100% Free Amazon SAP-C02 Practice Test Questions

Question 1

A company is running a web application in a VPC. The web application runs on a group of Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is using AWS WAF.

An external customer needs to connect to the web application. The company must provide IP addresses to all external customers.

Which solution will meet these requirements with the LEAST operational overhead?

A : Replace the ALB with a Network Load Balancer (NLB). Assign an Elastic IP address to the NLB.

B : Allocate an Elastic IP address. Assign the Elastic IP address to the ALProvide the Elastic IP address to the customer.

C : Create an AWS Global Accelerator standard accelerator. Specify the ALB as the accelerator's endpoint. Provide the accelerator's IP addresses to the customer.

D : Configure an Amazon CloudFront distribution. Set the ALB as the origin. Ping the distribution's DNS name to determine the distribution's public IP address. Provide the IP address to the customer.

Answer: C

Question 2

A company has more than 10.000 sensors that send data to an on-premises Apache Kafka server by using the

Message Queuing Telemetry Transport (MQTT) protocol . The on-premises Kafka server transforms the data

and then stores the results as objects in an Amazon S3 bucket

Recently, the Kafka server crashed. The company lost sensor data while the server was being restored A

solutions architect must create a new design on AWS that is highly available and scalable to prevent a similar

occurrence

Which solution will meet these requirements?

A : Launch two Amazon EC2 instances to host the Kafka server in an active/standby configuration acrosstwo Availability Zones. Create a domain name in Amazon Route 53 Create a Route 53 failover policyRoute the sensors to send the data to the domain name

B : Migrate the on-premises Kafka server to Amazon Managed Streaming for Apache Kafka (AmazonMSK). Create a Network Load Balancer (NLB) that points to the Amazon MSK broker. Enable NLBhealth checks Route the sensors to send the data to the NLB.

C : Deploy AWS loT Core, and connect it to an Amazon Kinesis Data Firehose delivery stream Use anAWS Lambda function to handle data transformation Route the sensors to send the data to AWS loTCore

D : Deploy AWS loT Core, and launch an Amazon EC2 instance to host the Kafka server Configure AWSloT Core to send the data to the EC2 instance Route the sensors to send the data to AWSIoT Core.

Answer: A

Question 3

A private bank is hosting a secure web application that allows its agents to view highly sensitive information about the clients. The amount of traffic that the web app will receive is known and not expected to fluctuate. An SSL will be used as part of the application's data security. The chief information security officer (CISO) is concerned about the security of the SSL private key. The CISO wants to ensure that the key cannot be accidentally or intentionally moved outside the corporate environment. The solutions architect is also concerned that the application logs might contain some sensitive information. The EBS volumes used to store the data are already encrypted. In this scenario, the application logs must be stored securely and durably so that they can only be decrypted by authorized employees.

Which of the following is the most suitable and highly available architecture that can meet all of the requirements?

A : Distribute traffic to a set of web servers using an Elastic Load Balancer that performs TCP load balancing. Use CloudHSM deployed to two Availability Zones to perform the SSL transactions and deliver your application logs to a private Amazon S3 bucket using server-side encryption.

B : Distribute traffic to a set of web servers using an Elastic Load Balancer. To secure the SSL private key, upload the key to the load balancer and configure the load balancer to offload the SSL traffic. Lastly, write your application logs to an instance store volume that has been encrypted using a randomly generated AES key.

C : Distribute traffic to a set of web servers using an Elastic Load Balancer that performs TCP load balancing. Use an AWS CloudHSM to perform the SSL transactions and deliver your application logs to a private Amazon S3 bucket using server-side encryption.

D : Distribute traffic to a set of web servers using an Elastic Load Balancer. Use TCP load balancing for the load balancer and configure your web servers to retrieve the SSL private key from a private Amazon S3 bucket on boot. Use another private Amazon S3 bucket to store your web server logs using Amazon S3 server-side encryption

Answer: A

Question 4

A financial services company sells its software-as-a-service (SaaS) platform for application compliance to large global banks. The SaaS platform runs on AWS and uses multiple AWS accounts that are managed in an organization in AWS Organizations. The SaaS platform uses many AWS resources globally. For regulatory compliance, all API calls to AWS resources must be audited, tracked for changes, and stored in a durable and secure data store. Which solution will meet these requirements with the LEAST operational overhead?

A : Create a new AWS CloudTrail trail. Use an existing Amazon S3 bucket in the organization's management account to store the logs. Deploy the trail to all AWS Regions. Enable MFA delete and encryption on the S3 bucket.

B : Create a new AWS CloudTrail trail in each member account of the organization. Create new Amazon S3 buckets to store the logs. Deploy the trail to all AWS Regions. Enable MFA delete and encryption on the S3 buckets.

C : Create a new AWS CloudTrail trail in the organization's management account. Create a new Amazon S3 bucket with versioning turned on to store the logs. Deploy the trail for all accounts in the organization. Enable MFA delete and encryption on the S3 bucket.

D : Create a new AWS CloudTrail trail in the organization's management account. Create a new Amazon S3 bucket to store the logs. Configure Amazon Simple Notification Service (Amazon SNS) to send log-file delivery notifications to an external management system that will track the logs. Enable MFA delete and encryption on the S3 bucket

Answer: C

Question 5

A company that provisions job boards for a seasonal workforce is seeing an increase in traffic and usage. The backend services run on a pair of Amazon EC2 instances behind an Application Load Balancer with Amazon DynamoDB as the datastore. Application read and write traffic is slow during peak seasons. Which option provides a scalable application architecture to handle peak seasons with the LEAST development effort?

A : Migrate the backend services to AWS Lambda. Increase the read and write capacity of DynamoDB.

B : Migrate the backend services to AWS Lambda. Configure DynamoDB to use global tables.

C : Use Auto Scaling groups for the backend services. Use DynamoDB auto scaling.

D : Use Auto Scaling groups for the backend services. Use Amazon Simple Queue Service (Amazon SQS) and an AWS Lambda function to write to DynamoDB.

Answer: C

Free Practice Amazon SAP-C02 Exam Questions 2025