Vendor: Amazon
Certifications: AWS Certified Professional
Exam Name: AWS Certified Solutions Architect - Professional (SAP-C01)
Exam Code: SAP-C01
Total Questions: 973 Q&As
Last Updated: Jan 18, 2023
Note: Product instant download. Please sign in and click My account to download your product.
CertBus Has the Latest SAP-C01 Exam Dumps in Both PDF and VCE Format
SAP-C01 Online Practice Questions and Answers
A company is migrating its on-premises build artifact server to an AWS solution. The current system consists of an Apache HTTP server that serves artifacts to clients on the local network, restricted by the perimeter firewall. The artifact consumers are largely build automation scripts that download artifacts via anonymous HTTP, which the company will be unable to modify within its migration timetable.
The company decides to move the solution to Amazon S3 static website hosting. The artifact consumers will be migrated to Amazon EC2 instances located within both public and private subnets in a virtual private cloud (VPC).
Which solution will permit the artifact consumers to download artifacts without modifying the existing automation scripts?
A. Create a NAT gateway within a public subnet of the VPC. Add a default route pointing to the NAT gateway into the route table associated with the subnets containing consumers. Configure the bucket policy to allow the s3:ListBucket and s3:GetObject actions using the condition IpAddress and the condition key aws:SourceIp matching the elastic IP address of the NAT gateway.
B. Create a VPC endpoint and add it to the route table associated with subnets containing consumers. Configure the bucket policy to allow s3:ListBucket and s3:GetObject actions using the condition StringEquals and the condition key aws:sourceVpce matching the identification of the VPC endpoint.
C. Create an IAM role and instance profile for Amazon EC2 and attach it to the instances that consume build artifacts. Configure the bucket policy to allow the s3:ListBucket and s3:GetObjects actions for the principal matching the IAM role created.
D. Create a VPC endpoint and add it to the route table associated with subnets containing consumers. Configure the bucket policy to allow s3:ListBucket and s3:GetObject actions using the condition IpAddress and the condition key aws:SourceIp matching the VPC CIDR block.
A company is using an on-premises Active Directory service for user authentication. The company wants to use the same authentication service to sign in to the company's AWS accounts, which are using AWS Organizations. AWS Site-to- Site VPN connectivity already exists between the on-premises environment and all the company's AWS accounts.
The company's security policy requires conditional access to the accounts based on user groups and roles. User identities must be managed in a single location.
Which solution will meet these requirements?
A. Configure AWS Single Sign-On (AWS SSO) to connect to Active Directory by using SAML 2.0. Enable automatic provisioning by using the System for Cross-domain Identity Management (SCIM) v2.0 protocol. Grant access to the AWS accounts by using attribute-based access controls (ABACs).
B. Configure AWS Single Sign-On (AWS SSO) by using AWS SSO as an identity source. Enable automatic provisioning by using the System for Cross-domain Identity Management (SCIM) v2.0 protocol. Grant access to the AWS accounts by using AWS SSO permission sets.
C. In one of the company's AWS accounts, configure AWS Identity and Access Management (IAM) to use a SAML 2.0 identity provider. Provision IAM users that are mapped to the federated users. Grant access that corresponds to appropriate groups in Active Directory. Grant access to the required AWS accounts by using cross-account IAM users.
D. In one of the company's AWS accounts, configure AWS Identity and Access Management (IAM) to use an OpenID Connect (OIDC) identity provider. Provision IAM roles that grant access to the AWS account for the federated users that correspond to appropriate groups in Active Directory. Grant access to the required AWS accounts by using cross-account IAM roles.
A company runs an application on AWS. An AWS Lambda function uses credentials to authenticate to an Amazon RDS for MySQL DB instance. A security risk assessment identified that these credentials are not frequently rotated. Also, encryption at rest is not enabled for the DB instance. The security team requires that both of these issues be resolved.
Which strategy should a solutions architect recommend to remediate these security risks?
A. Configure the Lambda function to store and retrieve the database credentials in AWS Secrets Manager and enable rotation of the credentials. Take a snapshot of the DB instance and encrypt a copy of that snapshot. Replace the DB instance with a new DB instance that is based on the encrypted snapshot.
B. Enable IAM DB authentication on the DB instance. Grant the Lambda execution role access to the DB instance. Modify the DB instance and enable encryption.
C. Enable IAM DB authentication on the DB instance. Grant the Lambda execution role access to the DB instance. Create an encrypted read replica of the DB instance. Promote the encrypted read replica to be the new primary node.
D. Configure the Lambda function to store and retrieve the database credentials as encrypted AWS Systems Manager Parameter Store parameters. Create another Lambda function to automatically rotate the credentials. Create an encrypted read replica of the DB instance. Promote the encrypted read replica to be the new primary node.
Ron Ferguson
The dumps is quite valid. I got all questions from this dumps and passed with a full score. I don't know why people give bad comment on this site. I think their dumps are really up to date and accurate. If you do not have enough time to prepare for your exam, it's enough to use this dumps only. They update the questions very frequently. You may get new questions in a short time after the exam questions changed.
GB
In short, I passed the {sku} today, after using this exam dumps and the online training I registered for months ago. These Q&As help me pass the exam. Thanks, you guys.
Walls
I love this dumps. It really helpful and convenient. Recommend strongly.
Ravi
Valid study material! Go get it now!!!
10.110.0.5
Valid dumps. Answers are accurate. I come get few new questions in the exam. Maybe 2-3 VERY SIMPLE. Good Luck All!!!!
zulqurnain
i have passed today, All the questions are from their dumps, thanks for this dumps.
Pasi
took the exams yesterday and passed. I was very scared at first because the labs came in first so I was spending like 10 to 13mins so I started rushing after the first three labs thinking that I will have more labs. I ended up finishing the exam in an hour.. dumps are valid.
Stain
I honestly started reading through the questions and re-reading it every night starting one month out from the test. I don't think I saw anything on the test that I didn't see at least tangentially covered in these questions.
Benjamin
The support team is very good. I found a question with an incorrect answer and contact the customer support. I'm not sure if the answers is wrong and I just need the confirmation from the expert team. They contact me immediately and give me the detailed explanations for this answer. My fault. The answer is correct one. Grate job, team! Thanks so much for your professional support!
Potter
This is really a good exam dump. This is my first exam and I passed it easily. Thanks so much for your great dumps. I will recommend this to all my colleagues who are going to take exams. Thank a million.
Experience Certbus exam material in PDF version.
Simply submit your e-mail address
below to get started with our PDF real exam demo of your
Amazon SAP-C01 exam.
Instant download
Latest update demo according to real exam