Free Amazon Web Services SAP-C02 Practice Exam with Questions & Answers | Set: 5

Generally, unstructured data should be converted structured data before querying them. AWS Glue can do that. https://docs.aws.amazon.com/glue/latest/dg/schema-relationalize.html https://docs.aws.amazon.com/athena/latest/ug/glue-athena.html

The requirement is to estimate total cost of ownership before migration. This includes comparing current on-premises costs with projected AWS costs for compute, storage, databases, and related services, and producing a consolidated business-focused TCO view.

AWS Migration Evaluator is the AWS service specifically designed to help customers build data-driven business cases for migrating workloads to AWS. Migration Evaluator collects inventory and utilization data from on-premises environments by using a collector. It then allows architects to model different migration scenarios, map on-premises resources to AWS services such as Amazon EKS managed node groups and Amazon RDS for PostgreSQL, and generate reports that estimate costs, savings, and TCO impacts. The Quick Insights report provides a summarized, executive-level view of the estimated AWS costs, on-premises costs, and projected savings, which directly satisfies the requirement.

Option B is not sufficient because AWS DMS assessment reports focus on database migration feasibility and compatibility, not full workload TCO. The AWS Pricing Calculator can estimate AWS service costs, but it does not automatically incorporate on-premises cost data or provide a consolidated TCO comparison without significant manual effort.

Option C is incorrect because AWS Application Migration Service focuses on rehosting servers and testing migrations. It does not produce comprehensive TCO reports comparing on-premises and AWS environments for container platforms like EKS and managed databases.

Option D is incorrect because the AWS Cloud Economics Center and Cloud Value Framework provide conceptual guidance and methodology, not a workload-specific TCO report. AWS Cost and Usage Reports are used to analyze existing AWS usage, not to estimate costs for workloads that have not yet been migrated.

Therefore, using Migration Evaluator to collect on-premises data, model the target EKS and RDS architecture, and export a Quick Insights TCO report is the correct solution.

Using AWS Database Migration Service (DMS) with an Amazon Aurora PostgreSQL target and the AWS Schema Conversion Tool (SCT) ensures a rapid migration with minimal downtime.

DMS continuously replicates data, supporting near-zero downtime migration while keeping the source and target in sync.

SCT automatically converts the Oracle schema and stored procedures to PostgreSQL-compatible format, minimizing manual effort.

Aurora provides a managed, highly available database that scales across multiple AZs, ensuring high availability for the migrated workload.This method leverages AWS-managed services for database and migration, ensuring a secure, reliable, and low-overhead transition to the cloud.

 The company should create a resource-based IAM policy that includes conditions for specific DynamoDB attributes (fine-grained access control). The company should attach the policy to the DynamoDB table. In the marketing team’s account, the company should create an IAM role that has permissions to access the DynamoDB table in the finance team’s account. This solution will meet the requirements because a resource-based IAM policy is a policy that you attach to an AWS resource (such as a DynamoDB table) to control who can access that resource and what actions they can perform on it. You can use IAM policyconditions to specify fine-grained access control for DynamoDB items and attributes. For example, you can allow or deny access to specific attributes of all items in a table by matching on attribute names1. By creating a resource-based policy that allows access to only specific attributes of the DynamoDB table and attaching it to the table, the company can restrict access to confidential data. By creating an IAM role in the marketing team’s account that has permissions to access the DynamoDB table in the finance team’s account, the company can enable cross-account access.

The other options are not correct because:

Creating an SCP to grant the marketing team’s AWS account access to the specific attributes of the DynamoDB table would not work because SCPs are policies that you can use with AWS Organizations to manage permissions in your organization’s accounts. SCPs do not grant permissions; instead, they specify the maximum permissions that identities in an account can have2. SCPs cannot be used to specify fine-grained access control for DynamoDB items and attributes.

