Certified Solutions Architect – Professional

SAP-C02
Popular

The AWS Certified Solutions Architect – Professional (SAP-C02) exam validates advanced skills in designing distributed systems on AWS. It is ideal for experienced architects looking to demonstrate their expertise.

485 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 41–50 of 485

Q41

A company needs to switch its S3 bucket to be private. What is the FIRST step?

  • A Delete existing ACLs
  • B Update bucket policy
  • C Enable MFA Delete
  • D Change storage class
Explanation Updating the bucket policy is the first step to restricting access, whereas ACLs control access at a different level.
Q42

You are configuring IAM roles for cross-account access. What happens if the trust policy is incorrect?

  • A Access will be granted
  • B Access denied across accounts
  • C Will use default permissions
  • D Policies are merged automatically
Explanation An incorrect trust policy denies access; IAM roles require correct configurations for cross-account permissions.
Q43

Which service provides managed Apache Kafka?

  • A Amazon MSK
  • B AWS Lambda
  • C Amazon S3
  • D Amazon Redshift
Explanation Amazon MSK is the only managed Kafka service; others are unrelated services.
Q44

A company needs to deploy a multi-tenant SaaS application. What AWS service can facilitate this with minimal operational overhead?

  • A Amazon EC2
  • B AWS Fargate
  • C AWS Lambda
  • D Amazon RDS
Explanation AWS Lambda allows scalable serverless architecture; others require more management.
Q45

You are configuring AWS IAM roles. What happens when a role is not assigned sufficient permissions?

  • A Access is granted by default.
  • B Access is denied by default.
  • C Access is granted based on user history.
  • D Access is granted to all resources.
Explanation IAM operates on the principle of least privilege; access is denied when permissions are insufficient.
Q46

Which service can you use to orchestrate a CI/CD pipeline?

  • A AWS CodePipeline
  • B AWS IAM
  • C AWS Snowball
  • D AWS Lambda
Explanation AWS CodePipeline is specifically designed for CI/CD workflow orchestration; the others serve different purposes.
Q47

A company wants to ensure their EC2 instances recover automatically from hardware failures. What should they do?

  • A Use Elastic Load Balancer
  • B Employ EC2 Auto Recovery
  • C Upgrade to Reserved Instances
  • D Implement Amazon S3
Explanation EC2 Auto Recovery automatically recovers instances due to hardware failures; the other options do not provide this functionality.
Q48

You are configuring an IAM role for a Lambda function. Which policy will grant the function access to S3 objects?

  • A s3:ListBucket
  • B s3:GetObject
  • C s3:PutObject
  • D s3:ListAllMyBuckets
Explanation s3:GetObject allows Lambda to retrieve S3 objects; the others do not directly provide this access.
Q49

Which service provides a managed Kubernetes environment in AWS?

  • A AWS Fargate
  • B Amazon EKS
  • C AWS Lambda
  • D Amazon ECS
Explanation Amazon EKS is designed specifically for Kubernetes, while others are for different container orchestration.
Q50

A company needs to allow secure access to their IAM key without embedding it in code. What should they use?

  • A EC2 Instance Roles
  • B S3 Bucket Policies
  • C IAM User Policies
  • D AWS CloudTrail
Explanation EC2 Instance Roles securely provide keys to applications without hardcoding.