Amazon Web Services Updated SAP-C02 Exam Questions and Answers by keegan

The correct answer is A.

A. This solution meets the requirements because it allows the company to create different usage plans for each customer, with different request quotas and time periods. The usage plans can be associated with API keys, which can be distributed to the users of each customer. The API Gateway REST API can invoke the Lambda function using a proxy integration, which passes the request data to the function as input and returns the function output as the response.This solution is scalable, secure, and cost-effective12

B. This solution is incorrect because API Gateway HTTP APIs do not support usage plans or API keys.These features are only available for REST APIs3

C. This solution is incorrect because it does not provide a way to enforce request quotas for each customer. Lambda function aliases can be used to create different versions of the function, but they do not have any quota mechanism.Moreover, this solution exposes the Lambda function URLs directly to the customers, which is not secure or recommended4

D. This solution is incorrect because it does not provide a way to differentiate between customers or users. AWS WAF rate-based rules can be used to limit requests based on IP addresses, but they do not support any other criteria such as user agents or headers.Moreover, this solution adds unnecessary complexity and cost by using an ALB and a VPC56

Developing infrastructure services using AWS CloudFormation templates and uploading them as AWS Service Catalog products to portfolios created in a central AWS account will enable thecompany to centrally manage the creation of infrastructure services and control who can use them1. AWS Service Catalog allows you to create and manage catalogs of IT services that are approved for use on AWS2. You can organize products into portfolios, which are collections of products along with configuration information3. You can share portfolios with other accounts in your organization using AWS Organizations4.

Allowing user IAM roles to have ServiceCatalogEndUserAccess permissions only and using an automation script to import the central portfolios to local AWS accounts, copy the TagOption, assign users access, and apply launch constraints will enable the company to provide least privilege access to users when launching AWS infrastructure services. ServiceCatalogEndUserAccess is a managed IAM policy that grants users permission to list and view products and launch product instances. An automation script can help import the shared portfolios from the central account to the local accounts, copy the TagOption from the central account, assign users access to the portfolios, and apply launch constraints that specify which IAM role or user can provision a product.

Using the AWS Service Catalog TagOption Library to maintain a list of tags required by the company and applying the TagOption to AWS Service Catalog products or portfolios will enable the company to enforce tags on any infrastructure that is started by users. TagOptions are key-value pairs that you can use to classify your AWS Service Catalog resources. You can create a TagOption Library that contains all the tags that you want to use across your organization. You can apply TagOptions to products or portfolios, and they will be automatically applied to any provisioned product instances.

Creating a product from an existing CloudFormation template

What is AWS Service Catalog?

Working with portfolios

Sharing a portfolio with AWS Organizations

[Providing least privilege access for users]

[AWS managed policies for job functions]

[Importing shared portfolios]

[Enforcing tag policies]

[Working with TagOptions]

[Creating a TagOption Library]

[Applying TagOptions]

AWS Cost Anomaly Detection is a feature of the AWS Cost Management suite that leverages machine learning to enable continuous monitoring of your AWS costs and usage, allowing you to identify unexpected and abnormal spending1. You can create cost monitors that evaluate specific AWS services, member accounts, cost allocation tags, orcost categories based on your AWS account structure2. You can also configure alert subscriptions that notify you when a cost monitor detects an anomaly that meets your threshold2. In this case, you can create a cost monitor with a monitor type of AWS Service and apply a filter of Amazon EC2 to track the EC2 usage as a metric. You can then configure an alert subscription to notify the architecture team if the usage is 10% more than the average usage for the last 30 days, which is the anomaly detection period used by AWS Cost Anomaly Detection3.

https://docs.aws.amazon.com/controltower/latest/userguide/controls.html https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-controls.html#ebs-enable-encryption AWS is now transitioning the previous term ' guardrail ' new term ' control ' .