Amazon SAP-C02 Exam Dumps

A company that runs applications on AWS recently subscribed to a new software-as-a- service (SaaS) data vendor. The vendor provides the data by way of a REST API that the vendor hosts in its AWS environment The vendor offers multiple options for connectivity to the API and Is working with the company to find the best way to connect.

The company's AWS account does not allow outbound internet access from Its AWS environment The vendor's services run on AWS in the same AWS Region as the company's applications

A solutions architect must Implement connectivity to the vendor's API so that the API is highly available In the company's VPC.

Which solution will meet these requirements?

A. Connect to the vendor's public API address for the data service.

B. Connect to the vendor by way of a VPC peering connection between the vendor's VPC and the company's VPC

C. Connect to the vendor by way of a VPC endpoint service that uses AWS PrivateLink

D. Connect to a public bastion host that the vendor provides Tunnel the API traffic.

A company wants to run a custom network analysis software package to inspect traffic as traffic leaves and enters a VPC. The company has deployed the solution by using AWS Cloud Formation on three Amazon EC2 instances in an Auto Scaling group. All network routing has been established to direct traffic to the EC2 instances.

Whenever the analysis software stops working, the Auto Scaling group replaces an instance. The network routes are not updated when the instance replacement occurs.

Which combination of steps will resolve this issue? {Select THREE.)

A. Create alarms based on EC2 status check metrics that will cause the Auto Scaling group to replace the failed instance.

B. Update the Cloud Formation template to install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatch agent to send process metrics for the application.

C. Update the Cloud Formation template to install AWS Systems Manager Agent on the EC2 instances. Configure Systems Manager Agent to send process metrics for the application.

D. Create an alarm for the custom metric in Amazon CloudWatch for the failure scenarios.Configure the alarm to publish a message to an Amazon Simple Notification Service {Amazon SNS) topic.

E. Create an AWS Lambda function that responds to the Amazon Simple Notification Service (Amazon SNS) message to take the instance out of service. Update the network routes to point to the replacement instance.

F. In the Cloud Formation template, write a condition that updates the network routes when a replacement instance is launched.

A company is using multiple AWS accounts and has multiple DevOps teams running production and non-production workloads in these accounts. The company would like to centrally-restrict access to some of the AWS services that the DevOps teams do not use. The company decided to use AWS Organizations and successfully invited all AWS accounts into the Organization. They would like to allow access to services that are currently in-use and deny a few specific services. Also they would like to administer multiple accounts together as a single unit.

What combination of steps should the solutions architect take to satisfy these requirements? (Choose three.)

A. Use a Deny list strategy.

B. Review the Access Advisor in AWS IAM to determine services recently used

C. Review the AWS Trusted Advisor report to determine services recently used.

D. Remove the default FullAWSAccess SCP.

E. Define organizational units (OUs) and place the member accounts in the OUs.

F. Remove the default DenyAWSAccess SCP.