Creating an IAM role in the finance team’s account by using IAM policy conditions for specific DynamoDB attributes and establishing trust with the marketing team’s account would not work because IAM roles are identities that you can create in your account that have specific permissions. You can use an IAM role to delegate access to users, applications, or services that don’t normally have access to your AWS resources3. However, creating an IAM role in the finance team’s account would not restrict access to specific attributes of the DynamoDB table; it would only allow cross-account access. The company would still need a resource-based policy attached to the table to enforce fine-grained access control.

Creating an IAM role in the finance team’s account to access the DynamoDB table and using an IAM permissions boundary to limit the access to the specific attributes would not work because IAM permissions boundaries are policies that you use to delegate permissions management to other users. You can use permissions boundaries to limit the maximum permissions that an identity-based policy can grant to an IAM entity (user or role)4. Permissions boundaries cannot be used to specify fine-grained access control for DynamoDB items and attributes.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPointRequestRouting.htmlhttps://stackoverflow.com/questions/60947157/aws-s3-replication-without- versioning#:~:text=The%20automated%20Same%20Region%20Replication,is%20replicated%20between%20S3%20buckets.

The best solution is to deploy an AWS Lambda function to add capacity to the Amazon Redshift cluster by using an elastic resize operation when the cluster’s CPU metrics in Amazon CloudWatch reach 80%. This solution will enable the cluster to scale up or down quickly by adding or removing nodes within minutes. This will improve the performance of the complex read queries and also reduce the cost by scaling down when the demand decreases. This solution is more cost-effective than using a classic resize operation, which takes longer and requires more downtime. It is also more suitable than using Amazon EMR, which is designed for big data processing rather than data warehousing. References: Amazon Redshift Documentation, Resizing clusters in Amazon Redshift, [Amazon EMR Documentation]

minimizes operational + microservices that run on containers = AWS Elastic Beanstalk

AWS Application Migration Service:

AWS Application Migration Service (MGN) facilitates the migration of virtual machines (VMs) to AWS without installing additional software on the VMs. This agentless service helps in seamlessly migrating workloads to AWS.

AWS Migration Hub Strategy Recommendations:

AWS Migration Hub Strategy Recommendations offer insights and guidance for planning and implementing migration strategies. It helps in generating a Total Cost of Ownership (TCO) report by automatically importing discovery data from the VMs.

Generating the TCO Report:

The combined use of AWS Application Migration Service and Migration Hub Strategy Recommendations enables the automatic import of discovery data and the generation of an accurate TCO report, ensuring a smooth and cost-effective migration process.

References

AWS Migration Hub Strategy Recommendations​(AWS Documentation)​.

The company should use AWS Amplify to create a static website for uploads of media files. The company should use Amplify Hosting to serve the website through Amazon CloudFront. The company should use Amazon S3 to store the uploaded media files. The company should use Amazon Cognito to authenticate users. This solution will meet the requirements with the least operational overhead because AWS Amplify is a complete solution that lets frontend web and mobile developers easily build, ship, and host full-stack applications on AWS, with the flexibility to leverage the breadth of AWS services as use cases evolve. No cloud expertise needed1. By using AWS Amplify, the company can refactor the application to a serverless architecture that reduces operational complexity and costs. AWS Amplify offers the following features and benefits:

Amplify Studio: A visual interface that enables you to build and deploy a full-stack app quickly, including frontend UI and backend.

Amplify CLI: A local toolchain that enables you to configure and manage an app backend with just a few commands.

Amplify Libraries: Open-source client libraries that enable you to build cloud-powered mobile and web apps.

Amplify UI Components: Open-source design system with cloud-connected components for building feature-rich apps fast.

Amplify Hosting: Fully managed CI/CD and hosting for fast, secure, and reliable static and server-side rendered apps.

By using AWS Amplify to create a static website for uploads of media files, the company can leverage Amplify Studio to visually build a pixel-perfect UI and connect it to a cloud backend in clicks. By using Amplify Hosting to serve the website through Amazon CloudFront, the company can easily deploy its web app or website to the fast, secure, and reliable AWS content delivery network (CDN), with hundreds of points of presence globally. Byusing Amazon S3 to store the uploaded media files, the company can benefit from a highly scalable, durable, and cost-effective object storage service that can handle any amount of data2. By using Amazon Cognito to authenticate users, the company can add user sign-up, sign-in, and access control to its web app with a fully managed service that scales to support millions of users3.

