SAP-C01 Questions and Answers

  Printable PDF

AWS Certified Solutions Architect - Professional (SAP-C01): SAP-C01

Rating: 5.0

Vendor: Amazon

Certifications: AWS Certified Professional

Exam Name: AWS Certified Solutions Architect - Professional (SAP-C01)

Exam Code: SAP-C01

Total Questions: 973 Q&As

Last Updated: Jan 18, 2023

Note: Product instant download. Please sign in and click My account to download your product.

PDF Only: $45.99 VCE Only: $49.99 VCE + PDF: $59.99

Amazon SAP-C01 PDF&VCE Dumps Download

  • 99.5% Pass Rate
  • 365 Days Free Update
  • Verified By Professional IT Experts
  • 24/7 Live Support
  • 378,380+ Satisfied Customers
  • 3 Days Preparation Before Test
  • 18 Years Experience
  • 6000+ IT Exam Dumps
  • 100% Safe Shopping Experience

Amazon SAP-C01 Last Month Results

694
Successful Stories of Amazon SAP-C01 Exam
95.6%
High Score Rate in Actual Amazon Exams
92.8%
Same Questions from the Latest Real Exam

SAP-C01 Online Practice Questions and Answers

Questions 1

A company is migrating its on-premises build artifact server to an AWS solution. The current system consists of an Apache HTTP server that serves artifacts to clients on the local network, restricted by the perimeter firewall. The artifact consumers are largely build automation scripts that download artifacts via anonymous HTTP, which the company will be unable to modify within its migration timetable.

The company decides to move the solution to Amazon S3 static website hosting. The artifact consumers will be migrated to Amazon EC2 instances located within both public and private subnets in a virtual private cloud (VPC).

Which solution will permit the artifact consumers to download artifacts without modifying the existing automation scripts?

A. Create a NAT gateway within a public subnet of the VPC. Add a default route pointing to the NAT gateway into the route table associated with the subnets containing consumers. Configure the bucket policy to allow the s3:ListBucket and s3:GetObject actions using the condition IpAddress and the condition key aws:SourceIp matching the elastic IP address of the NAT gateway.

B. Create a VPC endpoint and add it to the route table associated with subnets containing consumers. Configure the bucket policy to allow s3:ListBucket and s3:GetObject actions using the condition StringEquals and the condition key aws:sourceVpce matching the identification of the VPC endpoint.

C. Create an IAM role and instance profile for Amazon EC2 and attach it to the instances that consume build artifacts. Configure the bucket policy to allow the s3:ListBucket and s3:GetObjects actions for the principal matching the IAM role created.

D. Create a VPC endpoint and add it to the route table associated with subnets containing consumers. Configure the bucket policy to allow s3:ListBucket and s3:GetObject actions using the condition IpAddress and the condition key aws:SourceIp matching the VPC CIDR block.

Show Answer
Questions 2

A company is using an on-premises Active Directory service for user authentication. The company wants to use the same authentication service to sign in to the company's AWS accounts, which are using AWS Organizations. AWS Site-to- Site VPN connectivity already exists between the on-premises environment and all the company's AWS accounts.

The company's security policy requires conditional access to the accounts based on user groups and roles. User identities must be managed in a single location.

Which solution will meet these requirements?

A. Configure AWS Single Sign-On (AWS SSO) to connect to Active Directory by using SAML 2.0. Enable automatic provisioning by using the System for Cross-domain Identity Management (SCIM) v2.0 protocol. Grant access to the AWS accounts by using attribute-based access controls (ABACs).

B. Configure AWS Single Sign-On (AWS SSO) by using AWS SSO as an identity source. Enable automatic provisioning by using the System for Cross-domain Identity Management (SCIM) v2.0 protocol. Grant access to the AWS accounts by using AWS SSO permission sets.

C. In one of the company's AWS accounts, configure AWS Identity and Access Management (IAM) to use a SAML 2.0 identity provider. Provision IAM users that are mapped to the federated users. Grant access that corresponds to appropriate groups in Active Directory. Grant access to the required AWS accounts by using cross-account IAM users.

D. In one of the company's AWS accounts, configure AWS Identity and Access Management (IAM) to use an OpenID Connect (OIDC) identity provider. Provision IAM roles that grant access to the AWS account for the federated users that correspond to appropriate groups in Active Directory. Grant access to the required AWS accounts by using cross-account IAM roles.

