Amazon Web Services nwexams ace Your Sap-c02 Aws Certified Professional Exam by Harlan q337 vce pdf

Page: 8 / 48

Exam Name:	AWS Certified Solutions Architect - Professional
Exam Code:	SAP-C02 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Professional
Questions:	645 Q&A's	Shared By:	harlan

Question 32

A company is planning to migrate an on-premises data center to AWS. The company currently hosts the data center on Linux-based VMware VMs. A solutions architect must collect information about network dependencies between the VMs. The information must be in the form of a diagram that details host IP addresses, hostnames, and network connection information.

Which solution will meet these requirements?

Options:

Use AWS Application Discovery Service. Select an AWS Migration Hub home AWS Region. Install the AWS Application Discovery Agent on the on-premises servers for data collection. Grant permissions to Application Discovery Service to use the Migration Hub network diagrams.

Use the AWS Application Discovery Service Agentless Collector for server data collection. Export the network diagrams from the AWS Migration Hub in .png format.

Install the AWS Application Migration Service agent on the on-premises servers for data collection. Use AWS Migration Hub data in Workload Discovery on AWS to generate network diagrams.

Install the AWS Application Migration Service agent on the on-premises servers for data collection. Export data from AWS Migration Hub in .csv format into an Amazon CloudWatch dashboard to generate network diagrams.

Discussion

Question 33

A company is deploying a new API to AWS. The API uses Amazon API Gateway with a Regional API endpoint and an AWS Lambda function for hosting. The API retrieves data from an external vendor API, stores data in an Amazon DynamoDB global table, and retrieves data from the DynamoDB global table. The API key for the vendor ' s API is stored in AWS Secrets Manager and is encrypted with a customer managed key in AWS Key Management Service (AWS KMS). The company has deployed its own API into a single AWS Region.

A solutions architect needs to change the API components of the company ' s API to ensure that the components can run across multiple Regions in an active-active configuration.

Which combination of changes will meet this requirement with the LEAST operational overhead? (Choose three.)

Options:

Deploy the API to multiple Regions. Configure Amazon Route 53 with custom domain names that route traffic to each Regional API endpoint. Implement a Route 53 multivalue answer routing policy.

Create a new KMS multi-Region customer managed key. Create a new KMS customer managed replica key in each in-scope Region.

Replicate the existing Secrets Manager secret to other Regions. For each in-scope Region ' s replicated secret, select the appropriate KMS key.

Create a new AWS managed KMS key in each in-scope Region. Convert an existing key to a multi-Region key. Use the multi-Region key in other Regions.

Create a new Secrets Manager secret in each in-scope Region. Copy the secret value from the existing Region to the new secret in each in-scope Region.

Modify the deployment process for the Lambda function to repeat the deployment across in-scope Regions. Turn on the multi-Region option for the existing API. Select the Lambda function that is deployed in each Region as the backend for the multi-Region API.

Discussion

Answer:

A, B, C

Explanation:

The combination of changes that will meet the requirement with the least operational overhead are:

A. Deploy the API to multiple Regions. Configure Amazon Route 53 with custom domain names that route traffic to each Regional API endpoint.Implement a Route 53 multivalue answer routing policy.

B. Create a new KMS multi-Region customer managed key. Create a new KMS customer managed replica key in each in-scope Region.

C. Replicate the existing Secrets Manager secret to other Regions. For each in-scope Region’s replicated secret, select the appropriate KMS key.

These changes will enable the company to have an active-active configuration for its API across multiple Regions, while minimizing the complexity and cost of managing the secrets and keys.

