SAP-C02 Design Solutions for Organizational Complexity • Complete Question Bank
Complete SAP-C02 Design Solutions for Organizational Complexity question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"BoolIfExists": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Centrally manage multiple AWS accounts
Connect VPCs and on-premises networks
Dedicated private network connection to AWS
Secure connection over the internet to AWS
Privately access services across VPCs
Drag a concept onto its matching description — or click a concept then click the description.
Track migration progress across multiple tools
Automate migration of on-premises servers to AWS
Migrate databases to AWS with minimal downtime
Rehost applications from physical or virtual servers
Simplify, automate, and accelerate moving data to AWS
Drag a concept onto its matching description — or click a concept then click the description.
Lowest cost, RPO in hours, RTO in hours to days
Core services run in standby, ready to scale
Scaled-down production environment, ready to scale up
Both sites serve traffic, failover is immediate
One site active, other on standby
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"StringNotEquals": {
"ec2:InstanceType": ["t3.micro", "t3.small"]
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111111111111:root"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::central-logging-bucket/AWSLogs/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}Refer to the exhibit.
$ aws organizations list-accounts
{
"Accounts": [
{
"Id": "111111111111",
"Arn": "arn:aws:organizations::123456789012:account/o-exampleorgid/111111111111",
"Email": "admin@example.com",
"Name": "Management",
"Status": "ACTIVE",
"JoinedMethod": "INVITED",
"JoinedTimestamp": "2023-01-01T00:00:00Z"
},
{
"Id": "222222222222",
"Arn": "arn:aws:organizations::123456789012:account/o-exampleorgid/222222222222",
"Email": "prod@example.com",
"Name": "Production",
"Status": "ACTIVE",
"JoinedMethod": "CREATED",
"JoinedTimestamp": "2023-01-01T00:00:00Z"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-company-logs/AWSLogs/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-company-logs/AWSLogs/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}Refer to the exhibit.
$ aws organizations list-accounts
{
"Accounts": [
{
"Id": "111111111111",
"Arn": "arn:aws:organizations::222222222222:account/o-example1/111111111111",
"Email": "admin@example.com",
"Name": "ManagementAccount",
"Status": "ACTIVE",
"JoinedMethod": "INVITED",
"JoinedTimestamp": "2023-01-01T00:00:00Z"
},
{
"Id": "333333333333",
"Arn": "arn:aws:organizations::222222222222:account/o-example1/333333333333",
"Email": "dev@example.com",
"Name": "DevAccount",
"Status": "ACTIVE",
"JoinedMethod": "CREATED",
"JoinedTimestamp": "2023-01-02T00:00:00Z"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"StringNotEquals": {
"aws:PrincipalOrgID": "o-exampleorgid"
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "ec2:*",
"Resource": "*",
"Condition": {
"StringNotEquals": {
"aws:RequestedRegion": ["us-east-1", "eu-west-1"]
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::central-logs-bucket/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "false"
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ec2:RunInstances",
"ec2:StartInstances"
],
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"StringNotEquals": {
"ec2:InstanceType": "t3.micro"
}
}
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"StringNotEquals": {
"ec2:InstanceType": [
"t3.micro",
"t3.small"
]
}
}
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111111111111:root"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "*",
"Condition": {
"StringNotEquals": {
"ec2:InstanceType": ["t2.micro", "t2.small"]
}
}
}
]
}Refer to the exhibit.
$ aws organizations list-accounts
{
"Accounts": [
{
"Id": "111111111111",
"Arn": "arn:aws:organizations::123456789012:account/o-example/111111111111",
"Email": "admin@example.com",
"Name": "ManagementAccount",
"Status": "ACTIVE",
"JoinedMethod": "INVITED",
"JoinedTimestamp": "2024-01-01T00:00:00Z"
},
{
"Id": "222222222222",
"Arn": "arn:aws:organizations::123456789012:account/o-example/222222222222",
"Email": "dev@example.com",
"Name": "DevAccount",
"Status": "ACTIVE",
"JoinedMethod": "CREATED",
"JoinedTimestamp": "2024-01-02T00:00:00Z"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::222222222222:role/CrossAccountRole"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::central-logging-bucket/AWSLogs/111111111111/*"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::*:role/OrganizationAccountAccessRole"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyNonEncryptedS3",
"Effect": "Deny",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": "*",
"Condition": {
"Bool": {"aws:SecureTransport": "false"}
}
},
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"StringEquals": {"s3:x-amz-server-side-encryption": "AES256"}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}Refer to the exhibit.
Resource: AWS::IAM::Role
Properties:
RoleName: MyRole
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: ec2.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: S3Access
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: s3:GetObject
Resource: arn:aws:s3:::my-bucket/*
Tags:
- Key: Environment
Value: ProductionRefer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"StringNotEquals": {
"ec2:InstanceType": [
"t3.micro",
"t3.small"
]
}
}
}
]
}Refer to the exhibit.
$ aws organizations list-accounts
{
"Accounts": [
{
"Id": "111111111111",
"Arn": "arn:aws:organizations::123456789012:account/o-xxxxxxxxxx/111111111111",
"Email": "admin@company.com",
"Name": "Management",
"Status": "ACTIVE",
"JoinedMethod": "INVITED",
"JoinedTimestamp": "2023-01-01T00:00:00Z"
},
{
"Id": "222222222222",
"Arn": "arn:aws:organizations::123456789012:account/o-xxxxxxxxxx/222222222222",
"Email": "prod@company.com",
"Name": "Production",
"Status": "ACTIVE",
"JoinedMethod": "CREATED",
"JoinedTimestamp": "2023-01-02T00:00:00Z"
},
{
"Id": "333333333333",
"Arn": "arn:aws:organizations::123456789012:account/o-xxxxxxxxxx/333333333333",
"Email": "suspended@company.com",
"Name": "Suspended",
"Status": "SUSPENDED",
"JoinedTimestamp": "2023-01-03T00:00:00Z"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::222222222222:role/Admin"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceIdentity": "central-admin"
}
}
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringEquals": {
"aws:SourceOrgID": "o-xxxxxxxxxx"
}
}
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"StringNotEquals": {
"ec2:InstanceType": ["t3.micro", "t3.small", "t3.medium"]
}
}
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::my-log-bucket/AWSLogs/*"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "aws:kms"
}
}
},
{
"Effect": "Deny",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:us-east-1:123456789012:key/abc123"
}
}
}
]
}