SAP-C02 Exam Dumps - AWS Certified Solutions Architect - Professional

https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html

Turning on the cross-account management feature in AWS Backup will enable managing and monitoring backups across multiple AWS accounts that belong to the same organization in AWS Organizations1. Creating a backup plan that specifies the frequency and retention requirements will enable taking snapshots every 6 hours and retaining them for 30 days2. Adding a tag to the DB instances will enable applying the backup plan by using tags2. Using AWS Backup to monitor the status of the backups will enable having a consolidated view of the health of the RDS snapshots1.

CloudFormation cannot delete an S3 bucket that contains objects. When the developers attempt to delete temporary stacks, the delete operation fails if the associated S3 bucket still has objects. Because the bucket name is derived from the stack name, failed deletions can also prevent re-creation of stacks with the same names until the bucket is manually emptied and deleted. This causes friction for development and continuous integration workflows.

To resolve this, the solution must ensure that, during stack deletion, all objects are removed from the S3 bucket so that CloudFormation can delete the bucket successfully. CloudFormation does not natively support automatic deletion of bucket contents. However, CloudFormation custom resources can be used to perform custom actions during stack lifecycle events.

Option A proposes associating a Lambda function with a CloudFormation custom resource. The custom resource can be invoked during stack deletion to list and delete all objects (and object versions if versioning is enabled) in the specified bucket. Once the bucket is emptied by the Lambda function, the standard CloudFormation deletion process can successfully delete the bucket resource.

In addition to emptying the bucket, the IAM role used by CloudFormation must have permissions to delete objects in the bucket. If CloudFormation uses an execution role that lacks s3:DeleteObject (and potentially s3:ListBucket) permissions, the bucket-cleanup Lambda function or CloudFormation itself would not be able to remove objects. Option D ensures that CloudFormation operations are invoked by a role that has s3:DeleteObject permissions on bucket objects, enabling the custom resource to perform the deletions.

Option B is incorrect because, although DeletionPolicy can be set to Delete, there is no such capability as CAPABILITY_DELETE_NONEMPTY in CloudFormation, and DeletionPolicy alone does not override the S3 service requirement that buckets must be empty before deletion.

Option C’s Retain DeletionPolicy leaves the bucket behind when the stack is deleted. While an external AWS Config rule could clean up stale buckets, it complicates the design and does not directly solve the problem of re-creating stacks with the same bucket name in a predictable, immediate way.

Option E configures a bucket policy to grant s3:DeleteObject permissions, but this is not sufficient alone. CloudFormation still must assume a role with the appropriate permissions. Bucket policy and IAM role permissions must both be considered, but the key action to resolve the deletion failure is to explicitly empty the bucket through a custom resource, as in option A, and ensure the execution role has delete permissions, as in option D.

Therefore, implementing a Lambda-backed custom resource to empty the S3 bucket during stack deletion (option A) and ensuring the CloudFormation execution role has s3:DeleteObject permissions (option D) resolves the deletion errors and allows developers to delete and recreate stacks freely.

This option will complete the migration to AWS in the least amount of time because it uses two AWS services that are designed to simplify and accelerate data transfers and migrations. AWS Application Migration Service (AWS MGN) is a highly automated lift-and-shift solution that helps you migrate applications from any source infrastructure that runs supported operating systems to AWS1. It replicates your source servers into your AWS account and automatically converts and launches them on AWS so you can quickly benefit from the cloud1. You can use AWS MGN to migrate your on-premises VMware VMs to AWS by configuring a connection to your VMware cluster and creating a replication job for the VMs2. This process will minimize the time-intensive, error-prone manual processes of exporting and importing VM images.

AWS DataSync is an online data movement and discovery service that simplifies and accelerates data migrations to AWS and helps you move data quicklyand securelybetween on-premises storage, edge locations, other cloud providers, and AWS Storage3. It can transfer data between Network File System (NFS) shares, Server Message Block (SMB) shares,Hadoop Distributed File Systems (HDFS), self-managed object storage, AWS Snowcone, Amazon Simple Storage Service (Amazon S3) buckets, Amazon Elastic File System (Amazon EFS) file systems, Amazon FSx for Windows File Server file systems, Amazon FSx for Lustre file systems, Amazon FSx for OpenZFS file systems, and Amazon FSx for NetApp ONTAP file systems3. You can use AWS DataSync to copy your on-premises NFS server data to an Amazon EFS file system over the Direct Connect connection4. This process will leverage the high bandwidth and low latency of Direct Connect and the encryption and data integrity validation of DataSync.

To develop a migration plan with accurate inventory and dependency data:

AWS Migration Hub provides a single view for tracking migration tasks and resources across multiple AWS services.

The AWS Application Discovery Agent (installed on servers) collects detailed data about running processes, system performance, and network connections.

Migration Hub Strategy Recommendations leverages this data to automatically identify application patterns, generate recommended AWS target services, and provide a detailed migration plan.This approach ensures accurate data collection, detailed dependency mapping, and tailored recommendations—crucial for a successful and right-sized migration to AWS.

Comprehensive and Detailed Explanation From Exact Extract:

Answer B (AWS Global Accelerator) best meets both requirements: fastest failover from application failures and the lowest response time for global users. Global Accelerator is designed for global, latency-sensitive, highly available applications. It uses static Anycast IP addresses so users enter the AWS network at the nearest edge location, then traffic is carried over the AWS global backbone to the closest healthy regional endpoint (in this case, each Region’s ALB). It continuously performs health checks and can rapidly shift traffic away from unhealthy endpoints, which helps “handle application failures quickly” without being constrained by DNS caching behavior.

Why the other options are less suitable:

C (Route 53 latency-based routing + health checks) can improve routing and failover, but it is still DNS-based. DNS-based failover can be delayed by DNS resolver caching and TTL propagation, meaning failover may not be as fast or as consistent as Global Accelerator for rapid recovery.

A (CloudFront with origin group) can provide origin failover and performance benefits mainly for cacheable or edge-optimizable content. For a payment processing API (typically dynamic and not cache-friendly), CloudFront is not the primary service for achieving the least response time globally with fast multi-Region failover compared with Global Accelerator’s Anycast + edge routing model.

D (AWS Cloud WAN) addresses private network connectivity and centralized network policy across Regions/VPCs. It does not directly optimize public user-to-application latency or provide the same kind of edge-based, Anycast-driven rapid failover for internet-facing API endpoints.