The other options are not correct because:

Using AWS Application Migration Service to migrate the application server to Amazon EC2 instances would not refactor the application or accelerate development. AWS Application Migration Service (AWS MGN) is a service that enables you to migrate physical servers, virtual machines (VMs), or cloud servers from any source infrastructure to AWS without requiring agents or specialized tools. However, this would not address the challenges of overutilization and data uploads failures. It would also not reduce operational overhead or costs compared to a serverless architecture.

Creating a static website for uploads of media files and using AWS AppSync to create an API would not be as simple or fast as using AWS Amplify. AWS AppSync is a service that enables you to create flexible APIs for securely accessing, manipulating, and combining data from one or more data sources. However, this would require more configuration and management than using Amplify Studio and Amplify Hosting. It would also not provide authentication features like Amazon Cognito.

Setting up AWS IAM Identity Center (AWS Single Sign-On) to give users the ability to sign in to the application would not be as suitable as using Amazon Cognito. AWS Single Sign-On (AWS SSO) is a service that enables you to centrally manage SSO access and user permissions across multiple AWS accounts and business applications. However, this service is designed for enterprise customers who need to manage access for employees or partners across multiple resources. It is not intended for authenticating end users of web or mobile apps.

A is correct:Quota request templates must be created in us-east-1, the only region that supports them. You specify the desired quotain the correct target Region(ap-southeast-2) for SageMaker training and endpoint usage. This enablesautomatic quota increasesfor newly created accounts in the org.

B, C, and D misconfigure either region or quota type.

https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html

•Use Amazon S3 for web hosting with AWS AppSync for database API services. Use Amazon Simple Queue Service (Amazon SQS) for order queuing. Use AWS Lambda for business logic with an Amazon SQS dead-letter queue for retaining failed orders.

This solution will allow you to:

•Host a static website on Amazon S3 without provisioning or managing servers1.

•Use AWS AppSync to create a scalable GraphQL API that connects to your database and other data sources1.

•Use Amazon SQS to decouple and scale your order processing microservices1.

•Use AWS Lambda to run code for your business logic without provisioning or managing servers1.

•Use an Amazon SQS dead-letter queue to retain messages that can’t be processed by your Lambda function1.

The correct answer would be options A, C and D, because they address the requirements outlined in the question. A. Deploying a landing zone environment using AWS Control Tower and enrolling accounts in an organization in AWS Organizations allows for a centralized management of access to all accounts and applications. C. Creating transit gateways and transit gateway VPC attachments in each account and configuring appropriate route tables allows for private network traffic, and ensures that the production account and shared network account have connectivity to all accounts, while the development and staging accounts have access only to each other. D. Setting up and enabling AWS IAM Identity Center (AWS Single Sign-On) and creating appropriate permission sets with required MFA for existing accounts allows for multi-factor authentication at login and specific roles to be assigned to user groups.

Implementing a disaster recovery strategy that minimizes data loss and addresses performance issues involves creating a read replica of the RDS DB instance in a separate region and directing the finance team's queries to this replica. This solution alleviates the performance impact on the primary database. Using Amazon S3 Cross-Region Replication (CRR) ensures that processed documents are available in the disaster recovery region. In the event of a disaster, the read replica can be promoted to a standalone DB instance, and EC2 instances can be launched from pre-created AMIs to serve the web frontend, thereby ensuring resiliency and minimal data loss.

AWS Documentation on Amazon RDS Read Replicas, Amazon S3 Cross-Region Replication, and Amazon EC2 AMIs provides comprehensive guidance on implementing a robust disaster recovery solution. This approach is in line with AWS best practices for high availability and disaster recovery planning.