SAP-C02 Continuous Improvement for Existing Solutions • Complete Question Bank
Complete SAP-C02 Continuous Improvement for Existing Solutions question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
iam-policy.json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "ec2:TerminateInstances",
"Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*"
}
]
}Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeVolumes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateSnapshot",
"ec2:CreateTags"
],
"Resource": "arn:aws:ec2:us-west-2::snapshot/*"
}
]
}
```Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
MySQL/PostgreSQL-compatible with high availability
Fully managed NoSQL key-value and document database
Petabyte-scale data warehouse for analytics
In-memory caching with Redis or Memcached
Managed relational database for multiple engines
Drag a concept onto its matching description — or click a concept then click the description.
Collect metrics, logs, and set alarms
Record API activity for auditing
Assess, audit, and evaluate resource configurations
Trace and analyze distributed application requests
Automated security assessment of workloads
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}Refer to the exhibit.
Resources:
MyBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-unique-bucket-name
VersioningConfiguration:
Status: Enabled
MyLambdaFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.handler
Role: !GetAtt LambdaExecutionRole.Arn
Code:
ZipFile: |
const AWS = require('aws-sdk');
exports.handler = async (event) => {
console.log('Processing event:', JSON.stringify(event));
return 'Success';
};
Runtime: nodejs14.x
LambdaExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: LambdaPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: logs:CreateLogGroup
Resource: arn:aws:logs:*:*:*
- Effect: Allow
Action:
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
BucketNotification:
Type: AWS::S3::BucketNotification
DependsOn: MyLambdaFunction
Properties:
Bucket: !Ref MyBucket
NotificationConfiguration:
LambdaFunctionConfigurations:
- LambdaFunctionArn: !GetAtt MyLambdaFunction.Arn
Events:
- s3:ObjectCreated:*Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"StringEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
},
{
"Effect": "Deny",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}
]
}Refer to the exhibit.
2024-03-21T15:45:12.123Z 12345678-abcd-efgh-ijkl-1234567890ab ERROR Error: Cannot find module 'express'
at Function.Module._resolveFilename (module.js:547:15)
at Function.Module._load (module.js:525:25)
at Module.require (module.js:606:17)
at require (internal/module.js:11:18)
at Object.<anonymous> (/var/task/index.js:1:1)Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
},
{
"Effect": "Deny",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "aws:kms"
}
}
}
]
}Refer to the exhibit.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"MyBucket": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": "my-unique-bucket-12345",
"VersioningConfiguration": {
"Status": "Enabled"
}
},
"DeletionPolicy": "Retain"
}
}
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Environment": "production"
}
}
}
]
}Refer to the exhibit.
[container-definitions]
[
{
"name": "web",
"image": "nginx:latest",
"memory": 256,
"cpu": 256,
"essential": true,
"portMappings": [
{
"containerPort": 80,
"protocol": "tcp"
}
]
},
{
"name": "sidecar",
"image": "myapp/sidecar:latest",
"memory": 128,
"cpu": 0,
"essential": false
}
]Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"StringEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
},
{
"Effect": "Deny",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}
]
}Refer to the exhibit.
Resources:
MyBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub "${AWS::StackName}-bucket"
VersioningConfiguration:
Status: Enabled
LifecycleConfiguration:
Rules:
- Id: ExpireOldVersions
Status: Enabled
NoncurrentVersionExpirationInDays: 30Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*"
}
]
}Refer to the exhibit.
Resources:
MyBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-app-data
VersioningConfiguration:
Status: Enabled
LifecycleConfiguration:
Rules:
- Id: ExpireOldVersions
Status: Enabled
NoncurrentVersionExpirationInDays: 30Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
},
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}Refer to the exhibit.
[ERROR] 2023-01-15T10:30:00.000Z ResourceNotFoundException: Requested resource not found
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:52:27)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/Admin"
},
"Action": ["kms:Decrypt", "kms:GenerateDataKey"
],
"Resource": "*",
"Condition": {
"StringEquals": {"kms:CallerAccount": "123456789012"
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/Admin"
},
"Action": ["kms:Decrypt"
],
"Resource": "*"
}
]
}A solutions architect is reviewing the above KMS key policy. The Admin role cannot decrypt data using the key. What is the MOST likely reason?
