SAP-C02 Free Sample Questions

A financial services company is modernizing its on-premises data warehouse to AWS. The current system uses a legacy ETL tool that is not cloud-native. The company wants to build a new data lake on Amazon S3 and use a combination of serverless and managed services for ingestion, processing, and analytics. A key requirement is to provide business analysts with a unified SQL interface to query both structured data in Amazon Redshift and semi-structured data (JSON, Parquet) in the data lake. The solution must enforce fine-grained access control at the table and column level for all queries. Which solution meets these requirements most effectively?

A large media organization operates a global video-on-demand platform. The architecture uses AWS Elemental MediaConvert for transcoding, Amazon S3 for storage, and Amazon CloudFront for delivery. The master video files are stored in an S3 bucket in the `us-east-1` Region. To improve transcoding performance and resilience, the company wants to distribute the transcoding workload across `us-east-1`, `eu-west-1`, and `ap-southeast-1`. The goal is to automatically route an incoming transcoding job to the Region with the lowest processing load and ensure the output is available globally with low latency. Which architecture should be implemented to achieve this? (Select TWO).

A hospital is deploying a critical patient records application on AWS, which must comply with HIPAA regulations. The architecture consists of an Application Load Balancer (ALB), an Amazon EC2 Auto Scaling group, and an Amazon Aurora PostgreSQL database. A recent security audit requires that all network traffic between the application servers and the database be inspected for potential SQL injection attacks by a third-party virtual appliance. This inspection must occur without traffic leaving the VPC, and the solution must be highly available. The architecture is deployed across three Availability Zones. Which networking design meets these requirements?

A consultant is reviewing an existing AWS environment for a fast-growing startup. The startup has a single AWS account where all resources (dev, test, prod) are deployed within a single default VPC. This has led to IAM policies becoming overly complex and has caused several accidental terminations of production resources. The startup wants to implement a multi-account structure that improves security, provides cost allocation visibility, and establishes guardrails without slowing down developers. Which of the following is the most effective strategy to recommend?

An e-commerce company's primary application runs on Amazon EC2 instances within an Auto Scaling group and uses an Amazon RDS for MySQL Multi-AZ database. During a recent peak sales event, the RDS instance's CPU utilization reached 100%, causing significant latency and transaction failures. The preliminary analysis shows that 80% of the database operations are read queries from the product catalog. The company needs to improve the application's performance and reliability, especially during traffic spikes, while minimizing changes to the application code. What is the MOST effective solution?

A manufacturing firm is migrating its on-premises SAP S/4HANA environment to AWS. The production environment is business-critical and has a very low tolerance for downtime. The Recovery Time Objective (RTO) is 15 minutes, and the Recovery Point Objective (RPO) is 5 minutes. The firm needs a disaster recovery (DR) solution that enables failover to a different AWS Region. The solution must be cost-effective during normal operations. Which DR strategy should the solutions architect recommend?

A company has a hybrid cloud setup with an on-premises data center connected to an AWS VPC via AWS Direct Connect. An application running on-premises needs to privately and securely upload large data files directly into an Amazon S3 bucket. The company's security policy prohibits any data from traversing the public internet. Which configuration will allow the on-premises application to access the S3 bucket while adhering to the security policy?

True or False: When using AWS Organizations, a Service Control Policy (SCP) that explicitly denies an action (e.g., `ec2:RunInstances`) in an Organizational Unit (OU) can be overridden by an IAM policy attached to a user within an account in that OU that explicitly allows the same action.

A solutions architect is designing a centralized logging solution for a large enterprise with hundreds of AWS accounts managed under AWS Organizations. The requirements are: 1. All AWS CloudTrail logs from all member accounts must be aggregated into a central Amazon S3 bucket in a dedicated 'Log Archive' account. 2. The solution should automatically enforce this configuration for any new accounts added to the organization. 3. Member accounts must not be able to disable or modify their CloudTrail configuration. 4. The central security team needs to query these logs using Amazon Athena from a separate 'Audit' account. Arrange the following steps in the correct order to implement this solution.