Show Answer
Questions 3

A company runs an application on AWS. An AWS Lambda function uses credentials to authenticate to an Amazon RDS for MySQL DB instance. A security risk assessment identified that these credentials are not frequently rotated. Also, encryption at rest is not enabled for the DB instance. The security team requires that both of these issues be resolved.

Which strategy should a solutions architect recommend to remediate these security risks?

A. Configure the Lambda function to store and retrieve the database credentials in AWS Secrets Manager and enable rotation of the credentials. Take a snapshot of the DB instance and encrypt a copy of that snapshot. Replace the DB instance with a new DB instance that is based on the encrypted snapshot.

B. Enable IAM DB authentication on the DB instance. Grant the Lambda execution role access to the DB instance. Modify the DB instance and enable encryption.

C. Enable IAM DB authentication on the DB instance. Grant the Lambda execution role access to the DB instance. Create an encrypted read replica of the DB instance. Promote the encrypted read replica to be the new primary node.

D. Configure the Lambda function to store and retrieve the database credentials as encrypted AWS Systems Manager Parameter Store parameters. Create another Lambda function to automatically rotate the credentials. Create an encrypted read replica of the DB instance. Promote the encrypted read replica to be the new primary node.

Show Answer More Questions

Success Stories

Ron Ferguson

  • Washington
  • Jan 25, 2023
  • Rating: 5.0 / 5.0

The dumps is quite valid. I got all questions from this dumps and passed with a full score. I don't know why people give bad comment on this site. I think their dumps are really up to date and accurate. If you do not have enough time to prepare for your exam, it's enough to use this dumps only. They update the questions very frequently. You may get new questions in a short time after the exam questions changed.


GB

  • London
  • Jan 24, 2023
  • Rating: 5.0 / 5.0

In short, I passed the {sku} today, after using this exam dumps and the online training I registered for months ago. These Q&As help me pass the exam. Thanks, you guys.


Walls

  • Egypt
  • Jan 22, 2023
  • Rating: 4.2 / 5.0

I love this dumps. It really helpful and convenient. Recommend strongly.


Ravi

  • Indonesia
  • Jan 22, 2023
  • Rating: 4.3 / 5.0

Valid study material! Go get it now!!!


10.110.0.5

  • Luxembourg
  • Jan 22, 2023
  • Rating: 5.0 / 5.0

Valid dumps. Answers are accurate. I come get few new questions in the exam. Maybe 2-3 VERY SIMPLE. Good Luck All!!!!


zulqurnain

  • Pakistan
  • Jan 21, 2023
  • Rating: 4.8 / 5.0

i have passed today, All the questions are from their dumps, thanks for this dumps.


Pasi

  • Australia
  • Jan 20, 2023
  • Rating: 4.7 / 5.0

took the exams yesterday and passed. I was very scared at first because the labs came in first so I was spending like 10 to 13mins so I started rushing after the first three labs thinking that I will have more labs. I ended up finishing the exam in an hour.. dumps are valid.


Stain

  • United States
  • Jan 20, 2023
  • Rating: 5.0 / 5.0

I honestly started reading through the questions and re-reading it every night starting one month out from the test. I don't think I saw anything on the test that I didn't see at least tangentially covered in these questions.


Benjamin

  • Quebec
  • Jan 19, 2023
  • Rating: 5.0 / 5.0

The support team is very good. I found a question with an incorrect answer and contact the customer support. I'm not sure if the answers is wrong and I just need the confirmation from the expert team. They contact me immediately and give me the detailed explanations for this answer. My fault. The answer is correct one. Grate job, team! Thanks so much for your professional support!


Potter

  • Deutschland
  • Jan 18, 2023
  • Rating: 5.0 / 5.0

This is really a good exam dump. This is my first exam and I passed it easily. Thanks so much for your great dumps. I will recommend this to all my colleagues who are going to take exams. Thank a million.


Download Free Amazon SAP-C01 Demo

Experience Certbus exam material in PDF version.
Simply submit your e-mail address below to get started with our PDF real exam demo of your Amazon SAP-C01 exam.

Instant download
Latest update demo according to real exam

*Email Address

* Our demo shows only a few questions from your selected exam for evaluating purposes