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/Admin"
},
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"kms:CallerAccount": "123456789012"
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/Admin"
},
"Action": [
"kms:Decrypt"
],
"Resource": "*"
}
]
}
```
A solutions architect is reviewing the above KMS key policy. The Admin role cannot decrypt data using the key. What is the MOST likely reason?Refer to the exhibit.
$ aws ec2 describe-instances --region us-east-1 --filters Name=tag:Name,Values=WebServer --query 'Reservations[].Instances[].{ID:InstanceId,State:State.Name,Type:InstanceType,LaunchTime:LaunchTime}' --output tableA DevOps engineer runs the above command. The Auto Scaling group for WebServer instances has a desired count of 3, but the engineer notices that there are 5 instances with the same tag. What is the MOST likely cause?
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
},
{
"Effect": "Deny",
"Action": "s3:PutObject",
"Principal": "*",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}Refer to the exhibit.
Resource: "arn:aws:ec2:us-east-1:123456789012:instance/*"
Condition:
StringEquals:
ec2:InstanceType:
- "t2.micro"
- "t2.small"Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Environment": "production"
}
}
}
]
}Refer to the exhibit.
ResourceRecordSets:
- Name: example.com.
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: myloadbalancer-1234567890.us-west-2.elb.amazonaws.com.
EvaluateTargetHealth: trueRefer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "192.0.2.0/24"
}
}
}
]
}Refer to the exhibit.
{
"ResourceType": "AWS::Lambda::Function",
"LogicalResourceId": "MyFunction",
"ResourceStatus": "UPDATE_FAILED",
"ResourceProperties": {
"Handler": "index.handler",
"Role": "arn:aws:iam::123456789012:role/lambda-role",
"Code": {
"S3Bucket": "my-bucket",
"S3Key": "my-function.zip"
},
"Runtime": "nodejs14.x",
"Timeout": 30
},
"ResourceStatusReason": "The runtime parameter of nodejs14.x is not supported (Service: AWSLambdaInternal; Status Code: 400)"
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}
]
}Refer to the exhibit.
Resources:
myVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
mySubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref myVPC
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
myInternetGateway:
Type: AWS::EC2::InternetGateway
myAttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref myVPC
InternetGatewayId: !Ref myInternetGateway
myRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref myVPC
myRoute:
Type: AWS::EC2::Route
DependsOn: myAttachGateway
Properties:
RouteTableId: !Ref myRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref myInternetGateway
mySubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref mySubnet
RouteTableId: !Ref myRouteTableRefer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "192.0.2.0/24"
}
}
}
]
}Refer to the exhibit.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"EC2Instance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-0abcdef1234567890",
"InstanceType": "t2.micro"
}
},
"MyQueue": {
"Type": "AWS::SQS::Queue",
"Properties": {
"QueueName": "my-queue"
}
}
}
}Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::my-bucket/*"
},
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-bucket/confidential/*"
}
]
}
```A company runs a batch processing job on a schedule using AWS Lambda. The job processes files from an S3 bucket and writes results to another S3 bucket. Recently, the job has been failing with the error 'Access Denied' when trying to write to the destination bucket. The Lambda function's execution role has the following IAM policy attached:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:ListBucket"
],
"Resource": ["arn:aws:s3:::source-bucket/*", "arn:aws:s3:::source-bucket"
]
},
{
"Effect": "Allow",
"Action": ["s3:PutObject"
],
"Resource": "arn:aws:s3:::destination-bucket/*"
}
]
}The Lambda function also has a VPC configuration to access an RDS instance. The S3 buckets are in the same region. The Solutions Architect verified that the destination bucket policy does not deny access. What is the MOST likely cause of the 'Access Denied' error?