exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 269 discussion

A company wants to optimize AWS data-transfer costs and compute costs across developer accounts within the company's organization in AWS Organizations. Developers can configure VPCs and launch Amazon EC2 instances in a single AWS Region. The EC2 instances retrieve approximately 1 TB of data each day from Amazon S3.

The developer activity leads to excessive monthly data-transfer charges and NAT gateway processing charges between EC2 instances and S3 buckets, along with high compute costs. The company wants to proactively enforce approved architectural patterns for any EC2 instance and VPC infrastructure that developers deploy within the AWS accounts. The company does not want this enforcement to negatively affect the speed at which the developers can perform their tasks.

Which solution will meet these requirements MOST cost-effectively?

  • A. Create SCPs to prevent developers from launching unapproved EC2 instance types. Provide the developers with an AWS CloudFormation template to deploy an approved VPC configuration with S3 interface endpoints. Scope the developers' IAM permissions so that the developers can launch VPC resources only with CloudFormation.
  • B. Create a daily forecasted budget with AWS Budgets to monitor EC2 compute costs and S3 data-transfer costs across the developer accounts. When the forecasted cost is 75% of the actual budget cost, send an alert to the developer teams. If the actual budget cost is 100%, create a budget action to terminate the developers' EC2 instances and VPC infrastructure.
  • C. Create an AWS Service Catalog portfolio that users can use to create an approved VPC configuration with S3 gateway endpoints and approved EC2 instances. Share the portfolio with the developer accounts. Configure an AWS Service Catalog launch constraint to use an approved IAM role. Scope the developers' IAM permissions to allow access only to AWS Service Catalog.
  • D. Create and deploy AWS Config rules to monitor the compliance of EC2 and VPC resources in the developer AWS accounts. If developers launch unapproved EC2 instances or if developers create VPCs without S3 gateway endpoints, perform a remediation action to terminate the unapproved resources.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
bhanus
Highly Voted 1 year, 8 months ago
Selected Answer: C
C is the effective way. A is incorrect because it can allow users to create resources that are defined outside of cloudformation
upvoted 5 times
Peaches35
2 months, 2 weeks ago
Option A, as described, scopes the developers' IAM permissions to allow them to launch VPC resources only with CloudFormation. This means that developers would be restricted from creating resources outside of the approved CloudFormation templates. So it is still valid
upvoted 1 times
...
...
Deztroyer88
Most Recent 6 days ago
Selected Answer: C
S3 interface endpoints are not free, but gateway endpoints are free.
upvoted 1 times
...
Peaches35
2 months, 2 weeks ago
Selected Answer: A
Service Control Policies (SCPs): Enforcing SCPs ensures that developers cannot launch unapproved EC2 instance types, which helps control costs. AWS CloudFormation: Providing a CloudFormation template for an approved VPC configuration with S3 interface endpoints ensures that data transfer between EC2 instances and S3 does not incur NAT gateway charges, reducing data transfer costs. IAM Permissions: Scoping IAM permissions to allow developers to launch VPC resources only with CloudFormation ensures compliance with the approved architectural patterns without affecting the speed of development.
upvoted 1 times
...
hamimelon
5 months, 1 week ago
A. Interface endpoints are cheaper than Gateway endpoints if the resources are in the same region. The question specifically said one region.
upvoted 1 times
...
tungnguyenne
7 months, 1 week ago
Selected Answer: D
D is correct and least affects the speed at which the developers can perform their tasks C denies the developers access to any AWS services except AWS Service Catalog, therefore it would limit access to all other services.
upvoted 1 times
helloworldabc
7 months ago
just C
upvoted 2 times
...
...
career360guru
1 year, 3 months ago
Selected Answer: C
C is least disruptive option for Developers productivity.
upvoted 3 times
...
Soweetadad
1 year, 6 months ago
Why not D?
upvoted 2 times
...
NikkyDicky
1 year, 8 months ago
Selected Answer: C
C works
upvoted 2 times
...
SmileyCloud
1 year, 8 months ago
Selected Answer: C
C - let the devs choose what they want but they still adhere to standards. Service catalog does that.
upvoted 3 times
...
SkyZeroZx
1 year, 8 months ago
Selected Answer: C
C is correct. Service catalog solves all issues. S3 Gateway endpoint more cost efective with data transfer in VPC on AWS
upvoted 3 times
...
gd1
1 year, 8 months ago
Selected Answer: C
C is correct. Service catalog solves all issues.
upvoted 1 times
...
psyx21
1 year, 9 months ago
Selected Answer: C
Correct Answer is C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago