Amazon Web Services dumpskey helping Hand Questions For Sap-c02 by Byron q295 vce pdf

Page: 15 / 50

Exam Name:	AWS Certified Solutions Architect - Professional
Exam Code:	SAP-C02 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Professional
Questions:	674 Q&A's	Shared By:	byron

Question 60

A company hosts a web application on AWS in the us-east-1 Region The application servers are distributed across three Availability Zones behind an Application Load Balancer. The database is hosted in a MySQL database on an Amazon EC2 instance A solutions architect needs to design a Cross-Region data recovery solution using AWS services with an RTO of less than 5 minutes and an RPO of less than 1 minute. The solutions architect is deploying application servers in us-west-2, and has configured Amazon Route 53 hearth checks and DNS failover to us-west-2

Which additional step should the solutions architect take?

Options:

Migrate the database to an Amazon RDS tor MySQL instance with a cross-Region read replica in us-west-2

Migrate the database to an Amazon Aurora global database with the primary in us-east-1 and the secondary in us-west-2

Migrate the database to an Amazon RDS for MySQL instance with a Multi-AZ deployment.

Create a MySQL standby database on an Amazon EC2 instance in us-west-2

Discussion

Question 61

A company has registered 10 new domain names. The company uses the domains for online marketing. The company needs a solution that will redirect online visitors to a specific URL for each domain. All domains and target URLs are defined in a JSON document. All DNS records are managed by Amazon Route 53.

A solutions architect must implement a redirect service that accepts HTTP and HTTPS requests.

Which combination of steps should the solutions architect take to meet these requirements with the LEAST amount of operational effort? (Choose three.)

Options:

Create a dynamic webpage that runs on an Amazon EC2 instance. Configure the webpage to use the JSON document in combination with the event message to look up and respond with a redirect URL.

Create an Application Load Balancer that includes HTTP and HTTPS listeners.

Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect URL.

Use an Amazon API Gateway API with a custom domain to publish an AWS Lambda function.

Create an Amazon CloudFront distribution. Deploy a Lambda@Edge function.

Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names.

Discussion

Question 62

A company stores data on an Amazon RDS for PostgreSQL DB instance in a private subnet in an AWS database account. Applications that are deployed in different VPCs access this data from different AWS accounts.

The company needs to manage the number of active connections to the DB instance. Communication between all accounts and the database account must be private and must not travel across the internet. The solution must be scalable to accommodate more consumer accounts in the future.

Which solution will meet these requirements?

Options:

Connect all the VPCs in all the accounts by using a transit gateway. Configure a NAT gateway in a public subnet. Route traffic from the NAT gateway through the transit gateway to the DB instance.

Create an RDS proxy in the AWS database account. Create a proxy endpoint in the private subnet. Configure AWS PrivateLink with a Network Load Balancer to provide access to the DB instance.

Create a VPC peering connection between the VPC that contains the DB instance and each VPC from the other accounts. Configure an Application Load Balancer to provide access to the DB instance through the peering connection.

Create a VPC peering connection between the VPC that contains the DB instance and each VPC from the other accounts. Configure a NAT gateway in a public subnet to route traffic to the DB instance.

Discussion

Answer:

Explanation:

There are three core requirements: reduce/manage active database connections, keep communication private without internet exposure, and scale to many consumer accounts over time.

To manage and pool database connections to an Amazon RDS for PostgreSQL DB instance, the AWS-managed service designed for this purpose is Amazon RDS Proxy. RDS Proxy maintains a pool of database connections and multiplexes application connections onto fewer database connections. This reduces connection overhead on the database, improves resiliency during failovers, and helps control the number of active connections that reach the DB instance.

Next, the connectivity must be private across accounts and scalable as more consumer accounts are added. AWS PrivateLink provides scalable, private connectivity between VPCs and services across accounts without requiring VPC peering, transitive routing, or exposing traffic to the public internet. With PrivateLink, the database account can publish an endpoint service backed by a Network Load Balancer, and consumer accounts create interface endpoints in their VPCs to connect privately to that service. This is operationally scalable because adding new consumer accounts does not require managing a growing mesh of VPC peering relationships or complex route propagation; each consumer adds an interface endpoint.

