SAP-C02 Exam Dumps - AWS Certified Solutions Architect - Professional

https://aws.amazon.com/blogs/database/amazon-dynamodb-auto-scaling-performance-and-cost-optimization-at-any-scale/ "As you can see, there are compelling reasons to use DynamoDB auto scaling with actively changing traffic. Auto scaling responds quickly and simplifies capacity management, which lowers costs by scaling your table’s provisioned capacity and reducing operational overhead."

The core issue is high latency when serving images during traffic spikes. The current design resizes images dynamically and caches them locally inside ECS containers. With AWS Fargate, containers are ephemeral and scale in and out based on load. Local container caches are not shared across tasks, so cache hit rates drop during scaling events, forcing repeated image resizing. This increases CPU usage, startup latency, and response times under load.

The lowest operational overhead and most effective solution is to offload image delivery entirely from the application layer and use edge caching. Amazon CloudFront is designed to cache static content at edge locations close to end users, dramatically reducing latency and backend load. Amazon S3 is a durable, highly scalable object store that is well suited for serving static assets such as images.

Option A moves image delivery to a CloudFront + S3 architecture. By pre-scaling images and storing them in S3, the application no longer performs on-demand image resizing during requests. CloudFront caches the images at edge locations, so subsequent requests are served directly from the edge with minimal latency. The ALB remains the origin for dynamic content, while image requests are routed to the S3 origin using cache behaviors. This approach is fully managed, highly scalable, and requires minimal changes to the application logic once images are pre-generated.

Option B introduces ElastiCache, which adds operational overhead and complexity. The application must manage cache keys, eviction, and failure scenarios. ElastiCache is better suited for low-latency data access patterns rather than large static objects like images, and it does not provide global edge caching.

Option C adds unnecessary complexity by introducing an Aurora database as part of the caching layer. Databases are not designed to manage cache metadata for static assets at scale, and this design increases operational overhead without improving latency compared to CloudFront.

Option D is not appropriate because API Gateway caching is intended for API responses, not for efficient delivery of large static binary objects such as images. Replacing the ALB with API Gateway also introduces request size, payload, and cost considerations and does not provide global edge caching comparable to CloudFront for image delivery.

Therefore, using Amazon CloudFront with Amazon S3 for pre-scaled images provides the lowest latency, highest scalability, and least operational overhead.

The company should use AWS IoT Greengrass to deploy the ML model to the local server and provide local feedback to the factory workers. AWS IoT Greengrass is a service that extends AWS cloud capabilities to local devices, allowing them to collect and analyze data closer to the source of information,react autonomously to local events, and communicate securely with each other on local networks1. AWS IoT Greengrass also supports MLinference at the edge, enabling devices to run ML models locally without requiring internet connectivity2.

The other options are not correct because:

Setting up an Amazon Kinesis video stream from each IP camera to AWS would not work if the factory’s internet connectivity is down. It would also incur unnecessary costs and latency to stream video data to the cloud and back.

Ordering an AWS Snowball device would not be a scalable or cost-effective solution for deploying the ML model. AWS Snowball is a service that provides physical devices for data transfer and edge computing, but it is not designed for continuous operation or frequent updates3.

Deploying Amazon Monitron devices on each IP camera would not work because Amazon Monitron is a service that monitors the condition and performance of industrial equipment using sensors and machine learning, not cameras4.

https://docs.aws.amazon.com/compute-optimizer/latest/APIReference/API_ExportLambdaFunctionRecommendations.html

The most secure and manageable solution is to useVPC interface endpointsforS3andSystems Manager, and establishVPC peeringto privately access the patch repo in the core account.

Systems Manager VPC setup

https://aws.amazon.com/s3/features/access-points/

https://aws.amazon.com/blogs/storage/managing-amazon-s3-access-with-vpc-endpoints-and-s3-access-points/

For an EC2 instance to appear as a managed instance in AWS Systems Manager, several prerequisites must be met. Two of the most fundamental requirements are that the Systems Manager Agent (SSM Agent) is installed and running on the instance, and that the instance has an IAM role attached that grants the necessary permissions for Systems Manager to communicate with the service.

When importing a VM from an on-premises environment, the resulting AMI might not include the SSM Agent by default, or the agent might not be enabled to start automatically. If the agent is missing or not running, the instance cannot register with Systems Manager, and it will not appear in the Systems Manager console as a managed instance. Therefore, verifying that the SSM Agent is installed and running is a primary troubleshooting step.

Additionally, the EC2 instance must have an IAM instance profile (role) attached that includes the permissions required by Systems Manager. Typically, this is achieved by attaching a role that includes the AmazonSSMManagedInstanceCore managed policy. Without the appropriate IAM role, even a correctly installed and running agent will not be able to register the instance or perform Systems Manager operations.

Option C (VPC endpoint existence) is not required in this scenario because the instance is in a public subnet and has a public IP address. In this case, the instance can communicate with the Systems Manager endpoints over the internet. VPC endpoints are required when instances do not have internet access (for example, in private subnets without NAT or public IPs), which is not the case here.

Option D (Application Discovery Agent) is unrelated. The AWS Application Discovery Agent is used for migration assessment and discovery of on-premises workloads, not for Systems Manager managed instance registration.

Option E (service-linked roles) is generally not a common cause for a single instance failing to appear as managed, especially when other Systems Manager functionality is working in the account. Service-linked roles for Systems Manager are usually created automatically when needed and do not typically prevent an individual instance from registering if the agent and instance role are correctly configured.

Therefore, the correct troubleshooting steps are to verify the presence and operation of the Systems Manager Agent and to ensure the EC2 instance has the correct IAM role attached.