A. This change will allow the company to use Route 53 to distribute traffic across multiple Regional API endpoints, based on the availability and latency of each endpoint.This will improve the performance and availability of the API for global customers12

B. This change will allow the company to use KMS multi-Region keys, which are KMS keys in different Regions that can be used interchangeably.This will simplify the encryption and decryption of secrets across Regions, as the same key material and key ID can be used in any Region34

C. This change will allow the company to use Secrets Manager replication, which replicates the encrypted secret data and metadata across the specified Regions.This will ensure that the secrets are consistent and accessible in any Region, andthat any update made to the primary secret will be propagated to the replica secrets automatically56

[References:, 1:Creating a regional API endpoint - Amazon API Gateway2:Multivalue answer routing policy - Amazon Route 533:Multi-Region keys in AWS KMS - AWS Key Management Service4:Creating multi-Region keys - AWS Key Management Service5:Replicate an AWS Secrets Manager secret to other AWS Regions6:How to replicate secrets in AWS Secrets Manager to multiple Regions | AWS Security Blog, , , , , , , , ]

Fatima

Hey I passed my exam. The world needs to know about it. I have never seen real exam questions on any other exam preparation resource like I saw on Cramkey Dumps.

Niamh Mar 23, 2026

That's true. Cramkey Dumps are simply the best when it comes to preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.

Robin

Cramkey is highly recommended.

Jonah Mar 22, 2026

Definitely. If you're looking for a reliable and effective study resource, look no further than Cramkey Dumps. They're simply wonderful!

Rae

I tried using Cramkey dumps for my recent certification exam and I found them to be more accurate and up-to-date compared to other dumps I've seen. Passed the exam with wonderful score.

Rayyan Mar 14, 2026

I see your point. Thanks for sharing your thoughts. I might give it a try for my next certification exam.

Faye

Yayyyy. I passed my exam. I think all students give these dumps a try.

Emmeline Mar 4, 2026

Definitely! I have no doubt new students will find them to be just as helpful as I did.

Andrew

Are these dumps helpful?

Jeremiah Mar 6, 2026

Yes, Don’t worry!!! I'm confident you'll find them to be just as helpful as I did. Good luck with your exam!

Question 34

A company wants to use AWS IAM Identity Center (AWS Single Sign-On) to manage employee access to AWS services. The company uses AWS Organizations to manage its AWS accounts.

Each employee has their own IAM user. Each IAM user is a member of at least one IAM group. Each IAM group has an attached policy that allows members to assume

specific roles across the accounts. The roles contain appropriate policies for the expected activities of each group of users in each account. All relevant accounts exist inside a single OU.

The company has already created new users and groups in IAM Identity Center to match the permissions that exist in IAM.

How should the company use IAM Identity Center to implement the existing permissions?

Options:

For each group, create policies in each account. Give the policies the same name in each account. Create a new permission set. Add the name of the newpolicies to the permission set. Assign user access to the AWS accounts in IAM Identity Center.

For each group, create a new permission set. Attach the relevant existing IAM roles in each account to the permission set. Create a new customer managedpolicy that allows the group to assume the roles. Assign user access to the AWS accounts in IAM Identity Center.

For each group, create a new permission set. Create policies in each account. Give each policy a unique name. Set the path of each policy to match thename of the permission set. Assign user access to the AWS accounts in IAM Identity Center.

Add the OU to the accounts configuration in IAM Identity Center. For each group, create policies in each account. Create a new permission set. Add the newpolicies to the permission set as customer managed policies. Attach each new policy to the correct account in the account configuration in IAM IdentityCenter.

Discussion

Question 35

A company has automated the nightly retraining of its machine learning models by using AWS Step Functions. The workflow consists of multiple steps that use AWS Lambda Each step can fail for various reasons and any failure causes a failure of the overall workflow

A review reveals that the retraining has failed multiple nights in a row without the company noticing the failure A solutions architect needs to improve the workflow so that notifications are sent for all types of failures in the retraining process

Which combination of steps should the solutions architect take to meet these requirements? (Select THREE)

Options:

Create an Amazon Simple Notification Service (Amazon SNS) topic with a subscription of type " Email " that targets the team ' s mailing list.

Create a task named " Email " that forwards the input arguments to the SNS topic

Add a Catch field all Task Map. and Parallel states that have a statement of " Error Equals " : [ “States. ALL”] and " Next " : " Email " .

Add a new email address to Amazon Simple Email Service (Amazon SES). Verify the email address.

Create a task named " Email " that forwards the input arguments to the SES email address

Add a Catch field to all Task Map, and Parallel states that have a statement of " Error Equals " : [ " states. Runtime”] and " Next " : " Email " .