Option B is the only option that addresses connection management by introducing RDS Proxy and uses PrivateLink to provide private, cross-account, scalable connectivity. The proxy endpoint being in private subnets aligns with the requirement that traffic stays private.

Option A is incorrect because a NAT gateway in a public subnet is used for outbound internet access from private subnets. It is not needed for private cross-account database access and introduces unnecessary public subnet components. Also, NAT gateways do not manage database connections. Transit gateway can provide private connectivity, but it does not address connection pooling, and the NAT gateway component is not appropriate for the stated requirement of avoiding internet exposure.

Option C is incorrect because an Application Load Balancer is not used to proxy raw PostgreSQL database traffic. PostgreSQL uses TCP, and ALB is primarily for HTTP/HTTPS and higher-layer routing. Also, VPC peering to each consumer VPC does not scale well as the number of accounts grows, and it creates operational overhead to manage many peering connections and route tables. It also does not manage DB connections.

Option D is incorrect because it uses VPC peering and NAT gateway. NAT gateway is again not the correct mechanism for private database access and does not provide connection pooling. VPC peering per consumer is not scalable and increases operational overhead.

Therefore, using RDS Proxy to manage connections and AWS PrivateLink (via an NLB-backed endpoint service) to provide private, scalable cross-account access is the correct solution.

[References:AWS documentation on Amazon RDS Proxy for connection pooling and managing database connections for Amazon RDS databases.AWS documentation on AWS PrivateLink for private, scalable cross-account access to services through interface VPC endpoints and endpoint services backed by Network Load Balancers.AWS guidance contrasting PrivateLink with VPC peering for scalability and operational simplicity in multi-account, multi-VPC architectures., , , , ]

Josephine

I want to ask about their study material and Customer support? Can anybody guide me?

Zayd May 10, 2026

Yes, the dumps or study material provided by them are authentic and up to date. They have a dedicated team to assist students and make sure they have a positive experience.

Inaaya

Are these Dumps worth buying?

Fraser May 5, 2026

Yes, of course, they are necessary to pass the exam. They give you an insight into the types of questions that could come up and help you prepare effectively.

Ernest

That's amazing. I think I'm going to give Cramkey Dumps a try for my next exam. Thanks for telling me about them! CramKey admin please share more questions……You guys are amazing.

Nate May 21, 2026

I failed last week, I never know this site , but amazed to see all these questions were in my exam week before. I feel bad now, why I didn’t bother this site. Thanks Cramkey, Excellent Job.

Osian

Dumps are fantastic! I recently passed my certification exam using these dumps and I must say, they are 100% valid.

Azaan May 23, 2026

They are incredibly accurate and valid. I felt confident going into my exam because the dumps covered all the important topics and the questions were very similar to what I saw on the actual exam. The team of experts behind Cramkey Dumps make sure the information is relevant and up-to-date.

Atlas

What are these Dumps? Would anybody please explain it to me.

Reign May 22, 2026

These are exam dumps for a variety of IT certifications. They have a vast collection of updated questions and answers, which are very helpful in preparing for the exams.

Question 63

A company has 50 AWS accounts that are members of an organization in AWS Organizations Each account contains multiple VPCs The company wants to use AWS Transit Gateway to establishconnectivity between the VPCs in each member account Each time a new member account is created, the company wants to automate the process of creating a new VPC and a transit gateway attachment.

Which combination of steps will meet these requirements? (Select TWO)

Options:

From the management account, share the transit gateway with member accounts by using AWS Resource Access Manager

Prom the management account, share the transit gateway with member accounts by using an AWS Organizations SCP

Launch an AWS CloudFormation stack set from the management account that automatical^/ creates a new VPC and a VPC transit gateway attachment in a member account. Associate the attachment with the transit gateway in the management account by using the transit gateway ID.

Launch an AWS CloudFormation stack set from the management account that automatical^ creates a new VPC and a peering transit gateway attachment in a member account. Share the attachment with the transit gateway in the management account by using a transit gateway service-linked role.

From the management account, share the transit gateway with member accounts by using AWS Service Catalog