Free Amazon Web Services SAP-C02 Practice Exam with Questions & Answers | Set: 5

The best solution is to stream the data to an Amazon Kinesis data stream and create an AWS Lambda function to consume the Kinesis data stream and to analyze the data. Amazon Kinesis is a web service that can collect, process, and analyze real-time streaming data from various sources, such as sensors. AWS Lambda is a serverless computing service that can run code in response to events, such as incoming data from a Kinesis data stream. By using AWS Lambda, the company can avoid provisioning or managing servers and scale automatically based on the demand. Amazon Simple Notification Service (Amazon SNS) is a web service that enables applications to send and receive notifications from the cloud. By using Amazon SNS, the company can notify the operations team immediately if any of the parameters fall out of acceptable ranges. This solution meets all the requirements of the company.

https://docs.aws.amazon.com/autoscaling/ec2/userguide/adding-lifecycle-hooks.html

- Refer to Default Result section - If the instance is terminating, both abandon and continue allow the instance to terminate. However, abandon stops any remaining actions, such as other lifecycle hooks, and continue allows any other lifecycle hooks to complete.

https://aws.amazon.com/blogs/infrastructure-and-automation/run-code-before-terminating-an-ec2-auto-scaling-instance/

https://github.com/aws-samples/aws-lambda-lifecycle-hooks-function

https://github.com/aws-samples/aws-lambda-lifecycle-hooks-function/blob/master/cloudformation/template.yaml

https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-patch.html

https://docs.aws.amazon.com/cur/latest/userguide/billing-cur-limits.html

The requirement is to allow each OU (which contains multiple accounts) to view a cost breakdown across its accounts. In an AWS Organizations setup with consolidated billing, the management account is the central place where organization-level cost and usage reporting is configured and aggregated. The Cost and Usage Report is designed to produce the most detailed cost and usage dataset, and it can include charges for linked (member) accounts. A single CUR created from the management account can include all accounts in the organization, and then filtering can be applied to show cost breakdowns per OU or per team.

Once the CUR is delivered to Amazon S3, analytics tools such as Amazon Athena and Amazon QuickSight can be used to create dashboards. Teams can be provided access to the dataset or curated views and can filter by linked account, tags, and other dimensions. With appropriate cost allocation tags and organizational mapping (for example, account-to-OU mapping maintained in reporting logic), each OU can see its consolidated view.

Option B meets the requirements because it creates one CUR centrally from the management account and uses QuickSight for visualization. This approach is scalable for hundreds of accounts and avoids duplicating CUR configuration in each member account.

Option A is incorrect because AWS Resource Access Manager is not used to create CURs per OU. CUR is not an OU-scoped resource created via RAM.

Option C is not operationally efficient because it requires creating and managing CURs in each member account, producing fragmented datasets and significantly increasing overhead at hundreds of accounts. It also makes it harder to generate a single view per OU across accounts.

Option D is incorrect because Systems Manager does not create CURs, and OpsCenter dashboards are not the standard tool for cost and usage reporting.

Therefore, a centrally created CUR in the management account with QuickSight visualization is the correct solution.

This solution will meet the requirements of the company as it provides a secure, cost-effective and fast way of transferring large data sets from on-premises to AWS. Snowball Edge devices encrypt the data during transfer, and the devices are shipped back to AWS for import into S3. This option is more cost effective than using Direct Connect or VPN connections as it does not require the company to pay for long-term dedicated connections.

The company needs centralized traffic inspection and centralized internet access for multiple workload VPCs connected by a transit gateway. The standard AWS hub-and-spoke pattern for centralized inspection is to use an inspection VPC that hosts network virtual appliances behind a Gateway Load Balancer, and to steer traffic from spoke VPCs through the transit gateway to the inspection VPC. Gateway Load Balancer endpoints are used to privately connect VPCs to the GWLB, allowing traffic to be transparently redirected to the appliances for inspection without changing application configurations.

To ensure symmetric routing for stateful inspection (so that return traffic traverses the same appliance path), appliance mode is enabled on the transit gateway attachment that connects to the inspection VPC. Appliance mode is specifically used with transit gateways and third-party appliances to preserve flow symmetry and avoid asymmetric routing issues.

Option D matches the centralized model: it creates a dedicated inspection VPC that contains the GWLB, endpoints, and the inspection appliance. It updates workload VPC routes to send traffic to the transit gateway and configures the transit gateway route tables to forward relevant traffic to the GWLB endpoints in the inspection VPC. Enabling appliance mode on the transit gateway is the key operational setting to maintain symmetric routing through the appliance fleet for inspected traffic.

Option A is incorrect because it places the inspection components inside an existing workload VPC rather than using a centralized inspection VPC. This increases coupling, makes the architecture harder to manage, and does not match the typical centralized inspection pattern. It also references enabling appliance mode on the GWLB, whereas appliance mode is a transit gateway attachment feature used for routing symmetry with appliances, not a setting “on the GWLB” itself.

Option B is incorrect because it splits the GWLB and endpoints/appliances across different workload VPCs, which complicates the design and is not the intended GWLB pattern. GWLB endpoints are created in VPCs that need to send traffic to the GWLB service; the appliances sit behind the GWLB in the provider/inspection VPC. The option also refers to enabling appliance mode on endpoints, but the appliance mode setting is associated with the transit gateway attachment.

Option C is incorrect because VPC flow logs are for logging and visibility; flow logs do not route traffic. Also, separating “inspection VPC” and “internet access VPC” with the appliances in the internet VPC does not align with the standard GWLB centralized inspection architecture and introduces unnecessary complexity.

Therefore, creating a dedicated inspection VPC with GWLB and endpoints and enabling appliance mode on the transit gateway attachment is the correct centralized approach.

The company should configure Amazon FSx for Lustre with an import and export policy. The company should link the new file system to an S3 bucket. The company should install the Lustre client and mount the document store to an Amazon EC2 instance by using NFS. This solution will meet the requirements with the least amount of effort because Amazon FSx for Lustre is a fully managed service that provides a high-performance filesystem optimized for fast processing of workloads such as machine learning, highperformance computing, video processing, financial modeling, and electronic design automation1. Amazon FSx for Lustre can be linked to an S3 bucket and can import data from and export data to the bucket2. The import and export policy can be configured to automatically import new or changed objects from S3 and export new or changed files to S33. This will ensure that the files are available to the public for download within 30 minutes. Amazon FSx for Lustre supports NFS version 3.0 protocol for Linux clients.

The other options are not correct because:

Migrating the application to an AWS Lambda function would require a lot of effort and may not be feasible for the existing server that generates many documents. Lambda functions have limitations on execution time, memory, disk space, and network bandwidth.

Setting up an Amazon S3 File Gateway would not work because S3 File Gateway does not support write-back caching, which means that files written to the file share are uploaded to S3 immediately and are not available locally until they are downloaded again. This would not provide fast local access to the files that the server generates and modifies.

Configuring AWS DataSync to connect to an Amazon EC2 instance would not meet the requirement of making the files available to the public for download within 30 minutes. DataSync is a service that transfers data between on-premises storage systems and AWS storage services over the internet or AWS Direct Connect. DataSync tasks can be scheduled to run at specific times or intervals, but they are not triggered by file changes.

The current architecture uses a fleet of small EC2 instances that poll SQS for URLs and write results to EFS. Because URLs arrive only occasionally and each crawl takes 10 seconds or less, EC2 instances are often idle waiting for messages. This leads to unnecessary compute and storage costs.

This workload is naturally event-driven: each URL in the SQS queue triggers a short-lived crawl operation. AWS Lambda is well suited for such event-driven, short-duration tasks. Lambda integrates natively with Amazon SQS as an event source, which allows Lambda to poll the SQS queue automatically and invoke functions when messages arrive, scaling the concurrency up and down as needed. When there are no messages, there are no Lambda invocations and no compute charges, eliminating the cost of idle EC2 instances.

For storage of crawl results, Amazon S3 is a highly durable, cost-effective object store. The current use of an EFS file system mounted on all instances is no longer necessary if each Lambda invocation can write the output directly to S3 as objects (for example, CSV files). S3 charges only for the storage used and requests, and does not require continuously running file system infrastructure.

Option B replaces the idle fleet of EC2 instances with a Lambda function that reads from SQS. This aligns compute usage with actual work and takes advantage of serverless scaling and pricing.

Option E modifies the web-crawling process to store results in Amazon S3 instead of EFS, removing the need to maintain an EFS file system and its associated costs.

Option A increases instance size to m5.8xlarge, which greatly increases capacity and cost. Reducing the number of instances by 50% does not offset the large increase in instance size; it does not address idle capacity and likely increases overall cost.

Option C uses Amazon Neptune, which is a managed graph database service. It is not needed for storing simple CSV output; it is more complex and more expensive than S3 for this use case.

Option D uses Aurora Serverless MySQL. While Aurora Serverless can automatically scale, using a relational database to store simple crawl outputs adds unnecessary cost and operational complexity compared to S3 objects.

Therefore, moving the crawling logic to Lambda triggered by SQS (option B) and writing results directly to Amazon S3 (option E) meets the requirements in the most cost-effective way.

A is correct becausedefault AWS-managed KMS keys cannot be shared across accounts. Therefore, the only way to enable cross-account backup is to restore each RDS instance using acustomer-managed key (CMK)andshare that keywith the central account.

Then, AWS Backup can performcross-account backup operationsusing AWS Organizations trusted access and backup policies.

Option B is incorrect due to theinability to share default keys.

Option C and D are technically invalid — RDS snapshots cannot be decrypted or re-encrypted manually.

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.html

A: To run on Graviton, containers must supportARM64.

C: Graviton-based EC2 instances offer significant cost savings and better price-performance.

E: Once migrated, aSavings Planfor the new instance family ensures additional cost optimization.

B is a non-sensical option.

D and F continue with x86, which is more expensive.

DynamoDB with TTL, cheaper for sustained throughput of small items + suited for fast retrievals. S3 cheaper for storage only, much higher costs with writes. RDS not designed for this use case.

A is correct because:

App2Containersupports packaging .NET Framework apps into containers without porting to .NET Core.

ECS with EC2gives full control over the OS and patching.

ALBhandles microservice-level load balancing.

RDS for SQL Serverwith Multi-AZ ensures high availability.

Options B, C, and D involve Aurora MySQL (incompatible with SQL Server features) orrequire .NET Core, which involves more significant application changes.